Skip to content
Permalink
Browse files

Apply watchdog to filePointer

  • Loading branch information...
qazbnm456 committed Jun 27, 2016
1 parent af12502 commit 6efef577eb9445effe2663f920fe381647958e93
@@ -0,0 +1,63 @@
{
"version": "0.2.0",
"configurations": [
{
"name": "Python",
"type": "python",
"request": "launch",
"stopOnEntry": true,
"program": "${file}",
"debugOptions": [
"WaitOnAbnormalExit",
"WaitOnNormalExit",
"RedirectOutput"
]
},
{
"name": "Python Console App",
"type": "python",
"request": "launch",
"stopOnEntry": true,
"program": "${file}",
"externalConsole": true,
"debugOptions": [
"WaitOnAbnormalExit",
"WaitOnNormalExit"
]
},
{
"name": "Django",
"type": "python",
"request": "launch",
"stopOnEntry": true,
"program": "${workspaceRoot}/manage.py",
"args": [
"runserver",
"--noreload"
],
"debugOptions": [
"WaitOnAbnormalExit",
"WaitOnNormalExit",
"RedirectOutput",
"DjangoDebugging"
]
},
{
"name": "Watson",
"type": "python",
"request": "launch",
"stopOnEntry": true,
"program": "${workspaceRoot}/console.py",
"args": [
"dev",
"runserver",
"--noreload=True"
],
"debugOptions": [
"WaitOnAbnormalExit",
"WaitOnNormalExit",
"RedirectOutput"
]
}
]
}
@@ -19,7 +19,7 @@
from urllib.parse import urlencode

from docker import Client
from docker.errors import APIError
from docker.errors import APIError, NullResource

global client, ctr
web.host = None
@@ -122,14 +122,14 @@ def enter_shell(gen):
gen.parse("set theme = startbootstrap-agency-1.0.6")
gen.parse("set expose = 80")
gen.parse("set modules = +unfilter")
Logger.logInfo("VWGen ready (press Ctrl+D to end input)")
Logger.logInfo("VWGen ready (press Ctrl+C to end input)")
while True:
print ">",
result = gen.parse(sys.stdin.readline())
if result is not None:
Logger.logSuccess(result)
else:
sys.exit(0)
Logger.logError("Unreconized keyword!")


parent_dir = os.path.abspath(os.path.join(
@@ -201,7 +201,7 @@ def __initAttacks(self):
for mod_name in attack.modules:
mod = __import__("core.attack." + mod_name,
fromlist=attack.modules)
mod_instance = getattr(mod, mod_name)()
mod_instance = getattr(mod, mod_name)(web.fp)

self.attacks.append(mod_instance)
self.attacks.sort(lambda a, b: a.PRIORITY - b.PRIORITY)
@@ -225,7 +225,7 @@ def __initAttacks(self):
module = module[1:]
if module == "all":
for attack_module in self.attacks:
if attack_module.name in attack.lists:
if attack_module.name in attack.modules:
attack_module.doReturn = False
else:
found = False
@@ -413,7 +413,7 @@ def parse(self, arg):
Logger.logSuccess("[*] unset A")
break
if case('show'):
Logger.logSuccess("[*] show [modules, infos]")
Logger.logSuccess("[*] show [modules, themes, infos]")
break
if case():
Logger.logSuccess("[*] help [set, unset, show]")
@@ -439,10 +439,20 @@ def parse(self, arg):
u", ".join(attack.themes)))
break
if case('infos'):
self.showInfos()
Logger.logSuccess("Backend: {0}".format(self.backend))
Logger.logSuccess("Dbms: {0}".format(self.dbms))
Logger.logSuccess("Theme: {0}".format(self.theme))
Logger.logSuccess(
"Expose Port: {0}".format(self.expose))
Logger.logSuccess(
"Color: {0}".format(str(bool(self.color))))
Logger.logSuccess("Verbose: {0}".format(
str(bool(self.verbose))))
Logger.logSuccess("Craft: {0}".format(self.craft))
Logger.logSuccess("Modules: {0}".format(self.modules))
break
if case():
Logger.logSuccess("[*] show [modules, infos]")
Logger.logSuccess("[*] show [modules, themes, infos]")
return True
elif arg.startswith("start"):
self.start()
@@ -452,7 +462,6 @@ def parse(self, arg):
return True

