From ee619a343a641cda72c24bcbe4bc261b292360c2 Mon Sep 17 00:00:00 2001 From: Ivan Nikolsky Date: Fri, 27 Oct 2023 05:50:21 +0100 Subject: [PATCH 01/10] Add files via upload --- hatsploit/core/base/io.py | 4 ++-- hatsploit/core/db/builder.py | 8 ++++---- hatsploit/encoders/generic/base64.py | 2 +- hatsploit/encoders/x64/xor.py | 2 +- 4 files changed, 8 insertions(+), 8 deletions(-) diff --git a/hatsploit/core/base/io.py b/hatsploit/core/base/io.py index 51736bba9..bf2394172 100755 --- a/hatsploit/core/base/io.py +++ b/hatsploit/core/base/io.py @@ -64,7 +64,7 @@ def print(self, message: str = '', start: str = '%remove', end: str = '%newline' :return None: None """ - line = self.color_script.parse(start + message + end) + line = self.color_script.parse(str(start) + str(message) + str(end)) use_log = self.local_storage.get("log") sys.stdout.write(line) @@ -89,7 +89,7 @@ def input(self, message: str = '', start: str = '%remove%end', end: str = '%end' :return list: read string separated by space and commas """ - message = start + message + end + message = str(start) + str(message) + str(end) if patch: message = self.color_script.libreadline(message) diff --git a/hatsploit/core/db/builder.py b/hatsploit/core/db/builder.py index 0a6a051c7..03d2f5854 100755 --- a/hatsploit/core/db/builder.py +++ b/hatsploit/core/db/builder.py @@ -137,7 +137,7 @@ def build_encoder_database(self, input_path: str, output_path: str) -> None: "Encoder": encoder_object.details['Encoder'], "Authors": encoder_object.details['Authors'], "Description": encoder_object.details['Description'], - "Arch": encoder_object.details['Arch'], + "Arch": str(encoder_object.details['Arch']), } }) @@ -178,8 +178,8 @@ def build_payload_database(self, input_path: str, output_path: str) -> None: "Payload": payload_object.details['Payload'], "Authors": payload_object.details['Authors'], "Description": payload_object.details['Description'], - "Arch": payload_object.details['Arch'], - "Platform": payload_object.details['Platform'], + "Arch": str(payload_object.details['Arch']), + "Platform": str(payload_object.details['Platform']), "Rank": payload_object.details['Rank'], "Type": payload_object.details['Type'], } @@ -223,7 +223,7 @@ def build_module_database(self, input_path: str, output_path: str) -> None: "Module": module_object.details['Module'], "Authors": module_object.details['Authors'], "Description": module_object.details['Description'], - "Platform": module_object.details['Platform'], + "Platform": str(module_object.details['Platform']), "Rank": module_object.details['Rank'], } }) diff --git a/hatsploit/encoders/generic/base64.py b/hatsploit/encoders/generic/base64.py index d93d5db4e..f4d85eb1c 100755 --- a/hatsploit/encoders/generic/base64.py +++ b/hatsploit/encoders/generic/base64.py @@ -19,7 +19,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - encoder developer', ], 'Description': "Encode command with base64.", - 'Arch': "generic", + 'Arch': ARCH_GENERIC, }) self.shell = Option("$SHELL", "Shell to execute.", True) diff --git a/hatsploit/encoders/x64/xor.py b/hatsploit/encoders/x64/xor.py index a2823c7ef..e8604293d 100755 --- a/hatsploit/encoders/x64/xor.py +++ b/hatsploit/encoders/x64/xor.py @@ -20,7 +20,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - encoder developer', ], 'Description': "Simple XOR encoder for x64.", - 'Arch': "x64", + 'Arch': ARCH_X64, }) self.key = Option("hatspl64", "8-byte key to encode.", True) From 0f9b791d54a62623169608bc465a424b1c51f764 Mon Sep 17 00:00:00 2001 From: Ivan Nikolsky Date: Fri, 27 Oct 2023 05:51:30 +0100 Subject: [PATCH 02/10] Add files via upload --- hatsploit/lib/complex.py | 12 +- hatsploit/lib/encoder/__init__.py | 2 +- hatsploit/lib/encoder/basic.py | 2 + hatsploit/lib/encoders.py | 2 +- hatsploit/lib/handler/__init__.py | 4 +- hatsploit/lib/handler/misc.py | 4 +- hatsploit/lib/handler/send.py | 110 +++++++++-------- hatsploit/lib/module/__init__.py | 2 +- hatsploit/lib/module/basic.py | 4 + hatsploit/lib/option.py | 38 ++---- hatsploit/lib/payload/__init__.py | 4 +- hatsploit/lib/payload/basic.py | 4 + hatsploit/lib/payloads.py | 49 +++----- hatsploit/lib/session/__init__.py | 113 ++++++++++++++++++ hatsploit/lib/session/basic.py | 26 ++++ hatsploit/lib/sessions.py | 18 ++- hatsploit/lib/show.py | 2 +- .../linux/aarch64/shell_reverse_tcp.py | 4 +- hatsploit/payloads/linux/armle/fork_bomb.py | 4 +- .../payloads/linux/armle/shell_bind_tcp.py | 4 +- .../payloads/linux/armle/shell_reverse_tcp.py | 4 +- hatsploit/payloads/linux/generic/fork_bomb.py | 4 +- hatsploit/payloads/linux/mipsbe/reboot.py | 4 +- .../payloads/linux/mipsbe/shell_bind_tcp.py | 4 +- .../linux/mipsbe/shell_reverse_tcp.py | 4 +- hatsploit/payloads/linux/mipsle/reboot.py | 4 +- .../payloads/linux/mipsle/shell_bind_tcp.py | 4 +- .../linux/mipsle/shell_reverse_tcp.py | 4 +- hatsploit/payloads/linux/x64/fork_bomb.py | 4 +- hatsploit/payloads/linux/x64/kill_all.py | 4 +- hatsploit/payloads/linux/x64/reboot.py | 4 +- .../payloads/linux/x64/shell_bind_tcp.py | 4 +- .../payloads/linux/x64/shell_reverse_tcp.py | 4 +- hatsploit/payloads/linux/x64/shutdown.py | 4 +- .../payloads/linux/x86/shell_bind_tcp.py | 4 +- .../payloads/linux/x86/shell_reverse_tcp.py | 4 +- .../macos/generic/applescript_reverse_tcp.py | 4 +- hatsploit/payloads/macos/x64/say.py | 4 +- .../payloads/macos/x64/shell_bind_tcp.py | 4 +- .../payloads/macos/x64/shell_reverse_tcp.py | 4 +- .../payloads/unix/generic/bash_reverse_tcp.py | 4 +- .../payloads/unix/generic/ksh_reverse_tcp.py | 4 +- .../unix/generic/netcat_reverse_tcp.py | 4 +- .../unix/generic/netcate_reverse_tcp.py | 4 +- .../payloads/unix/generic/perl_reverse_tcp.py | 4 +- .../payloads/unix/generic/php_reverse_tcp.py | 4 +- hatsploit/payloads/unix/generic/reboot.py | 4 +- .../payloads/unix/generic/ruby_reverse_tcp.py | 4 +- .../payloads/unix/generic/zsh_bind_tcp.py | 4 +- .../payloads/unix/generic/zsh_reverse_tcp.py | 4 +- hatsploit/payloads/windows/generic/calc.py | 4 +- .../payloads/windows/generic/message_box.py | 4 +- .../windows/generic/powershell_reverse_tcp.py | 4 +- hatsploit/payloads/windows/generic/say.py | 4 +- .../payloads/windows/x64/shell_reverse_tcp.py | 4 +- .../payloads/windows/x86/shell_reverse_tcp.py | 4 +- 56 files changed, 340 insertions(+), 212 deletions(-) create mode 100644 hatsploit/lib/session/__init__.py create mode 100644 hatsploit/lib/session/basic.py diff --git a/hatsploit/lib/complex.py b/hatsploit/lib/complex.py index ee665c0e6..81740a546 100644 --- a/hatsploit/lib/complex.py +++ b/hatsploit/lib/complex.py @@ -22,7 +22,7 @@ SOFTWARE. """ -from hatsploit.lib.option import OptionResolver +from hatsploit.lib.option import Option from hatsploit.lib.modules import Modules from hatsploit.lib.payloads import Payloads @@ -30,7 +30,7 @@ from hatsploit.lib.sessions import Sessions -class PayloadOption(OptionResolver): +class PayloadOption(Option): modules = Modules() payloads = Payloads() @@ -57,7 +57,7 @@ def set(self, value): raise RuntimeError("Invalid option value, expected valid payload!") -class EncoderOption(OptionResolver): +class EncoderOption(Option): modules = Modules() payloads = Payloads() encoders = Encoders() @@ -87,9 +87,9 @@ def set(self, value): raise RuntimeError("Invalid option value, expected valid encoder!") -class SessionOption(OptionResolver): +class SessionOption(Option): def __init__(self, *args, platforms: list = [], type: str = '', **kwargs): - super(OptionResolver, self).__init__(*args, **kwargs) + Option.__init__(self, *args, **kwargs) self.sessions = Sessions() self.modules = Modules() @@ -111,7 +111,7 @@ def set(self, value): session = 0 for platform in self.platforms: - if self.sessions.check_exist(value, platform.strip(), self.type): + if self.sessions.check_exist(value, platform, self.type): session = 1 break diff --git a/hatsploit/lib/encoder/__init__.py b/hatsploit/lib/encoder/__init__.py index d4d253c43..ad813d49a 100644 --- a/hatsploit/lib/encoder/__init__.py +++ b/hatsploit/lib/encoder/__init__.py @@ -46,7 +46,7 @@ def __init__(self) -> None: '' ], 'Description': "", - 'Arch': "" + 'Arch': None } self.iterations = IntegerOption(1, "Number of iterations.", False, True) diff --git a/hatsploit/lib/encoder/basic.py b/hatsploit/lib/encoder/basic.py index 0e232fade..3abd89bec 100644 --- a/hatsploit/lib/encoder/basic.py +++ b/hatsploit/lib/encoder/basic.py @@ -23,4 +23,6 @@ """ from hatsploit.lib.encoder import Encoder + +from pex.arch.types import * from hatsploit.lib.option import * diff --git a/hatsploit/lib/encoders.py b/hatsploit/lib/encoders.py index 8fd2e7a64..5c92ed645 100755 --- a/hatsploit/lib/encoders.py +++ b/hatsploit/lib/encoders.py @@ -294,7 +294,7 @@ def validate_options(encoder: Encoder) -> list: for option in encoder.options: validate = encoder.options[option] - if not validate['Value'] and validate['Value'] != 0 and validate['Required']: + if validate['Value'] is None and validate['Required']: missed.append(option) return missed diff --git a/hatsploit/lib/handler/__init__.py b/hatsploit/lib/handler/__init__.py index 6e3677e4a..014fb8db5 100755 --- a/hatsploit/lib/handler/__init__.py +++ b/hatsploit/lib/handler/__init__.py @@ -99,8 +99,8 @@ def open_session(self, session: Session, :return None: None """ - platform = session.details['Platform'] - arch = session.details['Arch'] + platform = str(session.details['Platform']) + arch = str(session.details['Arch']) type = session.details['Type'] host = session.details['Host'] port = session.details['Port'] diff --git a/hatsploit/lib/handler/misc.py b/hatsploit/lib/handler/misc.py index a3634972c..f802458ab 100755 --- a/hatsploit/lib/handler/misc.py +++ b/hatsploit/lib/handler/misc.py @@ -57,7 +57,7 @@ def download(self, remote_file, local_path): self.print_process(f"Downloading {remote_file}...") data = self.pull( - platform=self.details['Platform'], + platform=str(self.details['Platform']), sender=self.channel.send_command, location=remote_file, ) @@ -77,7 +77,7 @@ def upload(self, local_file, remote_path): if data: remote_path = self.push( - platform=self.details['Platform'], + platform=str(self.details['Platform']), sender=self.send_command, data=data, location=remote_path, diff --git a/hatsploit/lib/handler/send.py b/hatsploit/lib/handler/send.py index 7606f3165..e7fa5fb36 100644 --- a/hatsploit/lib/handler/send.py +++ b/hatsploit/lib/handler/send.py @@ -25,8 +25,10 @@ import socket from typing import Optional, Tuple, Union + from hatsploit.lib.option import * +from pex.platform.types import Platform from pex.post import Post, PostTools from hatsploit.lib.session import Session @@ -110,13 +112,13 @@ def handle_session(self, host: str, port: int, type: str = 'one_side', timeout: raise RuntimeWarning("Payload sent, but not session was opened.") def send_implant(self, payload: Payload, implant: bytes, - client: socket.socket, size: Optional[int] = None) -> None: + client: socket.socket, send_length: bool = False) -> None: """ Send implant available in the payload with available phases. :param Payload payload: payload :param bytes implant: implant that should be sent :param socket.socket client: primary socket pipe - :param int size: None if does not require sending size else size encoding + :param bool send_length: send length of the implant to the phase :return None: None """ @@ -126,16 +128,21 @@ def send_implant(self, payload: Payload, implant: bytes, if not hasattr(payload, 'phase'): self.badges.print_process(f"Sending payload ({str(len(implant))} bytes)...") - if size: - client.send(len(implant).to_bytes(size, 'little')) + if send_length: + self.badges.print_process(f"Firstly sending payload length...") + client.send(len(implant).to_bytes( + 4, payload.details['Arch'].endian)) + client.send(implant) return phase = payload.phase() - if size: - client.send(len(phase).to_bytes(size, 'little')) + if send_length: + client.send(len(phase).to_bytes( + 4, payload.details['Arch'].endian)) + client.send(phase) step = 1 @@ -183,8 +190,8 @@ def shell_payload(self, payload: Payload, host: str, port: int, else: arguments = '' - platform = payload.details['Platform'] - arch = payload.details['Arch'] + platform = str(payload.details['Platform']) + arch = str(payload.details['Arch']) type = payload.details['Type'] main = self.payloads.run_payload(payload, encoder) @@ -192,25 +199,28 @@ def shell_payload(self, payload: Payload, host: str, port: int, if len(main) >= space and type != 'one_side' and hasattr(payload, 'implant'): implant = payload.implant() - if type == 'bind_tcp': - phase, send_size = self.pawn.get_pawn( - module=platform + '/' + arch + '/' + type, - platform=platform, - arch=arch, - port=payload.rport.value, - length=len(implant), - ) - else: - phase, send_size = self.pawn.get_pawn( - module=platform + '/' + arch + '/' + type, - platform=platform, - arch=arch, - host=payload.rhost.value, - port=payload.rport.value, - length=len(implant), - ) + module = self.pawn.get_pawn( + module='/'.join([platform, arch, type]), + platform=platform, + arch=arch, + type=type + ) + + if module: + if type == 'bind_tcp': + module.set('port', payload.rport.value) + else: + module.set('host', payload.rhost.value) + module.set('port', payload.rport.value) + + send_length = True - if phase: + if 'Length' in module.options: + if module.options['Length']['Required']: + module.set('length', len(implant)) + send_length = False + + phase = self.pawn.run_pawn(module) phase = self.payloads.pack_payload(phase, platform, arch) self.badges.print_process(f"Sending payload phase ({str(len(phase))} bytes)...") @@ -224,7 +234,7 @@ def shell_payload(self, payload: Payload, host: str, port: int, client, host = self.handle_session( host=host, port=port, type=type) - self.send_implant(payload, implant, client, send_size) + self.send_implant(payload, implant, client, send_length) return client, host @@ -270,8 +280,8 @@ def memory_payload(self, payload: Payload, host: str, port: int, if not host and not port: raise RuntimeError("Host and port were not found for payload!") - platform = payload.details['Platform'] - arch = payload.details['Arch'] + platform = str(payload.details['Platform']) + arch = str(payload.details['Arch']) type = payload.details['Type'] main = self.payloads.run_payload(payload, encoder) @@ -279,25 +289,29 @@ def memory_payload(self, payload: Payload, host: str, port: int, if len(main) >= space and type != 'one_side' and hasattr(payload, 'implant'): implant = payload.implant() - if type == 'bind_tcp': - phase, send_size = self.pawn.get_pawn( - module=platform + '/' + arch + '/' + type, - platform=platform, - arch=arch, - port=payload.rport.value, - length=len(implant), - ) - else: - phase, send_size = self.pawn.get_pawn( - module=platform + '/' + arch + '/' + type, - platform=platform, - arch=arch, - host=payload.rhost.value, - port=payload.rport.value, - length=len(implant), - ) + module = self.pawn.get_pawn( + module='/'.join([platform, arch, type]), + platform=platform, + arch=arch, + type=type + ) + + if module: + if type == 'bind_tcp': + module.set('port', payload.rport.value) + else: + module.set('host', payload.rhost.value) + module.set('port', payload.rport.value) + + send_length = True + + if 'Length' in module.options: + if module.options['Length']['Required']: + module.set('length', len(implant)) + send_length = False + + phase = self.pawn.run_pawn(module) - if phase: self.badges.print_process(f"Sending payload phase ({str(len(phase))} bytes)...") self.post_tools.post_payload( payload=phase, @@ -307,7 +321,7 @@ def memory_payload(self, payload: Payload, host: str, port: int, client, host = self.handle_session( host=host, port=port, type=type) - self.send_implant(payload, implant, client, send_size) + self.send_implant(payload, implant, client, send_length) return client, host diff --git a/hatsploit/lib/module/__init__.py b/hatsploit/lib/module/__init__.py index d86983334..2949c2321 100644 --- a/hatsploit/lib/module/__init__.py +++ b/hatsploit/lib/module/__init__.py @@ -45,7 +45,7 @@ def __init__(self) -> None: '' ], 'Description': "", - 'Platform': "", + 'Platform': None, 'Rank': "" } diff --git a/hatsploit/lib/module/basic.py b/hatsploit/lib/module/basic.py index 7d172900b..b9c2dc4f1 100644 --- a/hatsploit/lib/module/basic.py +++ b/hatsploit/lib/module/basic.py @@ -24,5 +24,9 @@ from hatsploit.lib.module import Module from hatsploit.lib.handler import Handler, HatSploitSession + +from pex.platform.types import * +from pex.arch.types import * + from hatsploit.lib.option import * from hatsploit.lib.complex import * diff --git a/hatsploit/lib/option.py b/hatsploit/lib/option.py index 46bcc9bce..553b575b5 100644 --- a/hatsploit/lib/option.py +++ b/hatsploit/lib/option.py @@ -28,24 +28,12 @@ from hatsploit.lib.options import Option -class OptionResolver(Option): - """ Subclass of hatsploit.lib module. - - This subclass of hatsploit.lib module is a wrapper for Option - implementation which extends basic class allowing to call external - methods like Modules, Payloads, Encoders or Sessions. - """ - - def __init__(self, *args, **kwargs): - Option.__init__(self, *args, **kwargs) - - -class BytesOption(OptionResolver): +class BytesOption(Option): def set(self, value): self.value = bytes.fromhex(value.replace('\\x', '')) -class IPv4Option(OptionResolver): +class IPv4Option(Option): def set(self, value): self.check('IPv4', Type().types['ipv4'], value) self.value = value @@ -54,37 +42,37 @@ def set(self, value): self.big = Socket().pack_host(self.value, 'big') -class IPv6Option(OptionResolver): +class IPv6Option(Option): def set(self, value): self.check('IPv6', Type().types['ipv6'], value) self.value = value -class IPOption(OptionResolver): +class IPOption(Option): def set(self, value): self.check('IP', Type().types['ip'], value) self.value = value -class MACOption(OptionResolver): +class MACOption(Option): def set(self, value): self.check('MAC', Type().types['mac'], value) self.value = value -class IPv4CIDROption(OptionResolver): +class IPv4CIDROption(Option): def set(self, value): self.check('IPv4 CIDR', Type().types['ipv4_cidr'], value) self.value = value -class IPv6CIDROption(OptionResolver): +class IPv6CIDROption(Option): def set(self, value): self.check('IPv6 CIDR', Type().types['ipv6_cidr'], value) self.value = value -class PortOption(OptionResolver): +class PortOption(Option): def set(self, value): self.check('port', Type().types['port'], value) self.value = int(value) @@ -93,31 +81,31 @@ def set(self, value): self.big = Socket().pack_port(self.value, 'big') -class PortRangeOption(OptionResolver): +class PortRangeOption(Option): def set(self, value): self.check('port range', Type().types['port_range'], value) self.value = value -class NumberOption(OptionResolver): +class NumberOption(Option): def set(self, value): self.check('number', Type().types['number'], value) self.value = value -class IntegerOption(OptionResolver): +class IntegerOption(Option): def set(self, value): self.check('integer', Type().types['integer'], value) self.value = int(value) -class FloatOption(OptionResolver): +class FloatOption(Option): def set(self, value): self.check('float', Type().types['float'], value) self.value = float(value) -class BooleanOption(OptionResolver): +class BooleanOption(Option): def set(self, value): self.check('boolean', Type().types['boolean'], value) diff --git a/hatsploit/lib/payload/__init__.py b/hatsploit/lib/payload/__init__.py index 40132f57d..4710706da 100644 --- a/hatsploit/lib/payload/__init__.py +++ b/hatsploit/lib/payload/__init__.py @@ -46,8 +46,8 @@ def __init__(self) -> None: '' ], 'Description': "", - 'Arch': "", - 'Platform': "", + 'Arch': None, + 'Platform': None, 'Session': None, 'Rank': "", 'Type': "" diff --git a/hatsploit/lib/payload/basic.py b/hatsploit/lib/payload/basic.py index 393ec3554..473e0452f 100644 --- a/hatsploit/lib/payload/basic.py +++ b/hatsploit/lib/payload/basic.py @@ -24,4 +24,8 @@ from hatsploit.lib.payload import Payload from hatsploit.lib.handler import Handler + +from pex.arch.types import * +from pex.platform.types import * + from hatsploit.lib.option import * diff --git a/hatsploit/lib/payloads.py b/hatsploit/lib/payloads.py index a8c33d5a9..5ba4ed644 100755 --- a/hatsploit/lib/payloads.py +++ b/hatsploit/lib/payloads.py @@ -27,6 +27,9 @@ from typing import Union, Any, Optional +from pex.platform.types import Platform +from pex.arch.types import Arch + from hatsploit.core.db.importer import Importer from hatsploit.lib.payload import Payload @@ -263,18 +266,16 @@ def check_module_compatible(self, payload: str, module: Module) -> bool: if payload: if 'Payload' in module.details: types = module.details['Payload'].get('Types', None) + platforms = module.details['Payload'].get('Platforms', None) + arches = module.details['Payload'].get('Arches', None) if types and payload['Type'] not in types: return False - platforms = module.details['Payload'].get('Platforms', None) - - if platforms and payload['Platform'] not in platforms: + if platforms and not any(payload['Platform'] == platform for platform in platforms): return False - arches = module.details['Payload'].get('Arches', None) - - if arches and payload['Arch'] not in arches: + if arches and not any(payload['Arch'] == arch for arch in arches): return False return True @@ -305,7 +306,8 @@ def set_option_value(self, payload: Payload, option: str, value: Optional[str] = return self.options.set_option(payload, option, value) - def generate_payload(self, payload: str, options: dict = {}, encoder: Optional[str] = None, implant: bool = False) -> Any: + def generate_payload(self, payload: str, options: dict = {}, encoder: Optional[str] = None, + implant: bool = False) -> Any: """ Generate payload using specific payload and encoder. :param str payload: payload name @@ -330,39 +332,18 @@ def generate_payload(self, payload: str, options: dict = {}, encoder: Optional[s return self.run_payload(payload, encoder, implant) - def pack_payload(self, payload: bytes, platform: str, arch: str, file_format: Optional[str] = None) -> bytes: + def pack_payload(self, payload: bytes, platform: Platform, arch: Arch, file_format: Optional[str] = None) -> bytes: """ Pack payload in the CPU executable. :param bytes payload: payload in bytes - :param str platform: platform to pack executable for - :param str arch: architecture to pack executable for + :param Platform platform: platform to pack executable for + :param Arch arch: architecture to pack executable for :param Optional[str] file_format: file format to pack for :return bytes: CPU executable """ - formats = self.types.formats - - if file_format: - if file_format in formats: - if platform in formats[file_format]: - return self.hatvenom.generate(file_format, arch, payload) - - raise RuntimeError(f"File format {file_format} is not suitable for {platform}!") - raise RuntimeError(f"File format {file_format} is unrecognized!") - - if platform in self.types.platforms['xnu']: - file_format = 'macho' - - elif platform in self.types.platforms['unix']: - file_format = 'elf' - - elif platform in self.types.platforms['windows']: - file_format = 'pe' - - else: - raise RuntimeError(f"Platform {platform} does not have suitable file format!") - - return self.hatvenom.generate(file_format, arch, payload) + return self.hatvenom.generate( + platform.exec if not file_format else file_format, str(arch), payload) @staticmethod def detect_badchars(code: bytes, badchars: bytes) -> bool: @@ -452,7 +433,7 @@ def validate_options(payload: Payload) -> list: for option in payload.options: validate = payload.options[option] - if not validate['Value'] and validate['Value'] != 0 and validate['Required']: + if validate['Value'] is None and validate['Required']: missed.append(option) return missed diff --git a/hatsploit/lib/session/__init__.py b/hatsploit/lib/session/__init__.py new file mode 100644 index 000000000..e0fcc40c0 --- /dev/null +++ b/hatsploit/lib/session/__init__.py @@ -0,0 +1,113 @@ +""" +MIT License + +Copyright (c) 2020-2023 EntySec + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. +""" + +from typing import Any, Union + +from hatsploit.core.cli.badges import Badges +from hatsploit.core.cli.colors import Colors +from hatsploit.core.cli.fmt import FMT +from hatsploit.core.cli.tables import Tables + + +class Session(FMT, Badges, Colors, Tables): + """ Subclass of hatsploit.lib module. + + This subclass of hatsploit.lib module is intended for providing + wrapper for a session. + """ + + def __init__(self) -> None: + super().