Ejemplos de LocalExploit.__init__ en Python

Ejemplo n.º 1

Archivo: DSU.py Proyecto: zu1kbackup/Canvas

 def __init__(self):
     LocalExploit.__init__(self)
     self.name = NAME
     self.crondir = "/etc/cron.d"
     self.__pagesizes_cache = {}
     self.method = 3
     self.forkpid = 0

Ejemplo n.º 2

Archivo: wireshark_dect.py Proyecto: zu1kbackup/Canvas

 def __init__(self):
     LocalExploit.__init__(self)
     self.interface = 'vmnet1'
     self.dstAddr = '\xff\xff\xff\xff\xff\xff'
     self.loop = True
     self.loopInterval = 10
     self.use_local_interface = False

Ejemplo n.º 3

    def __init__(self):
        LocalExploit.__init__(self)
        self.local_helper_32 = "backdoors/osx-mosdef-upgrade-32"
        self.local_helper_64 = "backdoors/osx-mosdef-upgrade-64"

        self.remote_exp      = ""
        self.remote_helper   = ""

Ejemplo n.º 4

Archivo: linux_rds.py Proyecto: zu1kbackup/Canvas

 def __init__(self):
     LocalExploit.__init__(self)
     self.name = NAME
     self.symdict = {}
     self.RECVPORT = 9876
     self.SENDPORT = self.RECVPORT + 1
     self.MMAP_FAIL = [0xfffffff3, 0xfffffff2, 0xfffffff1, 0xffffffff]

Ejemplo n.º 5

Archivo: chfnescape.py Proyecto: y360u/canvas

 def __init__(self):
     LocalExploit.__init__(self)
     self.name      = NAME
     self.shellcode = ""
     self.password  = "******"
     self.user      = "******"
     self.newuser   = "******"

Ejemplo n.º 6

Archivo: smb2_negotiate_local.py Proyecto: zu1kbackup/Canvas

 def __init__(self):
     LocalExploit.__init__(self)
     self.setInfo(DESCRIPTION)
     self.name=NAME
     self.host=''
     self.port=445
     self.needsNoShellcode=1
     self.version=0

Ejemplo n.º 7

 def __init__(self):
     LocalExploit.__init__(self)
     self.name = NAME
     self.node = None
     self.lx = 'exploits/SYSRET/Resources/x'  # local path exploit
     self.lh = 'exploits/SYSRET/Resources/h'  # local path helper
     self.dx = '/tmp/x'  # remote path exploit
     self.dh = '/tmp/h'  # remote path helper

Ejemplo n.º 8

Archivo: CVE_2012_0056.py Proyecto: zu1kbackup/Canvas

 def __init__(self):
     LocalExploit.__init__(self)
     self.name = NAME
     self.node = None
     self.local_exploit = 'exploits/CVE_2012_0056/Resources/exploit32'  # local path exploit
     self.remote_exploit = '/tmp/xx'  # remote path to exploit
     self.local_cback = None
     self.remote_cback = '/tmp/t'  # remote path to callback
     self.tmppath = os.path.join(os.path.dirname(__file__), 'Resources')

Ejemplo n.º 9

 def __init__(self):
     LocalExploit.__init__(self)
     self.name = NAME
     self.upload_filename_exe = 'Resources/ms_ntvdm/ms_ntvdm.exe'
     self.upload_filename_dll = 'Resources/ms_ntvdm/ms_ntvdm.dll'
     self.result = 0
     self.badstring = '\0\xff'
     self.shellcode = ""
     return

Ejemplo n.º 10

 def __init__(self):
     LocalExploit.__init__(self)
     self.name = NAME
     self.upload_filename = 'Resources/ms08_049.exe'
     self.remote_filename = ''
     self.result = 0
     self.badstring = '\0\xff'
     self.listenerArgsDict['fromcreatethread'] = 1
     self.use_local_interface = False

Ejemplo n.º 11

Archivo: CVE_2010_3847.py Proyecto: zu1kbackup/Canvas

 def __init__(self):
     LocalExploit.__init__(self)
     self.name = NAME
     self.fd = -1
     self.suid = ""
     self.suids = {}
     self.wxdir = ""
     self.randdir = ""
     self.version = 0

Ejemplo n.º 12

Archivo: ms12_042.py Proyecto: zu1kbackup/Canvas

 def __init__(self):
     LocalExploit.__init__(self)
     self.name = NAME
     self.node = None
     self.files = ['sysret.exe']
     self.local_path = os.path.join(os.path.dirname(__file__), 'Resources')
     self.remote_path = '%TMP%\\'  # remote base path
     self.remote_name = '%s.exe' % random.randint(0, 1000)
     self.isX64 = False

Ejemplo n.º 13

    def __init__(self):
        LocalExploit.__init__(self)
        self.use_local_interface = False

        self.SOLlocals = {}
        self.SOLlocals['CVE-2006-4842'] = getModuleExploitClass(
            'CVE_2006_4842', which='CVE_2006_4842')
        self.CVE = None
        self.name = NAME

