def command_show(self, *args, **kwargs):
info, options = 'info', 'options'
sub_command = args[0]
if sub_command == info:
info = ["name", "description", "targets", "authors", "references"]
for i in info: # TODO refactor this.
if i in self.module_metadata.keys():
print("\n{}:".format(i.capitalize()))
if type(self.module_metadata[i]) is list:
for item in self.module_metadata[i]:
print("- {}".format(item))
else:
print(self.module_metadata[i])
print()
elif sub_command == options:
target_opts = {'port', 'target'}
module_opts = set(self.current_module.options) - target_opts
headers = ("Name", "Current settings", "Description")
utils.print_info('\nTarget options:')
utils.print_table(headers, *self.get_opts(*target_opts))
if module_opts:
utils.print_info('\nModule options:')
utils.print_table(headers, *self.get_opts(*module_opts))
utils.print_info()
else:
print(
"Unknown command 'show {}'. You want to 'show {}' or 'show {}'?"
.format(sub_command, info, options))
def command_show(self, *args, **kwargs):
info, options = 'info', 'options'
sub_command = args[0]
if sub_command == info:
info = ["name", "description", "targets", "authors", "references"]
for i in info: # TODO refactor this.
if i in self.module_metadata.keys():
print("\n{}:".format(i.capitalize()))
if type(self.module_metadata[i]) is list:
for item in self.module_metadata[i]:
print("- {}".format(item))
else:
print(self.module_metadata[i])
print()
elif sub_command == options:
target_opts = {'port', 'target'}
module_opts = set(self.current_module.options) - target_opts
headers = ("Name", "Current settings", "Description")
utils.print_info('\nTarget options:')
utils.print_table(headers, *self.get_opts(*target_opts))
if module_opts:
utils.print_info('\nModule options:')
utils.print_table(headers, *self.get_opts(*module_opts))
utils.print_info()
else:
print("Unknown command 'show {}'. You want to 'show {}' or 'show {}'?".format(sub_command, info, options))
def command_show(self, *args, **kwargs):
info, options = 'info', 'options'
sub_command = args[0]
if sub_command == info:
utils.pprint_dict_in_order(
("name", "description", "targets", "authors", "references"),
self.module_metadata,
)
utils.print_info()
elif sub_command == options:
target_opts = {'port', 'target'}
module_opts = set(self.current_module.options) - target_opts
headers = ("Name", "Current settings", "Description")
utils.print_info('\nTarget options:')
utils.print_table(headers, *self.get_opts(*target_opts))
if module_opts:
utils.print_info('\nModule options:')
utils.print_table(headers, *self.get_opts(*module_opts))
utils.print_info()
else:
print(
"Unknown command 'show {}'. You want to 'show {}' or 'show {}'?"
.format(sub_command, info, options))
def test_print_table_02(self, mock_print):
utils.print_table(["Name", "Value", "Description"], )
self.assertEqual(mock_print.mock_calls, [
mock.call(),
mock.call(' Name Value Description '),
mock.call(' ---- ----- ----------- '),
mock.call()
])
def _show_options(self, *args, **kwargs):
target_opts = {'port', 'target'}
module_opts = set(self.current_module.options) - target_opts
headers = ("Name", "Current settings", "Description")
utils.print_info('\nTarget options:')
utils.print_table(headers, *self.get_opts(*target_opts))
if module_opts:
utils.print_info('\nModule options:')
utils.print_table(headers, *self.get_opts(*module_opts))
utils.print_info()
def test_print_table_02(self, mock_print):
utils.print_table(
["Name", "Value", "Description"],
)
self.assertEqual(
mock_print.mock_calls,
[
mock.call(),
mock.call(' Name Value Description '),
mock.call(' ---- ----- ----------- '),
mock.call()
]
)
def _show_options(self, *args, **kwargs):
target_opts = ['target', 'port', 'rhost', 'rport', 'lhost', 'lport']
module_opts = [opt for opt in self.current_module.options if opt not in target_opts]
headers = ("Name", "Current settings", "Description")
utils.print_info('\nTarget options:')
