def exec_payload(self, payload_name, args=()):
"""
Execute ANOTHER payload, by providing the other payload name.
:param payload_name: The name of the payload I want to run.
:return: The payload result.
"""
try:
return payload_handler.exec_payload(self.shell, payload_name,
args, use_api=True)
except:
#
# Run the payload name with any shell that has the capabilities
# we need, not the one we're already using (that failed because
# it doesn't have the capabilities).
#
try:
return payload_handler.exec_payload(None, payload_name, args,
use_api=True)
except:
msg = 'The payload you are trying to run ("%s") can not be' \
' run because it is trying to call another payload'\
' ("%s") which is failing because there are no shells'\
' that support the required system calls.'
om.out.console(msg)
# TODO: Should I raise an exception here?
return msg % (self, payload_name)
def exec_payload(self, payload_name, args=()):
"""
Execute ANOTHER payload, by providing the other payload name.
:param payload_name: The name of the payload I want to run.
:return: The payload result.
"""
try:
return payload_handler.exec_payload(self.shell,
payload_name,
args,
use_api=True)
except:
#
# Run the payload name with any shell that has the capabilities
# we need, not the one we're already using (that failed because
# it doesn't have the capabilities).
#
try:
return payload_handler.exec_payload(None,
payload_name,
args,
use_api=True)
except:
msg = 'The payload you are trying to run ("%s") can not be' \
' run because it is trying to call another payload' \
' ("%s") which is failing because there are no shells' \
' that support the required system calls.'
om.out.console(msg)
# TODO: Should I raise an exception here?
return msg % (self, payload_name)
def test_portscan(self):
result = exec_payload(self.shell, 'portscan',
args=('localhost', '22'),
use_api=True)
self.assertEquals(self.RESULT_22, result)
result = exec_payload(self.shell, 'portscan',
args=('localhost', '23'),
use_api=True)
self.assertEquals(self.RESULT_23, result)
def test_portscan(self):
result = exec_payload(self.shell,
'portscan',
args=('localhost', '22'),
use_api=True)
self.assertEquals(self.RESULT_22, result)
result = exec_payload(self.shell,
'portscan',
args=('localhost', '23'),
use_api=True)
self.assertEquals(self.RESULT_23, result)
def _payload(self, parameters):
"""
Handle the payload command:
- payload desc list_processes -> return payload description
- payload list_processes -> run payload
:param payload_name: The name of the payload I want to run.
:param parameters: The parameters as sent by the user.
"""
#
# Handle payload desc xyz
#
if len(parameters) == 2:
if parameters[0] == 'desc':
payload_name = parameters[1]
if payload_name not in payload_handler.get_payload_list():
return 'Unknown payload name: "%s"' % payload_name
return payload_handler.get_payload_desc(payload_name)
#
# Handle payload xyz
#
payload_name = parameters[0]
parameters = parameters[1:]
if payload_name not in payload_handler.get_payload_list():
return 'Unknown payload name: "%s"' % payload_name
if payload_name in payload_handler.runnable_payloads(self):
om.out.debug('Payload %s can be run. Starting execution.' %
payload_name)
# Note: The payloads are actually writing to om.out.console
# so there is no need to get the result. If someone wants to
# get the results in a programatic way they should execute the
# payload with use_api=True.
try:
payload_handler.exec_payload(self, payload_name, parameters)
result = None
except TypeError:
# We get here when the user calls the payload with an incorrect
# number of parameters:
payload = payload_handler.get_payload_instance(
payload_name, self)
result = payload.get_desc()
except ValueError, ve:
# We get here when one of the parameters provided by the user is
# not of the correct type, or something like that.
result = str(ve)
def _payload(self, parameters):
"""
Handle the payload command:
- payload desc list_processes -> return payload description
- payload list_processes -> run payload
:param payload_name: The name of the payload I want to run.
:param parameters: The parameters as sent by the user.
