Commit graph

15738 commits

Author SHA1 Message Date
Meitar M
390160d74b
Fix HTTP headers, use HTTP 302 Found in response to POST requests.
This commit brings the SET Harvester into better conformance with the
HTTP specification. Notably, this makes it possible to use the Harvester
module behind strict layer 7 reverse proxies (such as Cloudflare, Ngrok,
and similar) that require proper HTTP response headers for all replies.

The major change is the addition of a proper HTTP `302 Found` redirect
using the `Location` HTTP header and the addition of an HTML5 document
type declaration (`<!doctype html>`) prepening the body of the reply
sent to a visitor when submitting the SET Harvester's phishing login
form. Smaller changes include correcting misspellings in other HTTP
headers (`Content_type` -> `Content-Type`) in various places.
2020-03-19 23:35:50 -04:00
David Kennedy
fba5551957
Merge pull request #699 from meitar/dns-server
Revive SET's built-in DNS responder under Python 3
2020-03-14 22:37:28 -04:00
Meitar M
ec37d317c9
Bitwise AND should be with decimal 31 to also compare QR flag.
The original version of pyminifakedns ignored the value of the
Query/Response Flag ("QR flag"), which is the bit immediately prior to
the DNS opcode field. The value of the QR flag should be checked for the
value 0 along with the opcode bits, which should also be zero.
2020-03-14 02:45:50 -04:00
Meitar M
bee1a38d05
Port original pyminifakedns, circa 2006, to Python 3.
This commit completes porting the internals of the MiniFakeDNS server
class to Python 3. This primarily means converting the Python 2 `str`
types to Python 3's `bytes` objects.

In the process, I've also translated the variable names from their
original Spanish into English, and added explanatory comments for how
the DNS header parsing is accomplished to enhance the educational
potential of SET.

Another small change is the addition of a new core helper function,
`detect_public_ip()`, which makes a couple parts of the codebase a
little more DRY by reducing code duplication across the `set.py` and
`setcore.py` files. This change also makes it possible to parameterize
the IP address that MiniFakeDNS server responds to requests with.
2020-03-14 02:18:18 -04:00
Meitar M
3a2ba0a500
Move the DNS server into its own module. Refactor how to call to it.
This is a relatively large commit because it refactors SET's interface
to the build-in DNS server it runs. Instead of a block of code inside of
the `setcore.py` file, a new module called `minifakedns` is added, which
houses all of the DNS-related code. Note that this commit *only*
refactors the DNS interface and its internals, it does not actually fix
the exception caused by receiving some DNS query, nor does it complete
the work required to set parameters for the DNS server, such as which IP
address it should respond with. It is just intended to make these
changes easier to introduce moving forward in upcoming chunks of work.

This replaces the `core.start_dns()` function with a new helper, whose
full path is `src.core.minifakedns.start_dns_server()`.

The previous implementation assumed the DNS server would be run from the
main thread, and thus have access to SIGINT, but this was never actually
possible because a `KeyboardInterrupt` was actually intercepted by SET
itself, before the DNS server code ever got to see it. This means that
the DNS server would never shut down cleanly.

This implementation changes that by using a simplistic sentinel value
(called `stop_flag`) that can be set as an instance attribute on the new
`MiniFakeDNS` object. When the sentinel value is `True`, the DNS server
thread will exit its listening loop.

Another change this introduces is the fact that, due to this new design,
the DNS server stops when `core.cleanup_routine()` is run. And, as a
note about that, this was running twice, once upon *startup* rather than
when SET shut down. This looked like a bug to me, and it was causing
problems for this DNS server design, so I removed that extra call and
performed some simplistic tests of various SET functionality to make
sure everything still works. (It seems fine, but might warrant a second
look.)

