Fixed a menu bug issue with mass mailer

readme/CHANGES

@@ -4,6 +4,7 @@ version 5.0.9
 
 * fixed a bug that would cause the X10 paths to go to the wrong folder ~/.setreports vs. ~/.set/reports
 * added a create reports directory upon entering the Powershell attack vectors
+* fixed an issue that would cause mass mailer to not exit properly when specifying option 99
 
 ~~~~~~~~~~~~~~~~
 version 5.0.8

src/core/set.py

@@ -790,12 +790,9 @@ try:
 
         # Main Menu choice 5: Mass Mailer Attack
         if main_menu_choice == '5':
-            sys.path.append("src/phishing/smtp/client")
             debug_msg(me, "importing 'src.phishing.smtp.client.smtp_web'", 1)
-            try:
-                reload(smtp_web)
-            except:
-                import smtp_web
+            try: reload(src.phishing.smtp.client.smtp_web)
+            except: import src.phishing.smtp.client.smtp_web
 
         # Main Menu choice 6: Teensy USB HID Attack Vector
         if main_menu_choice == '6':

src/phishing/smtp/client/smtp_web.py

@@ -137,104 +137,105 @@ if option1 == '2':
 # exit mass mailer menu
 if option1 == '99':
     print "Returning to main menu..."
-    sys.exit(1)
-print ("""\n  1. Use a %s Account for your email attack.\n  2. Use your own server or open relay\n""" % (email_provider))
-relay = raw_input(setprompt(["1"], ""))
 
-counter=0
-# Specify mail Option Here
-if relay == '1':
-    user = raw_input(setprompt(["1"], "Your %s email address" % (email_provider)))
-    from_address = raw_input(setprompt(["1"], "The FROM NAME the user will see"))
-    user1 = user
-    pwd = getpass.getpass("Email password: ")
+if option1 != "99":
+    print ("""\n  1. Use a %s Account for your email attack.\n  2. Use your own server or open relay\n""" % (email_provider))
+    relay = raw_input(setprompt(["1"], ""))
 
-# Specify Open-Relay Option Here
-if relay == '2':
-    user1 = raw_input(setprompt(["1"], "From address (ex: moo@example.com)"))
-    from_address = raw_input(setprompt(["1"], "The FROM NAME the user will see"))
-    if sendmail==0:
-        user = raw_input(setprompt(["1"], "Username for open-relay [blank]"))
-        pwd =  getpass.getpass("Password for open-relay [blank]: ")
+    counter=0
+    # Specify mail Option Here
+    if relay == '1':
+        user = raw_input(setprompt(["1"], "Your %s email address" % (email_provider)))
+        from_address = raw_input(setprompt(["1"], "The FROM NAME the user will see"))
+        user1 = user
+        pwd = getpass.getpass("Email password: ")
 
-    if sendmail==0:
-        smtp = raw_input(setprompt(["1"], "SMTP email server address (ex. smtp.youremailserveryouown.com)"))
-        port = raw_input(setprompt(["1"], "Port number for the SMTP server [25]"))
-        if port == "":
-            port = ("25")
+    # Specify Open-Relay Option Here    
+    if relay == '2':
+        user1 = raw_input(setprompt(["1"], "From address (ex: moo@example.com)"))
+        from_address = raw_input(setprompt(["1"], "The FROM NAME the user will see"))
+        if sendmail==0:
+            user = raw_input(setprompt(["1"], "Username for open-relay [blank]"))
+            pwd =  getpass.getpass("Password for open-relay [blank]: ")
 
-# specify if its a high priority or not
-highpri=yesno_prompt(["1"], "Flag this message/s as high priority? [yes|no]")
-if not "YES" in highpri:
-    prioflag1 = ""
-    prioflag2 = ""
-else:
-    prioflag1 = ' 1 (Highest)'
-    prioflag2 = ' High'
+        if sendmail==0:
+            smtp = raw_input(setprompt(["1"], "SMTP email server address (ex. smtp.youremailserveryouown.com)"))
+            port = raw_input(setprompt(["1"], "Port number for the SMTP server [25]"))
+            if port == "":
+                port = ("25")
 
-subject=raw_input(setprompt(["1"], "Email subject"))
-try:
-    html_flag=raw_input(setprompt(["1"], "Send the message as html or plain? 'h' or 'p' [p]"))
+    # specify if its a high priority or not
+    highpri=yesno_prompt(["1"], "Flag this message/s as high priority? [yes|no]")
+    if not "YES" in highpri:
+        prioflag1 = ""
+        prioflag2 = ""
+    else:
+        prioflag1 = ' 1 (Highest)'
+        prioflag2 = ' High'
 
-    # if we are specifying plain or defaulting to plain
-    if html_flag == "" or html_flag == "p":
-        message_flag="plain"
-    # if we are specifying html
-    if html_flag == "h":
-        message_flag="html"
-    # start the body off blank
-    body = ""
-    ## Here we start to check if we want to track users when they click
-    ## essentially if this flag is turned on, a quick search and replace
-    ## occurs via base64 encoding on the user name. that is then added
-    ## during the def mail function call and the username is posted as
-    ## part of the URL. When we check the users, they can be coorelated
-    ## back to the individual user when they click the link.
+    subject=raw_input(setprompt(["1"], "Email subject"))
+    try:
+        html_flag=raw_input(setprompt(["1"], "Send the message as html or plain? 'h' or 'p' [p]"))
 
-    # track email is pulled dynamically from the config as TRACK_EMAIL_ADDRESSES
-    if track_email.lower() == "on":
-        print "You have specified to track user email accounts when they are sent. In"
-        print "order for this to work, you will need to specify the URL within the body"
-        print "of the email and where you would like to inject the base64 encoded name."
-        print "\nWhen a user clicks on the link, the URL Will post back to SET and track"
-        print "each of the users clicks and who the user was. As an example, say my SET"
-        print "website is hosted at http://www.trustedsec.com/index.php and I want to track users."
-        print "I would type below " + bcolors.BOLD + "http://www.trustedsec.com/index.php?INSERTUSERHERE" + bcolors.ENDC + ". Note that in"
-        print "order for SET to work, you will need to specify index.php?INSERTUSERHERE. That is the"
