Example #1
0
 def __init__(self, required=True):
     super().__init__(option_type='enum',
                      name=HANDLER_OPTION.get('name'),
                      name_tag=HANDLER_OPTION.get('name_tag'),
                      desc=HANDLER_OPTION.get('desc'),
                      option_length=HANDLER_OPTION.get('option_length'),
                      required=required,
                      )
Example #2
0
    def _deal_dynamic_param(_custom_param=None):
        """处理handler及凭证等动态变化参数,返回处理后参数列表"""
        if _custom_param is None:
            return None
        import json
        if _custom_param.get(HANDLER_OPTION.get("name")) is not None:
            new_option = {}
            old_option = json.loads(_custom_param.get(HANDLER_OPTION.get("name")))
            new_option["PAYLOAD"] = old_option.get("PAYLOAD")
            new_option["LHOST"] = old_option.get("LHOST")
            new_option["RHOST"] = old_option.get("RHOST")
            new_option["LPORT"] = old_option.get("LPORT")
            _custom_param[HANDLER_OPTION.get("name")] = json.dumps(new_option)

        return _custom_param
Example #3
0
 def generate_exe(self):
     """通过监听配置生成exe"""
     handler_config = self.param(HANDLER_OPTION.get('name'))
     if handler_config is None:
         return None
     shellcode = Payload.generate_bypass_exe(
         mname=handler_config.get("PAYLOAD"), opts=handler_config)
     return shellcode
Example #4
0
 def get_handler_payload(self):
     """通过handler参数获取msf模块的payload"""
     handler_config = self.param(HANDLER_OPTION.get('name'))
     if handler_config is None:
         return None
     else:
         payload = handler_config.get("PAYLOAD")
         return payload
Example #5
0
    def _store_result_in_history(self):
        """存储模块运行结果到历史记录"""
        if self.MODULETYPE in [TAG2CH.internal]:
            return None
        opts = {}
        for key in self._custom_param:
            for option in self.OPTIONS:
                if option.get("name") == key:
                    if self._custom_param.get(key) is None:
                        continue
                    opts[option.get("name_tag")] = self._custom_param.get(key)

                    # 处理凭证,监听,文件等参数
                    try:
                        if key == HANDLER_OPTION.get("name"):
                            handler_dict = json.loads(
                                self._custom_param.get(key))
                            # 清理无效的参数
                            new_params = {
                                "PAYLOAD": handler_dict.get("PAYLOAD"),
                                "LPORT": handler_dict.get("LPORT")
                            }
                            if handler_dict.get("LHOST") is not None:
                                new_params["LHOST"] = handler_dict.get("LHOST")
                            if handler_dict.get("RHOST") is not None:
                                new_params["RHOST"] = handler_dict.get("RHOST")

                            opts[option.get("name_tag")] = json.dumps(
                                new_params)
                        elif key == FILE_OPTION.get("name"):
                            file_dict = json.loads(self._custom_param.get(key))
                            opts[option.get("name_tag")] = json.dumps({
                                "name":
                                file_dict.get("name"),
                            })
                        elif key == CREDENTIAL_OPTION.get("name"):
                            credential_dict = json.loads(
                                self._custom_param.get(key))
                            opts[option.get("name_tag")] = json.dumps({
                                "username":
                                credential_dict.get("username"),
                                "password":
                                credential_dict.get("password"),
                                "password_type":
                                credential_dict.get("password_type"),
                            })
                    except Exception as E:
                        logger.exception(E)
        module_result = Xcache.get_module_result(ipaddress=self.host_ipaddress,
                                                 loadpath=self.__module__)