utils.print_table(headers, *self.get_opts(*target_opts))
if module_opts:
utils.print_info('\nModule options:')
utils.print_table(headers, *self.get_opts(*module_opts))
utils.print_info()
def _show_options(self, *args, **kwargs):
target_opts = {'port', 'target'}
module_opts = set(self.current_module.options) - target_opts
headers = ("Name", "Current settings", "Description")
utils.print_info('\nTarget options:')
utils.print_table(headers, *self.get_opts(*target_opts))
if module_opts:
utils.print_info('\nModule options:')
utils.print_table(headers, *self.get_opts(*module_opts))
utils.print_info()
def test_print_table_01(self, mock_print):
utils.print_table(["Name", "Value", "Description"],
('foo', 'bar', 'baz'), (1, 2, 3),
("port", 80, "port number"))
self.assertEqual(mock_print.mock_calls, [
mock.call(),
mock.call(' Name Value Description '),
mock.call(' ---- ----- ----------- '),
mock.call(' foo bar baz '),
mock.call(' 1 2 3 '),
mock.call(' port 80 port number '),
mock.call()
])
def _show_options(self, *args, **kwargs):
target_opts = ['target', 'port', 'rhost', 'rport', 'lhost', 'lport']
module_opts = [
opt for opt in self.current_module.options
if opt not in target_opts
]
headers = ("Name", "Current settings", "Description")
utils.print_info('\nTarget options:')
utils.print_table(headers, *self.get_opts(*target_opts))
if module_opts:
utils.print_info('\nModule options:')
utils.print_table(headers, *self.get_opts(*module_opts))
utils.print_info()
def run(self):
self.strings= []
# todo: check if service is up
if self.snmp.startswith('file://'):
snmp = open(self.snmp[7:], 'r')
else:
snmp = [self.snmp]
collection = LockedIterator(snmp)
self.run_threads(self.threads, self.target_function, collection)
if len(self.strings):
print_success("Credentials found!")
headers = tuple(["Community Strings"])
print_table(headers, *self.strings)
else:
print_error("Valid community strings not found")
def test_print_table_01(self, mock_print):
utils.print_table(
["Name", "Value", "Description"],
('foo', 'bar', 'baz'),
(1, 2, 3),
("port", 80, "port number")
)
self.assertEqual(
mock_print.mock_calls,
[
mock.call(),
mock.call(' Name Value Description '),
mock.call(' ---- ----- ----------- '),
mock.call(' foo bar baz '),
mock.call(' 1 2 3 '),
mock.call(' port 80 port number '),
mock.call()
]
)
def run(self):
self.strings = []
print_status("Running module...")
# todo: check if service is up
if self.snmp.startswith('file://'):
snmp = open(self.snmp[7:], 'r')
else:
snmp = [self.snmp]
collection = LockedIterator(snmp)
self.run_threads(self.threads, self.target_function, collection)
if len(self.strings):
print_success("Credentials found!")
headers = tuple(["Community Strings"])
print_table(headers, *self.strings)
else:
print_error("Valid community strings not found")
def command_show(self, *args, **kwargs):
info, options, devices = 'info', 'options', 'devices'
sub_command = args[0]
if sub_command == info:
utils.pprint_dict_in_order(
self.module_metadata,
("name", "description", "devices", "authors", "references"),
)
utils.print_info()
elif sub_command == options:
target_opts = {'port', 'target'}
module_opts = set(self.current_module.options) - target_opts
headers = ("Name", "Current settings", "Description")
utils.print_info('\nTarget options:')
utils.print_table(headers, *self.get_opts(*target_opts))
if module_opts:
utils.print_info('\nModule options:')
utils.print_table(headers, *self.get_opts(*module_opts))
utils.print_info()
elif sub_command == devices:
if devices in self.current_module._Exploit__info__.keys():
devices = self.current_module._Exploit__info__['devices']
print("\nTarget devices:")
i = 0
for device in devices:
if isinstance(device, dict):
print(" {} - {}".format(i, device['name']))
else:
print(" {} - {}".format(i, device))
i += 1
print()
else:
print("\nTarget devices are not defined")
else:
print(
"Unknown command 'show {}'. You want to 'show {}' or 'show {}'?"
