Enhance(Modules/ShellManager): 新增配置选项「Body 设置为 RAW 模式」

8ea96970 · Medicean · 82ab2d01 · 8ea96970 · 8ea96970 · 8ea96970
Commit 8ea96970 authored Jul 13, 2022 by Medicean
9 changed files
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -129,6 +129,38 @@

 * 修复 PHP SQLite 下自动生成的 sql 语句语法错误的 Bug

+* 新增其它配置「Body 设置为 RAW 模式」，目前支持 `CMDLinux` 和 `PSWindows`
+
+> 对于一些命令执行场景，发包时有时只需要纯 Payload, 而不需要键值。 比如复杂的 XML 结构, 此时就可以通过开启该选项，之后结合「编码器」组装 XML 格式 Payload 发送.
+
+比如（注意 Content-Type 需要同步配置）:
+
+```
+'use strict';
+
+module.exports = (pwd, data, ext={}) => {
+  data[pwd] = `<?xml version="1.0" encoding="utf-8"?>
+<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/">
+    <soapenv:Header>
+        <work:WorkContext xmlns:work="http://bea.com/2004/06/soap/workarea/">
+        <java>
+          <void method="newInstance">
+              <void method="say" id="proc">
+                  <string>${data['_']}</string>
+              </void>
+          </void>
+        </java>
+        </work:WorkContext>
+    </soapenv:Header>
+    <soapenv:Body/>
+</soapenv:Envelope>`;
+  // 删除 _ 原有的payload
+  delete data['_'];
+  // 返回编码器处理后的 payload 数组
+  return data;
+}
+```
+
 ### 系统设置

 * 编码管理支持 cmdlinux 类型

--- a/source/core/base.js
+++ b/source/core/base.js
@@ -11,12 +11,17 @@ const NodeRSA = require('node-rsa');
 const fs = require('fs');

 class Base {
-
  /**
-   * 初始化
-   * @param  {Object} opts 配置对象
-   * @return {Object}      this
+   * 是否支持 Raw Body
   */
+  static get supportRawBody() {
+      return false;
+    }
+    /**
+     * 初始化
+     * @param  {Object} opts 配置对象
+     * @return {Object}      this
+     */
  constructor(opts) {
    // 默认配置
    opts['encode'] = opts['encode'] || 'utf8';
@@ -30,7 +35,7 @@ class Base {
       * @param  {Object} data 请求数据
       * @return {Object}      生成数据
       */
-      default(pwd, data) {
+      default (pwd, data) {
        data[pwd] = data['_'];
        delete data['_'];
        return data;
@@ -57,7 +62,7 @@ class Base {
      // }
    }
    this['__decoder__'] = {}
-    // 解析自定义编码器
+      // 解析自定义编码器
    this
      .user_encoders
      .map((_) => {
@@ -81,7 +86,7 @@ class Base {
      if (priKey.length > 0) {
        key.importKey(priKey.toString(), 'private');
      }
-    } catch (e) { }
+    } catch (e) {}
    return key;
  }

@@ -210,7 +215,7 @@ class Base {
    // 解析模板
    for (let funcName in templateObj) {
      this[templateName][funcName] = ((args) => {
-        if (typeof (args) === 'object') {
+        if (typeof(args) === 'object') {
          // 如果脚本函数需要参数，则进行解析
          return (argv) => {
            let data = {};
@@ -286,10 +291,10 @@ class Base {
   */
  encodeComplete(tag_s, tag_e, data) {
    let ext = {
-      opts: this.__opts__,
-      rsa: this.rsaEncrypt()
-    }
-    // 编码器处理
+        opts: this.__opts__,
+        rsa: this.rsaEncrypt()
+      }
+      // 编码器处理
    let finalData = this.__encoder__[this.__opts__['encoder']](this.__opts__['pwd'], data, ext);
    return {
      'tag_s': tag_s,
@@ -312,7 +317,8 @@ class Base {
      rsa: this.rsaEncrypt()
    }
    return new Promise((res, rej) => {
-      // 随机ID(用于监听数据来源)
+      console.log(this.__opts__['type'].endsWith("raw") || (this.constructor.supportRawBody && (this.__opts__['otherConf'] || {})['use-raw-body'] === 1))
+        // 随机ID(用于监听数据来源)
      const hash = (String(+new Date) + String(Math.random()))
        .substr(10, 10)
        .replace('.', '_');
@@ -363,7 +369,7 @@ class Base {
          addMassData: (this.__opts__['otherConf'] || {})['add-MassData'] === 1,
          randomPrefix: parseInt((this.__opts__['otherConf'] || {})['random-Prefix']),
          useRandomVariable: (this.__opts__['otherConf'] || {})['use-random-variable'] === 1,
-          useRaw: this.__opts__['type'].endsWith("raw"),
+          useRaw: this.__opts__['type'].endsWith("raw") || (this.constructor.supportRawBody && (this.__opts__['otherConf'] || {})['use-raw-body'] === 1),
          timeout: parseInt((this.__opts__['otherConf'] || {})['request-timeout']),
          headers: (this.__opts__['httpConf'] || {})['headers'] || {},
          body: (this.__opts__['httpConf'] || {})['body'] || {}

