def start_flask(config, cli):
prefix = "http://"
if config.get("gui-https-enabled") == "on":
prefix = "https://"
UI.warn("Web GUI Started: %s%s:%s" %
(prefix, config.get("gui-host"), config.get("gui-port")))
UI.warn("Web GUI Password: %s" % config.get("server-password"))
app.init(config, cli)
try:
if config.get("gui-https-enabled") == "on":
cert = config.get("gui-https-cert-path")
Utils.file_exists(cert, True)
server = WSGIServer(
(config.get("gui-host"), int(config.get("gui-port"))),
app,
log=None,
keyfile=cert,
certfile=cert)
else:
server = WSGIServer(
(config.get("gui-host"), int(config.get("gui-port"))),
app,
log=None)
server.serve_forever()
except:
pass
def start_gui(config, cli):
prefix = "http://"
try:
port = int(config.get("gui-port"))
except:
UI.error("(gui-port) GUI HTTP port need to be a integer.", True)
if config.get("https-enabled") == "on":
prefix = "https://"
UI.warn('Web GUI Started: %s%s:%s' %
(prefix, config.get('gui-host'), config.get('gui-port')))
UI.warn('Web GUI Password: %s' % config.get('server-password'))
app.init(config, cli)
path = "%s/logs/%s" % (os.getcwd(), str(time.strftime("%d-%m-%Y")))
gui_log = "%s/gui.log" % path
if not os.path.exists(path):
os.makedirs(path)
fd = os.open(gui_log, os.O_RDWR | os.O_CREAT)
stderr = 2
websocket.run(app,
host=config.get("gui-host"),
port=port,
log_output=os.dup2(fd, stderr))
def get_cmd_output(self, guid):
for item in self.sql.get_cmd_response(self.config.get('uid')):
print ''
UI.warn('Command output:\n%s' % self.redis.get_output(item[0], item[1])[0])
self.sql.delete_response(item[0], item[2], item[1], item[3])
guid = item[0]
return guid
def start_httpd(config):
ip = config.get("http-host")
try:
port = int(config.get("http-port"))
except:
UI.error("(http-port) HTTP port need to be a integer.", True)
UI.warn("Starting web server on %s port %d" % (ip, port))
try:
server_class = http.server.HTTPServer
factory = HTTPDFactory(config)
httpd_server = server_class((ip, port), factory)
if config.get("https-enabled") == "on":
cert = config.get("https-cert-path")
Utils.file_exists(cert, True)
httpd_server.socket = ssl.wrap_socket(httpd_server.socket,
certfile=cert)
UI.warn("Web server is using HTTPS")
httpd_server.serve_forever()
except Exception as e:
UI.error(
"Server was not able to start (Port already in use?)... Aborting",
True)
def install_dependencies():
UI.warn("Installing dependencies")
if not os.getuid() == 0:
UI.error("root privileges required to install the dependencies")
os.system(
"/usr/bin/apt update && /usr/bin/apt install redis-server mono-mcs python3-tabulate python3-redis python3-flask python3-dev python3-pip python3-gevent -y && /usr/bin/python3 -m pip install flask-socketio"
)
UI.error("Installation completed please restart ThunderShell", True)
def install_dependencies():
UI.warn("Installing dependencies")
if not os.getuid() == 0:
UI.error("root privileges required to install the dependencies")
os.system(
"apt update && apt install mysql-server redis-server mono-dmcs python-tabulate python-mysqldb python-redis -y"
)
UI.error("Installation completed please restart ThunderShell", True)
def get_cmd_output(self, guid):
for item in self.redis.get_active_cli_session_output(self.config.get('uid')):
print('\n')
data = self.redis.get_data(item)
guid = item.split(":")[2]
UI.warn('Command output:\n%s' % data)
self.redis.delete_entry(item)
return guid
def install_dependencies():
UI.warn('Installing dependencies')
if not os.getuid() == 0:
UI.error('root privileges required to install the dependencies')
os.system(
'/usr/bin/apt update && /usr/bin/apt install redis-server mono-dmcs python-tabulate python-redis python-flask python-dev libxml2-dev libxslt-dev python-pip -y && pip install flask-socketIO'
)
UI.error('Installation completed please restart ThunderShell', True)
def gen_encryption_key(self):
install = Utils.file_exists(CONFIG.DEFAULT_INSTALL_PATH, False)