.format(sub_command, info, options))
def command_show(self, *args, **kwargs):
info, options, devices = 'info', 'options', 'devices'
sub_command = args[0]
if sub_command == info:
utils.pprint_dict_in_order(
self.module_metadata,
("name", "description", "devices", "authors", "references"),
)
utils.print_info()
elif sub_command == options:
target_opts = {'port', 'target'}
module_opts = set(self.current_module.options) - target_opts
headers = ("Name", "Current settings", "Description")
utils.print_info('\nTarget options:')
utils.print_table(headers, *self.get_opts(*target_opts))
if module_opts:
utils.print_info('\nModule options:')
utils.print_table(headers, *self.get_opts(*module_opts))
utils.print_info()
elif sub_command == devices:
if devices in self.current_module._Exploit__info__.keys():
devices = self.current_module._Exploit__info__['devices']
print("\nTarget devices:")
i = 0
for device in devices:
if isinstance(device, dict):
print(" {} - {}".format(i, device['name']))
else:
print(" {} - {}".format(i, device))
i += 1
print()
else:
print("\nTarget devices are not defined")
else:
print("Unknown command 'show {}'. You want to 'show {}' or 'show {}'?".format(sub_command, info, options))
def command_show(self, *args, **kwargs):
info, options = 'info', 'options'
sub_command = args[0]
if sub_command == info:
utils.pprint_dict_in_order(
self.module_metadata,
("name", "description", "devices", "authors", "references"),
)
utils.print_info()
elif sub_command == options:
target_opts = {'port', 'target'}
module_opts = set(self.current_module.options) - target_opts
headers = ("Name", "Current settings", "Description")
utils.print_info('\nTarget options:')
utils.print_table(headers, *self.get_opts(*target_opts))
if module_opts:
utils.print_info('\nModule options:')
utils.print_table(headers, *self.get_opts(*module_opts))
utils.print_info()
else:
print("Unknown command 'show {}'. You want to 'show {}' or 'show {}'?".format(sub_command, info, options))
def shell(exploit, architecture="", method="", payloads=None, **params):
path = "routersploit/modules/payloads/{}/".format(architecture)
payload = None
options = []
if not payloads:
payloads = [f.split(".")[0] for f in listdir(path) if isfile(join(path, f)) and f.endswith(".py") and f != "__init__.py"]
print_info()
print_success("Welcome to cmd. Commands are sent to the target via the execute method.")
print_status("Depending on the vulnerability, command's results might not be available.")
print_status("For further exploitation use 'show payloads' and 'set payload <payload>' commands.")
print_info()
while 1:
while not printer_queue.empty():
pass
if payload is None:
cmd_str = "\001\033[4m\002cmd\001\033[0m\002 > "
else:
cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format(payload._Exploit__info__['name'])
cmd = raw_input(cmd_str)
if cmd in ["quit", "exit"]:
return
elif cmd == "show payloads":
print_status("Available payloads:")
for payload_name in payloads:
print_info("- {}".format(payload_name))
elif cmd.startswith("set payload "):
c = cmd.split(" ")
if c[2] in payloads:
payload_path = path.replace("/", ".") + c[2]
payload = getattr(importlib.import_module(payload_path), 'Exploit')()
options = []
for option in payload.exploit_attributes.keys():
if option not in ["output", "filepath"]:
options.append([option, getattr(payload, option), payload.exploit_attributes[option]])
if payload.handler == "bind_tcp":
options.append(["rhost", validators.ipv4(exploit.target), "Target IP address"])
if method == "wget":
options.append(["lhost", "", "Connect-back IP address for wget"])
options.append(["lport", 4545, "Connect-back Port for wget"])
else:
print_error("Payload not available")
elif payload is not None:
if cmd == "show options":
headers = ("Name", "Current settings", "Description")
print_info('\nPayload Options:')
print_table(headers, *options)
print_info()
elif cmd.startswith("set "):
c = cmd.split(" ")
if len(c) != 3:
print_error("set <option> <value>")