-        print "keyword that SET uses in order to replace the base name with the URL."
-        print "\nInsert the FULL url and the " + bcolors.BOLD + "INSERTUSERHERE" + bcolors.ENDC + "on where you want to insert the base64 name.\n\nNOTE: You must have a index.php and a ? mark seperating the user. YOU MUST USE PHP!"
-        print "\nNote that the actual URL does NOT need to contain index.php but has to be named that for the php code in Apache to work."
-    print_warning("IMPORTANT: When finished, type END (all capital) then hit {return} on a new line.")
-    body=raw_input(setprompt(["1"], "Enter the body of the message, type END (capitals) when finished"))
+        # if we are specifying plain or defaulting to plain
+        if html_flag == "" or html_flag == "p":
+            message_flag="plain"
+        # if we are specifying html
+        if html_flag == "h":
+            message_flag="html"
+        # start the body off blank
+        body = ""
+        ## Here we start to check if we want to track users when they click
+        ## essentially if this flag is turned on, a quick search and replace
+        ## occurs via base64 encoding on the user name. that is then added
+        ## during the def mail function call and the username is posted as
+        ## part of the URL. When we check the users, they can be coorelated
+        ## back to the individual user when they click the link.
 
-    # loop through until they are finished with the body of the subject line
-    while body != 'exit':
-        try:
+        # track email is pulled dynamically from the config as TRACK_EMAIL_ADDRESSES
+        if track_email.lower() == "on":
+            print "You have specified to track user email accounts when they are sent. In"
+            print "order for this to work, you will need to specify the URL within the body"
+            print "of the email and where you would like to inject the base64 encoded name."
+            print "\nWhen a user clicks on the link, the URL Will post back to SET and track"
+            print "each of the users clicks and who the user was. As an example, say my SET"
+            print "website is hosted at http://www.trustedsec.com/index.php and I want to track users."
+            print "I would type below " + bcolors.BOLD + "http://www.trustedsec.com/index.php?INSERTUSERHERE" + bcolors.ENDC + ". Note that in"
+            print "order for SET to work, you will need to specify index.php?INSERTUSERHERE. That is the"
+            print "keyword that SET uses in order to replace the base name with the URL."
+            print "\nInsert the FULL url and the " + bcolors.BOLD + "INSERTUSERHERE" + bcolors.ENDC + "on where you want to insert the base64 name.\n\nNOTE: You must have a index.php and a ? mark seperating the user. YOU MUST USE PHP!"
+            print "\nNote that the actual URL does NOT need to contain index.php but has to be named that for the php code in Apache to work."
+        print_warning("IMPORTANT: When finished, type END (all capital) then hit {return} on a new line.")
+        body=raw_input(setprompt(["1"], "Enter the body of the message, type END (capitals) when finished"))
 
-            body+=("\n")
-            body_1 =raw_input("Next line of the body: ")
-            if body_1 == "END":
+        # loop through until they are finished with the body of the subject line
+        while body != 'exit':
+            try:
+    
+                body+=("\n")
+                body_1 =raw_input("Next line of the body: ")
+                if body_1 == "END":
+                    break
+                else:
+                    body_1 = body + body_1
+
+            # except KeyboardInterrupts (control-c) and pass through.
+            except KeyboardInterrupt:
                 break
-            else:
-                body_1 = body + body_1
 
-        # except KeyboardInterrupts (control-c) and pass through.
-        except KeyboardInterrupt:
-            break
-
-    # if we are tracking emails, this is some cleanup and detection to see if they entered .html instead or didn't specify insertuserhere
-    if track_email.lower() == "on":
-        # here we replace url with .php if they made a mistake
-        body = body.replace(".html", ".php")
-        if not "?INSERTUSERHERE" in body:
-            print_error("You have track email to on however did not specify ?INSERTUSERHERE.")
-            print_error("Tracking of users will not work and is disabled. Please re-read the instructions.")
-            pause = raw_input("Press {" + bcolors.BOLD + "return" + bcolors.ENDC + "} to continue.")
+        # if we are tracking emails, this is some cleanup and detection to see if they entered .html instead or didn't specify insertuserhere
+        if track_email.lower() == "on":
+            # here we replace url with .php if they made a mistake
+            body = body.replace(".html", ".php")
+            if not "?INSERTUSERHERE" in body:
+                print_error("You have track email to on however did not specify ?INSERTUSERHERE.")
+                print_error("Tracking of users will not work and is disabled. Please re-read the instructions.")
+                pause = raw_input("Press {" + bcolors.BOLD + "return" + bcolors.ENDC + "} to continue.")
 
 
-# except KeyboardInterrupts (control-c) and pass through.
-except KeyboardInterrupt:
-    pass
+    # except KeyboardInterrupts (control-c) and pass through.
+    except KeyboardInterrupt:
+        pass
 
 def mail(to, subject, prioflag1, prioflag2, text):
 
@@ -310,6 +311,7 @@ if option1 == '2':
         # simply print the statement
         print_status("Sent e-mail number: " + (str(email_num)) + " to address: " + to)
 
-# finish up here
-print_status("SET has finished sending the emails")
-return_continue()
+if option1 != "99":
+    # finish up here
+    print_status("SET has finished sending the emails")
+    return_continue()