mirror of
https://github.com/trustedsec/social-engineer-toolkit
synced 2024-12-18 16:53:43 +00:00
1643 lines
65 KiB
Python
1643 lines
65 KiB
Python
#!/usr/bin/env python
|
|
import os
|
|
import subprocess
|
|
import time
|
|
import re
|
|
import string
|
|
import pexpect
|
|
import cgi
|
|
import urllib
|
|
|
|
# Command center for generating webserver
|
|
|
|
# import web modules
|
|
from BaseHTTPServer import HTTPServer
|
|
from BaseHTTPServer import BaseHTTPRequestHandler
|
|
|
|
from src.core.setcore import *
|
|
definepath=os.getcwd()
|
|
|
|
# grab port for command center
|
|
port=44444
|
|
fileopen=file("%s/config/set_config" % (definepath), "r")
|
|
for line in fileopen:
|
|
line=line.rstrip()
|
|
match=re.search("COMMAND_CENTER_PORT=",line)
|
|
if match:
|
|
port=line.replace("COMMAND_CENTER_PORT=","")
|
|
|
|
# define command center template
|
|
fileopen=file("src/commandcenter/command_center.html", "r")
|
|
|
|
# kill old process
|
|
def kill_process():
|
|
try:
|
|
# a.terminate only works on Python > 2.6
|
|
process.terminate()
|
|
except AttributeError:
|
|
# if it fails pull pid for subprocess thread then terminate it
|
|
process.kill( a.pid , signal.SIGTERM)
|
|
|
|
os.chdir("src/commandcenter/")
|
|
|
|
class myRequestHandler(BaseHTTPRequestHandler):
|
|
|
|
# Print custom HTTP Response
|
|
def printCustomHTTPResponse(self, respcode):
|
|
self.send_response(respcode)
|
|
self.send_header("Content-type", "text/html")
|
|
self.send_header("Server", "myRequestHandler")
|
|
self.end_headers()
|
|
|
|
# GET Request here
|
|
def do_GET(self):
|
|
|
|
webattack_email="off"
|
|
self_signed="off"
|
|
auto_detect="on"
|
|
ettercap="off"
|
|
sendmail="off"
|
|
|
|
fileopen=file("%s/config/set_config" % (definepath), "r")
|
|
for line in fileopen:
|
|
line=line.rstrip()
|
|
# check for webattack email
|
|
match1=re.search("WEBATTACK_EMAIL=ON", line)
|
|
if match1:
|
|
webattack_email="on"
|
|
|
|
# check for auto detect IP address
|
|
match2=re.search("AUTO_DETECT=OFF", line)
|
|
if match2:
|
|
auto_detect="off"
|
|
|
|
# self signed check
|
|
match3=re.search("SELF_SIGNED_APPLET=ON", line)
|
|
if match3:
|
|
self_signed="on"
|
|
|
|
match4=re.search("ETTERCAP=ON", line)
|
|
if match4:
|
|
ettercap="on"
|
|
|
|
match5=re.search("SENDMAIL=ON", line)
|
|
if match5:
|
|
sendmail="on"
|
|
|
|
match6=re.search("DSNIFF=ON", line)
|
|
if match6:
|
|
ettercap="on"
|
|
|
|
|
|
def post_load(filename):
|
|
fileopen=file("header","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
fileopen=file("%s" % (filename),"r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
fileopen=file("footer","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
|
|
# load files via read binary
|
|
def load_file(filename):
|
|
fileopen=file("files/%s" % (filename), "rb")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
|
|
# import proper style css files here
|
|
if self.path == "/files/style.css":
|
|
self.send_response(200)
|
|
self.send_header('Content_type', 'text/css')
|
|
self.end_headers()
|
|
cssopen=file("files/style.css","r")
|
|
for line in cssopen:
|
|
self.wfile.write(line)
|
|
|
|
# rest is importing javascript and images etc.
|
|
if self.path == "/files/ga.js":
|
|
load_file("ga.js")
|
|
|
|
if self.path == "/files/jquery.js":
|
|
load_file("jquery.js")
|
|
|
|
if self.path == "/files/external-tracking.js":
|
|
load_file("external-tracking.js")
|
|
|
|
if self.path == "/files/rss.png":
|
|
load_file("rss.png")
|
|
|
|
if self.path == "/files/setman.jpg":
|
|
load_file("setman.jpg")
|
|
|
|
if self.path == "/files/header.jpg":
|
|
load_file("header.jpg")
|
|
|
|
if self.path == "/files/date-icon.png":
|
|
load_file("date-icon.png")
|
|
|
|
if self.path == "/files/tweet.png":
|
|
load_file("tweet.png")
|
|
|
|
if self.path == "/files/logo.png":
|
|
load_file("logo.png")
|
|
|
|
if self.path == "/files/main.png":
|
|
load_file("main.png")
|
|
|
|
if self.path == "/files/spear-phish.png":
|
|
load_file("spear-phish.png")
|
|
|
|
if self.path == "/files/web-attack.png":
|
|
load_file("web-attack.png")
|
|
|
|
if self.path == "/files/infectious.png":
|
|
load_file("infectious.png")
|
|
|
|
if self.path == "/files/mass-mailer.png":
|
|
load_file("mass-mailer.png")
|
|
|
|
if self.path == "/files/teensy.png":
|
|
load_file("teensy.png")
|
|
|
|
if self.path == "/files/updates.png":
|
|
load_file("updates.png")
|
|
|
|
if self.path == "/files/wireless.png":
|
|
load_file("wireless.png")
|
|
|
|
# Site root: Main Menu
|
|
if self.path == "/":
|
|
self.printCustomHTTPResponse(200)
|
|
post_load("main.site")
|
|
|
|
# get request for web_attack
|
|
if self.path == "/web_attack":
|
|
self.printCustomHTTPResponse(200)
|
|
fileopen=file("header","r")
|
|
|
|
#auto_detect="on"
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
|
|
# this will dynamically import web_attack vector and check for flags to add additional options
|
|
fileopen=file("web_attack.site","r")
|
|
for line in fileopen:
|
|
match=re.search("<CHECKHERE>", line)
|
|
if match:
|
|
line=line.replace("<CHECKHERE>","")
|
|
|
|
if webattack_email == "on":
|
|
webattackemail=file("webattack_email.site","r")
|
|
for line in webattackemail:
|
|
self.wfile.write(line)
|
|
|
|
# if the auto_detect flag is set to off
|
|
if auto_detect == "off":
|
|
autodetect=file("auto_detect.site","r")
|
|
for line in autodetect:
|
|
self.wfile.write(line)
|
|
|
|
# if the self signed applet is turned to on
|
|
if self_signed == "on":
|
|
selfsigned=file("self_signed.site","r")
|
|
for line in selfsigned:
|
|
self.wfile.write(line)
|
|
|
|
# ettercap on or off
|
|
