coercer.models.MSPROTOCOLRPCCALL

 1#!/usr/bin/env python3
 2# -*- coding: utf-8 -*-
 3# File name          : MSPROTOCOLRPCCALL.py
 4# Author             : Podalirius (@podalirius_)
 5# Date created       : 16 Sep 2022
 6
 7import jinja2
 8from coercer.structures.MethodType import MethodType
 9
10
11class MSPROTOCOLRPCCALL(object):
12    """
13    Documentation for class MSPROTOCOLRPCCALL
14    """
15
16    method_type = MethodType.MICROSOFT_PROTOCOL
17
18    exploit_paths = []
19
20    path = None
21
22    protocol = {
23        "longname": "",
24        "shortname": ""
25    }
26
27    function = {
28        "name": "",
29        "opnum": 0
30    }
31
32    def __init__(self, path):
33        super(MSPROTOCOLRPCCALL, self).__init__()
34        self.path = path
35        
36    def __str__(self):
37        parameters = []
38        from sys import platform
39        if platform == "linux" or platform == "linux2":
40            # linux
41            function_template = "%s──>\x1b[96m%s\x1b[0m(%s)"
42            parameter_template = "\x1b[94m%s\x1b[0m=\x1b[93m%s\x1b[0m"
43        elif platform == "darwin":
44            # OS X
45            function_template = "%s──>%s(%s)"
46            parameter_template = "\x1b[94m%s\x1b[0m=\x1b[93m%s\x1b[0m"
47        elif platform == "win32":
48            # Windows...
49            function_template = "%s──>%s(%s)"
50            parameter_template = "%s=%s"
51
52
53        for arg in self.function["vulnerable_arguments"]:
54            parameters.append(
55                parameter_template % (
56                    arg,
57                    str(bytes(self.path, 'utf-8'))[1:].replace('\\\\', '\\')
58                )
59            )
60        parameters = ', '.join(parameters)
61
62        return function_template % (
63            self.protocol["shortname"],
64            self.function["name"],
65            parameters
66        )
67
68    @classmethod
69    def generate_exploit_templates(cls, desired_auth_type=None):
70        paths = []
71        for auth_type, exploit_path in cls.exploit_paths:
72            if desired_auth_type is not None:
73                if auth_type == desired_auth_type:
74                    paths.append((auth_type, exploit_path))
75            else:
76                paths.append((auth_type, exploit_path))
77        return paths
class MSPROTOCOLRPCCALL:
12class MSPROTOCOLRPCCALL(object):
13    """
14    Documentation for class MSPROTOCOLRPCCALL
15    """
16
17    method_type = MethodType.MICROSOFT_PROTOCOL
18
19    exploit_paths = []
20
21    path = None
22
23    protocol = {
24        "longname": "",
25        "shortname": ""
26    }
27
28    function = {
29        "name": "",
30        "opnum": 0
31    }
32
33    def __init__(self, path):
34        super(MSPROTOCOLRPCCALL, self).__init__()
35        self.path = path
36        
37    def __str__(self):
38        parameters = []
39        from sys import platform
40        if platform == "linux" or platform == "linux2":
41            # linux
42            function_template = "%s──>\x1b[96m%s\x1b[0m(%s)"
43            parameter_template = "\x1b[94m%s\x1b[0m=\x1b[93m%s\x1b[0m"
44        elif platform == "darwin":
45            # OS X
46            function_template = "%s──>%s(%s)"
47            parameter_template = "\x1b[94m%s\x1b[0m=\x1b[93m%s\x1b[0m"
48        elif platform == "win32":
49            # Windows...
50            function_template = "%s──>%s(%s)"
51            parameter_template = "%s=%s"
52
53
54        for arg in self.function["vulnerable_arguments"]:
55            parameters.append(
56                parameter_template % (
57                    arg,
58                    str(bytes(self.path, 'utf-8'))[1:].replace('\\\\', '\\')
59                )
60            )
61        parameters = ', '.join(parameters)
62
63        return function_template % (
64            self.protocol["shortname"],
65            self.function["name"],
66            parameters
67        )
68
69    @classmethod
70    def generate_exploit_templates(cls, desired_auth_type=None):
71        paths = []
72        for auth_type, exploit_path in cls.exploit_paths:
73            if desired_auth_type is not None:
74                if auth_type == desired_auth_type:
75                    paths.append((auth_type, exploit_path))
76            else:
77                paths.append((auth_type, exploit_path))
78        return paths

Documentation for class MSPROTOCOLRPCCALL

MSPROTOCOLRPCCALL(path)
33    def __init__(self, path):
34        super(MSPROTOCOLRPCCALL, self).__init__()
35        self.path = path
method_type = <MethodType.MICROSOFT_PROTOCOL: 1>
exploit_paths = []
path = None
protocol = {'longname': '', 'shortname': ''}
function = {'name': '', 'opnum': 0}
@classmethod
def generate_exploit_templates(cls, desired_auth_type=None):
69    @classmethod
70    def generate_exploit_templates(cls, desired_auth_type=None):
71        paths = []
72        for auth_type, exploit_path in cls.exploit_paths:
73            if desired_auth_type is not None:
74                if auth_type == desired_auth_type:
75                    paths.append((auth_type, exploit_path))
76            else:
77                paths.append((auth_type, exploit_path))
78        return paths