def _print_runnable_payloads(self):
'''
Print the payloads that can be run using this exploit.
@return: A list with all runnable payloads.
'''
payloads = payload_handler.runnable_payloads( self )
payloads.sort()
return '\n'.join( payloads )
def _print_runnable_payloads(self):
'''
Print the payloads that can be run using this exploit.
:return: A list with all runnable payloads.
'''
payloads = payload_handler.runnable_payloads(self)
payloads.sort()
return '\n'.join(payloads)
def test_runnable_payloads_exec(self):
shell = FakeExecShell()
runnable = runnable_payloads(shell)
EXCEPTIONS = set([
'portscan',
])
all_payloads = get_payload_list()
all_but_exceptions = set(all_payloads) - EXCEPTIONS
self.assertEquals(set(runnable), all_but_exceptions)
def test_runnable_payloads_read(self):
shell = FakeReadShell( None )
runnable = runnable_payloads(shell)
EXPECTED = ('apache_run_user','cpu_info','firefox_stealer','get_hashes')
NOT_EXPECTED = ('msf_linux_x86_meterpreter_reverse_tcp','portscan','w3af_agent')
for name in EXPECTED:
self.assertTrue(name in runnable)
for name in NOT_EXPECTED:
self.assertFalse(name in runnable)
def test_runnable_payloads_exec(self):
shell = FakeExecShell( None )
runnable = runnable_payloads(shell)
EXCEPTIONS = set(['portscan',])
all = get_payload_list()
all_but_exceptions = set(all) - EXCEPTIONS
self.assertEquals(
set(runnable),
all_but_exceptions
)
def _payload(self, parameters):
'''
Handle the payload command:
- payload desc list_processes -> return payload description
- payload list_processes -> run payload
:param payload_name: The name of the payload I want to run.
:param parameters: The parameters as sent by the user.
'''
#
# Handle payload desc xyz
#
if len(parameters) == 2:
if parameters[0] == 'desc':
payload_name = parameters[1]
if payload_name not in payload_handler.get_payload_list():
return 'Unknown payload name: "%s"' % payload_name
return payload_handler.get_payload_desc(payload_name)
#
# Handle payload xyz
#
payload_name = parameters[0]
parameters = parameters[1:]
if payload_name not in payload_handler.get_payload_list():
return 'Unknown payload name: "%s"' % payload_name
if payload_name in payload_handler.runnable_payloads(self):
om.out.debug(
'Payload %s can be run. Starting execution.' % payload_name)
# Note: The payloads are actually writing to om.out.console
# so there is no need to get the result. If someone wants to
# get the results in a programatic way they should execute the
# payload with use_api=True.
try:
payload_handler.exec_payload(self, payload_name, parameters)
result = None
except TypeError:
# We get here when the user calls the payload with an incorrect
# number of parameters:
payload = payload_handler.get_payload_instance(
payload_name, self)
result = payload.get_desc()
except ValueError, ve:
# We get here when one of the parameters provided by the user is
# not of the correct type, or something like that.
result = str(ve)
def _payload(self, parameters):
'''
Handle the payload command:
- payload desc list_processes -> return payload description
- payload list_processes -> run payload
:param payload_name: The name of the payload I want to run.
:param parameters: The parameters as sent by the user.
'''
#
# Handle payload desc xyz
#
if len(parameters) == 2:
if parameters[0] == 'desc':
payload_name = parameters[1]
if payload_name not in payload_handler.get_payload_list():
return 'Unknown payload name: "%s"' % payload_name
return payload_handler.get_payload_desc(payload_name)
#
# Handle payload xyz
#
payload_name = parameters[0]
parameters = parameters[1:]
if payload_name not in payload_handler.get_payload_list():
return 'Unknown payload name: "%s"' % payload_name
if payload_name in payload_handler.runnable_payloads(self):
om.out.debug(
'Payload %s can be run. Starting execution.' % payload_name)
# Note: The payloads are actually writing to om.out.console
# so there is no need to get the result. If someone wants to
# get the results in a programatic way they should execute the
# payload with use_api=True.
try:
payload_handler.exec_payload(self, payload_name, parameters)
result = None
except TypeError:
# We get here when the user calls the payload with an incorrect
# number of parameters:
payload = payload_handler.get_payload_instance(
payload_name, self)
result = payload.get_desc()
except ValueError, ve:
# We get here when one of the parameters provided by the user is
# not of the correct type, or something like that.
result = str(ve)
def test_runnable_payloads_read(self):
shell = FakeReadShell()
runnable = runnable_payloads(shell)
EXPECTED = ('apache_run_user', 'cpu_info', 'firefox_stealer',
'get_hashes')
NOT_EXPECTED = ('msf_linux_x86_meterpreter_reverse_tcp', 'portscan',
'w3af_agent')
for name in EXPECTED:
self.assertTrue(name in runnable)
for name in NOT_EXPECTED:
self.assertFalse(name in runnable)
def _payload(self, payload_name, parameters):
'''
Run a payload by name.
@param payload_name: The name of the payload I want to run.
@param parameters: The parameters as sent by the user.
'''
result_str = ''
if payload_name in payload_handler.runnable_payloads(self):
om.out.debug( 'The payload can be run. Starting execution.' )
# TODO: The payloads are actually writing to om.out.console
# by themselves, so this is useless. In order for the
# result_str = ... to work, we would need a refactoring
# what usually gets here, are errors.
result_str = payload_handler.exec_payload( self, payload_name, parameters)
else:
result_str = 'The payload could not be run.'
return result_str
def _payload(self, payload_name, parameters):
'''
Run a payload by name.
@param payload_name: The name of the payload I want to run.
@param parameters: The parameters as sent by the user.
'''
if payload_name in payload_handler.runnable_payloads(self):
om.out.debug( 'The payload can be run. Starting execution.' )
# Note: The payloads are actually writing to om.out.console
# so there is no need to get the result. If someone wants to
# get the results in a programatic way they should execute the
# payload with use_api=True.
payload_handler.exec_payload( self, payload_name, parameters)
result = None
else:
result = 'The payload could not be run.'
return result
