Change v-10.9.15 :
+ – smbrelayx.py support allowing remote shell attacks and replay attacks using new French Kiss Attack.
Cartero is A robust Phishing Framework with a full featured CLI interface. The project was born out necessity
through of years of engagements with tools that just didn’t do the job. Even though there are many projects out there, we were not able to find a suitable solution that gave us both easy of use and customizability.
Cartero is a modular project divided into commands that perform independent tasks (i.e. Mailer, Cloner, Listener, AdminConsole, etc…). In addition each sub-command has repeatable configuration options to configure and automate your work.
Cartero : A robust Phishing Framework with a full featured CLI interface
For example, if we wanted to clone gmail.com, we simply have to perform the following commands.
❯❯❯ ./cartero Cloner --url https://gmail.com --path /tmp --webserver gmail_com ❯❯❯ ./cartero Listener --webserver /tmp/gmail_com -p 80 Launching mongodb Puma starting in single mode... * Version 2.8.2 (ruby 2.1.1-p76), codename: Sir Edmund Percival Hillary * Min threads: 4, max threads: 16 * Environment: production * Listening on tcp://0.0.0.0:80 Use Ctrl-C to stop
Once we have a site up and running we can simply use the Mailer command to send templated emails to testing victims:
❯❯❯ ./cartero Mailer --data victims.json --server gmail_com --subject "Internal Memo" --htmlbody email_html.html --attachment payload.pdf --from "John Doe <jdoe@company.com>" Sending victim1@company.com Sending victim2@company.com Sending victim3@company.com
Automated Installation
Using brew 1.9.3 ruby as default ruby library
curl -L https://raw.githubusercontent.com/FreedomCoder/Cartero/master/data/scripts/setup.sh | bash
Using RVM 1.9.3 ruby installation
curl -L https://raw.githubusercontent.com/FreedomCoder/Cartero/master/data/scripts/setup.sh | bash -s -- -r
Manual Installation
Dependencies
brew install mongodb
Framework
❯❯❯ git clone github.com/section9labs/Cartero ❯❯❯ cd Cartero ❯❯❯ gem install bundle ❯❯❯ bundle install ❯❯❯ cd bin
Usage
Commands : Cartero is a very simple to use CLI.
Cartero Basic Usage
❯❯❯ ./cartero
Usage: cartero [options]
List of Commands:
AdminConsole, AdminWeb, Mailer, Cloner, Listener, Servers, Templates
Global options:
--proxy [HOST:PORT] Sets TCPSocket Proxy server
-c, --config [CONFIG_FILE] Provide a different cartero config file
-v, --[no-]verbose Run verbosely
-p [PORT_1,PORT_2,..,PORT_N], Global Flag fo Mailer and Webserver ports
--ports
-m, --mongodb [HOST:PORT] Global Flag fo Mailer and Webserver ports
-d, --debug Sets debug flag on/off
--editor [EDITOR] Edit Server
Common options:
-h, --help [COMMAND] Show this message
--list-commands Prints list of commands for bash completion
--version Shows cartero CLI version
MongoDB
This is a simple Wrapper for MongoDB that allows us to start stop the database with the corresponding commands and on the correct ~/.cartero path.
Cartero MongoDB
❯❯❯ ./cartero Mongo
Usage: Cartero Mongo [options]
-s, --start Start MongoDB
-k, --stop Stop MongoDB
-r, --restart Restart MongoDB
-b, --bind [HOST:PORT] Set MongoDB bind_ip and port
Common options:
-h, --help Show this message
--list-options Show list of available optionsCloner
A WebSite Cloner that allows us to download and convert a website into a Cartero WebServer application.
❯❯❯ ./cartero Cloner
Usage: Cartero Cloner [options]
-U, --url [URL_PATH] Full Path of site to clone
-W, --webserver [SERVER_NAME] Sets WebServer name to use
-p, --path [PATH] Sets path to save webserver
-P, --payload [PAYLOAD_PATH] Sets payload path
--useragent [UA_STRING] Sets user agent for cloning
--wget Use wget to clone url
--apache Generate Apache Proxy conf
Common options:
-h, --help Show this message
--list-options Show list of available optionsListener
The listener is responsible for running the WebServer created through Cloner or a manually created site
❯❯❯ ./cartero Listener
Usage: Cartero Listener [options]
-i, --ip [1.1.1.1] Sets IP interface, default is 0.0.0.0
-p [PORT_1,PORT_2,..,PORT_N], Sets Email Payload Ports to scan
--ports
-s, --ssl Run over SSL. [this also requires --sslcert and --sslkey]
-C, --sslcert [CERT_PATH] Sets Email Payload Ports to scan
-K, --sslkey [KEY_PATH] Sets SSL key to use for Listener.
-V, --views [VIEWS_FOLDER] Sets SSL Certificate to use for Listener.
-P, --public [PUBLIC_FOLDER] Sets a Sinatra public_folder
-W [WEBSERVER_FOLDER], Sets the sinatra full path from cloner.
--webserver
--payload [PAYLOAD] Sets a payload download to serve on /download
--customapp [CUSTOM_SINATRA] Sets a custom Sinatra::Base WebApp. Important, WebApp name should be camelized of filename
Common options:
-h, --help Show this message
--list-options Show list of available optionsThe WebServers support ssl keys and virtual hosts across multiple IP, Hostnames, and Ports
Servers
In order to send emails campaigns we need to setup email servers and this command allows Cartero to create, store and list servers. All data is stored in the ~/.cartero configuration directory.