if ettercap == "on":
|
|
ettercapread=file("ettercap.site","r")
|
|
for line in ettercapread:
|
|
self.wfile.write(line)
|
|
|
|
self.wfile.write(line)
|
|
|
|
|
|
fileopen=file("footer","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
|
|
if self.path == "/results":
|
|
if os.path.isfile(setdir + "/cc_harvester_hit"):
|
|
|
|
# define file to extract URL of site
|
|
if os.path.isfile(setdir + "/full_query"):
|
|
post_site=file(setdir + "/post_site", "r")
|
|
for line in post_site:
|
|
line=line.rstrip()
|
|
print line
|
|
|
|
indexopen=file(setdir + "/site.template","r").readlines()
|
|
for line in indexopen:
|
|
line=line.rstrip()
|
|
self.wfile.write(line)
|
|
|
|
# load the social-engineering attacks
|
|
if self.path == "/social_engineering":
|
|
self.printCustomHTTPResponse(200)
|
|
fileopen=file("header","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
# this will dynamically import web_attack vector and check for flags to add additional options
|
|
fileopen=file("social_engineering.site","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
fileopen=file("footer","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
|
|
# load the fasttrack attacks
|
|
if self.path == "/fasttrack":
|
|
self.printCustomHTTPResponse(200)
|
|
fileopen=file("header","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
# this will dynamically import web_attack vector and check for flags to add additional options
|
|
fileopen=file("fasttrack.site","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
fileopen=file("footer","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
|
|
# phishing web menu here
|
|
if self.path == "/phish":
|
|
self.printCustomHTTPResponse(200)
|
|
fileopen=file("header","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
|
|
fileopen=file("%s/config/set_config" % (definepath), "r")
|
|
for line in fileopen:
|
|
match=re.search("AUTO_DETECT=OFF", line)
|
|
if match: auto_detect="off"
|
|
|
|
# this will dynamically import web_attack vector and check for flags to add additional options
|
|
fileopen=file("phish.site","r")
|
|
for line in fileopen:
|
|
match=re.search("<CHECKHERE>", line)
|
|
if match:
|
|
line=line.replace("<CHECKHERE>","")
|
|
# if the auto_detect flag is set to off
|
|
if auto_detect == "off":
|
|
autodetect=file("auto_detect.site","r")
|
|
for line in autodetect:
|
|
self.wfile.write(line)
|
|
self.wfile.write(line)
|
|
fileopen=file("footer","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
|
|
# infectious site here
|
|
if self.path == "/infectious":
|
|
self.printCustomHTTPResponse(200)
|
|
fileopen=file("header","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
fileopen=file("infect.site","r")
|
|
for line in fileopen:
|
|
match=re.search("<CHECKHERE>", line)
|
|
if match:
|
|
line=line.replace("<CHECKHERE>","")
|
|
# if the auto_detect flag is set to off
|
|
if auto_detect == "off":
|
|
autodetect=file("auto_detect.site","r")
|
|
for line in autodetect:
|
|
self.wfile.write(line)
|
|
self.wfile.write(line)
|
|
fileopen=file("footer","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
|
|
|
|
# mass mailer here
|
|
if self.path == "/mass_mailer":
|
|
self.printCustomHTTPResponse(200)
|
|
fileopen=file("header","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
|
|
# this will dynamically import mass_mailer and check for flags to add additional options
|
|
fileopen=file("mass_mailer.site","r")
|
|
for line in fileopen:
|
|
match=re.search("<CHECKHERE>", line)
|
|
if match:
|
|
line=line.replace("<CHECKHERE>","")
|
|
webattackemail=file("webattack_email.site","r")
|
|
for line in webattackemail:
|
|
self.wfile.write(line)
|
|
self.wfile.write(line)
|
|
|
|
fileopen=file("footer","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
|
|
|
|
# wifi menu
|
|
if self.path == "/wireless":
|
|
self.printCustomHTTPResponse(200)
|
|
fileopen=file("header","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
fileopen=file("wireless.site","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
fileopen=file("footer","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
|
|
|
|
# teensy menu
|
|
if self.path == "/teensy":
|
|
self.printCustomHTTPResponse(200)
|
|
fileopen=file("header","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
fileopen=file("teensy.site","r")
|
|
for line in fileopen:
|
|
match=re.search("<CHECKHERE>", line)
|
|
if match:
|
|
line=line.replace("<CHECKHERE>", "")
|
|
# if the auto_detect flag is set to off
|
|
if auto_detect == "off":
|
|
autodetect=file("auto_detect.site","r")
|
|
for line in autodetect:
|
|
self.wfile.write(line)
|
|
|
|
self.wfile.write(line)
|
|
fileopen=file("footer","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
|
|
|
|
# this is the updates menu
|
|
if self.path == "/updates":
|
|
self.printCustomHTTPResponse(200)
|
|
fileopen=file("header","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
fileopen=file("update.site","r")
|
|
for line in fileopen:
|
|
match=re.search("CONFIGEDITORHERE", line)
|
|
if match:
|
|
line=""
|
|
html_counter=0
|
|
def html_form(description,field,length):
|
|
html_char=(r'%s: <input type="text" name="html_param%s" value="%s" size="%s"/><br />' % (description,html_counter,field,length))
|
|
self.wfile.write(html_char)
|
|
|
|
# start a loop for the set_config
|
|
fileopen1=file("%s/config/set_config" % (definepath),"r")
|
|
for line1 in fileopen1:
|
|
# strip any garbage trailing characters
|
|
line1=line1.rstrip()
|
|
# grab anything without comments on it
|
|
if line1[0:1] != "#":
|
|
line1=line1.split("=")
|
|
try:
|
|
length=len(line1[1])-2
|
|