--- a/source/core/cmdlinux/index.js
+++ b/source/core/cmdlinux/index.js
 /**
- * PHP服务端脚本模板
- * 开写：2016/04/12
- * 更新：-
- * 作者：蚁逅 <https://github.com/antoor>
+ * CMDLinux 服务端脚本模板
 */
 'use strict';

@@ -10,6 +7,9 @@
 const Base = require('../base');

 class CMDLINUX extends Base {
+  static get supportRawBody() {
+    return true;
+  }
  constructor(opts) {
    super(opts);
    // 解析模板
@@ -45,14 +45,14 @@ class CMDLINUX extends Base {
  }

  get decoders() {
-    return ["default", "base64", "hex"];
-  }
-  /**
-   * HTTP请求数据组合函数
-   * @param  {Object} data 通过模板解析后的代码对象
-   * @param {bool} force_default 强制使用 default 解码
-   * @return {Promise}     返回一个Promise操作对象
-   */
+      return ["default", "base64", "hex"];
+    }
+    /**
+     * HTTP请求数据组合函数
+     * @param  {Object} data 通过模板解析后的代码对象
+     * @param {bool} force_default 强制使用 default 解码
+     * @return {Promise}     返回一个Promise操作对象
+     */
  complete(data, force_default = false) {
    // 分隔符号
    let tag_s, tag_e;

--- a/source/core/pswindows/index.js
+++ b/source/core/pswindows/index.js
@@ -7,6 +7,9 @@
 const Base = require('../base');

 class PSWINDOWS extends Base {
+  static get supportRawBody() {
+    return true;
+  }
  constructor(opts) {
    super(opts);
    // 解析模板

--- a/source/language/en.js
+++ b/source/language/en.js
@@ -175,6 +175,8 @@ module.exports = {
      },
      otherConf: {
        nohttps: 'Ignore HTTPS certificate',
+        userawbody: 'Use RAW HTTP Body',
+        userawbodyNotSupport: 'The currently selected Shell type does not support RAW Body mode (RAW Shell Type no need it)',
        usemultipart: 'Use Multipart send payload',
        addMassData: 'Add garbage data in payload',
        randomPrefix: 'Random prefix length',

--- a/source/language/zh.js
+++ b/source/language/zh.js
@@ -177,6 +177,8 @@ module.exports = {
      },
      otherConf: {
        nohttps: '忽略HTTPS证书',
+        userawbody: 'Body 设置为 RAW 模式',
+        userawbodyNotSupport: '当前所选Shell类型不支持 RAW Body 模式(RAW类型无需此项设置)',
        usemultipart: '使用 Multipart 发包',
        userandomvariable: '使用随机英文单词变量',
        addMassData: '增加垃圾数据',

--- a/source/language/zh_hk.js
+++ b/source/language/zh_hk.js
@@ -176,6 +176,8 @@ module.exports = {
      },
      otherConf: {
        nohttps: '忽略HTTPS證書',
+        userawbody: 'Body 設置為 RAW 模式',
+        userawbodyNotSupport: '當前所選Shell類型不支持 RAW Body 模式(RAW類型無需此項設置)',
        usemultipart: '使用 Multipart 發包',
        addMassData: '增加垃圾數據',
        randomPrefix: '隨機前綴長度',

--- a/source/language/zh_tw.js
+++ b/source/language/zh_tw.js
@@ -176,6 +176,8 @@ module.exports = {
      },
      otherConf: {
        nohttps: '忽略HTTPS證書',
+        userawbody: 'Body 設置為 RAW 模式',
+        userawbodyNotSupport: '當前所選Shell類型不支持 RAW Body 模式(RAW類型無需此項設置)',
        usemultipart: '使用 Multipart 發包',
        addMassData: '增加垃圾數據',
        randomPrefix: '隨機前綴長度',

