Skip to content

Commit

Permalink
Improvements regarding shell options reverse_tcp, bind_tcp
Browse files Browse the repository at this point in the history
  • Loading branch information
stasinopoulos committed Nov 4, 2024
1 parent fa8a972 commit 1086deb
Show file tree
Hide file tree
Showing 7 changed files with 21 additions and 40 deletions.
1 change: 1 addition & 0 deletions doc/CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
## Version 4.0 (TBA)
* Revised: Improvements regarding shell options `reverse_tcp`, `bind_tcp`.
* Revised: Major code refactoring regarding session handler.
* Revised: Minor improvement regarding options `--prefix`, `--suffix`.
* Revised: Improvement regarding writing text to the stdout (console) stream.
Expand Down
13 changes: 9 additions & 4 deletions src/core/injections/controller/checks.py
Original file line number Diff line number Diff line change
Expand Up @@ -370,9 +370,9 @@ def connection_exceptions(err_msg):
settings.TOTAL_OF_REQUESTS = settings.TOTAL_OF_REQUESTS + 1
if settings.MAX_RETRIES > 1:
time.sleep(settings.DELAY_RETRY)
if not settings.MULTI_TARGETS and not settings.CRAWLING:
info_msg = settings.APPLICATION.capitalize() + " is going to retry the request(s)."
settings.print_data_to_stdout(settings.print_info_msg(info_msg))
if not any((settings.MULTI_TARGETS, settings.CRAWLING,settings.REVERSE_TCP,settings.BIND_TCP)):
warn_msg = settings.APPLICATION.capitalize() + " is going to retry the request(s)."
settings.print_data_to_stdout(settings.print_warning_msg(warn_msg))
if not settings.VALID_URL :
if settings.TOTAL_OF_REQUESTS == settings.MAX_RETRIES and not settings.MULTI_TARGETS:
raise SystemExit()
Expand Down Expand Up @@ -3048,7 +3048,12 @@ def time_relative_export_injection_results(cmd, separator, output, check_exec_ti
Success msg.
"""
def shell_success(option):
info_msg = "Everything is in place. Cross your fingers and check for " + option + " shell on port " + settings.LPORT + "."
info_msg = "Sending payload to target, for " + option + " TCP connection "
if settings.BIND_TCP:
info_msg += "against " + settings.RHOST
else:
info_msg += "on " + settings.LHOST
info_msg += ":" + settings.LPORT + "."
settings.print_data_to_stdout(settings.print_info_msg(info_msg))

"""
Expand Down
27 changes: 0 additions & 27 deletions src/core/injections/controller/shell_options.py
Original file line number Diff line number Diff line change
Expand Up @@ -26,24 +26,6 @@
from src.thirdparty.six.moves import urllib as _urllib
from src.thirdparty.colorama import Fore, Back, Style, init

"""
Check for established connection
"""
def check_established_connection():
while True:
time.sleep(1)
if settings.VERBOSITY_LEVEL == 1:
settings.print_data_to_stdout(settings.SINGLE_WHITESPACE)
warn_msg = "Something went wrong with the reverse TCP connection."
warn_msg += " Please wait while checking state."
settings.print_data_to_stdout(settings.print_warning_msg(warn_msg))
lines = os.popen('netstat -anta').read().split("\n")
for line in lines:
if settings.LHOST + ":" + settings.LPORT in line and "ESTABLISHED" in line:
pass
else:
return

"""
Execute the bind / reverse TCP shell
"""
Expand Down Expand Up @@ -75,15 +57,6 @@ def execute_shell(separator, TAG, cmd, prefix, suffix, whitespace, http_request_
# Evaluate injection results.
shell = injector.injection_results(response, TAG, cmd, technique, url, OUTPUT_TEXTFILE, timesec)

if settings.REVERSE_TCP and (int(diff) > 0 and int(diff) < 6):
check_established_connection()
# else:
# if settings.VERBOSITY_LEVEL == 1:
# settings.print_data_to_stdout(settings.SINGLE_WHITESPACE)
err_msg = "The " + os_shell_option.split("_")[0] + " "
err_msg += os_shell_option.split("_")[1].upper() + " connection has failed."
settings.print_data_to_stdout(settings.print_critical_msg(err_msg))

"""
Configure the bind TCP shell
"""
Expand Down
13 changes: 8 additions & 5 deletions src/core/main.py
Original file line number Diff line number Diff line change
Expand Up @@ -562,12 +562,15 @@ def main(filename, url, http_request_method):

# Accidental stop / restart of the target host server.
except (_http_client.BadStatusLine, SocketError) as err_msg:
if settings.VERBOSITY_LEVEL != 0:
settings.print_data_to_stdout(settings.SINGLE_WHITESPACE)
err_msg = "The target host is not responding."
err_msg += " Please ensure that is up and try again."
settings.print_data_to_stdout("\n" + settings.print_critical_msg(err_msg))
if any((settings.REVERSE_TCP, settings.BIND_TCP)):
err_msg = "Connection failed to be established."
else:
err_msg = "The target host is not responding."
err_msg += " Please ensure that is up and try again."
settings.print_data_to_stdout(settings.print_critical_msg(err_msg))
logs.print_logs_notification(filename, url)
if any((settings.REVERSE_TCP, settings.BIND_TCP)):
raise SystemExit()

try:
filename = ""
Expand Down
3 changes: 0 additions & 3 deletions src/core/modules/shellshock/shellshock.py
Original file line number Diff line number Diff line change
Expand Up @@ -187,9 +187,6 @@ def file_access(url, cve, check_header, filename):
"""
def execute_shell(url, cmd, cve, check_header, filename, os_shell_option):
shell, payload = cmd_exec(url, cmd, cve, check_header, filename)
err_msg = "The " + os_shell_option.split("_")[0] + " "
err_msg += os_shell_option.split("_")[1].upper() + " connection has failed."
settings.print_data_to_stdout(settings.print_critical_msg(err_msg))

"""
Configure the bind TCP shell
Expand Down
2 changes: 2 additions & 0 deletions src/core/requests/headers.py
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,8 @@ def https_open(self, req):
response = False
unauthorized = False
while not _ and settings.TOTAL_OF_REQUESTS <= settings.MAX_RETRIES and unauthorized is False:
if any((settings.REVERSE_TCP, settings.BIND_TCP)):
_ = True
if settings.MULTI_TARGETS:
if settings.INIT_TEST == True and len(settings.MULTI_ENCODED_PAYLOAD) != 0:
settings.MULTI_ENCODED_PAYLOAD = []
Expand Down
2 changes: 1 addition & 1 deletion src/utils/settings.py
Original file line number Diff line number Diff line change
Expand Up @@ -262,7 +262,7 @@ def sys_argv_errors():
DESCRIPTION = "The command injection exploiter"
AUTHOR = "Anastasios Stasinopoulos"
VERSION_NUM = "4.0"
REVISION = "106"
REVISION = "107"
STABLE_RELEASE = False
VERSION = "v"
if STABLE_RELEASE:
Expand Down

0 comments on commit 1086deb

Please sign in to comment.