html_form(line1[0],line1[1],length)
|
|
html_counter=html_counter+1
|
|
except: pass
|
|
self.wfile.write(line)
|
|
fileopen=file("footer","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
|
|
|
|
# handle post requests
|
|
def do_POST(self):
|
|
|
|
webattack_email="off"
|
|
self_signed="off"
|
|
auto_detect="on"
|
|
ettercap="off"
|
|
sendmail="off"
|
|
|
|
fileopen=file("%s/config/set_config" % (definepath), "r")
|
|
for line in fileopen:
|
|
line=line.rstrip()
|
|
match=re.search("COMMAND_CENTER_PORT=",line)
|
|
if match: port=line.replace("COMMAND_CENTER_PORT=","")
|
|
|
|
# check for webattack email
|
|
match1=re.search("WEBATTACK_EMAIL=ON", line)
|
|
if match1: webattack_email="on"
|
|
|
|
# check for auto detect IP address
|
|
match2=re.search("AUTO_DETECT=OFF", line)
|
|
if match2: auto_detect="off"
|
|
|
|
# self signed check
|
|
match3=re.search("SELF_SIGNED_APPLET=ON", line)
|
|
if match3: self_signed="on"
|
|
|
|
match4=re.search("ETTERCAP=ON", line)
|
|
if match4: ettercap="on"
|
|
|
|
match5=re.search("SENDMAIL=ON", line)
|
|
if match5: sendmail="on"
|
|
|
|
# if dsniff is on
|
|
match6=re.search("DSNIFF=ON", line)
|
|
if match6: ettercap = "on"
|
|
|
|
|
|
def post_load(filename):
|
|
fileopen=file("header","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
fileopen=file("%s" % (filename),"r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
fileopen=file("footer","r")
|
|
for line in fileopen:
|
|
self.wfile.write(line)
|
|
|
|
content_length = string.atoi(self.headers.dict["content-length"])
|
|
raw_post_data = self.rfile.read(content_length)
|
|
self.send_response(200)
|
|
self.end_headers()
|
|
url = raw_post_data
|
|
url = urllib.unquote_plus(url)
|
|
url=url.split("&")
|
|
|
|
if self.path == "/updates_post":
|
|
counter=0
|
|
post_load("post.site")
|
|
url=url[0].split("=")
|
|
# update SET only
|
|
if url[1] == "1":
|
|
os.chdir(definepath)
|
|
subprocess.Popen("svn update", shell=True).wait()
|
|
os.chdir(definepath + "/src/commandcenter/")
|
|
# update metasploit
|
|
if url[1] == "2":
|
|
msf_path = meta_path()
|
|
os.chdir(msf_path)
|
|
subprocess.Popen("svn update", shell=True).wait()
|
|
os.chdir(definepath + "/src/commandcenter/")
|
|
# update all
|
|
if url[1] == "3":
|
|
os.chdir(definepath)
|
|
subprocess.Popen("svn update", shell=True).wait()
|
|
msf_path = meta_path()
|
|
os.chdir(msf_path)
|
|
subprocess.Popen("svn update", shell=True).wait()
|
|
os.chdir(definepath + "/src/commandcenter/")
|
|
|
|
# update config menu method POST handler
|
|
if self.path == "/update_config_post":
|
|
post_load("post.site")
|
|
# open up set_config
|
|
fileopen=file("%s/config/set_config" % (definepath),"r")
|
|
# open up the file for writing
|
|
filewrite=file("%s/config/set_config.tmp" % (definepath),"w")
|
|
# set the initial loop counter
|
|
post_counter=0
|
|
# set the second loop counter
|
|
post_counter1=0
|
|
counter=0
|
|
# start loop of set_config
|
|
for line in fileopen:
|
|
# strip out any weird chars
|
|
line=line.rstrip()
|
|
# if the line doesn't have a # it means its a valid option in the config
|
|
if line[0:1] != "#":
|
|
# loop through our post parameters
|
|
for s in url:
|
|
# strip any bad chars
|
|
s=s.rstrip()
|
|
# split with the equal sign, this is because post paramater will look something like param9=OPTION
|
|
s=s.split("=")
|
|
# take the second value which is the one we want
|
|
s=s[1]
|
|
# if our counter is equal to our second counter then reset counter and break loop
|
|
# this was needed so that the params and the file matched up properly
|
|
if post_counter1 == post_counter:
|
|
post_counter1=0
|
|
# break out of the loop once the counters match up which means our config file
|
|
# matches up
|
|
break
|
|
|
|
# tick up the counter
|
|
post_counter1=post_counter1+1
|
|
# split the line by equal sign
|
|
line=line.split("=")
|
|
# our line equals line[0] (our definition of option) plus an equal sign plus our value stored in s
|
|
line=line[0]+"="+s
|
|
# tick our counter up more
|
|
post_counter=post_counter+1
|
|
# write the file
|
|
filewrite.write(line+"\n")
|
|
subprocess.Popen("mv %s/config/set_config.tmp %s/config/set_config 1> /dev/null 2> /dev/null" % (definepath,definepath), shell=True).wait()
|
|
|
|
# wireless method POST handler
|
|
# teensy method POST handler
|
|
if self.path == "/wireless_post":
|
|
counter=1
|
|
post_load("post.site")
|
|
filewrite=file("%s/answer.txt" % (setdir), "w")
|
|
for s in url:
|
|
match1=re.search("wireless=", s)
|
|
if match1:
|
|
s=s.replace("wireless=", "")
|
|
# if we want to kill everything in wifi mode
|
|
if s == "2":
|
|
filewrite.write("1\n8\n2\n\n3\n13\n")
|
|
|
|
match2=re.search("wifi_interface", s)
|
|
if match2:
|
|
s=s.replace("wifi_interface=", "")
|
|
if s != "":
|
|
filewrite.write("1\n8\n1\n%s\n\n3\n13\n" % (s))
|
|
filewrite.close()
|
|
|
|
# teensy method POST handler
|
|
if self.path == "/teensy_post":
|
|
counter=1
|
|
post_load("post.site")
|
|
filewrite=file(setdir + "/answer.txt", "w")
|
|
for s in url:
|
|
match1=re.search("attack=", s)
|
|
if match1:
|
|
s=s.replace("attack=", "")
|
|
filewrite.write("1\n6\n"+s+"\n"+"yes\n")
|
|
if auto_detect == "off":
|
|
for s in url:
|
|
match=re.search("externalip=", s)
|
|
if match:
|
|
s=s.replace("externalip=", "")
|
|
filewrite.write(s+"\n")
|
|
match2=re.search("reversehandler=", s)
|
|
if match2:
|
|
s=s.replace("reversehandler=", "")
|
|
filewrite.write(s+"\n")
|
|
match2=re.search("payload_selection=", s)
|
|
if match2:
|
|
s=s.replace("payload_selection=", "")
|
|
if s == "" or s == "2":
|
|
for s in url:
|
|
