def main(arguments):
if arguments.command == 'generate':
obfuscated = generate.generate(password=arguments.password,
obfuscator=arguments.obfuscator,
agent=arguments.agent)
generate.save_generated(obfuscated, arguments.path)
log.info(
messages.generate.generated_backdoor_with_password_s_in_s_size_i %
(arguments.password, arguments.path, len(obfuscated)))
return
elif arguments.command == 'terminal':
session = SessionURL(url=arguments.url, password=arguments.password)
elif arguments.command == 'session':
session = SessionFile(arguments.path)
dlog.debug(pprint.pformat(session))
modules.load_modules(session)
if not arguments.cmd:
Terminal(session).cmdloop()
else:
Terminal(session).onecmd(arguments.cmd)
def do_terminal(self, args):
'use terminal for host'
if len(args) == 0:
print "e.g: terminal host"
else:
host = args.split()[0]
if self.user and self.passwd:
client = Terminal(host, self.user, self.passwd, timeout=5)
client.run()
def do_terminal(self, args):
'use terminal for host'
if len(args) == 0:
print "e.g: terminal host"
else:
host = args.split()[0]
if self.user and self.passwd:
client = Terminal(host, self.user, self.passwd, timeout=5)
client.run()
def setUp(self, log_captured):
session = SessionURL(self.url, self.password, volatile = True)
modules.load_modules(session)
self.terminal = Terminal(session)
self.brokensessionfiles = [
'/nonexistent',
'/tmp/sessionfile1',
'/tmp/sessionfile2',
'/tmp/sessionfile3'
]
def test_run_wrong_url(self, log_captured):
session = SessionURL(self.url + 'BOGUS', 'BOGUS', volatile=True)
modules.load_modules(session)
terminal = Terminal(session)
line = 'echo 1'
line = terminal.precmd(line)
stop = terminal.onecmd(line)
stop = terminal.postcmd(stop, line)
# Test the behaviour when starting terminal on wrong remote URL
self.assertTrue(log_captured.records[-1].msg.endswith(
messages.terminal.backdoor_unavailable))
def login(self, ip=None, user=None, passwd=None):
if not ip:
ip = self.ip
if not user:
user = self.user
if not passwd:
passwd = self.passwd
return Terminal(ip, user, passwd, timeout=5)
def test_run_wrong_url(self, log_captured):
session = SessionURL(self.url + 'BOGUS', 'BOGUS', volatile = True)
modules.load_modules(session)
terminal = Terminal(session)
line = 'echo 1'
line = terminal.precmd(line)
stop = terminal.onecmd(line)
stop = terminal.postcmd(stop, line)
# Test the behaviour when starting terminal on wrong remote URL
self.assertTrue(
log_captured.records[-1].msg.endswith(
messages.terminal.backdoor_unavailable
)
)
class TerminalTest(BaseTest):
@log_capture()
def setUp(self, log_captured):
session = SessionURL(self.url, self.password, volatile=True)
modules.load_modules(session)
self.terminal = Terminal(session)
def _assert_exec(self, line, expected, log_captured):
line = self.terminal.precmd(line)
stop = self.terminal.onecmd(line)
stop = self.terminal.postcmd(stop, line)
self.assertEqual(log_captured.records[-1].msg, expected)
@log_capture()
def test_base(self, log_captured):
# Basic
self._assert_exec('echo 1', '1', log_captured)
# Module with single argument
self._assert_exec(':shell_php echo(1);', '1', log_captured)
# Module with multiple argument wrognly passed and precisely fixed
self._assert_exec(':shell_php echo(1); echo(2);', '12', log_captured)
# Module with multiple argument properly passed
self._assert_exec(':shell_php "echo(1); echo(2);"', '12', log_captured)
