-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathlazyFuzzer.py
92 lines (59 loc) · 2.22 KB
/
lazyFuzzer.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
import os
import sys
import re
import subprocess
get_defined_function = os.popen("php -r 'print_r(get_defined_functions()[\'internal\']);'").readlines()
b = get_defined_function[2:-1]
b = map(str.strip, b)
for i in range(len(b)):
b[i] = re.sub(r'.*> ', '', b[i])
get_defined_function = b # all PHP functions
# All seeds: string, int, file and boolean
string_seed = "'1/../../../../../../../etc/passwd'"
final_seed = ["'" + str(i)+string_seed[2:] for i in range(-10,11)]
fp = open("a.txt","w+")
for i in get_defined_function:
process = subprocess.Popen("php -r '" + i + "();'",stderr=subprocess.PIPE,shell=True)
(output,err) = process.communicate()
print "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
print err
print "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
try:
minargs = int(re.findall(r'least .* p', err)[0][6:-2])
print minargs
arg_to_send = (string_seed+",")*(10) + string_seed
cmd = 'php -r "' + i + '(' + arg_to_send + ');"'
process = subprocess.Popen(cmd,stderr=subprocess.PIPE,shell=True)
(output,err) = process.communicate()
maxargs = int(re.findall(r'most \d parameters',err)[0][5:-11])
print maxargs
except:
try:
exactly = int(re.findall(r'exactly .* param',err)[0][8:-6])
print exactly
if(exactly):
minargs = exactly
print minargs
maxargs = exactly
print maxargs
else:
minargs=0
maxargs=0
except:
minargs=0
maxargs=0
for j in range(minargs,maxargs+1):
for k in final_seed:
args = [k]*j
arg_to_be_send = ",".join(args)
# print arg_to_be_send
cmd = 'php -r "' + i + '(' + arg_to_be_send + ');"'
# print cmd
fin_cmd = "strace -f "+ cmd + " 2>&1 | grep execve"
# print fin_cmd
out = re.findall(r'execve', ''.join(os.popen(fin_cmd).readlines()[1:]))
if(len(out)>0):
print fin_cmd
fp.write(fin_cmd+"\n")
else:
print "Not this one...you fuckkkk"