def injection(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename): # Execute shell commands on vulnerable host. if alter_shell : payload = fb_payloads.cmd_execution_alter_shell(separator, cmd, OUTPUT_TEXTFILE) else: payload = fb_payloads.cmd_execution(separator, cmd, OUTPUT_TEXTFILE) # Fix prefixes / suffixes payload = parameters.prefixes(payload, prefix) payload = parameters.suffixes(payload, suffix) if menu.options.base64: payload = base64.b64encode(payload) # Check if defined "--verbose" option. if menu.options.verbose: payload_msg = payload.replace("\n", "\\n") if settings.COMMENT in payload_msg: payload_msg = payload_msg.split(settings.COMMENT)[0] sys.stdout.write("\n" + settings.print_payload(payload_msg)) # Check if defined cookie with "INJECT_HERE" tag if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie: response = cookie_injection_test(url, vuln_parameter, payload) # Check if defined user-agent with "INJECT_HERE" tag elif menu.options.agent and settings.INJECT_TAG in menu.options.agent: response = user_agent_injection_test(url, vuln_parameter, payload) # Check if defined referer with "INJECT_HERE" tag elif menu.options.referer and settings.INJECT_TAG in menu.options.referer: response = referer_injection_test(url, vuln_parameter, payload) # Check if defined custom header with "INJECT_HERE" tag elif settings.CUSTOM_HEADER_INJECTION: response = custom_header_injection_test(url, vuln_parameter, payload) else: # Check if defined method is GET (Default). if http_request_method == "GET": # Check if its not specified the 'INJECT_HERE' tag #url = parameters.do_GET_check(url) payload = payload.replace(" ","%20") target = re.sub(settings.INJECT_TAG, payload, url) vuln_parameter = ''.join(vuln_parameter) request = urllib2.Request(target) # Check if defined extra headers. headers.do_check(request) # Get the response of the request response = get_request_response(request) else : # Check if defined method is POST. parameter = menu.options.data parameter = urllib2.unquote(parameter) # Check if its not specified the 'INJECT_HERE' tag parameter = parameters.do_POST_check(parameter) # Define the POST data if settings.IS_JSON == False: data = re.sub(settings.INJECT_TAG, payload, parameter) request = urllib2.Request(url, data) else: payload = payload.replace("\"", "\\\"") data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter) try: data = json.loads(data, strict = False) except: pass request = urllib2.Request(url, json.dumps(data)) # Check if defined extra headers. headers.do_check(request) # Get the response of the request response = get_request_response(request) return response
def check_injection(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename): # Execute shell commands on vulnerable host. if alter_shell : payload = fb_payloads.cmd_execution_alter_shell(separator, cmd, OUTPUT_TEXTFILE) else: payload = fb_payloads.cmd_execution(separator, cmd, OUTPUT_TEXTFILE) # Fix prefixes / suffixes payload = parameters.prefixes(payload, prefix) payload = parameters.suffixes(payload, suffix) # Whitespace fixation payload = payload.replace(" ", whitespace) # Perform payload modification payload = checks.perform_payload_modification(payload) # Check if defined "--verbose" option. if settings.VERBOSITY_LEVEL >= 1: payload_msg = payload.replace("\n", "\\n") if settings.COMMENT in payload_msg: payload = payload.split(settings.COMMENT)[0].strip() payload_msg = payload_msg.split(settings.COMMENT)[0].strip() info_msg = "Executing the '" + cmd.split(settings.COMMENT)[0].strip() + "' command... " sys.stdout.write(settings.print_info_msg(info_msg)) sys.stdout.flush() output_payload = "\n" + settings.print_payload(payload) if settings.VERBOSITY_LEVEL >= 1: output_payload = output_payload + "\n" sys.stdout.write(output_payload) # Check if defined cookie with "INJECT_HERE" tag if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie: response = cookie_injection_test(url, vuln_parameter, payload) # Check if defined user-agent with "INJECT_HERE" tag elif menu.options.agent and settings.INJECT_TAG in menu.options.agent: response = user_agent_injection_test(url, vuln_parameter, payload) # Check if defined