Ejemplo n.º 14

 def __init__(self):
     LocalExploit.__init__(self)
     self.setInfo(DESCRIPTION)
     self.name = NAME
     self.version = 1
     self.badstring = ''
     self.subesp = 0  #not necessary?
     self.supportedNodeArgs = [['linuxNode']]
     self.use_local_interface = False

Ejemplo n.º 15

Archivo: ms_kblayout.py Proyecto: zu1kbackup/Canvas

 def __init__(self):
     LocalExploit.__init__(self)
     self.name = NAME
     self.node = None
     self.MSKBLAYOUT = ['MS_KBLAYOUT.exe', 'MS_KBLAYOUT.dat']
     self.local_path = os.path.abspath(
         os.path.join(os.path.dirname(__file__), "Resources/"))
     self.remote_path = '%TMP%\\'  # remote base path
     self.trojan_name = 'CB%s.EXE' % random.randint(0, 1000)
     return

Ejemplo n.º 16

 def __init__(self):
     LocalExploit.__init__(self)
     self.setInfo(DESCRIPTION)
     self.logpath = os.getcwd(
     ) + '/3rdparty/D2SEC/exploits/d2sec_drosera/logs/'
     self.name = NAME
     self.src_path = 'C:\\'
     self.remote_path = '%TMP%\\'  # remote base path
     self.client_drosera = 'u.exe'
     self.driver_drosera = 'drosera.sys'

Ejemplo n.º 17

Archivo: ms_enableeudc.py Proyecto: zu1kbackup/Canvas

    def __init__(self):
        LocalExploit.__init__(self)
        self.name           = NAME
        self.node           = None
        self.files          = {'x86' :'ms_enableeudc.exe', 'x64': 'ms_enableeudc-64.exe' }
        self.MS_ENABLEEUDC  = [ 'ms_enableeudc.exe' ]
        self.local_path     = os.path.join(os.path.dirname(__file__), 'Resources')
        self.remote_path    = '%TMP%\\' # remote base path
        self.trojan_name    = 'CB%s.EXE'%random.randint(0,1000)
	self.isX64          = False
        return 

Ejemplo n.º 18

 def __init__(self):
     LocalExploit.__init__(self)
     self.name = NAME
     self.node = None
     self.linux_lh = 'exploits/sudo_timestamp/Resources/h_linux'
     self.linux_lx = 'exploits/sudo_timestamp/Resources/x_linux'
     self.mac_lh_32 = 'exploits/sudo_timestamp/Resources/h_mac_32'
     self.mac_lh_64 = 'exploits/sudo_timestamp/Resources/h_mac_64'
     self.mac_lx = 'exploits/sudo_timestamp/Resources/x_mac.py'
     self.dh = '/tmp/h'  # remote path helper
     self.dx = '/tmp/x'  # remote path exploit

Ejemplo n.º 19

 def __init__(self):
     LocalExploit.__init__(self)
     self.name = NAME
     self.node = None
     self.base_fontname = "ms11_032_base.otf"
     self.files = {'x86': 'ms11_032.exe', 'x64': 'ms11_032-64.exe'}
     self.MS11_032 = ['ms11_032.exe', 'ms11_032.otf']
     self.local_path = os.path.join(os.path.dirname(__file__), 'Resources')
     self.remote_path = '%TMP%\\'  # remote base path
     self.trojan_name = 'CB%s.EXE' % random.randint(0, 1000)
     self.isX64 = False
     return

Ejemplo n.º 20

Archivo: ms_taskscheduler.py Proyecto: zu1kbackup/Canvas

 def __init__(self):
     LocalExploit.__init__(self)
     self.name = NAME
     self.node = None
     self.TASKSCHEDULER = [
         ('ms_taskscheduler.exe',
          'ms_taskscheduler%d.exe' % random.randint(0, 1000))
     ]
     self.local_path = os.path.abspath(
         os.path.join(os.path.dirname(__file__), "Resources/"))
     self.remote_path = '%TMP%\\'  # remote base path
     self.trojan_name = 'CB%d.EXE' % random.randint(0, 1000)

Ejemplo n.º 21

 def __init__(self):
     LocalExploit.__init__(self)
     self.name                   = NAME
     self.result                 = 0
     self.device_name             = "\\\\.\\NDProxy"
     self.ioctl_code             = 0x8fff23cc
     self.ioctl_buf_addr         = 0x0     
     self.ioctl_buf_len          = 0
     self.ioctl_buf              = ""
     self.minor_version          = 0
     self.major_version          = 0
     self.x64                    = 0

Ejemplo n.º 22

 def __init__(self):
     LocalExploit.__init__(self)
     self.name                   = NAME
     self.result                 = 0
     self.device_name            = "\\\\.\\nicm"
     self.ioctl_code             = 0x143B6B
     self.ioctl_buf_addr         = 0x0
     self.ioctl_buf_len          = 0
     self.ioctl_buf              = ""
     self.minor_version          = 0
     self.major_version          = 0
     self.x64                    = 0