if not install:
UI.warn('Generating new keys')
self.set('encryption-key', Utils.gen_str(24))
self.set('server-password', Utils.gen_str(32))
open(CONFIG.DEFAULT_INSTALL_PATH, 'wb').write('OK')
self.save_config()
self.reload = True
def gen_encryption_key(self):
install = Utils.file_exists(CONFIG.DEFAULT_INSTALL_PATH, False)
if not install:
UI.warn("Generating new keys")
self.set("encryption-key", Utils.gen_str(24))
self.set("server-password", Utils.gen_str(32))
open(CONFIG.DEFAULT_INSTALL_PATH, "w").write("OK")
self.save_config()
self.reload = True
def get_cmd_output(self, guid):
for item in self.redis.get_active_cli_session_output(
self.config.get("uid")):
print("\n")
item = item.decode()
data = self.redis.get_data(item).decode()
guid = item.split(":")[2]
UI.warn("Command output:\n%s" % data)
self.redis.delete_entry(item)
return guid
def install_dependencies(pyver):
UI.warn("Installing dependencies")
if not os.getuid() == 0:
UI.error("root privileges required to install the dependencies")
os.system("/usr/bin/apt update && /usr/bin/apt install redis-server mono-mcs python%s python%s-pip python%s-dev -y" % (pyver, pyver, pyver))
os.system("pip%s install tabulate" % pyver)
os.system("pip%s install redis" % pyver)
os.system("pip%s install flask" % pyver)
os.system("pip%s install flask-socketio" % pyver)
os.system("pip%s install pycrypto" % pyver)
os.system("pip%s install gevent" % pyver)
def get_cmd_send(self):
guid = False
for item in self.redis.get_active_cli_session_cmd(self.config.get('uid')):
print('\n')
data = self.redis.get_data(item)
data = data.split(":")
guid = item.split(":")[2]
UI.warn('%s - Sending command: %s' % (data[0], data[1]))
self.redis.delete_entry(item)
if data[1] == 'exit':
guid = 'exit'
return guid
def start_gui(config, cli):
prefix = "http://"
if config.get("https-enabled") == "on":
prefix = "https://"
UI.warn("Web GUI Started: %s%s:%s" % (prefix, config.get("gui-host"), config.get("gui-port")))
UI.warn("Web GUI Password: %s" % config.get("server-password"))
app.init(config, cli)
server = WSGIServer((config.get("gui-host"), int(config.get("gui-port"))), app, log=None)
server.serve_forever()
def get_cmd_send(self):
guid = False
for item in self.redis.get_active_cli_session_cmd(
self.config.get("uid")):
print("\n")
item = item.decode()
data = self.redis.get_data(item).decode()
data = data.split(":")
guid = item.split(":")[2]
UI.warn("%s - Sending command: %s" % (data[0], data[1]))
self.redis.delete_entry(item)
if data[1] == "exit":
guid = "exit"
return guid
def view_event(self, data):
log_path = Utils.get_arg_at(data, 1, 2)
if log_path == "":
UI.error("Missing arguments")
return
if log_path == "key":
UI.warn("Your encryption key is '%s'" %
self.config.get("encryption-key"))
return
if log_path == "password":
UI.warn("Your server password is '%s'" %
self.config.get("server-password"))
return
if not log_path in ("http", "event", "error"):
UI.error("Invalid path")
return
log_path += ".log"
rows = Utils.get_arg_at(data, 2, 2)
if rows == "":
rows = 10
else:
try:
rows = int(rows)
except:
rows = 10
log_path = Log.get_current_path(log_path)
data = []
if Utils.file_exists(log_path):
for line in open(log_path, "rb").readlines():
data.append(line)
data = list(reversed(data))
print("\nLast %d lines of log\n----------------------\n" % rows)
data = list(data)
for i in range(0, rows):
try:
print data[i]
except:
pass
def check_version():
current = Version.VERSION
request = urllib.request.Request(
"http://thundershell.ringzer0team.com/version.html?%s" % current)
response = urllib.request.urlopen(request).read().strip().decode()
if not response == current:
UI.error(
"Your ThunderShell installation is outdated latest is %s. Your version is %s"
% (response, current), False)
UI.warn("Do you want to exit ThunderShell and update it")
if UI.prompt('Updating (Yes/No)').lower() == 'yes':
os.system("git pull")
