def __init__(self): Plugin.__init__(self) CommonAttackMethods.__init__(self) self._uri_opener = None self._footer = None self._header = None # User configured parameter self._generate_only_one = False
def __init__(self, vuln): ExploitStrategy.__init__(self, vuln) CommonAttackMethods.__init__(self)
def setUp(self): self.cam = CommonAttackMethods()
class TestCommonAttackMethods(unittest.TestCase): def setUp(self): self.cam = CommonAttackMethods() def test_etc_passwd_extract_basic(self): body = '''HEADER root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh FOOTER123''' self.cam._define_cut_from_etc_passwd(body, body) header = 'HEADER\n ' footer = ' FOOTER123' self.assertEqual(self.cam._header_length, len(header)) self.assertEqual(self.cam._footer_length, len(footer)) mtab_content = '''/dev/sda1 / ext4 rw,errors=remount-ro 0 0 proc /proc proc rw,noexec,nosuid,nodev 0 0 sysfs /sys sysfs rw,noexec,nosuid,nodev 0 0 none /sys/fs/fuse/connections fusectl rw 0 0''' mtab_body = '%s%s%s' % (header, mtab_content, footer) self.assertEqual(self.cam._cut(mtab_body), mtab_content) def test_etc_passwd_extract_div(self): body = '''<div>root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh\n</div>''' self.cam._define_cut_from_etc_passwd(body, body) self.assertEqual(self.cam._header_length, len('<div>')) self.assertEqual(self.cam._footer_length, len('</div>')) def test_etc_passwd_extract_no_header_footer(self): body = '''root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh\n''' self.cam._define_cut_from_etc_passwd(body, body) self.assertEqual(self.cam._header_length, len('')) self.assertEqual(self.cam._footer_length, len('')) def test_etc_passwd_extract_together(self): body = '''HEADERroot:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh\nFOOTER''' self.cam._define_cut_from_etc_passwd(body, body) self.assertEqual(self.cam._header_length, len('HEADER')) self.assertEqual(self.cam._footer_length, len('FOOTER')) def test_etc_passwd_extract_bad_1(self): self.assertRaises(ValueError, self.cam._define_cut_from_etc_passwd, 'a', 'b') def test_etc_passwd_extract_bad_2(self): self.assertRaises(ValueError, self.cam._define_cut_from_etc_passwd, 'a', 'a') def test_etc_passwd_extract_bad_3(self): body = '''HEADER andres:x:0:0:andres:/andres:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh FOOTER123''' self.assertRaises(ValueError, self.cam._define_cut_from_etc_passwd, body, body) def test_etc_passwd_extract_bad_4(self): body = '''HEADERroot:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/shFOOTER''' self.assertRaises(ValueError, self.cam._define_cut_from_etc_passwd, body, body) def test_define_exact_cut_basic(self): expected = 'w3af\n' header = 'HEADER' footer = 'FOOTER123' body = '%s%s%s' % (header, expected, footer) self.cam._define_exact_cut(body, expected) self.assertEqual(self.cam._header_length, len(header)) self.assertEqual(self.cam._footer_length, len(footer)) another_content = '''hello world''' another_body = '%s%s%s' % (header, another_content, footer) self.assertEqual(self.cam._cut(another_body), another_content) def test_guess_cut_basic(self): expected = 'w3af\n' error = 'error found while trying to read not existing file' header = 'HEADER' footer = 'FOOTER123' body_a = '%s%s%s' % (header, expected, footer) body_b = '%s%s%s' % (header, error, footer) self.cam._guess_cut(body_a, body_b, expected) self.assertEqual(self.cam._header_length, len(header)) self.assertEqual(self.cam._footer_length, len(footer)) another_content = '''hello world''' another_body = '%s%s%s' % (header, another_content, footer) self.assertEqual(self.cam._cut(another_body), another_content) def test_guess_cut_no_header(self): ''' This one fails but I don't really have time to fix it now and it is not as important as you might think. It is very related to this line of code in common_attack_methods.py: sequence_matcher = difflib.SequenceMatcher(lambda x: len(x) < 3, Specifically the "lambda x: len(x) < 3". ''' raise SkipTest expected = 'w3af\n' error = 'error found while trying to read not existing file' header = '' footer = 'FOOTER123' body_a = '%s%s%s' % (header, expected, footer) body_b = '%s%s%s' % (header, error, footer) self.cam._guess_cut(body_a, body_b, expected) self.assertEqual(self.cam._header_length, len(header)) self.assertEqual(self.cam._footer_length, len(footer)) another_content = '''hello world''' another_body = '%s%s%s' % (header, another_content, footer) self.assertEqual(self.cam._cut(another_body), another_content) def test_guess_cut_no_footer(self): expected = 'w3af\n' error = 'error found while trying to read not existing file' header = 'HEADER' footer = '' body_a = '%s%s%s' % (header, expected, footer) body_b = '%s%s%s' % (header, error, footer) self.cam._guess_cut(body_a, body_b, expected) self.assertEqual(self.cam._header_length, len(header)) self.assertEqual(self.cam._footer_length, len(footer)) another_content = '''hello world''' another_body = '%s%s%s' % (header, another_content, footer) self.assertEqual(self.cam._cut(another_body), another_content) def test_guess_cut_no_header_no_footer(self): expected = 'w3af\n' error = 'error found while trying to read not existing file' header = '' footer = '' body_a = '%s%s%s' % (header, expected, footer) body_b = '%s%s%s' % (header, error, footer) self.cam._guess_cut(body_a, body_b, expected) self.assertEqual(self.cam._header_length, len(header)) self.assertEqual(self.cam._footer_length, len(footer)) another_content = '''hello world''' another_body = '%s%s%s' % (header, another_content, footer) self.assertEqual(self.cam._cut(another_body), another_content)