Skip to content

Commit

Permalink
fix hta attack vector issues on main menu
Browse files Browse the repository at this point in the history
  • Loading branch information
@HackingDave
HackingDave committed Jul 23, 2019
1 parent 0018154 commit c3f4a0e
Show file tree
Hide file tree
Showing 3 changed files with 39 additions and 64 deletions.
1 change: 1 addition & 0 deletions readme/CHANGELOG
View file
Expand Up @@ -3,6 +3,7 @@ version 8.0.1
~~~~~~~~~~~~~~~~

* fix an issue when using import on web clone
* fix an issue when using hta attack vector would just put you out to main menu

~~~~~~~~~~~~~~~~
version 8.0
Expand Down
100 changes: 37 additions & 63 deletions src/core/set.py
View file
Expand Up @@ -167,52 +167,47 @@
# attack_vector = "hta"

# Removed to delete MLITM
if attack_vector != "99999":
#if attack_vector != "99999":

#
# USER INPUT: SHOW WEB ATTACK VECTORS MENU #
#
#
# USER INPUT: SHOW WEB ATTACK VECTORS MENU #
#

if attack_vector != "7":
debug_msg(
me, "printing 'text.webattack_vectors_menu'", 5)
show_webvectors_menu = create_menu(
text.webattack_vectors_text, text.webattack_vectors_menu)
print(' 99) Return to Webattack Menu\n')
choice3 = raw_input(setprompt(["2"], ""))
#if attack_vector != "7":
debug_msg(me, "printing 'text.webattack_vectors_menu'", 5)
show_webvectors_menu = create_menu(text.webattack_vectors_text, text.webattack_vectors_menu)
print(' 99) Return to Webattack Menu\n')
choice3 = raw_input(setprompt(["2"], ""))

if choice3 == 'exit':
exit_set()
if choice3 == 'exit':
exit_set()

if choice3 == "99":
break
if choice3 == "99":
break

if choice3 == "quit" or choice3 == '4':
break
if choice3 == "quit" or choice3 == '4':
break

try:
# write our attack vector to file to be called later
filewrite = open(userconfigpath + "attack_vector", "w")

# webjacking and web templates are not allowed
if attack_vector == "5" and choice3 == "1":
print(
bcolors.RED + "\n Sorry, you can't use the Web Jacking vector with Web Templates." + bcolors.ENDC)
print(bcolors.RED + "\n Sorry, you can't use the Web Jacking vector with Web Templates." + bcolors.ENDC)
return_continue()
break

# if we select multiattack, web templates are not allowed
if attack_vector == "6" and choice3 == "1":
print(
bcolors.RED + "\n Sorry, you can't use the Multi-Attack vector with Web Templates." + bcolors.ENDC)
print(bcolors.RED + "\n Sorry, you can't use the Multi-Attack vector with Web Templates." + bcolors.ENDC)
return_continue()
break

# if we select web template and tabnabbing, throw this
# error and bomb out to menu
if attack_vector == "4" and choice3 == "1":
print(
bcolors.RED + "\n Sorry, you can only use the cloner option with the tabnabbing method." + bcolors.ENDC)
print(bcolors.RED + "\n Sorry, you can only use the cloner option with the tabnabbing method." + bcolors.ENDC)
return_continue()
break

Expand All @@ -239,10 +234,8 @@
attack_vector = "harvester"
filewrite.write(attack_vector)
filewrite.close()
print_info(
"Credential harvester will allow you to utilize the clone capabilities within SET")
print_info(
"to harvest credentials or parameters from a website as well as place them into a report")
print_info("Credential harvester will allow you to utilize the clone capabilities within SET")
print_info("to harvest credentials or parameters from a website as well as place them into a report")

