Generating shellcode, will now use -c

Veil-Framework · Jul 6, 2015 · e70b346 · e70b346
1 parent c0933ec
commit e70b346
Show file tree

Hide file tree

Showing 19 changed files with 109 additions and 70 deletions.
diff --git a/modules/common/shellcode.py b/modules/common/shellcode.py
@@ -39,6 +39,8 @@ def __init__(self):
         self.msfvenompayload= ""
         # misc options
         self.options = list()
+        # required options
+        self.required_options = list()
 
         # load up all the metasploit modules available
         self.LoadModules()
@@ -218,7 +220,11 @@ def custShellcodeMenu(self, showTitle=True):
         print '     %s - custom shellcode string' % (helpers.color('2'))
         print '     %s - file with shellcode (raw)\n' % (helpers.color('3'))
 
-        choice = raw_input(" [>] Please %s the number of your choice: " % (helpers.color('enter'))).strip()
+        try:
+            choice = self.required_options['SHELLCODE'][0].lower().strip()
+            print(" [>] Please %s the number of your choice: %s" % (helpers.color('enter'), choice))
+        except:
+            choice = raw_input(" [>] Please %s the number of your choice: " % (helpers.color('enter'))).strip()
 
         if choice == '3':
             # instantiate our completer object for path completion
@@ -257,16 +263,18 @@ def custShellcodeMenu(self, showTitle=True):
             readline.set_completer(None)
 
 
-        if choice == '2':
+        elif choice == '2' or choice == 'string':
             # if the shellcode is specified as a string
             CustomShell = raw_input(" [>] Please enter custom shellcode (one line, no quotes, \\x00.. format): ")
             if len(CustomShell) == 0:
                 print helpers.color(" [!] WARNING: no shellcode specified, defaulting to msfvenom!", warning=True)
             return CustomShell
-        elif choice != '1':
-            print helpers.color(" [!] WARNING: Invalid option chosen, defaulting to msfvenom!", warning=True)
+
+        elif choice == '' or choice == '1' or choice == 'msf' or choice == 'metasploit' or choice == 'msfvenom':
             return None
+
         else:
+            print helpers.color(" [!] WARNING: Invalid option chosen, defaulting to msfvenom!", warning=True)
             return None
 
 
@@ -279,11 +287,17 @@ def menu(self):
 
         payloadSelected = None
         options = None
+        showMessage = False
+        if settings.TERMINAL_CLEAR != "false": showMessage = True
 
         # if no generation method has been selected yet
         if self.msfvenomCommand == "" and self.customshellcode == "":
-            # prompt for custom shellcode
-            customShellcode = self.custShellcodeMenu()
+
+            # show banner?
+            if settings.TERMINAL_CLEAR != "false": showMessage = True
+
+            # prompt for custom shellcode or msfvenom
+            customShellcode = self.custShellcodeMenu(showMessage)
 
             # if custom shellcode is specified, set it
             if customShellcode:
@@ -305,7 +319,13 @@ def menu(self):
 
                     print '\n [*] Press %s for windows/meterpreter/reverse_tcp' % helpers.color('[enter]', yellow=True)
                     print ' [*] Press %s to list available payloads' % helpers.color('[tab]', yellow=True)
-                    payloadSelected = raw_input(' [>] Please %s metasploit payload: ' % (helpers.color('enter'))).strip()
+
+                    try:
+                        payloadSelected = self.required_options['MSF_PAYLOAD'][0]
+                        print ' [>] Please %s metasploit payload: %s' % (helpers.color('enter'), payloadSelected)
+                    except:
+                        payloadSelected = raw_input(' [>] Please enter metasploit payload: ').strip()
+
                     if payloadSelected == "":
                         # default to reverse_tcp for the payload
                         payloadSelected = "windows/meterpreter/reverse_tcp"
@@ -318,6 +338,7 @@ def menu(self):
 
                     except KeyError:
                         # make sure user entered a valid payload
+                        if 'PAYLOAD' in self.required_options: del self.required_options['PAYLOAD']
                         print helpers.color(" [!] ERROR: Invalid payload specified!\n", warning=True)
                         payloadSelected = None
 
@@ -338,8 +359,12 @@ def menu(self):
                         if option == "LHOST":
 