__init__() + + self.details = { + 'Post': "", + 'Platform': None, + 'Arch': None, + 'Type': "", + 'Host': "", + 'Port': None + } + + def open(self, client: Any) -> None: + """ Open this session for client. + + :param Any client: client (preferred: socket.socket) + :return None: None + """ + + pass + + def close(self) -> None: + """ Close this session. + + :return None: None + """ + + pass + + def heartbeat(self) -> bool: + """ Check this session's heartbeat. + + :return bool: True if alive else False + """ + + return False + + def send_command(self, command: str, output: bool = False) -> Union[None, str]: + """ Send command to this session. + + :param str command: command to send + :param bool output: True to wait for output else False + :return Union[None, str]: None if output is False else output + """ + + return None + + def download(self, remote_file: str, local_path: str) -> bool: + """ Download file from this session. + + :param str remote_file: file to download + :param str local_path: path to save file + :return bool: True if success else False + """ + + return False + + def upload(self, local_file: str, remote_path: str) -> bool: + """ Upload file to this session. + + :param str local_file: file to uplaod + :param str remote_path: path to save file + :return bool: True if success else False + """ + + return False + + def interact(self) -> None: + """ Interact with this session. + + :return None: None + """ + + pass diff --git a/hatsploit/lib/session/basic.py b/hatsploit/lib/session/basic.py new file mode 100644 index 000000000..b96de866f --- /dev/null +++ b/hatsploit/lib/session/basic.py @@ -0,0 +1,26 @@ +""" +MIT License + +Copyright (c) 2020-2023 EntySec + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. +""" + +from pex.arch.types import * +from pex.platform.types import * diff --git a/hatsploit/lib/sessions.py b/hatsploit/lib/sessions.py index af8edb15d..bd95d94e1 100755 --- a/hatsploit/lib/sessions.py +++ b/hatsploit/lib/sessions.py @@ -123,21 +123,17 @@ def check_exist(self, session_id: int, platform: Optional[str] = None, if sessions: if int(session_id) in sessions: session = sessions[int(session_id)] - valid = True - if platform: - if session['Platform'] != platform: - valid = False + if platform and session['Platform'] != platform: + return False - if type: - if session['Type'] != type: - valid = False + if arch and session['Arch'] != arch: + return False - if arch: - if session['Arch'] != arch: - valid = False + if type and session['Type'] != type: + return False - return valid + return True return False def get_auto_interaction(self) -> bool: diff --git a/hatsploit/lib/show.py b/hatsploit/lib/show.py index e97920e8e..86b02c36e 100755 --- a/hatsploit/lib/show.py +++ b/hatsploit/lib/show.py @@ -676,7 +676,7 @@ def show_module_information(self, details: Optional[dict] = None) -> None: Name: {details['Name']} Module: {details['Module']} Description: {details['Description']} - Platform: {details['Platform']} + Platform: {str(details['Platform'])} Rank: {details['Rank']} """)) diff --git a/hatsploit/payloads/linux/aarch64/shell_reverse_tcp.py b/hatsploit/payloads/linux/aarch64/shell_reverse_tcp.py index b91c4d506..cbfa20c15 100755 --- a/hatsploit/payloads/linux/aarch64/shell_reverse_tcp.py +++ b/hatsploit/payloads/linux/aarch64/shell_reverse_tcp.py @@ -19,8 +19,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Shell reverse TCP payload for Linux aarch64.", - 'Arch': "aarch64", - 'Platform': "linux", + 'Arch': ARCH_AARCH64, + 'Platform': OS_LINUX, 'Rank': "high", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/linux/armle/fork_bomb.py b/hatsploit/payloads/linux/armle/fork_bomb.py index 197772593..ab9c35acc 100755 --- a/hatsploit/payloads/linux/armle/fork_bomb.py +++ b/hatsploit/payloads/linux/armle/fork_bomb.py @@ -17,8 +17,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Fork bomb payload for Linux armle.", - 'Arch': "armle", - 'Platform': "linux", + 'Arch': ARCH_ARMLE, + 'Platform': OS_LINUX, 'Rank': "low", 'Type': "one_side", }) diff --git a/hatsploit/payloads/linux/armle/shell_bind_tcp.py b/hatsploit/payloads/linux/armle/shell_bind_tcp.py index e0a4d07ce..5cef14a98 100755 --- a/hatsploit/payloads/linux/armle/shell_bind_tcp.py +++ b/hatsploit/payloads/linux/armle/shell_bind_tcp.py @@ -18,8 +18,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Shell bind TCP payload for Linux armle.", - 'Arch': "armle", - 'Platform': "linux", + 'Arch': ARCH_ARMLE, + 'Platform': OS_LINUX, 'Rank': "high", 'Type': "bind_tcp", }) diff --git a/hatsploit/payloads/linux/armle/shell_reverse_tcp.py b/hatsploit/payloads/linux/armle/shell_reverse_tcp.py index 089e2482c..83d974d1a 100755 --- a/hatsploit/payloads/linux/armle/shell_reverse_tcp.py +++ b/hatsploit/payloads/linux/armle/shell_reverse_tcp.py @@ -18,8 +18,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Shell reverse TCP payload for Linux armle.", - 'Arch': "armle", - 'Platform': "linux", + 'Arch': ARCH_ARMLE, + 'Platform': OS_LINUX, 'Rank': "high", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/linux/generic/fork_bomb.py b/hatsploit/payloads/linux/generic/fork_bomb.py index df2cd3643..12f5bd240 100755 --- a/hatsploit/payloads/linux/generic/fork_bomb.py +++ b/hatsploit/payloads/linux/generic/fork_bomb.py @@ -17,8 +17,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Linux generic fork bomb.", - 'Arch': "generic", - 'Platform': "linux", + 'Arch': ARCH_GENERIC, + 'Platform': OS_LINUX, 'Rank': "high", 'Type': "one_side", }) diff --git a/hatsploit/payloads/linux/mipsbe/reboot.py b/hatsploit/payloads/linux/mipsbe/reboot.py index 0f1125d93..ed616f4ae 100755 --- a/hatsploit/payloads/linux/mipsbe/reboot.py +++ b/hatsploit/payloads/linux/mipsbe/reboot.py @@ -18,8 +18,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Reboot payload for Linux mipsbe.", - 'Arch': "mipsbe", - 'Platform': "linux", + 'Arch': ARCH_MIPSBE, + 'Platform': OS_LINUX, 'Rank': "low", 'Type': "one_side", }) diff --git a/hatsploit/payloads/linux/mipsbe/shell_bind_tcp.py b/hatsploit/payloads/linux/mipsbe/shell_bind_tcp.py index 30364e486..c6d50006d 100755 --- a/hatsploit/payloads/linux/mipsbe/shell_bind_tcp.py +++ b/hatsploit/payloads/linux/mipsbe/shell_bind_tcp.py @@ -19,8 +19,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Shell bind TCP payload for Linux mipsbe.", - 'Arch': "mipsbe", - 'Platform': "linux", + 'Arch': ARCH_MIPSBE, + 'Platform': OS_LINUX, 'Rank': "high", 'Type': "bind_tcp", }) diff --git a/hatsploit/payloads/linux/mipsbe/shell_reverse_tcp.py b/hatsploit/payloads/linux/mipsbe/shell_reverse_tcp.py index 1c209a38e..3fd13b28c 100755 --- a/hatsploit/payloads/linux/mipsbe/shell_reverse_tcp.py +++ b/hatsploit/payloads/linux/mipsbe/shell_reverse_tcp.py @@ -19,8 +19,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Shell reverse TCP payload for Linux mipsbe.", - 'Arch': "mipsbe", - 'Platform': "linux", + 'Arch': ARCH_MIPSBE, + 'Platform': OS_LINUX, 'Rank': "high", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/linux/mipsle/reboot.py b/hatsploit/payloads/linux/mipsle/reboot.py index 13687b372..061b88f40 100755 --- a/hatsploit/payloads/linux/mipsle/reboot.py +++ b/hatsploit/payloads/linux/mipsle/reboot.py @@ -18,8 +18,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Reboot payload for Linux mipsle.", - 'Arch': "mipsle", - 'Platform': "linux", + 'Arch': ARCH_MIPSLE, + 'Platform': OS_LINUX, 'Rank': "low", 'Type': "one_side", }) diff --git a/hatsploit/payloads/linux/mipsle/shell_bind_tcp.py b/hatsploit/payloads/linux/mipsle/shell_bind_tcp.py index 01617879f..1183af8a4 100755 --- a/hatsploit/payloads/linux/mipsle/shell_bind_tcp.py +++ b/hatsploit/payloads/linux/mipsle/shell_bind_tcp.py @@ -19,8 +19,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Shell bind TCP payload for Linux mipsle.", - 'Arch': "mipsle", - 'Platform': "linux", + 'Arch': ARCH_MIPSLE, + 'Platform': OS_LINUX, 'Rank': "high", 'Type': "bind_tcp", }) diff --git a/hatsploit/payloads/linux/mipsle/shell_reverse_tcp.py b/hatsploit/payloads/linux/mipsle/shell_reverse_tcp.py index f9c549d7b..558600e34 100755 --- a/hatsploit/payloads/linux/mipsle/shell_reverse_tcp.py +++ b/hatsploit/payloads/linux/mipsle/shell_reverse_tcp.py @@ -19,8 +19,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Shell reverse TCP payload for Linux mipsle.", - 'Arch': "mipsle", - 'Platform': "linux", + 'Arch': ARCH_MIPSLE, + 'Platform': OS_LINUX, 'Rank': "high", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/linux/x64/fork_bomb.py b/hatsploit/payloads/linux/x64/fork_bomb.py index 2e22cf4aa..bd27ccf46 100755 --- a/hatsploit/payloads/linux/x64/fork_bomb.py +++ b/hatsploit/payloads/linux/x64/fork_bomb.py @@ -18,8 +18,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Fork bomb payload for Linux x64.", - 'Arch': "x64", - 'Platform': "linux", + 'Arch': ARCH_X64, + 'Platform': OS_LINUX, 'Rank': "low", 'Type': "one_side", }) diff --git a/hatsploit/payloads/linux/x64/kill_all.py b/hatsploit/payloads/linux/x64/kill_all.py index 802aa9794..4472dfa74 100755 --- a/hatsploit/payloads/linux/x64/kill_all.py +++ b/hatsploit/payloads/linux/x64/kill_all.py @@ -18,8 +18,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Kill all processes payload for Linux x64.", - 'Arch': "x64", - 'Platform': "linux", + 'Arch': ARCH_X64, + 'Platform': OS_LINUX, 'Rank': "low", 'Type': "one_side", }) diff --git a/hatsploit/payloads/linux/x64/reboot.py b/hatsploit/payloads/linux/x64/reboot.py index 169259210..108a0a524 100755 --- a/hatsploit/payloads/linux/x64/reboot.py +++ b/hatsploit/payloads/linux/x64/reboot.py @@ -18,8 +18,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Reboot payload for Linux x64.", - 'Arch': "x64", - 'Platform': "linux", + 'Arch': ARCH_X64, + 'Platform': OS_LINUX, 'Rank': "low", 'Type': "one_side", }) diff --git a/hatsploit/payloads/linux/x64/shell_bind_tcp.py b/hatsploit/payloads/linux/x64/shell_bind_tcp.py index 47bbb7dd3..73379ef93 100755 --- a/hatsploit/payloads/linux/x64/shell_bind_tcp.py +++ b/hatsploit/payloads/linux/x64/shell_bind_tcp.py @@ -19,8 +19,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Shell bind TCP payload for Linux x64.", - 'Arch': "x64", - 'Platform': "linux", + 'Arch': ARCH_X64, + 'Platform': OS_LINUX, 'Rank': "high", 'Type': "bind_tcp", }) diff --git a/hatsploit/payloads/linux/x64/shell_reverse_tcp.py b/hatsploit/payloads/linux/x64/shell_reverse_tcp.py index 991cc2ed5..1d432dfe7 100755 --- a/hatsploit/payloads/linux/x64/shell_reverse_tcp.py +++ b/hatsploit/payloads/linux/x64/shell_reverse_tcp.py @@ -19,8 +19,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Shell reverse TCP payload for Linux x64.", - 'Arch': "x64", - 'Platform': "linux", + 'Arch': ARCH_X64, + 'Platform': OS_LINUX, 'Rank': "high", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/linux/x64/shutdown.py b/hatsploit/payloads/linux/x64/shutdown.py index 476cd26c9..1fae0a95c 100755 --- a/hatsploit/payloads/linux/x64/shutdown.py +++ b/hatsploit/payloads/linux/x64/shutdown.py @@ -18,8 +18,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Shutdown payload for Linux x64.", - 'Arch': "x64", - 'Platform': "linux", + 'Arch': ARCH_X64, + 'Platform': OS_LINUX, 'Rank': "low", 'Type': "one_side", }) diff --git a/hatsploit/payloads/linux/x86/shell_bind_tcp.py b/hatsploit/payloads/linux/x86/shell_bind_tcp.py index 2afc1829f..807dbc1b1 100755 --- a/hatsploit/payloads/linux/x86/shell_bind_tcp.py +++ b/hatsploit/payloads/linux/x86/shell_bind_tcp.py @@ -19,8 +19,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Shell bind TCP payload for Linux x86.", - 'Arch': "x86", - 'Platform': "linux", + 'Arch': ARCH_X86, + 'Platform': OS_LINUX, 'Rank': "high", 'Type': "bind_tcp", }) diff --git a/hatsploit/payloads/linux/x86/shell_reverse_tcp.py b/hatsploit/payloads/linux/x86/shell_reverse_tcp.py index def9af7f7..88a989622 100755 --- a/hatsploit/payloads/linux/x86/shell_reverse_tcp.py +++ b/hatsploit/payloads/linux/x86/shell_reverse_tcp.py @@ -19,8 +19,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Shell reverse TCP payload for Linux x86.", - 'Arch': "x86", - 'Platform': "linux", + 'Arch': ARCH_X64, + 'Platform': OS_LINUX, 'Rank': "high", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/macos/generic/applescript_reverse_tcp.py b/hatsploit/payloads/macos/generic/applescript_reverse_tcp.py index 1e061916b..de977e8f6 100755 --- a/hatsploit/payloads/macos/generic/applescript_reverse_tcp.py +++ b/hatsploit/payloads/macos/generic/applescript_reverse_tcp.py @@ -17,8 +17,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "AppleScript reverse TCP payload.", - 'Arch': "generic", - 'Platform': "macos", + 'Arch': ARCH_APPLESCRIPT, + 'Platform': OS_MACOS, 'Rank': "high", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/macos/x64/say.py b/hatsploit/payloads/macos/x64/say.py index f48de2bdd..7e8d8bb31 100755 --- a/hatsploit/payloads/macos/x64/say.py +++ b/hatsploit/payloads/macos/x64/say.py @@ -20,8 +20,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Say payload for macOS x64.", - 'Arch': "x64", - 'Platform': "macos", + 'Arch': ARCH_X64, + 'Platform': OS_MACOS, 'Rank': "low", 'Type': "one_side", }) diff --git a/hatsploit/payloads/macos/x64/shell_bind_tcp.py b/hatsploit/payloads/macos/x64/shell_bind_tcp.py index 0fdc0b54e..14836ec63 100755 --- a/hatsploit/payloads/macos/x64/shell_bind_tcp.py +++ b/hatsploit/payloads/macos/x64/shell_bind_tcp.py @@ -19,8 +19,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Shell bind TCP payload for macOS x64.", - 'Arch': "x64", - 'Platform': "macos", + 'Arch': ARCH_X64, + 'Platform': OS_MACOS, 'Rank': "high", 'Type': "bind_tcp", }) diff --git a/hatsploit/payloads/macos/x64/shell_reverse_tcp.py b/hatsploit/payloads/macos/x64/shell_reverse_tcp.py index 77d3440b8..01e331f81 100755 --- a/hatsploit/payloads/macos/x64/shell_reverse_tcp.py +++ b/hatsploit/payloads/macos/x64/shell_reverse_tcp.py @@ -19,8 +19,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Shell reverse TCP payload for macOS x64.", - 'Arch': "x64", - 'Platform': "macos", + 'Arch': ARCH_X64, + 'Platform': OS_MACOS, 'Rank': "high", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/unix/generic/bash_reverse_tcp.py b/hatsploit/payloads/unix/generic/bash_reverse_tcp.py index 1f869e1b7..9cb003fd3 100755 --- a/hatsploit/payloads/unix/generic/bash_reverse_tcp.py +++ b/hatsploit/payloads/unix/generic/bash_reverse_tcp.py @@ -19,8 +19,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "BASH shell reverse TCP payload.", - 'Arch': "generic", - 'Platform': "unix", + 'Arch': ARCH_GENERIC, + 'Platform': OS_UNIX, 'Rank': "high", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/unix/generic/ksh_reverse_tcp.py b/hatsploit/payloads/unix/generic/ksh_reverse_tcp.py index 025c6375d..095f7f815 100755 --- a/hatsploit/payloads/unix/generic/ksh_reverse_tcp.py +++ b/hatsploit/payloads/unix/generic/ksh_reverse_tcp.py @@ -17,8 +17,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "KSH