# Module with mandatory and optional arguments properly passed
self._assert_exec(
':shell_php -postfix-string echo(3); "echo(1); echo(2);"', '123',
log_captured)
# Module with mandatory and optional arguments wrongly passed but precisely fixed
self._assert_exec(
':shell_php -postfix-string echo(3); echo(1); echo(2);', '123',
log_captured)
@log_capture()
def test_session(self, log_captured):
# Test to generate a session with a wrong file
self.assertRaises(FatalException, lambda: SessionFile('BOGUS'))
@log_capture()
def test_run_wrong_pass(self, log_captured):
session = SessionURL(self.url, 'BOGUS', volatile=True)
modules.load_modules(session)
terminal = Terminal(session)
line = 'echo 1'
line = terminal.precmd(line)
stop = terminal.onecmd(line)
stop = terminal.postcmd(stop, line)
# Test the behaviour when starting terminal on wrong remote pass
self.assertTrue(log_captured.records[-1].msg.endswith(
messages.terminal.backdoor_unavailable))
@log_capture()
def test_run_wrong_url(self, log_captured):
session = SessionURL(self.url + 'BOGUS', 'BOGUS', volatile=True)
modules.load_modules(session)
terminal = Terminal(session)
line = 'echo 1'
line = terminal.precmd(line)
stop = terminal.onecmd(line)
stop = terminal.postcmd(stop, line)
# Test the behaviour when starting terminal on wrong remote URL
self.assertTrue(log_captured.records[-1].msg.endswith(
messages.terminal.backdoor_unavailable))
@log_capture()
def test_quote_error(self, log_captured):
err_msg = 'Error parsing command: No closing quotation'
self._assert_exec(':shell_php \'', err_msg, log_captured)
self._assert_exec(':set shell_php "', err_msg, log_captured)
@log_capture()
def test_set(self, log_captured):
self._assert_exec(':set', messages.terminal.set_usage, log_captured)
self._assert_exec(':set ASD', messages.terminal.set_usage,
log_captured)
self._assert_exec(
':set asd asd',
messages.sessions.error_session_s_not_modified % 'asd',
log_captured)
self._assert_exec(
':set asd asd asd',
messages.sessions.error_session_s_not_modified % 'asd',
log_captured)
self._assert_exec(':set channel asd',
messages.sessions.set_s_s % ('channel', 'asd'),
log_captured)
self._assert_exec(
':set shell_sh.vector asd',
messages.sessions.set_module_s_s_s % ('shell_sh', 'vector', 'asd'),
log_captured)
@log_capture()
def test_unset(self, log_captured):
self._assert_exec(':unset', messages.terminal.unset_usage,
log_captured)
self._assert_exec(
':unset ASD',
messages.sessions.error_session_s_not_modified % 'ASD',
log_captured)
self._assert_exec(
':unset asd asd',
messages.sessions.error_session_s_not_modified % 'asd asd',
log_captured)
self._assert_exec(':unset channel',
messages.sessions.unset_s % ('channel'),
log_captured)
self._assert_exec(
':set shell_sh.vector asd',
messages.sessions.set_module_s_s_s % ('shell_sh', 'vector', 'asd'),
log_captured)
self._assert_exec(
':unset shell_sh.vector',
messages.sessions.unset_module_s_s % ('shell_sh', 'vector'),
log_captured)
@log_capture()
def test_session_shell_vector(self, log_captured):
self._assert_exec(
':set shell_sh.vector BOGUS', messages.sessions.set_module_s_s_s %
('shell_sh', 'vector', 'BOGUS'), log_captured)
self._assert_exec(
':show shell_sh.vector', messages.sessions.set_module_s_s_s %
('shell_sh', 'vector', 'BOGUS'), log_captured)
# Vectorlist methods ignore bogus vectors and just keep trying.
# TODO: should warn about unexistant vector, but seems too messy to fix
self._assert_exec('echo 1', '1', log_captured)
self._assert_exec(
':show shell_sh.vector', messages.sessions.set_module_s_s_s %
('shell_sh', 'vector', 'system'), log_captured)
self._assert_exec(
':set shell_sh.vector passthru',
messages.sessions.set_module_s_s_s %
('shell_sh', 'vector', 'passthru'), log_captured)
self._assert_exec(
':show shell_sh.vector', messages.sessions.set_module_s_s_s %
('shell_sh', 'vector', 'passthru'), log_captured)
self._assert_exec('echo 1', '1', log_captured)
self._assert_exec(
':show shell_sh.vector', messages.sessions.set_module_s_s_s %
('shell_sh', 'vector', 'passthru'), log_captured)
@log_capture()
def test_session_channel(self, log_captured):
self._assert_exec('echo 1', '1', log_captured)
self._assert_exec(':set channel BOGUS',
messages.sessions.set_s_s % ('channel', 'BOGUS'),
log_captured)
self._assert_exec('echo 1',
messages.channels.error_loading_channel_s % 'BOGUS',
log_captured)
self._assert_exec(':unset channel',
messages.sessions.unset_s % ('channel'),
log_captured)
# TODO: move unset and set output in messages
self._assert_exec('echo 1', '1', log_captured)
self._assert_exec(
':set channel LegacyCookie',
messages.sessions.set_s_s % ('channel', 'LegacyCookie'),
log_captured)
# Test the behaviour when starting terminal on wrong remote pass
self._assert_exec('echo 1', messages.terminal.backdoor_unavailable,
log_captured)
self._assert_exec(':unset channel',
messages.sessions.unset_s % ('channel'),
log_captured)
@log_capture()
def test_session_proxy(self, log_captured):
self._assert_exec('echo 1', '1', log_captured)
self._assert_exec(':set proxy BOGUS',
messages.sessions.set_s_s % ('proxy', 'BOGUS'),
log_captured)
self._assert_exec('echo 1', messages.channels.error_proxy_format,
log_captured)
self._assert_exec(':unset proxy',
messages.sessions.unset_s % ('proxy'), log_captured)
# TODO: move unset and set output in messages
self._assert_exec('echo 1', '1', log_captured)
self._assert_exec(':set proxy http://127.0.0.1:12782',
'proxy = http://127.0.0.1:12782', log_captured)
# Test the behaviour when starting terminal on wrong remote pass
self._assert_exec('echo 1', messages.terminal.backdoor_unavailable,
log_captured)
self._assert_exec(':unset proxy',
messages.sessions.unset_s % ('proxy'), log_captured)
def setUp(self, log_captured):
session = SessionURL(self.url, self.password, volatile=True)
modules.load_modules(session)
self.terminal = Terminal(session)
class TerminalTest(BaseTest):
@log_capture()
def setUp(self, log_captured):
session = SessionURL(self.url, self.password, volatile=True)
modules.load_modules(session)
self.terminal = Terminal(session)
def _assert_exec(self, line, expected, log_captured):
line = self.terminal.precmd(line)
stop = self.terminal.onecmd(line)
stop = self.terminal.postcmd(stop, line)
self.assertEqual(log_captured.records[-1].msg, expected)
@log_capture()
def test_base(self, log_captured):
# Basic
self._assert_exec('echo 1', '1', log_captured)
# Module with single argument
self._assert_exec(':shell_php echo(1);', '1', log_captured)
# Module with multiple argument wrognly passed and precisely fixed
self._assert_exec(':shell_php echo(1); echo(2);', '12', log_captured)
# Module with multiple argument properly passed
self._assert_exec(':shell_php "echo(1); echo(2);"', '12', log_captured)
# Module with mandatory and optional arguments properly passed
self._assert_exec(
':shell_php -postfix-string echo(3); "echo(1); echo(2);"', '123',
log_captured)
# Module with mandatory and optional arguments wrongly passed but precisely fixed
self._assert_exec(
