def s_string(value,
size=-1,
padding="\x00",
encoding="ascii",
fuzzable=True,
max_len=0,
name=None):
'''
Push a string onto the current block stack.
@type value: String
@param value: Default string value
@type size: Integer
@param size: (Optional, def=-1) Static size of this field, leave -1 for dynamic.
@type padding: Character
@param padding: (Optional, def="\\x00") Value to use as padding to fill static field size.
@type encoding: String
@param encoding: (Optonal, def="ascii") String encoding, ex: utf_16_le for Microsoft Unicode.
@type fuzzable: Boolean
@param fuzzable: (Optional, def=True) Enable/disable fuzzing of this primitive
@type max_len: Integer
@param max_len: (Optional, def=0) Maximum string length
@type name: String
@param name: (Optional, def=None) Specifying a name gives you direct access to a primitive
'''
s = primitives.string(value, size, padding, encoding, fuzzable, max_len,
name)
blocks.CURRENT.push(s)
def __init__(self, name, request, value, options={}):
blocks.block.__init__(self, name, request, None, None, None, None)
self.value = value
self.options = options
# fuzz by default
if self.options.has_key('fuzzable'):
fuzzable = self.options['fuzzable']
else:
fuzzable = True
self.push(primitives.string("q", fuzzable=fuzzable))
self.push(primitives.delim("="))
self.push(primitives.string("0", fuzzable=fuzzable))
self.push(primitives.delim("."))
self.push(
primitives.dword(5, fuzzable=True, signed=True, format="ascii"))
def __init__ (self, name, request, value, options={}):
blocks.block.__init__(self, name, request, None, None, None, None)
self.value = value
self.options = options
if not self.value:
raise sex.SullyRuntimeError("MISSING LEGO.xdr_string DEFAULT VALUE")
self.push(primitives.string(self.value))
def __init__(self, name, request, value, options={}):
"""Initialize."""
blocks.block.__init__(self, name, request, None, None, None, None)
self.value = value
self.options = options
if not self.value:
raise sex.SullyRuntimeError("MISSING LEGO.xdr_string DEFAULT VALUE")
self.push(primitives.string(self.value))
def __init__ (self, name, request, value, options={}):
blocks.block.__init__(self, name, request, None, None, None, None)
self.value = value
self.options = options
if not self.value:
raise sex.SullyRuntimeError("MISSING LEGO.ndr_conformant_array DEFAULT VALUE")
self.push(primitives.string(self.value))
def __init__ (self, name, request, value, options={}):
blocks.block.__init__(self, name, request, None, None, None, None)
self.value = value
self.options = options
if not self.value:
raise sex.error("MISSING LEGO.tag DEFAULT VALUE")
self.push(primitives.string(self.value))
def __init__(self, name, request, value, options={}):
blocks.block.__init__(self, name, request, None, None, None, None)
self.value = value
self.options = options
if not self.value:
raise sex.error("MISSING LEGO.ndr_conformant_array DEFAULT VALUE")
self.push(primitives.string(self.value))
def __init__(self, name, request, value, options={}):
blocks.block.__init__(self, name, request, None, None, None, None)
self.value = value
self.options = options
# fuzz by default
if self.options.has_key('fuzzable'):
fuzzable = self.options['fuzzable']
else:
fuzzable = True
self.push(primitives.string("sip", fuzzable=fuzzable))
self.push(primitives.delim(":"))
# userinfo
self.push(primitives.string("TARGET_USER", fuzzable=fuzzable))
self.push(primitives.delim("@"))
# hostport
self.push(primitives.string("HOST", fuzzable=fuzzable))
self.push(primitives.delim(":"))
self.push(primitives.string("PORT", fuzzable=fuzzable))
# uri-parameters
self.push(primitives.delim(";"))
self.push(primitives.string("transport", fuzzable=fuzzable))
self.push(primitives.delim("="))
self.push(primitives.string("udp", fuzzable=fuzzable))
def __init__ (self, name, request, value, options={}):
blocks.block.__init__(self, name, request, None, None, None, None)
self.value = value
self.options = options
self.prefix = options.get("prefix", "\x04")
if not self.value:
raise sex.error("MISSING LEGO.ber_string DEFAULT VALUE")
str_block = blocks.block(name + "_STR", request)
str_block.push(primitives.string(self.value))
