def _print_response_status(self, command, code, response):
"""
Debug print and warning in case of missing response and HTTP errors
"""
# log.debug(
# utilities.shorten_string(
# command,
# keep_header = 40,
# keep_trailer = 40
# )
# )
log.debug('PAYLOAD %s' % command)
dlog.info('== RESPONSE ==\n%s==== END ====' % response)
if response: return
if code == 404:
log.warn(messages.module_shell_php.error_404_remote_backdoor)
elif code == 500:
log.warn(messages.module_shell_php.error_500_executing)
elif code == -1:
log.warn(messages.module_shell_php.error_URLError_network)
elif code != 200:
log.warn(messages.module_shell_php.error_i_executing % code)
command_last_chars = utilities.shorten_string(command.rstrip(),
keep_trailer=10)
if (command_last_chars and command_last_chars[-1] not in (';', '}')):
log.warn(messages.module_shell_php.missing_php_trailer_s %
command_last_chars)
def _print_response_status(self, command, code, response):
"""
Debug print and warning in case of missing response and HTTP errors
"""
# log.debug(
# utils.prettify.shorten(
# command,
# keep_header = 40,
# keep_trailer = 40
# )
# )
dlog.info('RESPONSE: %s' % repr(response))
if response: return
if code == 404:
log.warn(messages.module_shell_php.error_404_remote_backdoor)
elif code == 500:
log.warn(messages.module_shell_php.error_500_executing)
elif code == -1:
log.warn(messages.module_shell_php.error_URLError_network)
elif code != 200:
log.warn(messages.module_shell_php.error_i_executing % code)
command_last_chars = utils.prettify.shorten(command.rstrip(),
keep_trailer = 10)
if (command_last_chars and
command_last_chars[-1] not in ( ';', '}' )):
log.warn(messages.module_shell_php.missing_php_trailer_s % command_last_chars)
def send(self, payload):
response = b''
code = 200
error = ''
human_error = ''
try:
response = self.channel_loaded.send(
payload,
self._additional_handlers()
)
except socks.ProxyError as e:
if e.socket_err and e.socket_err.errno:
code = e.socket_err.errno
if e.msg:
error = str(e.msg)
human_error = messages.module_shell_php.error_proxy
except HTTPError as e:
if e.code:
code = e.code
if e.reason:
error = str(e.reason)
if code == 404:
human_error = messages.module_shell_php.error_404_remote_backdoor
elif code == 500:
human_error = messages.module_shell_php.error_500_executing
elif code != 200:
human_error = messages.module_shell_php.error_i_executing % code
except URLError as e:
code = 0
if e.reason:
error = str(e.reason)
human_error = messages.module_shell_php.error_URLError_network
if response:
dlog.info('RESPONSE: %s' % repr(response))
else:
response = b''
command_last_chars = utils.prettify.shorten(
payload.rstrip(),
keep_trailer = 10
)
if (
command_last_chars and
command_last_chars[-1] not in ( ';', '}' )
):
log.warning(messages.module_shell_php.missing_php_trailer_s % command_last_chars)
if error or human_error:
log.debug('[ERR] %s [%s]' % (error, code))
log.warning(human_error)
return response, code, error
def send(self, payload):
response = ''
code = 200
error = ''
human_error = ''
try:
response = self.channel_loaded.send(
payload,
self._additional_handlers()
)
except socks.ProxyError as e:
if e.socket_err and e.socket_err.errno:
code = e.socket_err.errno
if e.msg:
error = str(e.msg)
human_error = messages.module_shell_php.error_proxy
except HTTPError as e:
if e.code:
code = e.code
if e.reason:
error = str(e.reason)
if code == 404:
human_error = messages.module_shell_php.error_404_remote_backdoor
elif code == 500:
human_error = messages.module_shell_php.error_500_executing
elif code != 200:
human_error = messages.module_shell_php.error_i_executing % code
except URLError as e:
code = 0
if e.reason:
error = str(e.reason)
human_error = messages.module_shell_php.error_URLError_network
if response:
dlog.info('RESPONSE: %s' % repr(response))
else:
command_last_chars = utils.prettify.shorten(
payload.rstrip(),
keep_trailer = 10
)
if (
command_last_chars and
command_last_chars[-1] not in ( ';', '}' )
):
log.warn(messages.module_shell_php.missing_php_trailer_s % command_last_chars)
if error or human_error:
log.debug('[ERR] %s [%s]' % (error, code))
log.warn(human_error)
return response, code, error
def precmd(self, line):
"""Before to execute a line commands. Confirm shell availability and get basic system infos """
dlog.info('>>>> %s' % line)
# Skip slack check is not a remote command
if not line or any(
line.startswith(cmnd) for cmnd in (':set', ':help')
):
return line
# If no default shell is available
if not self.session.get('default_shell'):
