def destroy(sessionid=None):
if sessionid is None or sessionid <= 0:
context = data_return(304, Session_MSG.get(304), {})
return context
else:
params = [sessionid]
try:
result = RpcClient.call(Method.SessionStop, params, timeout=12)
if result is None: # 删除超时
Notice.send_success(
f"{Session_MSG.get(202)} SID: {sessionid}")
context = data_return(202, Session_MSG.get(202), {})
return context
elif result.get('result') == 'success':
Notice.send_success(
f"{Session_MSG.get(201)} SID: {sessionid}")
context = data_return(201, Session_MSG.get(201), {})
return context
else:
Notice.send_warning(
f"{Session_MSG.get(301)} SID: {sessionid}")
context = data_return(301, Session_MSG.get(301), {})
return context
except Exception as E:
logger.error(E)
Notice.send_warning(f"{Session_MSG.get(301)} SID: {sessionid}")
context = data_return(301, Session_MSG.get(301), {})
return context
def create_bot(ipportlist=None, custom_param=None, loadpath=None):
module_config = Xcache.get_moduleconfig(loadpath)
# 获取模块配置
if module_config is None:
context = data_return(305, PostModuleActuator_MSG.get(305), {})
return context
# 处理模块参数
try:
custom_param = json.loads(custom_param)
except Exception as E:
logger.warning(E)
custom_param = {}
# 获取模块实例
group_uuid = str(uuid.uuid1()).replace('-', "")
class_intent = importlib.import_module(loadpath)
for ipport in ipportlist:
post_module_intent = class_intent.PostModule(
ip=ipport.get("ip"),
port=ipport.get("port"),
protocol=ipport.get("protocol"),
custom_param=custom_param)
# 格式化固定字段
try:
post_module_intent.AUTHOR = module_config.get("AUTHOR")
except Exception as E:
logger.warning(E)
# 模块前序检查,调用check函数
try:
flag, msg = post_module_intent.check()
if flag is not True:
# 如果检查未通过,返回未通过原因(msg)
Notice.send_warning(
f"模块:{post_module_intent.NAME} IP:{ipport.get('ip')} 检查未通过,原因:{msg}"
)
continue
except Exception as E:
logger.warning(E)
Notice.send_warning(
f"模块:{post_module_intent.NAME} IP:{ipport.get('ip')} 检查函数执行异常"
)
continue
tmp_self_uuid = str(uuid.uuid1())
req = {
'uuid': tmp_self_uuid,
'group_uuid': group_uuid,
'broker': post_module_intent.MODULE_BROKER,
'module': post_module_intent,
'time': int(time.time()),
}
Xcache.putin_bot_wait(req)
context = data_return(201, PostModuleActuator_MSG.get(201), {})
return context
def recovery_cache_last_handler(cache_handlers):
for one_handler in cache_handlers:
opts = one_handler
connext = Handler.create(opts)
code = connext.get("code")
payload = opts.get('PAYLOAD')
port = opts.get('LPORT')
if code == 201:
Notice.send_info(f"历史监听 Payload:{payload} Port:{port} 加载成功")
elif code in [301]:
Notice.send_warning(f"历史监听 Payload:{payload} Port:{port} 加载失败")
else:
Notice.send_warning(f"历史监听 Payload:{payload} Port:{port} 加载失败,未知的返回值:f{code}")
Notice.send_info("所有历史监听加载完成")
def putin_post_msf_module_queue(msf_module=None):
"""调用msgrpc生成job,放入列表"""
params = [msf_module.type,
msf_module.mname,
msf_module.opts,
True, # 强制设置后台运行
0 # 超时时间
]
result = RpcClient.call(Method.ModuleExecute, params)
if result is None:
Notice.send_warning(f"渗透服务连接失败,无法执行模块 :{msf_module.NAME}")
return False
# result 数据格式
# {'job_id': 3, 'uuid': 'dbcb2530-95b1-0137-5100-000c2966078a', 'module': b'\x80\ub.'}
if result.get("job_id") is None:
logger.warning("模块实例:{} uuid: {} 创建后台任务失败".format(msf_module.NAME, result.get("uuid")))
Notice.send_warning("模块: {} {} 创建后台任务失败,请检查输入参数".format(msf_module.NAME, msf_module._target_str))
return False
else:
logger.warning(
"模块实例放入列表:{} job_id: {} uuid: {}".format(msf_module.NAME, result.get("job_id"), result.get("uuid")))
# 放入请求队列
req = {
'broker': msf_module.MODULE_BROKER,
'uuid': result.get("uuid"),
'module': msf_module,
'time': int(time.time()),
'job_id': result.get("job_id"),
}
Xcache.create_module_task(req)
Notice.send_info("模块: {} {} 开始执行".format(msf_module.NAME, msf_module._target_str))
return True
def __init__(self,
sessionid=None,
rightinfo=False,
uacinfo=False,
pinfo=False):
self.sessionid = sessionid
self._rightinfo = rightinfo # uac开关,uac登记 TEMP目录
self._uacinfo = uacinfo # 管理员组 完整性
self._pinfo = pinfo # 进程相关信息
self._session_uuid = None
self.update_time = 0
# RIGHTINFO
self.is_in_admin_group = None
self.is_admin = None
self.tmpdir = None
# UACINFO
self.is_uac_enable = None
self.uac_level = -1
self.integrity = None
# PINFO
self.pid = -1
self.pname = None
self.ppath = None
self.puser = None
self.parch = None
self.processes = []
# 基本信息
self.load_powershell = False
self.load_python = False
self.domain = None
self.session_host = None
self.session_port = None
self.target_host = None
self.type = None
self.computer = None
self.arch = None
self.platform = None
self.last_checkin = 0
self.user = None
self.os = None
self.os_short = None
self.logged_on_users = 0
self.tunnel_local = None
self.tunnel_peer = None
self.tunnel_peer_ip = None
self.tunnel_peer_locate = None
self.tunnel_peer_asn = None
self.via_exploit = None
self.via_payload = None
self.route = []
self.sysinfo = {}
self.exploit_uuid = None
self.available = False
self.info = None
self.pid = 0
# 更新基本信息
self._set_base_info()
# 是否需要拓展的信息
if self._rightinfo or self._pinfo or self._uacinfo:
result = Xcache.get_session_info(self.sessionid)
if result is None:
module_type = "post"
mname = "multi/gather/session_info"
opts = {
'SESSION': self.sessionid,
'PINFO': self._pinfo,
'RIGHTINFO': self._rightinfo,
'UACINFO': self._uacinfo
}
result = MSFModule.run(module_type=module_type,
mname=mname,
opts=opts,
timeout=30)
if result is None:
Notice.send_warning("更新Session信息失败,请稍后重试")
return
try:
result_dict = json.loads(result)
self._set_advanced_info(result_dict)
if self._rightinfo and self._pinfo and self._uacinfo:
result_dict["update_time"] = int(time.time())
Xcache.set_session_info(self.sessionid,
json.dumps(result_dict))
except Exception as E:
logger.warning(E)
logger.warning("更新Session信息失败,返回消息为{}".format(result))
Notice.send_warning("更新Session信息失败,请稍后重试")
