#!/usr/bin/env python3 """ Script to download and set up various security tools. Download and install one-liner: curl -sSL https://raw.githubusercontent.com/Root-Down-Digital/pentesting-resources/main/scripts/foothold-to-escalation/escalateMyTools.py | python3 Usage: python3 escalateTools.py python3 escalateTools.py --cleanup Description: - Checks and installs required tools if they are not already present. - Creates a 'transfers' folder if it doesn't exist. - Downloads and sets up various security tools into the 'transfers' folder. - Cleans up all temporary installations and files if the '--cleanup' flag is provided. Note: This script requires sudo permissions to install required tools and pipx packages. """ import os import subprocess import tempfile import shutil import sys # Check if 'wget', 'tar', 'go', 'git', 'curl' are installed def check_required_tools(): required_tools = ["wget", "tar", "go", "git", "curl"] for tool in required_tools: if ( subprocess.call( ["which", tool], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL ) != 0 ): print(f"{tool} is not installed. Installing now...") subprocess.call(["sudo", "apt", "install", "-y", tool]) # Create the 'transfers' folder if it doesn't exist def create_transfers_folder(): if not os.path.exists("transfers"): os.makedirs("transfers") print("Created 'transfers' folder.") # Download and setup tools def download_and_setup_tools(): tools = [ { "name": "CVE-2017-0213_x64.exe", "url": "https://github.com/WindowsExploits/Exploits/raw/master/CVE-2017-0213/Binaries/CVE-2017-0213_x64.zip", }, { "name": "Invoke-PowerShellTcp.ps1", "url": "https://raw.githubusercontent.com/samratashok/nishang/master/Shells/Invoke-PowerShellTcp.ps1", }, { "name": "linenum.sh", "url": "https://raw.githubusercontent.com/rebootuser/LinEnum/master/LinEnum.sh", }, { "name": "linpeas.sh", "url": "https://github.com/carlospolop/PEASS-ng/releases/latest/download/linpeas.sh", }, { "name": "linux-exploit-suggester.sh", "url": "https://raw.githubusercontent.com/The-Z-Labs/linux-exploit-suggester/master/linux-exploit-suggester.sh", }, { "name": "log4j-scan.py", "url": "https://raw.githubusercontent.com/fullhunt/log4j-scan/master/log4j-scan.py", }, { "name": "mcafee_sitelist_pwd_decrypt.py", "url": "https://raw.githubusercontent.com/funoverip/mcafee-sitelist-pwd-decryption/master/mcafee_sitelist_pwd_decrypt.py", }, { "name": "Chimichurri-MS10-059.exe", "url": "https://github.com/egre55/windows-kernel-exploits/raw/master/MS10-059:%20Chimichurri/Compiled/Chimichurri.exe", }, { "name": "ms15-051_x64.exe", "url": "https://github.com/SecWiki/windows-kernel-exploits/raw/master/MS15-051/Compiled/Taihou64.exe", }, { "name": "Juicy-Potato.exe", "url": "https://github.com/ohpe/juicy-potato/releases/download/v0.1/JuicyPotato.exe", }, { "name": "NC.exe", "url": "https://eternallybored.org/misc/netcat/netcat-win32-1.11.zip", }, { "name": "Windows-Exploit-Suggester", "url": "https://raw.githubusercontent.com/AonCyberLabs/Windows-Exploit-Suggester/master/windows-exploit-suggester.py", }, { "name": "PowerUp.ps1", "url": "https://raw.githubusercontent.com/PowerShellMafia/PowerSploit/master/Privesc/PowerUp.ps1", }, { "name": "rottenpotato.exe", "url": "https://github.com/foxglovesec/RottenPotato/raw/master/rottenpotato.exe", }, { "name": "Seatbelt.exe", "url": "https://github.com/r3motecontrol/Ghostpack-CompiledBinaries/raw/master/Seatbelt.exe", }, { "name": "SharpUp.exe", "url": "https://github.com/r3motecontrol/Ghostpack-CompiledBinaries/raw/master/SharpUp.exe", }, { "name": "ScriptSentry.ps1", "url": "https://github.com/techspence/ScriptSentry/blob/main/Invoke-ScriptSentry.ps1", }, { "name": "winPEAS64.exe", "url": "https://github.com/carlospolop/PEASS-ng/releases/download/20230425-bd7331ea/winPEASx64.exe", }, { "name": "pentestmonkey-php-reverse-shell.php", "url": "https://raw.githubusercontent.com/pentestmonkey/php-reverse-shell/master/php-reverse-shell.php", }, { "name": "cve-2016-5195-dirtycow.c", "url": "https://raw.githubusercontent.com/dirtycow/dirtycow.github.io/master/