else:
for option in options:
if option[0] == c[1]:
try:
setattr(payload, c[1], c[2])
except Exception:
print_error("Invalid value for {}".format(c[1]))
break
option[1] = c[2]
print_success("{'" + c[1] + "': '" + c[2] + "'}")
elif cmd == "run":
data = payload.generate()
if method == "wget":
elf_binary = payload.generate_elf(data)
communication = Communication(exploit, elf_binary, options, **params)
if communication.wget() is False:
continue
elif method == "echo":
elf_binary = payload.generate_elf(data)
communication = Communication(exploit, elf_binary, options, **params)
communication.echo()
elif method == "generic":
params['exec_binary'] = data
communication = Communication(exploit, "", options, **params)
if payload.handler == "bind_tcp":
communication.bind_tcp()
elif payload.handler == "reverse_tcp":
communication.reverse_tcp()
elif cmd == "back":
payload = None
else:
print_status("Executing '{}' on the device...".format(cmd))
print_info(exploit.execute(cmd))
def shell(exploit, architecture="", method="", payloads=None, **params):
path = "routersploit/modules/payloads/{}/".format(architecture)
payload = None
options = []
if not payloads:
payloads = [
f.split(".")[0] for f in listdir(path) if isfile(join(path, f))
and f.endswith(".py") and f != "__init__.py"
]
print_info()
print_success(
"Welcome to cmd. Commands are sent to the target via the execute method."
)
print_status(
"Depending on the vulnerability, command's results might not be available."
)
print_status(
"For further exploitation use 'show payloads' and 'set payload <payload>' commands."
)
print_info()
while 1:
while not printer_queue.empty():
pass
if payload is None:
cmd_str = "\001\033[4m\002cmd\001\033[0m\002 > "
else:
cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format(
payload._Exploit__info__['name'])
cmd = raw_input(cmd_str)
if cmd in ["quit", "exit"]:
return
elif cmd == "show payloads":
print_status("Available payloads:")
for payload_name in payloads:
print_info("- {}".format(payload_name))
elif cmd.startswith("set payload "):
c = cmd.split(" ")
if c[2] in payloads:
payload_path = path.replace("/", ".") + c[2]
payload = getattr(importlib.import_module(payload_path),
'Exploit')()
options = []
for option in payload.exploit_attributes.keys():
if option not in ["output", "filepath"]:
options.append([
option,
getattr(payload, option),
payload.exploit_attributes[option]
])
if payload.handler == "bind_tcp":
options.append([
"rhost",
validators.ipv4(exploit.target), "Target IP address"
])
if method == "wget":
options.append(
["lhost", "", "Connect-back IP address for wget"])
options.append(
["lport", 4545, "Connect-back Port for wget"])
else:
print_error("Payload not available")
elif payload is not None:
if cmd == "show options":
headers = ("Name", "Current settings", "Description")
print_info('\nPayload Options:')
print_table(headers, *options)
print_info()
elif cmd.startswith("set "):
c = cmd.split(" ")
if len(c) != 3:
print_error("set <option> <value>")
else:
for option in options:
if option[0] == c[1]:
try:
setattr(payload, c[1], c[2])
except Exception:
print_error("Invalid value for {}".format(
c[1]))
break
option[1] = c[2]
print_success("{'" + c[1] + "': '" + c[2] + "'}")
elif cmd == "run":
data = payload.generate()
if method == "wget":
elf_binary = payload.generate_elf(data)
communication = Communication(exploit, elf_binary, options,
**params)
if communication.wget() is False:
continue
elif method == "echo":
elf_binary = payload.generate_elf(data)
communication = Communication(exploit, elf_binary, options,
**params)
communication.echo()
elif method == "generic":
params['exec_binary'] = data
communication = Communication(exploit, "", options,
**params)
if payload.handler == "bind_tcp":
communication.bind_tcp()
elif payload.handler == "reverse_tcp":
communication.reverse_tcp()
elif cmd == "back":
payload = None
else:
print_status("Executing '{}' on the device...".format(cmd))
print_info(exploit.execute(cmd))
