From b251f10f012a5798d25551f22ebf5aec885309c4 Mon Sep 17 00:00:00 2001 From: DKingCN Date: Tue, 12 Jan 2016 22:24:13 +0800 Subject: [PATCH 1/3] unvaliable parameters commented XP_MODE SUPPLIED_BINARY --- config/mitmf.conf | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/config/mitmf.conf b/config/mitmf.conf index 77af21c..1b946cd 100644 --- a/config/mitmf.conf +++ b/config/mitmf.conf @@ -457,10 +457,10 @@ # RUNAS_ADMIN will attempt to patch requestedExecutionLevel as highestAvailable RUNAS_ADMIN = False # XP_MODE - to support XP targets - XP_MODE = True + #XP_MODE = True # SUPPLIED_BINARY is for use with PATCH_METHOD 'onionduke' DLL/EXE can be x64 and # with PATCH_METHOD 'replace' use an EXE not DLL - SUPPLIED_BINARY = veil_go_payload.exe + #SUPPLIED_BINARY = veil_go_payload.exe MSFPAYLOAD = windows/meterpreter/reverse_tcp [[[[WindowsIntelx64]]]] @@ -479,7 +479,7 @@ RUNAS_ADMIN = False # SUPPLIED_BINARY is for use with PATCH_METHOD onionduke DLL/EXE can x86 32bit and # with PATCH_METHOD 'replace' use an EXE not DLL - SUPPLIED_BINARY = pentest_x64_payload.exe + #SUPPLIED_BINARY = pentest_x64_payload.exe MSFPAYLOAD = windows/x64/shell/reverse_tcp [[[[MachoIntelx86]]]] From fe82513a0e6699195b86c9e71ca3278c61907f84 Mon Sep 17 00:00:00 2001 From: DKingCN Date: Tue, 12 Jan 2016 22:32:36 +0800 Subject: [PATCH 2/3] Wrong parameters fix deleted: SUPPLIED_BINARY=self.WindowsIntelx86['SUPPLIED_BINARY'], XP_MODE=self.str2bool(self.WindowsIntelx86['XP_MODE']) SUPPLIED_BINARY=self.WindowsIntelx64['SUPPLIED_BINARY'], --- plugins/filepwn.py | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/plugins/filepwn.py b/plugins/filepwn.py index 83d947c..f8c03ea 100644 --- a/plugins/filepwn.py +++ b/plugins/filepwn.py @@ -374,12 +374,11 @@ class FilePwn(Plugin): ADD_SECTION=add_section, CAVE_JUMPING=cave_jumping, IMAGE_TYPE=self.WindowsType, - RUNAS_ADMIN=self.str2bool(self.WindowsIntelx86['RUNAS_ADMIN']), + CHECK_ADMIN=self.str2bool(self.WindowsIntelx86['RUNAS_ADMIN']), PATCH_DLL=self.str2bool(self.WindowsIntelx64['PATCH_DLL']), SUPPLIED_SHELLCODE=self.WindowsIntelx64['SUPPLIED_SHELLCODE'], ZERO_CERT=self.str2bool(self.WindowsIntelx64['ZERO_CERT']), - PATCH_METHOD=self.WindowsIntelx64['PATCH_METHOD'].lower(), - SUPPLIED_BINARY=self.WindowsIntelx64['SUPPLIED_BINARY'], + PATCH_METHOD=self.WindowsIntelx64['PATCH_METHOD'].lower() ) result = targetFile.run_this() @@ -408,13 +407,11 @@ class FilePwn(Plugin): ADD_SECTION=add_section, CAVE_JUMPING=cave_jumping, IMAGE_TYPE=self.WindowsType, - RUNAS_ADMIN=self.str2bool(self.WindowsIntelx86['RUNAS_ADMIN']), + CHECK_ADMIN=self.str2bool(self.WindowsIntelx86['RUNAS_ADMIN']), PATCH_DLL=self.str2bool(self.WindowsIntelx86['PATCH_DLL']), SUPPLIED_SHELLCODE=self.WindowsIntelx86['SUPPLIED_SHELLCODE'], ZERO_CERT=self.str2bool(self.WindowsIntelx86['ZERO_CERT']), - PATCH_METHOD=self.WindowsIntelx86['PATCH_METHOD'].lower(), - SUPPLIED_BINARY=self.WindowsIntelx86['SUPPLIED_BINARY'], - XP_MODE=self.str2bool(self.WindowsIntelx86['XP_MODE']) + PATCH_METHOD=self.WindowsIntelx86['PATCH_METHOD'].lower() ) result = targetFile.run_this() @@ -610,7 +607,7 @@ class FilePwn(Plugin): self.log.debug("Updating Config {0}: {1}".format(key, value)) def response(self, response, request, data): - + try: content_header = response.headers['content-type'] client_ip = request.client.getClientIP() host = request.headers['host'] @@ -674,4 +671,6 @@ class FilePwn(Plugin): self.clientlog.error(exc, extra=request.clientInfo) self.clientlog.warning("Returning original file", extra=request.clientInfo) - return {'response': response, 'request': request, 'data': data} \ No newline at end of file + return {'response': response, 'request': request, 'data': data} + except: + self.clientlog.info('Filepwn failed to response this request', extra=request.clientInfo) From 40957791e9a83903e5168c3eb143a954e55b8092 Mon Sep 17 00:00:00 2001 From: DKingCN Date: Tue, 12 Jan 2016 22:45:26 +0800 Subject: [PATCH 3/3] Update filepwn.py --- plugins/filepwn.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/plugins/filepwn.py b/plugins/filepwn.py index f8c03ea..2c7ebec 100644 --- a/plugins/filepwn.py +++ b/plugins/filepwn.py @@ -673,4 +673,4 @@ class FilePwn(Plugin): return {'response': response, 'request': request, 'data': data} except: - self.clientlog.info('Filepwn failed to response this request', extra=request.clientInfo) + self.clientlog.error('Filepwn failed to response this request', extra=request.clientInfo)