Пример #1
0
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    print("[*] Testing IGS ZIPPER interpreter on %s:%d" % (options.remote_host,
                                                           options.remote_port))
    # open input file
    try:
        with open(options.file_input, 'rb') as f:
            file_input_content=f.read()
    except IOError:
        print("[!] Error reading %s file." % options.file_input)
        exit(2)

    # Initiate the connection
    conn = SAPRoutedStreamSocket.get_nisocket(options.remote_host,
                                              options.remote_port,
                                              options.route_string,
                                              base_cls=SAPIGS)

    # the xml request for zipper interpreter 
    xml = '<?xml version="1.0"?><REQUEST><COMPRESS type="zip"><FILES>'
    xml += '<FILE name="{}" '.format(options.file_input)
    xml += 'path="{}" '.format(options.file_path)
    xml += 'size="{}"/>'.format(len(file_input_content))
    xml += '</FILES></COMPRESS></REQUEST>'

    # create tables descriptions
    # table with xml content
    table_xml = SAPIGSTable.add_entry('XMLDESC', 1, len(xml), 1,
                                      'XMLDESC', len(xml)
                                      )
    # table with file content
    table_file = SAPIGSTable.add_entry('FILE1', 1, len(file_input_content), 1,
                                       'FILE1', len(file_input_content)
                                       )

    # get the futur offset where table entries begin
    offset = (len(table_xml) + len(table_file))

    # filling tables 
    content_xml = xml
    content_file = file_input_content

    # total size of packet
    # total_size need to be a multiple of 1024
    total_size = offset + 244 # 244 IGS header size
    total_size += 1023
    total_size -= (total_size % 1024)

    # Put all together
    p = SAPIGS(function='ZIPPER', listener='L', offset_content=str(offset), packet_size=str(total_size))
    p = p / table_xml / table_file / content_xml / content_file

    # Send the IGS packet
    print("[*] Send %s to ZIPPER interpreter..." % options.file_input)
    conn.send(p)
    print("[*] File sent.")
Пример #2
0
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    # Open image to convert
    try:
        with open(options.input_image, "rb") as f:
            image = f.read()
    except IOError:
        print("Error reading image file !")
        exit(0)

    print("[*] Testing IGS IMGCONV on http://%s:%d" %
          (options.remote_host, options.remote_port))

    # Initiate the connection
    conn = SAPRoutedStreamSocket.get_nisocket(
        options.remote_host,
        options.remote_port,
        options.route_string,
        talk_mode=ROUTER_TALK_MODE_NI_RAW_IO)

    # XML file request
    # JPEG to PNG size 100x100
    xml = '''<?xml version="1.0" encoding="UTF-8"?>
    <IMAGE>
      <WIDTH>100</WIDTH>
      <HEIGTH>100</HEIGTH>
      <INPUT>image/jpeg</INPUT>
      <OUTPUT>image/png</OUTPUT>
    </IMAGE>
    '''

    # build http packet
    files = {"xml": ("xml", xml), "img": ("img", image)}
    p = SAPIGS.http(options.remote_host, options.remote_port, 'IMGCONV', files)

    # Send request
    print("[*] Send packet to IGS...")
    conn.send(p)
    print("[*] Response :")
    response = conn.recv()
    response.show()

    # Extract picture url from response
    print("[*] Generated file(s) :")
    for url in str(response).split('href='):
        if "output" in url:
            print(
                "http://%s:%d%s" %
                (options.remote_host, options.remote_port, url.split('"')[1]))
Пример #3
0
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    print("[*] Testing IGS ZIPPER interpreter on %s:%d" %
          (options.remote_host, options.remote_port))
    # open input file
    try:
        with open(options.file_input, 'rb') as f:
            file_input_content = f.read()
    except IOError:
        print("[!] Error reading %s file." % options.file_input)
        exit(2)

    # Initiate the connection
    conn = SAPRoutedStreamSocket.get_nisocket(
        options.remote_host,
        options.remote_port,
        options.route_string,
        talk_mode=ROUTER_TALK_MODE_NI_RAW_IO)

    # the xml request for zipper interpreter
    xml = '<?xml version="1.0"?><REQUEST><COMPRESS type="zip"><FILES>'
    xml += '<FILE name="%s" ' % (options.file_input)
    xml += 'path="%s" ' % (options.file_path)
    xml += 'size="%s"/>' % (len(file_input_content))
    xml += '</FILES></COMPRESS></REQEST>'

    # http request type multipart/form-data
    files = {"xml": ("xml", xml), "zipme": ("zipme", file_input_content)}
    p = SAPIGS.http(options.remote_host, options.remote_port, 'ZIPPER', files)