        flag = Xcache.add_module_result_history(
            ipaddress=self.host_ipaddress,
            loadpath=self.__module__,
            opts=opts,
            update_time=module_result.get("update_time"),
            result=module_result.get("result"))
        return flag
Example #6
0
 def generate_hex_reverse_shellcode_by_handler(self):
     """通过监听配置生成shellcode"""
     handler_config = self.param(HANDLER_OPTION.get('name'))
     if handler_config is None:
         return None
     shellcode = Payload.generate_shellcode(
         mname=handler_config.get("PAYLOAD"), opts=handler_config)
     reverse_hex_str = shellcode.hex()[::-1]
     return reverse_hex_str
Example #7
0
 def set_payload_by_handler(self):
     """通过handler参数设置msf模块的payload"""
     handler_config = self.param(HANDLER_OPTION.get('name'))
     if handler_config is None:
         return False
     z = self.opts.copy()
     z.update(handler_config)
     z['disablepayloadhandler'] = True
     self.opts = z
     return True
Example #8
0
 def generate_hex_reverse_shellcode_array_by_handler(self):
     """通过监听配置生成shellcode"""
     handler_config = self.param(HANDLER_OPTION.get('name'))
     if handler_config is None:
         return None
     shellcode = Payload.generate_shellcode(
         mname=handler_config.get("PAYLOAD"), opts=handler_config)
     reverse_hex_str = shellcode.hex()[::-1]
     tmp = []
     for a in reverse_hex_str:
         tmp.append(f"'{a}'")
     reverse_hex_str_array = ",".join(tmp)
     return reverse_hex_str_array
Example #9
0
 def cache_handler(self):
     """根据模块监听配置生成虚拟监听"""
     if self.param(CACHE_HANDLER_OPTION.get("name")):
         handler_config = self.param(HANDLER_OPTION.get('name'))
         if handler_config is None:
             return False
         handler_config[
             "HandlerName"] = f"用于: {self.NAME} IP: {self.host_ipaddress}"
         Handler.create_virtual_handler(handler_config)
         self.log_good("监听配置已缓存")
         return True
     else:
         return False
Example #10
0
    def param(self, name):
        """获取输入参数的接口"""
        if name in [
                HANDLER_OPTION.get('name'),
                CREDENTIAL_OPTION.get('name'),
                FILE_OPTION.get('name')
        ]:
            if self._custom_param.get(name) is None:
                return None
            try:
                tmp_param = json.loads(self._custom_param.get(name))
                return tmp_param
            except Exception as E:
                logger.warning(E)
                return None

        else:
            return self._custom_param.get(name)
Example #11
0
 def get_handler_config(self):
     """货物handler详细配置信息"""
     handler_config = self.param(HANDLER_OPTION.get('name'))
     return handler_config
Example #12
0
 def get_handler_config(self):
     handler_config = self.param(HANDLER_OPTION.get('name'))
     return handler_config
Example #13
0
    def _deal_dynamic_option(one_module_config=None):
        """处理handler及凭证等动态变化参数,返回处理后参数列表"""
        options = one_module_config.get('OPTIONS')
        for option in options:
            # handler处理
            if option.get('name') == HANDLER_OPTION.get("name"):
                option['enum_list'] = Handler.list_handler_config()
                if len(option['enum_list']) == 1:  # 只有一个监听
                    option['default'] = option['enum_list'][0].get("value")

            # 凭证处理
            elif option.get('name') == CREDENTIAL_OPTION.get("name"):
                credentials = Credential.list_credential()
                tmp_enum_list = []
                try:
                    if option.get('extra_data') is None or option.get(
                            'extra_data').get('password_type') is None:
                        pass
                    else:
                        type_list = option.get('extra_data').get(
                            'password_type')
                        for credential in credentials:
                            if credential.get('password_type') in type_list:
                                name = "用户名:{} | 密码:{} | 标签:{} | 主机:{}".format(
                                    credential.get('username'),
                                    credential.get('password'),
                                    credential.get('tag'),
                                    credential.get('host_ipaddress'))
                                import json
                                value = json.dumps(credential)
                                tmp_enum_list.append({
                                    'name': name,
                                    'value': value
                                })
                    option['enum_list'] = tmp_enum_list
                except Exception as E:
                    logger.warning(E)
            # 文件处理
            elif option.get('name') == FILE_OPTION.get("name"):
                if option.get('extra_data') is None or option.get(
                        'extra_data').get('file_extension') is None:
                    file_extension_list = None
                else:
                    file_extension_list = option.get('extra_data').get(
                        'file_extension')

                files = FileMsf.list_msf_files()
                tmp_enum_list = []
                for file in files:
                    import json
                    # {
                    #     "filename": "test",
                    #     "filesize": 0,
                    #     "mtime": 1552273961
                    # },
                    name = file.get("name")
                    size = FileSession.get_size_in_nice_string(
                        file.get('size'))
                    mtime = file.get("mtime")
                    style_time = time.strftime("%Y-%m-%d %H:%M:%S",
                                               time.localtime(mtime))
                    show = False  # 是否满足文件后缀要求
                    if isinstance(file_extension_list, list):
                        for ext in file_extension_list:
                            if name.lower().endswith(ext.lower()):
                                show = True
                    else:
                        show = True
                    if show:
                        name = "文件: {}   大小: {}   修改时间: {}".format(
                            name, size, style_time)
                        value = json.dumps(file)
                        tmp_enum_list.append({'name': name, 'value': value})
                option['enum_list'] = tmp_enum_list
        return one_module_config