self.push(blocks.size(name + "_STR", request, endian=">", fuzzable=True))
self.push(str_block)
def __init__ (self, name, request, value, options={}):
blocks.block.__init__(self, name, request, None, None, None, None)
self.value = value
self.options = options
if not self.value:
raise sex.SullyRuntimeError("MISSING LEGO.tag DEFAULT VALUE")
# <example>
# [delim][string][delim]
self.push(primitives.delim("<"))
self.push(primitives.string(self.value))
self.push(primitives.delim(">"))
def __init__ (self, name, request, value, options={}):
blocks.block.__init__(self, name, request, None, None, None, None)
self.value = value
self.options = options
self.prefix = options.get("prefix", "\x04")
if not self.value:
raise sex.SullyRuntimeError("MISSING LEGO.ber_string DEFAULT VALUE")
str_block = blocks.block(name + "_STR", request)
str_block.push(primitives.string(self.value))
self.push(blocks.size(name + "_STR", request, endian=">", fuzzable=True))
self.push(str_block)
def __init__(self, name, request, value, options={}):
blocks.block.__init__(self, name, request, None, None, None, None)
self.value = value
self.options = options
# fuzz by default
if self.options.has_key('fuzzable'):
fuzzable = self.options['fuzzable']
else:
fuzzable = True
self.push(primitives.string("Digest", fuzzable=fuzzable))
self.push(primitives.delim(" "))
self.push(primitives.string("realm", fuzzable=fuzzable))
self.push(primitives.delim("="))
self.push(primitives.delim("\""))
self.push(primitives.string("atlanta.com", fuzzable=fuzzable))
self.push(primitives.delim("\""))
self.push(primitives.delim(","))
self.push(primitives.static("domain="))
self.push(primitives.static("\""))
self.push(primitives.string("sip:ss1.carrier.com", fuzzable=fuzzable))
self.push(primitives.static("\",qop=\""))
self.push(primitives.string("auth", fuzzable=fuzzable))
self.push(primitives.delim(","))
self.push(primitives.string("auth-int", fuzzable=fuzzable))
self.push(primitives.static("\",nonce=\""))
self.push(
primitives.string("f84f1cec41e6cbe5aea9c8e88d359",
fuzzable=fuzzable))
self.push(primitives.static("\",opaque=\""))
self.push(
primitives.string("5ccc069c403ebaf9f0171e9517f40e41",
fuzzable=fuzzable))
self.push(primitives.static("\",stale="))
self.push(primitives.string("FALSE", fuzzable=fuzzable))
self.push(primitives.static(",algorithm="))
self.push(primitives.static("MD5"))
def __init__(self, name, request, value, options={}):
blocks.block.__init__(self, name, request, None, None, None, None)
self.value = value
self.options = options
if not self.value:
raise sex.error("MISSING LEGO.tag DEFAULT VALUE")
ip_arr = value.split(".")
ctr = 0
for ip_val in ip_arr:
if ctr == 0:
self.push(primitives.string(ip_val))
self.push(primitives.delim("."))
else:
self.push(primitives.static(ip_val))
if ctr < 3:
self.push(primitives.delim("."))
ctr += 1
def s_string (value, size=-1, padding="\x00", encoding="ascii", fuzzable=True, name=None):
'''
Push a string onto the current block stack.
@type value: String
@param value: Default string value
@type size: Integer
@param size: (Optional, def=-1) Static size of this field, leave -1 for dynamic.
@type padding: Character
@param padding: (Optional, def="\\x00") Value to use as padding to fill static field size.
@type encoding: String
@param encoding: (Optonal, def="ascii") String encoding, ex: utf_16_le for Microsoft Unicode.
@type fuzzable: Boolean
@param fuzzable: (Optional, def=True) Enable/disable fuzzing of this primitive
@type name: String
@param name: (Optional, def=None) Specifying a name gives you direct access to a primitive
'''
s = primitives.string(value, size, padding, encoding, fuzzable, name)
blocks.CURRENT.push(s)
def __init__(self, name, request, value, options={}):
blocks.block.__init__(self, name, request, None, None, None, None)
self.value = value
self.options = options
if not self.value:
raise sex.error("MISSING LEGO.tag DEFAULT VALUE")
ip_arr = value.split(".")
ctr = 0
for ip_val in ip_arr:
if ctr == 0:
self.push(primitives.string(ip_val))
self.push(primitives.delim("."))
else:
self.push(primitives.static(ip_val))
if ctr < 3:
self.push(primitives.delim("."))
