Home       Trees       Indices       Help   
w3af homepage
Package plugins :: Package attack :: Module remoteFileIncludeShell :: Class remoteFileIncludeShell
[hide private]

Class remoteFileIncludeShell



Exploit remote file include vulnerabilities.

Author: Andres Riancho ( andres.riancho@gmail.com )

Instance Methods [hide private]
 
__init__(self)
 
fastExploit(self, url, method, data)
Exploits a web app with remote file include vuln.
 
canExploit(self, vulnToExploit=None)
Searches the kb for vulnerabilities that this plugin can exploit, this is overloaded from baseAttackPlugin because I need to test for xss vulns also.
 
getAttackType(self)
Returns the type of exploit, SHELL, PROXY, etc.
 
getVulnName2Exploit(self)
This method should return the vulnerability name (as saved in the kb) to exploit.
 
_generateShell(self, vuln)
Returns: A shell object based on the vuln that is passed as parameter.
 
_verifyVuln(self, vuln)
This command verifies a vuln.
 
_genURLToInclude(self, fileContent, extension)
Generate the URL to include, based on the configuration it will return a URL poiting to a XSS bug, or a URL poiting to our local webserver.
 
_clearWebServer(self, urlToInclude)
Remove the file in the webroot and stop the webserver.
 
_startWebServer(self)
 
getOptions(self)
Returns: A list of option objects for this plugin.
 
setOptions(self, optionsMap)
This method sets all the options that are configured using the user interface generated by the framework using the result of getOptions().
 
getPluginDeps(self)
Returns: A list with the names of the plugins that should be runned before the current one.
 
getRootProbability(self)
Returns: This method returns the probability of getting a root shell using this attack plugin.
 
getLongDesc(self)
Returns: A DETAILED description of the plugin functions and features.

Inherited from core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin: GET2POST, exploit, getExploitableVulns, getType

Inherited from core.controllers.basePlugin.basePlugin.basePlugin: __eq__, end, getDesc, getName, printUniq, setUrlOpener

Inherited from core.controllers.basePlugin.basePlugin.basePlugin (private): _analyzeResult, _sendMutant

Inherited from core.controllers.misc.commonAttackMethods.commonAttackMethods: getCut, setCut

Inherited from core.controllers.misc.commonAttackMethods.commonAttackMethods (private): _cut, _defineCut

Method Details [hide private]

__init__(self)
(Constructor)

 
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.__init__

fastExploit(self, url, method, data)

 
Exploits a web app with remote file include vuln.
Parameters:
  • url - A string containing the Url to exploit ( http://somehost.com/foo.php )
  • method - A string containing the method to send the data ( post / get )
  • data - A string containing data to send with a mark that defines which is the vulnerable parameter ( aa=notMe&bb=almost&cc=[VULNERABLE] )
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.fastExploit

canExploit(self, vulnToExploit=None)

 
Searches the kb for vulnerabilities that this plugin can exploit, this is overloaded from baseAttackPlugin because I need to test for xss vulns also. This is a "complex" plugin.
Parameters:
  • vulnToExploit - The id of the vulnerability to exploit.
Returns:
True if plugin knows how to exploit a found vuln.
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.canExploit

getAttackType(self)

 
Returns the type of exploit, SHELL, PROXY, etc.
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.getAttackType
(inherited documentation)

getVulnName2Exploit(self)

 

This method should return the vulnerability name (as saved in the kb) to exploit. For example, if the audit.osCommanding plugin finds an vuln, and saves it as:

kb.kb.append( 'osCommanding' , 'osCommanding', vuln )

Then the exploit plugin that exploits osCommanding ( attack.osCommandingShell ) should return 'osCommanding' in this method.
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.getVulnName2Exploit
(inherited documentation)

_generateShell(self, vuln)

 
Returns:
A shell object based on the vuln that is passed as parameter.
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin._generateShell

_verifyVuln(self, vuln)

 

This command verifies a vuln. This is really hard work!

@return : True if vuln can be exploited.

getOptions(self)

 

This method returns an optionList containing the options objects that the configurable object has. Using this option list the framework will build a window, a menu, or some other input method to retrieve the info from the user.

This method MUST be implemented on every plugin.
Returns:
A list of option objects for this plugin.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getOptions

setOptions(self, optionsMap)

 
This method sets all the options that are configured using the user interface generated by the framework using the result of getOptions().
Parameters:
  • optionsMap - A map with the options for the plugin.
Returns:
No value is returned.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.setOptions

getPluginDeps(self)

 
Returns:
A list with the names of the plugins that should be runned before the current one.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getPluginDeps

getRootProbability(self)

 
Returns:
This method returns the probability of getting a root shell using this attack plugin. This is used by the "exploit *" function to order the plugins and first try to exploit the more critical ones. This method should return 0 for an exploit that will never return a root shell, and 1 for an exploit that WILL ALWAYS return a root shell.
Overrides: core.controllers.basePlugin.baseAttackPlugin.baseAttackPlugin.getRootProbability

getLongDesc(self)

 
Returns:
A DETAILED description of the plugin functions and features.
Overrides: core.controllers.basePlugin.basePlugin.basePlugin.getLongDesc

   Home       Trees       Indices       Help   
w3af homepage
Generated by Epydoc 3.0beta1 on Sun Sep 14 17:13:08 2008 http://epydoc.sourceforge.net