def start_flask(config, cli): prefix = "http://" if config.get("gui-https-enabled") == "on": prefix = "https://" UI.warn("Web GUI Started: %s%s:%s" % (prefix, config.get("gui-host"), config.get("gui-port"))) UI.warn("Web GUI Password: %s" % config.get("server-password")) app.init(config, cli) try: if config.get("gui-https-enabled") == "on": cert = config.get("gui-https-cert-path") Utils.file_exists(cert, True) server = WSGIServer( (config.get("gui-host"), int(config.get("gui-port"))), app, log=None, keyfile=cert, certfile=cert) else: server = WSGIServer( (config.get("gui-host"), int(config.get("gui-port"))), app, log=None) server.serve_forever() except: pass
def start_gui(config, cli): prefix = "http://" try: port = int(config.get("gui-port")) except: UI.error("(gui-port) GUI HTTP port need to be a integer.", True) if config.get("https-enabled") == "on": prefix = "https://" UI.warn('Web GUI Started: %s%s:%s' % (prefix, config.get('gui-host'), config.get('gui-port'))) UI.warn('Web GUI Password: %s' % config.get('server-password')) app.init(config, cli) path = "%s/logs/%s" % (os.getcwd(), str(time.strftime("%d-%m-%Y"))) gui_log = "%s/gui.log" % path if not os.path.exists(path): os.makedirs(path) fd = os.open(gui_log, os.O_RDWR | os.O_CREAT) stderr = 2 websocket.run(app, host=config.get("gui-host"), port=port, log_output=os.dup2(fd, stderr))
def get_cmd_output(self, guid): for item in self.sql.get_cmd_response(self.config.get('uid')): print '' UI.warn('Command output:\n%s' % self.redis.get_output(item[0], item[1])[0]) self.sql.delete_response(item[0], item[2], item[1], item[3]) guid = item[0] return guid
def start_httpd(config): ip = config.get("http-host") try: port = int(config.get("http-port")) except: UI.error("(http-port) HTTP port need to be a integer.", True) UI.warn("Starting web server on %s port %d" % (ip, port)) try: server_class = http.server.HTTPServer factory = HTTPDFactory(config) httpd_server = server_class((ip, port), factory) if config.get("https-enabled") == "on": cert = config.get("https-cert-path") Utils.file_exists(cert, True) httpd_server.socket = ssl.wrap_socket(httpd_server.socket, certfile=cert) UI.warn("Web server is using HTTPS") httpd_server.serve_forever() except Exception as e: UI.error( "Server was not able to start (Port already in use?)... Aborting", True)
def install_dependencies(): UI.warn("Installing dependencies") if not os.getuid() == 0: UI.error("root privileges required to install the dependencies") os.system( "/usr/bin/apt update && /usr/bin/apt install redis-server mono-mcs python3-tabulate python3-redis python3-flask python3-dev python3-pip python3-gevent -y && /usr/bin/python3 -m pip install flask-socketio" ) UI.error("Installation completed please restart ThunderShell", True)
def install_dependencies(): UI.warn("Installing dependencies") if not os.getuid() == 0: UI.error("root privileges required to install the dependencies") os.system( "apt update && apt install mysql-server redis-server mono-dmcs python-tabulate python-mysqldb python-redis -y" ) UI.error("Installation completed please restart ThunderShell", True)
def get_cmd_output(self, guid): for item in self.redis.get_active_cli_session_output(self.config.get('uid')): print('\n') data = self.redis.get_data(item) guid = item.split(":")[2] UI.warn('Command output:\n%s' % data) self.redis.delete_entry(item) return guid
def install_dependencies(): UI.warn('Installing dependencies') if not os.getuid() == 0: UI.error('root privileges required to install the dependencies') os.system( '/usr/bin/apt update && /usr/bin/apt install redis-server mono-dmcs python-tabulate python-redis python-flask python-dev libxml2-dev libxslt-dev python-pip -y && pip install flask-socketIO' ) UI.error('Installation completed please restart ThunderShell', True)
