예제 #1
0
def main(args, output=True):

    common.charset_set(args.charset,
            args.charset_custom, args.wordlist)

    if(args.bad_string):
        common.LDAP_GLOBALS.bad_string = args.bad_string

    if not args.no_wildcard and not args.brute_attr:
        valid_values = brute(args.URL, args.TRUE_STRING)
    else :
        if args.brute_attr:
            attr = common.LDAP_GLOBALS.BRUTE
        else:
            attr = args.attribute_name

        if not attr:
            err("Attribute name is required for non-wildcard bruteforcing. Please specify it with --attribute-name.")

        if args.exact_word_size != None:
            is_exact = True
            word_size = args.exact_word_size
        else:
            is_exact = False
            word_size = args.max_word_size

        valid_values = brute_nowild(base_url=args.URL,
                true_string=args.TRUE_STRING, max_path_size=args.max_path_size,
                attribute_name=attr, word_size=word_size,
                size_is_exact=is_exact)

    if(output):
        succ(valid_values)
예제 #2
0
def brute(base_url, true_string):
    charset = common.charset_get()
    logging.info("Entering wildcard brute mode for URL '%s'." % base_url)
    logging.debug("Going to brute with chars %s" % charset)

    # Check which ones were positive.
    exist = []
    first = True
    while True:
        if first == True:
            first = False
            exist = common.brute_char(base_url, charset, true_string,  "")
            if exist:
                logging.info("Valid initial values found: %s", exist)
            else :
                err("""No initial values found! True string was never there... Maybe attribute does not support wildcard? see --no-wildcard. Otherwise, URL is non-conformant.""")
        else:
            new_exist = []
            finished = True
            for poss in exist:
                valid_continuations = common.brute_char(base_url, charset,
                    true_string, poss)

                if valid_continuations:
                    for v in valid_continuations:
                        finished = False
                        new_exist.append(poss + v)
                else:
                    new_exist.append(poss)

            if finished :
                break
            else :
                exist = new_exist

    return exist