/usr/share/doc/w3af-console/examples/script-exploitAll-stopOnFirst.w3af is in w3af-console 1.0-rc3svn3489-1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 | # This is a test for file uploads using PUT method, and the exploit of that issue
plugins
output console,textFile
output config textFile
set fileName output-w3af.txt
set verbose True
back
output config console
set verbose False
back
audit dav, osCommanding
discovery serverHeader
back
target
set target http://localhost/w3af/audit/dav/ , http://localhost/w3af/audit/os_commanding/simple_osc.php?cmd=ls
back
start
exploit
exploit * stopOnFirst
interact
interact 0
ls
w
endInteraction
interact 1
ls
whoami
endInteraction
back
assert len(kb.kb.getData('davShell','shell')) == 1
assert len(kb.kb.getData('osCommandingShell','shell')) == 0
exit
|