def get_shellcodes(self, args):
url = "http://shell-storm.org/api/?s="
# Craft URL with parameters
# Yes manually, because f*ck the builtins
params = ""
for arg in args:
params += str(arg)
params += "*"
params = params[:len(params) - 1]
url += params
# Request
req = Request("GET", url)
prepped = req.prepare()
s = Session()
resp = s.send(prepped, timeout=10, verify=True)
link = ""
if is_query_success(resp):
link = self.handle_shelllist(resp.text)
else:
fail("Something went wrong with the request ({0}: {1}".format(resp.code, resp.text))
exit(-1)
# Get Shellcode
return self.html_to_shellcode(link) if link else link
def __init__(self, hostname, port):
try:
self.tn = telnetlib.Telnet(hostname, port)
except Exception as err:
fail("Could not connect Telnet to {0}:{1} (error: {2})".format(
hostname, port, err))
print("Connected to port {0}".format(green(port)))
def __init__(self,
maximum_length,
*keywords,
strict=False,
shellcode=None,
script_index=-1):
"""
Initialize a Shellcode crafter
:param maximum_length: Maximum length for the shellcode
:param *keywords: Keywords to find the shellcode in the Shell-storm
database
:param strict: Usually maximum_length is used for shellcode
padding, but when restrict is True, the shellcode
list will only display those which length is less
than maximum_length.
:param shellcode: User can input an already defined shellcode
directly in ShellCrafter
:param script_index Shellcode to select can be specified here (useful
when scripting)
"""
self.maximum_shellcode_length = maximum_length
self.keywords = keywords
self.shellcode = shellcode
self.strict = strict
self.script_index = script_index
if not shellcode and not keywords:
fail("Please specify some shellcode or keywords")
exit(-1)
def __init__(self, hostname, port):
try:
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.socket.connect((hostname, port))
except Exception as err:
fail("Could not connect Netcat to {0}:{1} (error: {2})".format(hostname, port, err))
print("Connected to port {0}".format(green(port)))
def get_shellcodes(self, args):
url = "http://shell-storm.org/api/?s="
# Craft URL with parameters
# Yes manually, because f*ck the builtins
params = ""
for arg in args:
params += str(arg)
params += "*"
params = params[:len(params) - 1]
url += params
# Request
req = Request("GET", url)
prepped = req.prepare()
s = Session()
resp = s.send(prepped, timeout=10, verify=True)
link = ""
if is_query_success(resp):
link = self.handle_shelllist(resp.text)
else:
fail("Something went wrong with the request ({0}: {1}".format(
resp.code, resp.text))
exit(-1)
# Get Shellcode
return self.html_to_shellcode(link) if link else link
def __init__(self, maximum_length, *keywords, shellcode=None):
self.maximum_shellcode_length = maximum_length
self.keywords = keywords
self.shellcode = shellcode
if not shellcode and not keywords:
fail("Please specify some shellcode or keywords")
exit(-1)
def __init__(self, maximum_length, *keywords, shellcode=None):
self.maximum_shellcode_length = maximum_length
self.keywords = keywords
self.shellcode = shellcode
if not shellcode and not keywords:
fail("Please specify some shellcode or keywords")
exit(-1)
def __init__(self, hostname, port):
try:
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.socket.connect((hostname, port))
except Exception as err:
fail("Could not connect Netcat to {0}:{1} (error: {2})".format(
hostname, port, err))
print("Connected to port {0}".format(green(port)))
def nix_basic_pass_cracker(encrypted_pass):
try:
crypt_method = encrypted_pass.split("$")[1]
except Exception:
crypt_method = '0'
# Basic MD5
if crypt_method == '0':
salt = encrypted_pass[0:2]
debug("Password: {0}".format(encrypted_pass))
debug("Salt: {0}".format(salt))
dict_file = open("common_passwords.txt", "r")
for word in dict_file.readlines():
word = word.rstrip()
if encrypted_pass == crypt.crypt(word, salt=salt):
success("Password corresponding to {0} is {1}."
.format(encrypted_pass, cyan(word)))
return word
# /etc/shadow style
else:
if crypt_method == '1':
debug("Method: MD5")
encryption = passlib.md5_crypt.encrypt
pass_filter = lambda x: x
elif crypt_method == '5':
debug("Method: SHA256")
encryption = passlib.sha256_crypt.encrypt
pass_filter = filter_rounds
warning("This may be long... Go grab a coffee (or maybe 10)")
elif crypt_method == '6':
debug("Method: SHA512")
encryption = passlib.sha512_crypt.encrypt
pass_filter = filter_rounds
warning("This may be long... Go grab a coffee (or maybe 10)")
else:
fail("Unknown encryption method.")
return
salt = encrypted_pass.split("$")[2]
debug("Password: {0}".format(encrypted_pass))
debug("Salt: {0}".format(salt))
dict_file = open("common_passwords.txt", "r")
for word in dict_file.readlines():
word = word.rstrip()
if encrypted_pass == pass_filter(encryption(word, salt=salt)):
success("Password corresponding to {0} is {1}."
