katana.units.web.basic_img_shell
— Upload PHP Shell¶
Upload a basic PHP web shell to look for a flag file.
This unit will to see if there upload functionality on a webpage, and if it finds one, it will attempt to upload a basic PHP web shell masked inside of a GIF image. That syntax is simply:
GIF89a;
<?php system($_GET['c']) ?>
If the unit can find the new file that it uploaded, it will attempt to run
commands and look for a flag.txt
or flag
file on the remote server.
This unit inherits from katana.units.web.WebUnit
as that contains
lots of predefined variables that can be used throughout multiple web units.
Warning
This unit automatically attempts to perform malicious actions on the target. DO NOT use this in any circumstances where you do not have the authority to operate!
-
class
katana.units.web.basic_img_shell.
Unit
(*args, **kwargs) Bases:
katana.units.web.WebUnit
-
GROUPS
= ['web', 'shell', 'basic_img_shell'] These are “tags” for a unit. Considering it is a web unit, “web” is included, as well as the tag “shell”, and the name of the unit itself, “basic_img_shell”.
-
PRIORITY
= 60 Priority works with 0 being the highest priority, and 100 being the lowest priority. 50 is the default priorty. This unit has a somewhat lower priority.
-
RECURSE_SELF
= False This unit should not recurse on itself.
-
enumerate
() Yield cases. This function will actually attempt to upload a PHP webshell with a variety of file extensions, like
["php", "gif", "php3", "php5", "php7"]
and yield the proper HTTP action, method, parameters and potentially a file location to reach the uploaded webshell. Running commands takes place within theevaluate
function.Returns: A generator, yielding a tuple with the found values (method, action, file, ext, location, file_path)
-
evaluate
(case: Any) Evaluate the target. Use the uploaded webshell to try and run commands and if command output is shown, find a potential flag location. If a flag file is found, it will attempt to display that flag.
Parameters: case – A case returned by enumerate
. For this unit, theenumerate
function yields the information necessary to access the newly uploaded webshell.Returns: None. This function should not return any data.
-