                             # set the completer to fill in the local IP
-                            readline.set_completer(completers.IPCompleter().complete)
-+                           value = raw_input(' [>] %s value for \'LHOST\', %s for local IP: ' % (helpers.color('Enter'), helpers.color('[tab]',yellow=True)))
+                            try:
+                                value = self.required_options['LHOST'][0]
+                                print ' [>] %s value for \'LHOST\', %s for local IP: %s' % (helpers.color('Enter'), helpers.color('[tab]',yellow=True), value)
+                            except:
+                                # set the completer to fill in the local IP
+                                readline.set_completer(completers.IPCompleter().complete)
 
                             if '.' in value:
 
@@ -351,46 +376,57 @@ def menu(self):
 
                                         # do a regex IP validation
                                         if not re.match(r"^(([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])\.){3}([0-9]|[1-9][0-9]|1[0-9]{2}|2[0-4][0-9]|25[0-5])$",value):
+                                            if 'LHOST' in self.required_options: del self.required_options['LHOST']
                                             print helpers.color("\n [!] ERROR: Bad IP address specified.\n", warning=True)
                                             value = ""
 
                                     # otherwise assume we've been passed a domain name
                                     else:
                                         if not helpers.isValidHostname(value):
+                                            if 'LHOST' in self.required_options: del self.required_options['LHOST']
                                             print helpers.color("\n [!] ERROR: Bad hostname specified.\n", warning=True)
                                             value = ""
 
                                 # if we don't have at least one period in the hostname/IP
                                 else:
+                                    if 'LHOST' in self.required_options: del self.required_options['LHOST']
                                     print helpers.color("\n [!] ERROR: Bad IP address or hostname specified.\n", warning=True)
                                     value = ""
 
                             elif ':' in value:
                                 try:
                                     socket.inet_pton(socket.AF_INET6, value)
                                 except socket.error:
+                                    if 'LHOST' in self.required_options: del self.required_options['LHOST']
                                     print helpers.color("\n [!] ERROR: Bad IP address or hostname specified.\n", warning=True)
                                     value = ""
 
                             else:
+                                if 'LHOST' in self.required_options: del self.required_options['LHOST']
                                 print helpers.color("\n [!] ERROR: Bad IP address or hostname specified.\n", warning=True)
                                 value = ""
 
-                        # LPORT validation
-                        else:
-
-                            # set the completer to fill in the default MSF port (4444)
-                            readline.set_completer(completers.MSFPortCompleter().complete)
-                            value = raw_input(' [>] %s value for \'' + option + '\': ' % (helpers.color('Enter')))
-
-                            if option == "LPORT":
-                                try:
-                                    if int(value) <= 0 or int(value) >= 65535:
-                                        print helpers.color(" [!] ERROR: Bad port number specified.\n", warning=True)
-                                        value = ""
-                                except ValueError:
+                        elif option == "LPORT":
+                            try:
+                                value = self.required_options['LPORT'][0]
+                                print ' [>] %s value for \'LPORT\': %s' % (helpers.color('Enter'), value)
+                            except:
+                                # set the completer to fill in the default MSF port (4444)
+                                readline.set_completer(completers.MSFPortCompleter().complete)
+                                value = raw_input(' [>] %s value for \'LPORT\': ' % (helpers.color('Enter')))
+
+                            try:
+                                if int(value) <= 0 or int(value) >= 65535:
                                     print helpers.color(" [!] ERROR: Bad port number specified.\n", warning=True)
+                                    if 'LPORT' in self.required_options: del self.required_options['LPORT']
                                     value = ""
+                            except ValueError:
+                                print helpers.color(" [!] ERROR: Bad port number specified.\n", warning=True)
+                                if 'LPORT' in self.required_options: del self.required_options['LPORT']
+                                value = ""
+
+                        else:
+                            value = raw_input(' [>] %s value for \'' + option + '\': ' % (helpers.color('Enter')))
 
                     # append all the msfvenom options
                     self.msfvenomOptions.append(option + "=" + value)
@@ -407,7 +443,8 @@ def menu(self):
                             if xtra_opt is not '':
                                 final_opt = xtra_opt.split('=')[0] + " " + xtra_opt.split('=')[1]
                                 extraValues.append(final_opt)
-                    else: break
+                    else:
+                        break
 