Finally, note that this commit breaks Python 2 compatibility due to the
use of a context manager handling the UDP socket. Given that the DNS
server was not really functional for some period of time before I
started looking at it more closely, the fact that Python 2 is officially
end-of-life'd (as of January 2020), the relative complexity of writing a
Python 2 and Python 3 implementation, and the fact that many comments
elsewhere in the SET codebase all seem to be nudging towards a Python 3
compatible upgrade, I am choosing to drop support for Python 2 in my own
patches, unless there is some considerable objection.
2020-03-12 19:25:28 -04:00
Meitar M
67c2210c3e
Begin work to revive SET's built-in DNS spoofer.
The DNS server in SET assumes that it's going to be able to bind to port
53 on all interfaces, but on most modern *nix machines, that's no longer
reasonable because `systemd-resolved` runs a stub resolver there. This
means an unhandled exception is raised as soon as `DNS_SERVER=ON` in the
`set.config` file.

While there are other issues with this setting, the first chunk of work
is represented in this patch. It checks to see whether the system is
likely configured in the way systemd recommends, with `/etc/resolv.conf`
set to be a symlink pointing at `/run/systemd/resolve/stub-resolv.conf`.
If so, SET uses its root privileges to automatically reconfigure the
system in such a way as to disable `systemd-resolved`'s stub DNS
resolver, clearing port 53, and then setting the system to use Quad Nine
(`9.9.9.9`) as its DNS resolver. Quad Nine is a free service run by the
security community that provides a fast, anycast public recursive DNS
resolver. This was chosen over Cloudflare (at `1.1.1.1`) or Google
(at `8.8.8.8`) because Quad Nine also provides some malware filtering.
See https://quad9.net for details about this service.

In any event, once the reconfiguration is complete, we register a
cleanup function that will undo our configuration, ceding our own setup
back to the original system configuration just before the DNS server
thread exits, ensuring no permanent changes are made to the system.

This only works on GNU/Linux systems, of course, since Apple macOS do
not run systemd, even though they are POSIX. Of course, Apple also
doesn't run its own local stub resolver, so this is not a problem in
need of a solution of macOS. For this reason, `check_os()` is not used.
2020-03-12 02:57:48 -04:00
David Kennedy
3c56c68b5c
Merge pull request #685 from yichi-yang/master
harvester set Content-Type and Content-Length
2020-03-11 16:36:44 -04:00
David Kennedy
3a6090ee40
Merge pull request #696 from meitar/issue-686
Fixes #686: Starting SSL server causes import error.
2020-03-11 16:36:31 -04:00
David Kennedy
51aa33862f
Merge pull request #697 from meitar/seautomate-python-3
Make `seautomate` functional with Python 3.
2020-03-11 16:36:15 -04:00
David Kennedy
162d0f043b
Merge pull request #698 from meitar/ssl-socket-error
First pass at surviving certain TLS connection issues. See #696.
2020-03-11 16:36:05 -04:00
Meitar M
696e09e29d
Fix NameErrors that were swallowed by blanket except blocks.
The actual `socketserver` variable was sometimes called `server` and
sometimes called `httpd`. This meant that invisible `NameError`
exceptions were being raised in several places when the server's socket
was supposed to be closed (with calls to `socket.close()`.

This commit converges on the variable name `server` for the socket
server, and continues to move code responsible solely for generating
reports into the `generate_reports()` helper function. By doing so, the
functions where the servers are being handled are shorter, making it
easier to spot name errors such as the ones fixed here.
2020-03-10 21:22:24 -04:00
Meitar M
46481e0147
Fixes report generation for built-in SSL server.
Turns out, the `shutdown_request()` method was not ever catching
`KeyboardInterrupt` exceptions because they were never raised there.
This means we can at least catch the exception in that block, and move
the exception handling closer to where it should be.

That turns out to be in `ssl_server()` itself, which AFAICT was never
going to generate reports the same way that the non-SSL server was,
visible in the `run()` method.

This commit revives the report generation capabilities in `ssl_server()`
by moving the same logic used by `run()` into a new function,
`generate_reports()` and calling it in both code paths.
2020-03-10 21:07:55 -04:00
Meitar M
9954c23611
First pass at surviving certain TLS connection issues. See #696.
This is probably a kludge because I am not super familiar with TLS
socket programming or SET generally, but it achieves the result, which
is not to shutdown the (HTTPS) socket server when a TLS client responds
to a TLS Server Hello message with a fatal Alert message.

One example of a client that does this is recent Firefox. What this
means is that if you run SET with `WEBATTACK_SSL=ON` and
`SELF_SIGNED_CERT=ON`, your victim can turn off your HTTPS server simply
by navigating to your attack page.

This is caused by the underlying OpenSSL library raising an error that
`pyopenssl`, in turn, `raise`s through the socket server libraries.
Ultimately, it bubbles up to the `harvester` module through its
`shutdown_request` method, called by the underlying socket server's
`_handle_request_noblock` method. See the backtrace printed in the
comments of Pull Request #696 for a complete example.

The bottom line is that this unhandled exception ultimately causes the
HTTPS server to die before it gets a chance to be useful. Since I assume
that SET doesn't particularly care what certificate validation alerts the
client is sending us, this patch addresses the issue by ignoring every
raised exception from the underlying libraries except for a
`KeyboardInterrupt` so that the SET user can cause a server shutdown
themselves, with the expected `C-c` interrupt signal.

There is probably a more graceful way to handle this, though? Also, note
that this only fixes the HTTPS issues for Python 3. Python 2 exhibits a
different error altogether.
2020-03-10 17:52:09 -04:00
Meitar M
af5b75b2a0
Make seautomate functional with Python 3.
Per Debian policy, Python versions 3 and greater must be called from the
`python3` executable, not the `python` executable. This means
Debian-based systems with Python 3 installed but not Python 2 will fail
to launch SET through `seautomate` because the `python` executable is
hard-coded into the call to `pexpect.spawn()`.

This commit uses the standard library's
`distutils.spawn.find_executable()` method to locate the correct path to
`python3` or, failing that, the correct path to the `python` executable
and uses the result of that call as the first command line word with
which to invoke `setoolkit`.

The `distutils.spawn.find_executable()` method is available at that
exact name in both Python 2 and 3, so this should be portable across all
Python versions.

