Merge pull request #349 from mikecjudge/master

Updates to reflect recent changes with the Arduino IDE affecting Teensy based attacks

src/core/dictionaries.py

@@ -159,12 +159,12 @@ def teensy_config(choice):
     """ Receives the input given by the user from set.py """
 
     return {
-        '1': "powershell_down.pde",
-        '2': "wscript.pde",
-        '3': "powershell_reverse.pde",
-        '4': "beef.pde",
-        '5': "java_applet.pde",
-        '6': "gnome_wget.pde"
+        '1': "powershell_down.ino",
+        '2': "wscript.ino",
+        '3': "powershell_reverse.ino",
+        '4': "beef.ino",
+        '5': "java_applet.ino",
+        '6': "gnome_wget.ino"
     }.get(choice, "ERROR")
 
 

src/core/set.py

@@ -1016,23 +1016,23 @@ try:
                 # if we are doing the sd2teensy osx attack
                 if teensy_menu_choice == "9":
                     print_status(
-                        "Generating the SD2Teensy OSX pde file for you...")
+                        "Generating the SD2Teensy OSX ino file for you...")
                     if not os.path.isdir(setdir + "/reports/osx_sd2teensy"):
                         os.makedirs(setdir + "/reports/osx_sd2teensy")
-                    shutil.copyfile("src/teensy/osx_sd2teensy.pde",
-                                    "%s/reports/osx_sd2teensy/osx_sd2teensy.pde" % (setdir))
+                    shutil.copyfile("src/teensy/osx_sd2teensy.ino",
+                                    "%s/reports/osx_sd2teensy/osx_sd2teensy.ino" % (setdir))
                     print_status(
-                        "File has been exported to ~/.set/reports/osx_sd2teensy/osx_sd2teensy.pde")
+                        "File has been exported to ~/.set/reports/osx_sd2teensy/osx_sd2teensy.ino")
                     return_continue()
 
                 # if we are doing the X10 Arduino Sniffer
                 if teensy_menu_choice == "10":
                     print_status(
-                        "Generating the Arduino sniffer and libraries pde..")
+                        "Generating the Arduino sniffer and libraries ino..")
                     if not os.path.isdir(setdir + "/reports/arduino_sniffer"):
                         os.makedirs(setdir + "/reports/arduino_sniffer")
-                    shutil.copyfile("src/teensy/x10/x10_sniffer.pde",
-                                    setdir + "/reports/arduino_sniffer/x10_sniffer.pde")
+                    shutil.copyfile("src/teensy/x10/x10_sniffer.ino",
+                                    setdir + "/reports/arduino_sniffer/x10_sniffer.ino")
                     shutil.copyfile("src/teensy/x10/libraries.zip",
                                     setdir + "/reports/arduino_sniffer/libraries.zip")
                     print_status(
@@ -1042,13 +1042,13 @@ try:
                 # if we are doing the X10 Jammer
                 if teensy_menu_choice == "11":
                     print_status(
-                        "Generating the Arduino jammer pde and libraries...")
+                        "Generating the Arduino jammer ino and libraries...")
                     if not os.path.isdir(setdir + "/reports/arduino_jammer"):
                         os.makedirs(setdir + "/reports/arduino_jammer")
-                    shutil.copyfile("src/teensy/x10/x10_blackout.pde",
-                                    setdir + "/reports/arduino_jammer/x10_blackout.pde")
+                    shutil.copyfile("src/teensy/x10/x10_blackout.ino",
+                                    setdir + "/reports/arduino_jammer/x10_blackout.ino")
                     shutil.copyfile("src/teensy/x10/libraries.zip",
-                                    setdir + "/reports/arduino_hammer/libraries.zip")
+                                    setdir + "/reports/arduino_jammer/libraries.zip")
                     print_status(
                         "Arduino jammer files and libraries exported to ~/.set/reports/arduino_jammer")
                     return_continue()
@@ -1056,7 +1056,7 @@ try:
                 # powershell shellcode injection
                 if teensy_menu_choice == "12":
                     print_status(
-                        "Generating the Powershell - Shellcode injection pde..")
+                        "Generating the Powershell - Shellcode injection ino..")
                     debug_msg(
                         me, "importing 'src.teensy.powershell_shellcode'", 1)
                     import src.teensy.powershell_shellcode

src/core/setcore.py

@@ -677,42 +677,42 @@ def teensy_pde_generator(attack_method):
     # if we are doing the attack vector teensy beef
     if attack_method == "beef":
         # specify the filename
-        filename = open("src/teensy/beef.pde", "r")
-        filewrite = open(setdir + "/reports/beef.pde", "w")
+        filename = open("src/teensy/beef.ino", "r")
+        filewrite = open(setdir + "/reports/beef.ino", "w")
         teensy_string = (
-            "Successfully generated Teensy HID Beef Attack Vector under %s/reports/beef.pde" % (setdir))
+            "Successfully generated Teensy HID Beef Attack Vector under %s/reports/beef.ino" % (setdir))
 