dirtyc0w.c", }, { "name": "cve-2019-13272-exploit.sh", "url": "https://raw.githubusercontent.com/bcoles/kernel-exploits/master/CVE-2019-13272/poc.c", }, { "name": "cve-2020-3452-exploit.py", "url": "https://raw.githubusercontent.com/grim3/CVE-2020-3452/main/CVE-2020-3452.py", }, { "name": "cve-2020-1472-exploit.py", "url": "https://raw.githubusercontent.com/thatonesecguy/zerologon-CVE-2020-1472/master/zero-logon-exploit.py", }, { "name": "cve-2021-3156-exploit.c", "url": "https://raw.githubusercontent.com/CptGibbon/CVE-2021-3156/main/exploit.c", }, { "name": "cve-2021-1675-exploit.py", "url": "https://raw.githubusercontent.com/cube0x0/CVE-2021-1675/main/CVE-2021-1675.py", }, { "name": "CVE-2022-0847-DirtyPipe-Exploits.zip", "url": "https://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-Exploits/archive/refs/heads/main.zip", }, { "name": "CVE-2022-0847-dirty-pipe-checker.zip", "url": "https://github.com/basharkey/CVE-2022-0847-dirty-pipe-checker/archive/refs/heads/main.zip", }, { "name": "pspy64", "url": "https://github.com/DominicBreuker/pspy/releases/download/v1.2.1/pspy64", }, { "name": "walkingpath.py", "url": "https://raw.githubusercontent.com/adhikara13/CVE-2022-4510-WalkingPath/main/walkingpath.py", }, { "name": "PowerShell-for-Hackers.zip", "url": "https://github.com/I-Am-Jakoby/PowerShell-for-Hackers/archive/refs/heads/main.zip", }, { "name": "EternalBlue-2.2.0.zip", "url": "https://github.com/worawit/MS17-010/archive/refs/heads/master.zip", } ] for tool in tools: file_name = os.path.join("transfers", tool["name"]) url = tool["url"] print(f"Downloading {file_name}...") subprocess.call(["wget", "-O", file_name, url]) # Check if the download was successful and setup the tool if os.path.exists(file_name): print(f"{file_name} downloaded successfully.") if tool["name"] == "pspy64": print("Setting up pspy64...") subprocess.call(["chmod", "+x", file_name]) print("pspy64 is set up and ready to use.") else: print(f"Error downloading {file_name}. Please check the URL and try again.") # Ask to install pspy def install_pspy(): response = input("Do you want to install pspy? (y/n): ").strip().lower() if response == 'y': build_pspy64() # Build pspy64 from source def build_pspy64(): print("Building pspy64 from source...") subprocess.call(["git", "clone", "https://github.com/DominicBreuker/pspy.git"]) os.chdir("pspy") subprocess.call(["go", "build"]) print("pspy64 has been built from source.") # Ask to install NetExec def install_netexec(): response = input("Do you want to install NetExec? (y/n): ").strip().lower() if response == 'y': with tempfile.TemporaryDirectory() as tmpdirname: print(f"Installing NetExec in temporary directory {tmpdirname}...") subprocess.call(["sudo", "apt", "install", "-y", "pipx", "git"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) subprocess.call(["pipx", "ensurepath"], cwd=tmpdirname, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) subprocess.call(["pipx", "install", "git+https://github.com/Pennyw0rth/NetExec"], cwd=tmpdirname, stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) # Cleanup function to remove all temporary installations and files def cleanup(): directories_to_remove = ['transfers', 'pspy'] for directory in directories_to_remove: if os.path.exists(directory): shutil.rmtree(directory) print(f"Removed {directory} directory.") # Remove pipx installed packages and cache subprocess.call(["pipx", "uninstall", "NetExec"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) subprocess.call(["pipx", "uninstall-all"], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) subprocess.call(["rm", "-rf", os.path.expanduser("~/.local/pipx")], stdout=subprocess.DEVNULL, stderr=subprocess.DEVNULL) print("Removed all pipx installations and cache.") # Main function to run all the tasks def main(): cleanup_flag = "--cleanup" in sys.argv check_required_tools() create_transfers_folder() download_and_setup_tools() install_pspy() install_netexec() # Cleanup if cleanup_flag: cleanup() print("Cleanup completed.") if __name__ == "__main__": main()