                 # grab any specified msfvenom options in the /etc/veil/settings.py file
                 msfvenomOptions = ""
@@ -425,7 +462,7 @@ def menu(self):
                 self.msfvenomCommand += " -b \'\\x00\\x0a\\xff\' -f c | tr -d \'\"\' | tr -d \'\n\'"
 
 
-    def generate(self):
+    def generate(self, required_options=None):
         """
         Based on the options set by menu(), setCustomShellcode() or SetPayload()
         either returns the custom shellcode string or calls msfvenom
@@ -434,6 +471,8 @@ def generate(self):
         Returns the shellcode string for this object.
         """
 
+        self.required_options = required_options
+
         # if the msfvenom command nor shellcode are set, revert to the
         # interactive menu to set any options
         if self.msfvenomCommand == "" and self.customshellcode == "":

diff --git a/modules/payloads/c/shellcode_inject/flatc.py b/modules/payloads/c/shellcode_inject/flatc.py
@@ -32,7 +32,7 @@ def __init__(self):
     def generate(self):
 
         # Generate Shellcode Using msfvenom
-        Shellcode = self.shellcode.generate()
+        Shellcode = self.shellcode.generate(self.required_options)
 
         # Generate Random Variable Names
         RandShellcode = helpers.randomString()

diff --git a/modules/payloads/cs/shellcode_inject/base64_substitution.py b/modules/payloads/cs/shellcode_inject/base64_substitution.py
@@ -32,7 +32,7 @@ def __init__(self):
 
     def generate(self):
 
-        Shellcode = self.shellcode.generate()
+        Shellcode = self.shellcode.generate(self.required_options)
 
         # the 'key' is a randomized alpha lookup table [a-zA-Z] used for substitution
         key = ''.join(sorted(list(string.ascii_letters), key=lambda *args: random.random()))

diff --git a/modules/payloads/cs/shellcode_inject/virtual.py b/modules/payloads/cs/shellcode_inject/virtual.py
@@ -33,7 +33,7 @@ def __init__(self):
 
     def generate(self):
 
-        Shellcode = self.shellcode.generate()
+        Shellcode = self.shellcode.generate(self.required_options)
         Shellcode = "0" + ",0".join(Shellcode.split("\\")[1:])
 
         # randomize all our variable names, yo'

diff --git a/modules/payloads/go/shellcode_inject/virtual.py b/modules/payloads/go/shellcode_inject/virtual.py
@@ -26,7 +26,7 @@ def __init__(self):
         self.shellcode = shellcode.Shellcode()
 
     def generate(self):
-        Shellcode = self.shellcode.generate()
+        Shellcode = self.shellcode.generate(self.required_options)
         # randomly generate out variable names
         memCommit = helpers.randomString()
         memReserve = helpers.randomString()

diff --git a/modules/payloads/native/backdoor_factory.py b/modules/payloads/native/backdoor_factory.py
@@ -68,7 +68,7 @@ def generate(self):
 
         if self.required_options['PAYLOAD'][0] == "custom":
 
-            Shellcode = self.shellcode.generate()
+            Shellcode = self.shellcode.generate(self.required_options)
 
             raw = Shellcode.decode("string_escape")
             with open(settings.TEMP_DIR + "shellcode.raw", 'wb') as f:

diff --git a/modules/payloads/powershell/shellcode_inject/download_virtual.py b/modules/payloads/powershell/shellcode_inject/download_virtual.py
@@ -37,7 +37,7 @@ def __init__(self):
 
     def generate(self):
 
-        Shellcode = self.shellcode.generate()
+        Shellcode = self.shellcode.generate(self.required_options)
         Shellcode = ",0".join(Shellcode.split("\\"))[1:]
 
         baseString = """$c = @"

diff --git a/modules/payloads/powershell/shellcode_inject/psexec_virtual.py b/modules/payloads/powershell/shellcode_inject/psexec_virtual.py
@@ -28,7 +28,7 @@ def __init__(self):
 
     def psRaw(self):
 
-        Shellcode = self.shellcode.generate()
+        Shellcode = self.shellcode.generate(self.required_options)
         Shellcode = ",0".join(Shellcode.split("\\"))[1:]
 
         baseString = """$c = @"

diff --git a/modules/payloads/powershell/shellcode_inject/virtual.py b/modules/payloads/powershell/shellcode_inject/virtual.py
@@ -28,7 +28,7 @@ def __init__(self):
 
     def psRaw(self):
 