':shell_php -postfix-string echo(3); echo(1); echo(2);', '123',
log_captured)
@log_capture()
def test_session(self, log_captured):
# Test to generate a session with a wrong file
self.assertRaises(FatalException, lambda: SessionFile('BOGUS'))
@log_capture()
def test_run_wrong_pass(self, log_captured):
session = SessionURL(self.url, 'BOGUS', volatile=True)
modules.load_modules(session)
terminal = Terminal(session)
line = 'echo 1'
line = terminal.precmd(line)
stop = terminal.onecmd(line)
stop = terminal.postcmd(stop, line)
# Test the behaviour when starting terminal on wrong remote pass
self.assertTrue(log_captured.records[-1].msg.endswith(
messages.terminal.backdoor_unavailable))
@log_capture()
def test_run_wrong_url(self, log_captured):
session = SessionURL(self.url + 'BOGUS', 'BOGUS', volatile=True)
modules.load_modules(session)
terminal = Terminal(session)
line = 'echo 1'
line = terminal.precmd(line)
stop = terminal.onecmd(line)
stop = terminal.postcmd(stop, line)
# Test the behaviour when starting terminal on wrong remote URL
self.assertTrue(log_captured.records[-1].msg.endswith(
messages.terminal.backdoor_unavailable))
@log_capture()
def test_quote_error(self, log_captured):
err_msg = 'Error parsing command: No closing quotation'
self._assert_exec(':shell_php \'', err_msg, log_captured)
self._assert_exec(':set shell_php "', err_msg, log_captured)
sessionfile = None
if sys.argv[1].startswith('http'):
url = sys.argv[1]
password = sys.argv[2]
else:
sessionfile = sys.argv[2]
try:
module_handler = ModHandler(url=url,
password=password,
sessionfile=sessionfile)
if len(sys.argv) == 3:
Terminal(module_handler).loop()
else:
Terminal(module_handler).run_cmd_line(sys.argv[3:])
except ModuleException, e:
print '[%s] [!] %s ' % (e.module, e.error)
except (KeyboardInterrupt, EOFError):
print '\n[!] Exiting. Bye ^^'
elif len(sys.argv) >= 3 and sys.argv[1].startswith('generate'):
genname = sys.argv[1]
password = sys.argv[2]
if genname == 'generate':
genname = 'generate.php'
def setUp(self, log_captured):
session = SessionURL(self.url, self.password, volatile = True)
modules.load_modules(session)
self.terminal = Terminal(session)
class TerminalTest(BaseTest):
@log_capture()
def setUp(self, log_captured):
session = SessionURL(self.url, self.password, volatile = True)
modules.load_modules(session)
self.terminal = Terminal(session)
def _assert_exec(self, line, expected, log_captured):
line = self.terminal.precmd(line)
stop = self.terminal.onecmd(line)
stop = self.terminal.postcmd(stop, line)
self.assertEqual(log_captured.records[-1].msg, expected)
@log_capture()
def test_base(self, log_captured):
# Basic
self._assert_exec('echo 1', '1', log_captured)
# Module with single argument
self._assert_exec(':shell_php echo(1);', '1', log_captured)
# Module with multiple argument wrognly passed and precisely fixed
self._assert_exec(':shell_php echo(1); echo(2);', '12', log_captured)
# Module with multiple argument properly passed
self._assert_exec(':shell_php "echo(1); echo(2);"', '12', log_captured)
# Module with mandatory and optional arguments properly passed
self._assert_exec(':shell_php -postfix-string echo(3); "echo(1); echo(2);"', '123', log_captured)
# Module with mandatory and optional arguments wrongly passed but precisely fixed
self._assert_exec(':shell_php -postfix-string echo(3); echo(1); echo(2);', '123', log_captured)
@log_capture()
def test_session(self, log_captured):
# Test to generate a session with a wrong file
self.assertRaises(FatalException, lambda: SessionFile('BOGUS'))
@log_capture()
def test_run_wrong_pass(self, log_captured):
session = SessionURL(self.url, 'BOGUS', volatile = True)
modules.load_modules(session)
terminal = Terminal(session)