"""
#
# Handle payload desc xyz
#
if len(parameters) == 2:
if parameters[0] == 'desc':
payload_name = parameters[1]
if payload_name not in payload_handler.get_payload_list():
return 'Unknown payload name: "%s"' % payload_name
return payload_handler.get_payload_desc(payload_name)
#
# Handle payload xyz
#
payload_name = parameters[0]
parameters = parameters[1:]
if payload_name not in payload_handler.get_payload_list():
return 'Unknown payload name: "%s"' % payload_name
if payload_name in payload_handler.runnable_payloads(self):
om.out.debug(
'Payload %s can be run. Starting execution.' % payload_name)
# Note: The payloads are actually writing to om.out.console
# so there is no need to get the result. If someone wants to
# get the results in a programatic way they should execute the
# payload with use_api=True.
try:
payload_handler.exec_payload(self, payload_name, parameters)
result = None
except TypeError:
# We get here when the user calls the payload with an incorrect
# number of parameters:
payload = payload_handler.get_payload_instance(
payload_name, self)
result = payload.get_desc()
except ValueError, ve:
# We get here when one of the parameters provided by the user is
# not of the correct type, or something like that.
result = str(ve)
def test_exec_payload_read(self):
shell = FakeReadShell()
result = exec_payload(shell, 'os_fingerprint', use_api=True)
self.assertEquals({'os': 'Linux'}, result)
result = exec_payload(shell, 'cpu_info', use_api=True)
# On my box the result is:
#
# {'cpu_info': 'AMD Phenom(tm) II X4 945 Processor', 'cpu_cores': '4'}
#
# But because others will also run this, I don't want to make it so
# strict
self.assertTrue('cpu_info' in result)
self.assertTrue('cpu_cores' in result)
self.assertGreater(int(result['cpu_cores']), 0)
self.assertLess(int(result['cpu_cores']), 12)
def test_pixy(self):
temp_dir = tempfile.mkdtemp()
result = exec_payload(self.shell,
'pixy',
args=(temp_dir, temp_dir),
use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_uptime(self):
result = exec_payload(self.shell, 'uptime', use_api=True)
for key in self.EXPECTED_RESULT:
for time_unit in self.EXPECTED_RESULT[key]:
self.assertTrue(
self.EXPECTED_RESULT[key][time_unit].isdigit())
def test_exec_payload_read(self):
shell = FakeReadShell()
result = exec_payload(shell, 'os_fingerprint', use_api=True)
self.assertEquals({'os': 'Linux'}, result)
result = exec_payload(shell, 'cpu_info', use_api=True)
# On my box the result is:
#
# {'cpu_info': 'AMD Phenom(tm) II X4 945 Processor', 'cpu_cores': '4'}
#
# But because others will also run this, I don't want to make it so
# strict
self.assertTrue('cpu_info' in result)
self.assertTrue('cpu_cores' in result)
self.assertGreater(int(result['cpu_cores']), 0)
self.assertLess(int(result['cpu_cores']), 12)
def test_apache_mod_security(self):
result = exec_payload(self.shell, 'apache_mod_security', use_api=True)
self.assertEquals(self.EXPECTED_RESULT['version'], result['version'])
self.assertIn('/etc/apache2/mods-available/mod-security.conf', result['file'])
file_content = result['file']['/etc/apache2/mods-available/mod-security.conf']
self.assertIn('<IfModule security2_module>', file_content)
def test_udp(self):
result = exec_payload(self.shell, 'udp', use_api=True)
local_addresses = []
for key, conn_data in result.iteritems():
local_addresses.append(conn_data['local_address'])
self.assertEqual(self.EXPECTED_RESULT, set(local_addresses))
def test_udp(self):
result = exec_payload(self.shell, 'udp', use_api=True)
local_addresses = []
for key, conn_data in result.iteritems():
local_addresses.append(conn_data['local_address'])
self.assertTrue(set(local_addresses).issuperset(self.EXPECTED_RESULT))
def test_current_user(self):
result = exec_payload(self.shell, "current_user", use_api=True)
user = result["current"]["user"]
self.assertEquals(self.EXPECTED_RESULT["current"]["user"], user)
home = result["current"]["home"]
self.assertTrue(home.startswith(self.EXPECTED_RESULT["current"]["home"]), home)
def test_tcp(self):
result = exec_payload(self.shell, 'tcp', use_api=True)
local_addresses = []
for key, conn_data in result.iteritems():
local_addresses.append(conn_data['local_address'])