UI.error("Installation updated! Please restart ThunderShell",
True)
os._exit(0)
def view_event(self, data):
log_path = Utils.get_arg_at(data, 1, 2)
if log_path == '':
UI.error('Missing arguments')
return
if log_path == 'key':
UI.warn("Your encryption key is '%s'" %
self.config.get('encryption-key'))
return
if log_path == 'password':
UI.warn("Your server password is '%s'" %
self.config.get('server-password'))
return
if not log_path in ('http', 'event', 'error'):
UI.error('Invalid path')
return
log_path += '.log'
rows = Utils.get_arg_at(data, 2, 2)
if rows == '':
rows = 10
else:
try:
rows = int(rows)
except:
rows = 10
log_path = Log.get_current_path(log_path)
data = []
if Utils.file_exists(log_path):
for line in open(log_path, 'rb').readlines():
data.append(line)
data = list(reversed(data))
print '''Last %d lines of log\n----------------------''' % rows
data = list(data)
for i in range(0, rows):
try:
print data[i]
except:
pass
def start_httpd(config):
ip = config.get('http-host')
try:
port = int(config.get('http-port'))
except:
UI.error("(http-port) HTTP port need to be a integer.", True)
UI.warn('Starting web server on %s port %d' % (ip, port))
try:
server_class = BaseHTTPServer.HTTPServer
factory = HTTPDFactory(config)
httpd_server = server_class((ip, port), factory)
if config.get('https-enabled') == 'on':
cert = config.get('https-cert-path')
Utils.file_exists(cert, True)
httpd_server.socket = ssl.wrap_socket(httpd_server.socket, certfile=cert)
UI.success('Web server is using HTTPS')
httpd_server.serve_forever()
except:
UI.error('Server was not able to start (Port already in use?)... Aborting', True)
profile = CONFIG(profile)
config.set("profile", profile)
uid = Utils.guid()
config.set("uid", uid)
config.set("username", "(CLI)%s" % sys.argv[2])
db = RedisQuery(config)
sql = MySQLQuery(config)
sql.install_db().init_uid()
config.set("redis", db)
config.set("mysql", sql)
db.update_config(config).init_sql()
UI.warn("Current Active session UUID is %s" % config.get("uid"))
# Launch the HTTPD daemon
if not "-nohttpd" in sys.argv:
httpd_thread = init_httpd_thread(config)
cli = Cli(config)
while True:
try:
cmd = cli.prompt()
cli.parse_cmd(cmd)
except KeyboardInterrupt as e:
UI.error(
"*** You really want to exit the application? *** (yes/no)")
def output_cli_or_str(self, message):
if self.cli:
UI.warn(message)
return ""
else:
return "[*] %s\n" % message
config = CONFIG(sys.argv[1])
profile = config.get('http-profile')
if not profile == '':
Utils.file_exists(profile, True)
profile = CONFIG(profile)
config.set('profile', profile)
uid = Utils.guid()
config.set('uid', uid)
config.set('username', '%s' % sys.argv[2])
db = RedisQuery(config)
config.set('redis', db)
UI.warn('Current Active CLI session UUID is %s' % config.get('uid'))
cli = Cli(config)
# Launch the GUI
if not '-nogui' in sys.argv:
webui_thread = init_gui_thread(config, cli)
# Launch the HTTPD daemon
if not '-nohttpd' in sys.argv:
httpd_thread = init_httpd_thread(config)
while True:
try:
cmd = cli.prompt()
cli.parse_cmd(cmd)
Utils.file_exists(profile, True)
profile = CONFIG(profile)
config.set('profile', profile)
uid = Utils.guid()
config.set('uid', uid)
config.set('username', '(CLI)%s' % sys.argv[2])
db = RedisQuery(config)
sql = MySQLQuery(config)
sql.install_db().init_uid()
config.set('redis', db)
config.set('mysql', sql)
db.update_config(config).init_sql()
UI.warn('Current Active CLI session UUID is %s' % config.get('uid'))
# Launch the HTTPD daemon
if not '-nohttpd' in sys.argv:
httpd_thread = init_httpd_thread(config)
# Launch the GUI
if not '-nogui' in sys.argv:
if config.get('https-enabled') == 'on':
print('')
UI.warn('Web GUI Started: https://%s:%s' %
(config.get('gui-host'), config.get('gui-port')))
else:
UI.warn('Web GUI Started: http://%s:%s' %
(config.get('gui-host'), config.get('gui-port')))
UI.warn('Web GUI Password: %s\n\n' % config.get('server-password'))