def start(self):
self._index__initThemeEnv()
[folder, path] = self.generate()
web.path = path
if web.payloads is not None:
@@ -596,20 +605,28 @@ def start(self):
gen.setExpose(options.expose)
gen.setModules(options.modules)
gen.setCraft(options.craft)
gen._index__initThemeEnv()

gen.start()
except (KeyboardInterrupt, SystemExit, RuntimeError):
Logger.logInfo("[INFO] See you next time.")
except APIError as e:
Logger.logError("\n" + "[ERROR] " + str(e.explanation))
Logger.logInfo("\n[INFO] Taking you to safely leave the program.")
finally:
try:
web.fp.rmtree(web.path)
web.client.remove_container(
web.db_ctr, force=True) if web.db_ctr is not None else None
web.client.remove_container(web.ctr, force=True)
except (TypeError, NullResource):
pass
except APIError as e:
Logger.logError("\n" + "[ERROR] " + str(e.explanation))
web.fp.observer.start()
try:
gen.start()
except (KeyboardInterrupt, SystemExit, RuntimeError):
Logger.logInfo("[INFO] See you next time.")
except APIError as e:
Logger.logError("\n" + "[ERROR] " + str(e.explanation))
Logger.logInfo(
"\n[INFO] Taking you to safely leave the program.")
finally:
web.fp.observer.stop()
web.fp.observer.join()
try:
web.fp.rmtree(web.path)
web.client.remove_container(
web.db_ctr, force=True) if web.db_ctr is not None else None
web.client.remove_container(web.ctr, force=True)
except (TypeError, NullResource):
pass
except APIError as e:
Logger.logError("\n" + "[ERROR] " + str(e.explanation))
except KeyboardInterrupt:
pass
@@ -69,7 +69,7 @@ class Attack(object):
# The priority of the module, from 0 (first) to 10 (last). Default is 5
PRIORITY = 5

def __init__(self):
def __init__(self, fp=None):
self.color = 0
self.verbose = 0
self.craft = None
@@ -79,7 +79,8 @@ def __init__(self):
# Must be left empty in the code
self.deps = []

self.fp = fp.filePointer()
if fp is not None:
self.fp = fp

def setColor(self):
self.color = 1
@@ -45,8 +45,8 @@ class mod_crlf(Attack):
require = ["unfilter"]
PRIORITY = 4

def __init__(self):
Attack.__init__(self)
def __init__(self, fp=None):
Attack.__init__(self, fp)
self.fd = open(os.path.join(self.CONFIG_DIR,
self.name, self.CONFIG_FILE), "r+")
self.payloads = json.load(self.fd)
@@ -45,8 +45,8 @@ class mod_exec(Attack):
require = ["expand", "unfilter"]
PRIORITY = 3

def __init__(self):
Attack.__init__(self)
def __init__(self, fp=None):
Attack.__init__(self, fp)
self.fd = open(os.path.join(self.CONFIG_DIR,
self.name, self.CONFIG_FILE), "r+")
self.payloads = json.load(self.fd)
@@ -46,8 +46,8 @@ class mod_expand(Attack):
require = []
PRIORITY = 4

def __init__(self):
Attack.__init__(self)
def __init__(self, fp=None):
Attack.__init__(self, fp)
self.fd = open(os.path.join(self.CONFIG_DIR,
self.name, self.CONFIG_FILE), "r+")
self.payloads = json.load(self.fd)
@@ -45,8 +45,8 @@ class mod_lfi(Attack):
require = ["unfilter"]
PRIORITY = 4