# Trigger the shell_sh/shell_php probe if
# 1. We never tied to raise shells (shell_sh = IDLE)
# 2. The basic intepreter shell_php failed. It's OK to retry.
if (
self.session['shell_sh']['status'] == Status.IDLE or
self.session['shell_php']['status'] == Status.FAIL
):
# force shell_php to idle to avoid to be skipped by shell_sh
self.session['shell_php']['status'] = Status.IDLE
self.session['shell_sh']['status'] = modules.loaded['shell_sh'].setup()
for shell in ('shell_sh', 'shell_php'):
if self.session[shell]['status'] == Status.RUN:
self.session['default_shell'] = shell
break
# Re-check if some shell is loaded
if not self.session.get('default_shell'):
log.error(messages.terminal.backdoor_unavailable)
return ''
# Print an introductory string with php shell
if self.session.get('default_shell') == 'shell_php':
log.info(messages.terminal.welcome_no_shell)
self._print_command_replacements()
log.info('\nweevely> %s' % line)
# Get hostname and whoami if not set
if not self.session['system_info']['results'].get('hostname'):
modules.loaded['system_info'].run_argv([ "-info", "hostname"])
if not self.session['system_info']['results'].get('whoami'):
modules.loaded['system_info'].run_argv(["-info", "whoami"])
# Get current working directory if not set
# Should be OK to repeat this every time if not set.
if not self.session['file_cd']['results'].get('cwd'):
self.do_file_cd(".")
return line
def precmd(self, line):
"""Before to execute a line commands. Confirm shell availability and get basic system infos """
dlog.info('>>>> %s' % line)
# Skip slack check is not a remote command
if not line or any(
line.startswith(cmnd) for cmnd in (':set', ':help')):
return line
# If no default shell is available
if not self.session.get('default_shell'):
# Trigger the shell_sh/shell_php probe if
# 1. We never tied to raise shells (shell_sh = IDLE)
# 2. The basic intepreter shell_php failed. It's OK to retry.
if (self.session['shell_sh']['status'] == Status.IDLE
or self.session['shell_php']['status'] == Status.FAIL):
# force shell_php to idle to avoid to be skipped by shell_sh
self.session['shell_php']['status'] = Status.IDLE
self.session['shell_sh']['status'] = modules.loaded[
'shell_sh'].setup()
for shell in ('shell_sh', 'shell_php'):
if self.session[shell]['status'] == Status.RUN:
self.session['default_shell'] = shell
break
# Re-check if some shell is loaded
if not self.session.get('default_shell'):
log.error(messages.terminal.backdoor_unavailable)
return ''
# Print an introductory string with php shell
if self.session.get('default_shell') == 'shell_php':
log.info(messages.terminal.welcome_no_shell)
self._print_command_replacements()
log.info('\nweevely> %s' % line)
# Get hostname and whoami if not set
if not self.session['system_info']['results'].get('hostname'):
modules.loaded['system_info'].run_argv(["-info", "hostname"])
if not self.session['system_info']['results'].get('whoami'):
modules.loaded['system_info'].run_argv(["-info", "whoami"])
# Get current working directory if not set
# Should be OK to repeat this every time if not set.
if not self.session['file_cd']['results'].get('cwd'):
self.do_file_cd(".")
return line
def print_to_user(self, module_filter = ''):
dlog.info(pprint.pformat(self))
for mod_name, mod_value in self.items():
if isinstance(mod_value, dict):
mod_args = mod_value.get('stored_args')
# Is a module, print all the storable stored_arguments
for argument, arg_value in mod_args.items():
if not module_filter or ("%s.%s" % (mod_name, argument)).startswith(module_filter):
log.info(messages.sessions.set_module_s_s_s % (mod_name, argument, arg_value))
else:
# If is not a module, just print if matches with print_filters
if any(f for f in print_filters if f == mod_name and f.startswith(module_filter)):
log.info(messages.sessions.set_s_s % (mod_name, mod_value))
def precmd(self, line):
"""Before to execute a line commands. Confirm shell availability and get basic system infos """
dlog.info('>>>> %s' % line)
# Skip slack check is not a remote command
if not line or line.startswith(':set'):
return line
# If no default shell is available
if not self.session.get('default_shell'):
# Setup shell_sh if is never tried
if self.session['shell_sh']['status'] == Status.IDLE:
self.session['shell_sh']['status'] = modules.loaded['shell_sh'].setup()
for shell in ('shell_sh', 'shell_php'):
if self.session[shell]['status'] == Status.RUN:
self.session['default_shell'] = shell
break
# Re-check if some shell is loaded
if not self.session.get('default_shell'):
log.error(messages.terminal.backdoor_unavailable)
return ''
# Get hostname and whoami if not set
if not self.session['system_info']['results'].get('hostname'):
modules.loaded['system_info'].run_argv(["--info=hostname"])
if not self.session['system_info']['results'].get('whoami'):
modules.loaded['system_info'].run_argv(["--info=whoami"])
# Get current working directory if not set
# Should be OK to repeat this every time if not set.
if not self.session['file_cd']['results'].get('cwd'):
self.do_file_cd(".")
