1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
from tests.base_test import BaseTest
from core.weexceptions import ArgparseError
from core.vectors import PhpCode
from core.vectors import Os
from core import modules
from core.sessions import SessionURL
from core import messages
import logging
import os
class SystemInfo(BaseTest):
def setUp(self):
self.session = SessionURL(self.url, self.password, volatile = True)
modules.load_modules(self.session)
self.run_argv = modules.loaded['shell_sh'].run_argv
def _spoil_vectors_but(self, vector_safe_name):
# Spoil all the module sessions but the safe one
for i in range(0, len(modules.loaded['shell_sh'].vectors)):
name = modules.loaded['shell_sh'].vectors[i].name
payload = modules.loaded['shell_sh'].vectors[i].arguments[0]
if name != vector_safe_name:
modules.loaded['shell_sh'].vectors[i] = PhpCode('\'"%s' % payload, name)
def test_run_unless(self):
vector_safe_name = 'proc_open'
self._spoil_vectors_but(vector_safe_name)
# Check correctness of execution
self.assertEqual(self.run_argv(["echo -n 1"]), "1");
# Check stored vector
self.assertEqual(self.session['shell_sh']['stored_args']['vector'], vector_safe_name)
def test_param_vector(self):
vector_safe_name = 'proc_open'
# Check correctness of execution
self.assertEqual(self.run_argv(["-vector", vector_safe_name, "echo -n 1"]), "1");
# Check stored vector
self.assertEqual(self.session['shell_sh']['stored_args']['vector'], vector_safe_name)
def test_vector_one_os(self):
bogus_vector = 'bogus_win'
# Add a bogus Os.WIN vector
modules.loaded['shell_sh'].vectors.append(PhpCode("echo(1);", name=bogus_vector, target=Os.WIN))
# Check if called forced the bogusv vector name, returns Null
self.assertRaises(ArgparseError, self.run_argv, ["-vector", bogus_vector, "echo 1"]);
def test_vector_all_os(self):
bogus_vector = 'bogus_win'
# Add a bogus Os.WIN vector
modules.loaded['shell_sh'].vectors.append(PhpCode("echo(1);", name=bogus_vector, target=Os.WIN))
# Spoil all vectors but bogus_win
self._spoil_vectors_but(bogus_vector)
# Check if looping all vectors still returns None
self.assertIsNone(self.run_argv(["echo 1"]), None);
|