--- a/source/modules/shellmanager/list/form.js
+++ b/source/modules/shellmanager/list/form.js
@@ -273,9 +273,9 @@ class Form {
        let typecombo = form.getCombo('type');
        let lasttype = typecombo.getSelected();
        for (const key in file_match) {
-          if(file_match[key].test(id) == true) {
+          if (file_match[key].test(id) == true) {
            // phpraw jspjs 时不改变类型
-            if(lasttype.indexOf(key)>-1){
+            if (lasttype.indexOf(key) > -1) {
              break;
            }
            typecombo.selectOption(typecombo.getOption(key).index);
@@ -469,8 +469,10 @@ class Form {
   * @return {[type]}     [description]
   */
  _createOtherForm(arg) {
+    let self = this;
    const opt = Object.assign({}, {
      'ignore-https': 0,
+      'use-raw-body': 0,
      'use-multipart': 0,
      'add-MassData': 0,
      'random-Prefix': '2',
@@ -503,6 +505,11 @@ class Form {
          name: 'ignore-https',
          label: LANG['list']['otherConf']['nohttps'],
          checked: opt['ignore-https'] === 1
+        }, {
+          type: "checkbox",
+          name: 'use-raw-body',
+          label: LANG['list']['otherConf']['userawbody'],
+          checked: opt['use-raw-body'] === 1
        }, {
          type: "checkbox",
          name: 'use-random-variable',
@@ -518,7 +525,7 @@ class Form {
          name: 'use-multipart',
          label: LANG['list']['otherConf']['usemultipart'],
          checked: opt['use-multipart'] === 1
-        },{
+        }, {
          type: 'fieldset',
          offsetLeft: 0,
          label: LANG['list']['otherConf']['chunk']['title'],
@@ -636,11 +643,10 @@ class Form {
              })
            });
            return ret;
-          })(['1', '2', '3', '5','10','15'])
+          })(['1', '2', '3', '5', '10', '15'])
        }, {
          type: "label",
          label: LANG['list']['otherConf']['uploadFragment']
-          
        }, {
          type: "combo",
          label: '/kb',
@@ -798,6 +804,17 @@ class Form {
      }], true);
    form.attachEvent('onChange', (name, value, state) => {
      switch (name) {
+        case 'use-raw-body':
+          let chosetype = self.baseForm.getItemValue("type");
+          if (!antSword.core[chosetype].supportRawBody && state == true) {
+            // 不支持，提示
+            layer.open({
+              title: LANG_T['info'],
+              content: LANG['list']['otherConf']['userawbodyNotSupport']
+            });
+            form.uncheckItem('use-raw-body');
+          }
+          break;
        case 'use-multipart':
          if (state == true && form.isItemChecked('use-chunk')) {
            form.uncheckItem('use-chunk');
@@ -807,10 +824,10 @@ class Form {
          if (state == true && form.isItemChecked('use-multipart')) {
            form.uncheckItem('use-multipart');
          }
-        // case 'add-MassData':
-        //   if (state == true && form.isItemChecked('add-MassData')) {
-        //     form.uncheckItem('add-MassData');
-        //   }
+          // case 'add-MassData':
+          //   if (state == true && form.isItemChecked('add-MassData')) {
+          //     form.uncheckItem('add-MassData');
+          //   }
          if (state == true) {
            layer.open({
              title: LANG_T['info'],
@@ -884,54 +901,54 @@ class Form {
    // 添加Header
    let _headerCount = 0;
    const _addHeader = (name = '', value = '') => {
-      _headerCount++;
-      form.addItem('header', {
-        type: "fieldset",
-        label: `#${_headerCount}`,
-        inputWidth: 480,
-        list: [{
-          type: "input",
-          name: `header-${_headerCount}_name`,
-          inputWidth: 350,
-          labelWidth: 50,
-          label: "Name",
-          value: name
-        }, {
-          type: "input",
-          name: `header-${_headerCount}_value`,
-          inputWidth: 350,
-          labelWidth: 50,
-          label: "Value",
-          value: value
-        }]
-      })
-    }
-    // 添加Body
+        _headerCount++;
+        form.addItem('header', {
+          type: "fieldset",
+          label: `#${_headerCount}`,
+          inputWidth: 480,
+          list: [{
+            type: "input",
+            name: `header-${_headerCount}_name`,
+            inputWidth: 350,
+            labelWidth: 50,
+            label: "Name",
+            value: name
+          }, {
+            type: "input",
+            name: `header-${_headerCount}_value`,
+            inputWidth: 350,
+            labelWidth: 50,
+            label: "Value",
+            value: value
+          }]
+        })
+      }
+      // 添加Body
    let _bodyCount = 0;
    const _addBody = (name = '', value = '') => {
-      _bodyCount++;
-      form.addItem('body', {
-        type: "fieldset",
-        label: `#${_bodyCount}`,
-        inputWidth: 480,
-        list: [{
-          type: "input",
-          name: `body-${_bodyCount}_name`,
-          inputWidth: 350,
-          labelWidth: 50,
-          label: "Name",
-          value: name
-        }, {
-          type: "input",
-          name: `body-${_bodyCount}_value`,
-          inputWidth: 350,
-          labelWidth: 50,
-          label: "Value",
-          value: value
-        }]
-      })
-    }
-    // 监听toolbar事件
+        _bodyCount++;
+        form.addItem('body', {
+          type: "fieldset",
+          label: `#${_bodyCount}`,
+          inputWidth: 480,
+          list: [{
+            type: "input",
+            name: `body-${_bodyCount}_name`,
+            inputWidth: 350,
+            labelWidth: 50,
+            label: "Name",
+            value: name
+          }, {
+            type: "input",
+            name: `body-${_bodyCount}_value`,
+            inputWidth: 350,
+            labelWidth: 50,
+            label: "Value",
+            value: value
+          }]
+        })
+      }
+      // 监听toolbar事件
    toolbar.attachEvent('onClick', (id, e) => {
      switch (id) {
        case 'add-header':