self.assertTrue(set(local_addresses).issuperset(self.EXPECTED_RESULT))
def test_apache_mod_security(self):
result = exec_payload(self.shell, 'apache_mod_security', use_api=True)
self.assertEquals(self.EXPECTED_RESULT['version'], result['version'])
self.assertIn('/etc/apache2/mods-available/mod-security.conf', result['file'])
file_content = result['file']['/etc/apache2/mods-available/mod-security.conf']
self.assertIn('<IfModule security2_module>', file_content)
def test_tcp(self):
result = exec_payload(self.shell, 'tcp', use_api=True)
local_addresses = []
for key, conn_data in result.iteritems():
local_addresses.append(conn_data['local_address'])
for expected_local_address in self.EXPECTED_RESULT:
self.assertIn(expected_local_address, local_addresses)
def test_current_user(self):
result = exec_payload(self.shell, 'current_user', use_api=True)
user = result['current']['user']
self.assertEquals(self.EXPECTED_RESULT['current']['user'], user)
home = result['current']['home']
self.assertTrue(
home.startswith(self.EXPECTED_RESULT['current']['home']), home)
def test_list_processes(self):
result = exec_payload(
self.shell, 'list_processes', args=(2000,), use_api=True)
cmds = []
for _, pid_data in result.iteritems():
cmds.append(pid_data['cmd'])
for expected in self.EXPECTED_RESULT:
self.assertIn(expected, cmds)
def test_list_processes(self):
result = exec_payload(self.shell,
'list_processes',
args=(2000, ),
use_api=True)
cmds = []
for _, pid_data in result.iteritems():
cmds.append(pid_data['cmd'])
for expected in self.EXPECTED_RESULT:
self.assertIn(expected, cmds)
def test_get_source_code(self):
temp_dir = tempfile.mkdtemp()
result = exec_payload(self.shell, 'get_source_code', args=(temp_dir,),
use_api=True)
self.assertEqual(len(self.EXPECTED_RESULT.keys()), 1)
expected_url = self.EXPECTED_RESULT.keys()[0]
downloaded_url = result.items()[0][0].url_string
self.assertEquals(expected_url, downloaded_url)
downloaded_file_path = result.items()[0][1][1]
downloaded_file_content = file(downloaded_file_path).read()
self.assertTrue(self.CONTENT in downloaded_file_content)
shutil.rmtree(temp_dir)
def test_route(self):
result = exec_payload(self.shell, 'route', use_api=True)
routes = result['route']
for route_info in routes:
dest = route_info['Destination']
gw = route_info['Gateway']
iface = route_info['Iface']
mask = route_info['Mask']
self.assertEqual(dest.count('.'), 3)
self.assertEqual(gw.count('.'), 3)
self.assertEqual(mask.count('.'), 3)
self.assertTrue(
iface.startswith('eth') or iface.startswith('wlan')
or iface.startswith('ppp') or iface.startswith('vbox')
or iface.startswith('lxcbr') or iface.startswith('docker')
or iface.startswith('lo'), iface)
def test_route(self):
result = exec_payload(self.shell, 'route', use_api=True)
routes = result['route']
for route_info in routes:
dest = route_info['Destination']
gw = route_info['Gateway']
iface = route_info['Iface']
mask = route_info['Mask']
self.assertEqual(dest.count('.'), 3)
self.assertEqual(gw.count('.'), 3)
self.assertEqual(mask.count('.'), 3)
self.assertTrue(iface.startswith('eth') or
iface.startswith('wlan') or
iface.startswith('ppp') or
iface.startswith('vbox') or
iface.startswith('lxcbr') or
iface.startswith('lo'), iface)
def test_route(self):
result = exec_payload(self.shell, "route", use_api=True)
routes = result["route"]
for route_info in routes:
dest = route_info["Destination"]
gw = route_info["Gateway"]
iface = route_info["Iface"]
mask = route_info["Mask"]
self.assertEqual(dest.count("."), 3)
self.assertEqual(gw.count("."), 3)
self.assertEqual(mask.count("."), 3)
self.assertTrue(
iface.startswith("eth")
or iface.startswith("wlan")
or iface.startswith("ppp")
or iface.startswith("vbox")
or iface.startswith("lxcbr")
or iface.startswith("docker")
or iface.startswith("lo"),
iface,
)
def test_root_login_allowed(self):
result = exec_payload(self.shell, 'root_login_allowed', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_apache_htaccess(self):
result = exec_payload(self.shell, 'apache_htaccess', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_w3af_agent(self):
result = exec_payload(self.shell, 'w3af_agent', args=(get_local_ip(),),
use_api=True)
