Skip to content

Add Wrapper Package with a Couple of Existing Examples #380

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 6 commits into
base: main
Choose a base branch
from

Conversation

lobsterjerusalem
Copy link
Collaborator

@lobsterjerusalem lobsterjerusalem commented May 19, 2025

Requires #377

The goal is to put helper functions/wrappers in this package to reduce boilerplate and increase consistency. Also helps to prevent import cycle issues.

Usage examples:

Simple Version Check

func CheckVersion(....){
     return wrappers.SimpleVersionCheck(conf, `<div id="version">v(\d+\.\d+\.\d+)</div>`, "<=0.24.10")
}

Open to opinions about whether or not to include additional params such as status code to check for or passing the endpoint as a param.

Dynamic File Serve:

ok := wrappers.HTTPServeFileInitAndRunWithFile(conf, dest, route, []byte(reverseShellContent))
if !ok {
     return false
}

randomFileName := httpFileServer.GetRandomName(dest)
....

@lobsterjerusalem lobsterjerusalem self-assigned this Jun 3, 2025
@lobsterjerusalem lobsterjerusalem added the enhancement New feature or request label Jun 3, 2025
// Of course it will not work in every case but that is not the point.
func SimpleVersionCheck(conf *config.Config, rePattern string, versionConstraint string) exploit.VersionCheckType {
url := protocol.GenerateURL(conf.Rhost, conf.Rport, conf.SSL, "/")
resp, body, ok := protocol.HTTPGetCache(url)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

formatting gone wrong here and elsewhere in the file


// This removes generic version checking boiler plate that works in a great deal of cases.
// Of course it will not work in every case but that is not the point.
func SimpleVersionCheck(conf *config.Config, rePattern string, versionConstraint string, endpoint string) exploit.VersionCheckType {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We should move this to the same as CheckSemVer in go-exploit

// to avoid certain import cycle errors.

// Helper function for use within exploits to reduce the overall amount of boilerplate when setting up a file server to host a dynamically generated file.
func HTTPServeFileInitAndRunWithFile(conf *config.Config, fileName string, routeName string, data[]byte) bool {
Copy link
Collaborator

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

idk where to put this but this probably shouldn't be wrappers

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
enhancement New feature or request
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants