Skip to content
This repository was archived by the owner on Jan 13, 2023. It is now read-only.

API

Jump to bottom
ohdae edited this page Apr 11, 2012 · 4 revisions

This API reference guide is broken down into separate sections for each category. The categories will have explain how to use each function, any default arguments and what the function does. Many of the API functions have built-in logging capabilities. When creating a script, the user is prompted if they want to enabled activity logging. If they do, any action that a module takes (copying files, accessing the user list, creating temporary directories, etc) will be saved to the Activity Log. You don’t need to do anything special when writing a module to enable the logging feature, it is built-in to each API function.

File Manipulation

write2file(filename, text)
Checks if filename exists, if it does text will be appended to the end. If filename does not exist, no action will be taken. Supply a full path name or the file will be created in the current processes directory.

content = “your public SSH key”

write2file(“/root/.ssh/authorized_keys”, content)

writenew(filename, text)
Creates filename and writes text to it’s contents. write2file is for inserting text into existing files while this function creates a new file.

file2file(readfile, writefile)
Verifies that both readfile and writefile exist before attempting to execute. Will read the contents of readfile and append to the writefile. writefile will be created if it does not all ready exist. Useful for adding a single file’s contents to another.

file2file(‘/etc/passwd’, ‘stealme’)

combinefiles(file, filelist)
Will read the contents of every item in filelist and add each individual file’s contents to file. Useful for moving temporary files contents into one larger file that groups similar information. If file exists, the contents of each item in filelist will be appended to the end, otherwise file will be created.

mylist = [‘ipaddr.txt’, ‘ports.txt’, ‘services.txt’]

combinefiles(‘NetworkInfo.txt’, mylist)

Temporary Directory Interaction

Many of Intersect’s modules make use of the Temp_Dir. This is a temporary directory that is created on the target system each time Intersect is executed. If the directory is not used when Intersect exits, it will be removed. The name is specified by the script_template and follows `/tmp/lift+$randomstring`. When files and information is gathered, the default is to save the files to this directory or a module specific sub-directory.

copy2temp(file, subdir="")
Copies file to the temp directory. You can specify a sub-directory by using the second argument. The sub-directory will be created if it doesn’t exist. If no sub-directory is specified, the file will be stored in the root of the temp directory.

copy2temp(‘/etc/passwd’, ‘passwords’)
Copy /etc/passwd to /tmp/lift+$randomstring/passwords/.
copy2temp(‘/etc/passwd’)
Copy /etc/passwd to /tmp/lift+$randomstring/

maketemp(subdir)
Creates a sub-directory within the temp directory. Useful if you just want to create a subdir but wait to use it until later or make a subdir that is specific to your module.

maketemp(“userfiles”)
Create /tmp/lift+$randomstring/userfiles

User and System

users() Parses the /etc/passwd file to get a list of user accounts defined as userlist = []

users()

for user in userlist:

    os.system(‘ls /home/%s’ % user)

Script Control

Shutdown() Checks for files in Temp_Dir. If no files exist, deletes directory.

signalHandler() Catch for Ctrl+C. Calls Shutdown() and exits script clean.

Misc.

whereis(cmd) Pure Python equivalent of the Linux whereis command. Gets the current users PATH and check each location for the existence of cmd. If the output returns None, the command was not found.

if whereis(‘nmap’) is not None:

    print “Nmap is installed!”

log_msg(message) Checks if the Intersect ActivityLog is enabled. If it is, then 

message
will be written to the log file. This is useful because module authors won’t need to write if check’s to write to ActivityLog. Simple specify your message and the action will be performed if it is possible.
log_msg("\n Reverse XOR Shell executed on target. ")

Note: log_msg(msg) can also be used with the 

logtime
variable. This variable is defined to output the current time in the format of: Month-Day-Year @ Hour:Minute
For example: 
log_msg("\n Task started at %s " % logtime)

Global Variables

      
      Variable or Function                     Assigned Task
      --------------------                    --------------
      list:     modList                       list of all included module names
      variable: Temp_Dir                      lift+$randomstring directory
      variable: Home_Dir                      os.environ['HOME']
      variable: User_Ip_Address               socket.gethostbyname(socket.gethostname())
      variable: distro                        os.uname()[1]
      variable: distro2                       platform.linux_distribution()[0]
      variable: PORT                          listen port defined using Create
      variable: RHOST                         remote host defined using Create (*your* IP address, not the targets)
      variable: RPORT                         remote port defined using Create (*your* listening port, not the targets)
      variable: PPORT                         proxy port defined using Create
      variable: PKEY                          private cipher key defined using Create
      variable: UTMP_FILEPATH                 "/var/run/utmp"
      variable: WTMP_FILEPATH                 "/var/run/wtmp"
      variable: LASTLOG_FILEPATH              "/var/log/lastlog"
      variable: Rand_Dir                      ''.join(random.choice(string.letters) for i in xrange(12))
      variable: logtime                       (str(now.month)+"-"+str(now.day)+"-"+str(now.year)+" @ "+str(now.hour)+":"+str(now.minute))
Clone this wiki locally