match_selection=re.search("payload_selection_filename=", s)
|
|
if match_selection:
|
|
s=s.replace("payload_selection_filename=","")
|
|
if s == "":
|
|
filewrite.write("2\n")
|
|
else:
|
|
filewrite.write("13\n"+s+"\n")
|
|
|
|
else:
|
|
filewrite.write(s+"\n")
|
|
|
|
match3=re.search("encoding=", s)
|
|
if match3:
|
|
s=s.replace("encoding=", "")
|
|
if s == "":
|
|
filewrite.write("16\n")
|
|
else:
|
|
filewrite.write(s+"\n")
|
|
|
|
match4=re.search("port=", s)
|
|
if match4:
|
|
s=s.replace("port=", "")
|
|
if s == "":
|
|
filewrite.write("443\n")
|
|
else:
|
|
filewrite.write(s+"\n")
|
|
filewrite.close()
|
|
|
|
# infectious method POST handler
|
|
if self.path == "/infect_post":
|
|
post_load("post.site")
|
|
port_hit=0
|
|
dll_hijacking=0
|
|
counter=0
|
|
filewrite=file(setdir + "/answer.txt", "w")
|
|
for s in url:
|
|
# if we are performing file format exploits
|
|
if s == "attack=1":
|
|
filewrite.write("1\n3\n1\n")
|
|
|
|
# if we are using standard executable
|
|
if s == "attack=2":
|
|
filewrite.write("1\n3\n1\n")
|
|
|
|
match1=re.search("externalip=", s)
|
|
if match1:
|
|
s=s.replace("externalip=", "")
|
|
filewrite.write(s+"\n")
|
|
|
|
match1=re.search("phish_attack=", s)
|
|
if match1:
|
|
s=s.replace("phish_attack=", "")
|
|
filewrite.write(s+"\n")
|
|
if s == "1": dll_hijacking=1
|
|
|
|
# payload selection here
|
|
if s == "payload_selection=":
|
|
s=s.replace("payload_selection=", "")
|
|
if s == "" or s == "2":
|
|
for s in url:
|
|
match_selection=re.search("payload_selection_filename=", s)
|
|
if match_selection:
|
|
s=s.replace("payload_selection_filename=","")
|
|
if s == "":
|
|
filewrite.write("2\n")
|
|
else:
|
|
filewrite.write("13\n"+s+"\n")
|
|
s="completed"
|
|
|
|
# encoding options here
|
|
if dll_hijacking == 1:
|
|
if s == "encoding=":
|
|
filewrite.write("16\n")
|
|
s="completed"
|
|
|
|
if dll_hijacking == 1:
|
|
match3=re.search("encoding=", s)
|
|
if match3:
|
|
s=s.replace("encoding=", "")
|
|
filewrite.write(s+"\n")
|
|
|
|
# port number for listener
|
|
if s == "port=443":
|
|
filewrite.write("443\n")
|
|
s="completed"
|
|
|
|
match4=re.search("port=", s)
|
|
if match4:
|
|
s=s.replace("port=", "")
|
|
if s == "":
|
|
s="443"
|
|
filewrite.write(s+"\n")
|
|
port_hit=1
|
|
|
|
# if we are using the dll hijacking
|
|
if dll_hijacking == 1:
|
|
if s == "dll_hijack=":
|
|
s=s.replace("dll_hijack=", "")
|
|
if s == "":
|
|
filewrite.write("1\n\n")
|
|
else:
|
|
filewrite.write(s+"\n\n")
|
|
|
|
filewrite.write("\n")
|
|
|
|
|
|
filewrite.write("yes\n")
|
|
filewrite.close()
|
|
|
|
# mass mailer POST handler
|
|
if self.path == "/mass_mailer_post":
|
|
post_load("post.site")
|
|
counter=1
|
|
filewrite=file(setdir + "/answer.txt", "w")
|
|
relay="off"
|
|
# if sendmail is on
|
|
if sendmail == "on":
|
|
filewrite.write("yes\n")
|
|
for s in url:
|
|
match1=re.search("webattack_email=",s)
|
|
if match1:
|
|
s=s.replace("webattack_email=","")
|
|
if s == "1":
|
|
filewrite.write("1\n5\n1\n")
|
|
if s == "2":
|
|
for s in url:
|
|
match2=re.search("massmailer_file=", s)
|
|
if match2:
|
|
s=s.replace("massmailer_file=","")
|
|
filewrite.write("1\n5\n2\n"+s+"\n")
|
|
|
|
match3=re.search("emailto=", s)
|
|
if match3:
|
|
s=s.replace("emailto=","")
|
|
filewrite.write(s+"\n")
|
|
match4=re.search("webattack_account=", s)
|
|
if match4:
|
|
s=s.replace("webattack_account=","")
|
|
filewrite.write(s+"\n")
|
|
if s == "2":
|
|
relay="on"
|
|
|
|
# if mail relay is turned on
|
|
if relay == "on":
|
|
match5=re.search("emailfrom_relay=",s)
|
|
if match5:
|
|
s=s.replace("emailfrom_relay=","")
|
|
filewrite.write(s+"\n")
|
|
match6=re.search("username_relay=",s)
|
|
if match6:
|
|
s=s.replace("username_relay=","")
|
|
filewrite.write(s+"\n")
|
|
match7=re.search("password_relay=", s)
|
|
if match7:
|
|
s=s.replace("password_relay=", "")
|
|
filewrite.write(s+"\n")
|
|
filewrite.write("yes\n")
|
|
match8=re.search("smtp_relay=",s)
|
|
if match8:
|
|
s=s.replace("smtp_relay=","")
|
|
filewrite.write(s+"\n")
|
|
|
|
match9=re.search("smtp_port_relay=",s)
|
|
if match9:
|
|
s=s.replace("smtp_port_relay=","")
|
|
filewrite.write(s+"\n")
|
|
filewrite.write("yes\n")
|
|
|
|
# if we are using GMAIL
|
|
if relay == "off":
|
|
match1=re.search("emailfrom=",s)
|
|
if match1:
|
|
s=s.replace("emailfrom=","")
|
|
filewrite.write(s+"\n")
|
|
match2=re.search("password=",s)
|
|
if match2:
|
|
s=s.replace("password=","")
|
|
filewrite.write(s+" OMGPASSWORDHERE\n")
|
|
# send high priority by default
|
|
filewrite.write("yes\n")
|
|
|
|
match10=re.search("subject=",s)
|
|
if match10:
|
|
s=s.replace("subject=","")
|
|
filewrite.write(s+"\n")
|
|
|
|
match11=re.search("webattack_message=",s)
|
|
if match11:
|
|
s=s.replace("webattack_message=","")
|
|
if s == "": s = "1"
|
|
filewrite.write(s+"\n")
|
|
|
|
match12=re.search("comments=",s)
|
|
if match12:
|
|
s=s.replace("comments=","")
|
|
filewrite.write(s+"\n")
|
|
filewrite.write("CONTROL-C-HERE\n\n")
|
|
|
|
filewrite.close()
|
|
|
|
# spear phishing method POST handler
|
|
if self.path == "/phish_post":
|
|
post_load("post.site")
|
|
counter2=0
|
|
counter3=0
|
|
dll_hijacking=0
|
|
predefined=0
|
|
sendmail_counter=0
|
|
filewrite=file(setdir + "/answer.txt", "w")
|
|
counter=1
|
|
port_hit=0
|
|
for s in url:
|
|
# incremental counter to see if we need to call filewrite
|
|
|
|
# if we are performing a mass email attack
|
|
if s == "attack=1":
|
|
filewrite.write("1\n1\n1\n")
|
|
|
|
# if its default use 1
|
|
if s == "phish_attack=":
|
|
filewrite.write("1\n1\n")
|
|
# no need to keep the parameter anymore
|
|
s="completed"
|
|
dll_hijacking=1
|
|
|
|
# this is our actual attack method, so like pdf, dll, etc.
|
|
match1=re.search("phish_attack=", s)
|
|
if match1:
|
|
s=s.replace("phish_attack=", "")
|
|
filewrite.write(s+"\n")
|
|
if s == "1": dll_hijacking=1
|
|
|
|
# payload selection here
|
|
if s == "payload_selection=":
|
|
s=s.replace("payload_selection=", "")
|
|
if s == "" or s == "2":
|
|
for s in url:
|
|
match_selection=re.search("payload_selection_filename=", s)
|
|
if match_selection:
|
|
s=s.replace("payload_selection_filename=","")
|
|
if s == "":
|
|
filewrite.write("2\n")
|
|
else:
|
|
filewrite.write("13\n"+s+"\n")
|
|
|
|
else:
|
|
filewrite.write(s+"\n")
|
|
s="completed"
|
|
|
|
# if its not default payload
|
|
match2=re.search("payload_selection=", s)
|
|
if match2:
|
|
s=s.replace("payload_selection=", "")
|
|
filewrite.write(s+"\n")
|
|
|
|
if auto_detect == "off":
|
|
for s in url:
|
|
match90=re.search("reversehandler=", s)
|
|
if match90:
|
|
s=s.replace("reversehandler=", "")
|
|
s.write("\n")
|
|
|
|
# encoding options here
|
|
if dll_hijacking == 1:
|
|
if s == "encoding=":
|
|
filewrite.write("16\n")
|
|
s="completed"
|
|
|
|
if dll_hijacking == 1:
|
|
match3=re.search("encoding=", s)
|
|
if match3:
|
|
s=s.replace("encoding=", "")
|
|
filewrite.write(s+"\n")
|
|
|
|
# port number for listener
|
|
if s == "port=443":
|
|
filewrite.write("443\n")
|
|
s="completed"
|
|
|
|
|
|
match4=re.search("port=", s)
|
|
if match4:
|
|
s=s.replace("port=", "")
|
|
if s == "":
|
|
s="443"
|
|
filewrite.write(s+"\n")
|
|
port_hit=1
|
|
|
|
# if sendmail is on
|
|
if port_hit == 1:
|
|
if sendmail_counter == 0:
|
|
if sendmail == "on":
|
|
filewrite.write("yes\n")
|
|
sendmail_counter=sendmail_counter+1
|
|
|
|
|
|
# if we are using the dll hijacking
|
|
if dll_hijacking == 1:
|
|
if s == "dll_hijack=":
|
|
filewrite.write("1\n\n")
|
|
s="completed"
|
|
match5=re.search("dll_hijack=", s)
|
|
if match5:
|
|
s=s.replace("dll_hijack=", "")
|
|
filewrite.write(s+"\n\n")
|
|
|
|
# we set our defaults if they didn't change template
|
|
if s == "attachment=template.rar":
|
|
filewrite.write("\n\n")
|
|
s="completed"
|
|
|
|
match6=re.search("attachment=", s)
|
|
if match6:
|
|
s=s.replace("attachment=", "")
|
|
# two returns needed for default to rar
|
|
filewrite.write(s+"\n\n")
|
|
|
|
|
|
if s == "attachment=":
|
|
attachment="template.pdf"
|
|
filewrite.write("2\n"+attachment+"\n")
|
|
s="completed"
|
|
match7=re.search("attachment=", s)
|
|
if match7:
|
|
s=s.replace("attachment=", "")
|
|
attachment=s
|
|
if dll_hijacking == 0:
|
|
attachment=attachment.split(".")
|
|
attachment=attachment[0]+".pdf"
|
|
filewrite.write("2\n"+attachment+"\n")
|
|
|
|
if s == "webattack_email=":
|
|
s="webattack_email=1"
|
|
|
|
if s == "webattack_email=1":
|
|
filewrite.write("1\n")
|
|
|
|
if s == "webattack_email=2":
|
|
filewrite.write("2\n"+attachment+"\n")
|
|
|
|
if s == "predefined=1":
|
|
for s in url:
|
|
match10=re.search("template=", s)
|
|
if match10:
|
|
if s == "template=":
|
|
s = "1"
|
|
s=s.replace("template=","")
|
|
filewrite.write("1\n"+s+"\n")
|
|
if s == "predefined=2":
|
|
for s1 in url:
|
|
#predefined=1
|
|
match11=re.search("message=", s1)
|
|
if match11:
|
|
message=s1.replace("message=", "")
|
|
for s2 in url:
|
|
match12=re.search("subject=", s2)
|
|
if match12:
|
|
s2=s2.replace("subject=","")
|
|
filewrite.write("2\n"+s2+"\n1\n"+message+"\nCONTROL-C-HERE\n")
|
|
|
|
|
|
match12=re.search("emailto=", s)
|
|
if match12:
|
|
s=s.replace("emailto=","")
|
|
filewrite.write(s+"\n")
|
|
|
|
|
|
match4=re.search("webattack_account=", s)
|
|
if match4:
|
|
s=s.replace("webattack_account=","")
|
|
filewrite.write(s+"\n")
|
|
|
|
# if we are using open relay
|
|
if s == "2":
|
|
for s1 in url:
|
|
match1=re.search("emailfrom_relay=", s1)
|
|
if match1:
|
|
s1=s1.replace("emailfrom_relay=","")
|
|
filewrite.write(s1+"\n")
|
|
|
|
if sendmail == "off":
|
|
match2=re.search("username_relay=", s1)
|
|
if match2:
|
|
s1=s1.replace("username_relay=", "")
|
|
filewrite.write(s1+"\n")
|
|
match3=re.search("password_relay=", s1)
|
|
if match3:
|
|
s1=s1.replace("password_relay=", "")
|
|
filewrite.write(s1+"\n")
|
|
filewrite.write("yes\n")
|
|
match4=re.search("smtp_relay=", s1)
|
|
if match4:
|
|
s1=s1.replace("smtp_relay=", "")
|
|
filewrite.write(s1+"\n")
|
|
match5=re.search("smtp_port_relay=", s1)
|
|
if match5:
|
|
s1=s1.replace("smtp_port_relay=", "")
|
|
filewrite.write(s1+"\n")
|
|
# add yes for high priority as default
|
|
filewrite.write("yes\n")
|
|
|
|
match13=re.search("emailfrom=",s)
|
|
if match13:
|
|
s=s.replace("emailfrom=","")
|
|
filewrite.write(s+"\n")
|
|
|
|
if sendmail == "off":
|
|
match14=re.search("password=", s)
|
|
if match14:
|
|
# did this to mask passwords on write using seautomate, but will still show up unfortnately when answering file
|
|
s=s.replace("password=","")
|
|
filewrite.write(s+" OMGPASSWORDHERE"+"\n"+"yes\n")
|
|
|
|
match11=re.search("webattack_message=",s)
|
|
if match11:
|
|
s=s.replace("webattack_message=","")
|
|
if s == "": s = "1"
|
|
filewrite.write(s+"\n")
|
|
match12=re.search("comments=",s)
|
|
if match12:
|
|
s=s.replace("comments=","")
|
|
filewrite.write(s+"\n")
|
|
filewrite.write("CONTROL-C-HERE\n\n")
|
|
|
|
filewrite.close()
|
|
# web attack method POST handler
|
|
if self.path == "/web_attack_post":
|
|
post_load("post.site")
|
|
counter=0
|
|
osxcounter=0
|
|
filewrite=file(setdir + "/answer.txt", "w")
|
|
|
|
# recycle config flags in multi attack vectors with a definition
|
|
# specify the harvester flag to off
|
|
harvester="off"
|
|
def auto_detect_function():
|
|
|
|
for s in url:
|
|
# look for external ip address
|
|
match1=re.search("externalip=", s)
|
|
if match1:
|
|
s = s.replace("externalip=","")
|
|
|
|
# harvester only takes one parameter
|
|
if harvester == "on": filewrite.write(s+"\n")
|
|
if harvester == "off":
|
|
filewrite.write("yes\n"+s+"\nyes\n")
|
|
for s in url:
|
|
match2=re.search("reversehandler=", s)
|
|
if match2:
|
|
s = s.replace("reversehandler=","")
|
|
filewrite.write(s+"\n")
|
|
|
|
# recycle config flags for webattack email
|
|
def webattack_email_function():
|
|
relay="off"
|
|
# if sendmail is on
|
|
if sendmail == "on":
|
|
filewrite.write("yes\n")
|
|
for s in url:
|
|
match1=re.search("webattack_email=",s)
|
|
if match1:
|
|
s=s.replace("webattack_email=","")
|
|
if s == "1":
|
|
filewrite.write("1\n")
|
|
if s == "2":
|
|
for s in url:
|
|
match2=re.search("massmailer_file=", s)
|
|
if match2:
|
|
s=s.replace("massmailer_file=","")
|
|
filewrite.write("2\n"+s+"\n")
|
|
|
|
match3=re.search("emailto=", s)
|
|
if match3:
|
|
s=s.replace("emailto=","")
|
|
filewrite.write(s+"\n")
|
|
match4=re.search("webattack_account=", s)
|
|
if match4:
|
|
s=s.replace("webattack_account=","")
|
|
filewrite.write(s+"\n")
|
|
if s == "2":
|
|
relay="on"
|
|
|
|
# if mail relay is turned on
|
|
if relay == "on":
|
|
match5=re.search("emailfrom_relay=",s)
|
|
if match5:
|
|
s=s.replace("emailfrom_relay=","")
|
|
filewrite.write(s+"\n")
|
|
match6=re.search("username_relay=",s)
|
|
if match6:
|
|
s=s.replace("username_relay=","")
|
|
filewrite.write(s+"\n")
|
|
match7=re.search("password_relay=", s)
|
|
if match7:
|
|
s=s.replace("password_relay=", "")
|
|
filewrite.write(s+"\n")
|
|
filewrite.write("yes\n")
|
|
match8=re.search("smtp_relay=",s)
|
|
if match8:
|
|
s=s.replace("smtp_relay=","")
|
|
filewrite.write(s+"\n")
|
|
|
|
match9=re.search("smtp_port_relay=",s)
|
|
if match9:
|
|
s=s.replace("smtp_port_relay=","")
|
|
filewrite.write(s+"\n")
|
|
filewrite.write("yes\n")
|
|
|
|
# if we are using GMAIL
|
|
if relay == "off":
|
|
match1=re.search("emailfrom=",s)
|
|
if match1:
|
|
s=s.replace("emailfrom=","")
|
|
filewrite.write(s+"\n")
|
|
match2=re.search("password=",s)
|
|
if match2:
|
|
s=s.replace("password=","")
|
|
filewrite.write(s+" OMGPASSWORDHERE\n")
|
|
filewrite.write("yes\n")
|
|
match10=re.search("subject=",s)
|
|
if match10:
|
|
s=s.replace("subject=","")
|
|
filewrite.write(s+"\n")
|
|
|
|
match11=re.search("webattack_message=",s)
|
|
if match11:
|
|
s=s.replace("webattack_message=","")
|
|
if s == "": s = "1"
|
|
filewrite.write(s+"\n")
|
|
|
|
match12=re.search("comments=",s)
|
|
if match12:
|
|
s=s.replace("comments=","")
|
|
filewrite.write(s+"\n")
|
|
filewrite.write("CONTROL-C-HERE\n\n")
|
|
|
|
# used for if ettercap is turned to on in set_config
|
|
def ettercap_function():
|
|
for s in url:
|
|
match1=re.search("ettercap_ip=",s)
|
|
if match1:
|
|
s=s.replace("ettercap_ip=","")
|
|
filewrite.write(s+"\n")
|
|
match2=re.search("ettercap_bridge=",s)
|
|
if match2:
|
|
s=s.replace("ettercap_bridge=","")
|
|
filewrite.write(s+"\n")
|
|
if s == "1":
|
|
for s in url:
|
|
match3=re.search("bridged_handler=",s)
|
|
if match3:
|
|
s=s.replace("bridged_handler=","")
|
|
filewrite.write("yes\n"+s+"\n")
|
|
if s == "2":
|
|
filewrite.write("no\n")
|
|
|
|
|
|
# used if self signed applet is turned to on in the set_config
|
|
def self_signed_function():
|
|
for s in url:
|
|
match1=re.search("firstname=",s)
|
|
if match1:
|
|
s=s.replace("firstname=","")
|
|
if s == "": s="moo"
|
|
filewrite.write(s+"\n")
|
|
|
|
match2=re.search("orgunit=",s)
|
|
if match2:
|
|
s=s.replace("orgunit=", "")
|
|
if s == "": s="moo"
|
|
filewrite.write(s+"\n")
|
|
match3=re.search("orgname=",s)
|
|
if match3:
|
|
s=s.replace("orgname=","")
|
|
if s == "": s="moo"
|
|
filewrite.write(s+"\n")
|
|
match4=re.search("city=",s)
|
|
if match4:
|
|
s=s.replace("city=","")
|
|
if s == "": s="moo"
|
|
filewrite.write(s+"\n")
|
|
match5=re.search("state=", s)
|
|
if match5:
|
|
s=s.replace("state=","")
|
|
if s == "": s="moo"
|
|
filewrite.write(s+"\n")
|
|
match6=re.search("country=", s)
|
|
if match6:
|
|
s=s.replace("country=","")
|
|
if s == "": s="moo"
|
|
filewrite.write(s+"\n")
|
|
filewrite.write("yes\n")
|
|
|
|
# start a loop through the post parameters
|
|
for s in url:
|
|
# look for the attack vector java applet
|
|
if s == "attack=":
|
|
test_it=s.replace("attack=")
|
|
if test_it == "":
|
|
s="attack=1"
|
|
|
|
match1=re.search("attack=1", s)
|
|
if match1:
|
|
# specify web attack vector
|
|
filewrite.write("1\n2\n")
|
|
# set the counter to run the answer file
|
|
counter = 1
|
|
# specify java applet attack method and clone site
|
|
filewrite.write("1\n2\n")
|
|
|
|
if auto_detect == "off":
|
|
auto_detect_function()
|
|
|
|
if self_signed == "on":
|
|
self_signed_function()
|
|
|
|
for s in url:
|
|
# specify option 2
|
|
java1=re.search("cloner=",s)
|
|
if java1:
|
|
s=s.replace("cloner=","")
|
|
if s == "":
|
|
# let SET know there wasn't a mandatory option set
|
|
s = "http://www.google.com"
|
|
filewrite.write(s+"\n")
|
|
|
|
payload1=re.search("payload_selection=",s)
|
|
if payload1:
|
|
s=s.replace("payload_selection=","")
|
|
if s == "" or s == "2":
|
|
for s in url:
|
|
|
|
match_selection=re.search("payload_selection_filename=", s)
|
|
if match_selection:
|
|
s=s.replace("payload_selection_filename=","")
|
|
if s == "":
|
|
filewrite.write("2\n")
|
|
else:
|
|
filewrite.write("13\n"+s+"\n")
|
|
else:
|
|
filewrite.write(s+"\n")
|
|
|
|
encoding1=re.search("encoding=",s)
|
|
if encoding1:
|
|
s=s.replace("encoding=","")
|
|
if s == "": s="16"
|
|
filewrite.write(s+"\n")
|
|
|
|
|
|
port1=re.search("port=",s)
|
|
if port1:
|
|
s=s.replace("port=","")
|
|
if s == "": s="443"
|
|
filewrite.write(s+"\n")
|
|
|
|