referer with "INJECT_HERE" tag elif menu.options.referer and settings.INJECT_TAG in menu.options.referer: response = referer_injection_test(url, vuln_parameter, payload) # Check if defined host with "INJECT_HERE" tag elif menu.options.host and settings.INJECT_TAG in menu.options.host: response = host_injection_test(url, vuln_parameter, payload) # Check if defined custom header with "INJECT_HERE" tag elif settings.CUSTOM_HEADER_INJECTION: response = custom_header_injection_test(url, vuln_parameter, payload) else: # Check if defined method is GET (Default). if http_request_method == "GET": # Check if its not specified the 'INJECT_HERE' tag #url = parameters.do_GET_check(url) payload = payload.replace(" ","%20") target = url.replace(settings.INJECT_TAG, payload) vuln_parameter = ''.join(vuln_parameter) request = urllib2.Request(target) # Check if defined extra headers. headers.do_check(request) # Get the response of the request response = requests.get_request_response(request) else : # Check if defined method is POST. parameter = menu.options.data parameter = urllib2.unquote(parameter) # Check if its not specified the 'INJECT_HERE' tag parameter = parameters.do_POST_check(parameter) # Define the POST data if settings.IS_JSON: payload = payload.replace("\"", "\\\"") data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload)) try: data = json.loads(data, strict = False) except: pass request = urllib2.Request(url, json.dumps(data)) else: if settings.IS_XML: data = parameter.replace(settings.INJECT_TAG, urllib.unquote(payload)) else: data = parameter.replace(settings.INJECT_TAG, payload) request = urllib2.Request(url, data) # Check if defined extra headers. headers.do_check(request) # Get the response of the request response = requests.get_request_response(request) return response
def check_injection(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename): # Execute shell commands on vulnerable host. if alter_shell: payload = fb_payloads.cmd_execution_alter_shell( separator, cmd, OUTPUT_TEXTFILE) else: payload = fb_payloads.cmd_execution(separator, cmd, OUTPUT_TEXTFILE) # Fix prefixes / suffixes payload = parameters.prefixes(payload, prefix) payload = parameters.suffixes(payload, suffix) # Whitespace fixation payload = payload.replace(" ", whitespace) # Perform payload modification payload = checks.perform_payload_modification(payload) # Check if defined "--verbose" option. if settings.VERBOSITY_LEVEL >= 1: payload_msg = payload.replace("\n", "\\n") if settings.COMMENT in payload_msg: payload = payload.split(settings.COMMENT)[0].strip() payload_msg = payload_msg.split(settings.COMMENT)[0].strip() info_msg = "Executing the '" + cmd.split( settings.COMMENT)[0].strip() + "' command... " sys.stdout.write(settings.print_info_msg(info_msg)) sys.stdout.flush() output_payload = "\n" + settings.print_payload(payload) if settings.VERBOSITY_LEVEL >= 1: output_payload = output_payload + "\n" sys.stdout.write(output_payload) # Check if defined cookie with "INJECT_HERE" tag if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie: response = cookie_injection_test(url, vuln_parameter, payload) # Check if defined user-agent with "INJECT_HERE" tag elif menu.options.agent and settings.INJECT_TAG in menu.options.agent: response = user_agent_injection_test(url, vuln_parameter, payload) # Check if defined referer with "INJECT_HERE" tag elif menu.options.referer and settings.INJECT_TAG in menu.options.referer: response = referer_injection_test(url, vuln_parameter, payload) # Check if defined host with "INJECT_HERE" tag elif menu.options.host and settings.INJECT_TAG in menu.options.host: response = host_injection_test(url, vuln_parameter, payload) # Check if defined custom header with "INJECT_HERE" tag elif settings.CUSTOM_HEADER_INJECTION: response = custom_header_injection_test(url, vuln_parameter, payload) else: # Check if defined method is GET (Default). if http_request_method == "GET": # Check if its not specified the 'INJECT_HERE' tag #url = parameters.do_GET_check(url) payload = payload.replace(" ", "%20") target = url.replace(settings.INJECT_TAG, payload) vuln_parameter = ''.join(vuln_parameter) request = _urllib.request.Request(target) # Check if defined extra headers. headers.do_check(request) # Get the response of the request response = requests.get_request_response(request) else: # Check if defined method is POST. parameter = menu.options.data parameter = _urllib.parse.unquote(parameter) # Check if its not specified the 'INJECT_HERE' tag parameter = parameters.do_POST_check(parameter) # Define the POST data if settings.IS_JSON: data = parameter.replace( settings.INJECT_TAG, _urllib.parse.unquote(payload.replace("\"", "\\\""))) try: data = checks.json_data(data) except ValueError: pass elif settings.IS_XML: data = parameter.replace(settings.INJECT_TAG, _urllib.parse.unquote(payload)) else: data = parameter.replace(settings.INJECT_TAG, payload) request = _urllib.request.Request(url, data) # Check if defined extra headers. headers.do_check(request) # Get the response of the request response = requests.get_request_response(request) return response
def check_injection(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename): # Execute shell commands on vulnerable host. if alter_shell: payload = fb_payloads.cmd_execution_alter_shell( separator, cmd, OUTPUT_TEXTFILE) else: payload = fb_payloads.cmd_execution(separator, cmd, OUTPUT_TEXTFILE) # Fix prefixes / suffixes payload = parameters.prefixes(payload, prefix) payload = parameters.suffixes(payload, suffix) # Whitespace fixation payload = re.sub(" ", whitespace, payload) if settings.TAMPER_SCRIPTS['base64encode']: from src.core.tamper import base64encode payload = base64encode.encode(payload) # Check if defined "--verbose" option. if settings.VERBOSITY_LEVEL >= 1: payload_msg = payload.replace("\n", "\\n") if settings.COMMENT in payload_msg: payload_msg = payload_msg.split(settings.COMMENT)[0] info_msg = "Executing the '" + cmd.split( settings.COMMENT)[0] + "' command " sys.stdout.write("\n" + settings.print_info_msg(info_msg)) sys.stdout.flush() sys.stdout.write( "\n" + settings.print_payload(payload).split(settings.COMMENT)[0] + "\n") # Check if defined cookie with "INJECT_HERE" tag if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie: response = cookie_injection_test(url, vuln_parameter, payload) # Check if defined user-agent with "INJECT_HERE" tag elif menu.options.agent and settings.INJECT_TAG in menu.options.agent: response = user_agent_injection_test(url, vuln_parameter, payload) # Check if defined referer with "INJECT_HERE" tag elif menu.options.referer and settings.INJECT_TAG in menu.options.referer: response = referer_injection_test(url, vuln_parameter, payload) # Check if defined custom header with "INJECT_HERE" tag elif settings.CUSTOM_HEADER_INJECTION: response = custom_header_injection_test(url, vuln_parameter, payload) else: # Check if defined method is GET (Default). if http_request_method == "GET": # Check if its not specified the 'INJECT_HERE' tag #url = parameters.do_GET_check(url) payload = payload.replace(" ", "%20") target = re.sub(settings.INJECT_TAG, payload, url) vuln_parameter = ''.join(vuln_parameter) request = urllib2.Request(target) # Check if defined extra headers. headers.do_check(request) # Get the response of the request response = requests.get_request_response(request) else: # Check if defined method is POST. parameter = menu.options.data parameter = urllib2.unquote(parameter) # Check if its not specified the 'INJECT_HERE' tag parameter = parameters.do_POST_check(parameter) # Define the POST data if settings.IS_JSON == False: data = re.sub(settings.INJECT_TAG, payload, parameter) request = urllib2.Request(url, data) else: payload = payload.replace("\"", "\\\"") data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter) try: data = json.loads(data, strict=False) except: pass request = urllib2.Request(url, json.dumps(data)) # Check if defined extra headers. headers.do_check(request) # Get the response of the request response = requests.get_request_response(request) return response