line = 'echo 1'
line = terminal.precmd(line)
stop = terminal.onecmd(line)
stop = terminal.postcmd(stop, line)
# Test the behaviour when starting terminal on wrong remote pass
self.assertTrue(
log_captured.records[-1].msg.endswith(
messages.terminal.backdoor_unavailable
)
)
@log_capture()
def test_run_wrong_url(self, log_captured):
session = SessionURL(self.url + 'BOGUS', 'BOGUS', volatile = True)
modules.load_modules(session)
terminal = Terminal(session)
line = 'echo 1'
line = terminal.precmd(line)
stop = terminal.onecmd(line)
stop = terminal.postcmd(stop, line)
# Test the behaviour when starting terminal on wrong remote URL
self.assertTrue(
log_captured.records[-1].msg.endswith(
messages.terminal.backdoor_unavailable
)
)
@log_capture()
def test_quote_error(self, log_captured):
err_msg = 'Error parsing command: No closing quotation'
self._assert_exec(':shell_php \'', err_msg, log_captured)
self._assert_exec(':set shell_php "', err_msg, log_captured)
@log_capture()
def test_set(self, log_captured):
self._assert_exec(':set', messages.terminal.set_usage, log_captured)
self._assert_exec(':set ASD', messages.terminal.set_usage, log_captured)
self._assert_exec(':set asd asd', messages.sessions.error_session_s_not_modified % 'asd', log_captured)
self._assert_exec(':set asd asd asd', messages.sessions.error_session_s_not_modified % 'asd', log_captured)
self._assert_exec(':set channel asd', messages.sessions.set_s_s % ('channel', 'asd'), log_captured)
self._assert_exec(':set shell_sh.vector asd', messages.sessions.set_module_s_s_s % ('shell_sh', 'vector', 'asd'), log_captured)
@log_capture()
def test_unset(self, log_captured):
self._assert_exec(':unset', messages.terminal.unset_usage, log_captured)
self._assert_exec(':unset ASD', messages.sessions.error_session_s_not_modified % 'ASD', log_captured)
self._assert_exec(':unset asd asd', messages.sessions.error_session_s_not_modified % 'asd asd', log_captured)
self._assert_exec(':unset channel', messages.sessions.unset_s % ('channel'), log_captured)
self._assert_exec(':set shell_sh.vector asd', messages.sessions.set_module_s_s_s % ('shell_sh', 'vector', 'asd'), log_captured)
self._assert_exec(':unset shell_sh.vector', messages.sessions.unset_module_s_s % ('shell_sh', 'vector'), log_captured)
@log_capture()
def test_session_shell_vector(self, log_captured):
self._assert_exec(':set shell_sh.vector BOGUS', messages.sessions.set_module_s_s_s % ('shell_sh', 'vector', 'BOGUS'), log_captured)
self._assert_exec(':show shell_sh.vector', messages.sessions.set_module_s_s_s % ('shell_sh', 'vector', 'BOGUS'), log_captured)
# Vectorlist methods ignore bogus vectors and just keep trying.
# TODO: should warn about unexistant vector, but seems too messy to fix
self._assert_exec('echo 1', '1', log_captured)
self._assert_exec(':show shell_sh.vector', messages.sessions.set_module_s_s_s % ('shell_sh', 'vector', 'system'), log_captured)
self._assert_exec(':set shell_sh.vector passthru', messages.sessions.set_module_s_s_s % ('shell_sh', 'vector', 'passthru'), log_captured)
self._assert_exec(':show shell_sh.vector', messages.sessions.set_module_s_s_s % ('shell_sh', 'vector', 'passthru'), log_captured)
self._assert_exec('echo 1', '1', log_captured)
self._assert_exec(':show shell_sh.vector', messages.sessions.set_module_s_s_s % ('shell_sh', 'vector', 'passthru'), log_captured)
@log_capture()
def test_session_channel(self, log_captured):
self._assert_exec('echo 1', '1', log_captured)
self._assert_exec(':set channel BOGUS', messages.sessions.set_s_s % ('channel', 'BOGUS'), log_captured)
self._assert_exec('echo 1', messages.channels.error_loading_channel_s % 'BOGUS', log_captured)
