def installer():
packages = "build-essential python-dev"
dependencies = "git python-pip"
info_msg = "Starting the installer. "
sys.stdout.write(settings.print_info_msg(info_msg))
sys.stdout.flush()
# Check if OS is Linux.
if settings.PLATFORM == "posix":
# You need to have administrative privileges to run this script.
if not common.running_as_admin():
print(settings.SINGLE_WHITESPACE)
err_msg = "You need to have administrative privileges to run this option."
print(settings.print_critical_msg(err_msg))
raise SystemExit()
# Check if commix is already installed.
if os.path.isdir("/usr/share/" + settings.APPLICATION + ""):
print(settings.SINGLE_WHITESPACE)
warn_msg = "It seems that " + settings.APPLICATION
warn_msg += " is already installed in your system."
print(settings.print_warning_msg(warn_msg))
while True:
if not menu.options.batch:
question_msg = "Do you want to remove commix? [Y/n] > "
uninstall = _input(
settings.print_question_msg(question_msg))
else:
uninstall = ""
if len(uninstall) == 0:
uninstall = "Y"
if uninstall in settings.CHOICE_YES:
uninstaller()
raise SystemExit()
elif uninstall in settings.CHOICE_NO or \
uninstall in settings.CHOICE_QUIT:
raise SystemExit()
else:
err_msg = "'" + uninstall + "' is not a valid answer."
print(settings.print_error_msg(err_msg))
pass
# Check for git.
if not os.path.isfile("/usr/bin/git") or not os.path.isfile(
"/usr/bin/pip"):
# Install requirement.
if os.path.isfile("/etc/apt/sources.list"):
sys.stdout.write(settings.SUCCESS_STATUS + "\n")
sys.stdout.flush()
# Check for dependencies.
dependencies_items = dependencies.split()
for item in dependencies_items:
requirments.do_check(item)
else:
print(settings.SINGLE_WHITESPACE)
err_msg = "The installer is not designed for any "
err_msg += "other Linux distro than Ubuntu / Debian. "
err_msg += "Please install manually: " + dependencies
print(settings.print_critical_msg(err_msg))
print(settings.SINGLE_WHITESPACE)
raise SystemExit()
# Force install of necessary packages
subprocess.Popen("apt-get --force-yes -y install " + packages +
">/dev/null 2>&1",
shell=True).wait()
sys.stdout.write(settings.SUCCESS_STATUS + "\n")
sys.stdout.flush()
info_msg = "Installing " + settings.APPLICATION
info_msg += " into the /usr/share/" + settings.APPLICATION + ". "
sys.stdout.write(settings.print_info_msg(info_msg))
try:
current_dir = os.getcwd()
subprocess.Popen("cp -r " + current_dir + " /usr/share/" +
settings.APPLICATION + " >/dev/null 2>&1",
shell=True).wait()
subprocess.Popen("chmod 775 /usr/share/" + settings.APPLICATION +
"/" + settings.APPLICATION +
".py >/dev/null 2>&1",
shell=True).wait()
except:
print(settings.SINGLE_WHITESPACE)
raise SystemExit()
sys.stdout.write(settings.SUCCESS_STATUS + "\n")
sys.stdout.flush()
info_msg = "Installing " + settings.APPLICATION
info_msg += " to /usr/bin/" + settings.APPLICATION + ". "
sys.stdout.write(settings.print_info_msg(info_msg))
try:
with open("/usr/bin/" + settings.APPLICATION, 'w') as f:
f.write('#!/bin/bash\n')
f.write('cd /usr/share/commix/ && ./commix.py "$@"\n')
subprocess.Popen("chmod +x /usr/bin/" + settings.APPLICATION +
" >/dev/null 2>&1",
shell=True).wait()
except:
print(settings.SINGLE_WHITESPACE)
raise SystemExit()
sys.stdout.write(settings.SUCCESS_STATUS + "\n")
sys.stdout.flush()
#Create the Output Directory
try:
os.stat(settings.OUTPUT_DIR)
except:
try:
os.mkdir(settings.OUTPUT_DIR)
except OSError as err_msg:
try:
error_msg = str(err_msg).split("] ")[1] + "."
