def main():
options = parse_options()
if options.verbose:
logging.basicConfig(level=logging.DEBUG)
print("[*] Testing IGS ZIPPER interpreter on %s:%d" % (options.remote_host,
options.remote_port))
# open input file
try:
with open(options.file_input, 'rb') as f:
file_input_content=f.read()
except IOError:
print("[!] Error reading %s file." % options.file_input)
exit(2)
# Initiate the connection
conn = SAPRoutedStreamSocket.get_nisocket(options.remote_host,
options.remote_port,
options.route_string,
base_cls=SAPIGS)
# the xml request for zipper interpreter
xml = '<?xml version="1.0"?><REQUEST><COMPRESS type="zip"><FILES>'
xml += '<FILE name="{}" '.format(options.file_input)
xml += 'path="{}" '.format(options.file_path)
xml += 'size="{}"/>'.format(len(file_input_content))
xml += '</FILES></COMPRESS></REQUEST>'
# create tables descriptions
# table with xml content
table_xml = SAPIGSTable.add_entry('XMLDESC', 1, len(xml), 1,
'XMLDESC', len(xml)
)
# table with file content
table_file = SAPIGSTable.add_entry('FILE1', 1, len(file_input_content), 1,
'FILE1', len(file_input_content)
)
# get the futur offset where table entries begin
offset = (len(table_xml) + len(table_file))
# filling tables
content_xml = xml
content_file = file_input_content
# total size of packet
# total_size need to be a multiple of 1024
total_size = offset + 244 # 244 IGS header size
total_size += 1023
total_size -= (total_size % 1024)
# Put all together
p = SAPIGS(function='ZIPPER', listener='L', offset_content=str(offset), packet_size=str(total_size))
p = p / table_xml / table_file / content_xml / content_file
# Send the IGS packet
print("[*] Send %s to ZIPPER interpreter..." % options.file_input)
conn.send(p)
print("[*] File sent.")
def main():
options = parse_options()
if options.verbose:
logging.basicConfig(level=logging.DEBUG)
# Open image to convert
try:
with open(options.input_image, "rb") as f:
image = f.read()
except IOError:
print("Error reading image file !")
exit(0)
print("[*] Testing IGS IMGCONV on http://%s:%d" %
(options.remote_host, options.remote_port))
# Initiate the connection
conn = SAPRoutedStreamSocket.get_nisocket(
options.remote_host,
options.remote_port,
options.route_string,
talk_mode=ROUTER_TALK_MODE_NI_RAW_IO)
# XML file request
# JPEG to PNG size 100x100
xml = '''<?xml version="1.0" encoding="UTF-8"?>
<IMAGE>
<WIDTH>100</WIDTH>
<HEIGTH>100</HEIGTH>
<INPUT>image/jpeg</INPUT>
<OUTPUT>image/png</OUTPUT>
</IMAGE>
'''
# build http packet
files = {"xml": ("xml", xml), "img": ("img", image)}
p = SAPIGS.http(options.remote_host, options.remote_port, 'IMGCONV', files)
# Send request
print("[*] Send packet to IGS...")
conn.send(p)
print("[*] Response :")
response = conn.recv()
response.show()
# Extract picture url from response
print("[*] Generated file(s) :")
for url in str(response).split('href='):
if "output" in url:
print(
"http://%s:%d%s" %
(options.remote_host, options.remote_port, url.split('"')[1]))
def main():
options = parse_options()
if options.verbose:
logging.basicConfig(level=logging.DEBUG)
print("[*] Testing IGS ZIPPER interpreter on %s:%d" %
(options.remote_host, options.remote_port))
# open input file
try:
with open(options.file_input, 'rb') as f:
file_input_content = f.read()
except IOError:
print("[!] Error reading %s file." % options.file_input)
exit(2)
# Initiate the connection
conn = SAPRoutedStreamSocket.get_nisocket(
options.remote_host,
options.remote_port,
options.route_string,
talk_mode=ROUTER_TALK_MODE_NI_RAW_IO)
# the xml request for zipper interpreter
xml = '<?xml version="1.0"?><REQUEST><COMPRESS type="zip"><FILES>'
xml += '<FILE name="%s" ' % (options.file_input)
xml += 'path="%s" ' % (options.file_path)
xml += 'size="%s"/>' % (len(file_input_content))
xml += '</FILES></COMPRESS></REQEST>'
# http request type multipart/form-data
files = {"xml": ("xml", xml), "zipme": ("zipme", file_input_content)}
p = SAPIGS.http(options.remote_host, options.remote_port, 'ZIPPER', files)