osx1=re.search("osxlinuxtarget",s)
|
|
if osx1:
|
|
osxcounter=1
|
|
filewrite.write("yes\n")
|
|
for s in url:
|
|
osxport=re.search("portosx=",s)
|
|
if osxport:
|
|
if s == "": s="8080"
|
|
filewrite.write(s+"\n")
|
|
|
|
linport=re.search("portlin=",s)
|
|
if linport:
|
|
if s == "": s="8081"
|
|
filewrite.write(s+"\n")
|
|
|
|
if osxcounter == 0:
|
|
filewrite.write("no\n")
|
|
|
|
if ettercap == "on":
|
|
ettercap_function()
|
|
|
|
if webattack_email == "on":
|
|
webattack_email_function()
|
|
|
|
# look for the metasploit attack vector
|
|
match1=re.search("attack=2", s)
|
|
if match1:
|
|
# specify web attack vector
|
|
filewrite.write("1\n2\n")
|
|
# set the counter to run the answer file
|
|
counter = 1
|
|
# specify java applet attack method and clone site
|
|
filewrite.write("2\n2\n")
|
|
if auto_detect == "off": auto_detect_function()
|
|
for s in url:
|
|
# specify option 2
|
|
cloner=re.search("cloner=",s)
|
|
if cloner:
|
|
s=s.replace("cloner=","")
|
|
if s == "":
|
|
# let SET know there wasn't a mandatory option set
|
|
s = "http://www.google.com"
|
|
filewrite.write(s+"\n")
|
|
|
|
# pick browser exploit
|
|
msfexploit=re.search("browser=",s)
|
|
if msfexploit:
|
|
s=s.replace("browser=","")
|
|
if s =="": s="7"
|
|
filewrite.write(s+"\n")
|
|
|
|
# pick payload
|
|
payload=re.search("payload_selection=",s)
|
|
if payload:
|
|
s=s.replace("payload_selection=","")
|
|
if s =="" or s == "2":
|
|
for s in url:
|
|
match_selection=re.search("payload_selection_filename=", s)
|
|
if match_selection:
|
|
s=s.replace("payload_selection_filename=","")
|
|
if s == "":
|
|
filewrite.write("2\n")
|
|
else:
|
|
filewrite.write("13\n"+s+"\n")
|
|
else:
|
|
filewrite.write(s+"\n")
|
|
|
|
|
|
# grab port
|
|
port=re.search("port=",s)
|
|
if port:
|
|
s=s.replace("port=","")
|
|
if s=="": s="443"
|
|
filewrite.write(s+"\n")
|
|
|
|
# turn ettercap on if the flag is set
|
|
if ettercap == "on": ettercap_function()
|
|
|
|
# turn on mass mailer if the flag is set
|
|
if webattack_email == "on": webattack_email_function()
|
|
|
|
|
|
# look for the credential harvester attack vector
|
|
match1=re.search("attack=3", s)
|
|
if match1:
|
|
harvester="on"
|
|
# specify web attack vector
|
|
filewrite.write("1\n2\n")
|
|
# set the counter to run the answer file
|
|
counter = 1
|
|
# specify java applet attack method and clone site
|
|
filewrite.write("3\n2\n")
|
|
if auto_detect == "off": auto_detect_function()
|
|
for s in url:
|
|
# specify option 2
|
|
cloner=re.search("cloner=",s)
|
|
if cloner:
|
|
s=s.replace("cloner=","")
|
|
if s == "":
|
|
# let SET know there wasn't a mandatory option set
|
|
s = "http://www.google.com"
|
|
filewrite.write(s+"\n")
|
|
|
|
if ettercap == 'on': ettercap_function()
|
|
if webattack_email == "on": webattack_email_function()
|
|
|
|
filewrite.write("\n")
|
|
|
|
# tabnabbing attack vector
|
|
match1=re.search("attack=4", s)
|
|
if match1:
|
|
harvester="on"
|
|
# specify web attack vector
|
|
filewrite.write("1\n2\n")
|
|
# set the counter to run the answer file
|
|
counter = 1
|
|
# specify java applet attack method and clone site
|
|
filewrite.write("4\n2\n")
|
|
if auto_detect == "off": auto_detect_function()
|
|
for s in url:
|
|
# specify option 2
|
|
cloner=re.search("cloner=",s)
|
|
if cloner:
|
|
s=s.replace("cloner=","")
|
|
if s == "":
|
|
# let SET know there wasn't a mandatory option set
|
|
s = "http://www.google.com"
|
|
filewrite.write(s+"\n")
|
|
|
|
if ettercap == 'on': ettercap_function()
|
|
if webattack_email == "on": webattack_email_function()
|
|
|
|
filewrite.write("\n")
|
|
|
|
|
|
# man left in the middle attack vector
|
|
match1=re.search("attack=5", s)
|
|
if match1:
|
|
# specify web attack vector
|
|
filewrite.write("1\n2\n")
|
|
# set the counter to run the answer file
|
|
counter = 1
|
|
# specify java applet attack method and clone site
|
|
filewrite.write("5\n2\n")
|
|
if auto_detect == "off": auto_detect_function()
|
|
for s in url:
|
|
# specify option 2
|
|
cloner=re.search("cloner=",s)
|
|
if cloner:
|
|
s=s.replace("cloner=","")
|
|
if s == "":
|
|
# let SET know there wasn't a mandatory option set
|
|
s = "http://www.google.com"
|
|
filewrite.write(s+"\n")
|
|
|
|
if ettercap == 'on': ettercap_function()
|
|
if webattack_email == "on": webattack_email_function()
|
|
|
|
filewrite.write("\n")
|
|
|
|
|
|
# webjacking web vector
|
|
match1=re.search("attack=6", s)
|
|
if match1:
|
|
harvester="on"
|
|
# specify web attack vector
|
|
filewrite.write("1\n2\n")
|
|
# set the counter to run the answer file
|
|
counter = 1
|
|
# specify java applet attack method and clone site
|
|
filewrite.write("6\n2\n")
|
|
if auto_detect == "off": auto_detect_function()
|
|
for s in url:
|
|
# specify option 2
|
|
cloner=re.search("cloner=",s)
|
|
if cloner:
|
|
s=s.replace("cloner=","")
|
|
if s == "":
|
|
# let SET know there wasn't a mandatory option set
|
|
s = "http://www.google.com"
|
|
filewrite.write(s+"\n")
|
|
|
|
if ettercap == 'on': ettercap_function()
|
|
if webattack_email == "on": webattack_email_function()
|
|
|
|
filewrite.write("\n")
|
|
|
|
# multi-attack vector
|
|
multi_counter=0
|
|
osx_counter=0
|
|
java_multi="off"
|
|
multi_find=0
|
|
mutli_counter_2=0
|
|
match1=re.search("attack=7", s)
|
|
if match1:
|
|
# specify web attack vector
|
|
filewrite.write("1\n2\n")
|
|
# set the counter to run the answer file
|
|
counter = 1
|
|
# specify the multiattack vector
|
|
filewrite.write("7\n2\n")
|
|
if auto_detect == "off": auto_detect_function()
|
|
for s in url:
|
|
# specify option 2
|
|
cloner=re.search("cloner=",s)
|
|
if cloner:
|
|
s=s.replace("cloner=","")
|
|
if s == "":
|
|
# let SET know there wasn't a mandatory option set
|