Ejemplo n.º 23

    def __init__(self):
        LocalExploit.__init__(self)
        self.name = NAME
        self.node = None
        self.files = {'x86': 'ms11_098.exe'}

        #get path relative to our canvas_root_directory
        from engine.config import canvas_root_directory
        self.local_path = os.path.abspath(
            os.path.join(os.path.dirname(__file__), "Resources/"))

        self.remote_path = '%TMP%\\'  # remote base path
        self.trojan_name = 'CB%4.4d.EXE' % random.randint(0, 5000)

Ejemplo n.º 24

    def __init__(self):
        LocalExploit.__init__(self)
        self.name = NAME
        self.fd = -1
        self.suid = ""
        self.suids = {}
        self.wxdir = ""
        self.randdir = ""
        self.version = 0

        self.mosdef_callback = "spawn-MOSDEF"
        self.cron_file = "/etc/cron.d/mosdef"
        self.cron_job = None

Ejemplo n.º 25

Archivo: android_hotplug.py Proyecto: zu1kbackup/Canvas

    def __init__(self):
        LocalExploit.__init__(self)
        self.result = ""
        self.name = NAME

        self.respath = os.path.abspath(
            os.path.join(os.path.dirname(__file__), "Resources/"))
        self.binname = "elevateprivs"
        self.dstfilename = "elevateprivs"
        self.dstdir = None
        self.excluded_devices = ["none", "sysfs", "devpts", "proc"]
        self.potential_directories = [
            "/data/data/com.android.browser", "/data/anr", "/tmp", "/temp",
            "/sdcard"
        ]

Ejemplo n.º 26

Archivo: qt73_rtsp.py Proyecto: y360u/canvas

    def __init__(self):
        LocalExploit.__init__(self)

        self.port = 80  #HTTP port
        self.rtspport = 554  #RTSP port
        self.listeners = {}

        # force engine to use hand selected callback interface .. can't use autofind
        self.autoFind = False

        self.badstring = "\x00"
        self.setVersions()
        self.version = 1
        self.name = NAME
        self.listenerArgsDict["fromcreatethread"] = 1
        self.use_local_interface = False
        self.subesp = 1000

Ejemplo n.º 27

Archivo: dmesg_leak.py Proyecto: zu1kbackup/Canvas

    def __init__(self):
        LocalExploit.__init__(self)
        self.result            = ""
        self.name              = NAME
        self.local_path        = os.path.dirname(__file__)
        self.binary_path       = os.path.join(self.local_path, "bin")
        self.db_path           = os.path.join(self.local_path, "db")
        self.fname             = DEFAULT_TARGET_SHADOW
        self.fsize             = DEFAULT_TARGET_SIZE
        self.flush_cache       = False
        self.debug             = True
        self.sb_addr           = 0
        self.ino_addr          = 0
        self.page_addr         = 0
        self.fcontent          = ''

        #self.db_cache = os.path.join(self.db_path, 'cache' % randint)
        if not os.path.exists(self.db_path):
            os.makedirs(self.db_path)
        return

Ejemplo n.º 28

    def __init__(self):
        LocalExploit.__init__(self)
        self.result = ""
        self.name = NAME
        self.local_path = os.path.dirname(__file__)
        self.binary_path = os.path.join(self.local_path, "bin")
        self.db_path = os.path.join(self.local_path, "db")
        self.upload_dir = None
        self.local_exp_name = 'winleak_spectre.exe'
        self.debug = False
        self.JD = None
        self.Skew1 = None
        self.GBG = None
        self.Data = None
        self.nr_users = None
        self.users = []

        #self.db_cache = os.path.join(self.db_path, 'cache' % randint)
        if not os.path.exists(self.db_path):
            os.makedirs(self.db_path)
        return

Ejemplo n.º 29

Archivo: i2omgmt.py Proyecto: zu1kbackup/Canvas

    def __init__(self):
        LocalExploit.__init__(self)
        self.name = NAME
        self.result = 0
        self.device_name = "\\\\.\\I2OExec"
        self.ioctl_code = 0x222F80
        self.ioctl_buf_addr = 0x0
        self.ioctl_buf_len = 0
        self.ioctl_buf = ""

        # BBBB gets replaced by a pointer to our shellcode
        self.fake_driver_object = "\x41\x41\x41\x41" * 28 + "BBBB"
        self.fake_driver_object_len = len(self.fake_driver_object)

        # AAAA is replaced by a pointer to our DRIVER_OBJECT
        # 0x11111111 is a positive stack size that works reliably to bypass the bugcheck
        self.fake_device_object = "AAAABBBBAAAA" + ("\x00\x00\x00\x00" *
                                                    9) + "\x11\x11\x11\x11"
        self.fake_device_object_len = len(self.fake_device_object)

        self.shellcode_addr = 0x0
        self.shellcode_len = 0
        self.shellcode = ""

Ejemplo n.º 30

Archivo: vmsplice.py Proyecto: zu1kbackup/Canvas

 def __init__(self):
     LocalExploit.__init__(self)
     self.name = NAME
     self.code_page_off = 0