def exec_payload(self, payload_name, args=()): ''' Execute ANOTHER payload, by providing the other payload name. :param payload_name: The name of the payload I want to run. :return: The payload result. ''' try: return payload_handler.exec_payload(self.shell, payload_name, args, use_api=True) except: # # Run the payload name with any shell that has the capabilities # we need, not the one we're already using (that failed because # it doesn't have the capabilities). # try: return payload_handler.exec_payload(None, payload_name, args, use_api=True) except: msg = 'The payload you are trying to run ("%s") can not be' \ ' run because it is trying to call another payload ("%s")'\ ' which is failing because there are no shells that'\ ' support the required system calls.' return msg % (self, payload_name)
def test_portscan(self): result = exec_payload(self.shell, 'portscan', args=('localhost', '22'), use_api=True) self.assertEquals(self.RESULT_22, result) result = exec_payload(self.shell, 'portscan', args=('localhost', '23'), use_api=True) self.assertEquals(self.RESULT_23, result)
def _payload(self, parameters): ''' Handle the payload command: - payload desc list_processes -> return payload description - payload list_processes -> run payload :param payload_name: The name of the payload I want to run. :param parameters: The parameters as sent by the user. ''' # # Handle payload desc xyz # if len(parameters) == 2: if parameters[0] == 'desc': payload_name = parameters[1] if payload_name not in payload_handler.get_payload_list(): return 'Unknown payload name: "%s"' % payload_name return payload_handler.get_payload_desc(payload_name) # # Handle payload xyz # payload_name = parameters[0] parameters = parameters[1:] if payload_name not in payload_handler.get_payload_list(): return 'Unknown payload name: "%s"' % payload_name if payload_name in payload_handler.runnable_payloads(self): om.out.debug( 'Payload %s can be run. Starting execution.' % payload_name) # Note: The payloads are actually writing to om.out.console # so there is no need to get the result. If someone wants to # get the results in a programatic way they should execute the # payload with use_api=True. try: payload_handler.exec_payload(self, payload_name, parameters) result = None except TypeError: # We get here when the user calls the payload with an incorrect # number of parameters: payload = payload_handler.get_payload_instance( payload_name, self) result = payload.get_desc() except ValueError, ve: # We get here when one of the parameters provided by the user is # not of the correct type, or something like that. result = str(ve)
def test_pixy(self): temp_dir = tempfile.mkdtemp() result = exec_payload(self.shell, 'pixy', args=(temp_dir, temp_dir), use_api=True) self.assertEquals(self.EXPECTED_RESULT, result)
def test_exec_payload_read(self): shell = FakeReadShell() result = exec_payload(shell, 'os_fingerprint', use_api=True) self.assertEquals({'os': 'Linux'}, result) result = exec_payload(shell, 'cpu_info', use_api=True) # On my box the result is: # # {'cpu_info': 'AMD Phenom(tm) II X4 945 Processor', 'cpu_cores': '4'} # # But because others will also run this, I don't want to make it so # strict self.assertTrue('cpu_info' in result) self.assertTrue('cpu_cores' in result) self.assertGreater(int(result['cpu_cores']), 0) self.assertLess(int(result['cpu_cores']), 12)
def test_exec_payload_read(self): shell = FakeReadShell(None) result = exec_payload(shell, 'os_fingerprint', use_api=True) self.assertEquals({'os': 'Linux'}, result) result = exec_payload(shell, 'cpu_info', use_api=True) # On my box the result is: # # {'cpu_info': 'AMD Phenom(tm) II X4 945 Processor', 'cpu_cores': '4'} # # But because others will also run this, I don't want to make it so # strict self.assertTrue('cpu_info' in result) self.assertTrue('cpu_cores' in result) self.assertGreater( int(result['cpu_cores']) , 0 ) self.assertLess( int(result['cpu_cores']) , 12 )
def test_uptime(self): result = exec_payload(self.shell, 'uptime', use_api=True) for key in self.EXPECTED_RESULT: for time_unit in self.EXPECTED_RESULT[key]: self.assertTrue( self.EXPECTED_RESULT[key][time_unit].isdigit())
def test_apache_mod_security(self): result = exec_payload(self.shell, 'apache_mod_security', use_api=True) self.assertEquals(self.EXPECTED_RESULT['version'], result['version']) self.assertIn('/etc/apache2/mods-available/mod-security.conf', result['file']) file_content = result['file']['/etc/apache2/mods-available/mod-security.conf'] self.assertIn('<IfModule security2_module>', file_content)