     # if we are doing the attack vector teensy beef
     if attack_method == "powershell_down":
         # specify the filename
-        filename = open("src/teensy/powershell_down.pde", "r")
-        filewrite = open(setdir + "/reports/powershell_down.pde", "w")
+        filename = open("src/teensy/powershell_down.ino", "r")
+        filewrite = open(setdir + "/reports/powershell_down.ino", "w")
         teensy_string = (
-            "Successfully generated Teensy HID Attack Vector under %s/reports/powershell_down.pde" % (setdir))
+            "Successfully generated Teensy HID Attack Vector under %s/reports/powershell_down.ino" % (setdir))
 
     # if we are doing the attack vector teensy
     if attack_method == "powershell_reverse":
         # specify the filename
-        filename = open("src/teensy/powershell_reverse.pde", "r")
-        filewrite = open(setdir + "/reports/powershell_reverse.pde", "w")
+        filename = open("src/teensy/powershell_reverse.ino", "r")
+        filewrite = open(setdir + "/reports/powershell_reverse.ino", "w")
         teensy_string = (
-            "Successfully generated Teensy HID Attack Vector under %s/reports/powershell_reverse.pde" % (setdir))
+            "Successfully generated Teensy HID Attack Vector under %s/reports/powershell_reverse.ino" % (setdir))
 
     # if we are doing the attack vector teensy beef
     if attack_method == "java_applet":
         # specify the filename
-        filename = open("src/teensy/java_applet.pde", "r")
-        filewrite = open(setdir + "/reports/java_applet.pde", "w")
+        filename = open("src/teensy/java_applet.ino", "r")
+        filewrite = open(setdir + "/reports/java_applet.ino", "w")
         teensy_string = (
-            "Successfully generated Teensy HID Attack Vector under %s/reports/java_applet.pde" % (setdir))
+            "Successfully generated Teensy HID Attack Vector under %s/reports/java_applet.ino" % (setdir))
 
     # if we are doing the attack vector teensy
     if attack_method == "wscript":
         # specify the filename
-        filename = open("src/teensy/wscript.pde", "r")
-        filewrite = open(setdir + "/reports/wscript.pde", "w")
+        filename = open("src/teensy/wscript.ino", "r")
+        filewrite = open(setdir + "/reports/wscript.ino", "w")
         teensy_string = (
-            "Successfully generated Teensy HID Attack Vector under %s/reports/wscript.pde" % (setdir))
+            "Successfully generated Teensy HID Attack Vector under %s/reports/wscript.ino" % (setdir))
 
     # All the options share this code except binary2teensy
     if attack_method != "binary2teensy":
@@ -728,7 +728,7 @@ def teensy_pde_generator(attack_method):
         # specify the filename
         import src.teensy.binary2teensy
         teensy_string = (
-            "Successfully generated Teensy HID Attack Vector under %s/reports/binary2teensy.pde" % (setdir))
+            "Successfully generated Teensy HID Attack Vector under %s/reports/binary2teensy.ino" % (setdir))
 
     print_status(teensy_string)
 #
@@ -820,8 +820,8 @@ def show_banner(define_version, graphic):
     print(bcolors.BLUE + """
 [---]        The Social-Engineer Toolkit (""" + bcolors.YELLOW + """SET""" + bcolors.BLUE + """)         [---]
 [---]        Created by:""" + bcolors.RED + """ David Kennedy """ + bcolors.BLUE + """(""" + bcolors.YELLOW + """ReL1K""" + bcolors.BLUE + """)         [---]
-                       Version: """ + bcolors.RED + """%s""" % (define_version) + bcolors.BLUE + """                   
-                   Codename: '""" + bcolors.YELLOW + """Recharged""" + bcolors.ENDC + bcolors.BLUE + """'              
+                       Version: """ + bcolors.RED + """%s""" % (define_version) + bcolors.BLUE + """
+                   Codename: '""" + bcolors.YELLOW + """Recharged""" + bcolors.ENDC + bcolors.BLUE + """'
 [---]        Follow us on Twitter: """ + bcolors.PURPLE + """@TrustedSec""" + bcolors.BLUE + """         [---]
 [---]        Follow me on Twitter: """ + bcolors.PURPLE + """@HackingDave""" + bcolors.BLUE + """        [---]
 [---]       Homepage: """ + bcolors.YELLOW + """https://www.trustedsec.com""" + bcolors.BLUE + """       [---]
@@ -869,7 +869,7 @@ def show_banner(define_version, graphic):
 