-        Shellcode = self.shellcode.generate()
+        Shellcode = self.shellcode.generate(self.required_options)
         Shellcode = ",0".join(Shellcode.split("\\"))[1:]
 
         baseString = """$c = @"

diff --git a/modules/payloads/python/shellcode_inject/aes_encrypt.py b/modules/payloads/python/shellcode_inject/aes_encrypt.py
@@ -48,7 +48,7 @@ def generate(self):
             if self.required_options["EXPIRE_PAYLOAD"][0].lower() == "x":
 
                 # Generate Shellcode Using msfvenom
-                Shellcode = self.shellcode.generate()
+                Shellcode = self.shellcode.generate(self.required_options)
 
                 # Generate Random Variable Names
                 ShellcodeVariableName = helpers.randomString()
@@ -92,7 +92,7 @@ def generate(self):
                 expiredate = str(todaysdate + timedelta(days=int(self.required_options["EXPIRE_PAYLOAD"][0])))
 
                 # Generate Shellcode Using msfvenom
-                Shellcode = self.shellcode.generate()
+                Shellcode = self.shellcode.generate(self.required_options)
 
                 # Generate Random Variable Names
                 ShellcodeVariableName = helpers.randomString()
@@ -141,7 +141,7 @@ def generate(self):
 
 
                 # Generate Shellcode Using msfvenom
-                Shellcode = self.shellcode.generate()
+                Shellcode = self.shellcode.generate(self.required_options)
 
                 # Generate Random Variable Names
                 ShellcodeVariableName = helpers.randomString()
@@ -188,7 +188,7 @@ def generate(self):
                 expiredate = str(todaysdate + timedelta(days=int(self.required_options["EXPIRE_PAYLOAD"][0])))
 
                 # Generate Shellcode Using msfvenom
-                Shellcode = self.shellcode.generate()
+                Shellcode = self.shellcode.generate(self.required_options)
 
                 # Generate Random Variable Names
                 ShellcodeVariableName = helpers.randomString()
@@ -238,7 +238,7 @@ def generate(self):
             if self.required_options["EXPIRE_PAYLOAD"][0].lower() == "x":
 
                 # Generate Shellcode Using msfvenom
-                Shellcode = self.shellcode.generate()
+                Shellcode = self.shellcode.generate(self.required_options)
 
                 # Generate Random Variable Names
                 ShellcodeVariableName = helpers.randomString()
@@ -282,7 +282,7 @@ def generate(self):
                 expiredate = str(todaysdate + timedelta(days=int(self.required_options["EXPIRE_PAYLOAD"][0])))
 
                 # Generate Shellcode Using msfvenom
-                Shellcode = self.shellcode.generate()
+                Shellcode = self.shellcode.generate(self.required_options)
 
                 # Generate Random Variable Names
                 ShellcodeVariableName = helpers.randomString()

diff --git a/modules/payloads/python/shellcode_inject/aes_encrypt_HTTPKEY_Request.py b/modules/payloads/python/shellcode_inject/aes_encrypt_HTTPKEY_Request.py
@@ -72,7 +72,7 @@ def generate(self):
 
 
                 # Generate Shellcode Using msfvenom
-                Shellcode = self.shellcode.generate()
+                Shellcode = self.shellcode.generate(self.required_options)
 
                 # Generate Random Variable Names
                 ShellcodeVariableName = helpers.randomString()
@@ -200,7 +200,7 @@ def generate(self):
                 target_html_file = str(TARGET_SERVER.split('/')[-1])
 
                 # Generate Shellcode Using msfvenom
-                Shellcode = self.shellcode.generate()
+                Shellcode = self.shellcode.generate(self.required_options)
 
                 # Generate Random Variable Names
                 ShellcodeVariableName = helpers.randomString()
@@ -332,7 +332,7 @@ def generate(self):
                 TARGET_SERVER = str(self.required_options["TARGET_SERVER"][0])
                 target_html_file = str(TARGET_SERVER.split('/')[-1])
                 # Generate Shellcode Using msfvenom
-                Shellcode = self.shellcode.generate()
+                Shellcode = self.shellcode.generate(self.required_options)
 
                 # Generate Random Variable Names
                 ShellcodeVariableName = helpers.randomString()