Skip to content

Commit

Permalink
Updated ReverseShell & BindShell objects to intelligentlly generate o…
Browse files Browse the repository at this point in the history 
…bfuscated code that works for the specific language of the payload
  • Loading branch information
@capnspacehook
capnspacehook committed Jul 24, 2018
2 parents fcd698b + 777b17c commit c30f24c
Show file tree
Hide file tree
Showing 5 changed files with 94 additions and 35 deletions.
52 changes: 46 additions & 6 deletions bin/shellpop
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,7 @@ AVAILABLE_SHELLS = [
"tcp", # protocol
BIND_PYTHON_TCP(), # code
system="linux",
lang="python",
arch="Independent",
use_handler=bind_tcp_pty_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -54,6 +55,7 @@ AVAILABLE_SHELLS = [
"udp",
BIND_PYTHON_UDP(),
system="linux",
lang="python",
arch="Independent",
use_handler=None,
use_http_stager=LINUX_STAGERS),
Expand All @@ -64,6 +66,7 @@ AVAILABLE_SHELLS = [
"tcp",
BIND_PERL_TCP(),
system="linux",
lang="perl",
arch="Independent",
use_handler=bind_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -74,6 +77,7 @@ AVAILABLE_SHELLS = [
"udp",
BIND_PERL_UDP(),
system="linux",
lang="perl",
arch="Independent",
use_handler=None,
use_http_stager=LINUX_STAGERS),
Expand All @@ -84,6 +88,7 @@ AVAILABLE_SHELLS = [
"tcp",
BIND_PHP_TCP(),
system="linux",
lang="php",
arch="Independent",
use_handler=bind_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -94,6 +99,7 @@ AVAILABLE_SHELLS = [
"udp",
BIND_PHP_UDP(),
system="linux",
lang="php",
arch="Independent",
use_handler=None,
use_http_stager=LINUX_STAGERS),
Expand All @@ -104,6 +110,7 @@ AVAILABLE_SHELLS = [
"tcp",
BIND_RUBY_TCP(),
system="linux",
lang="ruby",
arch="Independent",
use_handler=bind_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -114,6 +121,7 @@ AVAILABLE_SHELLS = [
"udp",
BIND_RUBY_UDP(),
system="linux",
lang="ruby",
arch="Independent",
use_handler=None,
use_http_stager=LINUX_STAGERS),
Expand All @@ -124,6 +132,7 @@ AVAILABLE_SHELLS = [
"tcp",
BIND_NETCAT_TCP(),
system="linux",
lang="bash",
arch="Independent",
use_handler=bind_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -134,6 +143,7 @@ AVAILABLE_SHELLS = [
"udp",
BIND_NETCAT_OPENBSD_UDP(),
system="linux",
lang="bash",
arch="Independent",
use_handler=None,
use_http_stager=LINUX_STAGERS),
Expand All @@ -144,6 +154,7 @@ AVAILABLE_SHELLS = [
"tcp",
BIND_NETCAT_TRADITIONAL_TCP(),
system="linux",
lang="bash",
arch="Independent",
use_handler=bind_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -154,6 +165,7 @@ AVAILABLE_SHELLS = [
"tcp",
BIND_AWK_TCP(),
system="linux",
lang="bash",
arch="Independent",
use_handler=bind_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -164,6 +176,7 @@ AVAILABLE_SHELLS = [
"udp",
BIND_SOCAT_UDP(),
system="linux",
lang="bash",
arch="Independent",
use_handler=None,
use_http_stager=LINUX_STAGERS),
Expand All @@ -174,6 +187,7 @@ AVAILABLE_SHELLS = [
"tcp",
BIND_POWERSHELL_TCP(),
system="windows",
lang="powershell",
arch="x86 / x64",
use_handler=bind_tcp_handler,
use_http_stager=[WINDOWS_STAGERS[0]]),
Expand All @@ -184,6 +198,7 @@ AVAILABLE_SHELLS = [
"tcp",
BIND_POWERSHELL_NISHANG_TCP(),
system="windows",
lang="powershell",
arch="x86 / x64",