         # If thread is still active
         if p.is_alive():
-            print(bcolors.RED + " Unable to check for new version of SET (is your network up?)\n" + bcolors.ENDC) 
+            print(bcolors.RED + " Unable to check for new version of SET (is your network up?)\n" + bcolors.ENDC)
             # terminate the process
             p.terminate()
             p.join()
@@ -1063,7 +1063,7 @@ def show_graphic():
            |`;=====' =''     ``=  `-'     `=====''|
            |______________________________________|
 	''')
-    
+
     if menu == 13:
         print(bcolors.RED + r"""
                       ..:::::::::..
@@ -1436,26 +1436,26 @@ def generate_powershell_alphanumeric_payload(payload, ipaddr, port, payload2):
 
         # if not "reverse_http" in payload or not "reverse_https" in payload:
         if not "http" in payload:
-            shellcode = shellcode_replace(ipaddr, port, shellcode).rstrip()
-            # sub in \x for 0x
-            shellcode = re.sub("\\\\x", "0x", shellcode)
-            shellcode = shellcode.replace("\\", "")
-            # base counter
-            counter = 0
-            # count every four characters then trigger floater and write out data
-            floater = ""
-            # ultimate string
-            newdata = ""
-            for line in shellcode:
-                floater = floater + line
-                counter = counter + 1
-                if counter == 4:
-                    newdata = newdata + floater + ","
-                    floater = ""
-                    counter = 0
+	     shellcode = shellcode_replace(ipaddr, port, shellcode).rstrip()
+        # sub in \x for 0x
+        shellcode = re.sub("\\\\x", "0x", shellcode)
+        shellcode = shellcode.replace("\\", "")
+        # base counter
+        counter = 0
+        # count every four characters then trigger floater and write out data
+        floater = ""
+        # ultimate string
+        newdata = ""
+        for line in shellcode:
+            floater = floater + line
+            counter = counter + 1
+            if counter == 4:
+                newdata = newdata + floater + ","
+                floater = ""
+                counter = 0
 
-            # heres our shellcode prepped and ready to go
-            shellcode = newdata[:-1]
+        # heres our shellcode prepped and ready to go
+        shellcode = newdata[:-1]
 
     except Exception as e:
         print_error("Something went wrong, printing error: " + str(e))

src/teensy/gnome_wget.ino

@@ -1,4 +1,4 @@
-/** gnome_wget.pde
+/** gnome_wget.ino
  * 
  * Author: Hugo Caron (y0ug)
  * Date: 2011/03/19

src/teensy/powershell_shellcode.py

@@ -41,18 +41,18 @@ with open(os.path.join(core.setdir + "x86.powershell")) as fileopen:
     # read in x amount of bytes
     data_read = int(50)
 
-    output_variable = "#define __PROG_TYPES_COMPAT__\n#define PROGMEM\n#include <avr/pgmspace.h>\n"
+    output_variable = "#define __PROG_TYPES_COMPAT__\n#include <avr/pgmspace.h>\n"
 
     counter = 0
     while True:
         reading_encoded = fileopen.read(data_read).rstrip()
         if not reading_encoded:
             break
-        output_variable += 'const char RevShell_{0}[] PROGMEM = {{"{1}"}};\n'.format(counter, reading_encoded)
+        output_variable += 'const char RevShell_{0}[] = {{"{1}"}};\n'.format(counter, reading_encoded)
         counter += 1
 
 rev_counter = 0
-output_variable += "const char * exploit[] PROGMEM = {\n"
+output_variable += "const char * exploit[] = {\n"
 
 while rev_counter != counter:
     output_variable += "RevShell_{0}".format(rev_counter)
@@ -150,10 +150,10 @@ Keyboard.set_key1(0);
 Keyboard.send_now();
 }
 """)
-print("[*] Payload has been extracted. Copying file to {0}".format(os.path.join(core.setdir + "reports/teensy.pde")))
+print("[*] Payload has been extracted. Copying file to {0}".format(os.path.join(core.setdir + "reports/teensy.ino")))
 if not os.path.isdir(os.path.join(core.setdir + "reports")):
     os.makedirs(os.path.join(core.setdir + "reports"))
-with open(os.path.join(core.setdir + "reports/teensy.pde"), "w") as filewrite:
+with open(os.path.join(core.setdir + "reports/teensy.ino"), "w") as filewrite:
     filewrite.write(teensy)
 choice = core.yesno_prompt("0", "Do you want to start a listener [yes/no] ")
 if choice == "YES":

