venom v1.0.13 :: release the kraken
Version release: v1.0.13
Author: pedro ubuntu [ r00t-3xp10it ]
Codename: release the kraken (the mitologic sea monster)
Distros Supported: Linux Ubuntu, Kali, Debian, BackBox, Parrot OS
Suspicious-Shell-Activity© (SSA) RedTeam develop @2017
:: Framework description ::
This tool will use msfvenom (metasploit) to generate shellcode in diferent formats
( c | python | ruby | dll | msi | hta-psh | docm | deb) injects the shellcode generated
into one template (example: python) "the python funtion will execute the shellcode into
RAM" and uses compilers like gcc (gnu cross compiler) or mingw32 or pyinstaller.py to
build the executable file, it also starts an multi-handler to recibe the remote connection
(shell or meterpreter session).
venom also gives you the oportunity to deliver your payloads using apache2 webserver(LAN)
in two diferent ways: http://<your-ip-address> OR http://mega-upload.com (mitm+dns_spoof)
this last one can only be configurated using: venom-main/aux/setup.sh conf-script..
:: Changelog ::
Some payloads execution bug-fixes, Many improvements in framework post-exploitation
abilitys (resource files review/new ones added), Framework displays review/improved
framework internal funtions improved and 5 new payload builds added to main menu ..
FUNTION DESCRIPTION - [CHANGELOG VERSION 1.0.13] - release the kraken
------- ---------------------------------------------------------------------------
bug fix -> msfdb postgresql datatase connection bug
bug fix -> build 1 - shellcode unix C sourcecode fix (int main() C89)
bug fix -> build 2 - C to dll sourcecode fix (#include <winsock2.h>)
bug fix -> build 16 - payload.php execution fixed (new php syntax)
bug fix -> build 17 - python.py trigger execution fixed (multi_OS)
bug fix -> build 19 - python.py trigger execution fixed (multi_OS)
improved -> venom framework terminal displays review
improved -> venom framework GPLv3 personal license review
improved -> venom domain name attack vector (http://mega-upload.com)
improved -> build 1 - shellcode unix C post-exploitation funtion added
improved -> build 23 - exploit/windows/fileformat/office_word_macro (deprecate)
exploit/multi/fileformat/office_word_macro (upgraded)
added -> 'settings' config framework internal settings
added -> 'office.ppsx' python_word_doc_payload (windows systems)
added -> 'kimi.py' Malicious_Debian_Packet_Creator (linux systems)
added -> 'astrobaby.docm' word_macro_trojan_horse (multi_OS systems)
added -> 'system built-in-shells' -> perl_reverse_shell (pentestmonkey)
added -> 'exploit_suggester.rc' multi_post_exploits_suggester (multi_OS)
added -> 'post_linux.rc' linux gather information module (post-exploitation)
added -> 'post_multi.rc' multi system gather information module (post-exploitation)
added -> 'privilege_escalation.rc' windows privilege escalation (post-exploitation)
added -> 'enigma_fileless_uac_bypass.rb' windows privilege escalation (post-exploitation)
:: Detail description ::
One of the major updates in this release was the introduction of: 'venom-main/settings'
that allow users to config framework internal setting like: check/rebuild msf database
(msfdb) and update it (msfupdate) automatic at framework startup with recent exploits ..
Another usefull funtion its the implementation of framework logfiles creation, that allow
users to record session activity (spool command) in: venom-main/output/report.log All user
needs its to activate 'MSF_LOGFILES=ON' in: 'venom-main/settings' to start record logfiles
Another major improvement can be found in post-exploitation with the implementation
of: 'exploit_suggester.rc', that allow users to further search for entry points ..
Other improvement its the implementation of: 'privilege_escalation.rc' post-module to
windows systems using 'enigma_fileless_uac_bypass' msf module to upload our payload
to target system and execute it with elevated privileges (admnistrator) ..
WARNING: To revert changes made by enigma_fileless_uac_bypass you need to (manually):
1º - use post/windows/escalate/enigma_fileless_uac_bypass
2º - unset all
3º - set [session number]
4º - set DEL_REGKEY true
5º - exploit
Other major improvement can be found in 'venom domain name attack vector' funtion
(http://mega-upload.com) sutch as: 'phishing_webpage' and 'mitm+dns' small-bug-fixes ..
"mitm+dns_spoof payload delivery method can be turn on/off in venom-main/aux/setup.sh"
REMARK: All venom framework 'resource files' can be called in meterpreter prompt
by simple executing: meterpreter > resource /root/venom-main/aux/[resource-name.rc]
except: persistence.rc - persistence2.rc - privilege_escalation.rc (they need venom configurations)
:: Usefull links ::
venom - GPLv3 license
venom - project main page
venom - project bug reports
venom - youtube videos
:: Git download/install ::
1º - Download framework from github
git clone https://github.com/r00t-3xp10it/venom.git
2º - Set files execution permitions
cd venom-main
sudo chmod -R +x *.sh
sudo chmod -R +x *.py
3º - Install all dependencies - turn on/off mega-upload.com domain
cd aux
sudo ./setup.sh
4º - Run main tool
sudo ./venom.sh
Special thanks: @ChaitanyaHaritash (MDPC-kimi.py debian agent)
@0xyx3n (hta-to-javascript-obfuscator) | @suriya (VBS-crypter.exe obfuscator)
All the hard work goes to: @HDMoore (metasploit) | @NickHarbour (PEScrambler.exe)
@HarmJ0y (pyherion) | @g0tmi1k @ChrisTuncker @HarmJ0y (ruby template stager.rb)
@cortesi (pyinstaller) | @0Entropy (powershell poc's) | @mgraeber (powershell poc's)
@liviu (encrypt_polarSSL) | @alor&naga (ettercap mitm+dns_spoof ) | @astr0baby (poc's)
@Rel1k (set/unicorn shellcode poc's) | @nullbyte (powershell+shellcode poc's)