def generate(self):
self.__initAttacks()
deps = None
for _, x in enumerate(self.attacks):
if x.doReturn:
print('')
if x.require:
x.loadRequire(
self.source, self.backend, self.dbms,
[y for y in self.attacks if y.name in x.require])
deps = ", ".join(
[y.name for y in self.attacks if y.name in x.require])
for x in self.attacks:
if x.doReturn:
Logger.logSuccess(u"[+] Launching module {0}".format(x.name))
Logger.logSuccess(u" and its deps: {0}".format(
deps if deps is not None else 'None'))
if self.color:
x.setColor()
if self.verbose:
x.setVerbose()
web.payloads = x.Job(self.source, self.backend, self.dbms)
return os.path.join(self.output, self.theme)
def generate(self):
self.__initAttacks()
deps = None
for _, x in enumerate(self.attacks):
if x.doReturn:
print('')
if x.require:
x.loadRequire(self.source, self.backend, self.dbms, [
y for y in self.attacks if y.name in x.require])
deps = ", ".join(
[y.name for y in self.attacks if y.name in x.require])
for x in self.attacks:
if x.doReturn:
Logger.logSuccess(u"[+] Launching module {0}".format(x.name))
Logger.logSuccess(u" and its deps: {0}".format(
deps if deps is not None else 'None'))
if self.color:
x.setColor()
if self.verbose:
x.setVerbose()
web.payloads = x.Job(
self.source, self.backend, self.dbms)
return os.path.join(self.output, self.theme)
def start(self):
path = self.generate()
web.path = path
if web.payloads is not None:
if self.dbms:
if self.dbms == 'Mongo':
cmd = "run -id -p {0}:80 -v {1}:{2}:rw -v {3}:/etc/php5/fpm/php.ini:ro -v {4}:/usr/lib/php5/modules/mongodb.so:ro --link {5}:{6} --name VW --workdir {2} {7} ".format(
self.expose, web.path, self.mount_point, os.path.join(web.path, 'php.ini'), os.path.join(web.path, 'mongodb.so'), web.container_name, self.dbms.lower(), self.image)
else:
cmd = "run -id -p {0}:80 -v {1}:{2} -v {3}:/etc/php5/fpm/php.ini --link {4}:{5} --name VW --workdir {2} {6} ".format(
self.expose, web.path, self.mount_point, os.path.join(web.path, 'php.ini'), web.container_name, self.dbms.lower(), self.image)
if self.command:
cmd = cmd + self.command
web.dAgent.send(cmd)
else:
cmd = "run -id -p {0}:80 -v {1}:{2}:rw -v {3}:/etc/php5/fpm/php.ini:ro --name VW --workdir {2} {4} ".format(
self.expose, web.path, self.mount_point, os.path.join(web.path, 'php.ini'), self.image)
if self.command:
cmd = cmd + self.command
web.dAgent.send(cmd)
web.ctr = web.dAgent.recv()
if "cmd" in web.payloads:
Logger.logInfo(
"[INFO] " + "CMD: {0}".format(web.payloads['cmd']))
web.dAgent.send(
"exec {0} -- {1}".format(web.ctr, web.payloads['cmd']))
if "warning" in web.payloads:
for warning in web.payloads['warning']:
Logger.logWarning("[WARNING] " + warning)
if "error" in web.payloads:
for error in web.payloads['error']:
Logger.logError("[ERROR] " + error)
url = ['http', '127.0.0.1:{0}'.format(
self.expose), '/', '', '', '']
params = {}
if web.payloads['key'] is not None:
for index, _ in enumerate(web.payloads['key']):
if re.search("page", web.payloads['key'][index], flags=re.IGNORECASE):
web.payloads['value'][index] = "index"
params.update({'{0}'.format(web.payloads['key'][index]): '{0}'.format(
web.payloads['value'][index])})
query = params
url[4] = urlencode(query)
t = Terminal()
with t.location(0, t.height - 1):
Logger.logSuccess(
t.center(t.blink("Browse: {0}".format(urlparse.urlunparse(url)))))
web.dAgent.send("logs {0} -f".format(web.ctr))
def start(self):
path = self.generate()
web.path = path
if web.payloads is not None:
web.ctr = web.dAgent.startContainer(image='{0}'.format(self.image), ports=[80], volumes=['{0}'.format(self.mount_point), '/etc/php5/fpm/php.ini'],
host_config=web.dAgent.createHostConfig(
port_bindings={
80: self.expose
},
binds=self.bindsOperation(),
links={'{0}'.format(web.container_name): '{0}'.format(
self.dbms.lower())} if self.dbms is not None else None
), name='VW')
if "cmd" in web.payloads:
Logger.logInfo(
"[INFO] " + "CMD: cd {0} && {1}".format(self.mount_point, web.payloads['cmd']))
web.dAgent.execute(web.ctr, web.payloads[
