def display_payload_options(self, selected_pload, showTitle=True): # show the title if specified if showTitle: evasion_helpers.title_screen() self.payload_info(selected_pload) return
def tool_main_menu(self): # This is the main function where everything is called from # Iterate over payloads and find the user selected payload module evasion_main_command = "" show_evasion_menu = True while True: # set out tab completion for the appropriate modules on each run # as other modules sometimes reset this comp = completer.MainMenuCompleter(self.evasion_main_menu_commands, self.active_payloads) readline.set_completer_delims(' \t\n;') readline.parse_and_bind("tab: complete") readline.set_completer(comp.complete) if show_evasion_menu: evasion_helpers.title_screen() print("Veil-Evasion Menu") print("\n\t" + helpers.color(len(self.active_payloads)) + " payloads loaded\n") print("Available Commands:\n") for command in sorted(self.evasion_main_menu_commands.keys()): print("\t" + helpers.color(command) + '\t\t\t' + self.evasion_main_menu_commands[command]) print() show_evasion_menu = False evasion_main_command = input('Veil/Evasion>: ').strip().lower() if evasion_main_command.startswith("back") or evasion_main_command.startswith("main") or evasion_main_command.startswith("menu"): break elif evasion_main_command.startswith("checkvt"): self.check_vt() elif evasion_main_command.startswith("clean"): self.clean_artifacts() elif evasion_main_command.startswith("exit") or evasion_main_command.startswith("quit"): sys.exit(0) elif evasion_main_command.startswith('info'): if len(evasion_main_command.split()) == 2: payload_selected = evasion_main_command.split()[1] selected_payload_module = self.return_payload_object(payload_selected) if not selected_payload_module: print() print(helpers.color(" [!] ERROR: You did not provide a valid payload selection!", warning=True)) print(helpers.color(" [*] Ex: info 2 OR info lua/shellcode_inject/flat.py", warning=True)) print() else: self.print_options_screen(selected_payload_module) else: print() print(helpers.color(" [!] ERROR: You did not provide a valid payload selection!", warning=True)) print(helpers.color(" [*] Ex: info 2 OR info lua/shellcode_inject/flat.py", warning=True)) print() elif evasion_main_command.startswith('list'): evasion_helpers.title_screen() self.list_loaded_payloads() elif evasion_main_command.startswith('use'): if len(evasion_main_command.split()) == 2: payload_selected = evasion_main_command.split()[1].lower() selected_payload_module = self.return_payload_object(payload_selected) if not selected_payload_module: print() print(helpers.color(" [!] ERROR: You did not provide a valid payload selection!", warning=True)) print(helpers.color(" [*] Ex: use 2 OR use lua/shellcode_inject/flat.py", warning=True)) print() else: self.use_payload(selected_payload_module) show_evasion_menu = True else: print() print(helpers.color(" [!] ERROR: You did not provide a valid payload selection!", warning=True)) print(helpers.color(" [*] Ex: use 2 OR use lua/shellcode_inject/flat.py", warning=True)) print() return
def payload_selection_menu(self, showTitle=True): """ Menu to prompt the user for a custom shellcode string. Returns None if nothing is specified. """ # print out the main title to reset the interface if showTitle: evasion_helpers.title_screen() print(' [?] Generate or supply custom shellcode?\n') print(' %s - Ordnance %s' % (helpers.color('1'), helpers.color('(default)', yellow=True))) print(' %s - MSFVenom' % (helpers.color('2'))) print(' %s - custom shellcode string' % (helpers.color('3'))) print(' %s - file with shellcode (\\x41\\x42..)' % (helpers.color('4'))) print(' %s - binary file with shellcode\n' % helpers.color('5')) try: choice = self.required_options['SHELLCODE'][0].lower().strip() print(" [>] Please enter the number of your choice: %s" % (choice)) except: choice = input(" [>] Please enter the number of your choice: ").strip() if choice == '4': # instantiate our completer object for path completion comp = completer.PathCompleter() # we want to treat '/' as part of a word, so override the delimiters readline.set_completer_delims(' \t\n;') readline.parse_and_bind("tab: complete") readline.set_completer(comp.complete) # if the shellcode is specicified as a raw file filePath = input(" [>] Please enter the path to your shellcode file: ") try: with open(filePath, 'r') as shellcode_file: file_shellcode = shellcode_file.read() file_shellcode = file_shellcode.strip() except: print(helpers.color(" [!] WARNING: path not found, defaulting to msfvenom!", warning=True)) return None if len(file_shellcode) == 0: print(helpers.color(" [!] WARNING: no custom shellcode restrieved, defaulting to msfvenom!", warning=True)) return None # check if the shellcode was passed in as string-escaped form if file_shellcode[0:2] == "\\x" and file_shellcode[4:6] == "\\x": return file_shellcode else: # otherwise encode the raw data as a hex string hexString = binascii.hexlify(file_shellcode) file_shellcode = "\\x"+"\\x".join([hexString[i:i + 2] for i in range(0, len(hexString), 2)]) return file_shellcode # remove the completer readline.set_completer(None) elif choice == '5': # instantiate our completer object for path completion comp = completer.PathCompleter() # we want to treat '/' as part of a word, so override the delimiters readline.set_completer_delims(' \t\n;') readline.parse_and_bind("tab: complete") readline.set_completer(comp.complete) # if the shellcode is specicified as a raw file filePath = input(" [>] Please enter the path to your binary file: ") try: with open(filePath, 'rb') as shellcode_file: file_shellcode = shellcode_file.read() except: print(helpers.color(" [!] WARNING: path not found, defaulting to msfvenom!", warning=True)) return None if len(file_shellcode) == 0: print(helpers.color(" [!] WARNING: no custom shellcode restrieved, defaulting to msfvenom!", warning=True)) return None binary_code = '' # Convert from binary to shellcode for byte in file_shellcode: binary_code += "\\x" + hex(byte)[2:].zfill(2) return binary_code elif choice == '3' or choice == 'string': # if the shellcode is specified as a string cust_sc = input(" [>] Please enter custom shellcode (one line, no quotes, \\x00.. format): ") if len(cust_sc) == 0: print(helpers.color(" [!] WARNING: no shellcode specified, defaulting to msfvenom!", warning=True)) return cust_sc elif choice == '' or choice == '1' or choice.lower() == 'veil-ordnance' or choice.lower() == 'ordnance': return 'ordnance' elif choice == '2' or choice.lower() == 'msf' or choice.lower() == 'metasploit' or choice.lower() == 'msfvenom': return None else: print(helpers.color(" [!] WARNING: Invalid option chosen, defaulting to Ordnance!", warning=True)) return 'ordnance'
def compiler(payload_object, invoked=False, cli_object=None): # Check the source code to ensure it is present if payload_object.payload_source_code == '': print( helpers.color("\n [!] ERROR: No payload source code provided.\n", warning=True)) return False else: # print title bar evasion_helpers.title_screen() if not invoked: # Determine the file name to use for output file_name = input( ' [>] Please enter the base name for output files (default is payload): ' ).strip() else: file_name = cli_object.o # Basic checks on input while file_name != '' and ("\\" in file_name or "/" in file_name): print( helpers.color( "\nPlease provide a base name, not a path, for the output base\n", warning=True)) file_name = input( ' [>] Please enter the base name for output files (default is payload): ' ).strip() # If no base name, set it to be payload if file_name == '': file_name = 'payload' # run check to make sure file doesn't exist, if it does # provide a new filename file_name = find_file_name(file_name, payload_object) source_code_filepath = settings.PAYLOAD_SOURCE_PATH + file_name + "." + payload_object.extension # Used when outputting exe files, go figure executable_filepath = settings.PAYLOAD_COMPILED_PATH + file_name + ".exe" if payload_object.language is not "native" and payload_object.extension is not "war": with open(source_code_filepath, 'w') as source_file: source_file.write(payload_object.payload_source_code) if payload_object.language == 'python': if not invoked: compile_method = "" else: compile_method = cli_object.compiler # Check extension for war or normal python file if payload_object.extension == 'py': if settings.OPERATING_SYSTEM == "Windows": compile_method = 'py2exe' else: if payload_object.required_options['COMPILE_TO_EXE'][ 0].lower() == 'y' and not invoked: print() evasion_helpers.title_screen() print() # if we have a linux distro, continue... # Determine if the user wants Pyinstaller, Pwnstaller, or Py2Exe. print( ' [?] How would you like to create your payload executable?\n' ) print(' %s - Pyinstaller %s' % (helpers.color('1'), helpers.color('(default)', yellow=True))) print(' %s - Py2Exe\n' % (helpers.color('2'))) user_compile_choice = input( " [>] Please enter the number of your choice: ") if user_compile_choice == "1" or user_compile_choice == '': compile_method = "pyinstaller" elif user_compile_choice == "2": compile_method = "py2exe" else: compile_method = "pyinstaller" if compile_method == 'py2exe' and payload_object.required_options[ 'COMPILE_TO_EXE'][0].lower() == 'y': # Generate setup.py File for Py2Exe with open(settings.PAYLOAD_SOURCE_PATH + '/setup.py', 'w') as setup_file: setup_file.write("from distutils.core import setup\n") setup_file.write("import py2exe, sys, os\n\n") setup_file.write("setup(\n") setup_file.write( "\toptions = {'py2exe': {'bundle_files': 1}},\n") setup_file.write("\tzipfile = None,\n") setup_file.write("\twindows=['" + file_name + ".py']\n") setup_file.write(")") # Generate Batch script for Compiling on Windows Using Py2Exe with open(settings.PAYLOAD_SOURCE_PATH + '/runme.bat', 'w') as runme_file: runme_file.write( 'rem Batch Script for compiling python code into an executable\n' ) runme_file.write('rem on windows with py2exe\n') runme_file.write( 'rem Usage: Drop into your Python folder and click, or anywhere if Python is in your system path\n\n' ) runme_file.write("python setup.py py2exe\n") runme_file.write('cd dist\n') runme_file.write('move ' + file_name + '.exe ../\n') runme_file.write('cd ..\n') runme_file.write('rmdir /S /Q build\n') runme_file.write('rmdir /S /Q dist\n') print() evasion_helpers.title_screen() print() print_payload_information(payload_object) print( helpers.color( "\npy2exe files 'setup.py' and 'runme.bat' written to:\n" + settings.PAYLOAD_SOURCE_PATH + "\n")) else: if payload_object.required_options['COMPILE_TO_EXE'][ 0].lower() == 'y': # Used for PyInstaller standard # copy the pyinstaller runw to maintain its integrity in the event # pwnstaller is added in for python3 - this will future proof it runw_path = settings.VEIL_PATH + '/tools/evasion/evasion_common/tools/runw.orig.exe' os.system( "cp " + runw_path + " " + settings.PYINSTALLER_PATH + "/PyInstaller/bootloader/Windows-32bit/runw.exe") # Validate python is installed in wine if not os.path.isfile(settings.WINEPREFIX + 'drive_c/Python34/python.exe'): print( helpers.color( "\n [!] ERROR: Can't find python.exe in " + os.path.expanduser(settings.WINEPREFIX + 'drive_c/Python34/'), warning=True)) print( helpers.color( " [!] ERROR: Make sure the python.exe binary exists before using PyInstaller.", warning=True)) sys.exit(1) random_key = evasion_helpers.randomString() os.system( 'WINEPREFIX=' + settings.WINEPREFIX + ' wine ' + settings.WINEPREFIX + '/drive_c/Python34/python.exe' + ' ' + os.path.expanduser(settings.PYINSTALLER_PATH + '/pyinstaller.py') + ' --onefile --noconsole --key ' + random_key + ' ' + source_code_filepath) print() evasion_helpers.title_screen() print() if os.path.isfile('dist/' + file_name + ".exe"): os.system('mv dist/' + file_name + ".exe " + settings.PAYLOAD_COMPILED_PATH) hash_executable(executable_filepath, file_name) print_payload_information(payload_object) print( " [*] Executable written to: " + helpers.color(settings.PAYLOAD_COMPILED_PATH + file_name + ".exe")) else: print( helpers.color( " [!] ERROR: Unable to create output file.", warning=True)) os.system('rm -rf dist') os.system('rm -rf build') os.system('rm -f *.spec') os.system('rm -f logdict*.*') print(" [*] Source code written to: " + helpers.color(source_code_filepath)) elif payload_object.extension == 'war': path_here = settings.PAYLOAD_COMPILED_PATH + file_name + "." + payload_object.extension with open(path_here, 'wb') as source_file: source_file.write(payload_object.payload_source_code) # Ensure that war file was written to disk if os.path.isfile(path_here): hash_executable(path_here, file_name) print_payload_information(payload_object) print(" [*] WAR file written to: " + helpers.color(source_code_filepath)) else: print( helpers.color(" [!] ERROR: Unable to create WAR file.", warning=True)) else: print( helpers.color( " [!] ERROR: Invalid python extension in payload module.\n", warning=True)) elif payload_object.language == 'ruby': if payload_object.required_options['COMPILE_TO_EXE'][0].lower( ) == 'y': os.system( 'WINEPREFIX=' + settings.WINEPREFIX + ' wine ' + settings.WINEPREFIX + '/drive_c/Ruby187/bin/ruby.exe ' + settings.WINEPREFIX + '/drive_c/Ruby187/bin/ocra --windows ' + source_code_filepath + ' --output ' + executable_filepath + ' ' + settings.WINEPREFIX + '/drive_c/Ruby187/lib/ruby/gems/1.8/gems/win32-api-1.4.8-x86-mingw32/lib/win32/*' ) print() evasion_helpers.title_screen() print() if os.path.isfile(executable_filepath): hash_executable(executable_filepath, file_name) print_payload_information(payload_object) print(" [*] Executable written to: " + helpers.color(executable_filepath)) else: print( helpers.color( " [!] ERROR: Unable to create output file.", warning=True)) print(" [*] Source code written to: " + helpers.color(source_code_filepath)) elif payload_object.language == 'powershell': print() evasion_helpers.title_screen() print() print_payload_information(payload_object) print(" [*] PowerShell doesn't compile, so you just get text :)") print(" [*] Source code written to: " + helpers.color(source_code_filepath)) elif payload_object.language == 'perl': print_payload_information(payload_object) print( "\nPerl can't currently be compiled in Linux. Install on Windows:" ) print( "https://www.veil-framework.com/perl-of-no-hope-january-v-day-2016/" ) print("Command: pp -gui -o <executablename> <sourcecodefile.pl>") print(" [*] Source code written to: " + helpers.color(source_code_filepath)) elif payload_object.language == 'native': # set path for native payload executable output path_here = settings.PAYLOAD_COMPILED_PATH + file_name + "." + payload_object.extension with open(path_here, 'wb') as source_file: source_file.write(payload_object.payload_source_code) # Ensure executables was written to disk if os.path.isfile(path_here): hash_executable(path_here, file_name) print_payload_information(payload_object) print(" [*] Executable written to: " + helpers.color(path_here)) else: print( helpers.color(" [!] ERROR: Unable to create Exe file.", warning=True)) elif payload_object.language == 'lua': print_payload_information(payload_object) print( " [*] Lua currently doesn't compile in linux, so you just get text :)" ) print(" [*] Source code written to: " + helpers.color(source_code_filepath)) elif payload_object.language == 'go': if payload_object.required_options['COMPILE_TO_EXE'][0].lower( ) == 'y': # Compile go payload os.system( 'env GOROOT={0} GOOS=windows GOARCH=386 {0}/bin/go build -ldflags "-s -w -H=windowsgui" -v -o {1} {2}' .format(settings.GOLANG_PATH, executable_filepath, source_code_filepath)) print() evasion_helpers.title_screen() print() if os.path.isfile(executable_filepath): hash_executable(executable_filepath, file_name) print_payload_information(payload_object) print(" [*] Executable written to: " + helpers.color(executable_filepath)) else: print( helpers.color( " [!] ERROR: Unable to create output file.", warning=True)) print(" [*] Source code written to: " + helpers.color(source_code_filepath)) elif payload_object.language == 'cs': if payload_object.required_options['COMPILE_TO_EXE'][0].lower( ) == 'y': # Compile our CS code into an executable and pass a compiler flag to prevent it from opening a command prompt when run os.system('mcs -platform:x86 -target:winexe ' + source_code_filepath + ' -out:' + executable_filepath) print() evasion_helpers.title_screen() print() if os.path.isfile(executable_filepath): hash_executable(executable_filepath, file_name) print_payload_information(payload_object) print(" [*] Executable written to: " + helpers.color(executable_filepath)) else: print( helpers.color( " [!] ERROR: Unable to create output file.", warning=True)) print(" [*] Source code written to: " + helpers.color(source_code_filepath)) elif payload_object.language == 'c': if payload_object.required_options['COMPILE_TO_EXE'][0].lower( ) == 'y': # Compile our C code into an executable and pass a compiler flag to prevent it from opening a command prompt when run os.system('i686-w64-mingw32-gcc -Wl,-subsystem,windows ' + source_code_filepath + ' -o ' + executable_filepath + " -lwsock32") print() evasion_helpers.title_screen() print() if os.path.isfile(executable_filepath): hash_executable(executable_filepath, file_name) print_payload_information(payload_object) print(" [*] Executable written to: " + helpers.color(executable_filepath)) else: print( helpers.color( " [!] ERROR: Unable to create output file.", warning=True)) print(" [*] Source code written to: " + helpers.color(source_code_filepath)) elif payload_object.language == 'autoit': if payload_object.required_options['COMPILE_TO_EXE'][0].lower( ) == 'y': # Compile autoit code os.system( 'WINEPREFIX=' + settings.WINEPREFIX + ' wine ' + settings.WINEPREFIX + 'drive_c/Program\ Files/AutoIt3/Aut2Exe/Aut2exe.exe /in ' + source_code_filepath + ' /out ' + executable_filepath + ' /comp 2 /nopack') if os.path.isfile(executable_filepath): hash_executable(executable_filepath, file_name) print_payload_information(payload_object) print(" [*] Executable written to: " + helpers.color(executable_filepath)) else: print( helpers.color( " [!] ERROR: Unable to create output file.", warning=True)) print(" [*] Source code written to: " + helpers.color(source_code_filepath)) else: print( helpers.color( "\n [!] ERROR: Invalid payload language in payload module.\n", warning=True)) return False if invoked: handler_code_generator(payload_object, file_name, invoked=True, cli_obj=cli_object) else: handler_code_generator(payload_object, file_name) if os.path.isfile(settings.HANDLER_PATH + file_name + '.rc'): print(" [*] Metasploit Resource file written to: " + helpers.color(settings.HANDLER_PATH + file_name + '.rc')) if not invoked: dummy = input('\nHit enter to continue...\n') # End of if statement checking to make sure payload_source_code is # not empty return True
def cli_menu(self, invoked=False): evasion_helpers.title_screen() # --list-payloads if self.command_options.list_payloads: self.list_loaded_payloads() sys.exit() # Check if a payload is provided, and if so, start the generation # process # Missing -p ? if not self.command_options.p: print(helpers.color(" [!] ERROR: Missing --payload selection (-p <payload>). Try: -t Evasion --list-payloads", warning=True)) else: user_cli_payload = self.return_payload_object(self.command_options.p) if not user_cli_payload: print(helpers.color(" [!] ERROR: You did not provide a valid payload selection!", warning=True)) print(helpers.color(" [*] Ex: info 2 OR info lua/shellcode_inject/flat.py", warning=True)) sys.exit() if self.command_options.ip is None and ("meterpreter" in user_cli_payload.path or "shellcode_inject" in user_cli_payload.path): print(helpers.color(" [!] ERROR: You did not provide an IP/domain to connect to/bind on", warning=True)) sys.exit() # Make sure IP is valid # --ip if self.command_options.ip is not None: valid_ip = helpers.validate_ip(self.command_options.ip) valid_hostname = helpers.validate_hostname(self.command_options.ip) if not valid_ip and not valid_hostname: print(helpers.color(" [!] ERROR: You did not provide a valid ip/domain!", warning=True)) print(helpers.color("[*] Please specify the correct value", warning=True)) sys.exit() # Determine if using Ordnance or MSFVenom for shellcode generation if self.command_options.ordnance_payload is None and self.command_options.msfvenom is None and "meterpreter" not in user_cli_payload.path: print(helpers.color(" [!] ERROR: You did not provide a shellcode option to use!", warning=True)) sys.exit() # Check if using a pure payload (shellcodeless) if "meterpreter" in user_cli_payload.path or "shellcode_inject" in user_cli_payload.path: if "meterpreter" in user_cli_payload.path: # Check for where the IP is being stored if "LHOST" in user_cli_payload.required_options: user_cli_payload.required_options["LHOST"][0] = self.command_options.ip elif "RHOST" in user_cli_payload.required_options: user_cli_payload.required_options["RHOST"][0] = self.command_options.ip # Store the LPORT value in the payload if "LPORT" in user_cli_payload.required_options: user_cli_payload.required_options["LPORT"][0] = self.command_options.port else: # If ordnance, generate shellcode through it if self.command_options.ordnance_payload is not None: Ordnance_object = ordnance_import.Tools(self.command_options) Ordnance_object.cli_menu(invoked=True) cli_shellcode = Ordnance_object.final_shellcode # Or if msfvenom, get that code elif self.command_options.msfvenom is not None: cli_shellcode = shellcode_help.cli_msf_shellcode_gen(self.command_options) # This could be the future area for adding custom shellcode. If there # is a need I can add it in # Set the shellcode in the Evasion payload user_cli_payload.cli_shellcode = cli_shellcode # Loop over setting required options # -c if self.command_options.c is not None: for payload_option in self.command_options.c: if payload_option is not '': if "=" not in payload_option: print(helpers.color(" [!] Payload option not entered in correct syntax.\n", warning=True)) sys.exit() else: key = payload_option.split('=')[0].upper() value = payload_option.split('=')[1] if key in user_cli_payload.required_options: user_cli_payload.required_options[key][0] = value else: print(helpers.color(" [!] The option " + key + " does not exist for the selected payload!.\n", warning=True)) sys.exit() # Generate the payload code # source code stored in user_cli_payload.source_code user_cli_payload.generate() # figure out how to compile the code outfile.compiler(user_cli_payload, invoked=True, cli_object=self.command_options) return
def compiler(payload_object, invoked=False, cli_object=None): # Check the source code to ensure it is present if payload_object.payload_source_code == '': print(helpers.color("\n [!] ERROR: No payload source code provided.\n", warning=True)) return False else: # print title bar evasion_helpers.title_screen() if not invoked: # Determine the file name to use for output file_name = input(' [>] Please enter the base name for output files (default is payload): ').strip() else: file_name = cli_object.o # Basic checks on input while file_name != '' and ("\\" in file_name or "/" in file_name): print(helpers.color("\nPlease provide a base name, not a path, for the output base\n", warning=True)) file_name = input(' [>] Please enter the base name for output files (default is payload): ').strip() # If no base name, set it to be payload if file_name == '': file_name = 'payload' # run check to make sure file doesn't exist, if it does # provide a new filename file_name = find_file_name(file_name, payload_object) source_code_filepath = settings.PAYLOAD_SOURCE_PATH + file_name + "." + payload_object.extension # Used when outputting exe files, go figure executable_filepath = settings.PAYLOAD_COMPILED_PATH + file_name + ".exe" if payload_object.language is not "native" and payload_object.extension is not "war": with open(source_code_filepath, 'w') as source_file: source_file.write(payload_object.payload_source_code) if payload_object.language == 'python': if not invoked: compile_method = "" else: compile_method = cli_object.compiler # Check extension for war or normal python file if payload_object.extension == 'py': if settings.OPERATING_SYSTEM == "Windows": compile_method = 'py2exe' else: if payload_object.required_options['COMPILE_TO_EXE'][0].lower() == 'y' and not invoked: evasion_helpers.title_screen() # if we have a linux distro, continue... # Determine if the user wants PyInstaller, Pwnstaller, or Py2Exe. print(' [?] How would you like to create your payload executable?\n') print(' %s - PyInstaller %s' % (helpers.color('1'), helpers.color('(default)', yellow=True))) print(' %s - Py2Exe\n' % (helpers.color('2'))) user_compile_choice = input(" [>] Please enter the number of your choice: ") if user_compile_choice == "1" or user_compile_choice == '': compile_method = "pyinstaller" elif user_compile_choice == "2": compile_method = "py2exe" else: compile_method = "pyinstaller" if compile_method == 'py2exe' and payload_object.required_options['COMPILE_TO_EXE'][0].lower() == 'y': # Generate setup.py File for Py2Exe with open(settings.PAYLOAD_SOURCE_PATH + '/setup.py', 'w') as setup_file: setup_file.write("from distutils.core import setup\n") setup_file.write("import py2exe, sys, os\n\n") setup_file.write("setup(\n") setup_file.write("\toptions = {'py2exe': {'bundle_files': 1}},\n") setup_file.write("\tzipfile = None,\n") setup_file.write("\twindows=['" + file_name + ".py']\n") setup_file.write(")") # Generate Batch script for Compiling on Windows Using Py2Exe with open(settings.PAYLOAD_SOURCE_PATH + '/runme.bat', 'w') as runme_file: runme_file.write('rem Batch Script for compiling python code into an executable\n') runme_file.write('rem on windows with py2exe\n') runme_file.write('rem Usage: Drop into your Python folder and click, or anywhere if Python is in your system path\n\n') runme_file.write("python setup.py py2exe\n") runme_file.write('cd dist\n') runme_file.write('move ' + file_name + '.exe ../\n') runme_file.write('cd ..\n') runme_file.write('rmdir /S /Q build\n') runme_file.write('rmdir /S /Q dist\n') evasion_helpers.title_screen() print_payload_information(payload_object) print(helpers.color("\npy2exe files 'setup.py' and 'runme.bat' written to:\n" + settings.PAYLOAD_SOURCE_PATH + "\n")) else: if payload_object.required_options['COMPILE_TO_EXE'][0].lower() == 'y': # Used for PyInstaller standard # copy the pyinstaller runw to maintain its integrity in the event # pwnstaller is added in for python3 - this will future proof it runw_path = settings.VEIL_PATH + '/tools/evasion/evasion_common/tools/runw.orig.exe' os.system('cp ' + runw_path + ' ' + settings.PYINSTALLER_PATH + 'PyInstaller/bootloader/Windows-32bit/runw.exe') # Validate python is installed in wine if not os.path.isfile(settings.WINEPREFIX + 'drive_c/Python34/python.exe'): print(helpers.color("\n [!] ERROR: Can't find python.exe in " + os.path.expanduser(settings.WINEPREFIX + 'drive_c/Python34/'), warning=True)) print(helpers.color(" [!] ERROR: Make sure the python.exe binary exists before using PyInstaller.", warning=True)) sys.exit(1) random_key = evasion_helpers.randomString() os.system('WINEPREFIX=' + settings.WINEPREFIX + ' wine ' + settings.WINEPREFIX + '/drive_c/Python34/python.exe' + ' ' + os.path.expanduser(settings.PYINSTALLER_PATH + '/pyinstaller.py') + ' --onefile --noconsole --key ' + random_key + ' ' + source_code_filepath) evasion_helpers.title_screen() if os.path.isfile('dist/' + file_name + ".exe"): os.system('mv dist/' + file_name + ".exe " + settings.PAYLOAD_COMPILED_PATH) hash_executable(executable_filepath, file_name) print_payload_information(payload_object) print(" [*] Executable written to: " + helpers.color(settings.PAYLOAD_COMPILED_PATH + file_name + ".exe")) else: print(helpers.color(" [!] ERROR: Unable to create output file.", warning=True)) os.system('rm -rf dist') os.system('rm -rf build') os.system('rm -f *.spec') os.system('rm -f logdict*.*') print(" [*] Source code written to: " + helpers.color(source_code_filepath)) elif payload_object.extension == 'war': path_here = settings.PAYLOAD_COMPILED_PATH + file_name + "." + payload_object.extension with open(path_here, 'wb') as source_file: source_file.write(payload_object.payload_source_code) # Ensure that war file was written to disk if os.path.isfile(path_here): hash_executable(path_here, file_name) print_payload_information(payload_object) print(" [*] WAR file written to: " + helpers.color(source_code_filepath)) else: print(helpers.color(" [!] ERROR: Unable to create WAR file.", warning=True)) else: print(helpers.color(" [!] ERROR: Invalid python extension in payload module.\n", warning=True)) elif payload_object.language == 'ruby': if payload_object.required_options['COMPILE_TO_EXE'][0].lower() == 'y': os.system('WINEPREFIX=' + settings.WINEPREFIX + ' wine ' + settings.WINEPREFIX + '/drive_c/Ruby187/bin/ruby.exe ' + settings.WINEPREFIX + '/drive_c/Ruby187/bin/ocra --windows '+ source_code_filepath + ' --output ' + executable_filepath + ' ' + settings.WINEPREFIX + '/drive_c/Ruby187/lib/ruby/gems/1.8/gems/win32-api-1.4.8-x86-mingw32/lib/win32/*') evasion_helpers.title_screen() if os.path.isfile(executable_filepath): hash_executable(executable_filepath, file_name) print_payload_information(payload_object) print(" [*] Executable written to: " + helpers.color(executable_filepath)) else: print(helpers.color(" [!] ERROR: Unable to create output file.", warning=True)) print(" [*] Source code written to: " + helpers.color(source_code_filepath)) elif payload_object.language == 'powershell': evasion_helpers.title_screen() print_payload_information(payload_object) print(" [*] PowerShell doesn't compile, so you just get text :)") print(" [*] Source code written to: " + helpers.color(source_code_filepath)) elif payload_object.language == 'perl': print_payload_information(payload_object) print("\nPerl can't currently be compiled in Linux. Install on Windows:") print("https://www.veil-framework.com/perl-of-no-hope-january-v-day-2016/") print("Command: pp -gui -o <executablename> <sourcecodefile.pl>") print(" [*] Source code written to: " + helpers.color(source_code_filepath)) elif payload_object.language == 'native': # set path for native payload executable output path_here = settings.PAYLOAD_COMPILED_PATH + file_name + "." + payload_object.extension with open(path_here, 'wb') as source_file: source_file.write(payload_object.payload_source_code) # Ensure executables was written to disk if os.path.isfile(path_here): hash_executable(path_here, file_name) print_payload_information(payload_object) print(" [*] Executable written to: " + helpers.color(path_here)) else: print(helpers.color(" [!] ERROR: Unable to create Exe file.", warning=True)) elif payload_object.language == 'lua': print_payload_information(payload_object) print(" [*] Lua currently doesn't compile in linux, so you just get text :)") print(" [*] Source code written to: " + helpers.color(source_code_filepath)) elif payload_object.language == 'go': if payload_object.required_options['COMPILE_TO_EXE'][0].lower() == 'y': # Compile go payload os.system( 'env GOROOT={0} GOOS=windows GOARCH=386 {0}/bin/go build -ldflags "-s -w -H=windowsgui" -v -o {1} {2}'.format(settings.GOLANG_PATH, executable_filepath, source_code_filepath) ) evasion_helpers.title_screen() if os.path.isfile(executable_filepath): hash_executable(executable_filepath, file_name) print_payload_information(payload_object) print(" [*] Executable written to: " + helpers.color(executable_filepath)) else: print(helpers.color(" [!] ERROR: Unable to create output file.", warning=True)) print(" [*] Source code written to: " + helpers.color(source_code_filepath)) elif payload_object.language == 'cs': if payload_object.required_options['COMPILE_TO_EXE'][0].lower() == 'y': # Compile our CS code into an executable and pass a compiler flag to prevent it from opening a command prompt when run os.system('mcs -platform:x86 -target:winexe ' + source_code_filepath + ' -out:' + executable_filepath) evasion_helpers.title_screen() if os.path.isfile(executable_filepath): hash_executable(executable_filepath, file_name) print_payload_information(payload_object) print(" [*] Executable written to: " + helpers.color(executable_filepath)) else: print(helpers.color(" [!] ERROR: Unable to create output file.", warning=True)) print(" [*] Source code written to: " + helpers.color(source_code_filepath)) elif payload_object.language == 'c': if payload_object.required_options['COMPILE_TO_EXE'][0].lower() == 'y': # Compile our C code into an executable and pass a compiler flag to prevent it from opening a command prompt when run os.system('i686-w64-mingw32-gcc -Wl,-subsystem,windows ' + source_code_filepath + ' -o ' + executable_filepath + " -lwsock32") evasion_helpers.title_screen() if os.path.isfile(executable_filepath): hash_executable(executable_filepath, file_name) print_payload_information(payload_object) print(" [*] Executable written to: " + helpers.color(executable_filepath)) else: print(helpers.color(" [!] ERROR: Unable to create output file.", warning=True)) print(" [*] Source code written to: " + helpers.color(source_code_filepath)) elif payload_object.language == 'autoit': if payload_object.required_options['COMPILE_TO_EXE'][0].lower() == 'y': # Compile autoit code os.system('WINEPREFIX=' + settings.WINEPREFIX + ' wine ' + settings.WINEPREFIX + 'drive_c/Program\ Files/AutoIt3/Aut2Exe/Aut2exe.exe /in ' + source_code_filepath + ' /out ' + executable_filepath + ' /comp 2 /nopack') if os.path.isfile(executable_filepath): hash_executable(executable_filepath, file_name) print_payload_information(payload_object) print(" [*] Executable written to: " + helpers.color(executable_filepath)) else: print(helpers.color(" [!] ERROR: Unable to create output file.", warning=True)) print(" [*] Source code written to: " + helpers.color(source_code_filepath)) else: print(helpers.color("\n [!] ERROR: Invalid payload language in payload module.\n", warning=True)) return False if invoked: handler_code_generator(payload_object, file_name, invoked=True, cli_obj=cli_object) else: handler_code_generator(payload_object, file_name) if os.path.isfile(settings.HANDLER_PATH + file_name + '.rc'): print(" [*] Metasploit Resource file written to: " + helpers.color(settings.HANDLER_PATH + file_name + '.rc')) if not invoked: dummy = input('\nHit enter to continue...\n') # End of if statement checking to make sure payload_source_code is # not empty return True
def payload_selection_menu(self, showTitle=True): """ Menu to prompt the user for a custom shellcode string. Returns None if nothing is specified. """ # print out the main title to reset the interface if showTitle: evasion_helpers.title_screen() else: print() print(helpers.color(" [?] Generate or supply custom shellcode?\n")) print(' %s - Ordnance %s' % (helpers.color('1'), helpers.color('(default)', yellow=True))) print(' %s - MSFVenom' % (helpers.color('2'))) print(' %s - Custom shellcode string' % (helpers.color('3'))) print(' %s - File with shellcode (\\x41\\x42..)' % (helpers.color('4'))) print(' %s - Binary file with shellcode\n' % helpers.color('5')) try: choice = self.required_options['SHELLCODE'][0].lower().strip() print(" [>] Please enter the number of your choice: %s" % (choice)) except: choice = input(" [>] Please enter the number of your choice: ").strip() if choice == '4': # instantiate our completer object for path completion comp = completer.PathCompleter() # we want to treat '/' as part of a word, so override the delimiters readline.set_completer_delims(' \t\n;') readline.parse_and_bind("tab: complete") readline.set_completer(comp.complete) # if the shellcode is specicified as a raw file filePath = input(" [>] Please enter the path to your shellcode file: ") try: with open(filePath, 'r') as shellcode_file: file_shellcode = shellcode_file.read() file_shellcode = file_shellcode.strip() except: print(helpers.color(" [!] WARNING: path not found, defaulting to msfvenom!", warning=True)) return None if len(file_shellcode) == 0: print(helpers.color(" [!] WARNING: no custom shellcode restrieved, defaulting to msfvenom!", warning=True)) return None # check if the shellcode was passed in as string-escaped form if file_shellcode[0:2] == "\\x" and file_shellcode[4:6] == "\\x": return file_shellcode else: # otherwise encode the raw data as a hex string hexString = binascii.hexlify(file_shellcode) file_shellcode = "\\x"+"\\x".join([hexString[i:i + 2] for i in range(0, len(hexString), 2)]) return file_shellcode # remove the completer readline.set_completer(None) elif choice == '5': # instantiate our completer object for path completion comp = completer.PathCompleter() # we want to treat '/' as part of a word, so override the delimiters readline.set_completer_delims(' \t\n;') readline.parse_and_bind("tab: complete") readline.set_completer(comp.complete) # if the shellcode is specicified as a raw file filePath = input(" [>] Please enter the path to your binary file: ") try: with open(filePath, 'rb') as shellcode_file: file_shellcode = shellcode_file.read() except: print(helpers.color(" [!] WARNING: path not found, defaulting to msfvenom!", warning=True)) return None if len(file_shellcode) == 0: print(helpers.color(" [!] WARNING: no custom shellcode restrieved, defaulting to msfvenom!", warning=True)) return None binary_code = "" # Convert from binary to shellcode for byte in file_shellcode: binary_code += "\\x" + hex(byte)[2:].zfill(2) return binary_code elif choice == '3' or choice == 'string': # if the shellcode is specified as a string cust_sc = input(" [>] Please enter custom shellcode (one line, no quotes, \\x00.. format): ") if len(cust_sc) == 0: print(helpers.color(" [!] WARNING: no shellcode specified, defaulting to msfvenom!", warning=True)) return cust_sc elif choice == '' or choice == '1' or choice.lower() == 'veil-ordnance' or choice.lower() == 'ordnance': return 'ordnance' elif choice == '2' or choice.lower() == 'msf' or choice.lower() == 'metasploit' or choice.lower() == 'msfvenom': return None else: print(helpers.color(" [!] WARNING: Invalid option chosen, defaulting to Ordnance!", warning=True)) return 'ordnance'