def __init__(self):
Attack.__init__(self)
def __init__(self, fp=None):
Attack.__init__(self, fp)
self.fd = open(os.path.join(self.CONFIG_DIR,
self.name, self.CONFIG_FILE), "r+")
self.payloads = json.load(self.fd)
@@ -65,9 +65,9 @@ def generateHandler(self, tree_node=None, o=None, elem=None):
def doJob(self, http_res, backend, dbms, parent=None):
"""This method do a Job."""
try:
self.settings['lficonfig'] = self.findRequireFiles(backend, dbms)
self.settings = self.generate_payloads(
self.settings['html'], parent=parent)
self.settings['lficonfig'] = self.findRequireFiles(backend, dbms)

if self.settings['key'] is not None:
for index, _ in enumerate(self.settings['key']):
@@ -202,7 +202,6 @@ def generate_payloads(self, html_code, parent=None):

self.settings['html'] = "\n".join(o)

self.settings['lficonfig'] = ""
return self.settings

def final(self, target_dir):
@@ -45,8 +45,8 @@ class mod_nosqli(Attack):
require = ["unfilter"]
PRIORITY = 4

def __init__(self):
Attack.__init__(self)
def __init__(self, fp=None):
Attack.__init__(self, fp)
self.fd = open(os.path.join(self.CONFIG_DIR,
self.name, self.CONFIG_FILE), "r+")
self.payloads = json.load(self.fd)
@@ -57,18 +57,18 @@ def findRequireFiles(self, backend, dbms):
def generateHandler(self, tree_node=None, o=None, elem=None):
if elem['type'] != "attrval":
o[int(elem['lineno']) - 1] = re.sub(r'(.*)<{0}>(.*)</{0}>(.*)'.format(elem['identifier']), lambda m: "{0}{1}{2}".format(m.group(
1), self.payloads['payloads'][self.index]['vector'].replace('{0}', m.group(2)), m.group(3)), o[int(elem['lineno']) - 1], flags=re.IGNORECASE)
1), self.payloads['payloads'][self.index]['vector'].replace('{1}', m.group(2)).format(self.settings['dbconfig']), m.group(3)), o[int(elem['lineno']) - 1], flags=re.IGNORECASE)
else:
o[int(elem['lineno']) - 1] = re.sub(r'(.*)#+<{0}>(.*)</{0}>(.*)'.format(elem['identifier']), lambda m: "{0}{1}{2}".format(m.group(
1), self.payloads['payloads'][self.index]['vector'].replace('{0}', m.group(2)), m.group(3)), o[int(elem['lineno']) - 1], flags=re.IGNORECASE)
1), self.payloads['payloads'][self.index]['vector'].replace('{1}', m.group(2)).format(self.settings['dbconfig']), m.group(3)), o[int(elem['lineno']) - 1], flags=re.IGNORECASE)

def doJob(self, http_res, backend, dbms, parent=None):
"""This method do a Job."""
try:
self.settings['dbconfig'] = self.findRequireFiles(backend, dbms)
self.settings = self.generate_payloads(
self.settings['html'], parent=parent)
self.settings['dbconfig'] = self.findRequireFiles(backend, dbms)
except:
except KeyError:
self.logR("ERROR!! You might forget to set DBMS variable.")
sys.exit(0)

@@ -185,7 +185,6 @@ def generate_payloads(self, html_code, parent=None):

self.settings['html'] = "\n".join(o)

self.settings['dbconfig'] = ""
return self.settings

def final(self, target_dir):
@@ -45,8 +45,8 @@ class mod_sqli(Attack):
require = ["unfilter"]
PRIORITY = 4

