Example #1
0
    def get_shellcodes(self, args):
        url = "http://shell-storm.org/api/?s="

        # Craft URL with parameters
        # Yes manually, because f*ck the builtins
        params = ""
        for arg in args:
            params += str(arg)
            params += "*"
        params = params[:len(params) - 1]
        url += params

        # Request
        req = Request("GET", url)
        prepped = req.prepare()
        s = Session()
        resp = s.send(prepped, timeout=10, verify=True)
        link = ""
        if is_query_success(resp):
            link = self.handle_shelllist(resp.text)
        else:
            fail("Something went wrong with the request ({0}: {1}".format(resp.code, resp.text))
            exit(-1)

        # Get Shellcode
        return self.html_to_shellcode(link) if link else link
Example #2
0
 def __init__(self, hostname, port):
     try:
         self.tn = telnetlib.Telnet(hostname, port)
     except Exception as err:
         fail("Could not connect Telnet to {0}:{1} (error: {2})".format(
             hostname, port, err))
     print("Connected to port {0}".format(green(port)))
Example #3
0
 def __init__(self,
              maximum_length,
              *keywords,
              strict=False,
              shellcode=None,
              script_index=-1):
     """
     Initialize a Shellcode crafter
     :param maximum_length: Maximum length for the shellcode
     :param *keywords:      Keywords to find the shellcode in the Shell-storm
                            database
     :param strict:         Usually maximum_length is used for shellcode
                            padding, but when restrict is True, the shellcode
                            list will only display those which length is less
                            than maximum_length.
     :param shellcode:      User can input an already defined shellcode
                            directly in ShellCrafter
     :param script_index    Shellcode to select can be specified here (useful
                            when scripting)
     """
     self.maximum_shellcode_length = maximum_length
     self.keywords = keywords
     self.shellcode = shellcode
     self.strict = strict
     self.script_index = script_index
     if not shellcode and not keywords:
         fail("Please specify some shellcode or keywords")
         exit(-1)
Example #4
0
 def __init__(self, hostname, port):
     try:
         self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         self.socket.connect((hostname, port))
     except Exception as err:
         fail("Could not connect Netcat to {0}:{1} (error: {2})".format(hostname, port, err))
     print("Connected to port {0}".format(green(port)))
Example #5
0
    def get_shellcodes(self, args):
        url = "http://shell-storm.org/api/?s="

        # Craft URL with parameters
        # Yes manually, because f*ck the builtins
        params = ""
        for arg in args:
            params += str(arg)
            params += "*"
        params = params[:len(params) - 1]
        url += params

        # Request
        req = Request("GET", url)
        prepped = req.prepare()
        s = Session()
        resp = s.send(prepped, timeout=10, verify=True)
        link = ""
        if is_query_success(resp):
            link = self.handle_shelllist(resp.text)
        else:
            fail("Something went wrong with the request ({0}: {1}".format(
                resp.code, resp.text))
            exit(-1)

        # Get Shellcode
        return self.html_to_shellcode(link) if link else link
Example #6
0
 def __init__(self, maximum_length, *keywords, shellcode=None):
     self.maximum_shellcode_length = maximum_length
     self.keywords = keywords
     self.shellcode = shellcode
     if not shellcode and not keywords:
         fail("Please specify some shellcode or keywords")
         exit(-1)
Example #7
0
 def __init__(self, maximum_length, *keywords, shellcode=None):
     self.maximum_shellcode_length = maximum_length
     self.keywords = keywords
     self.shellcode = shellcode
     if not shellcode and not keywords:
         fail("Please specify some shellcode or keywords")
         exit(-1)
Example #8
0
 def __init__(self, hostname, port):
     try:
         self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         self.socket.connect((hostname, port))
     except Exception as err:
         fail("Could not connect Netcat to {0}:{1} (error: {2})".format(
             hostname, port, err))
     print("Connected to port {0}".format(green(port)))
Example #9
0
def nix_basic_pass_cracker(encrypted_pass):
    try:
        crypt_method = encrypted_pass.split("$")[1]
    except Exception:
        crypt_method = '0'

