thpsetup.py
#!/bin/bash
echo ""
echo "=========================================================================="
echo "= Pentest Attack Machine Setup ="
echo "= Based on the setup from The Hacker Playbook ="
echo "=========================================================================="
echo ""
# Prepare tools folder
echo "[+] Creating tools folder in /opt"
mkdir /opt/tools/
echo ""
# Setting up metasploit with postgresql
echo "[+] Setting up metasploit with postgresql"
service postgresql start
service metasploit start
echo ""
# Adding postgresql and metasploit services rc.d defaults
echo "[+] Adding postgresql and metasploit to rc.d defaults"
update-rc.d -f postgresql defaults
update-rc.d -f metasploit defaults
echo ""
# Discover Scripts - Passive reconnaissance
echo "[+] Installing Discover Scripts"
cd /opt/tools/
git clone https://github.com/leebaird/discover.git
cd /opt/tools/discover/
/opt/tools/discover/setup.sh
echo ""
# SMBexec - Grab hashes out of the Domain Controller and reverse shells
# Step 1: Select option 1
# Step 2: Select option 4
# Step 3: Select option 5
echo "[+] Installing SMBexec"
cd /tmp/
git clone https://github.com/pentestgeek/smbexec.git
cd /tmp/smbexec/
echo "[+] Select option 1"
/tmp/smbexec/install.sh
echo "[*] Where did you install SMBexec?: "
read smbexecpath
$smbexecpath/smbexec/install.sh
echo ""
# Veil - Create Python based Meterpreter executable
echo "[+] Installing Veil Framework"
cd /opt/tools/
git clone https://github.com/Veil-Framework/Veil-Evasion.git Veil
cd /opt/tools/Veil/setup
/opt/tools/Veil/setup/setup.sh
echo ""
# WCE (Windows Credential Editor) - Pulls passwords from memory
echo "[+] Downloading and installing WCE (Windows Credential Editor)"
mkdir /opt/tools/wce/
cd /tmp/
wget http://www.ampliasecurity.com/research/wce_v1_41beta_universal.zip
unzip -d /opt/tools/wce/ wce_v1_41beta_universal.zip
rm -f wce_v1_41beta_universal.zip
echo ""
# Mimikatz - Pulls passwords from memory
echo "[+] Installing Mimikatz"
mkdir /opt/tools/mimikatz/
cd /tmp/
wget https://github.com/gentilkiwi/mimikatz/releases/download/2.0.0-alpha-20150122/mimikatz_trunk.zip
unzip -d /opt/tools/mimikatz/ mimikatz_trunk.zip
rm -f mimikatz_trunk.zip
echo ""
# PeepingTom - Website snapshots
echo "[+] Installing PeepingTom"
cd /opt/tools/
git clone https://bitbucket.org/LaNMaSteR53/peepingtom.git
cd /opt/tools/peepingtom/
wget https://gist.githubusercontent.com/nopslider/5984316/raw/423b02c53d225fe8dfb4e2df9a20bc800cc78e2c/gnmap.pl
echo ""
# Download appropriate PhantomJS package
if $(uname -m | grep '64'); then
wget http://phantomjs.googlecode.com/files/phantomjs-1.9.2-linux-x86_64.tar.bz2
tar xf phantomjs-1.9.2-linux-x86_64.tar.bz2
cp /opt/tools/peepingtom/phantomjs-1.9.2-linux-x86_64/bin/phantomjs .
else
wget http://phantomjs.googlecode.com/files/phantomjs-1.9.2-linux-i686.tar.bz2
tar xf phantomjs-1.9.2-linux-i686.tar.bz2
cp /opt/tools/peepingtom/phantomjs-1.9.2-linux-i686/bin/phantomjs .
fi
echo ""
# Nmap script - Quicker scanning and smarter identification
echo "[+] Installing nmap scripts"
cd /usr/share/nmap/scripts/
wget https://raw.githubusercontent.com/hdm/scan-tools/master/nse/banner-plus.nse
echo ""
# PowerSploit - Scripts for post exploitation
echo "[+] Installing PowerSploit"
cd /opt/tools/
git clone https://github.com/mattifestation/PowerSploit.git
cd /opt/tools/PowerSploit/
wget https://raw.githubusercontent.com/obscuresec/random/master/StartListener.py
wget https://raw.githubusercontent.com/darkoperator/powershell_scripts/master/ps_encoder.py
echo ""
# Responder - Used to gain NTLM challenge/response
echo "[+] Installing Responder"
cd /opt/tools/
git clone https://github.com/SpiderLabs/Responder.git
echo ""
# SET (Social Engineering Toolkit) - Pre-installed on Kali Linux
echo "[+] Installing SET (Social Engineering Toolkit)"
cd /opt/tools/
git clone https://github.com/trustedsec/social-engineer-toolkit.git set
cd /opt/tools/set/
/opt/tools/set/setup.py install
echo ""
# Bypassuac - Used to bypass UAC in post exploitation
# → https://www.trustedsec.com/downloads/
echo "[+] Installing Bypass UAC"
cd /tmp/
wget https://www.trustedsec.com/files/bypassuac.zip
unzip bypassuac.zip
cp bypassuac/bypassuac.rb /opt/metasploit/apps/pro/msf3/scripts/meterpreter/
mv bypassuac/uac/ /opt/metasploit/apps/pro/msf3/data/exploits/
rm -Rf bypassuac
echo ""
# BeEF - cross-site scripting framework
# → http://beefproject.com/
echo "[+] Installing BeEF"
apt-get install beef-xss
echo ""
# PEDA - Python Exploit Development Assistance for GDB
# → Repository: https://github.com/longld/peda
echo "[+] Installing PEDA"
git clone https://github.com/longld/peda.git /opt/peda
echo "source /opt/peda/peda.py" >> ~/.gdbinit
echo ""
# The End
echo "[+] All tools installed successfully!"
echo "[+] ~~~ Happy Hacking! ~~~"
echo ""https://gist.github.com/oaass/bf136f3ea20d56ed0f83 에서 가져왔다.
댓글들 참고해서 주소를 수정 해주자.
bypassuac 설치 시 칼리리눅스 2.0버전은 경로가 다르기에 아래 경로로 수정해서 설치해준다.
3. Copy bypassuac.rb to /usr/share/metasploit-framework/scripts/meterpreter/
(If you install by yourself, copy to /opt/metasploit/apps/pro/scripts/meterpreter/)
4. Copy uac folder to "/usr/share/metasploit-framework/data/exploits/"
(If you install by yourself, copy to /opt/metasploit/apps/pro/msf3/data/exploits/)
'Enjoy IT > LINUX 심화.해킹등' 카테고리의 다른 글
| 해커플레이북 - 침투 후 일정 (0) | 2016.05.18 |
|---|---|
| 해커플레이북1 (THE HACKER PLAYBOOK) 정오표 (0) | 2016.05.08 |
| 리눅스 nmap 명령어 사용 예제 (0) | 2016.04.22 |
| 칼리리눅스 root 비밀번호 바꾸기 (0) | 2016.04.21 |
| ARP spoofing 공격과 패킷엿보기 (0) | 2016.04.21 |