|
s = "http://www.google.com"
|
|
filewrite.write(s+"\n")
|
|
for s in url:
|
|
# look for the flag options in multiattack
|
|
multiattack1=re.search("multiattack1=",s)
|
|
if multiattack1:
|
|
s=s.replace("multiattack1=","")
|
|
filewrite.write(s+"\n\n")
|
|
java_multi="on"
|
|
multi_counter="on"
|
|
multiattack2=re.search("multiattack2=",s)
|
|
if multiattack2:
|
|
s=s.replace("multiattack2=","")
|
|
filewrite.write(s+"\n\n")
|
|
multi_counter="on"
|
|
multiattack3=re.search("multiattack3=",s)
|
|
if multiattack3:
|
|
s=s.replace("multiattack3=","")
|
|
filewrite.write(s+"\n\n")
|
|
multi_counter="on"
|
|
multiattack4=re.search("multiattack4=",s)
|
|
if multiattack4:
|
|
s=s.replace("multiattack4=","")
|
|
filewrite.write(s+"\n\n")
|
|
multi_counter="on"
|
|
multiattack5=re.search("multiattack5=",s)
|
|
if multiattack5:
|
|
s=s.replace("multiattack5=","")
|
|
filewrite.write(s+"\n\n")
|
|
multi_counter="on"
|
|
multiattack6=re.search("multiattack6=",s)
|
|
if multiattack6:
|
|
s=s.replace("multiattack6=","")
|
|
filewrite.write(s+"\n\n")
|
|
multi_counter="on"
|
|
multiattack7=re.search("multiattack7=",s)
|
|
if multiattack7:
|
|
s=s.replace("multiattack7=","")
|
|
filewrite.write(s+"\n")
|
|
multi_counter=1
|
|
java_multi="on"
|
|
|
|
multi_find=1
|
|
|
|
# if we don't use tactical nuke
|
|
if multi_counter == "on":
|
|
filewrite.write("8\n")
|
|
multi_counter = 0
|
|
|
|
payload_counter=0
|
|
port_counter=0
|
|
encoding_counter=0
|
|
for s in url:
|
|
# see if we have our stuff for the multi attack yet
|
|
if multi_find == 1:
|
|
for s in url:
|
|
if payload_counter == 0:
|
|
# pick payload
|
|
payload=re.search("payload_selection=",s)
|
|
if payload:
|
|
s=s.replace("payload_selection=","")
|
|
|
|
|
|
if s =="" or s == "2":
|
|
for s in url:
|
|
match_selection=re.search("payload_selection_filename=", s)
|
|
if match_selection:
|
|
s=s.replace("payload_selection_filename=","")
|
|
if s == "":
|
|
filewrite.write("2\n")
|
|
else:
|
|
filewrite.write("13\n"+s+"\n")
|
|
|
|
else:
|
|
filewrite.write(s+"\n")
|
|
payload_counter=1
|
|
|
|
|
|
if encoding_counter == 0:
|
|
encoding1=re.search("encoding=",s)
|
|
if encoding1:
|
|
s=s.replace("encoding=","")
|
|
if s == "": s="16"
|
|
filewrite.write(s+"\n")
|
|
encoding_counter=1
|
|
|
|
# grab port
|
|
if port_counter == 0:
|
|
port=re.search("port=",s)
|
|
if port:
|
|
s=s.replace("port=","")
|
|
if s=="": s="443"
|
|
filewrite.write(s+"\n")
|
|
port_counter = 1
|
|
|
|
if java_multi == "on":
|
|
osx1=re.search("osxlinuxtarget",s)
|
|
if osx1:
|
|
osxcounter=1
|
|
filewrite.write("yes\n")
|
|
for s in url:
|
|
osxport=re.search("portosx=",s)
|
|
if osxport:
|
|
if s == "": s="8080"
|
|
filewrite.write(s+"\n")
|
|
|
|
linport=re.search("portlin=",s)
|
|
if linport:
|
|
if s == "": s="8081"
|
|
filewrite.write(s+"\n")
|
|
if osxcounter == 0:
|
|
filewrite.write("no\n")
|
|
osxcounter=2
|
|
|
|
# see if we're using the browser attack vector
|
|
for s in url:
|
|
# pick browser exploit
|
|
msfexploit=re.search("browser=",s)
|
|
if msfexploit:
|
|
s=s.replace("browser=","")
|
|
if s =="":
|
|
s="7"
|
|
if s == "2":
|
|
s="2\nwab"
|
|
filewrite.write(s+"\n")
|
|
|
|
|
|
# if we posted to a successful attack
|
|
if counter == 1:
|
|
filewrite.close()
|
|
|
|
if counter == 1:
|
|
|
|
try:
|
|
os.chdir(definepath)
|
|
fileopen=file("config/set_config", "r")
|
|
for line in fileopen:
|
|
line=line.rstrip()
|
|
match=re.search("TERMINAL=", line)
|
|
if match: terminal=line.replace("TERMINAL=","")
|
|
if terminal == "XTERM" or terminal == "xterm" or terminal == "":
|
|
proc = subprocess.Popen("xterm -geometry 90x30 -bg black -fg white -fn *-fixed-*-*-*-20-* -T 'The Social-Engineer Toolkit (SET)' -e 'python seautomate %s/answer.txt' &" % (setdir), shell=True)
|
|
|
|
if terminal == "KONSOLE" or terminal == "konsole":
|
|
proc = subprocess.Popen("konsole -T 'The Social-Engineer Toolkit (SET)' -e sh -c '%s/seautomate %s/answer.txt' &" % (definepath),setdir, shell=True)
|
|
|
|
if terminal == "GNOME" or terminal == "gnome":
|
|
proc = subprocess.Popen("gnome-terminal -t 'The Social-Engineer Toolkit (SET)' -x sh -c '%s/seautomate %s/answer.txt' &" % (setdir), shell=True)
|
|
|
|
# if they jacked up the config here
|
|
if terminal != "XTERM":
|
|
if terminal != "KONSOLE":
|
|
if terminal != "GNOME":
|
|
proc = subprocess.Popen("python seautomate %s/answer.txt" % (setdir), shell=True)
|
|
|
|
os.chdir("src/commandcenter")
|
|
except Exception:
|
|
try:
|
|
os.kill( proc.pid , signal.SIGTERM)
|
|
|
|
except: pass
|
|
|
|
os.chdir("src/commandcenter")
|
|
counter=0
|
|
# needed to do this if an exception wasnt hit to change directory back to command center
|
|
if counter == 1:
|
|
os.chdir("src/commandcenter")
|
|
|
|
|
|
print_info("Starting the SET Command Center on port: " + str(port))
|
|
show_graphic()
|
|
print """
|
|
______________________________________________________
|
|
| |
|
|
| The Social-Engineer Toolkit |
|
|
| Web-Interface GUI |
|
|
| Command Center |
|
|
|______________________________________________________|
|
|
|
|
All results from the web interface will be displayed
|
|
in this terminal.
|
|
|
|
"""
|
|
|
|
fileopen=file("%s/config/set_config" % (definepath), "r")
|
|
for line in fileopen:
|
|
line=line.rstrip()
|
|
match=re.search("COMMAND_CENTER_INTERFACE=", line)
|
|
if match: bind_interface=line.replace("COMMAND_CENTER_INTERFACE=", "")
|
|
|
|
print "Interface is bound to http://%s on port %s (open browser to ip/port)" % (bind_interface,str(port))
|
|
httpd = HTTPServer(('%s' % (bind_interface), int(port)), myRequestHandler)
|
|
httpd.handle_request()
|
|
httpd.serve_forever()
|
|
try:
|
|
os.kill( a.pid , signal.SIGTERM)
|
|
except: pass
|