def generic_user_input( self, command ):
'''
This is the method that is called when a user wants to execute something in the shell.
First, I trap the requests for the regular commands like read, write, upload, etc., and if this is not the
case, I forward the request to the specific_user_input method which should be implemented by all shell
attack plugins.
'''
#
# Here I get all the common methods like help, payloads, lsp, etc.
#
base_klass_result = shell.generic_user_input(self, command)
if base_klass_result is not None:
return base_klass_result
# Get the command and the parameters
original_command = command
parameters = command.split(' ')[1:]
command = command.split(' ')[0]
#
# Read remote files
#
if command == 'read' and len(parameters) == 1:
filename = parameters[0]
return self.read( filename )
#
# Write remote files
#
elif command == 'write' and len(parameters) == 2:
filename = parameters[0]
content = parameters[1]
return self.write( filename, content )
#
# Upload local files to the remote system
#
elif command == 'upload' and len(parameters) == 2:
remote_filename = parameters[1]
local_filename = parameters[0]
return self.upload(local_filename, remote_filename)
#
# Commands that are common to shells that can EXECUTE commands:
#
#
# Execute the command in the remote host
#
elif command in ['e', 'exec', 'execute']:
return self.execute( ' '.join(parameters) )
#
# Call the shell subclass method if needed
#
elif hasattr( self, 'specific_user_input'):
# forward to the plugin
return self.specific_user_input( command )
def _callback( self, command ):
shell = self._exploitResults[ self._selectedShell ]
if command == 'exit':
# We "ask" the shell if we can end it or not
# after all, the shell has the control right now
end_it = shell.end_interaction()
if end_it:
return self._console.back
else:
return None
else:
try:
response = shell.generic_user_input( command )
except w3afException, w3:
raise
except Exception, e:
om.out.error('The '+ self._plugin.getName() +' plugin failed to execute the user command, exception: ' + str(e) )
return False
def generic_user_input( self, command ):
'''
This is the method that is called when a user wants to execute something in the shell.
First, I trap the requests for starting the virtual daemon and the w3afAgent, and if this is not the
case, I forward the request to the specific_user_input method which should be implemented by all shellAttackPlugins.
'''
#
# Here I get all the common methods like help, payloads, lsp, etc.
#
base_klass_result = shell.generic_user_input(self, command)
if base_klass_result is not None:
return base_klass_result
# Get the command and the parameters
parameters = command.split(' ')[1:]
command = command.split(' ')[0]
#
# Read remote files
#
if command == 'read' and len(parameters) == 1:
filename = parameters[0]
return self.read( filename )
#
# Download remote files
#
elif command == 'download' and len(parameters) == 2:
remote_filename = parameters[0]
local_filename = parameters[1]
return self.download(remote_filename, local_filename)
#
# Call the shell subclass method if needed
#
elif hasattr( self, 'specific_user_input'):
# forward to the plugin
return self.specific_user_input( command )