def injection(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename): # Execute shell commands on vulnerable host. if alter_shell: payload = fb_payloads.cmd_execution_alter_shell( separator, cmd, OUTPUT_TEXTFILE) else: payload = fb_payloads.cmd_execution(separator, cmd, OUTPUT_TEXTFILE) # Fix prefixes / suffixes payload = parameters.prefixes(payload, prefix) payload = parameters.suffixes(payload, suffix) if menu.options.base64: payload = base64.b64encode(payload) # Check if defined "--verbose" option. if menu.options.verbose: sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " + payload.replace("\n", "\\n") + Style.RESET_ALL) # Check if defined cookie with "INJECT_HERE" tag if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie: response = cookie_injection_test(url, vuln_parameter, payload) # Check if defined user-agent with "INJECT_HERE" tag elif menu.options.agent and settings.INJECT_TAG in menu.options.agent: response = user_agent_injection_test(url, vuln_parameter, payload) # Check if defined referer with "INJECT_HERE" tag elif menu.options.referer and settings.INJECT_TAG in menu.options.referer: response = referer_injection_test(url, vuln_parameter, payload) else: # Check if defined method is GET (Default). if http_request_method == "GET": # Check if its not specified the 'INJECT_HERE' tag #url = parameters.do_GET_check(url) payload = payload.replace(" ", "%20") target = re.sub(settings.INJECT_TAG, payload, url) vuln_parameter = ''.join(vuln_parameter) request = urllib2.Request(target) # Check if defined extra headers. headers.do_check(request) # Get the response of the request response = get_request_response(request) else: # Check if defined method is POST. parameter = menu.options.data parameter = urllib2.unquote(parameter) # Check if its not specified the 'INJECT_HERE' tag parameter = parameters.do_POST_check(parameter) # Define the POST data if settings.IS_JSON == False: data = re.sub(settings.INJECT_TAG, payload, parameter) request = urllib2.Request(url, data) else: payload = payload.replace("\"", "\\\"") data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter) data = json.loads(data, strict=False) request = urllib2.Request(url, json.dumps(data)) # Check if defined extra headers. headers.do_check(request) # Get the response of the request response = get_request_response(request) return response
def injection(separator, payload, TAG, cmd, prefix, suffix, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename): # Execute shell commands on vulnerable host. if alter_shell : payload = fb_payloads.cmd_execution_alter_shell(separator, cmd, OUTPUT_TEXTFILE) else: payload = fb_payloads.cmd_execution(separator, cmd, OUTPUT_TEXTFILE) # Fix prefixes / suffixes payload = parameters.prefixes(payload, prefix) payload = parameters.suffixes(payload, suffix) if menu.options.base64: payload = base64.b64encode(payload) # Check if defined "--verbose" option. if menu.options.verbose: sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " + payload.replace("\n", "\\n") + Style.RESET_ALL) # Check if defined cookie with "INJECT_HERE" tag if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie: response = cookie_injection_test(url, vuln_parameter, payload) # Check if defined user-agent with "INJECT_HERE" tag elif menu.options.agent and settings.INJECT_TAG in menu.options.agent: response = user_agent_injection_test(url, vuln_parameter, payload) # Check if defined referer with "INJECT_HERE" tag elif menu.options.referer and settings.INJECT_TAG in menu.options.referer: response = referer_injection_test(url, vuln_parameter, payload) else: # Check if defined method is GET (Default). if http_request_method == "GET": # Check if its not specified the 'INJECT_HERE' tag #url = parameters.do_GET_check(url) payload = payload.replace(" ","%20") target = re.sub(settings.INJECT_TAG, payload, url) vuln_parameter = ''.join(vuln_parameter) request = urllib2.Request(target) # Check if defined extra headers. headers.do_check(request) # Check if defined any HTTP Proxy. if menu.options.proxy: try: response = proxy.use_proxy(request) except urllib2.HTTPError, err: print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL raise SystemExit() # Check if defined Tor. elif menu.options.tor: try: response = tor.use_tor(request) except urllib2.HTTPError, err: print "\n" + Back.RED + "(x) Error: " + str(err) + Style.RESET_ALL raise SystemExit() else: