def __init__(self, args):
super(Shad0wC2, self).__init__()
# declare all the vitial variables to run.
self.addr = (args['address'], args['port'])
self.debugv = args['debug']
self.sslkey = args['key']
self.sslcrt = args['cert']
# website we can mirror
self.mirror = args['mirror']
# endpoint for modules to callback to
self.endpoint = args['endpoint']
# runtime variables
self.beacons = {}
self.beacon_count = 0
self.current_beacon = None
# get the debug/logging stuff ready
self.debug = debug.Debug(self.debugv)
# console class
self.console = console.Console(self)
# super useful
self.crypt = encryption
def __init__(self, log_abs_path, con=None, cons_enabled=True):
if con == None and cons_enabled == True:
self.cons = console.Console()
else:
self.cons = console
self.cons_enabled = cons_enabled
self.running = True
self.abs_path = log_abs_path
self.to_log = Queue()
self.to_write = Queue()
self.file = None
self.openFile()
self.threads = []
self.threads.append(
Thread(target=self.writer, args=(self.to_write, ),
daemon=True).start())
if self.cons_enabled == True:
self.threads.append(
Thread(target=self.printer, args=(self.to_log, ),
daemon=True).start())
def openConsole(self, console=None):
if self.cons == None and self.cons_enabled == False:
if console == None:
self.cons = console.Console()
else:
self.cons = console
self.garbageCollect()
self.threads.append(
Thread(target=self.printer, args=(self.to_log, ),
daemon=True).start())
self.cons_enabled = True
else:
self.log("A console is already runnig.")
def register(self, peer, service):
"""Register User
:param peer: Internal peer name.
:param service: Service type. "telnet" or "websocket".
:return: True
"""
self.users[peer] = {
"service": service,
"console": console.Console(self, self.shell, peer, self._database)
}
self.shell._disabled_commands = self._config["disabled"]
return True
def __init__(self, args):
super(Shad0wC2, self).__init__()
# payload store
self.payloads = {}
# declare all the vitial variables to run.
self.addr = (args['address'], args['port'])
self.debugv = args['debug']
self.sslkey = args['key']
self.sslcrt = args['cert']
# framework variables
self.variables = {}
# set the msf callback size
self.variables["MsfUriSize"] = 1337
# website we can mirror
self.mirror = args['mirror']
# endpoint for modules to callback to
self.endpoint = args['endpoint']
# runtime variables
self.beacons = {}
self.beacon_count = 0
self.current_beacon = None
# loading screen stuff
self.screen_finish = False
# get the debug/logging stuff ready
self.debug = debug.Debug(self.debugv)
# console class
self.console = console.Console(self)
# super useful
self.crypt = encryption
def main():
# When this is False, Dennis will shut down.
_running = True
# Load the configuration.
config = _config.ConfigManager(single=True)
builtins.CONFIG = config
print("Welcome to {0}, Single User Mode.".format(_config.VERSION))
print("Starting up...")
# Initialize the logger.
logger.init(config)
log = logger.Logger("singleuser")
# Rotate database backups, if enabled.
# Unfortunately this has to be done before loading the database, because Windows.
if os.path.exists(config["database"]["filename"]):
try:
if config["database"]["backups"]:
backupnumbers = sorted(range(1, config["database"]["backups"]), reverse=True)
for bn in backupnumbers:
if os.path.exists("{0}.bk{1}".format(config["database"]["filename"], bn)):
shutil.copyfile("{0}.bk{1}".format(config["database"]["filename"], bn),
"{0}.bk{1}".format(config["database"]["filename"], bn + 1))
shutil.copyfile(config["database"]["filename"], "{0}.bk1".format(config["database"]["filename"]))
except:
log.error("Could not finish rotating backups for database: {0}".format(config["database"]["filename"]))
log.error(traceback.format_exc(1))
# Initialize the database manager, and create the "database" alias for use in Debug Mode.
log.info("Initializing database manager...")
dbman = _database.DatabaseManager(config["database"]["filename"], config.defaults)
if not dbman._startup():
return 3
log.info("Finished initializing database manager.")
database = dbman
# Initialize the router.
router = Router(log)
# Initialize the command shell, and create the "shell" alias for use in Debug Mode.
command_shell = _shell.Shell(dbman, router)
router.shell = command_shell
shell = command_shell
# Initialize the command console, and log in as the root user. Promote to wizard if it was somehow demoted.
# Create the "console" alias for use in Debug Mode. Also add us to the current room.
dennis = _console.Console(router, command_shell, "<world>", dbman, log)
dennis.user = dbman.user_by_name("<world>")
dbman._users_online.append("<world>")
thisroom = dbman.room_by_id(dennis.user["room"])
if thisroom and "<world>" not in thisroom["users"]:
thisroom["users"].append("<world>")
dbman.upsert_room(thisroom)
if not dennis.user["wizard"]:
dennis.user["wizard"] = True
dbman.upsert_user(dennis.user)
console = dennis
# Register our console with the router.
router.users["<world>"] = {"service": "singleuser", "console": dennis}
# Try to start a command prompt session with a history file.
# Otherwise start a sessionless prompt without history.
try:
command_prompt = PromptSession(history=FileHistory(config["prompt"]["history"])).prompt
except:
log.error("Could not open prompt history file: {0}".format(config["prompt"]["history"]))
log.error(traceback.format_exc(1))
command_prompt = prompt
# Stop Dennis. We use this instead of just a variable so that Dennis can be stopped from within a Python file
# executed by load() in debug mode.
def shutdown():
"""Stop Dennis."""
nonlocal _running
_running = False
# Insert a simplified wrapper around dennis.shell.call() here so that it can access the current console
# without us having to pass it as an argument.
def call(command, args):
"""Simplified wrapper around dennis.shell.call().
This shorthand function allows calling a command from Debug Mode
without having to pass the current console as an argument.
It can also take either a list or a string for args.
:param command: The name of the command to call.
:param args: A list or string of args to pass.
:return: True if succeeded, False if failed.
"""
if type(args) is str:
args = args.split(' ')
return dennis.shell.call(dennis, command, args)
# Save the main scope for load().
mainscope = locals()
# Insert a function for Debug Mode to load and execute a Python file inside the main scope.
def load(filename):
"""Load and execute a Python file inside the main scope.
This is the same as running a series of lines in Debug mode.
It can be called as a function from Debug mode, or as a command.
Usage: `load <filename>`.
:param filename: The filename of the Python file to execute.
:return: True if succeeded, False if failed.
"""
# Try to evaluate the given file.
try:
file = open(filename)
except:
log.write("[singleuser#error] load: Failed to load Python file: {0}".format(filename))
log.write(traceback.format_exc(1))
return False
try:
exec(file.read(), globals(), mainscope)
except:
log.write("[singleuser#error] load: Execution error inside file: {0}".format(filename))
log.write(traceback.format_exc(1))
return False
return True
# Welcome!
log.write("You are now logged in as the administrative user \"<world>\".")