'cmd'], self.mount_point)
if "warning" in web.payloads:
for warning in web.payloads['warning']:
Logger.logWarning("[WARNING] " + warning)
if "error" in web.payloads:
for error in web.payloads['error']:
Logger.logError("[ERROR] " + error)
url = ['http', '{0}:{1}'.format(
web.dAgent.host, self.expose), '/', '', '', '']
params = {}
if web.payloads['key'] is not None:
for index, _ in enumerate(web.payloads['key']):
if re.search("page", web.payloads['key'][index], flags=re.IGNORECASE):
web.payloads['value'][index] = "index"
params.update({'{0}'.format(web.payloads['key'][index]): '{0}'.format(
web.payloads['value'][index])})
query = params
url[4] = urlencode(query)
t = Terminal()
with t.location(0, t.height - 1):
Logger.logSuccess(
t.center(t.blink("Browse: {0}".format(urlparse.urlunparse(url)))))
web.dAgent.logs(web.ctr)
def enter_shell(gen_instance):
sA = shellAgent()
gen_instance.parse("set backend = php")
gen_instance.parse("set dbms = None")
gen_instance.parse("set theme = startbootstrap-agency-1.0.6")
gen_instance.parse("set expose = 80")
gen_instance.parse("set modules = +unfilter")
Logger.logInfo("VWGen ready (press Ctrl+D to end input)")
while True:
result = gen_instance.parse(sA.prompt())
if result == "CTRL+D":
Logger.logInfo("[INFO] CTRL+D captured. Exit.")
raise RuntimeError
elif result is not None:
Logger.logSuccess(result)
else:
Logger.logError("Unreconized keyword!")
def enter_shell(gen_instance):
sA = shellAgent()
gen_instance.parse("set backend = php")
gen_instance.parse("set dbms = None")
gen_instance.parse("set theme = startbootstrap-agency-1.0.6")
gen_instance.parse("set expose = 80")
gen_instance.parse("set modules = +unfilter")
Logger.logInfo("VWGen ready (press Ctrl+D to end input)")
while True:
result = gen_instance.parse(sA.prompt())
if result == "CTRL+D":
Logger.logInfo("[INFO] CTRL+D captured. Exit.")
raise RuntimeError
elif result is not None:
Logger.logSuccess(result)
else:
Logger.logError("Unreconized keyword!")
def start(self):
path = self.generate()
web.path = path
if web.payloads is not None:
if self.dbms:
if self.dbms == 'Mongo':
cmd = "run -id -p {0}:80 -v {1}:{2}:rw -v {3}:/etc/php5/fpm/php.ini:ro -v {4}:/usr/lib/php5/modules/mongodb.so:ro --link {5}:{6} --name VW --workdir {2} {7} ".format(
self.expose, web.path, self.mount_point,
os.path.join(web.path, 'php.ini'),
os.path.join(web.path, 'mongodb.so'),
web.container_name, self.dbms.lower(), self.image)
else:
cmd = "run -id -p {0}:80 -v {1}:{2} -v {3}:/etc/php5/fpm/php.ini --link {4}:{5} --name VW --workdir {2} {6} ".format(
self.expose, web.path, self.mount_point,
os.path.join(web.path, 'php.ini'), web.container_name,
self.dbms.lower(), self.image)
if self.command:
cmd = cmd + self.command
web.dAgent.send(cmd)
else:
cmd = "run -id -p {0}:80 -v {1}:{2}:rw -v {3}:/etc/php5/fpm/php.ini:ro --name VW --workdir {2} {4} ".format(
self.expose, web.path, self.mount_point,
os.path.join(web.path, 'php.ini'), self.image)
if self.command:
cmd = cmd + self.command
web.dAgent.send(cmd)
web.ctr = web.dAgent.recv()
if "cmd" in web.payloads:
Logger.logInfo("[INFO] " +
"CMD: {0}".format(web.payloads['cmd']))
web.dAgent.send("exec {0} -- {1}".format(
web.ctr, web.payloads['cmd']))
if "warning" in web.payloads:
for warning in web.payloads['warning']:
Logger.logWarning("[WARNING] " + warning)
if "error" in web.payloads:
for error in web.payloads['error']:
Logger.logError("[ERROR] " + error)
url = [
'http', '127.0.0.1:{0}'.format(self.expose), '/', '', '', ''
]
params = {}
if web.payloads['key'] is not None:
for index, _ in enumerate(web.payloads['key']):
if re.search("page",
web.payloads['key'][index],
flags=re.IGNORECASE):
web.payloads['value'][index] = "index"
params.update({
'{0}'.format(web.payloads['key'][index]):
'{0}'.format(web.payloads['value'][index])
})
query = params
url[4] = urlencode(query)
t = Terminal()
with t.location(0, t.height - 1):
Logger.logSuccess(
t.center(
t.blink("Browse: {0}".format(
urlparse.urlunparse(url)))))
web.dAgent.send("logs {0} -f".format(web.ctr))
