def get_transfer_handler(self, inbound_port=None):
'''
Perform an extrusion scan and return a handler that will know how to upload
files to the remote end. If the caller sends an inbound_port, don't perform
an extrusion scan, just trust him and use that port.
:param inbound_port: The port that we should use for reverse connections
:return: An object with a "transfer" method, which can be called by the user
in order to upload files.
'''
os = os_detection_exec(self._exec_method)
if os == 'windows':
echo_transfer = EchoWindows(self._exec_method, os)
elif os == 'linux':
echo_transfer = EchoLinux(self._exec_method, os)
to_test = []
to_test.append(echo_transfer)
try:
if not inbound_port:
inbound_port = self._es.get_inbound_port()
except w3afException, w3:
msg = 'The extrusion scan failed, no reverse connect transfer methods'
msg += ' can be used. Trying inband echo transfer method. Error: "%s"'
om.out.error(msg % w3)
def get_delayed_execution_handler(self):
os = os_detection_exec(self._exec_method)
if os == 'windows':
return atHandler(self._exec_method)
elif os == 'linux':
return crontabHandler(self._exec_method)
else:
raise w3afException(
'Failed to create a delayed execution handler.')
def get_virtual_daemon(exec_method):
'''
Uses the exec_method to run remote commands and determine what's the
remote OS is, and based on that info, it returns the corresponding virtual
daemon.
'''
try:
os = os_detection_exec(exec_method)
except w3afException, w3:
raise w3
def _identify_os(self):
'''
Identify the remote operating system and get some remote variables to show to the user.
'''
self._rOS = os_detection_exec(self.execute)
if self._rOS == 'linux':
self._rUser = self.execute('whoami').strip()
self._rSystem = self.execute('uname -o -r -n -m -s').strip()
self._rSystemName = self.execute('uname -n').strip()
elif self._rOS == 'windows':
self._rUser = self.execute('echo %USERDOMAIN%\%USERNAME%').strip()
self._rSystem = self.execute(
'echo %COMPUTERNAME% - %OS% - %PROCESSOR_IDENTIFIER%').strip()
self._rSystemName = self.execute('echo %COMPUTERNAME%').strip()
def _identify_os(self):
'''
Identify the remote operating system and get some remote variables to show to the user.
'''
self._rOS = os_detection_exec(self.execute)
if self._rOS == 'linux':
self._rUser = self.execute('whoami').strip()
self._rSystem = self.execute('uname -o -r -n -m -s').strip()
self._rSystemName = self.execute('uname -n').strip()
elif self._rOS == 'windows':
self._rUser = self.execute('echo %USERDOMAIN%\%USERNAME%').strip()
self._rSystem = self.execute(
'echo %COMPUTERNAME% - %OS% - %PROCESSOR_IDENTIFIER%').strip()
self._rSystemName = self.execute('echo %COMPUTERNAME%').strip()
def __init__(
self, exec_method, forceReRun=False, tcpPortList=[25, 80, 53, 1433, 8080], udpPortList=[53, 69, 139, 1025]
):
"""
:param exec_method: The exec_method used to execute commands on the
remote host
:param forceReRun: If forceReRun is True, the extrusion scanner
won't fetch the results from the KB
"""
self._exec_method = exec_method
self._forceReRun = forceReRun
self._tcp_port_list = tcpPortList
self._udp_port_list = udpPortList
os = os_detection_exec(exec_method)
if os == "windows":
self._transferHandler = EchoWindows(exec_method, os)
elif os == "linux":
self._transferHandler = EchoLinux(exec_method, os)
def __init__(self,
exec_method,
forceReRun=False,
tcpPortList=[25, 80, 53, 1433, 8080],
udpPortList=[53, 69, 139, 1025]):
'''
:param exec_method: The exec_method used to execute commands on the
remote host
:param forceReRun: If forceReRun is True, the extrusion scanner
won't fetch the results from the KB
'''
self._exec_method = exec_method
self._forceReRun = forceReRun
self._tcp_port_list = tcpPortList
self._udp_port_list = udpPortList
os = os_detection_exec(exec_method)
if os == 'windows':
self._transferHandler = EchoWindows(exec_method, os)
elif os == 'linux':
self._transferHandler = EchoLinux(exec_method, os)
def test_os_detection_exec_windows(self):
exec_method = MagicMock(
side_effect=['Command not found', 'Command not found',
'[fonts]', 'ECHO'])
os = os_detection_exec(exec_method)
self.assertEqual(os, 'windows')
def test_os_detection_exec_linux(self):
exec_method = commands.getoutput
os = os_detection_exec(exec_method)
self.assertEqual(os, 'linux')
def test_os_detection_exec_windows(self):
exec_method = MagicMock(side_effect=[
'Command not found', 'Command not found', '[fonts]', 'ECHO'
])
os = os_detection_exec(exec_method)
self.assertEqual(os, 'windows')
def test_os_detection_exec_linux(self):
exec_method = commands.getoutput
os = os_detection_exec(exec_method)
self.assertEqual(os, 'linux')