Minor update

commixproject · Nov 30, 2023 · 59e0d23 · 59e0d23
1 parent 5109df4
commit 59e0d23
Show file tree

Hide file tree

Showing 6 changed files with 22 additions and 17 deletions.
diff --git a/src/core/injections/controller/checks.py b/src/core/injections/controller/checks.py
@@ -477,7 +477,7 @@ def page_encoding(response, action):
  pass
  if _:
  err_msg += "You are advised to rerun with"
- err_msg += ('out', '')[menu.options.codec == None] + " the option '--codec'."
+ err_msg += ('out', '')[menu.options.codec == None] + " option '--codec'."
  print(settings.print_critical_msg(str(err_msg)))
  raise SystemExit()
 

diff --git a/src/core/injections/semiblind/techniques/file_based/fb_handler.py b/src/core/injections/semiblind/techniques/file_based/fb_handler.py
@@ -50,7 +50,7 @@
 def tfb_controller(no_result, url, timesec, filename, tmp_path, http_request_method, url_time_response):
  if no_result == True:
  if settings.VERBOSITY_LEVEL != 0:
- debug_msg = "Using '" + tmp_path + "' as temporary directory."
+ debug_msg = "Using '" + tmp_path + "' as temporary writable directory."
  print(settings.print_debug_msg(debug_msg))
  info_msg = "Trying to create a file in temporary "
  info_msg += "directory ('" + tmp_path + "') for command execution output.\n"
@@ -80,9 +80,9 @@ def delete_previous_shell(separator, payload, TAG, prefix, suffix, whitespace, h
 """
 def custom_web_root(url, timesec, filename, http_request_method, url_time_response):
  if settings.TARGET_OS == settings.OS.WINDOWS :
- example_root_dir = "\\inetpub\\wwwroot"
+ example_root_dir = settings.WINDOWS_DEFAULT_DOC_ROOTS[0]
  else:
- example_root_dir = "/var/www"
+ example_root_dir = settings.LINUX_DEFAULT_DOC_ROOTS[0].replace(settings.DOC_ROOT_TARGET_MARK,settings.TARGET_URL)
  message = "Please provide web server document root directory (e.g. '"
  message += example_root_dir + "') > "
  settings.WEB_ROOT = common.read_input(message, default=example_root_dir, check_batch=True)
@@ -216,9 +216,9 @@ def fb_injection_handler(url, timesec, filename, http_request_method, url_time_r
  if not settings.LOAD_SESSION or settings.RETEST == True:
  TAG = ''.join(random.choice(string.ascii_uppercase) for i in range(6))
  if settings.VERBOSITY_LEVEL != 0:
- debug_msg = "Using '" + settings.WEB_ROOT + "' as web server document root."
+ debug_msg = "Using '" + settings.WEB_ROOT + "' as writable directory."
  print(settings.print_debug_msg(debug_msg))
- info_msg = "Trying to create a file in '" + settings.WEB_ROOT
+ info_msg = "Trying to create a file in directory '" + settings.WEB_ROOT
  info_msg += "' for command execution output. "
  print(settings.print_info_msg(info_msg))
 
@@ -379,7 +379,7 @@ def fb_injection_handler(url, timesec, filename, http_request_method, url_time_r
  tmp_path = check_tmp_path(url, timesec, filename, http_request_method, url_time_response)
  sys.stdout.write("\r")
  message = "It seems that you don't have permissions to "
- message += "read and/or write files in '" + settings.WEB_ROOT + "'."
+ message += "read and/or write files in directory '" + settings.WEB_ROOT + "'."
  if not menu.options.web_root:
  message += " You are advised to rerun with option '--web-root'."
  while True:
@@ -431,7 +431,7 @@ def fb_injection_handler(url, timesec, filename, http_request_method, url_time_r
 
  except _urllib.error.URLError as e:
  warn_msg = "It seems that you don't have permissions to "
- warn_msg += "read and/or write files in '" + settings.WEB_ROOT + "'."
+ warn_msg += "read and/or write files in directory '" + settings.WEB_ROOT + "'."
  sys.stdout.write("\r" + settings.print_warning_msg(warn_msg))
  err_msg = str(e).replace(": "," (") + ")."
  if settings.VERBOSITY_LEVEL >= 2:

diff --git a/src/core/injections/semiblind/techniques/file_based/fb_injector.py b/src/core/injections/semiblind/techniques/file_based/fb_injector.py
@@ -269,10 +269,12 @@ def custom_web_root(url, OUTPUT_TEXTFILE):
  if not settings.DEFINED_WEBROOT or settings.MULTI_TARGETS:
  if menu.options.web_root:
  scheme = _urllib.parse.urlparse(url).scheme
+ hostname = _urllib.parse.urlparse(url).hostname
  netloc = _urllib.parse.urlparse(url).netloc
  output = scheme + "://" + netloc + "/" + OUTPUT_TEXTFILE
 