except IndexError:
error_msg = str(err_msg) + "."
print(settings.print_critical_msg(error_msg))
raise SystemExit()
info_msg = "The installation is finished! Type '"
info_msg += settings.APPLICATION + "' to launch it."
print(settings.print_bold_info_msg(info_msg))
else:
print(settings.SINGLE_WHITESPACE)
err_msg = "The installer is not designed for any other system other than Linux. "
err_msg += "Please install manually: " + packages + dependencies
print(settings.print_critical_msg(err_msg))
print(settings.SINGLE_WHITESPACE)
raise SystemExit()
# eof
def dns_exfiltration_handler(url, http_request_method):
# Check injection state
settings.DETECTION_PHASE = True
settings.EXPLOITATION_PHASE = False
# You need to have administrative privileges to run this module.
if not common.running_as_admin():
err_msg = "You need to have administrative privileges to run this module."
print("\n" + settings.print_critical_msg(err_msg))
os._exit(0)
if http_request_method != settings.HTTPMETHOD.POST:
#url = parameters.do_GET_check(url, http_request_method)
vuln_parameter = parameters.vuln_GET_param(url)
request = _urllib.request.Request(url)
headers.do_check(request)
else:
parameter = menu.options.data
parameter = _urllib.parse.unquote(parameter)
parameter = parameters.do_POST_check(parameter, http_request_method)
request = _urllib.request.Request(url, parameter)
headers.do_check(request)
vuln_parameter = parameters.vuln_POST_param(parameter, url)
# Check if defined any HTTP Proxy.
if menu.options.proxy:
try:
response = proxy.use_proxy(request)
except _urllib.error.HTTPError as err_msg:
if str(err_msg.code) == settings.INTERNAL_SERVER_ERROR or str(err_msg.code) == settings.BAD_REQUEST:
response = False
elif settings.IGNORE_ERR_MSG == False:
err = str(err_msg) + "."
print("\n" + settings.print_critical_msg(err))
continue_tests = checks.continue_tests(err_msg)
if continue_tests == True:
settings.IGNORE_ERR_MSG = True
else:
os._exit(0)
# Check if defined Tor.
elif menu.options.tor:
try:
response = tor.use_tor(request)
except _urllib.error.HTTPError as err_msg:
if str(err_msg.code) == settings.INTERNAL_SERVER_ERROR or str(err_msg.code) == settings.BAD_REQUEST:
response = False
elif settings.IGNORE_ERR_MSG == False:
err = str(err_msg) + "."
print("\n" + settings.print_critical_msg(err))
continue_tests = checks.continue_tests(err_msg)
if continue_tests == True:
settings.IGNORE_ERR_MSG = True
else:
os._exit(0)
else:
try:
response = _urllib.request.urlopen(request, timeout=settings.TIMEOUT)
except _urllib.error.HTTPError as err_msg:
if str(err_msg.code) == settings.INTERNAL_SERVER_ERROR or str(err_msg.code) == settings.BAD_REQUEST:
response = False
elif settings.IGNORE_ERR_MSG == False:
err = str(err_msg) + "."
print("\n" + settings.print_critical_msg(err))
continue_tests = checks.continue_tests(err_msg)
if continue_tests == True:
settings.IGNORE_ERR_MSG = True
else:
os._exit(0)
if settings.TARGET_OS == "win":
err_msg = "This module's payloads are not suppoted by "
err_msg += "the identified target operating system."
print(settings.print_critical_msg(err_msg) + "\n")
os._exit(0)
else:
dns_server = menu.options.dns_server
technique = "DNS exfiltration module"
info_msg = "Loading the " + technique + ". \n"
sys.stdout.write(settings.print_info_msg(info_msg))
exploitation(dns_server, url, http_request_method, vuln_parameter, technique)