.format(encrypted_pass, cyan(word)))
return word
fail("Password not found for {0}.".format(encrypted_pass))
return
def __init__(self, hostname, port):
'''
Initialize a netcat client
:param hostname: Hostname to connect to
:param port: Port to connect to
'''
try:
self.tn = telnetlib.Telnet(hostname, port)
except Exception as err:
fail("Could not connect Telnet to {0}:{1} (error: {2})".format(hostname, port, err))
print("Connected to port {0}".format(green(port)))
def __init__(self, hostname, port):
'''
Initialize a netcat client
:param hostname: Hostname to connect to
:param port: Port to connect to
'''
try:
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.socket.connect((hostname, port))
except Exception as err:
fail("Could not connect Netcat to {0}:{1} (error: {2})".format(hostname, port, err))
print("Connected to port {0}".format(green(port)))
def __init__(self, hostname, port):
"""
Initialize a netcat client
:param hostname: Hostname to connect to
:param port: Port to connect to
"""
try:
self.tn = telnetlib.Telnet(hostname, port)
except Exception as err:
fail("Could not connect Telnet to {0}:{1} (error: {2})".format(
hostname, port, err))
raise err
print("Connected to port {0}".format(green(port)))
def isqrt(n):
if n < 0:
fail("square root not defined for negative numbers")
exit(-1)
if n == 0:
return 0
a, b = divmod(bitlength(n), 2)
x = 2 ** (a + b)
while True:
y = (x + n // x) // 2
if y >= x:
return x
x = y
def isqrt(n):
if n < 0:
fail("square root not defined for negative numbers")
exit(-1)
if n == 0:
return 0
a, b = divmod(bitlength(n), 2)
x = 2**(a + b)
while True:
y = (x + n // x) // 2
if y >= x:
return x
x = y
def __init__(self, hostname, port):
"""
Initialize a netcat client
:param hostname: Hostname to connect to
:param port: Port to connect to
"""
try:
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.socket.connect((hostname, port))
except Exception as err:
fail("Could not connect Netcat to {0}:{1} (error: {2})".format(
hostname, port, err))
raise err
print("Connected to port {0}".format(green(port)))
def get_shellcodes(self, args):
"""
Request shellcodes from shell-storm that match the keywords
:param args: Keywords to send to the API
:returns: String formatted shellcodes
"""
url = "http://shell-storm.org/api/?s="
# Craft URL with parameters
# There should be some builtins for this, but I was tired at the time I
# wrote this...
params = ""
for arg in args:
params += str(arg)
params += "*"
params = params[:len(params) - 1]
url += params
# Request
req = Request("GET", url)
prepped = req.prepare()
s = Session()
resp = s.send(prepped, timeout=10, verify=True)
s = ''
while s == '':
if is_query_success(resp):
link = self.handle_shelllist(resp.text)
else:
fail("Something went wrong with the request ({0}: {1}".format(
resp.code, resp.text))
return None
# Get Shellcode
s = self.html_to_shellcode(link) if link else link
if s == '':
fail(
"Shellcode could not be retrieved - Please choose another one"
)
return s
def handle_shelllist(response_text):
response_text_list = [x for x in response_text.split("\n") if x]
shellist = []
print("\n")
if len(response_text_list) < 1:
fail("No shellcode found for these parameters.")
return
# Please do NOT change the API...
for i, line in enumerate(response_text_list):
# Get shellcode architecture
architecture = line[line.find("::::") +
4:find_nth(line, "::::", 1)]
# Get shellcode's name
title = line[find_nth(line, "::::", 1) +
4:find_nth(line, "::::", 2)]
# Get shellcode's link
link = line[find_nth(line, "::::", 3) + 4:]
# Add to list
entry = "({0}) {1}".format(architecture, cyan(title))
shellist.append(link)
print("{0}: {1}".format(i, entry))
user_choice = 0
while 1:
user_choice = input(yellow("Selection: "))
if int(user_choice) < 0:
continue
try:
print("Your choice: {0}".format(shellist[int(user_choice)]))
break
except IndexError:
continue
# Return selected shellcode
return shellist[int(user_choice)]
def get_shellcodes(self, args):
"""
Request shellcodes from shell-storm that match the keywords
:param args: Keywords to send to the API
:returns: String formatted shellcodes
"""
url = "http://shell-storm.org/api/?s="
# Craft URL with parameters
# There should be some builtins for this, but I was tired at the time I
# wrote this...
params = ""
for arg in args:
params += str(arg)
params += "*"
params = params[: len(params) - 1]
url += params
# Request
req = Request("GET", url)
prepped = req.prepare()
s = Session()
resp = s.send(prepped, timeout=10, verify=True)
s = ""
while s == "":
if is_query_success(resp):
link = self.handle_shelllist(resp.text)
else:
fail("Something went wrong with the request ({0}: {1}".format(resp.code, resp.text))
return None
# Get Shellcode
s = self.html_to_shellcode(link) if link else link
if s == "":
fail("Shellcode could not be retrieved - Please choose another one")
return s
def handle_shelllist(response_text):
response_text_list = [x for x in response_text.split("\n") if x]
shellist = []
print("\n")
if len(response_text_list) < 1:
fail("No shellcode found for these parameters.")