def __init__(self):
Attack.__init__(self)
def __init__(self, fp=None):
Attack.__init__(self, fp)
self.fd = open(os.path.join(self.CONFIG_DIR,
self.name, self.CONFIG_FILE), "r+")
self.payloads = json.load(self.fd)
@@ -57,18 +57,18 @@ def findRequireFiles(self, backend, dbms):
def generateHandler(self, tree_node=None, o=None, elem=None):
if elem['type'] != "attrval":
o[int(elem['lineno']) - 1] = re.sub(r'(.*)<{0}>(.*)</{0}>(.*)'.format(elem['identifier']), lambda m: "{0}{1}{2}".format(m.group(
1), self.payloads['payloads'][self.index]['vector'].replace('{0}', m.group(2)), m.group(3)), o[int(elem['lineno']) - 1], flags=re.IGNORECASE)
1), self.payloads['payloads'][self.index]['vector'].replace('{1}', m.group(2)).format(self.settings['dbconfig']), m.group(3)), o[int(elem['lineno']) - 1], flags=re.IGNORECASE)
else:
o[int(elem['lineno']) - 1] = re.sub(r'(.*)#+<{0}>(.*)</{0}>(.*)'.format(elem['identifier']), lambda m: "{0}{1}{2}".format(m.group(
1), self.payloads['payloads'][self.index]['vector'].replace('{0}', m.group(2)), m.group(3)), o[int(elem['lineno']) - 1], flags=re.IGNORECASE)
1), self.payloads['payloads'][self.index]['vector'].replace('{1}', m.group(2)).format(self.settings['dbconfig']), m.group(3)), o[int(elem['lineno']) - 1], flags=re.IGNORECASE)

def doJob(self, http_res, backend, dbms, parent=None):
"""This method do a Job."""
try:
self.settings['dbconfig'] = self.findRequireFiles(backend, dbms)
self.settings = self.generate_payloads(
self.settings['html'], parent=parent)
self.settings['dbconfig'] = self.findRequireFiles(backend, dbms)
except:
except KeyError:
self.logR("ERROR!! You might forget to set DBMS variable.")
sys.exit(0)

@@ -185,7 +185,6 @@ def generate_payloads(self, html_code, parent=None):

self.settings['html'] = "\n".join(o)

self.settings['dbconfig'] = ""
return self.settings

def final(self, target_dir):
@@ -45,8 +45,8 @@ class mod_unfilter(Attack):
require = []
PRIORITY = 5

def __init__(self):
Attack.__init__(self)
def __init__(self, fp=None):
Attack.__init__(self, fp)
self.fd = open(os.path.join(self.CONFIG_DIR,
self.name, self.CONFIG_FILE), "r+")
self.payloads = json.load(self.fd)
@@ -5,15 +5,15 @@
"payloads" : [
{
"type" : "array-binding query",
"vector" : "<?= $cUsers->findOne(array('last_name' => {0}))['last_name']; ?>"
"vector" : "<?= require_once('{0}'); $cUsers->findOne(array('last_name' => {0}))['last_name']; ?>"
},
{
"type" : "JS function",
"vector" : "<?php $inject = {0}; $condition = \"var data = db.users.findOne({ 'last_name': '$inject' }); return data;\"; $data = $db->execute($condition); echo $data['retval']['last_name']; ?>"
"vector" : "<?php require_once('{0}'); $inject = {0}; $condition = \"var data = db.users.findOne({ 'last_name': '$inject' }); return data;\"; $data = $db->execute($condition); echo $data['retval']['last_name']; ?>"
},
{
"type" : "JS function with $where",
"vector" : "<?php $inject = {0}; $condition = \"function() { if(this.last_name == '$inject') return true; }\"; $data = $cUsers->findOne(array('$where' => $condition)); echo $data['last_name']; ?>"
"vector" : "<?php require_once('{0}'); $inject = {0}; $condition = \"function() { if(this.last_name == '$inject') return true; }\"; $data = $cUsers->findOne(array('$where' => $condition)); echo $data['last_name']; ?>"
}
]
}
Oops, something went wrong.

0 comments on commit 6efef57

Please sign in to comment.
You can’t perform that action at this time.