    # Basic MD5
    if crypt_method == '0':
        salt = encrypted_pass[0:2]

        debug("Password: {0}".format(encrypted_pass))
        debug("Salt: {0}".format(salt))

        dict_file = open("common_passwords.txt", "r")
        for word in dict_file.readlines():
            word = word.rstrip()
            if encrypted_pass == crypt.crypt(word, salt=salt):
                success("Password corresponding to {0} is {1}."
                        .format(encrypted_pass, cyan(word)))
                return word

    # /etc/shadow style
    else:
        if crypt_method == '1':
            debug("Method: MD5")
            encryption = passlib.md5_crypt.encrypt
            pass_filter = lambda x: x
        elif crypt_method == '5':
            debug("Method: SHA256")
            encryption = passlib.sha256_crypt.encrypt
            pass_filter = filter_rounds
            warning("This may be long... Go grab a coffee (or maybe 10)")
        elif crypt_method == '6':
            debug("Method: SHA512")
            encryption = passlib.sha512_crypt.encrypt
            pass_filter = filter_rounds
            warning("This may be long... Go grab a coffee (or maybe 10)")
        else:
            fail("Unknown encryption method.")
            return

        salt = encrypted_pass.split("$")[2]

        debug("Password: {0}".format(encrypted_pass))
        debug("Salt: {0}".format(salt))

        dict_file = open("common_passwords.txt", "r")
        for word in dict_file.readlines():
            word = word.rstrip()
            if encrypted_pass == pass_filter(encryption(word, salt=salt)):
                success("Password corresponding to {0} is {1}."
                        .format(encrypted_pass, cyan(word)))
                return word

    fail("Password not found for {0}.".format(encrypted_pass))
    return
Example #10
0
    def __init__(self, hostname, port):
        '''
        Initialize a netcat client

        :param hostname: Hostname to connect to
        :param port:     Port to connect to
        '''

        try:
            self.tn = telnetlib.Telnet(hostname, port)
        except Exception as err:
            fail("Could not connect Telnet to {0}:{1} (error: {2})".format(hostname, port, err))
        print("Connected to port {0}".format(green(port)))
Example #11
0
    def __init__(self, hostname, port):
        '''
        Initialize a netcat client

        :param hostname: Hostname to connect to
        :param port:     Port to connect to
        '''

        try:
            self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            self.socket.connect((hostname, port))
        except Exception as err:
            fail("Could not connect Netcat to {0}:{1} (error: {2})".format(hostname, port, err))
        print("Connected to port {0}".format(green(port)))
Example #12
0
    def __init__(self, hostname, port):
        """
        Initialize a netcat client

        :param hostname: Hostname to connect to
        :param port:     Port to connect to
        """

        try:
            self.tn = telnetlib.Telnet(hostname, port)
        except Exception as err:
            fail("Could not connect Telnet to {0}:{1} (error: {2})".format(
                hostname, port, err))
            raise err
        print("Connected to port {0}".format(green(port)))
Example #13
0
def isqrt(n):
    if n < 0:
        fail("square root not defined for negative numbers")
        exit(-1)

    if n == 0:
        return 0

    a, b = divmod(bitlength(n), 2)
    x = 2 ** (a + b)

    while True:
        y = (x + n // x) // 2
        if y >= x:
            return x
        x = y
Example #14
0
def isqrt(n):
    if n < 0:
        fail("square root not defined for negative numbers")
        exit(-1)

    if n == 0:
        return 0

    a, b = divmod(bitlength(n), 2)
    x = 2**(a + b)

    while True:
        y = (x + n // x) // 2
        if y >= x:
            return x
        x = y
Example #15
0
    def __init__(self, hostname, port):
        """
        Initialize a netcat client

        :param hostname: Hostname to connect to
        :param port:     Port to connect to
        """

        try:
            self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
            self.socket.connect((hostname, port))
        except Exception as err:
            fail("Could not connect Netcat to {0}:{1} (error: {2})".format(
                hostname, port, err))
            raise err
        print("Connected to port {0}".format(green(port)))
Example #16
0
    def get_shellcodes(self, args):
        """
        Request shellcodes from shell-storm that match the keywords

        :param args: Keywords to send to the API
        :returns:    String formatted shellcodes
        """
        url = "http://shell-storm.org/api/?s="

        # Craft URL with parameters
        # There should be some builtins for this, but I was tired at the time I
        # wrote this...
        params = ""
        for arg in args:
            params += str(arg)
            params += "*"
        params = params[:len(params) - 1]
        url += params

        # Request
        req = Request("GET", url)
        prepped = req.prepare()
        s = Session()
        resp = s.send(prepped, timeout=10, verify=True)
        s = ''
        while s == '':
            if is_query_success(resp):
                link = self.handle_shelllist(resp.text)
            else:
                fail("Something went wrong with the request ({0}: {1}".format(
                    resp.code, resp.text))
                return None

            # Get Shellcode
            s = self.html_to_shellcode(link) if link else link

            if s == '':
                fail(
                    "Shellcode could not be retrieved - Please choose another one"
                )

        return s
Example #17
0
    def handle_shelllist(response_text):
        response_text_list = [x for x in response_text.split("\n") if x]
        shellist = []
        print("\n")

        if len(response_text_list) < 1:
            fail("No shellcode found for these parameters.")
            return

        # Please do NOT change the API...
        for i, line in enumerate(response_text_list):
            # Get shellcode architecture
            architecture = line[line.find("::::") +
                                4:find_nth(line, "::::", 1)]

            # Get shellcode's name
            title = line[find_nth(line, "::::", 1) +
                         4:find_nth(line, "::::", 2)]

            # Get shellcode's link
            link = line[find_nth(line, "::::", 3) + 4:]

            # Add to list
            entry = "({0}) {1}".format(architecture, cyan(title))
            shellist.append(link)
            print("{0}: {1}".format(i, entry))

        user_choice = 0
        while 1:
            user_choice = input(yellow("Selection: "))
            if int(user_choice) < 0:
                continue
            try:
                print("Your choice: {0}".format(shellist[int(user_choice)]))
                break
            except IndexError:
                continue

        # Return selected shellcode
        return shellist[int(user_choice)]
Example #18
0
    def get_shellcodes(self, args):
        """
        Request shellcodes from shell-storm that match the keywords

        :param args: Keywords to send to the API
        :returns:    String formatted shellcodes
        """
        url = "http://shell-storm.org/api/?s="

        # Craft URL with parameters
        # There should be some builtins for this, but I was tired at the time I
        # wrote this...
        params = ""
        for arg in args:
            params += str(arg)
            params += "*"
        params = params[: len(params) - 1]
        url += params

        # Request
        req = Request("GET", url)
        prepped = req.prepare()
        s = Session()
        resp = s.send(prepped, timeout=10, verify=True)
        s = ""
        while s == "":
            if is_query_success(resp):
                link = self.handle_shelllist(resp.text)
            else:
                fail("Something went wrong with the request ({0}: {1}".format(resp.code, resp.text))
                return None

            # Get Shellcode
            s = self.html_to_shellcode(link) if link else link

            if s == "":
                fail("Shellcode could not be retrieved - Please choose another one")

        return s
Example #19
0
    def handle_shelllist(response_text):
        response_text_list = [x for x in response_text.split("\n") if x]
        shellist = []
        print("\n")

        if len(response_text_list) < 1:
            fail("No shellcode found for these parameters.")
            return

        # Please do NOT change the API...
        for i, line in enumerate(response_text_list):
            # Get shellcode architecture
            architecture = line[line.find("::::") + 4:find_nth(line, "::::", 1)]

            # Get shellcode's name
            title = line[find_nth(line, "::::", 1) + 4:find_nth(line, "::::", 2)]

            # Get shellcode's link
            link = line[find_nth(line, "::::", 3) + 4:]

            # Add to list
            entry = "({0}) {1}".format(architecture, cyan(title))
            shellist.append(link)
            print("{0}: {1}".format(i, entry))

        user_choice = 0
        while 1:
            user_choice = input(yellow("Selection: "))
            if int(user_choice) < 0:
                continue
            try:
                print("Your choice: {0}".format(shellist[int(user_choice)]))
                break
            except IndexError:
                continue