./cartero Servers
Usage: Cartero Servers [options]
-a, --add [NAME] Add Server
-e, --edit [NAME] Edit Server
-d, --delete [NAME] Edit Server
-l, --list List servers
Configuration options:
-T, --type [TYPE] Set the type
-U, --url [DOMAIN] Set the Mail or WebMail url/address
-M, --method [METHOD] Sets the WebMail Request Method to use [GET|POST]
--api-access [API_KEY] Sets the Linkedin API Access Key
--api-secret [API_SECRET] Sets the Linkedin API Secret Key
--oauth-token [OAUTH_TOKEN] Sets the Linkedin OAuth Token Key
--oauth-secret [OAUTH_SECRET]
Sets the Linkedin OAuth Secret Key
Common options:
-h, --help Show this message
--list-options Show list of available optionsTemplates
Just like Servers, email campaigns also need a pre-defined Template for sending content to the victims. This module allows the attacker to keep track, create, list, and edit templates being used in their campaign.
Note: Setting templates here is not necessary and Mailer accepts a direct path to emails templates from the CLI.
❯❯❯ ./cartero Templates
Usage: Cartero Templates [options]
-a, --add [NAME] Add Template
-e, --edit [NAME] Edit Template
-d, --delete [NAME] Edit Template
-l, --list List Templates
-h, --help Show this messageMailer
THe main command and component in the Cartero Framework — It allows Cartero to send custom templated emails to one or more email addresses
❯❯❯ ./cartero Mailer
Usage: Cartero Mailer [options]
-D, --data [DATA_FILE] File containing template data sets
-S, --server [SERVER_NAME] Sets Email server to use
-s, --subject [EMAIL_SUBJECT] Sets Email subject
-f, --from [EMAIL_FROM] Sets Email from
-r, --reply-to [EMAIL_REPLY_TO] Sets Email from
-b, --body [FILE_PATH] Sets Email Text Body
-B, --htmlbody [FILE_PATH] Sets Email HTML Body
-c, --charset [CHARSET] Sets Email charset
-C [CONTENT_TYPE], Sets Email content type
--content-type
-a [FILE_1,FILE_2,..,FILE_N], Sets Email Attachments
--attachment
-p [PORT_1,PORT_2,..,PORT_N], Sets Email Payload Ports to scan
--ports
Common options:
-h, --help Show this message
--list-options Show list of available optionsWebMailer
This command supports an alternative to SMTP / IMAP servers through send messages using known vulnerable or anonymous webmail services via web requests.
❯❯❯ ./cartero WebMailer
Usage: Cartero WebMailer [options]
-R, --raw [RAW_REQUEST_FILE] Sets WebMail Raw Request
-S, --server [SERVER_NAME] Sets WebMail server to use
-U, --url [URL:PORT] Sets WebMail server url to use
-H [HEADER:VAL\nHEADER:VAL], Sets WebMail Headers to use
--headers
-C, --cookies [COOKIES] Sets WebMail Cookies to use
-D, --data [DATA_FILE] File containing template data sets
-s, --subject [EMAIL_SUBJECT] Sets Email subject
-f, --from [EMAIL_FROM] Sets Email from
-r, --reply-to [EMAIL_REPLY_TO] Sets Email reply-to
-b, --body [REQUEST_FILE_PATH] Sets Email Text request query Body
-p [PORT_1,PORT_2,..,PORT_N], Sets Email Payload Ports to scan
--ports
Common options:
-h, --help Show this message
--list-options Show list of available optionsExample of webmail server for send-mail.org
{
"name": "send-email",
"type": "webmail",
"options": {
"url": "http://send-email.org/send",
"method": "POST",
"cookies": "",
"headers": {
"Host": "send-email.org",
"User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:29.0) Gecko/20100101 Firefox/29.0",
"Accept": "application/json, text/javascript, */*; q=0.01",
"Accept-Language": "en-US,en;q=0.5",
"Accept-Encoding": "gzip, deflate",
"Content-Type": "application/x-www-form-urlencoded; charset=UTF-8",
"X-Requested-With": "XMLHttpRequest",
"Referer": "http://send-email.org/",
"Content-Length": "126",
"Connection": "keep-alive",
"Pragma": "no-cache"
}
},
"confirmation" : "Your message was sent!"
}IMessage
Allows Cartero, on OS X, to send iMessages to victims addresses just like emails, but these will show up on every iDevice they have registered with apple
❯❯❯ ./cartero IMessage
Usage: Cartero IMessage [options]
IMPORTANT: This command only works on OSX
-D, --data [DATA_FILE] File containing template data sets
-A, --attachment [ATTACHMENT] Sets iMessage file path to send
-b, --body [BODY_FILE] Sets iMessage message
-m, --message [MESSAGE] Sets iMessage message
Common options:
-h, --help Show this message
--list-options Show list of available optionsBuilding Commands
Commands have a fairly simple framework. Example Framework commands are stored in Cartero/lib/cartero/commands/*.rb and ~/.cartero/commands/*.rb.
module Cartero
module Commands
class CommandName < ::Cartero::Command
def initialize
super do |opts|
#OptionsParser options available here.
opts.on("-x", "--xoption [DATA_FILE]", String,
"Description of command option") do |data|
@options.xoption = data
end
opts.on("-y", "--yoption [DATA_FILE]", String,
"Description of command option") do |data|
@options.xoption = data
end
# help() option already provided.
# --list-options for auto-complete automatic.
end
end
def setup
# This will be hooked and run before run().
# It is meant as a method so the commands can run everything before that.
end
def run
# Everything that will run.
end
def after
# This is the place to run clean-up code.
end
end
end
endDownload : Master.zip | Clone Url
Source : Cartero | our post before