self._assert_exec(':unset channel', messages.sessions.unset_s % ('channel'), log_captured)
# TODO: move unset and set output in messages
self._assert_exec('echo 1', '1', log_captured)
self._assert_exec(':set channel LegacyCookie', messages.sessions.set_s_s % ('channel', 'LegacyCookie'), log_captured)
# Test the behaviour when starting terminal on wrong remote pass
self._assert_exec('echo 1', messages.terminal.backdoor_unavailable, log_captured)
self._assert_exec(':unset channel', messages.sessions.unset_s % ('channel'), log_captured)
@log_capture()
def test_session_proxy(self, log_captured):
self._assert_exec('echo 1', '1', log_captured)
self._assert_exec(':set proxy BOGUS', messages.sessions.set_s_s % ('proxy', 'BOGUS'), log_captured)
self._assert_exec('echo 1', messages.channels.error_proxy_format, log_captured)
self._assert_exec(':unset proxy', messages.sessions.unset_s % ('proxy'), log_captured)
# TODO: move unset and set output in messages
self._assert_exec('echo 1', '1', log_captured)
self._assert_exec(':set proxy http://127.0.0.1:12782', 'proxy = http://127.0.0.1:12782', log_captured)
# Test the behaviour when starting terminal on wrong remote pass
self._assert_exec('echo 1', messages.terminal.backdoor_unavailable, log_captured)
self._assert_exec(':unset proxy', messages.sessions.unset_s % ('proxy'), log_captured)
import sys
if __name__ == "__main__":
if len(sys.argv) == 3 and sys.argv[1].startswith('http'):
url = sys.argv[1]
password = sys.argv[2]
try:
Terminal ( ModHandler(url, password) ).loop()
except ModuleException, e:
print '[!] [%s] %s ' % (e.module, e.error)
except (KeyboardInterrupt, EOFError):
print '\n[!] Exiting. Bye ^^'
elif len(sys.argv) >= 3 and sys.argv[1].startswith('session'):
sessionfile = sys.argv[2]
try:
Terminal(ModHandler()).loop(sessionfile)
except ModuleException, e:
print '[!] [%s] %s ' % (e.module, e.error)
except KeyboardInterrupt:
print '\n[!] Exiting. Bye ^^'
from core.terminal import Terminal
from core.weexceptions import FatalException
from core.loggers import log
from core.sessions import SessionURL, SessionFile
from core import modules
from core import messages
from core import config
import sys
import pprint
if __name__ == '__main__':
try:
if len(sys.argv) == 3 and sys.argv[1].startswith('http'):
session = SessionURL(url=sys.argv[1], password=sys.argv[2])
elif len(sys.argv) == 2:
session = SessionFile(sys.argv[1])
else:
log.info(__doc__)
raise FatalException(messages.generic.error_missing_arguments)
log.debug(pprint.pformat(session))
modules.load_modules(session)
Terminal(session).cmdloop()
except (KeyboardInterrupt, EOFError):
log.info('Exiting.')
except FatalException as e:
log.critical('Exiting: %s' % e)
%s
Available modules
%s'''
if __name__ == "__main__":
if len(sys.argv) == 3 and sys.argv[1].startswith('http'):
print "[+] Starting terminal, shell probe may take a while"
url = sys.argv[1]
password = sys.argv[2]
try:
Terminal(ModHandler(url, password)).loop()
except ModuleException, e:
print e
except (KeyboardInterrupt, EOFError):
print '\n[!] Exiting. Bye ^^'
elif len(sys.argv) >= 3 and sys.argv[1].startswith('generate'):
genname = sys.argv[1]
password = sys.argv[2]
if genname == 'generate':
genname = 'generate.php'
args_list = [':%s' % genname] + sys.argv[3:]
parser = argparse.ArgumentParser()
parser.add_argument("-u", help="Url")
parser.add_argument("-g", help="Generate Shell")
parser.add_argument("-p", help="Password")
args = parser.parse_args()
#Banner
banner = Banner()
banner.get_banner()
#Version Updater
version = Version()
version.update()
params = parser.parse_args()
#Init 1
def main(params):
if params.g and params.p:
shell.set_generator()
elif params.u and params.p:
terminal.loop()
else:
print("Type -h for help.")
