From cdb434805ad5858a53cb886de54da590be0ef4dd Mon Sep 17 00:00:00 2001 From: Miroslav Stampar Date: Mon, 10 Jun 2013 22:14:45 +0200 Subject: [PATCH] Using alpha character as a boundary in union/error techniques (instead of ':') to support wider range of (output filtering) cases --- lib/core/option.py | 7 ++++--- lib/core/settings.py | 3 +++ 2 files changed, 7 insertions(+), 3 deletions(-) diff --git a/lib/core/option.py b/lib/core/option.py index 0456133ba..6d32dbb1b 100644 --- a/lib/core/option.py +++ b/lib/core/option.py @@ -101,6 +101,7 @@ from lib.core.settings import DEFAULT_TOR_SOCKS_PORT from lib.core.settings import FIREBIRD_ALIASES from lib.core.settings import INJECT_HERE_MARK from lib.core.settings import IS_WIN +from lib.core.settings import KB_CHARS_BOUNDARY_CHAR from lib.core.settings import LOCALHOST from lib.core.settings import MAXDB_ALIASES from lib.core.settings import MAX_CONNECT_RETRIES @@ -1569,9 +1570,9 @@ def _setKnowledgeBaseAttributes(flushAll=True): kb.chars = AttribDict() kb.chars.delimiter = randomStr(length=6, lowercase=True) - kb.chars.start = ":%s:" % randomStr(length=3, lowercase=True) - kb.chars.stop = ":%s:" % randomStr(length=3, lowercase=True) - kb.chars.at, kb.chars.space, kb.chars.dollar, kb.chars.hash_ = (":%s:" % _ for _ in randomStr(length=4, lowercase=True)) + kb.chars.start = "%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, randomStr(length=3, lowercase=True), KB_CHARS_BOUNDARY_CHAR) + kb.chars.stop = "%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, randomStr(length=3, lowercase=True), KB_CHARS_BOUNDARY_CHAR) + kb.chars.at, kb.chars.space, kb.chars.dollar, kb.chars.hash_ = ("%s%s%s" % (KB_CHARS_BOUNDARY_CHAR, _, KB_CHARS_BOUNDARY_CHAR) for _ in randomStr(length=4, lowercase=True)) kb.commonOutputs = None kb.counters = {} diff --git a/lib/core/settings.py b/lib/core/settings.py index f3fc34af3..39ac78b97 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -563,6 +563,9 @@ BRUTE_DOC_ROOT_SUFFIXES = ("", "html", "htdocs", "httpdocs", "php", "public", "s # String used for marking target name inside used brute force web server document root BRUTE_DOC_ROOT_TARGET_MARK = "%TARGET%" +# Character used as a boundary in kb.chars (preferably less frequent letter) +KB_CHARS_BOUNDARY_CHAR = 'q' + # CSS style used in HTML dump format HTML_DUMP_CSS_STYLE = """