src/teensy/sd2teensy.py

@@ -235,16 +235,16 @@ Keyboard.send_now();
 """.format(random_filename=random_filename, powershell_command=powershell_command, vbs=vbs, bat=bat))
 # delete temporary file
 subprocess.Popen("rm {0} 1> /dev/null 2>/dev/null".format(random_filename), shell=True).wait()
-print("[*] Binary to Teensy file exported as teensy.pde")
-# write the teensy.pde file out
-with open("teensy.pde", "w") as filewrite:
-    # write the teensy.pde file out
+print("[*] Binary to Teensy file exported as teensy.ino")
+# write the teensy.ino file out
+with open("teensy.ino", "w") as filewrite:
+    # write the teensy.ino file out
     filewrite.write(output_variable)
 print("""
 
 Instructions:
 
-Copy the converts.txt file to the sdcard on the Teensy device. Use the teensy.pde normally
+Copy the converts.txt file to the sdcard on the Teensy device. Use the teensy.ino normally
 and use the Arduino IDE to place the latest code in there. Notice that you need to change
 some code marked above based on the Teensy and the Teensy++ based on how you soldered the PIN's
 on.

src/teensy/teensy.py

@@ -84,7 +84,7 @@ with open(os.path.join(core.setdir + "teensy")) as fileopen:
 
 def writefile(filename, now):
     with open(os.path.join("src/teensy/" + filename)) as fileopen, \
-            open(os.path.join(core.setdir + "/reports/teensy_{0}.pde".format(now)), "w") as filewrite:
+            open(os.path.join(core.setdir + "/reports/teensy_{0}.ino".format(now)), "w") as filewrite:
 
         for line in fileopen:
             match = re.search("IPADDR", line)
@@ -100,37 +100,37 @@ def writefile(filename, now):
 
 # powershell downloader
 if choice == "1":
-    writefile("powershell_down.pde", now)
+    writefile("powershell_down.ino", now)
 
 # wscript downloader
 if choice == "2":
-    writefile("wscript.pde", now)
+    writefile("wscript.ino", now)
 
 # powershell reverse
 if choice == "3":
-    writefile("powershell_reverse.pde", now)
+    writefile("powershell_reverse.ino", now)
 
 # beef injector
 if choice == "4":
-    writefile("beef.pde", now)
+    writefile("beef.ino", now)
 
 # java applet downloader
 if choice == "5":
-    writefile("java_applet.pde", now)
+    writefile("java_applet.ino", now)
 
 # gnome wget downloader
 if choice == "6":
-    writefile("gnome_wget.pde", now)
+    writefile("gnome_wget.ino", now)
 
 if choice == "13":
-    writefile("peensy.pde", now)
+    writefile("peensy.ino", now)
     payload_counter = 0
 
 # save our stuff here
 print(core.bcolors.BLUE +
-      "\n[*] PDE file created. You can get it under '{0}'".format(os.path.join(core.setdir +
+      "\n[*] INO file created. You can get it under '{0}'".format(os.path.join(core.setdir +
                                                                                "reports" +
-                                                                               "teensy_{0}.pde".format(now))) +
+                                                                               "teensy_{0}.ino".format(now))) +
       core.bcolors.ENDC)
 print(core.bcolors.GREEN +
       '[*] Be sure to select "Tools", "Board", and "Teensy 2.0 (USB/KEYBOARD)" in Arduino' +
@@ -147,7 +147,7 @@ if payload_counter == 1:
     if not apache:
 
         subprocess.Popen("mkdir {0};"
-                         "cp {1} {2} 1> /dev/null 2> /dev/null".format(webclone_path + 
+                         "cp {1} {2} 1> /dev/null 2> /dev/null".format(webclone_path +
                                                                      metasploit_exec_path +
                                                                      os.path.join(webclone_path + "x.exe")),
                          shell=True).wait()

src/teensy/wscript.ino

@@ -3,7 +3,7 @@
 // Written by: Dave Kennedy (ReL1K) and Josh Kelley (WinFaNG)
 //
 // Special thanks to: Irongeek
-// Improved and adapted by Peter Österberg
+// Improved and adapted by Peter Österberg
 //
 // 2011-02-28 padzero@gmail.com
 // * Added "ALT code" print functions (ascii_*): Fixed payload execution on non-english keymap targets