Descriptions #109
Descriptions #109
Conversation
Added some descriptions about the backdoor shell commands
hidtools/backdoor/P4wnP1.py
Outdated
| @@ -635,6 +635,9 @@ def do_GetClientProcs(self, line): | |||
| self.client_call_get_proc_list(waitForResult = True) | |||
|
|
|||
| def do_shell(self, line): | |||
| ''' | |||
| Start a shell inside the target computer | |||
There was a problem hiding this comment.
Spawns a "cmd.exe" process on the remote host and starts interaction. STDOUT and STDIN of the remote process are piped through the HID device (covert communication channel).
Appending powershell to the command, starts a powershell process instead. The Default is to use cmd.exe, as binding to STDOUT and STDIN of a PowerShell console host could fail (depending on the target's Windows Version). In case binding Fails, the OUTPUT doesn't get transmitted over the HID device. For this reason cmd.exe should be used in favor.
usage: shell <powershell>
hidtools/backdoor/P4wnP1.py
Outdated
| @@ -827,6 +830,12 @@ def do_GetKeyboardLanguage(self, line): | |||
| print self.duckencoder.getLanguage() | |||
|
|
|||
| def do_interact(self, line): | |||
| ''' | |||
| Interact with processes on the target | |||
There was a problem hiding this comment.
Interaction is only possible with processes vreated by P4wnP1 (using CreateProc or shell).
For other (interactive) processes STDIN/STDERR/STDOUT couldn't be accessed
There was a problem hiding this comment.
Interaction is only possible with processes vreated by P4wnP1
I am assuming this is not true for:
killproc
hidtools/backdoor/P4wnP1.py
Outdated
| ''' | ||
| Interact with processes on the target | ||
| Usage: Interact <process ID> | ||
|
|
There was a problem hiding this comment.
If the process id is omitted, a list of process IDs which allow interaction is shown.
Remark for future change:
I'm planning to change this in future, but I'm still unsure how:
- A list of all processes is shown, including the Images (like 'cmd.exe')
- A list of processes which allow interaction is shown, including Images + command line (like
cmd.exe -c "powershell -c get-date"
Additionally, I plan to implement a menu to choose a process ID interactively.
hidtools/backdoor/P4wnP1.py
Outdated
| @@ -851,11 +860,17 @@ def do_interact(self, line): | |||
| self.interactWithClientProcess(pid) | |||
|
|
|||
| def do_exit(self, line): | |||
| ''' | |||
| Exit the Backdoor payload to the pi's command-line | |||
| ''' | |||
There was a problem hiding this comment.
This is maybe a good place to Highlight the intended user behavior:
The Server is running in a screen session, which can be detached using CTRL+A followed by D, in order to get access to the command line. In case one wants to interact with the backdoor again sudo Screen -d -r could be used (happens on SSH Login automatically).
The problem is, that this behavior isn't part of the backdoor server itself, but caused by the surrounding payload script, which starts P4wnP1.py in a separate screen session.
hidtools/backdoor/P4wnP1.py
Outdated
| print "Exitting..." | ||
| # self.ll.stop() # should happen in global finally statement | ||
| sys.exit() | ||
|
|
||
| def do_state(self, line): | ||
| ''' | ||
| See details about the target computer |
There was a problem hiding this comment.
Shows state of the connection through HID device.
At least at the Moment, the code to fill the client Information (PowerShell Version, target OS) has been removed right now.
hidtools/backdoor/P4wnP1.py
Outdated
| @@ -866,6 +881,9 @@ def do_echotest(self, line): | |||
| self.client_call_echo(line) | |||
|
|
|||
| def do_SendDuckyScript(self, line): | |||
| ''' | |||
| Deploys a pre-compiled Ducky script saved in P4wnP1/duckyscrips/ | |||
There was a problem hiding this comment.
The DuckyScript mustn't be precompiled. In fact this Approach is more flexible, as language could be Chosen according to thee target on-demand, while a precompiled script would have the language hardcoded.
According the language, maybe SetkeyboardLanguage command should be mentioned here.
There was a problem hiding this comment.
I apologize. Bad wording on my part. I even knew it isn't pre-compiled.
hidtools/backdoor/P4wnP1.py
Outdated
| print FileSystem.cd(line) | ||
|
|
||
| def do_lpwd(self, line): | ||
| ''' | ||
| Print the name of the Pi's current directory |
There was a problem hiding this comment.
Pi's current Directory
should be replaced with 'P4wnP1's current working directory'
same for lcd and lls
hidtools/backdoor/P4wnP1.py
Outdated
| ''' | ||
| Upload a file from the Pi to the target | ||
| Usage: upload <Pi/directory.filetype> <target/directory.filetype> | ||
| ''' |
There was a problem hiding this comment.
First Parameter is mandatory, second one optional.
In case target filename is omitted, the source filename is used.
In case path is omitted, the current working directory is used (on both P4wnP1 and remote host)
hidtools/backdoor/P4wnP1.py
Outdated
| ''' | ||
| Download a file from the Pi to the target | ||
| Usage: download <target/directory.filetype> <Pi/directory.filetype> | ||
| ''' |
|
Thanks for this... I will take care of it when I get home in a couple hours |
|
No rush, I'm not able to work on the code the next days. |
Added mame's comments as well as made the formatting more pleasant. I am not sure what the correct usage for `CreateProcs` is. also someone please review and correct my `SetKeyboardLanguage`
|
Added some of mame's comments as well as made the formatting more pleasant. |
|
Sorry, I'vedone code changes to add in mouse support to P4wnP1 with |
|
Will update when I get home. |
|
I'm not sure were I could be helpful here. I'm currently only able to push changes in the Evening. |
|
oh ok. thanks anyways |
Mouse Update
| @@ -918,6 +1020,14 @@ def do_SendDuckyScript(self, line): | |||
| self.duckencoder.outhidDuckyScript(script) | |||
|
|
|||
| def do_SendMouseScript(self, line): | |||
There was a problem hiding this comment.
Am I correct to believe that keyboard language does not apply here?
Added some descriptions about the backdoor shell commands