def command_show(self, *args, **kwargs): info, options = 'info', 'options' sub_command = args[0] if sub_command == info: info = ["name", "description", "targets", "authors", "references"] for i in info: # TODO refactor this. if i in self.module_metadata.keys(): print("\n{}:".format(i.capitalize())) if type(self.module_metadata[i]) is list: for item in self.module_metadata[i]: print("- {}".format(item)) else: print(self.module_metadata[i]) print() elif sub_command == options: target_opts = {'port', 'target'} module_opts = set(self.current_module.options) - target_opts headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info() else: print( "Unknown command 'show {}'. You want to 'show {}' or 'show {}'?" .format(sub_command, info, options))
def command_show(self, *args, **kwargs): info, options = 'info', 'options' sub_command = args[0] if sub_command == info: info = ["name", "description", "targets", "authors", "references"] for i in info: # TODO refactor this. if i in self.module_metadata.keys(): print("\n{}:".format(i.capitalize())) if type(self.module_metadata[i]) is list: for item in self.module_metadata[i]: print("- {}".format(item)) else: print(self.module_metadata[i]) print() elif sub_command == options: target_opts = {'port', 'target'} module_opts = set(self.current_module.options) - target_opts headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info() else: print("Unknown command 'show {}'. You want to 'show {}' or 'show {}'?".format(sub_command, info, options))
def command_show(self, *args, **kwargs): info, options = 'info', 'options' sub_command = args[0] if sub_command == info: utils.pprint_dict_in_order( ("name", "description", "targets", "authors", "references"), self.module_metadata, ) utils.print_info() elif sub_command == options: target_opts = {'port', 'target'} module_opts = set(self.current_module.options) - target_opts headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info() else: print( "Unknown command 'show {}'. You want to 'show {}' or 'show {}'?" .format(sub_command, info, options))
def test_print_table_02(self, mock_print): utils.print_table(["Name", "Value", "Description"], ) self.assertEqual(mock_print.mock_calls, [ mock.call(), mock.call(' Name Value Description '), mock.call(' ---- ----- ----------- '), mock.call() ])
def _show_options(self, *args, **kwargs): target_opts = {'port', 'target'} module_opts = set(self.current_module.options) - target_opts headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info()
def test_print_table_02(self, mock_print): utils.print_table( ["Name", "Value", "Description"], ) self.assertEqual( mock_print.mock_calls, [ mock.call(), mock.call(' Name Value Description '), mock.call(' ---- ----- ----------- '), mock.call() ] )
def _show_options(self, *args, **kwargs): target_opts = ['target', 'port', 'rhost', 'rport', 'lhost', 'lport'] module_opts = [opt for opt in self.current_module.options if opt not in target_opts] headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info()
def test_print_table_01(self, mock_print): utils.print_table(["Name", "Value", "Description"], ('foo', 'bar', 'baz'), (1, 2, 3), ("port", 80, "port number")) self.assertEqual(mock_print.mock_calls, [ mock.call(), mock.call(' Name Value Description '), mock.call(' ---- ----- ----------- '), mock.call(' foo bar baz '), mock.call(' 1 2 3 '), mock.call(' port 80 port number '), mock.call() ])
def _show_options(self, *args, **kwargs): target_opts = ['target', 'port', 'rhost', 'rport', 'lhost', 'lport'] module_opts = [ opt for opt in self.current_module.options if opt not in target_opts ] headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info()
def run(self): self.strings= [] # todo: check if service is up if self.snmp.startswith('file://'): snmp = open(self.snmp[7:], 'r') else: snmp = [self.snmp] collection = LockedIterator(snmp) self.run_threads(self.threads, self.target_function, collection) if len(self.strings): print_success("Credentials found!") headers = tuple(["Community Strings"]) print_table(headers, *self.strings) else: print_error("Valid community strings not found")
def test_print_table_01(self, mock_print): utils.print_table( ["Name", "Value", "Description"], ('foo', 'bar', 'baz'), (1, 2, 3), ("port", 80, "port number") ) self.assertEqual( mock_print.mock_calls, [ mock.call(), mock.call(' Name Value Description '), mock.call(' ---- ----- ----------- '), mock.call(' foo bar baz '), mock.call(' 1 2 3 '), mock.call(' port 80 port number '), mock.call() ] )