def test_tcp(self): result = exec_payload(self.shell, 'tcp', use_api=True) local_addresses = [] for key, conn_data in result.iteritems(): local_addresses.append(conn_data['local_address']) self.assertTrue(set(local_addresses).issuperset(self.EXPECTED_RESULT))
def test_list_processes(self): result = exec_payload(self.shell, "list_processes", args=(2000,), use_api=True) cmds = [] for _, pid_data in result.iteritems(): cmds.append(pid_data["cmd"]) for expected in self.EXPECTED_RESULT: self.assertIn(expected, cmds)
def test_list_processes(self): result = exec_payload( self.shell, 'list_processes', args=(2000,), use_api=True) cmds = [] for _, pid_data in result.iteritems(): cmds.append(pid_data['cmd']) for expected in self.EXPECTED_RESULT: self.assertIn(expected, cmds)
def test_apache_mod_security(self): result = exec_payload(self.shell, 'apache_mod_security', use_api=True) self.assertEquals(self.EXPECTED_RESULT['version'], result['version']) self.assertIn('/etc/apache2/mods-available/mod-security.conf', result['file']) file_content = result['file'][ '/etc/apache2/mods-available/mod-security.conf'] self.assertIn('<IfModule security2_module>', file_content)
def test_route(self): result = exec_payload(self.shell, 'route', use_api=True) routes = result['route'] for route_info in routes: dest = route_info['Destination'] gw = route_info['Gateway'] iface = route_info['Iface'] mask = route_info['Mask'] self.assertEqual(dest.count('.'), 3) self.assertEqual(gw.count('.'), 3) self.assertTrue(iface.startswith('eth')) self.assertEqual(mask.count('.'), 3)
def _payload(self, payload_name, parameters): ''' Run a payload by name. @param payload_name: The name of the payload I want to run. @param parameters: The parameters as sent by the user. ''' if payload_name in payload_handler.runnable_payloads(self): om.out.debug( 'The payload can be run. Starting execution.' ) # Note: The payloads are actually writing to om.out.console # so there is no need to get the result. If someone wants to # get the results in a programatic way they should execute the # payload with use_api=True. payload_handler.exec_payload( self, payload_name, parameters) result = None else: result = 'The payload could not be run.' return result
def exec_payload(self, payload_name, parameters=[]): ''' Execute ANOTHER payload, by providing the other payload name. @parameter payload_name: The name of the payload I want to run. @return: The payload result. ''' try: return payload_handler.exec_payload(self.shell, payload_name, parameters, use_api=True) except: # # Run the payload name with any shell that has the capabilities we need, # not the one we're already using (that failed because it doesn't have # the capabilities). # try: return payload_handler.exec_payload(None, payload_name, parameters, use_api=True) except: msg = 'The payload you are trying to run ("%s") can not be run with the current' % self msg += ' is trying to call another payload ("%s") which is failing because' % payload_name msg += ' there are no shells that support the necessary system calls.' return msg
def test_get_source_code(self): temp_dir = tempfile.mkdtemp() result = exec_payload(self.shell, 'get_source_code', args=(temp_dir,), use_api=True) self.assertEqual(len(self.EXPECTED_RESULT.keys()), 1) expected_url = self.EXPECTED_RESULT.keys()[0] downloaded_url = result.items()[0][0].url_string self.assertEquals(expected_url, downloaded_url) downloaded_file_path = result.items()[0][1][1] downloaded_file_content = file(downloaded_file_path).read() self.assertTrue(self.CONTENT in downloaded_file_content) shutil.rmtree(temp_dir)
def _payload(self, payload_name, parameters): ''' Run a payload by name. @param payload_name: The name of the payload I want to run. @param parameters: The parameters as sent by the user. ''' result_str = '' if payload_name in payload_handler.runnable_payloads(self): om.out.debug( 'The payload can be run. Starting execution.' ) # TODO: The payloads are actually writing to om.out.console # by themselves, so this is useless. In order for the # result_str = ... to work, we would need a refactoring # what usually gets here, are errors. result_str = payload_handler.exec_payload( self, payload_name, parameters) else: result_str = 'The payload could not be run.' return result_str