shell reverse TCP payload.", - 'Arch': "generic", - 'Platform': "unix", + 'Arch': ARCH_GENERIC, + 'Platform': OS_UNIX, 'Rank': "high", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/unix/generic/netcat_reverse_tcp.py b/hatsploit/payloads/unix/generic/netcat_reverse_tcp.py index be5db2df8..d53d30de4 100755 --- a/hatsploit/payloads/unix/generic/netcat_reverse_tcp.py +++ b/hatsploit/payloads/unix/generic/netcat_reverse_tcp.py @@ -18,8 +18,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Netcat shell reverse TCP payload.", - 'Arch': "generic", - 'Platform': "unix", + 'Arch': ARCH_GENERIC, + 'Platform': OS_UNIX, 'Rank': "high", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/unix/generic/netcate_reverse_tcp.py b/hatsploit/payloads/unix/generic/netcate_reverse_tcp.py index 9d7849398..13cd74b19 100755 --- a/hatsploit/payloads/unix/generic/netcate_reverse_tcp.py +++ b/hatsploit/payloads/unix/generic/netcate_reverse_tcp.py @@ -17,8 +17,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Netcat (-e) shell reverse TCP payload.", - 'Arch': "generic", - 'Platform': "unix", + 'Arch': ARCH_GENERIC, + 'Platform': OS_UNIX, 'Rank': "high", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/unix/generic/perl_reverse_tcp.py b/hatsploit/payloads/unix/generic/perl_reverse_tcp.py index cd3f36de9..494fa2f16 100755 --- a/hatsploit/payloads/unix/generic/perl_reverse_tcp.py +++ b/hatsploit/payloads/unix/generic/perl_reverse_tcp.py @@ -17,8 +17,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Perl shell reverse TCP payload.", - 'Arch': "generic", - 'Platform': "unix", + 'Arch': ARCH_GENERIC, + 'Platform': OS_UNIX, 'Rank': "high", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/unix/generic/php_reverse_tcp.py b/hatsploit/payloads/unix/generic/php_reverse_tcp.py index 36c1d1c78..7d902db38 100755 --- a/hatsploit/payloads/unix/generic/php_reverse_tcp.py +++ b/hatsploit/payloads/unix/generic/php_reverse_tcp.py @@ -17,8 +17,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "PHP shell reverse TCP payload.", - 'Arch': "generic", - 'Platform': "unix", + 'Arch': ARCH_GENERIC, + 'Platform': OS_UNIX, 'Rank': "high", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/unix/generic/reboot.py b/hatsploit/payloads/unix/generic/reboot.py index dc0db30ab..920a63e90 100755 --- a/hatsploit/payloads/unix/generic/reboot.py +++ b/hatsploit/payloads/unix/generic/reboot.py @@ -17,8 +17,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Reboot payload for unix.", - 'Arch': "generic", - 'Platform': "unix", + 'Arch': ARCH_GENERIC, + 'Platform': OS_UNIX, 'Rank': "low", 'Type': "one_side", }) diff --git a/hatsploit/payloads/unix/generic/ruby_reverse_tcp.py b/hatsploit/payloads/unix/generic/ruby_reverse_tcp.py index 31676fbca..ee8c702b7 100755 --- a/hatsploit/payloads/unix/generic/ruby_reverse_tcp.py +++ b/hatsploit/payloads/unix/generic/ruby_reverse_tcp.py @@ -17,8 +17,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Ruby shell reverse TCP payload.", - 'Arch': "generic", - 'Platform': "unix", + 'Arch': ARCH_GENERIC, + 'Platform': OS_UNIX, 'Rank': "high", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/unix/generic/zsh_bind_tcp.py b/hatsploit/payloads/unix/generic/zsh_bind_tcp.py index 05b1aaf17..5e2fe8473 100755 --- a/hatsploit/payloads/unix/generic/zsh_bind_tcp.py +++ b/hatsploit/payloads/unix/generic/zsh_bind_tcp.py @@ -17,8 +17,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "ZSH shell bind TCP payload.", - 'Arch': "generic", - 'Platform': "unix", + 'Arch': ARCH_GENERIC, + 'Platform': OS_UNIX, 'Rank': "high", 'Type': "bind_tcp", }) diff --git a/hatsploit/payloads/unix/generic/zsh_reverse_tcp.py b/hatsploit/payloads/unix/generic/zsh_reverse_tcp.py index a547b7639..020ad3350 100755 --- a/hatsploit/payloads/unix/generic/zsh_reverse_tcp.py +++ b/hatsploit/payloads/unix/generic/zsh_reverse_tcp.py @@ -17,8 +17,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "ZSH shell reverse TCP payload.", - 'Arch': "generic", - 'Platform': "unix", + 'Arch': ARCH_GENERIC, + 'Platform': OS_UNIX, 'Rank': "high", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/windows/generic/calc.py b/hatsploit/payloads/windows/generic/calc.py index 993bde19b..6d23b4855 100755 --- a/hatsploit/payloads/windows/generic/calc.py +++ b/hatsploit/payloads/windows/generic/calc.py @@ -17,8 +17,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Windows calc.exe payload.", - 'Arch': "generic", - 'Platform': "windows", + 'Arch': ARCH_GENERIC, + 'Platform': OS_WINDOWS, 'Rank': "high", 'Type': "one_side", }) diff --git a/hatsploit/payloads/windows/generic/message_box.py b/hatsploit/payloads/windows/generic/message_box.py index dafcd18de..b380607d5 100755 --- a/hatsploit/payloads/windows/generic/message_box.py +++ b/hatsploit/payloads/windows/generic/message_box.py @@ -17,8 +17,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Message Box payload for Windows.", - 'Arch': "generic", - 'Platform': "windows", + 'Arch': ARCH_GENERIC, + 'Platform': OS_WINDOWS, 'Rank': "low", 'Type': "one_side", }) diff --git a/hatsploit/payloads/windows/generic/powershell_reverse_tcp.py b/hatsploit/payloads/windows/generic/powershell_reverse_tcp.py index 47be4e151..3cebc6749 100755 --- a/hatsploit/payloads/windows/generic/powershell_reverse_tcp.py +++ b/hatsploit/payloads/windows/generic/powershell_reverse_tcp.py @@ -17,8 +17,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Windows cmd.exe reverse TCP payload through PowerShell script.", - 'Arch': "generic", - 'Platform': "windows", + 'Arch': ARCH_GENERIC, + 'Platform': OS_WINDOWS, 'Rank': "high", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/windows/generic/say.py b/hatsploit/payloads/windows/generic/say.py index c1c60e3bb..1e91ad19a 100755 --- a/hatsploit/payloads/windows/generic/say.py +++ b/hatsploit/payloads/windows/generic/say.py @@ -17,8 +17,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Say payload for Windows.", - 'Arch': "generic", - 'Platform': "windows", + 'Arch': ARCH_GENERIC, + 'Platform': OS_WINDOWS, 'Rank': "low", 'Type': "one_side", }) diff --git a/hatsploit/payloads/windows/x64/shell_reverse_tcp.py b/hatsploit/payloads/windows/x64/shell_reverse_tcp.py index ecb4ccaa4..5ac67a765 100755 --- a/hatsploit/payloads/windows/x64/shell_reverse_tcp.py +++ b/hatsploit/payloads/windows/x64/shell_reverse_tcp.py @@ -18,8 +18,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Reverse shell TCP payload for Windows x64.", - 'Arch': "x64", - 'Platform': "windows", + 'Arch': ARCH_X64, + 'Platform': OS_WINDOWS, 'Rank': "low", 'Type': "reverse_tcp", }) diff --git a/hatsploit/payloads/windows/x86/shell_reverse_tcp.py b/hatsploit/payloads/windows/x86/shell_reverse_tcp.py index 9cbd3a615..18e859395 100755 --- a/hatsploit/payloads/windows/x86/shell_reverse_tcp.py +++ b/hatsploit/payloads/windows/x86/shell_reverse_tcp.py @@ -18,8 +18,8 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - payload developer', ], 'Description': "Reverse shell TCP payload for Windows x86.", - 'Arch': "x86", - 'Platform': "windows", + 'Arch': ARCH_X64, + 'Platform': OS_WINDOWS, 'Rank': "low", 'Type': "reverse_tcp", }) From 71bf66bba345cd433ae443579ca8bf6051bbef3a Mon Sep 17 00:00:00 2001 From: Ivan Nikolsky Date: Fri, 27 Oct 2023 05:52:10 +0100 Subject: [PATCH 03/10] Delete hatsploit/lib/session.py --- hatsploit/lib/session.py | 113 --------------------------------------- 1 file changed, 113 deletions(-) delete mode 100755 hatsploit/lib/session.py diff --git a/hatsploit/lib/session.py b/hatsploit/lib/session.py deleted file mode 100755 index 1ff8b408f..000000000 --- a/hatsploit/lib/session.py +++ /dev/null @@ -1,113 +0,0 @@ -""" -MIT License - -Copyright (c) 2020-2023 EntySec - -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: - -The above copyright notice and this permission notice shall be included in all -copies or substantial portions of the Software. - -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE -SOFTWARE. -""" - -from typing import Any, Union - -from hatsploit.core.cli.badges import Badges -from hatsploit.core.cli.colors import Colors -from hatsploit.core.cli.fmt import FMT -from hatsploit.core.cli.tables import Tables - - -class Session(FMT, Badges, Colors, Tables): - """ Subclass of hatsploit.lib module. - - This subclass of hatsploit.lib module is intended for providing - wrapper for a session. - """ - - def __init__(self) -> None: - super().__init__() - - self.details = { - 'Post': "", - 'Platform': "", - 'Arch': "", - 'Type': "", - 'Host': "", - 'Port': None - } - - def open(self, client: Any) -> None: - """ Open this session for client. - - :param Any client: client (preferred: socket.socket) - :return None: None - """ - - pass - - def close(self) -> None: - """ Close this session. - - :return None: None - """ - - pass - - def heartbeat(self) -> bool: - """ Check this session's heartbeat. - - :return bool: True if alive else False - """ - - return False - - def send_command(self, command: str, output: bool = False) -> Union[None, str]: - """ Send command to this session. - - :param str command: command to send - :param bool output: True to wait for output else False - :return Union[None, str]: None if output is False else output - """ - - return None - - def download(self, remote_file: str, local_path: str) -> bool: - """ Download file from this session. - - :param str remote_file: file to download - :param str local_path: path to save file - :return bool: True if success else False - """ - - return False - - def upload(self, local_file: str, remote_path: str) -> bool: - """ Upload file to this session. - - :param str local_file: file to uplaod - :param str remote_path: path to save file - :return bool: True if success else False - """ - - return False - - def interact(self) -> None: - """ Interact with this session. - - :return None: None - """ - - pass From 43a6bb4ab63dcac25e42c8be0486363ed479f87b Mon Sep 17 00:00:00 2001 From: Ivan Nikolsky Date: Fri, 27 Oct 2023 05:52:58 +0100 Subject: [PATCH 04/10] Add files via upload --- .../auxiliary/android/checker/check_adb_installation.py | 2 +- .../auxiliary/apple_ios/checker/jailbroken_or_not.py | 2 +- .../modules/auxiliary/generic/scanner/directory_scanner.py | 2 +- hatsploit/modules/auxiliary/generic/scanner/http_header.py | 2 +- hatsploit/modules/auxiliary/generic/scanner/http_methods.py | 2 +- .../modules/exploit/android/adb/remote_code_execution.py | 6 +++--- .../modules/exploit/apple_ios/safari/webkit_filter_dos.py | 2 +- .../modules/exploit/apple_ios/ssh/cydia_default_password.py | 6 +++--- .../modules/exploit/generic/gather/browser_webcam_photo.py | 2 +- .../modules/exploit/generic/gather/browser_webcam_stream.py | 2 +- hatsploit/modules/exploit/generic/handler/bind_tcp.py | 2 +- hatsploit/modules/exploit/generic/handler/reverse_tcp.py | 2 +- .../modules/exploit/generic/ssh/server_code_execution.py | 2 +- .../exploit/linux/3com/ap8670_credentials_disclosure.py | 2 +- hatsploit/modules/exploit/linux/antiweb/path_traversal.py | 2 +- hatsploit/modules/exploit/linux/apache/nifi_api_rce.py | 4 ++-- .../modules/exploit/linux/asus/multi_password_disclosure.py | 2 +- .../exploit/linux/avtech/ipcamera_credentials_disclosure.py | 2 +- .../exploit/linux/avtech/ipcamera_information_disclosure.py | 2 +- .../exploit/linux/brickcom/multi_credentials_disclosure.py | 2 +- .../modules/exploit/linux/chromecast/play_media_url.py | 4 ++-- .../modules/exploit/linux/cypress/ctm_backdoor_password.py | 6 +++--- .../modules/exploit/linux/dlink/dap_2020_path_traversal.py | 2 +- .../exploit/linux/dlink/dcs_credentials_disclosure.py | 2 +- .../exploit/linux/dlink/dir645_credentials_disclosure.py | 2 +- .../modules/exploit/linux/dlink/hedwig_code_execution.py | 6 +++--- .../modules/exploit/linux/f5/bigip_tmui_path_traversal.py | 2 +- hatsploit/modules/exploit/linux/f5/bigip_tmui_rce.py | 4 ++-- hatsploit/modules/exploit/linux/fhem/path_traversal.py | 2 +- .../modules/exploit/linux/generic/32764_code_execution.py | 6 +++--- .../exploit/linux/generic/32764_credentials_disclosure.py | 2 +- .../exploit/linux/generic/dvr_credentials_disclosure.py | 2 +- .../modules/exploit/linux/generic/p2p_authenticated_rce.py | 6 +++--- .../exploit/linux/generic/p2p_password_disclosure.py | 2 +- .../exploit/linux/huawei/hg630_information_disclosure.py | 2 +- .../modules/exploit/linux/icewarp/webmail_path_traversal.py | 2 +- .../exploit/linux/jvc/t216vpru_credentials_disclosure.py | 2 +- .../modules/exploit/linux/jvc/t216vpru_path_traversal.py | 2 +- .../modules/exploit/linux/linksys/eseries_tmunblock_rce.py | 6 +++--- .../modules/exploit/linux/linksys/wap54gv3_debug_rce.py | 6 +++--- .../exploit/linux/mikrotik/winbox_credentials_disclosure.py | 2 +- .../modules/exploit/linux/movistar/adsl_path_traversal.py | 2 +- .../linux/netwave/ipcamera_information_disclosure.py | 2 +- .../exploit/linux/netwave/wpa_information_disclosure.py | 2 +- .../modules/exploit/linux/nostromo/remote_code_execution.py | 4 ++-- .../modules/exploit/linux/oracle/weblogic_console_rce.py | 4 ++-- .../exploit/linux/rompager/multi_password_disclosure.py | 2 +- .../modules/exploit/linux/selea/anpr_authenticated_rce.py | 6 +++--- .../modules/exploit/linux/selea/anpr_password_disclosure.py | 2 +- .../modules/exploit/linux/selea/anpr_path_traversal.py | 2 +- .../exploit/linux/siemens/multi_credentials_disclosure.py | 2 +- .../modules/exploit/linux/siemens/multi_path_traversal.py | 2 +- .../exploit/linux/skybridge/credentials_disclosure.py | 2 +- .../modules/exploit/linux/ssh/libssh_code_execution.py | 4 ++-- .../exploit/linux/ssh/raspbian_default_credentials.py | 6 +++--- .../exploit/linux/wepresent/wipg1000_code_execution.py | 6 +++--- hatsploit/modules/exploit/linux/zte/f460_f660_rce.py | 6 +++--- .../exploit/windows/handler/bitsadmin_reverse_http.py | 4 ++-- .../modules/exploit/windows/handler/mshta_reverse_http.py | 4 ++-- .../exploit/windows/handler/regsvr32_reverse_http.py | 4 ++-- .../modules/exploit/windows/handler/wmic_reverse_http.py | 4 ++-- hatsploit/modules/post/apple_ios/shell/respring.py | 4 ++-- hatsploit/modules/post/apple_ios/shell/safari_bookmarks.py | 4 ++-- hatsploit/modules/post/apple_ios/shell/safari_history.py | 4 ++-- hatsploit/modules/post/macos/shell/suspend.py | 4 ++-- hatsploit/modules/post/unix/shell/getpasswd.py | 4 ++-- hatsploit/modules/post/unix/shell/getpid.py | 4 ++-- 67 files changed, 107 insertions(+), 107 deletions(-) diff --git a/hatsploit/modules/auxiliary/android/checker/check_adb_installation.py b/hatsploit/modules/auxiliary/android/checker/check_adb_installation.py index 2c0784031..a7f98885c 100755 --- a/hatsploit/modules/auxiliary/android/checker/check_adb_installation.py +++ b/hatsploit/modules/auxiliary/android/checker/check_adb_installation.py @@ -20,7 +20,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Check if remote Android device has ADB installation.", - 'Platform': "android", + 'Platform': OS_ANDROID, 'Rank': "low", }) diff --git a/hatsploit/modules/auxiliary/apple_ios/checker/jailbroken_or_not.py b/hatsploit/modules/auxiliary/apple_ios/checker/jailbroken_or_not.py index 35262f475..d791def53 100755 --- a/hatsploit/modules/auxiliary/apple_ios/checker/jailbroken_or_not.py +++ b/hatsploit/modules/auxiliary/apple_ios/checker/jailbroken_or_not.py @@ -19,7 +19,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Check if remote iPhone jailbroken.", - 'Platform': "apple_ios", + 'Platform': OS_IPHONE, 'Rank': "low", }) diff --git a/hatsploit/modules/auxiliary/generic/scanner/directory_scanner.py b/hatsploit/modules/auxiliary/generic/scanner/directory_scanner.py index a04f59ff5..a4e96ab86 100755 --- a/hatsploit/modules/auxiliary/generic/scanner/directory_scanner.py +++ b/hatsploit/modules/auxiliary/generic/scanner/directory_scanner.py @@ -22,7 +22,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Website directory scanner.", - 'Platform': "generic", + 'Platform': OS_GENERIC, 'Rank': "medium", }) diff --git a/hatsploit/modules/auxiliary/generic/scanner/http_header.py b/hatsploit/modules/auxiliary/generic/scanner/http_header.py index 5d0969366..ab658109a 100755 --- a/hatsploit/modules/auxiliary/generic/scanner/http_header.py +++ b/hatsploit/modules/auxiliary/generic/scanner/http_header.py @@ -18,7 +18,7 @@ def __init__(self): 'Module': 'auxiliary/generic/scanner/http_header', 'Authors': ['Noah Altunian (naltun) - contributor'], 'Description': 'Retrieve HTTP headers from a server.', - 'Platform': 'generic', + 'Platform': OS_GENERIC, 'Rank': 'low', }) diff --git a/hatsploit/modules/auxiliary/generic/scanner/http_methods.py b/hatsploit/modules/auxiliary/generic/scanner/http_methods.py index ef5670b65..f5add94bb 100755 --- a/hatsploit/modules/auxiliary/generic/scanner/http_methods.py +++ b/hatsploit/modules/auxiliary/generic/scanner/http_methods.py @@ -18,7 +18,7 @@ def __init__(self): 'Module': 'auxiliary/generic/scanner/http_methods', 'Authors': ['Noah Altunian (naltun) - contributor'], 'Description': 'Find supported HTTP methods on a server', - 'Platform': 'generic', + 'Platform': OS_GENERIC, 'Rank': 'low', }) diff --git a/hatsploit/modules/exploit/android/adb/remote_code_execution.py b/hatsploit/modules/exploit/android/adb/remote_code_execution.py index 62a06c43b..6bb6ead98 100755 --- a/hatsploit/modules/exploit/android/adb/remote_code_execution.py +++ b/hatsploit/modules/exploit/android/adb/remote_code_execution.py @@ -19,12 +19,12 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Remote Code Execution in Android ADB.", - 'Platform': "android", + 'Platform': OS_ANDROID, 'Rank': "high", 'Payload': { 'Value': "unix/generic/bash_reverse_tcp", - 'Platforms': ['android', 'linux', 'unix'], - 'Arches': ['armle', 'aarch64', 'generic'] + 'Platforms': [OS_ANDROID, OS_LINUX, OS_UNIX], + 'Arches': [ARCH_ARMLE, ARCH_AARCH64, ARCH_GENERIC] } }) diff --git a/hatsploit/modules/exploit/apple_ios/safari/webkit_filter_dos.py b/hatsploit/modules/exploit/apple_ios/safari/webkit_filter_dos.py index e0fb20e0d..574cadb1b 100755 --- a/hatsploit/modules/exploit/apple_ios/safari/webkit_filter_dos.py +++ b/hatsploit/modules/exploit/apple_ios/safari/webkit_filter_dos.py @@ -20,7 +20,7 @@ def __init__(self): 'Sabri Haddouche (pwnsdx) - vulnerability researcher', ], 'Description': "iOS 9.1 till 12.1 MobileSafari.app WebKit Filter DoS.", - 'Platform': "apple_ios", + 'Platform': OS_IPHONE, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/apple_ios/ssh/cydia_default_password.py b/hatsploit/modules/exploit/apple_ios/ssh/cydia_default_password.py index 711455f43..898af39c6 100755 --- a/hatsploit/modules/exploit/apple_ios/ssh/cydia_default_password.py +++ b/hatsploit/modules/exploit/apple_ios/ssh/cydia_default_password.py @@ -19,12 +19,12 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Bypass iOS SSH authorization using Cydia.app default SSH password.", - 'Platform': "apple_ios", + 'Platform': OS_IPHONE, 'Rank': "medium", 'Payload': { 'Value': "unix/generic/bash_reverse_tcp", - 'Arches': ['armle', 'aarch64', 'generic'], - 'Platforms': ['apple_ios', 'unix'], + 'Arches': [ARCH_ARMLE, ARCH_AARCH64, ARCH_GENERIC], + 'Platforms': [OS_IPHONE, OS_UNIX], } }) diff --git a/hatsploit/modules/exploit/generic/gather/browser_webcam_photo.py b/hatsploit/modules/exploit/generic/gather/browser_webcam_photo.py index 96c058e5d..b305b46bb 100755 --- a/hatsploit/modules/exploit/generic/gather/browser_webcam_photo.py +++ b/hatsploit/modules/exploit/generic/gather/browser_webcam_photo.py @@ -24,7 +24,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Module takes photo through browser.", - 'Platform': "generic", + 'Platform': OS_GENERIC, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/generic/gather/browser_webcam_stream.py b/hatsploit/modules/exploit/generic/gather/browser_webcam_stream.py index 1a494bb84..7067bcb3c 100755 --- a/hatsploit/modules/exploit/generic/gather/browser_webcam_stream.py +++ b/hatsploit/modules/exploit/generic/gather/browser_webcam_stream.py @@ -24,7 +24,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Module streams webcam through browser.", - 'Platform': "generic", + 'Platform': OS_GENERIC, 'Rank': "medium", }) diff --git a/hatsploit/modules/exploit/generic/handler/bind_tcp.py b/hatsploit/modules/exploit/generic/handler/bind_tcp.py index 99fbfaaa5..cac39d762 100755 --- a/hatsploit/modules/exploit/generic/handler/bind_tcp.py +++ b/hatsploit/modules/exploit/generic/handler/bind_tcp.py @@ -18,7 +18,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Bind TCP Handler.", - 'Platform': "generic", + 'Platform': OS_GENERIC, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/generic/handler/reverse_tcp.py b/hatsploit/modules/exploit/generic/handler/reverse_tcp.py index d7b12b5a3..4128c6c18 100755 --- a/hatsploit/modules/exploit/generic/handler/reverse_tcp.py +++ b/hatsploit/modules/exploit/generic/handler/reverse_tcp.py @@ -18,7 +18,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Reverse TCP Handler.", - 'Platform': "generic", + 'Platform': OS_GENERIC, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/generic/ssh/server_code_execution.py b/hatsploit/modules/exploit/generic/ssh/server_code_execution.py index eb306edf3..ce7383fc7 100755 --- a/hatsploit/modules/exploit/generic/ssh/server_code_execution.py +++ b/hatsploit/modules/exploit/generic/ssh/server_code_execution.py @@ -19,7 +19,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Execute code on server with SSH enabled.", - 'Platform': "generic", + 'Platform': OS_GENERIC, 'Rank': "medium", }) diff --git a/hatsploit/modules/exploit/linux/3com/ap8670_credentials_disclosure.py b/hatsploit/modules/exploit/linux/3com/ap8670_credentials_disclosure.py index 156cec2b9..ae2f83480 100755 --- a/hatsploit/modules/exploit/linux/3com/ap8670_credentials_disclosure.py +++ b/hatsploit/modules/exploit/linux/3com/ap8670_credentials_disclosure.py @@ -22,7 +22,7 @@ def __init__(self): 'Richard Brain - vulnerability researcher', ], 'Description': "3Com AP8670 credentials disclosure exploit.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/antiweb/path_traversal.py b/hatsploit/modules/exploit/linux/antiweb/path_traversal.py index af629df1b..232c2dc25 100755 --- a/hatsploit/modules/exploit/linux/antiweb/path_traversal.py +++ b/hatsploit/modules/exploit/linux/antiweb/path_traversal.py @@ -21,7 +21,7 @@ def __init__(self): 'Fernandez Ezequiel - vulnerability researcher', ], 'Description': "Path Traversal in Anti-Web v3.0.7 till v3.8.7.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/apache/nifi_api_rce.py b/hatsploit/modules/exploit/linux/apache/nifi_api_rce.py index 7498c402a..40ce87f8c 100755 --- a/hatsploit/modules/exploit/linux/apache/nifi_api_rce.py +++ b/hatsploit/modules/exploit/linux/apache/nifi_api_rce.py @@ -19,11 +19,11 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Remote Code Execution in Apache NiFi component API.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", 'Payload': { 'Value': "unix/generic/netcat_reverse_tcp", - 'Platforms': ['linux', 'unix'], + 'Platforms': [OS_LINUX, OS_UNIX], } }) diff --git a/hatsploit/modules/exploit/linux/asus/multi_password_disclosure.py b/hatsploit/modules/exploit/linux/asus/multi_password_disclosure.py index f48752a51..bfd27f19d 100755 --- a/hatsploit/modules/exploit/linux/asus/multi_password_disclosure.py +++ b/hatsploit/modules/exploit/linux/asus/multi_password_disclosure.py @@ -22,7 +22,7 @@ def __init__(self): 'Harry Sintonen (piru) - vulnerability researcher', ], 'Description': "Asus multiple devices password disclosure exploit.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/avtech/ipcamera_credentials_disclosure.py b/hatsploit/modules/exploit/linux/avtech/ipcamera_credentials_disclosure.py index 213b96001..ca866b074 100755 --- a/hatsploit/modules/exploit/linux/avtech/ipcamera_credentials_disclosure.py +++ b/hatsploit/modules/exploit/linux/avtech/ipcamera_credentials_disclosure.py @@ -19,7 +19,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "AVTECH IP Camera credentials disclosure.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/avtech/ipcamera_information_disclosure.py b/hatsploit/modules/exploit/linux/avtech/ipcamera_information_disclosure.py index e82cf55bb..2337078b3 100755 --- a/hatsploit/modules/exploit/linux/avtech/ipcamera_information_disclosure.py +++ b/hatsploit/modules/exploit/linux/avtech/ipcamera_information_disclosure.py @@ -19,7 +19,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "AVTECH IP Camera information disclosure exploit.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/brickcom/multi_credentials_disclosure.py b/hatsploit/modules/exploit/linux/brickcom/multi_credentials_disclosure.py index 0d96ba3be..a180eb8f3 100755 --- a/hatsploit/modules/exploit/linux/brickcom/multi_credentials_disclosure.py +++ b/hatsploit/modules/exploit/linux/brickcom/multi_credentials_disclosure.py @@ -20,7 +20,7 @@ def __init__(self): 'Orwelllabs - vulnerability researcher', ], 'Description': "Brickcom multiple devices credentials disclosure.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/chromecast/play_media_url.py b/hatsploit/modules/exploit/linux/chromecast/play_media_url.py index 3d5029a90..2d392a4ae 100644 --- a/hatsploit/modules/exploit/linux/chromecast/play_media_url.py +++ b/hatsploit/modules/exploit/linux/chromecast/play_media_url.py @@ -7,7 +7,7 @@ from hatsploit.lib.module.proto import Chromecast -class HatSploitModule(Module, ChromeCast): +class HatSploitModule(Module, Chromecast): def __init__(self): super().__init__() @@ -19,7 +19,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer' ], 'Description': "Chromecast allows unauthorized users to play media URL.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "low", }) diff --git a/hatsploit/modules/exploit/linux/cypress/ctm_backdoor_password.py b/hatsploit/modules/exploit/linux/cypress/ctm_backdoor_password.py index e065ef438..80f0c5612 100755 --- a/hatsploit/modules/exploit/linux/cypress/ctm_backdoor_password.py +++ b/hatsploit/modules/exploit/linux/cypress/ctm_backdoor_password.py @@ -19,12 +19,12 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Remote code execution through SSH backdoor in Cypress CTM devices.