Merge pull request #277 from 13ph03nix/dev

Bug fixes & improvements
knownsec · Mar 17, 2022 · b19b244 · b19b244
2 parents e7d4420 + 52fcfb8
commit b19b244
Show file tree

Hide file tree

Showing 6 changed files with 88 additions and 54 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -307,3 +307,9 @@ Cross-platform shell code generation
 -----------------
 * Fix urllib3 issue with parsing URIs
 * Prevent URL encoding
+
+# version 1.9.1
+-----------------
+* fix #272, #274
+* the hook support of requests can be used alone
+* refactor shell mode, add handle for keyboard interrupt
diff --git a/pocsuite3/__init__.py b/pocsuite3/__init__.py
@@ -1,5 +1,5 @@
 __title__ = 'pocsuite3'
-__version__ = '1.9.0'
+__version__ = '1.9.1'
 __author__ = 'Knownsec 404 Team'
 __author_email__ = '[email protected]'
 __license__ = 'GPLv2'

diff --git a/pocsuite3/lib/core/interpreter.py b/pocsuite3/lib/core/interpreter.py
@@ -89,11 +89,11 @@ def start(self):
             except PocsuiteBaseException as warn:
                 logger.warn(warn)
             except EOFError:
-                logger.info("Pocsuite stopped")
+                logger.info("Pocsuite3 stopped")
                 break
             except KeyboardInterrupt:
-                logger.info("User Quit")
-                break
+                logger.warn('Interrupt: use the \'exit\' command to quit')
+                continue
 
     def complete(self, text, state):
         """Return the next possible completion for 'text'.

diff --git a/pocsuite3/lib/request/__init__.py b/pocsuite3/lib/request/__init__.py
@@ -1 +1,21 @@
 import requests
+
+from pocsuite3.lib.request.patch.remove_ssl_verify import remove_ssl_verify
+from pocsuite3.lib.request.patch.remove_warnings import disable_warnings
+from pocsuite3.lib.request.patch.add_httpraw import patch_addraw
+from pocsuite3.lib.request.patch.hook_request_redirect import patch_redirect
+from pocsuite3.lib.request.patch.hook_urllib3_parse_url import patch_urllib3_parse_url
+from pocsuite3.lib.request.patch.unquote_request_uri import unquote_request_uri
+
+
+def patch_requests():
+    # fix https://github.com/urllib3/urllib3/issues/1790
+    patch_urllib3_parse_url()
+    unquote_request_uri()
+    disable_warnings()
+    remove_ssl_verify()
+    patch_addraw()
+    patch_redirect()
+
+
+patch_requests()
diff --git a/pocsuite3/modules/listener/reverse_tcp.py b/pocsuite3/modules/listener/reverse_tcp.py
@@ -41,8 +41,6 @@ def get_sock_listener(listen_port, listen_host="0.0.0.0", ipv6=False, protocol=N
         s.bind((listen_host, listen_port))
     except socket.error:
         s.close()
-        # import traceback
-        # traceback.print_exc()
         return None
 
     if protocol == socket.SOCK_STREAM:
@@ -87,23 +85,21 @@ def list_clients():
     results = ''
     for i, client in enumerate(kb.data.clients):
         try:
-            client.conn.send(str.encode('uname\n'))
-            time.sleep(0.2)
-            ret = client.conn.recv(2048)
+            client.conn.send(b'uname\n')
+            ret = poll_cmd_execute(client).lower()
+            system = "unknown"
             if ret:
-                ret = ret.decode('utf-8', errors="ignore")
-                system = "unknown"
-                if "darwin" in ret.lower():
+                if "darwin" in ret:
                     system = "Darwin"
-                elif "linux" in ret.lower():
+                elif "linux" in ret:
                     system = "Linux"
-                elif "uname" in ret.lower():
+                elif "uname" in ret:
                     system = "Windows"
 
-        except Exception as ex:  # If a connection fails, remove it
-            logger.exception(ex)
+        except Exception:  # If a connection fails, remove it
             del kb.data.clients[i]
             continue
+
         results += (
                 str(i) +
                 "   " +
@@ -121,15 +117,17 @@ def get_client(cmd):
         target = int(target)
         client = kb.data.clients[target]  # Connect to the selected clients
         data_to_stdout("Now Connected: {0}\n".format(
-            desensitization(client.address[0] if conf.ppt else client.address[0])))
+            desensitization(client.address[0]) if conf.ppt else client.address[0]))
         return client
     except Exception:
         data_to_stdout("Invalid Client\n")
         return None
 
 
 def send_shell_commands_for_console(client):
-    module_prompt_default_template = "\001\033[4m\002SHELL\001\033[0m\002 (\001\033[91m\002{hostname}\001\033[0m\002) > "
+    module_prompt_default_template = (
+        "\001\033[4m\002SHELL\001\033[0m\002 (\001\033[91m\002{hostname}\001\033[0m\002) > "
+    )
     while True:
         cmd = None
         try:
@@ -151,6 +149,10 @@ def send_shell_commands_for_console(client):
 
             data_to_stdout(resp)
 
+        except KeyboardInterrupt:
+            logger.warn('Interrupt: use the \'quit\' command to quit')
+            continue
+
         except Exception as ex:
             logger.error(str(ex))
             data_to_stdout("Connection Lost\n")
@@ -182,6 +184,10 @@ def send_shell_commands(client):
 
             data_to_stdout(resp)
 
+        except KeyboardInterrupt:
+            logger.warn('Interrupt: use the \'quit\' command to quit')
+            continue
+
         except Exception as ex:
             logger.error(str(ex))
             data_to_stdout("Connection Lost\n")
@@ -213,7 +219,6 @@ def poll_cmd_execute(client, timeout=3):
                     break
                 else:
                     ret += get_unicode(client.conn.recv(0x10000))
-                    # ret += str(client.conn.recv(0x10000), "utf-8")
             else:
                 if ret:
                     break
@@ -233,7 +238,6 @@ def poll_cmd_execute(client, timeout=3):
             ready = select.select([client.conn], [], [], 0.2)
             if ready[0]:
                 ret += get_unicode(client.conn.recv(0x10000))
-                # ret += str(client.conn.recv(0x10000), "utf-8")
             else:
                 if ret:
                     break
@@ -263,47 +267,51 @@ def print_cmd_help():
 
 
 def handle_listener_connection_for_console(wait_time=3, try_count=3):
-    cmd = "select 0"
-    client = get_client(cmd)
-    if client is not None:
-        f = send_shell_commands_for_console(client)
-        if f:
-            return
+    while len(kb.data.clients) == 0:
+        try:
+            time.sleep(wait_time)
+        except KeyboardInterrupt:
+            break
 
-    if try_count > 0:
-        time.sleep(wait_time)
-        data_to_stdout("connect err remaining number of retries %s times\n" % (try_count))
-        try_count -= 1
-        return handle_listener_connection_for_console(wait_time=wait_time, try_count=try_count)
+    if len(kb.data.clients) > 0:
+        cmd = "select 0"
+        client = get_client(cmd)
+        if client is not None:
+            send_shell_commands_for_console(client)
 
 
 def handle_listener_connection():
     _ = ["list", "select", "exit", "quit", "clear"]
     auto_completion(AUTOCOMPLETE_TYPE.POCSUITE, commands=_)
 
     while True:
-        cmd = None
-        cmd = input('shell>: ').strip()
-        if not cmd:
+        try:
+            cmd = None
+            cmd = input('shell>: ').strip()
+            if not cmd:
+                continue
+            elif cmd.lower() in ("?", "help"):
+                print_cmd_help()
+            elif cmd.lower() == "clear":
+                clear_history()
+                data_to_stdout("[i] history cleared\n")
+                save_history(AUTOCOMPLETE_TYPE.POCSUITE)
+            elif cmd.lower() in ("x", "q", "exit", "quit"):
+                raise PocsuiteShellQuitException
+            elif cmd == "list":
+                list_clients()
+            elif cmd.lower().split(" ")[0] in ('select', 'use'):
+                client = get_client(cmd)
+                if client is not None:
+                    send_shell_commands(client)
+            else:
+                save_history(AUTOCOMPLETE_TYPE.POCSUITE)
+                load_history(AUTOCOMPLETE_TYPE.POCSUITE)
+                data_to_stdout("Command Not Found... type ? for help.")
+
+        except KeyboardInterrupt:
+            logger.warn('Interrupt: use the \'quit\' command to quit')
             continue
-        elif cmd.lower() in ("?", "help"):
-            print_cmd_help()
-        elif cmd.lower() == "clear":
-            clear_history()
-            data_to_stdout("[i] history cleared\n")
-            save_history(AUTOCOMPLETE_TYPE.POCSUITE)
-        elif cmd.lower() in ("x", "q", "exit", "quit"):
-            raise PocsuiteShellQuitException
-        elif cmd == "list":
-            list_clients()
-        elif cmd.lower().split(" ")[0] in ('select', 'use'):
-            client = get_client(cmd)
-            if client is not None:
-                send_shell_commands(client)
-        else:
-            save_history(AUTOCOMPLETE_TYPE.POCSUITE)
-            load_history(AUTOCOMPLETE_TYPE.POCSUITE)
-            data_to_stdout("Command Not Found... type ? for help.")
 
 
 class REVERSE_PAYLOAD:

diff --git a/setup.py b/setup.py
@@ -21,7 +21,7 @@ def find_packages(where='.'):
 
 setup(
     name='pocsuite3',
-    version='1.9.0',
+    version='1.9.1',
     url='https://pocsuite.org',
     description='Open-sourced remote vulnerability testing framework.',
     long_description=long_description,
@@ -42,7 +42,7 @@ def find_packages(where='.'):
         ]
     },
     install_requires=[
-        "requests",
+        "requests >= 2.22.0",
         "requests-toolbelt",
         "PySocks",
         "urllib3",