ctr += 1
def __init__(self, name, request, value, options={}):
blocks.block.__init__(self, name, request, None, None, None, None)
self.value = value
self.options = options
# fuzz by default
if self.options.has_key('fuzzable'):
fuzzable = self.options['fuzzable']
else:
fuzzable = True
self.push(primitives.string("Digest", fuzzable=fuzzable))
self.push(primitives.delim(" "))
self.push(primitives.string("username", fuzzable=fuzzable))
self.push(primitives.delim("="))
self.push(primitives.delim("\""))
self.push(primitives.string("nnp", fuzzable=fuzzable))
self.push(primitives.delim("\""))
self.push(primitives.delim(","))
self.push(primitives.static("realm"))
self.push(primitives.static("="))
self.push(primitives.static("\""))
self.push(primitives.string("atlanta.com", fuzzable=fuzzable))
self.push(primitives.static("\""))
self.push(primitives.static(","))
self.push(primitives.static("uri="))
self.push(primitives.static("\""))
self.push(
primitives.string("http://www.unprotectedhex.com/",
fuzzable=fuzzable)) # rquest-uri
self.push(primitives.static("\""))
self.push(primitives.static(","))
self.push(primitives.static("response="))
self.push(primitives.static("\""))
self.push(
primitives.string("f84f1cec41e6cbe5aea9c8e88d359def",
fuzzable=fuzzable))
self.push(primitives.static("\""))
self.push(primitives.static(","))
self.push(primitives.static("qop="))
self.push(primitives.static("\""))
self.push(primitives.string("auth", fuzzable=fuzzable))
self.push(primitives.static("\""))
self.push(primitives.static(","))
self.push(primitives.static("nc="))
self.push(primitives.string("f84f1ce", fuzzable=fuzzable)) # 8LHEX
self.push(primitives.static(","))
self.push(primitives.static("cnonce="))
self.push(primitives.static("\""))
self.push(
primitives.string("f84f1cec41e6cbe5aea9c8e88d359",
fuzzable=fuzzable))
self.push(primitives.static("\""))
self.push(primitives.static(","))
self.push(primitives.static("nonce="))
self.push(primitives.static("\""))
self.push(
primitives.string("f84f1cec41e6cbe5aea9c8e88d359",
fuzzable=fuzzable))
self.push(primitives.static("\""))
self.push(primitives.static(","))
self.push(primitives.static("opaque="))
self.push(primitives.static("\""))
self.push(
primitives.string("5ccc069c403ebaf9f0171e9517f40e41",
fuzzable=fuzzable))
self.push(primitives.static("\""))
def __init__(self, name, request, value, options={}):
blocks.block.__init__(self, name, request, None, None, None, None)
self.value = value
self.options = options
# fuzz by default
if self.options.has_key('fuzzable'):
fuzzable = self.options['fuzzable']
else:
fuzzable = True
self.push(primitives.string("sip", fuzzable=fuzzable))
self.push(primitives.delim(":"))
# userinfo
self.push(primitives.string("USER", fuzzable=fuzzable))
self.push(primitives.delim(":"))
self.push(primitives.string("password", fuzzable=fuzzable))
self.push(primitives.delim("@"))
# hostport
self.push(primitives.string("LOCAL_IP", fuzzable=fuzzable))
self.push(primitives.delim(":"))
self.push(primitives.string("PORT", fuzzable=fuzzable))
# uri-parameters
self.push(primitives.delim(";"))
self.push(primitives.string("transport", fuzzable=fuzzable))
self.push(primitives.delim("="))
self.push(primitives.string("udp", fuzzable=fuzzable))
self.push(primitives.static(";"))
self.push(primitives.static("user="******"udp", fuzzable=fuzzable))
self.push(primitives.static(";"))
self.push(primitives.static("ttl="))
self.push(primitives.string("67", fuzzable=fuzzable))
self.push(primitives.static(";"))
self.push(primitives.static("method="))
self.push(primitives.string("INVITE", fuzzable=fuzzable))
self.push(primitives.static(";"))
self.push(primitives.static("maddr="))
self.push(primitives.string("LOCAL_IP", fuzzable=fuzzable))
# headers
self.push(primitives.delim("?"))
self.push(primitives.string("subject", fuzzable=fuzzable))
self.push(primitives.delim("="))
self.push(primitives.string("hval", fuzzable=fuzzable))
self.push(primitives.delim("&"))
self.push(primitives.static("hname2=hval"))
def push_namespace(self, db, collection):
self.block.push(string(db))
self.block.push(delim("."))
self.block.push(string(collection))