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", 'Payload': { 'Value': "unix/generic/netcat_reverse_tcp", - 'Arches': ['armle', 'aarch64', 'generic'], - 'Platforms': ['linux', 'unix'], + 'Arches': [ARCH_ARMLE, ARCH_AARCH64, ARCH_GENERIC], + 'Platforms': [OS_LINUX, OS_UNIX], } }) diff --git a/hatsploit/modules/exploit/linux/dlink/dap_2020_path_traversal.py b/hatsploit/modules/exploit/linux/dlink/dap_2020_path_traversal.py index b471c1c84..55fbeba7f 100755 --- a/hatsploit/modules/exploit/linux/dlink/dap_2020_path_traversal.py +++ b/hatsploit/modules/exploit/linux/dlink/dap_2020_path_traversal.py @@ -21,7 +21,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Path Traversal through incorrect login in D-Link DAP-2020 <= v6.10.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/dlink/dcs_credentials_disclosure.py b/hatsploit/modules/exploit/linux/dlink/dcs_credentials_disclosure.py index eeb1af062..8d76d6928 100755 --- a/hatsploit/modules/exploit/linux/dlink/dcs_credentials_disclosure.py +++ b/hatsploit/modules/exploit/linux/dlink/dcs_credentials_disclosure.py @@ -19,7 +19,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "D-Link DCS-2530L < 1.06.01 and DCS-2670L <= 2.02 credentials disclosure exploit.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/dlink/dir645_credentials_disclosure.py b/hatsploit/modules/exploit/linux/dlink/dir645_credentials_disclosure.py index 0384c39a5..c73e71b04 100755 --- a/hatsploit/modules/exploit/linux/dlink/dir645_credentials_disclosure.py +++ b/hatsploit/modules/exploit/linux/dlink/dir645_credentials_disclosure.py @@ -22,7 +22,7 @@ def __init__(self): 'Roberto Paleari - vulnerability researcher', ], 'Description': "D-Link DIR-645 < 1.03 credentials disclosure exploit.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/dlink/hedwig_code_execution.py b/hatsploit/modules/exploit/linux/dlink/hedwig_code_execution.py index 95c6d23be..6c9b6977d 100755 --- a/hatsploit/modules/exploit/linux/dlink/hedwig_code_execution.py +++ b/hatsploit/modules/exploit/linux/dlink/hedwig_code_execution.py @@ -24,12 +24,12 @@ def __init__(self): 'Roberto Paleari - vulnerability researcher', ], 'Description': "Remote Code Execution in D-Link DIR-645 <= 1.03, DIR-300 <= 2.14, DIR-600.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", 'Payload': { 'Value': "linux/mipsle/shell_reverse_tcp", - 'Arches': ['mipsle', 'mipsbe', 'generic'], - 'Platforms': ['linux', 'unix'], + 'Arches': [ARCH_MIPSLE, ARCH_MIPSBE, ARCH_GENERIC], + 'Platforms': [OS_LINUX, OS_UNIX], } }) diff --git a/hatsploit/modules/exploit/linux/f5/bigip_tmui_path_traversal.py b/hatsploit/modules/exploit/linux/f5/bigip_tmui_path_traversal.py index 5fa0f3041..c23256947 100755 --- a/hatsploit/modules/exploit/linux/f5/bigip_tmui_path_traversal.py +++ b/hatsploit/modules/exploit/linux/f5/bigip_tmui_path_traversal.py @@ -20,7 +20,7 @@ def __init__(self): 'Carlos E. Vieira - vulnerability researcher', ], 'Description': "Path Traversal in F5 BIG-IP Traffic Management User Interface (TMUI).", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/f5/bigip_tmui_rce.py b/hatsploit/modules/exploit/linux/f5/bigip_tmui_rce.py index 6da3228eb..760ef3053 100755 --- a/hatsploit/modules/exploit/linux/f5/bigip_tmui_rce.py +++ b/hatsploit/modules/exploit/linux/f5/bigip_tmui_rce.py @@ -20,11 +20,11 @@ def __init__(self): 'Mikhail Klyuchnikov - vulnerability researcher', ], 'Description': "Remote Code Execution in F5 BIG-IP Traffic Management User Interface (TMUI).", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", 'Payload': { 'Value': "unix/generic/netcat_reverse_tcp", - 'Platforms': ['linux', 'unix'], + 'Platforms': [OS_LINUX, OS_UNIX], } }) diff --git a/hatsploit/modules/exploit/linux/fhem/path_traversal.py b/hatsploit/modules/exploit/linux/fhem/path_traversal.py index 674c2629e..11592278b 100755 --- a/hatsploit/modules/exploit/linux/fhem/path_traversal.py +++ b/hatsploit/modules/exploit/linux/fhem/path_traversal.py @@ -20,7 +20,7 @@ def __init__(self): 'Emre Övünç (EmreOvunc) - vulnerability researcher', ], 'Description': "Path Traversal in FHEM <= 6.0", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/generic/32764_code_execution.py b/hatsploit/modules/exploit/linux/generic/32764_code_execution.py index 0d2b053e4..cc47d1322 100755 --- a/hatsploit/modules/exploit/linux/generic/32764_code_execution.py +++ b/hatsploit/modules/exploit/linux/generic/32764_code_execution.py @@ -21,12 +21,12 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Remote code execution in multiple devices through TCP 32764 backdoor.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", 'Payload': { 'Value': "linux/mipsbe/shell_reverse_tcp", - 'Arches': ['mipsle', 'mipsbe', 'generic'], - 'Platforms': ['linux', 'unix'], + 'Arches': [ARCH_MIPSLE, ARCH_MIPSBE, ARCH_GENERIC], + 'Platforms': [OS_LINUX, OS_UNIX], } }) diff --git a/hatsploit/modules/exploit/linux/generic/32764_credentials_disclosure.py b/hatsploit/modules/exploit/linux/generic/32764_credentials_disclosure.py index 9cbf548de..0146185e6 100755 --- a/hatsploit/modules/exploit/linux/generic/32764_credentials_disclosure.py +++ b/hatsploit/modules/exploit/linux/generic/32764_credentials_disclosure.py @@ -22,7 +22,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Credentials disclosure in multiple devices through TCP 32764 backdoor.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/generic/dvr_credentials_disclosure.py b/hatsploit/modules/exploit/linux/generic/dvr_credentials_disclosure.py index ed8c8ab12..6ef56efe1 100755 --- a/hatsploit/modules/exploit/linux/generic/dvr_credentials_disclosure.py +++ b/hatsploit/modules/exploit/linux/generic/dvr_credentials_disclosure.py @@ -22,7 +22,7 @@ def __init__(self): 'ezelf - vulnerability researcher', ], 'Description': "Multiple DVR devices credentials disclosure.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/generic/p2p_authenticated_rce.py b/hatsploit/modules/exploit/linux/generic/p2p_authenticated_rce.py index 1ccbefa5e..10b4402cf 100755 --- a/hatsploit/modules/exploit/linux/generic/p2p_authenticated_rce.py +++ b/hatsploit/modules/exploit/linux/generic/p2p_authenticated_rce.py @@ -22,12 +22,12 @@ def __init__(self): 'Pierre Kim (pierrekim) - vulnerability researcher', ], 'Description': "P2P network camera authenticated remote code execution.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", 'Payload': { 'Value': "linux/x64/shell_reverse_tcp", - 'Arches': ['mipsle', 'mipsbe', 'generic'], - 'Platforms': ['linux', 'unix'], + 'Arches': [ARCH_MIPSLE, ARCH_MIPSBE, ARCH_GENERIC], + 'Platforms': [OS_LINUX, OS_UNIX], } }) diff --git a/hatsploit/modules/exploit/linux/generic/p2p_password_disclosure.py b/hatsploit/modules/exploit/linux/generic/p2p_password_disclosure.py index fdac92d4b..d548a105f 100755 --- a/hatsploit/modules/exploit/linux/generic/p2p_password_disclosure.py +++ b/hatsploit/modules/exploit/linux/generic/p2p_password_disclosure.py @@ -22,7 +22,7 @@ def __init__(self): 'Pierre Kim (pierrekim) - vulnerability researcher', ], 'Description': "P2P network camera password disclosure.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/huawei/hg630_information_disclosure.py b/hatsploit/modules/exploit/linux/huawei/hg630_information_disclosure.py index 436a29d5b..bb6c71284 100755 --- a/hatsploit/modules/exploit/linux/huawei/hg630_information_disclosure.py +++ b/hatsploit/modules/exploit/linux/huawei/hg630_information_disclosure.py @@ -20,7 +20,7 @@ def __init__(self): 'Eslam Medhat - vulnerability researcher', ], 'Description': "Huawei HG630 information disclosure exploit.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/icewarp/webmail_path_traversal.py b/hatsploit/modules/exploit/linux/icewarp/webmail_path_traversal.py index 0a25e682c..c4fed3999 100755 --- a/hatsploit/modules/exploit/linux/icewarp/webmail_path_traversal.py +++ b/hatsploit/modules/exploit/linux/icewarp/webmail_path_traversal.py @@ -20,7 +20,7 @@ def __init__(self): 'Jameel Nabbo (JameelNabbo) - vulnerability researcher', ], 'Description': "Path Traversal in IceWarp <= 10.4.4 WebMail.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/jvc/t216vpru_credentials_disclosure.py b/hatsploit/modules/exploit/linux/jvc/t216vpru_credentials_disclosure.py index 96d493776..d6a89531f 100755 --- a/hatsploit/modules/exploit/linux/jvc/t216vpru_credentials_disclosure.py +++ b/hatsploit/modules/exploit/linux/jvc/t216vpru_credentials_disclosure.py @@ -19,7 +19,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "JVC VN-T216VPRU credentials disclosure.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/jvc/t216vpru_path_traversal.py b/hatsploit/modules/exploit/linux/jvc/t216vpru_path_traversal.py index 0eddf84e5..4b00325e2 100755 --- a/hatsploit/modules/exploit/linux/jvc/t216vpru_path_traversal.py +++ b/hatsploit/modules/exploit/linux/jvc/t216vpru_path_traversal.py @@ -19,7 +19,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Path Traversal in JVC VN-T216VPRU.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/linksys/eseries_tmunblock_rce.py b/hatsploit/modules/exploit/linux/linksys/eseries_tmunblock_rce.py index e1b764cdc..5aa8208cc 100755 --- a/hatsploit/modules/exploit/linux/linksys/eseries_tmunblock_rce.py +++ b/hatsploit/modules/exploit/linux/linksys/eseries_tmunblock_rce.py @@ -20,12 +20,12 @@ def __init__(self): 'Johannes Ullrich (jullrich) - vulnerability researcher', ], 'Description': "Remote Code Execution in Linksys E-Series.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", 'Payload': { 'Value': "linux/mipsle/shell_reverse_tcp", - 'Arches': ['mipsle', 'mipsbe', 'generic'], - 'Platforms': ['linux', 'unix'], + 'Arches': [ARCH_MIPSLE, ARCH_MIPSBE, ARCH_GENERIC], + 'Platforms': [OS_LINUX, OS_UNIX], } }) diff --git a/hatsploit/modules/exploit/linux/linksys/wap54gv3_debug_rce.py b/hatsploit/modules/exploit/linux/linksys/wap54gv3_debug_rce.py index 2d007b09e..68be11d17 100755 --- a/hatsploit/modules/exploit/linux/linksys/wap54gv3_debug_rce.py +++ b/hatsploit/modules/exploit/linux/linksys/wap54gv3_debug_rce.py @@ -22,12 +22,12 @@ def __init__(self): 'Phil Purviance - vulnerability researcher', ], 'Description': "Remote Code Execution in Linksys WAP54Gv3.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", 'Payload': { 'Value': "linux/mipsle/shell_reverse_tcp", - 'Arches': ['mipsle', 'mipsbe', 'generic'], - 'Platforms': ['linux', 'unix'], + 'Arches': [ARCH_MIPSLE, ARCH_MIPSBE, ARCH_GENERIC], + 'Platforms': [OS_LINUX, OS_UNIX], } }) diff --git a/hatsploit/modules/exploit/linux/mikrotik/winbox_credentials_disclosure.py b/hatsploit/modules/exploit/linux/mikrotik/winbox_credentials_disclosure.py index 59aab9926..0ef7a7b99 100755 --- a/hatsploit/modules/exploit/linux/mikrotik/winbox_credentials_disclosure.py +++ b/hatsploit/modules/exploit/linux/mikrotik/winbox_credentials_disclosure.py @@ -23,7 +23,7 @@ def __init__(self): 'Mostafa Yalpaniyan - vulnerability researcher', ], 'Description': "MikroTik WinBox RouterOS from 6.29 till 6.42 credentials disclosure.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/movistar/adsl_path_traversal.py b/hatsploit/modules/exploit/linux/movistar/adsl_path_traversal.py index 7fa3648fc..85fc5897d 100755 --- a/hatsploit/modules/exploit/linux/movistar/adsl_path_traversal.py +++ b/hatsploit/modules/exploit/linux/movistar/adsl_path_traversal.py @@ -20,7 +20,7 @@ def __init__(self): 'Todor Donev - vulnerability researcher', ], 'Description': "Path Traversal in Movistar ADSL router BHS_RTA.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/netwave/ipcamera_information_disclosure.py b/hatsploit/modules/exploit/linux/netwave/ipcamera_information_disclosure.py index 639281f9c..f0c72e96a 100755 --- a/hatsploit/modules/exploit/linux/netwave/ipcamera_information_disclosure.py +++ b/hatsploit/modules/exploit/linux/netwave/ipcamera_information_disclosure.py @@ -20,7 +20,7 @@ def __init__(self): 'spiritnull - vulnerability researcher', ], 'Description': "Netwave IP Camera information disclosure exploit.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/netwave/wpa_information_disclosure.py b/hatsploit/modules/exploit/linux/netwave/wpa_information_disclosure.py index 42f6494df..ebc926980 100755 --- a/hatsploit/modules/exploit/linux/netwave/wpa_information_disclosure.py +++ b/hatsploit/modules/exploit/linux/netwave/wpa_information_disclosure.py @@ -20,7 +20,7 @@ def __init__(self): 'spiritnull - vulnerability researcher', ], 'Description': "WPA information disclosure through Netwave IP Camera.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/nostromo/remote_code_execution.py b/hatsploit/modules/exploit/linux/nostromo/remote_code_execution.py index af789e1ee..60c905fd2 100755 --- a/hatsploit/modules/exploit/linux/nostromo/remote_code_execution.py +++ b/hatsploit/modules/exploit/linux/nostromo/remote_code_execution.py @@ -20,11 +20,11 @@ def __init__(self): 'sp0re (sp0re) - vulnerability researcher', ], 'Description': "Remote Code Execution in Nostromo Httpd.