Note that the shebang line references `python`, and so Python 3-only
systems such as newer Debian-based builds may need to invoke
`seautomate` using an explicit interpreter for it to work:

```sh
sudo python3 ./seautomate /path/to/script/file.txt
```
2020-03-10 14:33:22 -04:00
Meitar M
ed4c3bc3d2
Fixes #686: Starting SSL server causes import error.
This resolves the first issue in a line of several preventing the
SSL-capable server from spinning up correctly as described in the
referenced issue number. The cause is simply a missing import when
`setoolkit` is run under Python 3.
2020-03-10 08:10:34 -04:00
Yichi Yang
070e15fdf3 harvester set Content-Type and Content-Length 2020-02-11 13:09:50 -05:00
David Kennedy
bc1459567d update readme info 2020-02-04 18:43:49 -05:00
David Kennedy
69c24714e0 update readme install 2020-02-04 18:42:52 -05:00
David Kennedy
97450f9cf3 update readme 2020-02-04 18:41:51 -05:00
David Kennedy
e1d3f830fe update license date 2020-02-04 16:45:29 -05:00
David Kennedy
d400eccbcf Merge branch 'master' of https://github.com/trustedsec/social-engineer-toolkit 2020-02-04 16:26:57 -05:00
David Kennedy
af2085157b bump version 2020-02-04 16:26:40 -05:00
David Kennedy
cf4d80a7e0 fix message prompt 2020-02-04 16:25:49 -05:00
trustedsec
ee32d6556e
Merge pull request #682 from cclauss/patch-2
Use print() function in both Python 2 and Python 3
2020-02-03 23:33:11 -05:00
Christian Clauss
333f71bca6
Use print() function in both Python 2 and Python 3 2020-02-04 06:20:34 +02:00
David Kennedy
5a119afdc3 fix payload creation base64 error 2020-02-03 21:03:07 -05:00
David Kennedy
c5b0851a14 fix java applet encoding for create payloads 2020-02-03 21:02:42 -05:00
David Kennedy
8b9e6dd516 fix ratte showing up in modules 2020-02-03 20:52:04 -05:00
David Kennedy
39792950e2 fix browser autopwn not launching listener 2020-02-03 20:40:32 -05:00
David Kennedy
20c9d66a50 update changelog 2020-02-03 20:09:21 -05:00
David Kennedy
005422e472 add better description 2020-02-03 20:08:52 -05:00
David Kennedy
8fb8b406b4 remove patched folder 2020-02-03 20:06:01 -05:00
David Kennedy
55ba216a71 fix python3 raw input 2020-02-03 19:58:42 -05:00
David Kennedy
fe69551c41 Merge branch 'master' of https://github.com/trustedsec/social-engineer-toolkit 2020-02-03 19:55:42 -05:00
David Kennedy
f02f283e53 remove old path structure 2020-02-03 17:28:10 -05:00
David Kennedy
57ab04620e remove old directory path 2020-02-03 17:27:49 -05:00
David Kennedy
bbe2a48ef3 add setup.py installer for non-standalone 2020-02-03 17:26:50 -05:00
David Kennedy
1252ee4ce2 fix python3 compat file open issues 2020-02-03 17:11:08 -05:00
trustedsec
b424969d30
Merge pull request #669 from cclauss/patch-2
GitHub Actions: Python 3.5, 3.6, 3.7 on Ubuntu
2020-02-03 17:09:20 -05:00
Christian Clauss
7257a9d8cd
GitHub Actions: Python 3.5, 3.6, 3.7 on Ubuntu 2019-12-19 00:01:27 +01:00
trustedsec
09b56b105f
Merge pull request #668 from cclauss/patch-2
GitHub Actions: Lint and test our Python code
2019-12-18 13:32:47 -05:00
trustedsec
67506ba921
Merge pull request #666 from meitar/fix-pymssql
Fixes #651, fixes #660: Pin pymssql requirement to existing version.
2019-12-18 13:31:31 -05:00
Christian Clauss
0c8cd8c21c GitHub Actions: Lint and test our Python code 2019-12-16 22:52:00 +01:00
Meitar M
04dbf5c263
Fixes #651, fixes #660: Pin pymssql requirement to existing version.
See also pymssql/pymssql#668 which describes the discontinuance of the
pymssql project.

This commit addresses the issue by simplistically pinning the dependency
on pymssql to an existing version.
2019-12-10 00:43:19 -05:00
trustedsec
65e3101f13
Merge pull request #659 from DMofGM/master
Found a lingering instance of raw_input in powershell.py
2019-11-19 19:57:51 -05:00
DMofGM@gmail.com
b760505175 Found a lingering instance of raw_input in powershell.py 2019-10-31 03:26:36 +00:00
trustedsec
e8ace04b00
Merge pull request #648 from buzzdeee/py3_cStringIO_fix
python3 compatibility fix regarding cStringIO
2019-09-24 13:46:43 -04:00
trustedsec
f164e06e1c
Merge pull request #649 from buzzdeee/py3_email_fix
Fix py3 incompatibility with regard to email module
2019-09-24 13:46:18 -04:00
Sebastian Reitenbach
973e0c3dbb Fix py3 incompatibility with regard to email module
Getting into Social-Engineering Attacks -> Mass Mailer Attack,
errors are thrown regarding the import of email modules.

This needs the fix in PR #648
2019-09-03 10:28:41 +02:00
Sebastian Reitenbach
8ded4aca69 Using Python 3, and getting into Social-Engineering Attacks ->
Mass Mailer Attack, SET throws an error:

Something went wrong, printing the error: No module named 'cStringIO'

This fixes it, the change to socket.py fixes the module name,
and the change to smtp_web fixes the exception name.
2019-09-03 09:59:10 +02:00