return
# Please do NOT change the API...
for i, line in enumerate(response_text_list):
# Get shellcode architecture
architecture = line[line.find("::::") + 4:find_nth(line, "::::", 1)]
# Get shellcode's name
title = line[find_nth(line, "::::", 1) + 4:find_nth(line, "::::", 2)]
# Get shellcode's link
link = line[find_nth(line, "::::", 3) + 4:]
# Add to list
entry = "({0}) {1}".format(architecture, cyan(title))
shellist.append(link)
print("{0}: {1}".format(i, entry))
user_choice = 0
while 1:
user_choice = input(yellow("Selection: "))
if int(user_choice) < 0:
continue
try:
print("Your choice: {0}".format(shellist[int(user_choice)]))
break
except IndexError:
continue
# Return selected shellcode
return shellist[int(user_choice)]
def __init__(self, maximum_length, *keywords, strict=False, shellcode=None, script_index=-1):
"""
Initialize a Shellcode crafter
:param maximum_length: Maximum length for the shellcode
:param *keywords: Keywords to find the shellcode in the Shell-storm
database
:param strict: Usually maximum_length is used for shellcode
padding, but when restrict is True, the shellcode
list will only display those which length is less
than maximum_length.
:param shellcode: User can input an already defined shellcode
directly in ShellCrafter
:param script_index Shellcode to select can be specified here (useful
when scripting)
"""
self.maximum_shellcode_length = maximum_length
self.keywords = keywords
self.shellcode = shellcode
self.strict = strict
self.script_index = script_index
if not shellcode and not keywords:
fail("Please specify some shellcode or keywords")
exit(-1)
def handle_shelllist(self, response_text):
"""
Print shellcodes in database that match given keywords
VERY HACKY - Didn't find any clean way to parse this, and I FREAKIN HATE
parsing. So let's just hope the API won't change
"""
response_text_list = [x for x in response_text.split("\n") if x]
shellist = []
print("\n")
if len(response_text_list) < 1:
fail("No shellcode found for these parameters.")
return None
# Please do NOT change the API...
i = 0
for line in response_text_list:
# Check shellcode length (strict=True)
if self.strict:
try:
length = re.search("\d[\d ]*bytes", line).group()
length = re.search("\d*", length).group()
if int(length) > self.maximum_shellcode_length:
continue
except Exception as e:
# Shellcode has no length - Skip it
continue
# Get shellcode architecture
architecture = line[line.find("::::") + 4 : find_nth(line, "::::", 1)]
# Get shellcode's name
title = line[find_nth(line, "::::", 1) + 4 : find_nth(line, "::::", 2)]
# Get shellcode's link
link = re.search("http://.*\.php", line).group()
# Add to list
entry = "({0}) {1}".format(architecture, cyan(title))
shellist.append(link)
print("{0}: {1}".format(i, entry))
i += 1
if self.script_index > -1:
try:
sh = shellist[self.script_index]
return sh
except IndexError as e:
print(e)
user_choice = 0
while 1:
user_choice = input(yellow("Selection: "))
if int(user_choice) < 0:
continue
try:
print("Your choice: {0}".format(shellist[int(user_choice)]))
break
except IndexError as e:
print(e)
continue
# Return selected shellcode
return shellist[int(user_choice)]
def handle_shelllist(self, response_text):
"""
Print shellcodes in database that match given keywords
VERY HACKY - Didn't find any clean way to parse this, and I FREAKIN HATE
parsing. So let's just hope the API won't change
"""
response_text_list = [x for x in response_text.split("\n") if x]
shellist = []
print("\n")
if len(response_text_list) < 1:
fail("No shellcode found for these parameters.")
return None
# Please do NOT change the API...
i = 0
for line in response_text_list:
# Check shellcode length (strict=True)
if self.strict:
try:
length = re.search('\d[\d ]*bytes', line).group()
length = re.search('\d*', length).group()
if int(length) > self.maximum_shellcode_length:
continue
except Exception as e:
# Shellcode has no length - Skip it
continue
# Get shellcode architecture
architecture = line[line.find("::::") +
4:find_nth(line, "::::", 1)]
# Get shellcode's name
title = line[find_nth(line, "::::", 1) +
4:find_nth(line, "::::", 2)]
# Get shellcode's link
link = re.search('http://.*\.php', line).group()
# Add to list
entry = "({0}) {1}".format(architecture, cyan(title))
shellist.append(link)
print("{0}: {1}".format(i, entry))
i += 1
if self.script_index > -1:
try:
sh = shellist[self.script_index]
return sh
except IndexError as e:
print(e)
user_choice = 0
while 1:
user_choice = input(yellow("Selection: "))
if int(user_choice) < 0:
continue
try:
print("Your choice: {0}".format(shellist[int(user_choice)]))
break
except IndexError as e:
print(e)
continue
# Return selected shellcode
return shellist[int(user_choice)]