if __name__ == '__main__':
terminal = Terminal(params.u,params.p)
shell = Generator(params.g,params.p)
try:
main(params)
except (KeyboardInterrupt, EOFError):
log.info('Exiting.')
class TerminalTest(BaseTest):
@log_capture()
def setUp(self, log_captured):
session = SessionURL(self.url, self.password, volatile = True)
modules.load_modules(session)
self.terminal = Terminal(session)
def _assert_exec(self, line, expected, log_captured):
line = self.terminal.precmd(line)
stop = self.terminal.onecmd(line)
stop = self.terminal.postcmd(stop, line)
self.assertEqual(log_captured.records[-1].msg, expected)
@log_capture()
def test_base(self, log_captured):
# Basic
self._assert_exec('echo 1', '1', log_captured)
# Module with single argument
self._assert_exec(':shell_php echo(1);', '1', log_captured)
# Module with multiple argument wrognly passed and precisely fixed
self._assert_exec(':shell_php echo(1); echo(2);', '12', log_captured)
# Module with multiple argument properly passed
self._assert_exec(':shell_php "echo(1); echo(2);"', '12', log_captured)
# Module with mandatory and optional arguments properly passed
self._assert_exec(':shell_php -postfix-string echo(3); "echo(1); echo(2);"', '123', log_captured)
# Module with mandatory and optional arguments wrongly passed but precisely fixed
self._assert_exec(':shell_php -postfix-string echo(3); echo(1); echo(2);', '123', log_captured)
@log_capture()
def test_session(self, log_captured):
# Test to generate a session with a wrong file
self.assertRaises(FatalException, lambda: SessionFile('BOGUS'))
@log_capture()
def test_run_wrong_pass(self, log_captured):
session = SessionURL(self.url, 'BOGUS', volatile = True)
modules.load_modules(session)
terminal = Terminal(session)
line = 'echo 1'
line = terminal.precmd(line)
stop = terminal.onecmd(line)
stop = terminal.postcmd(stop, line)
# Test the behaviour when starting terminal on wrong remote pass
self.assertTrue(
log_captured.records[-1].msg.endswith(
messages.terminal.backdoor_unavailable
)
)
@log_capture()
def test_run_wrong_url(self, log_captured):
session = SessionURL(self.url + 'BOGUS', 'BOGUS', volatile = True)
modules.load_modules(session)
terminal = Terminal(session)
line = 'echo 1'
line = terminal.precmd(line)
stop = terminal.onecmd(line)
stop = terminal.postcmd(stop, line)
# Test the behaviour when starting terminal on wrong remote URL
self.assertTrue(
log_captured.records[-1].msg.endswith(
messages.terminal.backdoor_unavailable
)
)
@log_capture()
def test_quote_error(self, log_captured):
err_msg = 'Error parsing command: No closing quotation'
self._assert_exec(':shell_php \'', err_msg, log_captured)
self._assert_exec(':set shell_php "', err_msg, log_captured)
def run():
t = Terminal()
while True:
t.terminal()
elif len(sys.argv) > 3 and sys.argv[1].startswith('http'):
url = sys.argv[1]
password = sys.argv[2]
if sys.argv[3] == help_string:
modname = ''
if len(sys.argv)>4:
modname = sys.argv[4]
print ModHandler(url, password).helps(modname)
else:
try:
terminal = Terminal (ModHandler(url, password), True)
if sys.argv[3][0] == module_trigger:
terminal.run_module_cmd(sys.argv[3:])
else:
terminal.run_line_cmd(' '.join(sys.argv[3:]))
except ModuleException, e:
print e
except KeyboardInterrupt:
print '\n[!] Exiting. Bye ^^'
else:
print '%s\nAvailable modules\n\n%s\n' % (general_usage, Helper().summaries())