The steps are pretty straight forward. The only tool that might cause some confusion is SMBexec. This requires you to interact 3 times with a different option every time. So here’s the options you need to use, in the correct order
- Select option 1 (When prompted for the path, write: /opt/tools)
- Select option 4
- Select option 5
Right after you have written the path to where to install SMBexec, the script will ask you the same question. Make sure that you write the same, /opt/tools, there as well. This is so the bash script knows where to find the new install.sh script for SMBexec.
Other than this, the rest of the process is very simple.
You can either download the script from my gist here , or copy the code from below
#!/bin/bash
echo ""
echo "=========================================================================="
echo "= Pentest Attack Machine Setup ="
echo "= Based on the setup from The Hacker Playbook ="
echo "=========================================================================="
echo ""
# Prepare tools folder
echo "[+] Creating tools folder in /opt"
mkdir /opt/tools/
echo ""
# Setting up metasploit with postgresql
echo "[+] Setting up metasploit with postgresql"
service postgresql start
service metasploit start
echo ""
# Discover Scripts - Passive reconnaissance
echo "[+] Installing Discover Scripts"
cd /opt/tools/
git clone https://github.com/leebaird/discover.git
cd /opt/tools/discover/
/opt/tools/discover/setup.sh
echo ""
# SMBexec - Grab hashes out of the Domain Controller and reverse shells
# Step 1: Select option 1
# Step 2: Select option 4
# Step 3: Select option 5
echo "[+] Installing SMBexec"
cd /tmp/
git clone https://github.com/brav0hax/smbexec.git
cd /tmp/smbexec/
echo "[+] Select option 1"
/tmp/smbexec/install.sh
echo "[*] Where did you install SMBexec?: "
read smbexecpath
$smbexecpath/smbexec/install.sh
echo ""
# Veil - Create Python based Meterpreter executable
echo "[+] Installing Veil Framework"
cd /opt/tools/
git clone https://github.com/Veil-Framework/Veil-Evasion.git Veil
cd /opt/tools/Veil/setup
/opt/tools/Veil/setup/setup.sh
echo ""
# WCE (Windows Credential Editor) - Pulls passwords from memory
echo "[+] Downloading and installing WCE (Windows Credential Editor)"
mkdir /opt/tools/wce/
cd /tmp/
wget http://www.ampliasecurity.com/research/wce_v1_41beta_universal.zip
unzip -d /opt/tools/wce/ wce_v1_41beta_universal.zip
rm -f wce_v1_41beta_universal.zip
echo ""
# Mimikatz - Pulls passwords from memory
echo "[+] Installing Mimikatz"
mkdir /opt/tools/mimikatz/
cd /tmp/
wget https://github.com/gentilkiwi/mimikatz/releases/download/2.0.0-alpha-20150122/mimikatz_trunk.zip
unzip -d /opt/tools/mimikatz/ mimikatz_trunk.zip
rm -f mimikatz_trunk.zip
echo ""
# PeepingTom - Website snapshots
echo "[+] Installing PeepingTom"
cd /opt/tools/
git clone https://bitbucket.org/LaNMaSteR53/peepingtom.git
cd /opt/tools/peepingtom/
wget https://gist.githubusercontent.com/nopslider/5984316/raw/423b02c53d225fe8dfb4e2df9a20bc800cc78e2c/gnmap.pl
echo ""
# Download appropriate PhantomJS package
if $(uname -m | grep '64'); then
wget http://phantomjs.googlecode.com/files/phantomjs-1.9.2-linux-x86_64.tar.bz2
tar xf phantomjs-1.9.2-linux-x86_64.tar.bz2
cp /opt/tools/peepingtom/phantomjs-1.9.2-linux-x86_64/bin/phantomjs .
else
wget http://phantomjs.googlecode.com/files/phantomjs-1.9.2-linux-i686.tar.bz2
tar xf phantomjs-1.9.2-linux-i686.tar.bz2
cp /opt/tools/peepingtom/phantomjs-1.9.2-linux-i686/bin/phantomjs .
fi
echo ""
# Nmap script - Quicker scanning and smarter identification
echo "[+] Installing nmap scripts"
cd /usr/share/nmap/scripts/
wget https://raw.githubusercontent.com/hdm/scan-tools/master/nse/banner-plus.nse
echo ""
# PowerSploit - Scripts for post exploitation
echo "[+] Installing PowerSploit"
cd /opt/tools/
git clone https://github.com/mattifestation/PowerSploit.git
cd /opt/tools/PowerSploit/
wget https://raw.githubusercontent.com/obscuresec/random/master/StartListener.py
wget https://raw.githubusercontent.com/darkoperator/powershell_scripts/master/ps_encoder.py
echo ""
# Responder - Used to gain NTLM challenge/response
echo "[+] Installing Responder"
cd /opt/tools/
git clone https://github.com/SpiderLabs/Responder.git
echo ""
# SET (Social Engineering Toolkit) - Pre-installed on Kali Linux
echo "[+] Installing SET (Social Engineering Toolkit)"
cd /opt/tools/
git clone https://github.com/trustedsec/social-engineer-toolkit.git set
cd /opt/tools/set/
/opt/tools/set/setup.py install
echo ""
# Bypassuac - Used to bypass UAC in post exploitation
# → https://www.trustedsec.com/downloads/
echo "[+] Installing Bypass UAC"
cd /tmp/
wget https://www.trustedsec.com/files/bypassuac.zip
unzip bypassuac.zip
cp bypassuac/bypassuac.rb /opt/metasploit/apps/pro/msf3/scripts/meterpreter/
mv bypassuac/uac/ /opt/metasploit/apps/pro/msf3/data/exploits/
rm -Rf bypassuac
echo ""
# BeEF - cross-site scripting framework
# → http://beefproject.com/
echo "[+] Installing BeEF"
apt-get install beef-xss
echo ""
# PEDA - Python Exploit Development Assistance for GDB
# → Repository: https://github.com/longld/peda
echo "[+] Installing PEDA"
git clone https://github.com/longld/peda.git /opt/peda
echo "source /opt/peda/peda.py" >> ~/.gdbinit
echo ""
# The End
echo "[+] All tools installed successfully!"
echo "[+] ~~~ Happy Hacking! ~~~"
echo ""