def run(self): self.strings = [] print_status("Running module...") # todo: check if service is up if self.snmp.startswith('file://'): snmp = open(self.snmp[7:], 'r') else: snmp = [self.snmp] collection = LockedIterator(snmp) self.run_threads(self.threads, self.target_function, collection) if len(self.strings): print_success("Credentials found!") headers = tuple(["Community Strings"]) print_table(headers, *self.strings) else: print_error("Valid community strings not found")
def command_show(self, *args, **kwargs): info, options, devices = 'info', 'options', 'devices' sub_command = args[0] if sub_command == info: utils.pprint_dict_in_order( self.module_metadata, ("name", "description", "devices", "authors", "references"), ) utils.print_info() elif sub_command == options: target_opts = {'port', 'target'} module_opts = set(self.current_module.options) - target_opts headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info() elif sub_command == devices: if devices in self.current_module._Exploit__info__.keys(): devices = self.current_module._Exploit__info__['devices'] print("\nTarget devices:") i = 0 for device in devices: if isinstance(device, dict): print(" {} - {}".format(i, device['name'])) else: print(" {} - {}".format(i, device)) i += 1 print() else: print("\nTarget devices are not defined") else: print( "Unknown command 'show {}'. You want to 'show {}' or 'show {}'?" .format(sub_command, info, options))
def command_show(self, *args, **kwargs): info, options, devices = 'info', 'options', 'devices' sub_command = args[0] if sub_command == info: utils.pprint_dict_in_order( self.module_metadata, ("name", "description", "devices", "authors", "references"), ) utils.print_info() elif sub_command == options: target_opts = {'port', 'target'} module_opts = set(self.current_module.options) - target_opts headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info() elif sub_command == devices: if devices in self.current_module._Exploit__info__.keys(): devices = self.current_module._Exploit__info__['devices'] print("\nTarget devices:") i = 0 for device in devices: if isinstance(device, dict): print(" {} - {}".format(i, device['name'])) else: print(" {} - {}".format(i, device)) i += 1 print() else: print("\nTarget devices are not defined") else: print("Unknown command 'show {}'. You want to 'show {}' or 'show {}'?".format(sub_command, info, options))
def command_show(self, *args, **kwargs): info, options = 'info', 'options' sub_command = args[0] if sub_command == info: utils.pprint_dict_in_order( self.module_metadata, ("name", "description", "devices", "authors", "references"), ) utils.print_info() elif sub_command == options: target_opts = {'port', 'target'} module_opts = set(self.current_module.options) - target_opts headers = ("Name", "Current settings", "Description") utils.print_info('\nTarget options:') utils.print_table(headers, *self.get_opts(*target_opts)) if module_opts: utils.print_info('\nModule options:') utils.print_table(headers, *self.get_opts(*module_opts)) utils.print_info() else: print("Unknown command 'show {}'. You want to 'show {}' or 'show {}'?".format(sub_command, info, options))
def shell(exploit, architecture="", method="", payloads=None, **params): path = "routersploit/modules/payloads/{}/".format(architecture) payload = None options = [] if not payloads: payloads = [f.split(".")[0] for f in listdir(path) if isfile(join(path, f)) and f.endswith(".py") and f != "__init__.py"] print_info() print_success("Welcome to cmd. Commands are sent to the target via the execute method.") print_status("Depending on the vulnerability, command's results might not be available.") print_status("For further exploitation use 'show payloads' and 'set payload <payload>' commands.") print_info() while 1: while not printer_queue.empty(): pass if payload is None: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 > " else: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format(payload._Exploit__info__['name']) cmd = raw_input(cmd_str) if cmd in ["quit", "exit"]: return elif cmd == "show payloads": print_status("Available payloads:") for payload_name in payloads: print_info("- {}".format(payload_name)) elif cmd.startswith("set payload "): c = cmd.split(" ") if c[2] in payloads: payload_path = path.replace("/", ".") + c[2] payload = getattr(importlib.import_module(payload_path), 'Exploit')() options = [] for option in payload.exploit_attributes.keys(): if option not in ["output", "filepath"]: options.append([option, getattr(payload, option), payload.exploit_attributes[option]]) if payload.handler == "bind_tcp": options.append(["rhost", validators.ipv4(exploit.target), "Target IP address"]) if method == "wget": options.append(["lhost", "", "Connect-back IP address for wget"]) options.append(["lport", 4545, "Connect-back Port for wget"]) else: print_error("Payload not available") elif payload is not None: if cmd == "show options": headers = ("Name", "Current settings", "Description") print_info('\nPayload Options:') print_table(headers, *options) print_info() elif cmd.startswith("set "): c = cmd.split(" ") if len(c) != 3: print_error("set <option> <value>") else: for option in options: if option[0] == c[1]: try: setattr(payload, c[1], c[2]) except Exception: print_error("Invalid value for {}".format(c[1])) break option[1] = c[2] print_success("{'" + c[1] + "': '" + c[2] + "'}") elif cmd == "run": data = payload.generate() if method == "wget": elf_binary = payload.generate_elf(data) communication = Communication(exploit, elf_binary, options, **params) if communication.wget() is False: continue elif method == "echo": elf_binary = payload.generate_elf(data) communication = Communication(exploit, elf_binary, options, **params) communication.echo() elif method == "generic": params['exec_binary'] = data communication = Communication(exploit, "", options, **params) if payload.handler == "bind_tcp": communication.bind_tcp() elif payload.handler == "reverse_tcp": communication.reverse_tcp() elif cmd == "back": payload = None else: print_status("Executing '{}' on the device...".format(cmd)) print_info(exploit.execute(cmd))
def shell(exploit, architecture="", method="", payloads=None, **params): path = "routersploit/modules/payloads/{}/".format(architecture) payload = None options = [] if not payloads: payloads = [ f.split(".")[0] for f in listdir(path) if isfile(join(path, f)) and f.endswith(".py") and f != "__init__.py" ] print_info() print_success( "Welcome to cmd. Commands are sent to the target via the execute method." ) print_status( "Depending on the vulnerability, command's results might not be available." ) print_status( "For further exploitation use 'show payloads' and 'set payload <payload>' commands." ) print_info() while 1: while not printer_queue.empty(): pass if payload is None: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 > " else: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format( payload._Exploit__info__['name']) cmd = raw_input(cmd_str) if cmd in ["quit", "exit"]: return elif cmd == "show payloads": print_status("Available payloads:") for payload_name in payloads: print_info("- {}".format(payload_name)) elif cmd.startswith("set payload "): c = cmd.split(" ") if c[2] in payloads: payload_path = path.replace("/", ".") + c[2] payload = getattr(importlib.import_module(payload_path), 'Exploit')() options = [] for option in payload.exploit_attributes.keys(): if option not in ["output", "filepath"]: options.append([ option, getattr(payload, option), payload.exploit_attributes[option] ]) if payload.handler == "bind_tcp": options.append([ "rhost", validators.ipv4(exploit.target), "Target IP address" ]) if method == "wget": options.append( ["lhost", "", "Connect-back IP address for wget"]) options.append( ["lport", 4545, "Connect-back Port for wget"]) else: print_error("Payload not available") elif payload is not None: if cmd == "show options": headers = ("Name", "Current settings", "Description") print_info('\nPayload Options:') print_table(headers, *options) print_info() elif cmd.startswith("set "): c = cmd.split(" ") if len(c) != 3: print_error("set <option> <value>") else: for option in options: if option[0] == c[1]: try: setattr(payload, c[1], c[2]) except Exception: print_error("Invalid value for {}".format( c[1])) break option[1] = c[2] print_success("{'" + c[1] + "': '" + c[2] + "'}") elif cmd == "run": data = payload.generate() if method == "wget": elf_binary = payload.generate_elf(data) communication = Communication(exploit, elf_binary, options, **params) if communication.wget() is False: continue elif method == "echo": elf_binary = payload.generate_elf(data) communication = Communication(exploit, elf_binary, options, **params) communication.echo() elif method == "generic": params['exec_binary'] = data communication = Communication(exploit, "", options, **params) if payload.handler == "bind_tcp": communication.bind_tcp() elif payload.handler == "reverse_tcp": communication.reverse_tcp() elif cmd == "back": payload = None else: print_status("Executing '{}' on the device...".format(cmd)) print_info(exploit.execute(cmd))