Mirrors/social-engineer-toolkit
2
0
Fork 0
mirror of https://github.com/trustedsec/social-engineer-toolkit synced 2024-11-26 06:20:19 +00:00
Code Issues Projects Releases Packages Wiki Activity

Multiple bug fixes and additions for 5.4.2 release.

Browse source
This commit is contained in:
TrustedSec 2013-12-03 21:12:11 -05:00
parent 473e75ea4f
commit 87a235b3a5
9 changed files with 44 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
readme/CHANGES
View file

@ -1,3 +1,14 @@
~~~~~~~~~~~~~~~~
version 5.4.2
~~~~~~~~~~~~~~~~
* Fixed issue that would enable stage encoding even when turned off
* Removed duplication bug on enable stage encoding when generating Metasploit answer files
* Fixed a port duplication issue where it would automatically assign port 443 when specifying multipyinjector
* Removed reference to set-automate to seautomate
* Fixed the self signed certificate issue where it was looking for the old program_junk folder, rewrote it to include proper .set directory path structure (thanks bostonlink)
* Fixed dhcp3 to isc-dhcp-server conversion to the new format, make sure you install apt-get install isc-dhcp-server - it will warn you regardless
~~~~~~~~~~~~~~~~
version 5.4.1
~~~~~~~~~~~~~~~~

4
seautomate
View file

@ -28,7 +28,7 @@ try: import pexpect
# if pexpect fails
except ImportError:
print "\n[*] PEXPECT is required, please download and install before running this..."
print "[*] Exiting SET-AUTOMATE mode..."
print "[*] Exiting SEAUTOMATE mode..."
sys.exit()
# try to define filename through argument specified during command line mode
@ -41,7 +41,7 @@ except IndexError:
print "\nSimply create a file that has each option you want from menu mode."
print "For example your file should look something like this:"
print "\n2\n2\n2\nhttps://gmail.com\n2\n2\n443\netc.\n"
print "Usage: ./set-automate <filename>"
print "Usage: ./seautomate <filename>"
sys.exit()
# if the filename doesnt exist throw an error

2
setoolkit
View file

@ -85,7 +85,7 @@ update_config()
# chmod routine
if operating_system == "posix":
# change permissions if nix
subprocess.Popen("chmod +x set-automate;chmod +x set-update;chmod +x setup.py;chmod +x set-proxy;chmod +x src/payloads/ratte/ratteserver;chmod +x src/payloads/set_payloads/listener.py", stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
subprocess.Popen("chmod +x seautomate;chmod +x set-update;chmod +x setup.py;chmod +x set-proxy;chmod +x src/payloads/ratte/ratteserver;chmod +x src/payloads/set_payloads/listener.py", stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
dns = check_config("DNS_SERVER=")
if dns == "ON" or dns == "on": start_dns()

10
src/commandcenter/command_center.py
View file

@ -988,7 +988,7 @@ class myRequestHandler(BaseHTTPRequestHandler):
if sendmail == "off":
match14=re.search("password=", s)
if match14:
# did this to mask passwords on write using set-automate, but will still show up unfortnately when answering file
# did this to mask passwords on write using seautomate, but will still show up unfortnately when answering file
s=s.replace("password=","")
filewrite.write(s+" OMGPASSWORDHERE"+"\n"+"yes\n")
@ -1585,19 +1585,19 @@ class myRequestHandler(BaseHTTPRequestHandler):
match=re.search("TERMINAL=", line)
if match: terminal=line.replace("TERMINAL=","")
if terminal == "XTERM" or terminal == "xterm" or terminal == "":
proc = subprocess.Popen("xterm -geometry 90x30 -bg black -fg white -fn *-fixed-*-*-*-20-* -T 'The Social-Engineer Toolkit (SET)' -e 'python set-automate %s/answer.txt' &" % (setdir), shell=True)
proc = subprocess.Popen("xterm -geometry 90x30 -bg black -fg white -fn *-fixed-*-*-*-20-* -T 'The Social-Engineer Toolkit (SET)' -e 'python seautomate %s/answer.txt' &" % (setdir), shell=True)
if terminal == "KONSOLE" or terminal == "konsole":
proc = subprocess.Popen("konsole -T 'The Social-Engineer Toolkit (SET)' -e sh -c '%s/set-automate %s/answer.txt' &" % (definepath),setdir, shell=True)
proc = subprocess.Popen("konsole -T 'The Social-Engineer Toolkit (SET)' -e sh -c '%s/seautomate %s/answer.txt' &" % (definepath),setdir, shell=True)
if terminal == "GNOME" or terminal == "gnome":
proc = subprocess.Popen("gnome-terminal -t 'The Social-Engineer Toolkit (SET)' -x sh -c '%s/set-automate %s/answer.txt' &" % (setdir), shell=True)
proc = subprocess.Popen("gnome-terminal -t 'The Social-Engineer Toolkit (SET)' -x sh -c '%s/seautomate %s/answer.txt' &" % (setdir), shell=True)
# if they jacked up the config here
if terminal != "XTERM":
if terminal != "KONSOLE":
if terminal != "GNOME":
proc = subprocess.Popen("python set-automate %s/answer.txt" % (setdir), shell=True)
proc = subprocess.Popen("python seautomate %s/answer.txt" % (setdir), shell=True)
os.chdir("src/commandcenter")
except Exception:

6
src/core/payloadgen/create_payloads.py
View file

@ -450,6 +450,7 @@ try:
ipaddr = check_options("IPADDR=")
# break out if not needed
if choice9 == "6": break
shellcode_port = raw_input(setprompt(["4"], "Enter the port number [443]"))
if shellcode_port == "": shellcode_port = "443"
@ -457,7 +458,7 @@ try:
filewrite = file("%s/meta_config_multipyinjector" % (setdir), "a")
port_check = check_ports("%s/meta_config_multipyinjector" % (setdir), shellcode_port)
if port_check == False:
filewrite.write("use exploit/multi/handler\nset PAYLOAD %s\nset EnableStageEncoding %s\nset LHOST %s\nset LPORT %s\nset ExitOnSession false\nset EnableStageEncoding true\nexploit -j\n\n" % (choice9, stage_encoding,ipaddr, shellcode_port))
filewrite.write("use exploit/multi/handler\nset PAYLOAD %s\nset EnableStageEncoding %s\nset LHOST %s\nset LPORT %s\nset ExitOnSession false\nexploit -j\n\n" % (choice9, stage_encoding,ipaddr, shellcode_port))
filewrite.close()
if validate_ip(choice2) == False:
@ -470,8 +471,9 @@ try:
portnum = "LPORT=1"
# fix port num
if choice1 == "multipyinject":
if "multipyinject" in choice1:
portnum = shellcode_port
else: portnum = portnum.replace("LPORT=", "")
# meterpreter reverse_tcp

2
src/core/setcore.py
View file

@ -229,7 +229,7 @@ def print_error(message):
print bcolors.RED + bcolors.BOLD + "[!] " + bcolors.ENDC + bcolors.RED + str(message) + bcolors.ENDC
def get_version():
define_version = '5.4.1'
define_version = '5.4.2'
return define_version
class create_menu:

14
src/html/unsigned/self_sign.py
View file

@ -3,7 +3,7 @@
import subprocess
import os
import sys
from src.core import setcore
from src.core.setcore import *
#########################
# Simple signer for signing the java applet attack
@ -26,12 +26,12 @@ print """
Is this correct: yes
"""
setcore.print_error("*** WARNING ***")
setcore.print_error("IN ORDER FOR THIS TO WORK YOU MUST INSTALL sun-java6-jdk or openjdk-6-jdk, so apt-get install openjdk-6-jdk")
setcore.print_error("*** WARNING ***")
print_error("*** WARNING ***")
print_error("IN ORDER FOR THIS TO WORK YOU MUST INSTALL sun-java6-jdk or openjdk-6-jdk, so apt-get install openjdk-6-jdk")
print_error("*** WARNING ***")
# random string used to generate signature of java applet
random_string = setcore.generate_random_string(10, 30)
random_string = generate_random_string(10, 30)
# grab keystore to use later
subprocess.Popen("keytool -genkey -alias %s -keystore mykeystore -keypass mykeypass -storepass mystorepass" % (random_string), shell=True).wait()
@ -41,8 +41,8 @@ subprocess.Popen("jarsigner -keystore mykeystore -storepass mystorepass -keypass
# move it into our html directory
subprocess.Popen("cp Signed_Update.jar ../", shell=True).wait()
subprocess.Popen("mv Signed_Update.jar ../../program_junk/", shell=True)
subprocess.Popen("mv Signed_Update.jar " + setdir, shell=True)
# move back to original directory
os.chdir("../../../")
setcore.print_status("Java Applet is now signed and will be imported into the website")
print_status("Java Applet is now signed and will be imported into the website")