use_handler=bind_tcp_handler,
use_http_stager=[(1, PurePowershell_HTTP_Stager)])
Expand All @@ -197,6 +212,7 @@ AVAILABLE_SHELLS = [
"tcp",
REV_PYTHON_TCP(),
system="linux",
lang="python",
arch="Independent",
use_handler=reverse_tcp_pty_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -207,6 +223,7 @@ AVAILABLE_SHELLS = [
"udp",
REV_PYTHON_UDP(),
system="linux",
lang="python",
arch="Independent",
use_handler=None,
use_http_stager=LINUX_STAGERS),
Expand All @@ -217,6 +234,7 @@ AVAILABLE_SHELLS = [
"tcp",
REV_PHP_TCP(),
system="linux",
lang="php",
arch="Independent",
use_handler=reverse_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -227,6 +245,7 @@ AVAILABLE_SHELLS = [
"tcp",
REV_RUBY_TCP(),
system="linux",
lang="ruby",
arch="Independent",
use_handler=reverse_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -237,6 +256,7 @@ AVAILABLE_SHELLS = [
"tcp",
REV_PERL_TCP(),
system="linux",
lang="perl",
arch="Independent",
use_handler=reverse_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -247,6 +267,7 @@ AVAILABLE_SHELLS = [
"tcp",
REV_PERL_TCP_2(),
system="linux",
lang="perl",
arch="Independent",
use_handler=reverse_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -257,6 +278,7 @@ AVAILABLE_SHELLS = [
"udp",
REV_PERL_UDP(),
system="linux",
lang="perl",
arch="Independent",
use_handler=None,
use_http_stager=LINUX_STAGERS),
Expand All @@ -267,6 +289,7 @@ AVAILABLE_SHELLS = [
"tcp",
BASH_TCP(),
system="linux",
lang="bash",
arch="Independent",
use_handler=reverse_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -277,6 +300,7 @@ AVAILABLE_SHELLS = [
"tcp",
REV_POWERSHELL_TCP(),
system="windows",
lang="powershell",
arch="x86 / x64",
use_handler=reverse_tcp_handler,
use_http_stager=[WINDOWS_STAGERS[0]]),
Expand All @@ -287,6 +311,7 @@ AVAILABLE_SHELLS = [
"tcp",
REVERSE_TCLSH(),
system="linux",
lang="bash",
arch="Independent",
use_handler=reverse_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -297,6 +322,7 @@ AVAILABLE_SHELLS = [
"tcp",
REVERSE_NCAT(),
system="linux",
lang="bash",
arch="Independent",
use_handler=reverse_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -307,6 +333,7 @@ AVAILABLE_SHELLS = [
"udp",
REVERSE_NC_UDP_1(),
system="linux",
lang="bash",
arch="Independent",
use_handler=None,
use_http_stager=LINUX_STAGERS),
Expand All @@ -317,6 +344,7 @@ AVAILABLE_SHELLS = [
"tcp",
REVERSE_NC_TRADITIONAL_1(),
system="linux",
lang="bash",
arch="Independent",
use_handler=reverse_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -327,6 +355,7 @@ AVAILABLE_SHELLS = [
"tcp",
REVERSE_MKFIFO_NC(),
system="linux",
lang="bash",
arch="Independent",
use_handler=reverse_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -337,6 +366,7 @@ AVAILABLE_SHELLS = [
"tcp",
REVERSE_MKNOD_NC(),
system="linux",
lang="bash",
arch="Independent",
use_handler=reverse_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -347,6 +377,7 @@ AVAILABLE_SHELLS = [
"tcp",
REVERSE_MKFIFO_TELNET(),
system="linux",
lang="bash",
arch="Independent",
use_handler=reverse_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -357,6 +388,7 @@ AVAILABLE_SHELLS = [
"tcp",
REVERSE_MKNOD_TELNET(),
system="linux",
lang="bash",
arch="Independent",
use_handler=reverse_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -367,6 +399,7 @@ AVAILABLE_SHELLS = [
