def generic_user_input( self, command ): ''' This is the method that is called when a user wants to execute something in the shell. First, I trap the requests for the regular commands like read, write, upload, etc., and if this is not the case, I forward the request to the specific_user_input method which should be implemented by all shell attack plugins. ''' # # Here I get all the common methods like help, payloads, lsp, etc. # base_klass_result = shell.generic_user_input(self, command) if base_klass_result is not None: return base_klass_result # Get the command and the parameters original_command = command parameters = command.split(' ')[1:] command = command.split(' ')[0] # # Read remote files # if command == 'read' and len(parameters) == 1: filename = parameters[0] return self.read( filename ) # # Write remote files # elif command == 'write' and len(parameters) == 2: filename = parameters[0] content = parameters[1] return self.write( filename, content ) # # Upload local files to the remote system # elif command == 'upload' and len(parameters) == 2: remote_filename = parameters[1] local_filename = parameters[0] return self.upload(local_filename, remote_filename) # # Commands that are common to shells that can EXECUTE commands: # # # Execute the command in the remote host # elif command in ['e', 'exec', 'execute']: return self.execute( ' '.join(parameters) ) # # Call the shell subclass method if needed # elif hasattr( self, 'specific_user_input'): # forward to the plugin return self.specific_user_input( command )
def _callback( self, command ): shell = self._exploitResults[ self._selectedShell ] if command == 'exit': # We "ask" the shell if we can end it or not # after all, the shell has the control right now end_it = shell.end_interaction() if end_it: return self._console.back else: return None else: try: response = shell.generic_user_input( command ) except w3afException, w3: raise except Exception, e: om.out.error('The '+ self._plugin.getName() +' plugin failed to execute the user command, exception: ' + str(e) ) return False
def generic_user_input( self, command ): ''' This is the method that is called when a user wants to execute something in the shell. First, I trap the requests for starting the virtual daemon and the w3afAgent, and if this is not the case, I forward the request to the specific_user_input method which should be implemented by all shellAttackPlugins. ''' # # Here I get all the common methods like help, payloads, lsp, etc. # base_klass_result = shell.generic_user_input(self, command) if base_klass_result is not None: return base_klass_result # Get the command and the parameters parameters = command.split(' ')[1:] command = command.split(' ')[0] # # Read remote files # if command == 'read' and len(parameters) == 1: filename = parameters[0] return self.read( filename ) # # Download remote files # elif command == 'download' and len(parameters) == 2: remote_filename = parameters[0] local_filename = parameters[1] return self.download(remote_filename, local_filename) # # Call the shell subclass method if needed # elif hasattr( self, 'specific_user_input'): # forward to the plugin return self.specific_user_input( command )