6
src/payloads/powershell/prep.py
View file

@ -11,6 +11,8 @@ stage_encoding = check_config("STAGE_ENCODING=").lower()
if stage_encoding == "off": stage_encoding = "false"
else: stage_encoding = "true"
# check to see if we are just generating powershell code
powershell_solo = check_options("POWERSHELL_SOLO")
@ -118,7 +120,7 @@ if multi_injection == "on":
filewrite.write("\nuse exploit/multi/handler\n")
if auto_migrate == "ON":
filewrite.write("set AutoRunScript post/windows/manage/smart_migrate\n")
filewrite.write("set PAYLOAD %s\nset LHOST %s\nset EnableStageEncoding true\nset LPORT %s\nset ExitOnSession false\nexploit -j\n\n" % (powershell_inject_x86, ipaddr, ports))
filewrite.write("set PAYLOAD %s\nset LHOST %s\nset EnableStageEncoding %s\nset LPORT %s\nset ExitOnSession false\nexploit -j\n\n" % (powershell_inject_x86, ipaddr, ports, stage_encoding))
filewrite.close()
# if we aren't using multi pyinjector
@ -134,7 +136,7 @@ if multi_injection == "on":
filewrite.write("\nuse exploit/multi/handler\n")
if auto_migrate == "ON":
filewrite.write("set AutoRunScript post/windows/manage/smart_migrate\n")
filewrite.write("set PAYLOAD %s\nset LHOST %s\nset EnableStageEncoding true\nset ExitOnSession false\nset LPORT %s\nexploit -j\n\n" % (powershell_inject_x86, ipaddr, ports))
filewrite.write("set PAYLOAD %s\nset LHOST %s\nset EnableStageEncoding %s\nset ExitOnSession false\nset LPORT %s\nexploit -j\n\n" % (powershell_inject_x86, ipaddr, ports, stage_encoding))
filewrite.close()
# here we do everything if pyinjection or multi pyinjection was specified

14
src/wireless/wifiattack.py
View file

@ -19,6 +19,10 @@ from config.set_config import ACCESS_POINT_SSID as access_point
from config.set_config import AP_CHANNEL as ap_channel
from config.set_config import DNSSPOOF_PATH as dnsspoof_path
if not os.path.isfile("/etc/init.d/isc-dhcp-server"):
print_warning("isc-dhcp-server does not appear to be installed.")
print_warning("apt-get install isc-dhcp-server to install it. Things may fail now.")
if not os.path.isfile(dnsspoof_path):
if os.path.isfile("/usr/sbin/dnsspoof"):
dnsspoof_path = "/usr/sbin/dnsspoof"
@ -30,14 +34,14 @@ if not os.path.isfile(airbase_path):
airbase_path = "src/wireless/airbase-ng"
print_info("using SET's local airbase-ng binary")
print_info("For this attack to work properly, we must edit the dhcp3-server file to include our wireless interface.")
print_info("""This will allow dhcp3 to properly assign IPs. (INTERFACES="at0")""")
print_info("For this attack to work properly, we must edit the isc-dhcp-server file to include our wireless interface.")
print_info("""This will allow isc-dhcp-server to properly assign IPs. (INTERFACES="at0")""")
print("")
print_status("SET will now launch nano to edit the file.")
print_status("Press ^X to exit nano and don't forget to save the updated file!")
print_warning("If you receive an empty file in nano, please check the path of your dhcp3-server file!")
print_warning("If you receive an empty file in nano, please check the path of your isc-dhcp-server file!")
return_continue()
subprocess.Popen("nano /etc/default/dhcp3-server", shell=True).wait()
subprocess.Popen("nano /etc/dhcp/dhcpd.conf", shell=True).wait()
# DHCP SERVER CONFIG HERE
dhcp_config1 = ("""
@ -142,7 +146,7 @@ if dhcptun==2:
# starts a dhcp server
print_status("Starting the DHCP server on a seperate child thread...")
child2 = pexpect.spawn("dhcpd3 -q -cf %s/dhcp.conf -pf /var/run/dhcp3-server/dhcpd.pid at0" % (setdir))
child2 = pexpect.spawn("service isc-dhcp-server start")
# starts ip_forwarding
print_status("Starting IP Forwarding...")