def test_firefox_stealer(self): result = exec_payload(self.shell, 'firefox_stealer', use_api=True) self.assertEquals(self.EXPECTED_RESULT, result)
def test_mysql_config(self): result = exec_payload(self.shell, 'mysql_config', use_api=True) self.assertTrue(self.EXPECTED_RESULT in result)
def test_exec_payload_exec(self): shell = FakeExecShell() result = exec_payload(shell, 'os_fingerprint', use_api=True) self.assertEquals({'os': 'Linux'}, result)
def test_rootkit_hunter(self): result = exec_payload(self.shell, 'rootkit_hunter', use_api=True) self.assertEquals(self.EXPECTED_RESULT, result)
def test_mysql_config_directory(self): result = exec_payload(self.shell, 'mysql_config_directory', use_api=True) self.assertEquals(self.EXPECTED_RESULT, result)
def test_iis_root_directory(self): result = exec_payload(self.shell, 'iis_root_directory', use_api=True) self.assertEquals(self.EXPECTED_RESULT, result)
def test_ssh_config_files(self): result = exec_payload(self.shell, 'ssh_config_files', use_api=True) self.assertTrue('/etc/ssh/sshd_config' in result) self.assertTrue('PermitRootLogin' in result['/etc/ssh/sshd_config'])
def test_php_sca(self): result = exec_payload(self.shell, 'php_sca', use_api=True) self.assertEquals(self.EXPECTED_RESULT, result.keys()[0])
def test_running_vm(self): result = exec_payload(self.shell, 'running_vm', use_api=True) self.assertEquals(self.EXPECTED_RESULT, result)
def test_pixy(self): temp_dir = tempfile.mkdtemp() result = exec_payload(self.shell, "pixy", args=(temp_dir, temp_dir), use_api=True) self.assertEquals(self.EXPECTED_RESULT, result)
def test_read_mail(self): result = exec_payload(self.shell, 'read_mail', use_api=True) self.assertEquals(self.EXPECTED_RESULT, result)
def test_smb_config_files(self): result = exec_payload(self.shell, 'smb_config_files', use_api=True) self.assertEquals(self.EXPECTED_RESULT, result)
def test_w3af_agent(self): result = exec_payload(self.shell, 'w3af_agent', args=(get_local_ip(),), use_api=True) self.assertEquals('Successfully started the w3afAgent.', result)
def test_svn_config_files(self): result = exec_payload(self.shell, 'svn_config_files', use_api=True) self.assertTrue('/home/moth/.subversion/config' in result) self.assertTrue('props' in result['/home/moth/.subversion/config'])
def test_log_reader(self): result = exec_payload(self.shell, 'log_reader', use_api=True) logs = set(result.keys()) self.assertTrue(self.EXPECTED_RESULT.issubset(logs), logs)
def test_arp_cache(self): result = exec_payload(self.shell, 'arp_cache', use_api=True) for ip_address, (mac, iface) in result.iteritems(): self.assertEquals(ip_address.count('.'), 3) self.assertEquals(mac.count(':'), 5) self.assertTrue(iface.startswith('eth'))
def test_os_fingerprint(self): result = exec_payload(self.shell, 'os_fingerprint', use_api=True) self.assertEquals(self.EXPECTED_RESULT, result)
def test_kerberos_config_files(self): result = exec_payload(self.shell, 'kerberos_config_files', use_api=True) self.assertEquals(self.EXPECTED_RESULT, result)
def test_kernel_version(self): result = exec_payload(self.shell, 'kernel_version', use_api=True) self.assertTrue(result['kernel_version'].startswith('3.2.')) self.assertTrue('buildd' in result['kernel_version'])
def test_mail_config_files(self): result = exec_payload(self.shell, 'mail_config_files', use_api=True) self.assertEquals(self.EXPECTED_RESULT, set(result.keys()))
def test_cpu_info(self): result = exec_payload(self.shell, 'cpu_info', use_api=True) self.assertEquals(self.EXPECTED_RESULT, result)
def test_filesystem(self): result = exec_payload(self.shell, "filesystem", use_api=True) self.assertEquals(self.EXPECTED_RESULT, result.keys())
def test_list_kernel_modules(self): result = exec_payload(self.shell, 'list_kernel_modules', use_api=True) self.assertTrue(set( result.keys()).issuperset(self.EXPECTED_RESULT), result.keys())
def test_apache_config_files(self): result = exec_payload(self.shell, 'apache_config_files', use_api=True) self.assertEquals(set(self.EXPECTED_RESULT), set(result['apache_config'].keys()))
def test_ssh_version(self): result = exec_payload(self.shell, 'ssh_version', use_api=True) self.assertEquals(self.EXPECTED_RESULT, result)
def test_apache_run_group(self): result = exec_payload(self.shell, 'apache_run_group', use_api=True) self.assertEquals(self.EXPECTED_RESULT, result)
def test_netcat_installed(self): result = exec_payload(self.shell, 'netcat_installed', use_api=True) self.assertEquals(self.EXPECTED_RESULT, result)