|
|
|
|
from tools.ToolBase import ToolBase
|
|
|
|
|
import pexpect
|
|
|
|
|
|
|
|
|
|
class EchoTool(ToolBase):
|
|
|
|
|
def validate_instruction(self, instruction):
|
|
|
|
|
#指令过滤
|
|
|
|
|
timeout = 60*5
|
|
|
|
|
return instruction,timeout
|
|
|
|
|
|
|
|
|
|
def do_worker_pexpect(self, str_instruction, timeout, ext_params):
|
|
|
|
|
try:
|
|
|
|
|
result = ""
|
|
|
|
|
exc_do = pexpect.spawn('bash', ['-c', str_instruction], timeout=timeout,
|
|
|
|
|
encoding='utf-8') # spawn 第一个参数是可执行文件
|
|
|
|
|
index = exc_do.expect([
|
|
|
|
|
pexpect.TIMEOUT,
|
|
|
|
|
pexpect.EOF
|
|
|
|
|
])
|
|
|
|
|
result += str(exc_do.before)
|
|
|
|
|
if index == 0:
|
|
|
|
|
result += f"\n执行超时{timeout}秒"
|
|
|
|
|
elif index == 1:
|
|
|
|
|
pass
|
|
|
|
|
else:
|
|
|
|
|
print("遇到其他输出!")
|
|
|
|
|
pass
|
|
|
|
|
return result
|
|
|
|
|
except Exception as e:
|
|
|
|
|
return f"执行错误: {str(e)}"
|
|
|
|
|
|
|
|
|
|
def execute_instruction(self, instruction_old):
|
|
|
|
|
ext_params = self.create_extparams()
|
|
|
|
|
# 第一步:验证指令合法性
|
|
|
|
|
instruction,time_out = self.validate_instruction(instruction_old)
|
|
|
|
|
if not instruction:
|
|
|
|
|
return False, instruction_old, "该指令暂不执行!","",ext_params
|
|
|
|
|
# 过滤修改后的指令是否需要判重?同样指令再执行结果一致?待定---#?
|
|
|
|
|
|
|
|
|
|
# 第二步:执行指令---需要对ftp指令进行区分判断
|
|
|
|
|
output = self.do_worker_pexpect(instruction, time_out, ext_params)
|
|
|
|
|
|
|
|
|
|
# 第三步:分析执行结果
|
|
|
|
|
analysis = self.analyze_result(output,instruction,"","")
|
|
|
|
|
|
|
|
|
|
return True, instruction, analysis,output,ext_params
|
|
|
|
|
|
|
|
|
|
def analyze_result(self, result,instruction,stderr,stdout):
|
|
|
|
|
#指令结果分析
|
|
|
|
|
if "GET / HTTP/1.1" in result and "X-Original-URL: /proc/self/environ" in result:
|
|
|
|
|
#通过构造 自定义HTTP请求头 尝试利用服务器配置漏洞,访问敏感文件
|
|
|
|
|
if "HTTP/1.1 200" in result and "PATH=" in result:
|
|
|
|
|
#result = "存在安全问题" #暂时保留结果
|
|
|
|
|
pass
|
|
|
|
|
else:
|
|
|
|
|
result ="不存在安全问题"
|
|
|
|
|
else:
|
|
|
|
|
pass
|
|
|
|
|
|
|
|
|
|
return result
|
