def exploit_common_file(url, extion, dirs=[]):
result = []
try:
dicts = []
standers = get_site_stander(url)
files_path = os.path.abspath(os.path.join(path, "../dict/files.txt"))
if len(dirs) == 1:
#如果dirs 只有一个目录,说明没有解析到其他路径,从common/dirs.txt中枚举 目录
dir_path = os.path.abspath(
os.path.join(path, "../dict/common/dirs.txt"))
with open(dir_path) as f:
commondirs = f.readlines()
f.close()
for i in commondirs:
dirs.append("/" + i.strip('\n'))
with open(files_path) as f:
files = f.readlines()
f.close()
for d in dirs:
for f in files:
f = f.strip('\n').format(extion)
if d:
dicts.append('/' + d + '/' + f)
else:
dicts.append('/' + f)
hand = fuzz(url, dicts, standers)
result = hand.scan()
except:
traceback.print_exc()
finally:
return result
def exploit_common_file(url, extion, dirs=[]):
result = []
try:
dicts = []
e = get_extion_by_sever(url)
extion = extion if extion != 'php' else e
standers = get_site_stander(url)
files_path = os.path.abspath(os.path.join(path, "../dict/files.txt"))
if len(dirs) == 1:
dir_path = os.path.abspath(
os.path.join(path, "../dict/common/dirs.txt"))
with open(dir_path) as f:
commondirs = f.readlines()
f.close()
print commondirs
for i in commondirs:
dirs.append(i.strip('\n'))
with open(files_path) as f:
files = f.readlines()
f.close()
for d in dirs:
for f in files:
f = f.strip('\n').format(extion)
dicts.append(d + '/' + f)
hand = fuzz(url, dicts, standers)
result = hand.scan()
except:
traceback.print_exc()
finally:
return result
def exploit_server_path(url):
result = []
try:
standers = get_site_stander(url)
r = _requests(url)
dicts = get_dict_by_server(r.headers)
if dicts:
hand = fuzz(url, dicts, standers)
result = hand.scan()
except:
traceback.print_exc()
finally:
return result
def exploit_directory_path(url, dirs=[]):
result = []
try:
standers = {"title": r"<title>([^<]*)"}
dir_path = os.path.abspath(
os.path.join(path, "../dict/common/dirs.txt"))
with open(dir_path) as f:
commondirs = f.readlines()
dicts = []
for i in dirs:
dicts.append("/" + i + '/')
for i in commondirs:
i = "/" + i.strip("\n") + '/'
dicts.append(i)
hand = fuzz(url, dicts, standers)
result = hand.scan()
except:
traceback.print_exc()
finally:
return result
def exploit_backup_path(url, dirs=[]):
result = []
try:
domain = urlparse.urlparse(url).netloc
standers = {
"Content-Type": [
"tmp", "old", "zip", "swp", "rar", "bak", "7z", "tar.gz",
"tar.bz2", "tar", "iso"
]
}
preffix_path = os.path.abspath(
os.path.join(path, "../dict/common/backup.preffixs"))
suffix_path = os.path.abspath(
os.path.join(path, "../dict/common/backup.suffixs"))
if len(dirs) == 1:
dir_path = os.path.abspath(
os.path.join(path, "../dict/common/dirs.txt"))
with open(dir_path) as f:
commondirs = f.readlines()
f.close()
for i in commondirs:
dirs.append(i.strip('\n'))
with open(preffix_path) as f:
preffixs = f.readlines()
f.close()
with open(suffix_path) as f:
suffixs = f.readlines()
f.close()
dicts = []
for d in dirs:
for p in preffixs:
p = p.strip('\n').format(domain)
for s in suffixs:
s = s.strip('\n')
dicts.append(d + '/' + p + s)
hand = fuzz(url, dicts, standers)
result = hand.scan()
except:
traceback.print_exc()
finally:
return result
def run_parsed_arguments(args):
# Process arguments
config.args = args
action = config.args.action
# Split submissions and testcases for 'run'.
if action == 'run':
if config.args.submissions:
config.args.submissions, config.args.testcases = split_submissions_and_testcases(
config.args.submissions)
else:
config.args.testcases = []
# Split submissions and testcases for 'fuzz'.
if action == 'fuzz':
if config.args.testcases:
config.args.submissions, config.args.testcases = split_submissions_and_testcases(
config.args.testcases)
else:
config.args.submissions = []
# Skel commands.
if action in ['new_contest']:
skel.new_contest(config.args.contestname)
return
if action in ['new_problem']:
skel.new_problem()
return
# Get problem_paths and cd to contest
problems, level, contest, tmpdir = get_problems()
# Check for incompatible actions at the problem/problemset level.
if level != 'problem':
if action == 'generate':
fatal('Generating testcases only works for a single problem.')
if action == 'test':
fatal('Testing a submission only works for a single problem.')
if action == 'skel':
fatal('Copying skel directories only works for a single problem.')
