def do_set(argv): """view and edit configuration settings SYNOPSIS: set [<VAR> [+] ["<VALUE>"]] DESCRIPTION: Settings are a collection of editable variables that affect phpsploit's core behavior. - Their value is bound to current session. - To permanently change a setting's value at start, it must be defined by hand on phpsploit config file. > set - Display current settings > set <STRING> - Display settings whose name starts with STRING > set <VAR> <VALUE> - Assign VALUE to VAR setting (only if it's a valid value) > set <VAR> %%DEFAULT%% - Reset VAR's default value with '%%DEFAULT%%' magic string > set <VAR> "file:///path/to/file" - Bind VAR's value to a local file content > set <VAR> + - Open VAR's value in text editor. This is useful to edit values with multiple lines > set <VAR> + <LINE> - Add LINE to the end of VAR's value > set <VAR> + "file:///path/to/file" - Re-bind VAR to a local file path. Even if path doesn't exist, the setting will take the value of the file if it founds it. Otherwise, previous buffer value is kept as long as the file path is unreachable Defining HTTP Headers: You can define custom http request header fields by hand. Settings starting with 'HTTP_' are automagically treated as HTTP Request Headers values. By default, only the "User-Agent" Header is defined. It is bound by default to a local file containing common HTTP User Agents. (`help set HTTP_USER_AGENT`) * Examples: > set HTTP_ACCEPT_LANGUAGE "en-CA" - Define "Accept-Language" http request header field. > set HTTP_ACCEPT_LANGUAGE None - Remove HTTP_ACCEPT_LANGUAGE header with magic value 'None'. """ # `set [<PATTERN>]` display concerned settings list if len(argv) < 3: print(session.Conf((argv+[""])[1])) # buffer edit mode elif argv[2] == "+": # `set <VAR> +`: use $EDITOR as buffer viewer in file mode if len(argv) == 3: # get a buffer obj from setting's raw buffer value file_name = argv[1].upper() file_ext = "txt" setting_obj = session.Conf[argv[1]](call=False) if isinstance(setting_obj, datatypes.PhpCode): file_ext = "php" elif isinstance(setting_obj, datatypes.ShellCmd): file_ext = "sh" buffer = Path(filename="%s.%s" % (file_name, file_ext)) buffer.write(session.Conf[argv[1]].buffer) # try to edit it through $EDITOR, and update it # if it has been modified. if buffer.edit(): session.Conf[argv[1]] = buffer.read() # `set <VAR> + "value"`: add value on setting possible choices else: session.Conf[argv[1]] += " ".join(argv[3:]) # `set <VAR> "value"`: just change VAR's "value" else: session.Conf[argv[1]] = " ".join(argv[2:])
def do_set(self, argv): """View and edit settings SYNOPSIS: set [<NAME> [+] ["<VALUE>"]] DESCRIPTION: phpsploit configuration settings manager. The settings are a collection of core variables that affect the framework's core behavior. Any setting takes a default value, that can be manually modified. > set - Display all current settings > set <STRING> - Display all settings whose name starts with STRING. > set <NAME> "value" - Change the NAME setting to "value". If the value is not valid, no changes are made. > set <NAME> "file:///path/to/file" - Set NAME setting's value into a RandLine buffer whose value binds to the external file "/path/to/file". It means that the setting's effective value is dynamic, and on each call to it, the file's content will be loaded if available, and the value is a random line from the file/buffer. > set <NAME> + - Open the setting value for edition as a multiline buffer with EDITOR. The buffer can then be edited, and once saved, the setting will take the buffer's value, except if there are no valid lines. > set <NAME> + "value" - Add "value" as a setting possible choice. It converts the current setting into a RandLine buffer if it was not already. > set <NAME> + "file:///path/to/file" - Rebind NAME setting to the given file path, even if it does not exist at the moment it had been set. It means that each time the setting's value is called, a try is made to load the file's content as new buffer if it exists/is valid, and keeps the old one otherwise. BEHAVIOR - Settings are pre declared at start. It means that new ones cannot be declared. - The convention above does not apply for settings whose name starts with "HTTP_", because this kind of variable are automatically used as custom headers on http requests. For example, `set HTTP_ACCEPT_LANGUAGE "en-CA"` will set the "Accept-Language" http header to the specified value. Of course, this applies to any future HTTP request. - The default value of a setting can be restored by setting its value to the magic string "%%DEFAULT%%", e.g: > set REQ_MAX_HEADERS %%DEFAULT%% NOTE: The 'set' operating scope is limited to the current phpsploit session. It means that persistant settings value changes must be defined by hand in the user configuration file. """ # `set [<PATTERN>]` display concerned settings list if len(argv) < 3: print(session.Conf((argv + [""])[1])) # buffer edit mode elif argv[2] == "+": # `set <VAR> +`: use $EDITOR as buffer viewer in file mode if len(argv) == 3: # get a buffer obj from setting's raw buffer value file_name = argv[1].upper() file_ext = "txt" setting_obj = session.Conf[argv[1]](call=False) if isinstance(setting_obj, datatypes.PhpCode): file_ext = "php" elif isinstance(setting_obj, datatypes.ShellCmd): file_ext = "sh" buffer = Path(filename="%s.%s" % (file_name, file_ext)) buffer.write(session.Conf[argv[1]].buffer) # try to edit it through $EDITOR, and update it # if it has been modified. if buffer.edit(): session.Conf[argv[1]] = buffer.read() # `set <VAR> + "value"`: add value on setting possible choices else: session.Conf[argv[1]] += " ".join(argv[3:]) # `set <VAR> "value"`: just change VAR's "value" else: session.Conf[argv[1]] = argv[2]
def do_info(argv): """Show configuration settings.""" string = (argv + [""])[1] print(session.Conf(string))