    # Send/Receive request
    print("[*] Send %s to ZIPPER interpreter..." % options.file_input)
    conn.send(p)
    print("[*] Response :")
    response = conn.recv(1024)
    response.show()

    # Extract zip from response
    print("[*] Generated file(s) :")
    for url in str(response).split('href='):
        if "output" in url:
            print(
                "http://%s:%d%s" %
                (options.remote_host, options.remote_port, url.split('"')[1]))
Пример #4
0
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    print("[*] Testing IGS ZIPPER interpreter on %s:%d" % (options.remote_host,
                                                           options.remote_port))
    # open input file
    try:
        with open(options.file_input, 'rb') as f:
            file_input_content = f.read()
    except IOError:
        print("[!] Error reading %s file." % options.file_input)
        exit(2)

    # Initiate the connection
    conn = SAPRoutedStreamSocket.get_nisocket(options.remote_host,
                                              options.remote_port,
                                              options.route_string,
                                              talk_mode=1)

    # the xml request for zipper interpreter
    xml = '<?xml version="1.0"?><REQUEST><COMPRESS type="zip"><FILES>'
    xml += '<FILE name="%s" ' % (options.file_input)
    xml += 'path="%s" ' % (options.file_path)
    xml += 'size="%s"/>' % (len(file_input_content))
    xml += '</FILES></COMPRESS></REQEST>'

    # http request type multipart/form-data
    files = {"xml": ("xml", xml), "zipme": ("zipme", file_input_content)}
    p = SAPIGS.http(options.remote_host, options.remote_port, 'ZIPPER', files)

    # Send/Receive request
    print("[*] Send %s to ZIPPER interpreter..." % options.file_input)
    conn.send(p)
    print("[*] Response :")
    response = conn.recv(1024)
    response.show()

    # Extract zip from response
    print("[*] Generated file(s) :")
    for url in str(response).split('href='):
        if "output" in url:
            print("http://%s:%d%s" % (options.remote_host,
                                      options.remote_port,
                                      url.split('"')[1]))
Пример #5
0
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    print("[*] Testing XXE over IGS XMLCHART on http://%s:%d" %
          (options.remote_host, options.remote_port))

    # Initiate the connection
    conn = SAPRoutedStreamSocket.get_nisocket(
        options.remote_host,
        options.remote_port,
        options.route_string,
        talk_mode=ROUTER_TALK_MODE_NI_RAW_IO)

    # XML Data content
    data = '''<?xml version="1.0" encoding="utf-8"?>
              <ChartData>
                <Categories>
                  <Category>Fus Ro Dah</Category>
                </Categories>
                <Series label="bla">
                  <Point><Value type="y">42</Value></Point>
                </Series>
              </ChartData>'''

    # http POST request type multipart/form-data
    files = {'data': ('data', data)}
    p = SAPIGS.http(options.remote_host, options.remote_port, 'XMLCHART',
                    files)

    # Send/Receive request
    print("[*] Send request to IGS...")
    conn.send(p)
    print("[*] Response :")
    response = conn.recv(1024)
    response.show()

    # Extract picture from response
    print("[*] Generated file(s) :")
    for url in str(response).split('href='):
        if "output" in url:
            print(
                "http://%s:%d%s" %
                (options.remote_host, options.remote_port, url.split('"')[1]))
Пример #6
0
def main():
    options = parse_options()

    if options.verbose:
        logging.basicConfig(level=logging.DEBUG)

    print("[*] Testing XXE over IGS XMLCHART on http://%s:%d" % (options.remote_host,
                                                                 options.remote_port))

    # Initiate the connection
    conn = SAPRoutedStreamSocket.get_nisocket(options.remote_host,
                                              options.remote_port,
                                              options.route_string,
                                              talk_mode=1)

    # XML Data content
    data = '''<?xml version="1.0" encoding="utf-8"?>
              <ChartData>
                <Categories>
                  <Category>Fus Ro Dah</Category>
                </Categories>
                <Series label="bla">
                  <Point><Value type="y">42</Value></Point>
                </Series>
              </ChartData>'''

    # http POST request type multipart/form-data
    files = {'data': ('data', data)}
    p = SAPIGS.http(options.remote_host, options.remote_port, 'XMLCHART', files)

    # Send/Receive request
    print("[*] Send request to IGS...")
    conn.send(p)
    print("[*] Response :")
    response = conn.recv(1024)
    response.show()

    # Extract picture from response
    print("[*] Generated file(s) :")
    for url in str(response).split('href='):
        if "output" in url:
            print("http://%s:%d%s" % (options.remote_host,
                                      options.remote_port,
                                      url.split('"')[1]))