# 'submissions' and 'testcases' are only allowed at the problem level, and only when --problem is not specified.
if level != 'problem' or config.args.problem is not None:
if hasattr(config.args, 'submissions') and config.args.submissions:
fatal(
'Passing in a list of submissions only works when running from a problem directory.'
)
if hasattr(config.args, 'testcases') and config.args.testcases:
fatal(
'Passing in a list of testcases only works when running from a problem directory.'
)
if (action != 'generate' and hasattr(config.args, 'testcases')
and config.args.testcases and hasattr(config.args, 'samples')
and config.args.samples):
fatal(
'--samples can not go together with an explicit list of testcases.'
)
if hasattr(config.args, 'move_manual') and config.args.move_manual:
# Path *must* be inside generators/.
try:
config.args.move_manual = (problems[0].path /
config.args.move_manual).resolve()
config.args.move_manual.relative_to(problems[0].path.resolve() /
'generators')
except Exception as e:
fatal('Directory given to move_manual must be inside generators/.')
config.args.add_manual = True
# Handle one-off subcommands.
if action == 'tmp':
if level == 'problem':
level_tmpdir = tmpdir / problems[0].name
else:
level_tmpdir = tmpdir
if config.args.clean:
log(f'Deleting {tmpdir}!')
if level_tmpdir.is_dir():
shutil.rmtree(level_tmpdir)
if level_tmpdir.is_file():
level_tmpdir.unlink()
else:
print(level_tmpdir)
return
if action in ['stats']:
stats.stats(problems)
return
if action == 'sort':
print_sorted(problems)
return
if action in ['samplezip']:
export.build_samples_zip(problems)
return
if action == 'gitlabci':
skel.create_gitlab_jobs(contest, problems)
return
if action == 'skel':
skel.copy_skel_dir(problems)
return
problem_zips = []
success = True
for problem in problems:
if (level == 'problemset' and action == 'pdf'
and not (hasattr(config.args, 'all') and config.args.all)):
continue
print(Style.BRIGHT,
'PROBLEM ',
problem.name,
Style.RESET_ALL,
sep='',
file=sys.stderr)
# TODO: Remove usages of settings.
settings = problem.settings
if action in ['generate']:
success &= generate.generate(problem)
if action in ['all', 'constraints', 'run'
] and not getattr(config.args, 'no_generate', False):
# Call `generate` with modified arguments.
old_args = argparse.Namespace(**vars(config.args))
config.args.check_deterministic = action in ['all', 'constraints']
config.args.jobs = 4
config.args.add_manual = False
config.args.move_manual = False
config.args.verbose = 0
if not hasattr(config.args, 'testcases'):
config.args.testcases = None
if not hasattr(config.args, 'force'):
config.args.force = False
success &= generate.generate(problem)
config.args = old_args
if action in ['fuzz']:
success &= fuzz.fuzz(problem)
if action in ['pdf', 'all']:
# only build the pdf on the problem level, or on the contest level when
# --all is passed.
if level == 'problem' or (level == 'problemset' and hasattr(
config.args, 'all') and config.args.all):
success &= latex.build_problem_pdf(problem)
if action in ['solutions']:
if level == 'problem':
success &= latex.build_problem_pdf(problem, solutions=True)
if action in ['validate', 'input', 'all']:
success &= problem.validate_format('input_format')
if action in ['validate', 'output', 'all']:
success &= problem.validate_format('output_format')
if action in ['run', 'all']:
success &= problem.run_submissions()
if action in ['test']:
config.args.no_bar = True
success &= problem.test_submissions()
if action in ['constraints']:
success &= constraints.check_constraints(problem, settings)
if action in ['zip']:
# For DOMjudge: export to A.zip
output = problem.label + '.zip'
# For Kattis: export to shortname.zip
if hasattr(config.args, 'kattis') and config.args.kattis:
output = problem.path.with_suffix('.zip')
problem_zips.append(output)
if not config.args.skip:
# Set up arguments for generate.
old_args = argparse.Namespace(**vars(config.args))
config.args.check_deterministic = False if config.args.force else True
config.args.jobs = 4
config.args.add_manual = False
config.args.move_manual = False
config.args.verbose = 0
config.args.testcases = None
config.args.force = False
success &= generate.generate(problem)
config.args = old_args
success &= latex.build_problem_pdf(problem)
if not config.args.force:
success &= problem.validate_format('input_format',
constraints={})
success &= problem.validate_format('output_format',
constraints={})