  for item in settings.LINUX_DEFAULT_DOC_ROOTS:
+ item = item.replace(settings.DOC_ROOT_TARGET_MARK, hostname)
  if item == menu.options.web_root:
  settings.DEFINED_WEBROOT = output
  break
@@ -310,7 +312,7 @@ def custom_web_root(url, OUTPUT_TEXTFILE):
  output = settings.DEFINED_WEBROOT
 
  if settings.VERBOSITY_LEVEL != 0:
- debug_msg = "Checking URL '" + output + "' for command execution output."
+ debug_msg = "Checking if the file is accessible from '" + output + "'."
  print(settings.print_debug_msg(debug_msg))
 
  return output

diff --git a/src/core/main.py b/src/core/main.py
@@ -206,6 +206,7 @@ def url_response(url):
  print(settings.print_info_msg(info_msg))
  # Check if http / https
  url = checks.check_http_s(url)
+ settings.TARGET_URL = _urllib.parse.urlparse(url).hostname
  # Check if defined Tor (--tor option).
  if menu.options.tor and settings.TOR_CHECK_AGAIN:
  tor.do_check()

diff --git a/src/core/requests/requests.py b/src/core/requests/requests.py
@@ -793,13 +793,13 @@ def server_identification(server_banner):
  # Set up default root paths
  if "apache" in settings.SERVER_BANNER.lower():
  if settings.TARGET_OS == settings.OS.WINDOWS:
- settings.WEB_ROOT = "\\htdocs"
+ settings.WEB_ROOT = settings.WINDOWS_DEFAULT_DOC_ROOTS[1]
  else:
- settings.WEB_ROOT = "/var/www"
+ settings.WEB_ROOT = settings.LINUX_DEFAULT_DOC_ROOTS[0].replace(settings.DOC_ROOT_TARGET_MARK,settings.TARGET_URL)
  elif "nginx" in settings.SERVER_BANNER.lower():
- settings.WEB_ROOT = "/usr/share/nginx"
+ settings.WEB_ROOT = settings.WINDOWS_DEFAULT_DOC_ROOTS[6]
  elif "microsoft-iis" in settings.SERVER_BANNER.lower():
- settings.WEB_ROOT = "\\inetpub\\wwwroot"
+ settings.WEB_ROOT = settings.WINDOWS_DEFAULT_DOC_ROOTS[0]
  break
  else:
  if settings.VERBOSITY_LEVEL != 0:

diff --git a/src/utils/settings.py b/src/utils/settings.py
@@ -241,7 +241,7 @@ def sys_argv_errors():
 DESCRIPTION = "The command injection exploiter"
 AUTHOR = "Anastasios Stasinopoulos"
 VERSION_NUM = "3.9"
-REVISION = "24"
+REVISION = "25"
 STABLE_RELEASE = False
 VERSION = "v"
 if STABLE_RELEASE:
@@ -1188,10 +1188,12 @@ class AUTH_TYPE(object):
 # Period after last-update to start nagging (about the old revision).
 NAGGING_DAYS = 31
 
-LINUX_DEFAULT_DOC_ROOTS = ["/var/www/", "/var/www/html", "/var/www/htdocs", "/usr/local/apache2/htdocs", "/usr/local/www/data", "/var/apache2/htdocs", "/var/www/nginx-default", "/srv/www/htdocs"] # Reference: https://wiki.apache.org/httpd/DistrosDefaultLayout
-DEFINED_WEBROOT = RECHECK_FILE_FOR_EXTRACTION = False
-
+TARGET_URL = ""
+DOC_ROOT_TARGET_MARK = "%TARGET%"
+WINDOWS_DEFAULT_DOC_ROOTS = ["C:\\\\Inetpub\\wwwroot", "C:\\\\xampp\\htdocs", "C:\\\\wamp\\www"]
+LINUX_DEFAULT_DOC_ROOTS = ["/var/www/" + DOC_ROOT_TARGET_MARK + "/public_html", "/var/www", "/var/www/html", "/var/www/htdocs", "/usr/local/apache2/htdocs", "/usr/local/www/data", "/var/apache2/htdocs", "/var/www/nginx-default", "/srv/www/htdocs"] # Reference: https://wiki.apache.org/httpd/DistrosDefaultLayout
 
+DEFINED_WEBROOT = RECHECK_FILE_FOR_EXTRACTION = False
 
 # HTTP Headers
 COOKIE = "Cookie"