# specify tab nabbing attack vector
if attack_vector == '4':
Expand All @@ -266,7 +259,7 @@
filewrite.close()

# hta attack vector
if attack_vector == '8':
if attack_vector == '7':
# call hta attack vector
attack_vector = "hta"
filewrite.write(attack_vector)
Expand Down Expand Up @@ -305,28 +298,19 @@
# this part is to determine if NAT/port forwarding is used
# if it is it'll prompt for
# additional questions
print_info(
"NAT/Port Forwarding can be used in the cases where your SET machine is")
print_info(
"not externally exposed and may be a different IP address than your reverse listener.")
nat_or_fwd = yesno_prompt(
'0', 'Are you using NAT/Port Forwarding [yes|no]')
print_info("NAT/Port Forwarding can be used in the cases where your SET machine is")
print_info("not externally exposed and may be a different IP address than your reverse listener.")
nat_or_fwd = yesno_prompt('0', 'Are you using NAT/Port Forwarding [yes|no]')
if nat_or_fwd == "YES":
ipquestion = raw_input(setprompt(
["2"], "IP address to SET web server (this could be your external IP or hostname)"))

filewrite2 = open(
userconfigpath + "interface", "w")
filewrite2.write(
ipquestion)
ipquestion = raw_input(setprompt(["2"], "IP address to SET web server (this could be your external IP or hostname)"))
filewrite2 = open(userconfigpath + "interface", "w")
filewrite2.write(ipquestion)
filewrite2.close()
# is your payload/listener
# on a different IP?
natquestion = yesno_prompt(
["2"], "Is your payload handler (metasploit) on a different IP from your external NAT/Port FWD address [yes|no]")
natquestion = yesno_prompt(["2"], "Is your payload handler (metasploit) on a different IP from your external NAT/Port FWD address [yes|no]")
if natquestion == 'YES':
ipaddr = raw_input(
setprompt(["2"], "IP address for the reverse handler (reverse payload)"))
ipaddr = raw_input(setprompt(["2"], "IP address for the reverse handler (reverse payload)"))
if natquestion == "NO":
ipaddr = ipquestion
# if you arent using NAT/Port
Expand Down Expand Up @@ -355,8 +339,6 @@
this is how networking works.
""")

#print_info("This option is used for what IP the server will POST to.")
#print_info("If you're using an external IP, use your external IP for this")
try:
rhost = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
rhost.connect(('google.com', 0))
Expand Down Expand Up @@ -384,8 +366,7 @@

# get the template ready
sys.path.append(definepath + "/src/html/templates")
debug_msg(
me, "importing src.html.templates.template'", 1)
debug_msg(me, "importing src.html.templates.template'", 1)
try:
module_reload(template)
except:
Expand All @@ -396,8 +377,7 @@
# grab clientattack
sys.path.append(
definepath + "/src/webattack/browser_exploits")
debug_msg(
me, "line 357: importing 'src.webattack.browser_exploits.gen_payload'", 1)
debug_msg(me, "line 357: importing 'src.webattack.browser_exploits.gen_payload'", 1)
try:
module_reload(gen_payload)
except:
Expand All @@ -406,8 +386,7 @@
# arp cache attack, will exit quickly
# if not in config file
sys.path.append(definepath + "/src/core/arp_cache")
debug_msg(
me, "line 364: importing 'src.core.arp_cache.arp'", 1)
debug_msg(me, "line 364: importing 'src.core.arp_cache.arp'", 1)
try:
module_reload(arp)
except:
Expand All @@ -423,20 +402,17 @@

site_cloned = True

debug_msg(
me, "line 375: importing 'src.webattack.web_clone.cloner'", 1)
debug_msg(me, "line 375: importing 'src.webattack.web_clone.cloner'", 1)
try:
module_reload(src.webattack.web_clone.cloner)
except:
import src.webattack.web_clone.cloner

# grab java applet attack
if attack_vector == "java":
debug_msg(
me, "importing 'src.core.payloadgen.create_payloads'", 1)
debug_msg(me, "importing 'src.core.payloadgen.create_payloads'", 1)
try:
module_reload(
src.core.payloadgen.create_payloads)
module_reload(src.core.payloadgen.create_payloads)
except:
import src.core.payloadgen.create_payloads

Expand Down Expand Up @@ -480,10 +456,8 @@
update_options("ATTACK_VECTOR=HTA")
gen_hta_cool_stuff()
attack_vector = "hta"
print_status(
"Automatically starting Apache for you...")
subprocess.Popen(
"service apache2 start", shell=True).wait()
print_status("Automatically starting Apache for you...")
subprocess.Popen("service apache2 start", shell=True).wait()

if attack_vector != "harvester":
if attack_vector != "tabnabbing":
Expand Down
2 changes: 1 addition & 1 deletion src/core/set.version
View file
@@ -1 +1 @@
8.0
8.0.1

0 comments on commit c3f4a0e

Please sign in to comment.