def key_certificate():
data = b64decode(request.form['data'])
key = session(request.form.get('host'))
decrypt = _decrypt_aes(key,data).rstrip(b"0")
certificate = generate_certificate(decrypt)
certificate_crypt = _encrypt_aes(key, certificate + (b"0"*(800 - len(certificate))))
payload = {}
payload["certificate"] = b64encode(certificate_crypt).decode()
return payload
def deconnect():
data = b64decode(request.form['data'])
key = session(request.form.get('host'))
decrypt = _decrypt_aes(key, data).rstrip(b"0")
if (decrypt == b"deconnexion"):
session_stop(request.form.get('host'))
payload = {}
payload["stop"] = "end"
return payload
def connexion():
data = b64decode(request.form['data'])
key = _decrypt_asymetric(data)
session_start(request.form.get('host'), key)
s = session(request.form.get('host'))
m = b"etablished"
ct = _encrypt_aes(s, b64encode(m))
payload = {}
payload["ct"] = b64encode(ct).decode()
return payload
def do_session(self, argv):
"""phpsploit session handler
SYNOPSIS:
session [load|diff] [<FILE>]
session save [-f] [<FILE>]
session upgrade
DESCRIPTION:
The `session` core command handles phpsploit sessions.
Sessions can be considered as phpsploit instances. They
handle current configuration settings, environment vars,
command aliases, and remote tunnel attributes (if any).
USAGE:
* session [<FILE>]
Show a nice colored representation of FILE session
content. If unset, FILE is implicly set to current
instance's session.
* session diff [<FILE>]
Shows a textual representation of the differences
between FILE and current session state. If FILE is
not set, $SAVEFILE setting is used. If $SAVEFILE is
not set, the session's state when framework started
is used as comparator.
* session save [-f] [<FILE>]
Dumps the current session instance into the given file.
If FILE is unset, then the session is saved to $SAVEFILE
setting, if $SAVEFILE does not exist, then the file path
"$SAVEPATH/phpsploit.session" is implicitly used.
NOTE: The '-f' option, is used, saves the session without
asking user confirmation is file already exists.
* session load [<FILE>]
Try to load <FILE> as the current session. If unset,
FILE is implicitly set to "./phpsploit.session".
* session upgrade
If current session file is in v1-compatible mode,
the request handler is limited to POST method and does
not supports multi request and stealth modules.
This command shall be used to upgrade current session
AFTER you upgraded the remote $TARGET with new-style
phpsploit backdoor (which can be obtained with
`exploit --get-backdoor` command).
EXAMPLES:
> session load /tmp/phpsploit.session
- Load /tmp/phpsploit.session.
> session save
- Save current state to session's source file ($SAVEFILE).
WARNING:
The `session load` action can't be used through a remote
shell session. If it is the case, run `exit` to disconnect
from remote server before launching this command.
"""
# prevent argv IndexError
argv += [None, None]
# session save [<FILE>]
if argv[1] == 'save':
if argv[2] == '-f':
path = argv[3]
ask_confirmation = False
else:
path = argv[2]
ask_confirmation = True
session.dump(path, ask_confirmation=ask_confirmation)
path = session.File if path is None else path
session.File = path
print("[*] Session saved into %r" % path)
# session load [<FILE>]
elif argv[1] == 'load':
try:
session.update(argv[2], update_history=True)
print("[#] Session file correctly loaded")
except:
print("[#] Could not load session file")
raise
# session diff [<FILE>]
elif argv[1] == 'diff':
session.diff(argv[2], display_diff=True)
# session upgrade
elif argv[1] == 'upgrade':
if "id" in session.Compat:
print("[*] You are about to upgrade phpsploit session.")
print("[*] Please ensure that you have correctly upgraded")
print("[*] the remote backdoor into target URL.")
print("[*] After session upgrade, phpsploit assumes that")
print("[*] an up-to-date backdoor is active on $TARGET.")
cancel = ui.input.Expect(False)
if not cancel("Do you really want to upgrade session now ?"):
session.Compat = {}
print("[*] Session correctly upgraded")
else:
print("[-] Session upgrade aborted")
else:
print("[-] Session already up-to-date")
# sesion [<FILE>]
else:
print(session(argv[1]))
def do_session(self, argv):
"""phpsploit session handler
SYNOPSIS:
session [load|diff] [<FILE>]
session save [-f] [<FILE>]
session upgrade
DESCRIPTION:
The `session` core command handles phpsploit sessions.
Sessions can be considered as phpsploit instances. They
handle current configuration settings, environment vars,
command aliases, and remote tunnel attributes (if any).
USAGE:
* session [<FILE>]
Show a nice colored representation of FILE session
content. If unset, FILE is implicly set to current
instance's session.
* session diff [<FILE>]
Shows a textual representation of the differences
between FILE and current session state. If FILE is
not set, $SAVEFILE setting is used. If $SAVEFILE is
not set, the session's state when framework started
is used as comparator.
* session save [-f] [<FILE>]
Dumps the current session instance into the given file.
If FILE is unset, then the session is saved to $SAVEFILE
setting, if $SAVEFILE does not exist, then the file path
"$SAVEPATH/phpsploit.session" is implicitly used.
NOTE: The '-f' option, is used, saves the session without
asking user confirmation is file already exists.
* session load [<FILE>]
Try to load <FILE> as the current session. If unset,
FILE is implicitly set to "./phpsploit.session".
* session upgrade
If current session file is in v1-compatible mode,
the request handler is limited to POST method and does
not supports multi request and stealth modules.
This command shall be used to upgrade current session
AFTER you upgraded the remote $TARGET with new-style
phpsploit backdoor (which can be obtained with
`exploit --get-backdoor` command).
EXAMPLES:
> session load /tmp/phpsploit.session
- Load /tmp/phpsploit.session.
> session save
- Save current state to session's source file ($SAVEFILE).
WARNING:
The `session load` action can't be used through a remote
shell session. If it is the case, run `exit` to disconnect
from remote server before launching this command.
"""
# prevent argv IndexError
argv += [None, None]
# session save [<FILE>]
if argv[1] == 'save':
if argv[2] == '-f':
return session.dump(argv[3], ask_confirmation=False)
else:
return session.dump(argv[2])
# session load [<FILE>]
elif argv[1] == 'load':
try:
session.update(argv[2], update_history=True)
print("[#] Session file correctly loaded")
except:
print("[#] Could not load session file")
raise
# session diff [<FILE>]
elif argv[1] == 'diff':
session.diff(argv[2], display_diff=True)
# session upgrade
elif argv[1] == 'upgrade':
if "id" in session.Compat:
print("[*] You are about to upgrade phpsploit session.")
print("[*] Please ensure that you have correctly upgraded")
print("[*] the remote backdoor into target URL.")
print("[*] After session upgrade, phpsploit assumes that")
print("[*] an up-to-date backdoor is active on $TARGET.")
cancel = ui.input.Expect(False)
if not cancel("Do you really want to upgrade session now ?"):
session.Compat = {}
print("[*] Session correctly upgraded")
else:
print("[-] Session upgrade aborted")
else:
print("[-] Session already up-to-date")
# sesion [<FILE>]
else:
print(session(argv[1]))
def do_session(argv):
"""phpsploit session handler
SYNOPSIS:
session [load|diff] [<FILE>]
session save [-f] [<FILE>]
session upgrade
DESCRIPTION:
The `session` core command handles phpsploit sessions.
Sessions can be considered as phpsploit instances. They
handle current configuration settings, environment vars,
command aliases, and remote tunnel attributes (if any).
They can be saved to a file for further use.
USAGE:
* session [<FILE>]
Show a nice colored representation of FILE session
content. If called without argument, current session
if displayed.
* session diff [<FILE>]
Show a textual representation of the differences
between FILE and current session. If FILE is not set,
the diff between session's original and current states
if shown.
* session save [-f] [<FILE>]
Save current session state in FILE.
If FILE is not set, the session is saved to it's original
path location. It still not bound to a file, default location
is '$SAVEPATH/phpsploit.session'.
NOTE: The '-f' option, if used, saves the session without
asking user confirmation if file already exists.
* session load [<FILE>]
Try to load session from FILE.
It unset, try to load session from './phpsploit.session'
* session upgrade
If current session file is in v1-compatible mode,
the request handler is limited to POST method and does
not supports multi request and stealth modules.
This command shall be used to upgrade current session
AFTER you upgraded the remote $TARGET with new-style
phpsploit backdoor (which can be obtained with
`exploit --get-backdoor` command).
EXAMPLES:
> session load /tmp/phpsploit.session
- Load /tmp/phpsploit.session.
> session save
- Save current state to session file.
WARNING:
The `session load` action can't be used through a remote
shell session. If it is the case, run `exit` to disconnect
from remote server before launching this command.
"""
# prevent argv IndexError
argv += [None, None]
# session save [<FILE>]
if argv[1] == 'save':
if argv[2] == '-f':
path = argv[3]
ask_confirmation = False
else:
path = argv[2]
ask_confirmation = True
session.dump(path, ask_confirmation=ask_confirmation)
path = session.File if path is None else path
session.File = path
print("[*] Session saved into %r" % path)
# session load [<FILE>]
elif argv[1] == 'load':
try:
session.update(argv[2], update_history=True)
print("[#] Session file correctly loaded")
except:
print("[#] Could not load session file")
raise
# session diff [<FILE>]
elif argv[1] == 'diff':
session.diff(argv[2], display_diff=True)
# session upgrade
elif argv[1] == 'upgrade':
if "id" in session.Compat:
print("[*] You are about to upgrade phpsploit session.")
print("[*] Please ensure that you have correctly upgraded")
print("[*] the remote backdoor into target URL.")
print("[*] After session upgrade, phpsploit assumes that")
print("[*] an up-to-date backdoor is active on $TARGET.")
cancel = ui.input.Expect(False)
if not cancel("Do you really want to upgrade session now ?"):
session.Compat = {}
print("[*] Session correctly upgraded")
else:
print("[-] Session upgrade aborted")
else:
print("[-] Session already up-to-date")
# sesion [<FILE>]
else:
print(session(argv[1]))
def do_session(argv):
"""phpsploit session handler
SYNOPSIS:
session [load|diff] [<FILE>]
session save [-f] [<FILE>]
session upgrade
DESCRIPTION:
The `session` core command handles phpsploit sessions.
Sessions can be considered as phpsploit instances. They
handle current configuration settings, environment vars,
command aliases, and remote tunnel attributes (if any).
They can be saved to a file for further use.
USAGE:
* session [<FILE>]
Show a nice colored representation of FILE session
content. If called without argument, current session
if displayed.
* session diff [<FILE>]
Show a textual representation of the differences
between FILE and current session. If FILE is not set,
the diff between session's original and current states
if shown.
* session save [-f] [<FILE>]
Save current session state in FILE.
If FILE is not set, the session is saved to it's original
path location. It still not bound to a file, default location
is '$SAVEPATH/phpsploit.session'.
NOTE: The '-f' option, if used, saves the session without
asking user confirmation if file already exists.
* session load [<FILE>]
Try to load session from FILE.
It unset, try to load session from './phpsploit.session'
* session upgrade
If current session file is in v1-compatible mode,
the request handler is limited to POST method and does
not supports multi request and stealth modules.
This command shall be used to upgrade current session
AFTER you upgraded the remote $TARGET with new-style
phpsploit backdoor (which can be obtained with
`exploit --get-backdoor` command).
EXAMPLES:
> session load /tmp/phpsploit.session
- Load /tmp/phpsploit.session.
> session save
- Save current state to session file.
WARNING:
`session load` should NEVER be used while still connected
to a remote TARGET. If you want to load another session,
first run `exit` to disconnect from remote server.
"""
# prevent argv IndexError
argv += [None, None]
# session save [<FILE>]
if argv[1] == 'save':
if argv[2] == '-f':
path = argv[3]
ask_confirmation = False
else:
path = argv[2]
ask_confirmation = True
session.dump(path, ask_confirmation=ask_confirmation)
path = session.File if path is None else path
session.File = path
print("[*] Session saved into %r" % path)
# session load [<FILE>]
elif argv[1] == 'load':
try:
session.update(argv[2], update_history=True)
print("[#] Session file correctly loaded")
except:
print("[#] Could not load session file")
raise
# session diff [<FILE>]
elif argv[1] == 'diff':
session.diff(argv[2], display_diff=True)
# session upgrade
elif argv[1] == 'upgrade':
if "id" in session.Compat:
print("[*] You are about to upgrade phpsploit session.")
print("[*] Please ensure that you have correctly upgraded")
print("[*] the remote backdoor into target URL.")
print("[*] After session upgrade, phpsploit assumes that")
print("[*] an up-to-date backdoor is active on $TARGET.")
cancel = ui.input.Expect(False)
if not cancel("Do you really want to upgrade session now ?"):
session.Compat = {}
print("[*] Session correctly upgraded")
else:
print("[-] Session upgrade aborted")
else:
print("[-] Session already up-to-date")
# sesion [<FILE>]
else:
print(session(argv[1]))