Interacting with WebApps Agents

WebApps Agents will appear below individual pages in the Web View. The default name of the WebApps agent indicates 2 important characteristics:

  • Vulnerability type: A WebApps agent will either be a SQL Agent, RFI Agent for PHP, XSS Agent, XXE Agent, or a Web Browser Agent that is attached to a XSS Agent.
  • Vulnerability: When you click on the parent page of a WebApps agent , the Quick Information panel will display a numbered list of vulnerabilities that are confirmed and have associated WebApps agent. If a WebApps agent was deployed using the 2nd vulnerability, then its name will contain a 2 [e.g. SQL Agent (2)].

After a WebApps agent has been created in the Web View, you can perform a number of functions by right-clicking on the object:

Change Display Name

Allows you to change the WebApps agent's name from the default to a custom name.

Add Comments

Presents text entry area for your commentary.

Properties

Activates the Entity Properties panel of the Console, showing the WebApps agent's details.

New

Allows you to create a new Scenario in the Web View..

Recent Modules

Shows a list of recently-executed modules for ease of access.

Delete

Removes the WebApps agent.

In order to leverage XSS Agents, you must run the WebApps Browser Attack and Penetration step.

Running a Shell with a WebApps Agent

If a SQL Agent exists in your Web View, then you have the ability to use a command console (shell) to interface with the application's database:

  • SQL Shell: This console uses the SQL vulnerability to provide a SQL-based command prompt to the web application's database.
  • Command Shell using SQL Agent: This console uses the SQL vulnerability to provide an operating system command prompt to the machine where the web application's database resides.
NOTE:

Currently, Core Impact's SQL Agents can interface with the following databases:

  • MS SQL Server 2008
  • MS SQL Server 2005
  • MySQL 4.1
  • MySQL 5.0
  • MySQL 5.1
  • Oracle 9i
  • Oracle 10g
  • DB/2 9.5

If an RFI Agent for PHP exists in your Web View, then you have the ability to use a command console (shell) to interface with the PHP engine:

  • Scripting Shell using RFI Agent (PHP): This console uses the PHP vulnerability to provide a command prompt to the PHP engine. This console accepts PHP commands.
  • Command Shell using RFI Agent (PHP): This console uses the PHP vulnerability to provide a command prompt to the machine where the PHP engine is running. This console accepts common shell commands such as ls, cat, dir, etc.

If a Web Browser Agent exists is attached to a XSS Agent n your Web View, then you have the ability to use a shell to interface with the target web browser:

  • Javascript Shell: This console allows you to execute Javascript code on the Web Browser Agent.

To initiate a command console via a WebApps agent:

NOTE:

We will use a SQL Agent in this example but the steps are essentially the same for the other applicable WebApps agents.

  1. Activate the Web View of the Entity View to show your scenarios.
  2. Expand a scenario to show a SQL Agent.
  3. Click to select the WebApps agent upon which you want to run a module. By doing this, all compatible modules will automatically become highlighted in the Modules View.
  4. Activate the Modules View tab on the console.
  5. Expand (double-click) the Shells folder.
  6. Click and drag the SQL Shell module from the Modules View and drop it onto the target WebApps agent.
  7. Click the OK button.

A SQL Console will appear, giving you the ability to make direct queries of the web application's database.

SQL Shell

figure 63 - SQL Shell

Deploying an Agent with a WebApps Agent

To deploy an OS agent through a SQL Agent or RFI Agent for PHP:

NOTE:

We will use an RFI Agent for PHP in this example but the steps are essentially the same for the other applicable WebApps agents..

  1. Activate the Web View of the Entity View to show your scenarios.
  2. Expand a scenario to show an RFI Agent for PHP.
  3. Click to select the WebApps agent upon which you want to run a module. By doing this, all compatible modules will automatically become highlighted in the Modules View.
  4. Activate the Modules View tab on the console.
  5. Expand (double-click) the Agents folder.
  6. Click and drag the Install OS Agent using RFI Agent (PHP) module from the Modules View and drop it onto the target WebApps agent .

    Module: Install OS Agent using RFI Agent (PHP)

    figure 64 - Module: Install OS Agent using RFI Agent (PHP)

  7. Click the OK button.

    The module will run, showing its output in the Module Log panel.

  8. When the module completes, navigate to the Visibility View and you should see the new agent under the web application host.

Once an agent has been deployed on the web application's server, you can then interact with that agent using a variety of options which are detailed in the remainder of this chapter.