now ASPX works too for --os-shell

2024-11-22 09:36:35 +03:00 · 2010-11-24 11:38:27 +00:00 · 2010-11-24 11:38:27 +00:00 · 9579a97039
commit 9579a97039
parent ca58bdbc66
2 changed files with 16 additions and 0 deletions
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -1626,3 +1626,13 @@ def getPublicTypeMembers(type_):
            retVal.append((name, value))

    return retVal
+
+def extractRegexResult(regex, content):
+    retVal = None
+
+    if regex and content and '?P<result>' in regex:
+        match = re.search(regex, content)
+        if match:
+            retVal = match.group("result")
+
+    return retVal
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@ -15,6 +15,7 @@ import re
 from extra.cloak.cloak import decloak
 from lib.core.agent import agent
 from lib.core.common import decloakToNamedTemporaryFile
+from lib.core.common import extractRegexResult
 from lib.core.common import getDirs
 from lib.core.common import getDocRoot
 from lib.core.common import ntToPosixSlashes
@ -83,6 +84,11 @@ class Web:
                                "uploadDir": directory,
                              }

+            if self.webApi == "aspx":
+                page = Request.getPage(url=self.webStagerUrl, content=True, raise404=False)
+                multipartParams['__EVENTVALIDATION'] = extractRegexResult(r"__EVENTVALIDATION[^>]+value=\"(?P<result>[^\"]+)\"", page[0])
+                multipartParams['__VIEWSTATE'] = extractRegexResult(r"__VIEWSTATE[^>]+value=\"(?P<result>[^\"]+)\"", page[0])
+
            page = Request.getPage(url=self.webStagerUrl, multipart=multipartParams, raise404=False)

            if "File uploaded" not in page: