def html_to_shellcode(self, link):
# Fetch webpage
html = urlopen(link).read()
# Extract text
soup = BeautifulSoup(html, "html.parser")
for script in soup(["script", "style"]):
script.extract()
text = soup.get_text()
lines = (line.strip() for line in text.splitlines())
chunks = (phrase.strip() for line in lines
for phrase in line.split(" "))
text = '\n'.join(chunk for chunk in chunks if chunk)
# Extract shellcode
shellcode = []
for i, line in enumerate(text.split("\n")):
if "\"\\x" in line:
line = self.delete_comments(line)
line = line[line.find("\"\\x"):]
shellcode.append(line)
# Clean Shellcode
final_shellcode = ''.join(shellcode)
final_shellcode = final_shellcode.replace("\"", "")
final_shellcode = final_shellcode.replace(";", "")
final_shellcode = final_shellcode.replace(" ", "")
final_shellcode = final_shellcode.replace("\t", "")
final_shellcode = final_shellcode.replace("\n", "")
print("{0} {1}\n".format(yellow("Shellcode:"), final_shellcode))
# Return shellcode as string, not bytes
self.shellcode = final_shellcode.replace("\\x", "\\\\x")
return self.shellcode
def html_to_shellcode(self, link):
# Fetch webpage
html = urlopen(link).read()
# Extract text
soup = BeautifulSoup(html, "html.parser")
for script in soup(["script", "style"]):
script.extract()
text = soup.get_text()
lines = (line.strip() for line in text.splitlines())
chunks = (phrase.strip() for line in lines for phrase in line.split(" "))
text = '\n'.join(chunk for chunk in chunks if chunk)
# Extract shellcode
shellcode = []
for i, line in enumerate(text.split("\n")):
if "\"\\x" in line:
line = self.delete_comments(line)
line = line[line.find("\"\\x"):]
shellcode.append(line)
# Clean Shellcode
final_shellcode = ''.join(shellcode)
final_shellcode = final_shellcode.replace("\"", "")
final_shellcode = final_shellcode.replace(";", "")
final_shellcode = final_shellcode.replace(" ", "")
final_shellcode = final_shellcode.replace("\t", "")
final_shellcode = final_shellcode.replace("\n", "")
print("{0} {1}\n".format(yellow("Shellcode:"), final_shellcode))
# Return shellcode as string, not bytes
self.shellcode = final_shellcode.replace("\\x", "\\\\x")
return self.shellcode
def dialogue(self, command, nb_of_recv=1):
"""
Exchange with the server
Sends 'commands' and waits for 'nb_of_recv' messages back
:param command: message to send
:param nb_of_recv: Number of messages to try to read
:returns: The received data
"""
self.writeln(command)
return "{0}: {1}".format(yellow("Answer"), self.read(nb_of_recv))
def dialogue(self, command, nb_of_recv=1):
"""
Exchange with the server
Sends 'commands' and waits for 'nb_of_recv' messages back
:param command: message to send
:param nb_of_recv: Number of messages to try to read
:returns: The received data
"""
self.writeln(command)
return "{0}: {1}".format(yellow("Answer"), self.read(nb_of_recv))
def handle_shelllist(response_text):
response_text_list = [x for x in response_text.split("\n") if x]
shellist = []
print("\n")
if len(response_text_list) < 1:
fail("No shellcode found for these parameters.")
return
# Please do NOT change the API...
for i, line in enumerate(response_text_list):
# Get shellcode architecture
architecture = line[line.find("::::") +
4:find_nth(line, "::::", 1)]
# Get shellcode's name
title = line[find_nth(line, "::::", 1) +
4:find_nth(line, "::::", 2)]
# Get shellcode's link
link = line[find_nth(line, "::::", 3) + 4:]
# Add to list
entry = "({0}) {1}".format(architecture, cyan(title))
shellist.append(link)
print("{0}: {1}".format(i, entry))
user_choice = 0
while 1:
user_choice = input(yellow("Selection: "))
if int(user_choice) < 0:
continue
try:
print("Your choice: {0}".format(shellist[int(user_choice)]))
break
except IndexError:
continue
# Return selected shellcode
return shellist[int(user_choice)]
def html_to_shellcode(self, link):
"""
Fetch HTML page from shell-storm and recover the shellcode
"""
# Fetch webpage
html = urlopen(link).read()
# Extract text
soup = BeautifulSoup(html, "html.parser")
for script in soup(["script", "style"]):
script.extract()
text = soup.get_text()
lines = (line.strip() for line in text.splitlines())
chunks = (phrase.strip() for line in lines for phrase in line.split(" "))
text = "\n".join(chunk for chunk in chunks if chunk)
# Extract shellcode
shellcode = []
for i, line in enumerate(text.split("\n")):
if '"\\x' in line:
line = self.delete_comments(line)
line = line[line.find('"\\x') :]
shellcode.append(line)
# Clean Shellcode
final_shellcode = "".join(shellcode)
final_shellcode = final_shellcode.replace('"', "")
final_shellcode = final_shellcode.replace(";", "")
final_shellcode = final_shellcode.replace(" ", "")
final_shellcode = final_shellcode.replace("\t", "")
final_shellcode = final_shellcode.replace("\n", "")
print("{0} {1}\n".format(yellow("Shellcode:"), final_shellcode))
# In case there are multiple occurences of the shellcode in the page
final_shellcode = self.principal_period(final_shellcode)
# Return shellcode as string, not bytes
self.shellcode = final_shellcode
return self.shellcode
def handle_shelllist(response_text):
response_text_list = [x for x in response_text.split("\n") if x]
shellist = []
print("\n")
if len(response_text_list) < 1:
fail("No shellcode found for these parameters.")
return
# Please do NOT change the API...
for i, line in enumerate(response_text_list):
# Get shellcode architecture
architecture = line[line.find("::::") + 4:find_nth(line, "::::", 1)]
# Get shellcode's name
title = line[find_nth(line, "::::", 1) + 4:find_nth(line, "::::", 2)]
# Get shellcode's link
link = line[find_nth(line, "::::", 3) + 4:]
# Add to list
entry = "({0}) {1}".format(architecture, cyan(title))
shellist.append(link)
print("{0}: {1}".format(i, entry))
user_choice = 0
while 1:
user_choice = input(yellow("Selection: "))
if int(user_choice) < 0:
continue
try:
print("Your choice: {0}".format(shellist[int(user_choice)]))
break
except IndexError:
continue
# Return selected shellcode
return shellist[int(user_choice)]
def dialogue(self, command, nb_of_recv=1):
self.writeln(command)
return "{0}: {1}".format(yellow("Answer"), self.read(nb_of_recv))
def handle_shelllist(self, response_text):
"""
Print shellcodes in database that match given keywords
VERY HACKY - Didn't find any clean way to parse this, and I FREAKIN HATE
parsing. So let's just hope the API won't change
"""
response_text_list = [x for x in response_text.split("\n") if x]
shellist = []
print("\n")
if len(response_text_list) < 1:
fail("No shellcode found for these parameters.")
return None
# Please do NOT change the API...
i = 0
for line in response_text_list:
# Check shellcode length (strict=True)
if self.strict:
try:
length = re.search('\d[\d ]*bytes', line).group()
length = re.search('\d*', length).group()
if int(length) > self.maximum_shellcode_length:
continue
except Exception as e:
# Shellcode has no length - Skip it
continue
# Get shellcode architecture
architecture = line[line.find("::::") +
4:find_nth(line, "::::", 1)]
# Get shellcode's name
title = line[find_nth(line, "::::", 1) +
4:find_nth(line, "::::", 2)]
# Get shellcode's link
link = re.search('http://.*\.php', line).group()
# Add to list
entry = "({0}) {1}".format(architecture, cyan(title))
shellist.append(link)
print("{0}: {1}".format(i, entry))
i += 1
if self.script_index > -1:
try:
sh = shellist[self.script_index]
return sh
except IndexError as e:
print(e)
user_choice = 0
while 1:
user_choice = input(yellow("Selection: "))
if int(user_choice) < 0:
continue
try:
print("Your choice: {0}".format(shellist[int(user_choice)]))
break
except IndexError as e:
print(e)
continue
# Return selected shellcode
return shellist[int(user_choice)]
def handle_shelllist(self, response_text):
"""
Print shellcodes in database that match given keywords
VERY HACKY - Didn't find any clean way to parse this, and I FREAKIN HATE
parsing. So let's just hope the API won't change
"""
response_text_list = [x for x in response_text.split("\n") if x]
shellist = []
print("\n")
if len(response_text_list) < 1:
fail("No shellcode found for these parameters.")
return None
# Please do NOT change the API...
i = 0
for line in response_text_list:
# Check shellcode length (strict=True)
if self.strict:
try:
length = re.search("\d[\d ]*bytes", line).group()
length = re.search("\d*", length).group()
if int(length) > self.maximum_shellcode_length:
continue
except Exception as e:
# Shellcode has no length - Skip it
continue
# Get shellcode architecture
architecture = line[line.find("::::") + 4 : find_nth(line, "::::", 1)]
# Get shellcode's name
title = line[find_nth(line, "::::", 1) + 4 : find_nth(line, "::::", 2)]
# Get shellcode's link
link = re.search("http://.*\.php", line).group()
# Add to list
entry = "({0}) {1}".format(architecture, cyan(title))
shellist.append(link)
print("{0}: {1}".format(i, entry))
i += 1
if self.script_index > -1:
try:
sh = shellist[self.script_index]
return sh
except IndexError as e:
print(e)
user_choice = 0
while 1:
user_choice = input(yellow("Selection: "))
if int(user_choice) < 0:
continue
try:
print("Your choice: {0}".format(shellist[int(user_choice)]))
break
except IndexError as e:
print(e)
continue
# Return selected shellcode
return shellist[int(user_choice)]
def dialogue(self, command, nb_of_recv=1):
self.writeln(command)
return "{0}: {1}".format(yellow("Answer"), self.read(nb_of_recv))