From 1cef0b285c202748ef69d81569a02cc45e76881b Mon Sep 17 00:00:00 2001 From: trustedsec Date: Fri, 15 Mar 2013 19:01:12 +0000 Subject: [PATCH] Added a script for me to use --- README.txt | 2 +- config/set_config | 7 ++----- config/set_config.py | 9 ++++----- readme/CHANGES | 4 ++++ src/webattack/java_applet/unsigned.py | 11 +++++++++++ 5 files changed, 22 insertions(+), 11 deletions(-) create mode 100644 src/webattack/java_applet/unsigned.py diff --git a/README.txt b/README.txt index 6178b9b6c..6bad4d92b 100644 --- a/README.txt +++ b/README.txt @@ -8,4 +8,4 @@ DISCLAIMER: This is only for testing purposes and can only be used where strict Any modifications, changes, or alterations to this application is acceptable, however, any public releases utilizing this code must be approved by TrustedSec. Check the LICENSE file for more information. -The Social-Engineer Toolkit is an open-source penetration testing framework designed for Social-Engineering. SET has a number of custom attack vectors that allow you to make a believable attack in a fraction of the time. SET is a product of TrustedSec, LLC - An Information Security consulting firm located in Cleveland Ohio. +The Social-Engineer Toolkit is an open-source penetration testing framework designed for Social-Engineering. SET has a number of custom attack vectors that allow you to make a believable attack in a fraction of the time. SET is a product of TrustedSec, LLC - An Information Security consulting firm located in Cleveland, Ohio. diff --git a/config/set_config b/config/set_config index 4b29a214c..bf55a40f4 100644 --- a/config/set_config +++ b/config/set_config @@ -170,7 +170,7 @@ TERMINAL=SOLO ### Digital signature stealing method must have the pefile Python modules loaded ### from http://code.google.com/p/pefile/. Be sure to install this before turning ### this flag on!!! This flag gives much better AV detection -DIGITAL_SIGNATURE_STEAL=ON +DIGITAL_SIGNATURE_STEAL=OFF # ### These two options will turn the upx packer to on and automatically attempt ### to pack the executable which may evade anti-virus a little better. @@ -220,13 +220,10 @@ POWERSHELL_INJECT_PAYLOAD_X86=windows/meterpreter/reverse_tcp ### NOTE THAT POWERSHELL INJECTION MUST BE SET TO ON. POWERSHELL_MULTI_INJECTION=ON # -### THIS WILL CONFIGURE WHICH PORTS TO USE FOR POWERSHELL INJECTION -POWERSHELL_MULTI_PORTS=443,21,22,25 -# ### THIS WILL SPECIFY WHICH PORTS TO ITERATE THROUGH TO DO THE POWERSHELL INJECTION. NOTE IF YOU ARE USING SET ### PORT 80 IS USED BY THE WEB SERVER. THE REST OF PORTS SHOULD BE OPEN. CONSIDER IF YOU WANT TO USE PORT 80 TO ### PLACE THE LISTENER ON A DIFFERENT SERVER. -POWERSHELL_MULTI_PORTS=21,22,23,25,53,3389,443,8080 +POWERSHELL_MULTI_PORTS=22,53,443 # ### This will display the output of the powershell injection attack so you can see what is being placed on the ### system. diff --git a/config/set_config.py b/config/set_config.py index 2023f393e..1b13e1af6 100644 --- a/config/set_config.py +++ b/config/set_config.py @@ -9,10 +9,10 @@ # SET updated using the 'Update SET Configuration' menu item in # # the main menu. This file will be updated with the new settings. # # # -# set_config.py generated: 2013-03-14 10:18:10.495402 # +# set_config.py generated: 2013-03-15 11:13:36.564372 # # # ####################################################################### -CONFIG_DATE='2013-03-14 10:18:10.495402' +CONFIG_DATE='2013-03-15 11:13:36.564372' METASPLOIT_PATH="/opt/metasploit/apps/pro/msf3" METASPLOIT_DATABASE="postgresql" ENCOUNT=4 @@ -50,7 +50,7 @@ COMMAND_CENTER_INTERFACE="127.0.0.1" COMMAND_CENTER_PORT=44444 SET_INTERACTIVE_SHELL=True TERMINAL="SOLO" -DIGITAL_SIGNATURE_STEAL=True +DIGITAL_SIGNATURE_STEAL=False UPX_ENCODE=True UPX_PATH="/usr/bin/upx" AUTO_REDIRECT=True @@ -65,8 +65,7 @@ POWERSHELL_INJECTION=True POWERSHELL_INJECT_PAYLOAD_X64="windows/x64/meterpreter/reverse_tcp" POWERSHELL_INJECT_PAYLOAD_X86="windows/meterpreter/reverse_tcp" POWERSHELL_MULTI_INJECTION="True" -POWERSHELL_MULTI_PORTS="443,21,22,25" -POWERSHELL_MULTI_PORTS="21,22,23,25,53,3389,443,8080" +POWERSHELL_MULTI_PORTS="22,53,443" POWERSHELL_VERBOSE=False WEB_PROFILER=False DEPLOY_OSX_LINUX_PAYLOADS="False" diff --git a/readme/CHANGES b/readme/CHANGES index 34b3db0bb..dc63ed209 100644 --- a/readme/CHANGES +++ b/readme/CHANGES @@ -25,6 +25,10 @@ version 4.7 * rewrote the java jar file to handle multiple powershell alphanumeric shellcode points injected into applet. * added signed and unsigned jar files to the java applet attack vector * removed create_payload.py from saving files in src/html and instead in the proper folders src/program_junk +* fixed a payload duplication issue in create_payload.py, will now check to see if port is there +* removed a pefile check unless backdoored executable is in use +* turned digital signature stealing from a pefile to off in the set_config file +* converted all src/html/msf.exe to src/program_junk/ and fixed an issue where the applet would not load properly ~~~~~~~~~~~~~~~~ version 4.4.5 diff --git a/src/webattack/java_applet/unsigned.py b/src/webattack/java_applet/unsigned.py new file mode 100644 index 000000000..394887f19 --- /dev/null +++ b/src/webattack/java_applet/unsigned.py @@ -0,0 +1,11 @@ +#!/usr/bin/python +# +# simple jar file +# +import subprocess +import os +subprocess.Popen("rm Java_Update.jar", stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=True) +subprocess.Popen("rm Java.class", stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=True) +subprocess.Popen("javac Java.java", shell=True).wait() +subprocess.Popen("jar cvf Java_Update.jar Java.class", shell=True).wait() +print "[*] Jar file exported as Java_Update.jar"