def test_kb_list_shells_rfi_port_scan_2181(self): """ :see: https://github.com/andresriancho/w3af/issues/2181 """ w3af_core = w3afCore() vuln = MockVuln() url = URL('http://moth/?a=1') freq = FuzzableRequest(url) exploit_mutant = QSMutant.create_mutants(freq, [''], [], False, {})[0] shell = PortScanShell(vuln, w3af_core.uri_opener, w3af_core.worker_pool, exploit_mutant) kb.append('a', 'b', shell) shells = kb.get_all_shells(w3af_core=w3af_core) self.assertEqual(len(shells), 1) unpickled_shell = shells[0] self.assertEqual(shell, unpickled_shell) self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener) self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool) self.assertEqual(unpickled_shell._exploit_mutant, exploit_mutant) w3af_core.quit()
def test_kb_list_shells_xpath_2181(self): """ :see: https://github.com/andresriancho/w3af/issues/2181 """ w3af_core = w3afCore() vuln = MockVuln() str_delim = '&' true_cond = '' use_difflib = False is_error_response = IsErrorResponse(vuln, w3af_core.uri_opener, use_difflib) shell = XPathReader(vuln, w3af_core.uri_opener, w3af_core.worker_pool, str_delim, true_cond, is_error_response) kb.append('a', 'b', shell) shells = kb.get_all_shells(w3af_core=w3af_core) self.assertEqual(len(shells), 1) unpickled_shell = shells[0] self.assertEqual(shell, unpickled_shell) self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener) self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool) self.assertEqual(unpickled_shell.STR_DELIM, shell.STR_DELIM) self.assertEqual(unpickled_shell.TRUE_COND, shell.TRUE_COND) self.assertEqual(unpickled_shell.is_error_resp.use_difflib, use_difflib) self.assertEqual(unpickled_shell.is_error_resp.url_opener, w3af_core.uri_opener) w3af_core.quit()
def executeCommand(self,shellId, command,params): shells = kb.get_all_shells() response = None for shell in shells: if shell.id == shellId and command is not None: response = shell.generic_user_input(command,params) if response is not None: print "[*] Response: %s" %(response) else: print "[-] No response received. Check the shell that you've entered. Exists?"
def listShells(self): shells = kb.get_all_shells() print "[*] List of shells." tableShells = PrettyTable(["Id","OS","System","User","System Name"]) for shell in shells: tableShells.add_row([shell.id, shell.get_remote_os(), shell.get_remote_system(), shell.get_remote_user(), shell.get_remote_system_name()]) print tableShells
def test_pickleable_shells_get_all(self): class FakeCore(object): worker_pool = Pool(1) uri_opener = ExtendedUrllib() core = FakeCore() original_shell = Shell(MockVuln(), core.uri_opener, core.worker_pool) kb.append('a', 'b', original_shell) unpickled_shell = list(kb.get_all_shells(core))[0] self.assertEqual(original_shell, unpickled_shell) self.assertEqual(unpickled_shell.worker_pool, core.worker_pool) self.assertEqual(unpickled_shell._uri_opener, core.uri_opener) core.worker_pool.terminate() core.worker_pool.join() core.uri_opener.end()
def test_kb_list_shells_file_upload_2181(self): """ :see: https://github.com/andresriancho/w3af/issues/2181 """ w3af_core = w3afCore() exploit_url = URL('http://w3af.org/') shell = FileUploadShell(MockVuln(), w3af_core.uri_opener, w3af_core.worker_pool, exploit_url) kb.append('a', 'b', shell) shells = kb.get_all_shells(w3af_core=w3af_core) self.assertEqual(len(shells), 1) unpickled_shell = shells[0] self.assertEqual(shell, unpickled_shell) self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener) self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool) self.assertEqual(unpickled_shell._exploit_url, shell._exploit_url) w3af_core.quit()
def test_kb_list_shells_os_commanding_2181(self): """ :see: https://github.com/andresriancho/w3af/issues/2181 """ w3af_core = w3afCore() vuln = MockVuln() vuln['separator'] = '&' vuln['os'] = 'linux' strategy = BasicExploitStrategy(vuln) shell = OSCommandingShell(strategy, w3af_core.uri_opener, w3af_core.worker_pool) kb.append('a', 'b', shell) shells = kb.get_all_shells(w3af_core=w3af_core) self.assertEqual(len(shells), 1) unpickled_shell = shells[0] self.assertEqual(shell, unpickled_shell) self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener) self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool) self.assertEqual(unpickled_shell.strategy.vuln, vuln) w3af_core.quit()
def test_kb_list_shells_file_read_2181(self): """ :see: https://github.com/andresriancho/w3af/issues/2181 """ w3af_core = w3afCore() header_len, footer_len = 1, 1 vuln = MockVuln() shell = FileReaderShell(vuln, w3af_core.uri_opener, w3af_core.worker_pool, header_len, footer_len) kb.append('a', 'b', shell) shells = kb.get_all_shells(w3af_core=w3af_core) self.assertEqual(len(shells), 1) unpickled_shell = shells[0] self.assertEqual(shell, unpickled_shell) self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener) self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool) self.assertEqual(unpickled_shell._header_length, shell._header_length) self.assertEqual(unpickled_shell._footer_length, shell._footer_length) w3af_core.quit()
def test_kb_list_shells_eval_2181(self): """ :see: https://github.com/andresriancho/w3af/issues/2181 """ w3af_core = w3afCore() shellcodes = get_shell_code('php', 'ls') shellcode_generator = shellcodes[0][2] shell = EvalShell(MockVuln(), w3af_core.uri_opener, w3af_core.worker_pool, shellcode_generator) kb.append('a', 'b', shell) shells = kb.get_all_shells(w3af_core=w3af_core) self.assertEqual(len(shells), 1) unpickled_shell = shells[0] self.assertEqual(shell, unpickled_shell) self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener) self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool) self.assertEqual(unpickled_shell.shellcode_generator.args, shell.shellcode_generator.args) w3af_core.quit()
def test_kb_list_shells_sqlmap_2181(self): """ Also very related with test_pickleable_shells :see: https://github.com/andresriancho/w3af/issues/2181 """ w3af_core = w3afCore() target = Target(URL('http://w3af.org/')) sqlmap_wrapper = SQLMapWrapper(target, w3af_core.uri_opener) sqlmap_shell = SQLMapShell(MockVuln(), w3af_core.uri_opener, w3af_core.worker_pool, sqlmap_wrapper) kb.append('a', 'b', sqlmap_shell) shells = kb.get_all_shells(w3af_core=w3af_core) self.assertEqual(len(shells), 1) unpickled_shell = shells[0] self.assertEqual(sqlmap_shell, unpickled_shell) self.assertIs(unpickled_shell._uri_opener, w3af_core.uri_opener) self.assertIs(unpickled_shell.worker_pool, w3af_core.worker_pool) self.assertIs(unpickled_shell.sqlmap.proxy._uri_opener, w3af_core.uri_opener) w3af_core.quit()
def test_kb_list_shells_empty(self): self.assertEqual(kb.get_all_shells(), [])