def destroy(sessionid=None): if sessionid is None or sessionid <= 0: context = data_return(304, Session_MSG.get(304), {}) return context else: params = [sessionid] try: result = RpcClient.call(Method.SessionStop, params, timeout=12) if result is None: # 删除超时 Notice.send_success( f"{Session_MSG.get(202)} SID: {sessionid}") context = data_return(202, Session_MSG.get(202), {}) return context elif result.get('result') == 'success': Notice.send_success( f"{Session_MSG.get(201)} SID: {sessionid}") context = data_return(201, Session_MSG.get(201), {}) return context else: Notice.send_warning( f"{Session_MSG.get(301)} SID: {sessionid}") context = data_return(301, Session_MSG.get(301), {}) return context except Exception as E: logger.error(E) Notice.send_warning(f"{Session_MSG.get(301)} SID: {sessionid}") context = data_return(301, Session_MSG.get(301), {}) return context
def create_bot(ipportlist=None, custom_param=None, loadpath=None): module_config = Xcache.get_moduleconfig(loadpath) # 获取模块配置 if module_config is None: context = data_return(305, PostModuleActuator_MSG.get(305), {}) return context # 处理模块参数 try: custom_param = json.loads(custom_param) except Exception as E: logger.warning(E) custom_param = {} # 获取模块实例 group_uuid = str(uuid.uuid1()).replace('-', "") class_intent = importlib.import_module(loadpath) for ipport in ipportlist: post_module_intent = class_intent.PostModule( ip=ipport.get("ip"), port=ipport.get("port"), protocol=ipport.get("protocol"), custom_param=custom_param) # 格式化固定字段 try: post_module_intent.AUTHOR = module_config.get("AUTHOR") except Exception as E: logger.warning(E) # 模块前序检查,调用check函数 try: flag, msg = post_module_intent.check() if flag is not True: # 如果检查未通过,返回未通过原因(msg) Notice.send_warning( f"模块:{post_module_intent.NAME} IP:{ipport.get('ip')} 检查未通过,原因:{msg}" ) continue except Exception as E: logger.warning(E) Notice.send_warning( f"模块:{post_module_intent.NAME} IP:{ipport.get('ip')} 检查函数执行异常" ) continue tmp_self_uuid = str(uuid.uuid1()) req = { 'uuid': tmp_self_uuid, 'group_uuid': group_uuid, 'broker': post_module_intent.MODULE_BROKER, 'module': post_module_intent, 'time': int(time.time()), } Xcache.putin_bot_wait(req) context = data_return(201, PostModuleActuator_MSG.get(201), {}) return context
def recovery_cache_last_handler(cache_handlers): for one_handler in cache_handlers: opts = one_handler connext = Handler.create(opts) code = connext.get("code") payload = opts.get('PAYLOAD') port = opts.get('LPORT') if code == 201: Notice.send_info(f"历史监听 Payload:{payload} Port:{port} 加载成功") elif code in [301]: Notice.send_warning(f"历史监听 Payload:{payload} Port:{port} 加载失败") else: Notice.send_warning(f"历史监听 Payload:{payload} Port:{port} 加载失败,未知的返回值:f{code}") Notice.send_info("所有历史监听加载完成")
def putin_post_msf_module_queue(msf_module=None): """调用msgrpc生成job,放入列表""" params = [msf_module.type, msf_module.mname, msf_module.opts, True, # 强制设置后台运行 0 # 超时时间 ] result = RpcClient.call(Method.ModuleExecute, params) if result is None: Notice.send_warning(f"渗透服务连接失败,无法执行模块 :{msf_module.NAME}") return False # result 数据格式 # {'job_id': 3, 'uuid': 'dbcb2530-95b1-0137-5100-000c2966078a', 'module': b'\x80\ub.'} if result.get("job_id") is None: logger.warning("模块实例:{} uuid: {} 创建后台任务失败".format(msf_module.NAME, result.get("uuid"))) Notice.send_warning("模块: {} {} 创建后台任务失败,请检查输入参数".format(msf_module.NAME, msf_module._target_str)) return False else: logger.warning( "模块实例放入列表:{} job_id: {} uuid: {}".format(msf_module.NAME, result.get("job_id"), result.get("uuid"))) # 放入请求队列 req = { 'broker': msf_module.MODULE_BROKER, 'uuid': result.get("uuid"), 'module': msf_module, 'time': int(time.time()), 'job_id': result.get("job_id"), } Xcache.create_module_task(req) Notice.send_info("模块: {} {} 开始执行".format(msf_module.NAME, msf_module._target_str)) return True
def __init__(self, sessionid=None, rightinfo=False, uacinfo=False, pinfo=False): self.sessionid = sessionid self._rightinfo = rightinfo # uac开关,uac登记 TEMP目录 self._uacinfo = uacinfo # 管理员组 完整性 self._pinfo = pinfo # 进程相关信息 self._session_uuid = None self.update_time = 0 # RIGHTINFO self.is_in_admin_group = None self.is_admin = None self.tmpdir = None # UACINFO self.is_uac_enable = None self.uac_level = -1 self.integrity = None # PINFO self.pid = -1 self.pname = None self.ppath = None self.puser = None self.parch = None self.processes = [] # 基本信息 self.load_powershell = False self.load_python = False self.domain = None self.session_host = None self.session_port = None self.target_host = None self.type = None self.computer = None self.arch = None self.platform = None self.last_checkin = 0 self.user = None self.os = None self.os_short = None self.logged_on_users = 0 self.tunnel_local = None self.tunnel_peer = None self.tunnel_peer_ip = None self.tunnel_peer_locate = None self.tunnel_peer_asn = None self.via_exploit = None self.via_payload = None self.route = [] self.sysinfo = {} self.exploit_uuid = None self.available = False self.info = None self.pid = 0 # 更新基本信息 self._set_base_info() # 是否需要拓展的信息 if self._rightinfo or self._pinfo or self._uacinfo: result = Xcache.get_session_info(self.sessionid) if result is None: module_type = "post" mname = "multi/gather/session_info" opts = { 'SESSION': self.sessionid, 'PINFO': self._pinfo, 'RIGHTINFO': self._rightinfo, 'UACINFO': self._uacinfo } result = MSFModule.run(module_type=module_type, mname=mname, opts=opts, timeout=30) if result is None: Notice.send_warning("更新Session信息失败,请稍后重试") return try: result_dict = json.loads(result) self._set_advanced_info(result_dict) if self._rightinfo and self._pinfo and self._uacinfo: result_dict["update_time"] = int(time.time()) Xcache.set_session_info(self.sessionid, json.dumps(result_dict)) except Exception as E: logger.warning(E) logger.warning("更新Session信息失败,返回消息为{}".format(result)) Notice.send_warning("更新Session信息失败,请稍后重试")