def parse(self, arg):
from core.attack import attack
arg = arg.strip()
try:
if arg.startswith("help"):
arg = arg[4:].strip()
for case in switch(arg):
if case('set'):
Logger.logSuccess("[*] set A = B")
break
if case('unset'):
Logger.logSuccess("[*] unset A")
break
if case('show'):
Logger.logSuccess("[*] show [modules, themes, infos]")
break
if case():
Logger.logSuccess("[*] help [set, unset, show]")
return True
elif arg.startswith("set"):
arg = arg[3:].strip()
list = re.split("[\s=]+", arg)
return getattr(self, ''.join(['set',
list[0].capitalize()]))(list[1])
elif arg.startswith("unset"):
arg = arg[5:].strip()
print arg
setattr(self, arg, None)
return True
elif arg.startswith("show"):
arg = arg[4:].strip()
for case in switch(arg):
if case('modules'):
Logger.logSuccess(u"{0}".format(u", ".join(
attack.modules)))
break
if case('themes'):
Logger.logSuccess(u"{0}".format(u", ".join(
attack.themes)))
break
if case('infos'):
Logger.logSuccess("Backend: {0}".format(self.backend))
Logger.logSuccess("Dbms: {0}".format(self.dbms))
Logger.logSuccess("Theme: {0}".format(self.theme))
Logger.logSuccess("Expose Port: {0}".format(
self.expose))
Logger.logSuccess("Color: {0}".format(
str(bool(self.color))))
Logger.logSuccess("Verbose: {0}".format(
str(bool(self.verbose))))
Logger.logSuccess("Modules: {0}".format(self.modules))
break
if case():
Logger.logSuccess("[*] show [modules, themes, infos]")
return True
elif arg.startswith("start"):
gen.setThemeEnv()
try:
self.start()
except (KeyboardInterrupt, SystemExit, RuntimeError):
Logger.logInfo("[INFO] See you next time.")
except APIError as e:
Logger.logError("\n" + "[ERROR] " + str(e.explanation))
Logger.logInfo(
"\n[INFO] Taking you to safely leave the program.")
finally:
self.fp.rmtree(self.fp.path)
web.dAgent.send("rm -f {0}".format(web.db_ctr))
web.dAgent.send("rm -f {0}".format(web.ctr))
gen.reset()
return True
elif arg.startswith("CTRL+D"):
return "CTRL+D"
except AttributeError as e:
Logger.logError(e)
return True
def parse(self, arg):
from core.attack import attack
arg = arg.strip()
try:
if arg.startswith("help"):
arg = arg[4:].strip()
for case in switch(arg):
if case('set'):
Logger.logSuccess("[*] set A = B")
break
if case('unset'):
Logger.logSuccess("[*] unset A")
break
if case('show'):
Logger.logSuccess("[*] show [modules, themes, infos]")
break
if case():
Logger.logSuccess("[*] help [set, unset, show]")
return True
elif arg.startswith("set"):
arg = arg[3:].strip()
list = re.split("[\s=]+", arg)
return getattr(self, ''.join(['set', list[0].capitalize()]))(list[1])
elif arg.startswith("unset"):
arg = arg[5:].strip()
print arg
setattr(self, arg, None)
return True
elif arg.startswith("show"):
arg = arg[4:].strip()
for case in switch(arg):
if case('modules'):
Logger.logSuccess(u"{0}".format(
u", ".join(attack.modules)))
break
if case('themes'):
Logger.logSuccess(u"{0}".format(
u", ".join(attack.themes)))
break
if case('infos'):
Logger.logSuccess("Backend: {0}".format(self.backend))
Logger.logSuccess("Dbms: {0}".format(self.dbms))
Logger.logSuccess("Theme: {0}".format(self.theme))
Logger.logSuccess(
"Expose Port: {0}".format(self.expose))
Logger.logSuccess(
"Color: {0}".format(str(bool(self.color))))
Logger.logSuccess("Verbose: {0}".format(
str(bool(self.verbose))))
Logger.logSuccess("Modules: {0}".format(self.modules))
break
if case():
Logger.logSuccess("[*] show [modules, themes, infos]")
return True
elif arg.startswith("start"):
gen.setThemeEnv()
try:
self.start()
except (KeyboardInterrupt, SystemExit, RuntimeError):
Logger.logInfo("[INFO] See you next time.")
except APIError as e:
Logger.logError("\n" + "[ERROR] " + str(e.explanation))
Logger.logInfo(
"\n[INFO] Taking you to safely leave the program.")
finally:
self.fp.rmtree(self.fp.path)
web.dAgent.send("rm -f {0}".format(web.db_ctr))
web.dAgent.send("rm -f {0}".format(web.ctr))
gen.reset()
return True
elif arg.startswith("CTRL+D"):
return "CTRL+D"
except AttributeError as e:
Logger.logError(e)
return True