return line
def precmd(self, line):
"""Before to execute a line commands. Confirm shell availability and get basic system infos """
dlog.info('>>>> %s' % line)
# Skip slack check is not a remote command
if not line or any(
line.startswith(cmnd)
for cmnd in (':set', ':unset', ':show', ':help')):
return line
# Trigger the shell_sh/shell_php probe if
# 1. We never tried to raise shells (shell_sh = IDLE)
# 2. The basic intepreter shell_php is not running.
if (self.session['shell_sh']['status'] == Status.IDLE
or self.session['shell_php']['status'] != Status.RUN):
# We're implying that no shell is set, so reset default shell
self.session['default_shell'] = None
# Force shell_php to idle to avoid to be skipped by shell_sh
self.session['shell_php']['status'] = Status.IDLE
# Catch every exception which prevent the shell setup.
# We imply that at every channel change (proxy, channel name)
# this piece of code will be executed.
try:
self.session['shell_sh']['status'] = modules.loaded[
'shell_sh'].setup()
except ChannelException as e:
log.error(e.message)
return ''
# Set default_shell in any case (could have been changed runtime)
for shell in ('shell_sh', 'shell_php'):
if self.session[shell]['status'] == Status.RUN:
self.session['default_shell'] = shell
break
# Kill the execution if no shell were loaded
if not self.session.get('default_shell'):
log.error(messages.terminal.backdoor_unavailable)
return ''
# TODO: do not print this every loop
# Print an introductory string with php shell
#if self.session.get('default_shell') == 'shell_php':
# log.info(messages.terminal.welcome_no_shell)
# self._print_command_replacements()
# log.info('\nweevely> %s' % line)
# Get hostname and whoami if not set
if not self.session['system_info']['results'].get('hostname'):
modules.loaded['system_info'].run_argv(["-info", "hostname"])
if not self.session['system_info']['results'].get('whoami'):
modules.loaded['system_info'].run_argv(["-info", "whoami"])
# Get current working directory if not set
# Should be OK to repeat this every time if not set.
if not self.session['file_cd']['results'].get('cwd'):
self.do_file_cd(".")
return line
def precmd(self, line):
"""Before to execute a line commands. Confirm shell availability and get basic system infos """
dlog.info('>>>> %s' % line)
# Skip slack check is not a remote command
if not line or any(
line.startswith(cmnd) for cmnd in (
':set',
':unset',
':show',
':help'
)
):
return line
# Trigger the shell_sh/shell_php probe if
# 1. We never tried to raise shells (shell_sh = IDLE)
# 2. The basic intepreter shell_php is not running.
if (
self.session['shell_sh']['status'] == Status.IDLE or
self.session['shell_php']['status'] != Status.RUN
):
# We're implying that no shell is set, so reset default shell
self.session['default_shell'] = None
# Force shell_php to idle to avoid to be skipped by shell_sh
self.session['shell_php']['status'] = Status.IDLE
# Catch every exception which prevent the shell setup.
# We imply that at every channel change (proxy, channel name)
# this piece of code will be executed.
try:
self.session['shell_sh']['status'] = modules.loaded['shell_sh'].setup()
except ChannelException as e:
log.error(e.message)
return ''
# Set default_shell in any case (could have been changed runtime)
for shell in ('shell_sh', 'shell_php'):
if self.session[shell]['status'] == Status.RUN:
self.session['default_shell'] = shell
break
# Kill the execution if no shell were loaded
if not self.session.get('default_shell'):
log.error(messages.terminal.backdoor_unavailable)
return ''
# TODO: do not print this every loop
# Print an introductory string with php shell
#if self.session.get('default_shell') == 'shell_php':
# log.info(messages.terminal.welcome_no_shell)
# self._print_command_replacements()
# log.info('\nweevely> %s' % line)
# Get hostname and whoami if not set
if not self.session['system_info']['results'].get('hostname'):
modules.loaded['system_info'].run_argv([ "-info", "hostname"])
if not self.session['system_info']['results'].get('whoami'):
modules.loaded['system_info'].run_argv(["-info", "whoami"])
# Get current working directory if not set
# Should be OK to repeat this every time if not set.
if not self.session['file_cd']['results'].get('cwd'):
self.do_file_cd(".")
return line