        # Return selected shellcode
        return shellist[int(user_choice)]
Example #20
0
 def __init__(self, maximum_length, *keywords, strict=False, shellcode=None, script_index=-1):
     """
     Initialize a Shellcode crafter
     :param maximum_length: Maximum length for the shellcode
     :param *keywords:      Keywords to find the shellcode in the Shell-storm
                            database
     :param strict:         Usually maximum_length is used for shellcode
                            padding, but when restrict is True, the shellcode
                            list will only display those which length is less
                            than maximum_length.
     :param shellcode:      User can input an already defined shellcode
                            directly in ShellCrafter
     :param script_index    Shellcode to select can be specified here (useful
                            when scripting)
     """
     self.maximum_shellcode_length = maximum_length
     self.keywords = keywords
     self.shellcode = shellcode
     self.strict = strict
     self.script_index = script_index
     if not shellcode and not keywords:
         fail("Please specify some shellcode or keywords")
         exit(-1)
Example #21
0
    def handle_shelllist(self, response_text):
        """
        Print shellcodes in database that match given keywords
        VERY HACKY - Didn't find any clean way to parse this, and I FREAKIN HATE
        parsing. So let's just hope the API won't change
        """

        response_text_list = [x for x in response_text.split("\n") if x]
        shellist = []
        print("\n")

        if len(response_text_list) < 1:
            fail("No shellcode found for these parameters.")
            return None

        # Please do NOT change the API...
        i = 0
        for line in response_text_list:

            # Check shellcode length (strict=True)
            if self.strict:
                try:
                    length = re.search("\d[\d ]*bytes", line).group()
                    length = re.search("\d*", length).group()
                    if int(length) > self.maximum_shellcode_length:
                        continue
                except Exception as e:
                    # Shellcode has no length - Skip it
                    continue

            # Get shellcode architecture
            architecture = line[line.find("::::") + 4 : find_nth(line, "::::", 1)]

            # Get shellcode's name
            title = line[find_nth(line, "::::", 1) + 4 : find_nth(line, "::::", 2)]

            # Get shellcode's link
            link = re.search("http://.*\.php", line).group()

            # Add to list
            entry = "({0}) {1}".format(architecture, cyan(title))
            shellist.append(link)
            print("{0}: {1}".format(i, entry))
            i += 1

        if self.script_index > -1:
            try:
                sh = shellist[self.script_index]
                return sh
            except IndexError as e:
                print(e)

        user_choice = 0
        while 1:
            user_choice = input(yellow("Selection: "))
            if int(user_choice) < 0:
                continue
            try:
                print("Your choice: {0}".format(shellist[int(user_choice)]))
                break
            except IndexError as e:
                print(e)
                continue

        # Return selected shellcode
        return shellist[int(user_choice)]
Example #22
0
    def handle_shelllist(self, response_text):
        """
        Print shellcodes in database that match given keywords
        VERY HACKY - Didn't find any clean way to parse this, and I FREAKIN HATE
        parsing. So let's just hope the API won't change
        """

        response_text_list = [x for x in response_text.split("\n") if x]
        shellist = []
        print("\n")

        if len(response_text_list) < 1:
            fail("No shellcode found for these parameters.")
            return None

        # Please do NOT change the API...
        i = 0
        for line in response_text_list:

            # Check shellcode length (strict=True)
            if self.strict:
                try:
                    length = re.search('\d[\d ]*bytes', line).group()
                    length = re.search('\d*', length).group()
                    if int(length) > self.maximum_shellcode_length:
                        continue
                except Exception as e:
                    # Shellcode has no length - Skip it
                    continue

            # Get shellcode architecture
            architecture = line[line.find("::::") +
                                4:find_nth(line, "::::", 1)]

            # Get shellcode's name
            title = line[find_nth(line, "::::", 1) +
                         4:find_nth(line, "::::", 2)]

            # Get shellcode's link
            link = re.search('http://.*\.php', line).group()

            # Add to list
            entry = "({0}) {1}".format(architecture, cyan(title))
            shellist.append(link)
            print("{0}: {1}".format(i, entry))
            i += 1

        if self.script_index > -1:
            try:
                sh = shellist[self.script_index]
                return sh
            except IndexError as e:
                print(e)

        user_choice = 0
        while 1:
            user_choice = input(yellow("Selection: "))
            if int(user_choice) < 0:
                continue
            try:
                print("Your choice: {0}".format(shellist[int(user_choice)]))
                break
            except IndexError as e:
                print(e)
                continue

        # Return selected shellcode
        return shellist[int(user_choice)]