self.assertEquals('Successfully started the w3afAgent.', result)
def test_running_vm(self):
result = exec_payload(self.shell, 'running_vm', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_apache_config_directory(self):
result = exec_payload(self.shell,
'apache_config_directory',
use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_php_sca(self):
result = exec_payload(self.shell, 'php_sca', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result.keys()[0])
def test_iis_root_directory(self):
result = exec_payload(self.shell, 'iis_root_directory', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_dhcp_config_files(self):
result = exec_payload(self.shell, 'dhcp_config_files', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_get_hashes(self):
result = exec_payload(self.shell, 'get_hashes', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_exec_payload_exec(self):
shell = FakeExecShell()
result = exec_payload(shell, 'os_fingerprint', use_api=True)
self.assertEquals({'os': 'Linux'}, result)
def test_filesystem(self):
result = exec_payload(self.shell, 'filesystem', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result.keys())
def test_kernel_version(self):
result = exec_payload(self.shell, 'kernel_version', use_api=True)
self.assertTrue(result['kernel_version'].startswith('3.2.'))
self.assertTrue('buildd' in result['kernel_version'])
def test_os_fingerprint(self):
result = exec_payload(self.shell, 'os_fingerprint', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_root_login_allowed(self):
result = exec_payload(self.shell, 'root_login_allowed', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_ssh_version(self):
result = exec_payload(self.shell, 'ssh_version', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_log_reader(self):
result = exec_payload(self.shell, 'log_reader', use_api=True)
logs = set(result.keys())
self.assertTrue(self.EXPECTED_RESULT.issubset(logs), logs)
def test_log_reader(self):
result = exec_payload(self.shell, 'log_reader', use_api=True)
logs = set(result.keys())
self.assertTrue(self.EXPECTED_RESULT.issubset(logs), logs)
def test_list_kernel_modules(self):
result = exec_payload(self.shell, 'list_kernel_modules', use_api=True)
self.assertTrue(
set(result.keys()).issuperset(self.EXPECTED_RESULT), result.keys())
def test_netcat_installed(self):
result = exec_payload(self.shell, 'netcat_installed', use_api=True)
self.assertIn(result, [self.EXISTS_EXPECTED_RESULT,
self.NOTEXISTS_EXPECTED_RESULT])
def test_dhcp_config_files(self):
result = exec_payload(self.shell, 'dhcp_config_files', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_firefox_stealer(self):
result = exec_payload(self.shell, 'firefox_stealer', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_hostname(self):
result = exec_payload(self.shell, "hostname", use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_is_root(self):
result = exec_payload(self.shell, 'is_root', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_arp_cache(self):
result = exec_payload(self.shell, "arp_cache", use_api=True)
for ip_address, (mac, iface) in result.iteritems():
self.assertEquals(ip_address.count("."), 3)
self.assertEquals(mac.count(":"), 5)
self.assertTrue(iface.startswith("eth"))
def test_apache_run_group(self):
result = exec_payload(self.shell, 'apache_run_group', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_rootkit_hunter(self):
result = exec_payload(self.shell, 'rootkit_hunter', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_rootkit_hunter(self):
result = exec_payload(self.shell, "rootkit_hunter", use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result)
def test_spider(self):
result = exec_payload(self.shell, "spider", args=(2,), use_api=True)
self.assertTrue("/home/moth/keys.txt" in result)
self.assertTrue(result["/home/moth/keys.txt"])
def test_ssh_config_files(self):
result = exec_payload(self.shell, 'ssh_config_files', use_api=True)
self.assertTrue('/etc/ssh/sshd_config' in result)
self.assertTrue('PermitRootLogin' in result['/etc/ssh/sshd_config'])
def test_hosts(self):
result = exec_payload(self.shell, 'hosts', use_api=True)
self.assertEquals(self.EXPECTED_RESULT, result.keys())