# # # # # # # # # #
# This is the command loop for the Single User Mode Command Line Interface. It works almost the same as connecting
# to a Multi User server through Telnet, with a few differences:
# * The return status of commands will echo in the console.
# * You play as the system administrator user <world>, who is always a wizard, and owns the first room.
# * Other users can't share the session with you.
# * You have access to the following special commands:
# - `quit` : Quits the CLI.
# - `debug` : Enters a PDB Debug Mode session inside the main scope.
# - `load <filename>` : Loads and executes an external Python file inside the main scope.
#
# * You have access to the following special functions inside Debug Mode:
# - shutdown() : Cleanly shuts down the engine.
# - call(command, args) : Calls the named command with a string or list of arguments.
# - load(filename) : Same as the `load <filename>` command.
#
# * You have access to the following special keypress actions:
# - Ctrl+C : Cleanly shuts down the engine.
# - Ctrl+D : Enters a PDB Debug Mode session inside the main scope.
#
# * You can return from Debug Mode to normal operation by entering "continue".
# # # # # # # # # #
while _running:
try:
cmd = command_prompt("> ")
if cmd == "quit":
break
elif cmd.startswith("quit ") or cmd == "help quit":
log.write("Usage: quit")
continue
elif cmd == "debug":
pdb.set_trace()
continue
elif cmd.startswith("debug ") or cmd == "help debug":
log.write("Usage: debug")
continue
elif cmd.startswith("load "):
log.write(load(cmd[5:]))
continue
elif cmd == "load" or cmd == "help load":
log.write("Usage: load <filename>")
continue
log.write(command_shell.command(dennis, cmd))
except KeyboardInterrupt:
break
except EOFError:
pdb.set_trace()
continue
# Just before shutdown.
dbman._unlock()
log.write("End Program.")
return 0
'OrangeRed3', 'OrangeRed4', 'red2', 'red3', 'red4', 'DeepPink2', 'DeepPink3', 'DeepPink4',
'HotPink1', 'HotPink2', 'HotPink3', 'HotPink4', 'pink1', 'pink2', 'pink3', 'pink4',
'LightPink1', 'LightPink2', 'LightPink3', 'LightPink4', 'PaleVioletRed1',
'PaleVioletRed2', 'PaleVioletRed3', 'PaleVioletRed4', 'maroon1', 'maroon2',
'maroon3', 'maroon4', 'VioletRed1', 'VioletRed2', 'VioletRed3', 'VioletRed4',
'magenta2', 'magenta3', 'magenta4', 'orchid1', 'orchid2', 'orchid3', 'orchid4', 'plum1',
'plum2', 'plum3', 'plum4', 'MediumOrchid1', 'MediumOrchid2', 'MediumOrchid3',
'MediumOrchid4', 'DarkOrchid1', 'DarkOrchid2', 'DarkOrchid3', 'DarkOrchid4',
'purple1', 'purple2', 'purple3', 'purple4', 'MediumPurple1', 'MediumPurple2',
'MediumPurple3', 'MediumPurple4', 'thistle1', 'thistle2', 'thistle3', 'thistle4',
'gray1', 'gray2', 'gray3', 'gray4', 'gray5', 'gray6', 'gray7', 'gray8', 'gray9', 'gray10',
'gray11', 'gray12', 'gray13', 'gray14', 'gray15', 'gray16', 'gray17', 'gray18', 'gray19',
'gray20', 'gray21', 'gray22', 'gray23', 'gray24', 'gray25', 'gray26', 'gray27', 'gray28',
'gray29', 'gray30', 'gray31', 'gray32', 'gray33', 'gray34', 'gray35', 'gray36', 'gray37',
'gray38', 'gray39', 'gray40', 'gray42', 'gray43', 'gray44', 'gray45', 'gray46', 'gray47',
'gray48', 'gray49', 'gray50', 'gray51', 'gray52', 'gray53', 'gray54', 'gray55', 'gray56',
'gray57', 'gray58', 'gray59', 'gray60', 'gray61', 'gray62', 'gray63', 'gray64', 'gray65',
'gray66', 'gray67', 'gray68', 'gray69', 'gray70', 'gray71', 'gray72', 'gray73', 'gray74',
'gray75', 'gray76', 'gray77', 'gray78', 'gray79', 'gray80', 'gray81', 'gray82', 'gray83',
'gray84', 'gray85', 'gray86', 'gray87', 'gray88', 'gray89', 'gray90', 'gray91', 'gray92',
'gray93', 'gray94', 'gray95', 'gray97', 'gray98', 'gray99']
con = console.Console()
##time.sleep(3)
con.cprint("white")
con.cprint("yellow", "yellow")
for x in range(0, 150):
con.cprint(str(x), random.choice(COLORS), random.choice(COLORS))
##time.sleep(3)
##con.stop()