# Write to problemname.zip, where we strip all non-alphanumeric from the
# problem directory name.
success &= export.build_problem_zip(problem, output, settings)
if action in ['clean'] or (action in ['all'] and config.args.clean):
if not hasattr(config.args, 'force'):
config.args.force = False
success &= generate.clean(problem)
if len(problems) > 1:
print(file=sys.stderr)
if level == 'problemset':
print(f'{Style.BRIGHT}CONTEST {contest}{Style.RESET_ALL}',
file=sys.stderr)
# build pdf for the entire contest
if action in ['pdf']:
success &= latex.build_contest_pdf(contest,
problems,
tmpdir,
web=config.args.web)
if action in ['solutions']:
success &= latex.build_contest_pdf(contest,
problems,
tmpdir,
solutions=True,
web=config.args.web)
if action in ['zip']:
if not config.args.kattis:
success &= latex.build_contest_pdf(contest, problems, tmpdir)
success &= latex.build_contest_pdf(contest,
problems,
tmpdir,
web=True)
if not config.args.no_solutions:
success &= latex.build_contest_pdf(contest,
problems,
tmpdir,
solutions=True)
success &= latex.build_contest_pdf(contest,
problems,
tmpdir,
solutions=True,
web=True)
outfile = contest + '.zip'
if config.args.kattis:
outfile = contest + '-kattis.zip'
export.build_contest_zip(problems, problem_zips, outfile,
config.args)
if not success or config.n_error > 0 or config.n_warn > 0:
sys.exit(1)
def execute(self, **kwargs):
if "data" in kwargs:
data = kwargs["data"]
else:
return ""
return fuzz.fuzz(data,self.bfp,self.bip)
def execute(self, **kwargs):
if "data" in kwargs:
data = kwargs["data"]
else:
return ""
return fuzz.fuzz(data, self.bfp, self.bip)
def Fuzzer():
ret = 0
incrementedrepeat = 0
mutatedcharacter = ''
asciicounter = 0
asciiend = 0
fileiocounter = 0
mutatedasciivalue = 0
mutatedasciihex = 0
FZ = fuzz()
#This section is responsible for mutating the payload to rotate with the ASCII table
#You can select all ASCII values, alphanumic or just the alphabet
if (AP.mutate=='asciistd' or AP.mutate=='asciialphanum' or AP.mutate=='asciialpha' or AP.mutate =='asciiext'):
if AP.mutate =='asciistd':
asciicounter=0
asciiend=127
elif AP.mutate=='asciialphanum':
asciicounter=48
asciiend=122
elif AP.mutate =='asciialpha':
asciicounter=65
asciiend=122
else:
asciicounter=0
asciiend=254
mutatedcharacter = chr(asciicounter)
mutatedasciivalue = ord(mutatedcharacter)
mutatedasciihex = hex(asciicounter)
print 'Mutating character to ASCII DEC %d HEX %s STR %s' %(asciicounter, mutatedasciihex, repr(mutatedcharacter))
while (asciicounter <= asciiend):
if AP.repeatincrement > 1:
incrementedrepeat += AP.repeatincrement
while (incrementedrepeat <= AP.repeat):
if AP.protocol != 'HTTP':
AP.payload = FZ.CompileFuzz(AP.command, mutatedcharacter, AP.repeat, AP.repeatatonce, incrementedrepeat, AP.fileobject)
ret = FZ.ExecuteFuzz(AP.target, AP.port, AP.protocol, AP.un, AP.pw, AP.payload, AP.fileobject)
if ret != 0:
print 'Connection has been terminated'
return -1
incrementedrepeat += AP.repeatincrement
incrementedrepeat = 0
else:
if AP.protocol != 'HTTP':
AP.payload = FZ.CompileFuzz(AP.command, mutatedcharacter, AP.repeat, AP.repeatatonce, AP.repeatincrement, AP.fileobject)
ret = FZ.ExecuteFuzz(AP.target, AP.port, AP.protocol, AP.un, AP.pw, AP.payload, AP.fileobject)
asciicounter = asciicounter + 1
if asciicounter < asciiend:
mutatedcharacter = chr(asciicounter)
mutatedasciivalue = ord(mutatedcharacter)
mutatedasciihex = hex(asciicounter)
print 'Mutating character to ASCII DEC %d HEX %s STR %s' %(asciicounter, mutatedasciihex, mutatedcharacter)
else:
if AP.repeatincrement > 1 and AP.repeat > 0:
incrementedrepeat += AP.repeatincrement
while (incrementedrepeat <= AP.repeat):
if AP.protocol != 'HTTP':
AP.payload = FZ.CompileFuzz(AP.command, AP.character, AP.repeat, AP.repeatatonce, incrementedrepeat, AP.fileobject)
ret = FZ.ExecuteFuzz(AP.target, AP.port, AP.protocol, AP.un, AP.pw, AP.payload, AP.fileobject)
if ret != 0:
print 'Connection has been terminated'
return -1
incrementedrepeat += AP.repeatincrement
else:
if AP.protocol != 'HTTP':
AP.payload = FZ.CompileFuzz(AP.command, AP.character, AP.repeat, AP.repeatatonce, AP.repeatincrement, AP.fileobject)
ret = FZ.ExecuteFuzz(AP.target, AP.port, AP.protocol, AP.un, AP.pw, AP.payload, AP.fileobject)
return ret