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", 'Payload': { 'Value': "unix/generic/netcat_reverse_tcp", - 'Platforms': ['linux', 'unix'], + 'Platforms': [OS_LINUX, OS_UNIX], } }) diff --git a/hatsploit/modules/exploit/linux/oracle/weblogic_console_rce.py b/hatsploit/modules/exploit/linux/oracle/weblogic_console_rce.py index 30b33fac3..f054dc301 100755 --- a/hatsploit/modules/exploit/linux/oracle/weblogic_console_rce.py +++ b/hatsploit/modules/exploit/linux/oracle/weblogic_console_rce.py @@ -19,11 +19,11 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Remote Code Execution in Oracle Weblogic <= 14.1.1.0.0.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", 'Payload': { 'Value': "unix/generic/netcat_reverse_tcp", - 'Platforms': ['linux', 'unix'], + 'Platforms': [OS_LINUX, OS_UNIX], } }) diff --git a/hatsploit/modules/exploit/linux/rompager/multi_password_disclosure.py b/hatsploit/modules/exploit/linux/rompager/multi_password_disclosure.py index b4a65563c..4063cfcc7 100755 --- a/hatsploit/modules/exploit/linux/rompager/multi_password_disclosure.py +++ b/hatsploit/modules/exploit/linux/rompager/multi_password_disclosure.py @@ -23,7 +23,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "RomPager multiple devices password disclosure.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/selea/anpr_authenticated_rce.py b/hatsploit/modules/exploit/linux/selea/anpr_authenticated_rce.py index b08a69ed6..aacaacc1c 100755 --- a/hatsploit/modules/exploit/linux/selea/anpr_authenticated_rce.py +++ b/hatsploit/modules/exploit/linux/selea/anpr_authenticated_rce.py @@ -20,12 +20,12 @@ def __init__(self): 'LiquidWorm (liquidworm) - vulnerability researcher', ], 'Description': "Selea ANPR Camera authenticated remote code execution.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", 'Payload': { 'Value': "unix/generic/netcat_reverse_tcp", - 'Arches': ['armle', 'generic'], - 'Platforms': ['linux', 'unix'], + 'Arches': [ARCH_ARMLE, ARCH_GENERIC], + 'Platforms': [OS_LINUX, OS_UNIX], } }) diff --git a/hatsploit/modules/exploit/linux/selea/anpr_password_disclosure.py b/hatsploit/modules/exploit/linux/selea/anpr_password_disclosure.py index 1e50136ac..cf3f28042 100755 --- a/hatsploit/modules/exploit/linux/selea/anpr_password_disclosure.py +++ b/hatsploit/modules/exploit/linux/selea/anpr_password_disclosure.py @@ -22,7 +22,7 @@ def __init__(self): 'LiquidWorm (liquidworm) - vulnerability researcher', ], 'Description': "Selea ANPR Camera password disclosure exploit.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/selea/anpr_path_traversal.py b/hatsploit/modules/exploit/linux/selea/anpr_path_traversal.py index fe836321d..e57ebc8c2 100755 --- a/hatsploit/modules/exploit/linux/selea/anpr_path_traversal.py +++ b/hatsploit/modules/exploit/linux/selea/anpr_path_traversal.py @@ -20,7 +20,7 @@ def __init__(self): 'LiquidWorm (liquidworm) - vulnerability researcher', ], 'Description': "Path Traversal in Selea ANPR Camera.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/siemens/multi_credentials_disclosure.py b/hatsploit/modules/exploit/linux/siemens/multi_credentials_disclosure.py index 9de7b07a0..325899788 100755 --- a/hatsploit/modules/exploit/linux/siemens/multi_credentials_disclosure.py +++ b/hatsploit/modules/exploit/linux/siemens/multi_credentials_disclosure.py @@ -19,7 +19,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Siemens multiple devices credentials disclosure.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/siemens/multi_path_traversal.py b/hatsploit/modules/exploit/linux/siemens/multi_path_traversal.py index 951b4b419..a6ebb617b 100755 --- a/hatsploit/modules/exploit/linux/siemens/multi_path_traversal.py +++ b/hatsploit/modules/exploit/linux/siemens/multi_path_traversal.py @@ -19,7 +19,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Path Traversal in Siemens multiple devices.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/skybridge/credentials_disclosure.py b/hatsploit/modules/exploit/linux/skybridge/credentials_disclosure.py index e321e2239..53976f51d 100644 --- a/hatsploit/modules/exploit/linux/skybridge/credentials_disclosure.py +++ b/hatsploit/modules/exploit/linux/skybridge/credentials_disclosure.py @@ -19,7 +19,7 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "SkyBridge MB-A100/110 firmware <= 4.2.0 credentials disclosure.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", }) diff --git a/hatsploit/modules/exploit/linux/ssh/libssh_code_execution.py b/hatsploit/modules/exploit/linux/ssh/libssh_code_execution.py index 4ccadeb1b..de9800324 100755 --- a/hatsploit/modules/exploit/linux/ssh/libssh_code_execution.py +++ b/hatsploit/modules/exploit/linux/ssh/libssh_code_execution.py @@ -25,11 +25,11 @@ def __init__(self): 'Peter Winter-Smith (peterwintersmith) - vulnerability researcher', ], 'Description': "SSH LibSSH unauthorized access Remote Code Execution.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "medium", 'Payload': { 'Value': "unix/generic/netcat_reverse_tcp", - 'Platforms': ['linux', 'unix'], + 'Platforms': [OS_LINUX, OS_UNIX], } }) diff --git a/hatsploit/modules/exploit/linux/ssh/raspbian_default_credentials.py b/hatsploit/modules/exploit/linux/ssh/raspbian_default_credentials.py index 48f8ef75c..b08715c1f 100755 --- a/hatsploit/modules/exploit/linux/ssh/raspbian_default_credentials.py +++ b/hatsploit/modules/exploit/linux/ssh/raspbian_default_credentials.py @@ -19,12 +19,12 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Bypass Raspberry PI SSH authorization using Raspbian default SSH password.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "medium", 'Payload': { 'Value': "unix/generic/bash_reverse_tcp", - 'Arches': ['armle', 'aarch64', 'generic'], - 'Platforms': ['linux', 'unix'], + 'Arches': [ARCH_ARMLE, ARCH_AARCH64, ARCH_GENERIC], + 'Platforms': [OS_LINUX, OS_UNIX], } }) diff --git a/hatsploit/modules/exploit/linux/wepresent/wipg1000_code_execution.py b/hatsploit/modules/exploit/linux/wepresent/wipg1000_code_execution.py index 2114f150b..af5a111e6 100755 --- a/hatsploit/modules/exploit/linux/wepresent/wipg1000_code_execution.py +++ b/hatsploit/modules/exploit/linux/wepresent/wipg1000_code_execution.py @@ -20,12 +20,12 @@ def __init__(self): 'Matthias Brun - vulnerability researcher', ], 'Description': "Remote Code Execution in WePresent WiPG-1000 <= 2.0.0.7.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", 'Payload': { 'Value': "unix/generic/netcat_reverse_tcp", - 'Arches': ['armle', 'aarch64', 'generic'], - 'Platforms': ['linux', 'unix'], + 'Arches': [ARCH_ARMLE, ARCH_AARCH64, ARCH_GENERIC], + 'Platforms': [OS_LINUX, OS_UNIX], } }) diff --git a/hatsploit/modules/exploit/linux/zte/f460_f660_rce.py b/hatsploit/modules/exploit/linux/zte/f460_f660_rce.py index d30a38008..c5b0be8ed 100755 --- a/hatsploit/modules/exploit/linux/zte/f460_f660_rce.py +++ b/hatsploit/modules/exploit/linux/zte/f460_f660_rce.py @@ -24,12 +24,12 @@ def __init__(self): 'Rapid7 - vulnerability researcher', ], 'Description': "Remote Code Execution in ZTE F460 and F660.", - 'Platform': "linux", + 'Platform': OS_LINUX, 'Rank': "high", 'Payload': { 'Value': "linux/mipsle/shell_reverse_tcp", - 'Arches': ['mipsle', 'mipsbe', 'generic'], - 'Platforms': ['linux', 'unix'], + 'Arches': [ARCH_MIPSLE, ARCH_MIPSBE, ARCH_GENERIC], + 'Platforms': [OS_LINUX, OS_UNIX], } }) diff --git a/hatsploit/modules/exploit/windows/handler/bitsadmin_reverse_http.py b/hatsploit/modules/exploit/windows/handler/bitsadmin_reverse_http.py index 528ac8bfb..e112c05e3 100755 --- a/hatsploit/modules/exploit/windows/handler/bitsadmin_reverse_http.py +++ b/hatsploit/modules/exploit/windows/handler/bitsadmin_reverse_http.py @@ -20,11 +20,11 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Windows bitsadmin.exe reverse HTTP handler.", - 'Platform': "windows", + 'Platform': OS_WINDOWS, 'Rank': "high", 'Payload': { 'Value': "windows/generic/powershell_reverse_tcp", - 'Platforms': ['windows'], + 'Platforms': [OS_WINDOWS], } }) diff --git a/hatsploit/modules/exploit/windows/handler/mshta_reverse_http.py b/hatsploit/modules/exploit/windows/handler/mshta_reverse_http.py index fa8fd481b..91580bdae 100755 --- a/hatsploit/modules/exploit/windows/handler/mshta_reverse_http.py +++ b/hatsploit/modules/exploit/windows/handler/mshta_reverse_http.py @@ -20,11 +20,11 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Windows mshta.exe reverse HTTP handler.", - 'Platform': "windows", + 'Platform': OS_WINDOWS, 'Rank': "high", 'Payload': { 'Value': "windows/generic/powershell_reverse_tcp", - 'Platforms': ['windows'], + 'Platforms': [OS_WINDOWS], } }) diff --git a/hatsploit/modules/exploit/windows/handler/regsvr32_reverse_http.py b/hatsploit/modules/exploit/windows/handler/regsvr32_reverse_http.py index a75208962..f1558f286 100755 --- a/hatsploit/modules/exploit/windows/handler/regsvr32_reverse_http.py +++ b/hatsploit/modules/exploit/windows/handler/regsvr32_reverse_http.py @@ -20,11 +20,11 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Windows regsvr32.exe reverse HTTP handler.", - 'Platform': "windows", + 'Platform': OS_WINDOWS, 'Rank': "high", 'Payload': { 'Value': "windows/generic/powershell_reverse_tcp", - 'Platforms': ['windows'], + 'Platforms': [OS_WINDOWS], } }) diff --git a/hatsploit/modules/exploit/windows/handler/wmic_reverse_http.py b/hatsploit/modules/exploit/windows/handler/wmic_reverse_http.py index 6ad6d8755..1a692d5a9 100755 --- a/hatsploit/modules/exploit/windows/handler/wmic_reverse_http.py +++ b/hatsploit/modules/exploit/windows/handler/wmic_reverse_http.py @@ -20,11 +20,11 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Windows wmic.exe reverse HTTP handler.", - 'Platform': "windows", + 'Platform': OS_WINDOWS, 'Rank': "high", 'Payload': { 'Value': "windows/generic/powershell_reverse_tcp", - 'Platforms': ['windows'], + 'Platforms': [OS_WINDOWS], } }) diff --git a/hatsploit/modules/post/apple_ios/shell/respring.py b/hatsploit/modules/post/apple_ios/shell/respring.py index 87e463720..253db2b4b 100755 --- a/hatsploit/modules/post/apple_ios/shell/respring.py +++ b/hatsploit/modules/post/apple_ios/shell/respring.py @@ -18,12 +18,12 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Restart iOS SpringBoard.app through shell.", - 'Platform': "apple_ios", + 'Platform': OS_IPHONE, 'Rank': "medium", }) self.session = SessionOption(None, "Session to run on.", True, - platforms=['apple_ios'], type='shell') + platforms=[OS_IPHONE], type='shell') def run(self): self.session.session.send_command("killall SpringBoard") diff --git a/hatsploit/modules/post/apple_ios/shell/safari_bookmarks.py b/hatsploit/modules/post/apple_ios/shell/safari_bookmarks.py index 76f6c3a9e..f8de3f58e 100755 --- a/hatsploit/modules/post/apple_ios/shell/safari_bookmarks.py +++ b/hatsploit/modules/post/apple_ios/shell/safari_bookmarks.py @@ -22,12 +22,12 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Get iOS Safari bookmarks database and parse it.", - 'Platform': "apple_ios", + 'Platform': OS_IPHONE, 'Rank': "medium", }) self.session = SessionOption(None, "Session to run on.", True, - platforms=['apple_ios'], type='shell') + platforms=[OS_IPHONE], type='shell') self.path = Option(Loot().specific_loot('Bookmarks.db'), "Path to save file.", True) def run(self): diff --git a/hatsploit/modules/post/apple_ios/shell/safari_history.py b/hatsploit/modules/post/apple_ios/shell/safari_history.py index 89a038c83..ce81ff3db 100755 --- a/hatsploit/modules/post/apple_ios/shell/safari_history.py +++ b/hatsploit/modules/post/apple_ios/shell/safari_history.py @@ -21,12 +21,12 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Get iOS Safari history database and parse it.", - 'Platform': "apple_ios", + 'Platform': OS_IPHONE, 'Rank': "medium", }) self.session = SessionOption(None, "Session to run on.", True, - platforms=['apple_ios'], type='shell') + platforms=[OS_IPHONE], type='shell') self.path = Option(Loot().specific_loot('History.db'), "Path to save file.", True) def run(self): diff --git a/hatsploit/modules/post/macos/shell/suspend.py b/hatsploit/modules/post/macos/shell/suspend.py index cf14d3af3..4bba4ccb6 100755 --- a/hatsploit/modules/post/macos/shell/suspend.py +++ b/hatsploit/modules/post/macos/shell/suspend.py @@ -18,12 +18,12 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Suspend macOS through shell.", - 'Platform': "macos", + 'Platform': OS_MACOS, 'Rank': "medium", }) self.session = SessionOption(None, "Session to run on.", True, - platforms=['macos'], type='shell') + platforms=[OS_MACOS], type='shell') def run(self): self.session.session.send_command( diff --git a/hatsploit/modules/post/unix/shell/getpasswd.py b/hatsploit/modules/post/unix/shell/getpasswd.py index b5b507bf8..e25dc040c 100755 --- a/hatsploit/modules/post/unix/shell/getpasswd.py +++ b/hatsploit/modules/post/unix/shell/getpasswd.py @@ -20,12 +20,12 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Get current session /etc/passwd file.", - 'Platform': "unix", + 'Platform': OS_UNIX, 'Rank': "medium", }) self.session = SessionOption(None, "Session to run on.", True, - platforms=['linux', 'unix', 'macos', 'apple_ios'], + platforms=[OS_UNIX], type='shell') self.path = Option(Loot().specific_loot('passwd'), "Path to save file.", True) diff --git a/hatsploit/modules/post/unix/shell/getpid.py b/hatsploit/modules/post/unix/shell/getpid.py index 1702d5217..4420b0121 100755 --- a/hatsploit/modules/post/unix/shell/getpid.py +++ b/hatsploit/modules/post/unix/shell/getpid.py @@ -18,12 +18,12 @@ def __init__(self): 'Ivan Nikolsky (enty8080) - module developer', ], 'Description': "Get current session process id.", - 'Platform': "unix", + 'Platform': OS_UNIX, 'Rank': "medium", }) self.session = SessionOption(None, "Session to run on.", True, - platforms=['linux', 'unix', 'macos', 'apple_ios'], + platforms=[OS_UNIX], type='shell') def run(self): From b64336f3983c9128ca4b280f93cbc45cdb5051b2 Mon Sep 17 00:00:00 2001 From: Ivan Nikolsky Date: Sat, 28 Oct 2023 17:06:54 +0100 Subject: [PATCH 05/10] Add files via upload --- hatsploit/core/base/console.py | 5 +---- hatsploit/core/base/io.py | 13 +------------ hatsploit/core/utils/ui/completer.py | 5 +---- 3 files changed, 3 insertions(+), 20 deletions(-) diff --git a/hatsploit/core/base/console.py b/hatsploit/core/base/console.py index af35c2bb3..c0ae78b51 100755 --- a/hatsploit/core/base/console.py +++ b/hatsploit/core/base/console.py @@ -22,10 +22,7 @@ SOFTWARE. """ -try: - import gnureadline as readline -except Exception: - import readline +import readline import os import sys diff --git a/hatsploit/core/base/io.py b/hatsploit/core/base/io.py index bf2394172..ed2df8735 100755 --- a/hatsploit/core/base/io.py +++ b/hatsploit/core/base/io.py @@ -31,14 +31,7 @@ from hatsploit.core.cli.fmt import FMT from hatsploit.lib.storage import LocalStorage -patch = False - -try: - import gnureadline as readline - -except Exception: - import readline - patch = True +import readline class IO(object): @@ -90,10 +83,6 @@ def input(self, message: str = '', start: str = '%remove%end', end: str = '%end' """ message = str(start) + str(message) + str(end) - - if patch: - message = self.color_script.libreadline(message) - line = self.color_script.parse(message) use_log = self.local_storage.get("log") diff --git a/hatsploit/core/utils/ui/completer.py b/hatsploit/core/utils/ui/completer.py index 2a56271bc..a864788d8 100755 --- a/hatsploit/core/utils/ui/completer.py +++ b/hatsploit/core/utils/ui/completer.py @@ -22,10 +22,7 @@ SOFTWARE. """ -try: - import gnureadline as readline -except Exception: - import readline +import readline from hatsploit.core.cli.fmt import FMT from hatsploit.lib.commands import Commands From 0e160953c944d94ce3188c7ed3fe1bfc9eaaeb86 Mon Sep 17 00:00:00 2001 From: Ivan Nikolsky Date: Sat, 28 Oct 2023 17:08:11 +0100 Subject: [PATCH 06/10] Add files via upload --- hatsploit/lib/handler/send.py | 131 +++++------------- hatsploit/lib/history.py | 5 +- hatsploit/lib/options.py | 16 +++ hatsploit/lib/payload/__init__.py | 32 ++++- .../payloads/linux/x64/shell_bind_tcp.py | 2 - 5 files changed, 82 insertions(+), 104 deletions(-) diff --git a/hatsploit/lib/handler/send.py b/hatsploit/lib/handler/send.py index e7fa5fb36..f29106472 100644 --- a/hatsploit/lib/handler/send.py +++ b/hatsploit/lib/handler/send.py @@ -23,6 +23,7 @@ """ import socket +import time from typing import Optional, Tuple, Union @@ -111,55 +112,35 @@ def handle_session(self, host: str, port: int, type: str = 'one_side', timeout: else: raise RuntimeWarning("Payload sent, but not session was opened.") - def send_implant(self, payload: Payload, implant: bytes, - client: socket.socket, send_length: bool = False) -> None: + def send_implant(self, payload: Payload, client: socket.socket) -> None: """ Send implant available in the payload with available phases. :param Payload payload: payload - :param bytes implant: implant that should be sent :param socket.socket client: primary socket pipe - :param bool send_length: send length of the implant to the phase :return None: None """ if not payload: raise RuntimeError("Payload was not found!") - if not hasattr(payload, 'phase'): - self.badges.print_process(f"Sending payload ({str(len(implant))} bytes)...") - - if send_length: - self.badges.print_process(f"Firstly sending payload length...") - client.send(len(implant).to_bytes( - 4, payload.details['Arch'].endian)) - - client.send(implant) - - return - - phase = payload.phase() - - if send_length: - client.send(len(phase).to_bytes( - 4, payload.details['Arch'].endian)) - - client.send(phase) - step = 1 while True: if not hasattr(payload, f'phase{step}'): break phase = getattr(payload, f'phase{step}')() - self.badges.print_process(f"Sending payload phase {str(step)} ({str(len(phase))} bytes)...") + self.badges.print_process(f"Sending payload phase #{str(step)} ({str(len(phase))} bytes)...") client.send(phase) + time.sleep(.5) step += 1 - self.badges.print_process(f"Sending payload ({str(len(implant))} bytes)...") + if hasattr(payload, 'implant'): + time.sleep(.5) - client.send(implant) + self.badges.print_process(f"Sending payload ({str(len(implant))} bytes)...") + client.send(implant) def shell_payload(self, payload: Payload, host: str, port: int, space: int = 2048, encoder: Optional[Encoder] = None, @@ -174,54 +155,33 @@ def shell_payload(self, payload: Payload, host: str, port: int, :return Tuple[Union[socket.socket, str], str]: final socket and host """ + sender = kwargs.get('sender', None) + arguments = payload.details.get('Arguments', '') + if not payload: raise RuntimeError("Payload was not found!") - sender = kwargs.get('sender', None) - if not sender: raise RuntimeError("Payload sender is not specified!") if not host and not port: raise RuntimeError("Host and port were not found for payload!") - if 'Arguments' in payload.details: - arguments = payload.details['Arguments'] - else: - arguments = '' - - platform = str(payload.details['Platform']) - arch = str(payload.details['Arch']) + platform = payload.details['Platform'] + arch = payload.details['Arch'] type = payload.details['Type'] main = self.payloads.run_payload(payload, encoder) - if len(main) >= space and type != 'one_side' and hasattr(payload, 'implant'): - implant = payload.implant() - - module = self.pawn.get_pawn( - module='/'.join([platform, arch, type]), - platform=platform, - arch=arch, - type=type - ) - - if module: - if type == 'bind_tcp': - module.set('port', payload.rport.value) - else: - module.set('host', payload.rhost.value) - module.set('port', payload.rport.value) + if len(main) >= space and hasattr(payload, 'phase'): + phase = payload.phase() - send_length = True - - if 'Length' in module.options: - if module.options['Length']['Required']: - module.set('length', len(implant)) - send_length = False - - phase = self.pawn.run_pawn(module) - phase = self.payloads.pack_payload(phase, platform, arch) + if phase: + phase = self.payloads.pack_payload( + payload=phase, + platform=platform, + arch=arch + ) self.badges.print_process(f"Sending payload phase ({str(len(phase))} bytes)...") self.post.post( @@ -231,17 +191,19 @@ def shell_payload(self, payload: Payload, host: str, port: int, *args, **kwargs ) + if type not in ['reverse_tcp', 'bind_tcp']: + type = 'reverse_tcp' + client, host = self.handle_session( host=host, port=port, type=type) - self.send_implant(payload, implant, client, send_length) - + self.send_implant(payload, client) return client, host phase = self.payloads.pack_payload( - main, - platform, - arch + payload=main, + platform=platform, + arch=arch ) self.badges.print_process(f"Sending payload ({str(len(phase))} bytes)...") @@ -269,49 +231,25 @@ def memory_payload(self, payload: Payload, host: str, port: int, :return Tuple[Union[socket.socket, str], str]: final socket and host """ + sender = kwargs.get('sender', None) + if not payload: raise RuntimeError("Payload was not found!") - sender = kwargs.get('sender', None) - if not sender: raise RuntimeError("Payload sender is not specified!") if not host and not port: raise RuntimeError("Host and port were not found for payload!") - platform = str(payload.details['Platform']) - arch = str(payload.details['Arch']) type = payload.details['Type'] main = self.payloads.run_payload(payload, encoder) - if len(main) >= space and type != 'one_side' and hasattr(payload, 'implant'): - implant = payload.implant() - - module = self.pawn.get_pawn( - module='/'.join([platform, arch, type]), - platform=platform, - arch=arch, - type=type - ) - - if module: - if type == 'bind_tcp': - module.set('port', payload.rport.value) - else: - module.set('host', payload.rhost.value) - module.set('port', payload.rport.value) - - send_length = True - - if 'Length' in module.options: - if module.options['Length']['Required']: - module.set('length', len(implant)) - send_length = False - - phase = self.pawn.run_pawn(module) + if len(main) >= space and hasattr(payload, 'phase'): + phase = payload.phase() + if phase: self.badges.print_process(f"Sending payload phase ({str(len(phase))} bytes)...") self.post_tools.post_payload( payload=phase, @@ -321,8 +259,7 @@ def memory_payload(self, payload: Payload, host: str, port: int, client, host = self.handle_session( host=host, port=port, type=type) - self.send_implant(payload, implant, client, send_length) - + self.send_implant(payload, client) return client, host self.badges.print_process(f"Sending payload ({str(len(main))} bytes)...") diff --git a/hatsploit/lib/history.py b/hatsploit/lib/history.py index ae78006b1..99cb5a30f 100755 --- a/hatsploit/lib/history.py +++ b/hatsploit/lib/history.py @@ -22,10 +22,7 @@ SOFTWARE. """ -try: - import gnureadline as readline -except Exception: - import readline +import readline from hatsploit.lib.config import Config from hatsploit.lib.storage import GlobalStorage diff --git a/hatsploit/lib/options.py b/hatsploit/lib/options.py index bb8db3dda..d1f20037d 100755 --- a/hatsploit/lib/options.py +++ b/hatsploit/lib/options.py @@ -69,6 +69,22 @@ def __init__(self, value: Any = None, description: Optional[str] = None, if value is not None: self.set(value) + def __eq__(self, option: Any) -> bool: + """ Check if option is equal to current one. + + :param Any option: can be option value or option + :return bool: True if equal else False + """ + + if isinstance(option, self.__class__): + if option.value == self.value: + return True + else: + if option == self.value: + return True + + return False + @staticmethod def check(name: str, checker: Callable[[str], bool], value: Optional[str] = None) -> None: """ Compare value type using checker. diff --git a/hatsploit/lib/payload/__init__.py b/hatsploit/lib/payload/__init__.py index 4710706da..0a70722fc 100644 --- a/hatsploit/lib/payload/__init__.py +++ b/hatsploit/lib/payload/__init__.py @@ -22,6 +22,9 @@ SOFTWARE. """ +from typing import Union +from pawn import Pawn + from hatsploit.lib.option import * from hatsploit.core.cli.badges import Badges @@ -29,7 +32,7 @@ from hatsploit.core.cli.tools import Tools -class Payload(Badges, Tables, Tools): +class Payload(Badges, Tables, Tools, Pawn): """ Subclass of hatsploit.lib module. This subclass of hatsploit.lib module is intended for providing @@ -55,6 +58,33 @@ def __init__(self) -> None: self.badchars = BytesOption(None, "Bad characters to omit.", False, True) + def phase(self) -> Union[bytes, None]: + """ First phase. + + :return bytes: bytes + """ + + type = self.details['Type'] + + if type not in ['reverse_tcp', 'bind_tcp']: + type = 'reverse_tcp' + + phase = self.auto_pawn( + platform=self.details['Platform'], + arch=self.details['Arch'], + type=type + ) + + if phase: + if type == 'reverse_tcp': + phase.set('host', self.rhost.value) + phase.set('port', self.rport.value) + + elif type == 'bind_tcp': + phase.set('port', self.rport.value) + + return self.run_pawn(phase) + def run(self) -> None: """ Run this payload. diff --git a/hatsploit/payloads/linux/x64/shell_bind_tcp.py b/hatsploit/payloads/linux/x64/shell_bind_tcp.py index 73379ef93..d760733b2 100755 --- a/hatsploit/payloads/linux/x64/shell_bind_tcp.py +++ b/hatsploit/payloads/linux/x64/shell_bind_tcp.py @@ -54,8 +54,6 @@ def implant(self): ) def run(self): - port = self.pack_port(self.rport.value) - return self.assemble( self.details['Arch'], f""" From b4e2c7cf46997f20f20737adb49bf3e131c2c74a Mon Sep 17 00:00:00 2001 From: Ivan Nikolsky Date: Sat, 28 Oct 2023 17:09:41 +0100 Subject: [PATCH 07/10] Add files via upload From 0e8e36f07f0313099f2a655337503f783e291c8c Mon Sep 17 00:00:00 2001 From: Ivan Nikolsky Date: Sat, 28 Oct 2023 22:57:43 +0100 Subject: [PATCH 08/10] Add files via upload --- hatsploit/__main__.py | 6 ++++++ hatsploit/commands/unset.py | 2 +- hatsploit/config/storage.json | 2 +- hatsploit/core/base/console.py | 5 +++-- 4 files changed, 11 insertions(+), 4 deletions(-) diff --git a/hatsploit/__main__.py b/hatsploit/__main__.py index 104da5773..e7c9d9e9e 100755 --- a/hatsploit/__main__.py +++ b/hatsploit/__main__.py @@ -271,6 +271,12 @@ def cli(self) -> None: scripts=[self.path_config['startup_path'], args.script], rpc=rpc ) + else: + self.launch( + shell=args.no_exit, + scripts=[args.script], + rpc=rpc + ) sys.exit(0) diff --git a/hatsploit/commands/unset.py b/hatsploit/commands/unset.py index 051e7bb53..cf44e6cff 100644 --- a/hatsploit/commands/unset.py +++ b/hatsploit/commands/unset.py @@ -19,7 +19,7 @@ def __init__(self): 'Authors': [ 'Ivan Nikolsky (enty8080) - command developer', ], - 'Description': "Unset an option / Set to nil.", + 'Description': "Unset an option / Set to None.", 'Usage': "unset