-
Notifications
You must be signed in to change notification settings - Fork 29
General
To include this assists module in your module use the following line of code:
include WXf::WXfassists::General::MechReq
Default Options
RURL (Remote URL)
PROXYA (Proxy Address)
PROXYP (Proxy Port)
THROTTLE (amount of requests before a pause of 3 seconds occurs)
As with all assists default options, these can be used in the exploit, auxiliary or payload module by calling them directly (lowercase). For instance,
res = mech_req({
'method' => 'GET',
'RURL' => rurl
})
You will notice in the above example, we've passed RURL's value to the mech_req method by calling it directly (rurl). This is to make the process of setting options more efficient and cut down on duplicate efforts of module developers.
METHODS
Currently, the only method exposed to developers thru the MechReq assists module is mech_req. mech_req is called by passing options in a hash pattern. It is important to note that for portability purposes send_request_cgi is the same as mech_req and the two methods are interchangeable. The following is an example of using mech_req:
mech_req({
'method' => 'GET',
'RURL' => rurl
})
The following is a list of options that can be passed to mech_req:
Name Description
---- -----------
RURL REMOTE URL (TARGET)
DEBUG log/console, use log is using dradis logging. Use console to print debug output to the console.
UA User-Agent
BASIC_AUTH_USER Basic Authorization Username
BASIC_AUTH_PASS Basic Authorization Password
method HTTP Methods, (GET, POST, PUT, HEAD, DELETE)
RFILE When using the PUT method, this will specify the name of the file to 'put'
RFILECONTENT When using the PUT method, specifies the content within the RFILE to 'put'
CAFILE If a local, client certificate is required, this option can be passed
KEEP-ALIVE When it becomes necessary to adjust the HTTP keep-alive timeout value, use this
RPARAMS RPARAMS can be used with the methods head, delete, get and post. This would represent, for
example: foo1=bar1&foo2=bar2
HEADERS These are HTTP headers
REDIRECT When NOT specified, the mech_req will follow any 302 redirects. When set to FALSE, it won't.
It is important to note that mech_req returns a Mechanize.get, put, post, delete or head object. If a developer was writing a script that called mechanize it might look something like this
require 'mechanize'
agent = Mechanize.new
agent.get('http://www.example.com')
and the mech_req or send_request_cgi method analogous to the agent.get object. Mechanize documentation will provide the list of methods available to the agent.get response object.
Examples of passing each of the options to mech_req:
mech_req({
RURL => rurl,
DEBUG => 'log',
UA => 'Mozilla',
BASIC_AUTH_USER => 'guest',
BASIC_AUTH_PASS => 'guest_password',
method => 'GET',
RFILE => 'exampleFile.txt',
RFILECONTENT => 'Stuff you'd place in exampleFile.txt',
CAFILE => '/home/me/ca_file',
KEEP-ALIVE => 300,
RPARAMS => {'foo1' => 'bar1','foo2' => 'bar2'},
HEADERS => {'CustomHeader' => 'CustomHeaderValue'},
REDIRECT => false,
})
Error Handling
Mechanize tends to do very well with 301, 302 and 200 status codes but all others cause a ResponseCodeError or rce (method accessible within modules).
If you'd like to retrieve the status code ONLY (ie - 404, 401) use rce_code.
An example would be
def run
res = mech_req({
'RURL' = rurl
})
if (rce)
puts "We've received the following error: #{rce_code}"
end
if res.code == '200'
puts "Yay, we've received a 200!"
end
end
Additionally, while res.code is a string value, rce_code is an integer. Example:
if rce_code == 401
puts "401 received"
end
In contrast to res.code (String):
if res.code == "200"
puts "200 received"
end
To include this assists module in your module use the following line of code:
include WXf::WXfassists::General::SavonReq
Default Options
RURL (Remote URL)
PROXYA (Proxy Address)
PROXYP (Proxy Port)
METHODS
There are two methods exposed to developers thru the SavonReq assists module. The two modules are simple_savon_client and single_action_req
simple_savon_client
SavonReq is a modified version of the Savon gem written by rubiii (Daniel Harrington). simple_savon_client returns a Savon::Client object. This simply means that any further documentation on interacting with the Savon::Client can be found online OR you can use the documentation provided in the /lib/wAx/wAxHTTPLibs/savon folder. The client.rb file, located under lib/wAx/wAxHTTPLibs/savon/lib/savon/client.rb has a brief tutorial.
The important aspects of what a SOAP client should do such as retrieving a WSDL, identifying endpoints, identifying actions, etc. can all be accessed through the use of simple_savon_client. An example of using simple_savon_client can be found in the modules/auxiliary/enum/wsdl_action_enum.rb file.
The following is a list of options that can be passed to simple_savon_client:
Name Description
---- -----------
RURL REMOTE URL (TARGET)
Example of passing the RURL option to simple_savon_client:
simple_savon_client({
RURL => rurl,
})
In order to simplify the task of making a SOAP request, we've developed a function called single_action_req. The following is a list of options that can be passed to single_action_req:
Name Description
---- -----------
RURL REMOTE URL (TARGET)
PROXYA PROXY ADDRESS
PROXYP PROXY PORT
RPARAMS This is a parameter and value pair, sent in the request. Example: id=1
BASIC_AUTH_USER Basic Authorization Username
BASIC_AUTH_PASS Basic Authorization Password
HEADERS These are HTTP headers
Examples of passing each of the options to single_action_req:
single_action_req({
RURL => rurl,
PROXYP => proxyp,
PROXYA => proxya,
BASIC_AUTH_USER => 'guest',
BASIC_AUTH_PASS => 'guest_password',
RPARAMS => {datahash['FOO'] => datahash['BAR']}, (NOTE: Example of taking the param/value from user input)
HEADERS => {'CustomHeader' => 'CustomHeaderValue'},
})
To find an example of using this method view the modules/auxiliary/enum/soap_request.rb file.