def gen_encryption_key(self): install = Utils.file_exists(CONFIG.DEFAULT_INSTALL_PATH, False) if not install: UI.warn('Generating new keys') self.set('encryption-key', Utils.gen_str(24)) self.set('server-password', Utils.gen_str(32)) open(CONFIG.DEFAULT_INSTALL_PATH, 'wb').write('OK') self.save_config() self.reload = True
def gen_encryption_key(self): install = Utils.file_exists(CONFIG.DEFAULT_INSTALL_PATH, False) if not install: UI.warn("Generating new keys") self.set("encryption-key", Utils.gen_str(24)) self.set("server-password", Utils.gen_str(32)) open(CONFIG.DEFAULT_INSTALL_PATH, "w").write("OK") self.save_config() self.reload = True
def get_cmd_output(self, guid): for item in self.redis.get_active_cli_session_output( self.config.get("uid")): print("\n") item = item.decode() data = self.redis.get_data(item).decode() guid = item.split(":")[2] UI.warn("Command output:\n%s" % data) self.redis.delete_entry(item) return guid
def install_dependencies(pyver): UI.warn("Installing dependencies") if not os.getuid() == 0: UI.error("root privileges required to install the dependencies") os.system("/usr/bin/apt update && /usr/bin/apt install redis-server mono-mcs python%s python%s-pip python%s-dev -y" % (pyver, pyver, pyver)) os.system("pip%s install tabulate" % pyver) os.system("pip%s install redis" % pyver) os.system("pip%s install flask" % pyver) os.system("pip%s install flask-socketio" % pyver) os.system("pip%s install pycrypto" % pyver) os.system("pip%s install gevent" % pyver)
def get_cmd_send(self): guid = False for item in self.redis.get_active_cli_session_cmd(self.config.get('uid')): print('\n') data = self.redis.get_data(item) data = data.split(":") guid = item.split(":")[2] UI.warn('%s - Sending command: %s' % (data[0], data[1])) self.redis.delete_entry(item) if data[1] == 'exit': guid = 'exit' return guid
def start_gui(config, cli): prefix = "http://" if config.get("https-enabled") == "on": prefix = "https://" UI.warn("Web GUI Started: %s%s:%s" % (prefix, config.get("gui-host"), config.get("gui-port"))) UI.warn("Web GUI Password: %s" % config.get("server-password")) app.init(config, cli) server = WSGIServer((config.get("gui-host"), int(config.get("gui-port"))), app, log=None) server.serve_forever()
def get_cmd_send(self): guid = False for item in self.redis.get_active_cli_session_cmd( self.config.get("uid")): print("\n") item = item.decode() data = self.redis.get_data(item).decode() data = data.split(":") guid = item.split(":")[2] UI.warn("%s - Sending command: %s" % (data[0], data[1])) self.redis.delete_entry(item) if data[1] == "exit": guid = "exit" return guid
def view_event(self, data): log_path = Utils.get_arg_at(data, 1, 2) if log_path == "": UI.error("Missing arguments") return if log_path == "key": UI.warn("Your encryption key is '%s'" % self.config.get("encryption-key")) return if log_path == "password": UI.warn("Your server password is '%s'" % self.config.get("server-password")) return if not log_path in ("http", "event", "error"): UI.error("Invalid path") return log_path += ".log" rows = Utils.get_arg_at(data, 2, 2) if rows == "": rows = 10 else: try: rows = int(rows) except: rows = 10 log_path = Log.get_current_path(log_path) data = [] if Utils.file_exists(log_path): for line in open(log_path, "rb").readlines(): data.append(line) data = list(reversed(data)) print("\nLast %d lines of log\n----------------------\n" % rows) data = list(data) for i in range(0, rows): try: print data[i] except: pass
def check_version(): current = Version.VERSION request = urllib.request.Request( "http://thundershell.ringzer0team.com/version.html?%s" % current) response = urllib.request.urlopen(request).read().strip().decode() if not response == current: UI.error( "Your ThunderShell installation is outdated latest is %s. Your version is %s" % (response, current), False) UI.warn("Do you want to exit ThunderShell and update it") if UI.prompt('Updating (Yes/No)').lower() == 'yes': os.system("git pull") UI.error("Installation updated! Please restart ThunderShell", True) os._exit(0)