"tcp",
REVERSE_SOCAT(),
system="linux",
lang="bash",
arch="Independent",
use_handler=reverse_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -377,6 +410,7 @@ AVAILABLE_SHELLS = [
"tcp",
REVERSE_AWK(),
system="linux",
lang="bash",
arch="Independent",
use_handler=reverse_tcp_handler,
use_http_stager=LINUX_STAGERS),
Expand All @@ -387,6 +421,7 @@ AVAILABLE_SHELLS = [
"udp",
REVERSE_AWK_UDP(),
system="linux",
lang="bash",
arch="Independent",
use_handler=None,
use_http_stager=LINUX_STAGERS),
Expand All @@ -397,6 +432,7 @@ AVAILABLE_SHELLS = [
"tcp",
REVERSE_WINDOWS_NCAT_TCP(),
system="windows",
lang="cmd",
arch="x86 / x64",
use_handler=reverse_tcp_handler,
use_http_stager=list(filter(lambda x: x[0] not in [3, 1], WINDOWS_STAGERS))),
Expand All @@ -407,6 +443,7 @@ AVAILABLE_SHELLS = [
"tcp",
REVERSE_WINDOWS_BLOODSEEKER_TCP(),
system="windows",
lang="powershell",
arch="x64",
use_handler=None,
use_http_stager=[(1, PurePowershell_HTTP_Stager)]), # This will only work with powershell.
Expand All @@ -417,6 +454,7 @@ AVAILABLE_SHELLS = [
"tcp",
REVERSE_POWERSHELL_TINY_TCP(),
system="windows",
lang="powershell",
arch="x86 / x64",
use_handler=reverse_tcp_handler,
use_http_stager=[WINDOWS_STAGERS[0]]),
Expand All @@ -427,6 +465,7 @@ AVAILABLE_SHELLS = [
"tcp",
REVERSE_POWERSHELL_NISHANG_TCP(),
system="windows",
lang="powershell",
arch="x86 / x64",
use_handler=reverse_tcp_handler,
use_http_stager=[(1, PurePowershell_HTTP_Stager)]),
Expand All @@ -437,6 +476,7 @@ AVAILABLE_SHELLS = [
"icmp",
REVERSE_POWERSHELL_ICMP(),
system="windows",
lang="powershell",
arch="x86 / x64",
use_handler=None,
use_http_stager=[(1, PurePowershell_HTTP_Stager)]),
Expand All @@ -447,6 +487,7 @@ AVAILABLE_SHELLS = [
"tcp",
REVERSE_WINDOWS_BAT2METERPRETER_TCP(),
system="windows",
lang="cmd",
arch="x86 / x64",
use_handler=None,
use_http_stager=list(filter(lambda x: x[0] not in [1, 3], WINDOWS_STAGERS))),
Expand All @@ -457,6 +498,7 @@ AVAILABLE_SHELLS = [
"tcp",
REVERSE_GROOVY_TCP(),
system="multi",
lang="grovvy",
arch="Independent",
use_handler=reverse_tcp_handler,
use_http_stager=list(filter(lambda x: x[0] not in [1], WINDOWS_STAGERS))),
Expand Down Expand Up @@ -531,7 +573,8 @@ def select_shell(args, shell_type, shell_index):
if shell == shell_index:
code = obj.code
name = obj.name
rev = ReverseShell(name, args, code)
lang = obj.lang
rev = ReverseShell(name, lang, args, code)
generated = rev.get()
obj.payload = generated
return obj
Expand All @@ -542,7 +585,8 @@ def select_shell(args, shell_type, shell_index):
if shell == shell_index:
code = obj.code
name = obj.name
bind = BindShell(name, args, code)
lang = obj.lang
bind = BindShell(name, lang, args, code)
generated = bind.get()
obj.payload = generated
return obj
Expand Down Expand Up @@ -670,10 +714,6 @@ def main():
if args.host in [str(x) for x in netifaces.interfaces()]:
args.host = str(netifaces.ifaddresses(args.host)[2][0]["addr"]) # translate iface name to ipv4

if args.ipfuscate:
args.host = ipfuscate(args.host, args.obfuscate_small)
args.port = obfuscate_port(args.port, args.obfuscate_small)

if args.xor is True:
args.xor = randint(0, 255)
else:
Expand Down
Loading

0 comments on commit c30f24c

Please sign in to comment.