# Send/Receive request
print("[*] Send %s to ZIPPER interpreter..." % options.file_input)
conn.send(p)
print("[*] Response :")
response = conn.recv(1024)
response.show()
# Extract zip from response
print("[*] Generated file(s) :")
for url in str(response).split('href='):
if "output" in url:
print(
"http://%s:%d%s" %
(options.remote_host, options.remote_port, url.split('"')[1]))
def main():
options = parse_options()
if options.verbose:
logging.basicConfig(level=logging.DEBUG)
print("[*] Testing IGS ZIPPER interpreter on %s:%d" % (options.remote_host,
options.remote_port))
# open input file
try:
with open(options.file_input, 'rb') as f:
file_input_content = f.read()
except IOError:
print("[!] Error reading %s file." % options.file_input)
exit(2)
# Initiate the connection
conn = SAPRoutedStreamSocket.get_nisocket(options.remote_host,
options.remote_port,
options.route_string,
talk_mode=1)
# the xml request for zipper interpreter
xml = '<?xml version="1.0"?><REQUEST><COMPRESS type="zip"><FILES>'
xml += '<FILE name="%s" ' % (options.file_input)
xml += 'path="%s" ' % (options.file_path)
xml += 'size="%s"/>' % (len(file_input_content))
xml += '</FILES></COMPRESS></REQEST>'
# http request type multipart/form-data
files = {"xml": ("xml", xml), "zipme": ("zipme", file_input_content)}
p = SAPIGS.http(options.remote_host, options.remote_port, 'ZIPPER', files)
# Send/Receive request
print("[*] Send %s to ZIPPER interpreter..." % options.file_input)
conn.send(p)
print("[*] Response :")
response = conn.recv(1024)
response.show()
# Extract zip from response
print("[*] Generated file(s) :")
for url in str(response).split('href='):
if "output" in url:
print("http://%s:%d%s" % (options.remote_host,
options.remote_port,
url.split('"')[1]))
def main():
options = parse_options()
if options.verbose:
logging.basicConfig(level=logging.DEBUG)
print("[*] Testing XXE over IGS XMLCHART on http://%s:%d" %
(options.remote_host, options.remote_port))
# Initiate the connection
conn = SAPRoutedStreamSocket.get_nisocket(
options.remote_host,
options.remote_port,
options.route_string,
talk_mode=ROUTER_TALK_MODE_NI_RAW_IO)
# XML Data content
data = '''<?xml version="1.0" encoding="utf-8"?>
<ChartData>
<Categories>
<Category>Fus Ro Dah</Category>
</Categories>
<Series label="bla">
<Point><Value type="y">42</Value></Point>
</Series>
</ChartData>'''
# http POST request type multipart/form-data
files = {'data': ('data', data)}
p = SAPIGS.http(options.remote_host, options.remote_port, 'XMLCHART',
files)
# Send/Receive request
print("[*] Send request to IGS...")
conn.send(p)
print("[*] Response :")
response = conn.recv(1024)
response.show()
# Extract picture from response
print("[*] Generated file(s) :")
for url in str(response).split('href='):
if "output" in url:
print(
"http://%s:%d%s" %
(options.remote_host, options.remote_port, url.split('"')[1]))
def main():
options = parse_options()
if options.verbose:
logging.basicConfig(level=logging.DEBUG)
print("[*] Testing XXE over IGS XMLCHART on http://%s:%d" % (options.remote_host,
options.remote_port))
# Initiate the connection
conn = SAPRoutedStreamSocket.get_nisocket(options.remote_host,
options.remote_port,
options.route_string,
talk_mode=1)
# XML Data content
data = '''<?xml version="1.0" encoding="utf-8"?>
<ChartData>
<Categories>
<Category>Fus Ro Dah</Category>
</Categories>
<Series label="bla">
<Point><Value type="y">42</Value></Point>
</Series>
</ChartData>'''
# http POST request type multipart/form-data
files = {'data': ('data', data)}
p = SAPIGS.http(options.remote_host, options.remote_port, 'XMLCHART', files)
# Send/Receive request
print("[*] Send request to IGS...")
conn.send(p)
print("[*] Response :")
response = conn.recv(1024)
response.show()
# Extract picture from response
print("[*] Generated file(s) :")
for url in str(response).split('href='):
if "output" in url:
print("http://%s:%d%s" % (options.remote_host,
options.remote_port,
url.split('"')[1]))