def view_event(self, data): log_path = Utils.get_arg_at(data, 1, 2) if log_path == '': UI.error('Missing arguments') return if log_path == 'key': UI.warn("Your encryption key is '%s'" % self.config.get('encryption-key')) return if log_path == 'password': UI.warn("Your server password is '%s'" % self.config.get('server-password')) return if not log_path in ('http', 'event', 'error'): UI.error('Invalid path') return log_path += '.log' rows = Utils.get_arg_at(data, 2, 2) if rows == '': rows = 10 else: try: rows = int(rows) except: rows = 10 log_path = Log.get_current_path(log_path) data = [] if Utils.file_exists(log_path): for line in open(log_path, 'rb').readlines(): data.append(line) data = list(reversed(data)) print '''Last %d lines of log\n----------------------''' % rows data = list(data) for i in range(0, rows): try: print data[i] except: pass
def start_httpd(config): ip = config.get('http-host') try: port = int(config.get('http-port')) except: UI.error("(http-port) HTTP port need to be a integer.", True) UI.warn('Starting web server on %s port %d' % (ip, port)) try: server_class = BaseHTTPServer.HTTPServer factory = HTTPDFactory(config) httpd_server = server_class((ip, port), factory) if config.get('https-enabled') == 'on': cert = config.get('https-cert-path') Utils.file_exists(cert, True) httpd_server.socket = ssl.wrap_socket(httpd_server.socket, certfile=cert) UI.success('Web server is using HTTPS') httpd_server.serve_forever() except: UI.error('Server was not able to start (Port already in use?)... Aborting', True)
profile = CONFIG(profile) config.set("profile", profile) uid = Utils.guid() config.set("uid", uid) config.set("username", "(CLI)%s" % sys.argv[2]) db = RedisQuery(config) sql = MySQLQuery(config) sql.install_db().init_uid() config.set("redis", db) config.set("mysql", sql) db.update_config(config).init_sql() UI.warn("Current Active session UUID is %s" % config.get("uid")) # Launch the HTTPD daemon if not "-nohttpd" in sys.argv: httpd_thread = init_httpd_thread(config) cli = Cli(config) while True: try: cmd = cli.prompt() cli.parse_cmd(cmd) except KeyboardInterrupt as e: UI.error( "*** You really want to exit the application? *** (yes/no)")
def output_cli_or_str(self, message): if self.cli: UI.warn(message) return "" else: return "[*] %s\n" % message
config = CONFIG(sys.argv[1]) profile = config.get('http-profile') if not profile == '': Utils.file_exists(profile, True) profile = CONFIG(profile) config.set('profile', profile) uid = Utils.guid() config.set('uid', uid) config.set('username', '%s' % sys.argv[2]) db = RedisQuery(config) config.set('redis', db) UI.warn('Current Active CLI session UUID is %s' % config.get('uid')) cli = Cli(config) # Launch the GUI if not '-nogui' in sys.argv: webui_thread = init_gui_thread(config, cli) # Launch the HTTPD daemon if not '-nohttpd' in sys.argv: httpd_thread = init_httpd_thread(config) while True: try: cmd = cli.prompt() cli.parse_cmd(cmd)
Utils.file_exists(profile, True) profile = CONFIG(profile) config.set('profile', profile) uid = Utils.guid() config.set('uid', uid) config.set('username', '(CLI)%s' % sys.argv[2]) db = RedisQuery(config) sql = MySQLQuery(config) sql.install_db().init_uid() config.set('redis', db) config.set('mysql', sql) db.update_config(config).init_sql() UI.warn('Current Active CLI session UUID is %s' % config.get('uid')) # Launch the HTTPD daemon if not '-nohttpd' in sys.argv: httpd_thread = init_httpd_thread(config) # Launch the GUI if not '-nogui' in sys.argv: if config.get('https-enabled') == 'on': print('') UI.warn('Web GUI Started: https://%s:%s' % (config.get('gui-host'), config.get('gui-port'))) else: UI.warn('Web GUI Started: http://%s:%s' % (config.get('gui-host'), config.get('gui-port'))) UI.warn('Web GUI Password: %s\n\n' % config.get('server-password'))