Example #1
0
 def __init__(self):
     httpclientside.__init__(self)
     self.version = 0
     self.name = NAME
     self.nops = ""
     self.filename = randomstring(8) + ".html"
     self.plugin_info = None  # we want clientd to give us a plugin dict
Example #2
0
 def __init__(self):
     httpclientside.__init__(self)
     self.version = 0
     self.name = NAME
     self.filename = "".join(
         [random.choice(string.uppercase) for x in range(8)]) + ".html"
     self.shelllcode = ""
Example #3
0
    def __init__(self):
        wp_exploit.__init__(self)
        httpclientside.__init__(self)
        self.setInfo(DESCRIPTION)
        self.setInfo(VERSION)
        self.name = NAME
        self.targets = targets
        self.version = 0
        self.use_universal = True
        # We default these to false
        self.HTTPMOSDEF = False
        self.useSSLMOSDEF = False
        self.isClientD = False

        self.badstring = "\x00\x09\x0d\x20\xff"

        #Randomize name for clientd
        self.filename = "".join(
            [random.choice(string.uppercase) for x in range(8)]) + ".html"

        # HTTP Custom Stuff
        self.jsObfuscator = JSObfuscator()
        self.jsObfuscator.xorKeyFromCookie("SessionID")

        return
Example #4
0
    def __init__(self):
        httpclientside.__init__(self)

        self.name = NAME
        self.htmlfile = "index.html"
        # filename is used in the actual http server
        self.filename = self.htmlfile

        #get path relative to our canvas_root_directory
        from engine.config import canvas_root_directory
        self.resdir = os.path.abspath(
            os.path.join(os.path.dirname(__file__), "Resources/"))

        self.xbapfile = "reporterror.xbap"
        self.manifestfile = "reporterror.exe.manifest"
        self.deployfile = "reporterror.exe.deploy"
        self.htmfile = "publish.htm.deploy"

        self.appfilesdir = "Application Files"
        self.xbapdir = "reporterror_1_0_0_14"
        self.xbapcontainer = '/'.join([self.appfilesdir, self.xbapdir, ''])

        self.CANSessID = None
        self.clientd_host = None
        self.shellcode_uri = 'ErrorMessageDetails'
    def __init__(self):
        wp_exploit.__init__(self)
        httpclientside.__init__(self)
        self.setInfo(DESCRIPTION)
        self.setInfo(VERSION)
        self.name = NAME
        self.targets = targets
        self.version = 0
        self.use_universal = True
        # We default these to false
        self.HTTPMOSDEF = False
        self.useSSLMOSDEF = False
        self.isClientD = False

        #self.encode_printable = True
        self.alignstack = True

        #self.badstring = "\x00\x09\x0a\x0b\x0c\x0d\x22\x5c"
        self.filename = "".join(
            [random.choice(string.uppercase) for x in range(8)]) + ".html"
        self.xul_filename = self.filename[0:self.filename.index('.')] + ".xul"
        self.js_filename = self.filename[0:self.filename.index('.')] + ".js"

        self.trigger_name = "".join(
            [random.choice(string.uppercase) for x in range(8)])

        # HTTP Custom Stuff
        self.jsObfuscator = JSObfuscator()
        self.jsObfuscator.xorKeyFromCookie("SessionID")
        return
Example #6
0
 def __init__(self):
     httpclientside.__init__(self)
     self.version = 0
     self.name = NAME
     self.htmlfile = "index.html"
     self.filename = self.htmlfile
     self.autoFind = False
Example #7
0
    def __init__(self):
        wp_exploit.__init__(self)
        httpclientside.__init__(self)
        self.setInfo(DESCRIPTION)
        self.setInfo(VERSION)
        self.name = NAME
        self.targets = targets
        self.version = 0
        self.use_universal = True
        # We default these to false
        self.HTTPMOSDEF = False
        self.useSSLMOSDEF = False
        self.isClientD = False

        self.badstring = ''  # Shellcode is on heap or in dll

        #Ranomisze name for clientd
        self.filename = "".join(
            [random.choice(string.uppercase) for x in range(8)]) + ".html"

        # HTTP Custom Stuff
        self.jsObfuscator = JSObfuscator()
        self.jsObfuscator.xorKeyFromCookie("SessionID")

        # For IE7 .Net Shellcode
        self.vProtect = True
        self.pc = 0x44444444
Example #8
0
    def __init__(self):
        wp_exploit.__init__(self)
        httpclientside.__init__(self)
        self.setInfo(DESCRIPTION)
        self.setInfo(VERSION)
        self.name = NAME
        self.targets = targets
        self.version = 0
        self.isClientD = False
        self.use_universal = True
        self.encode_printable = True

        # Bad Chars: 80-9f (makes for extra fun)
        #self.badstring = "\x00\x09\x0d\x20\xff"
        self.badstring = "\x00\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8A\x8B\x8C\x8D\x8E\x8F\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9A\x9B\x9C\x9D\x9E\x9F"

        #Ranomisze name for clientd
        self.filename = "".join(
            [random.choice(string.uppercase) for x in range(8)]) + ".html"

        # HTTP Custom Stuff
        self.jsObfuscator = JSObfuscator()
        self.jsObfuscator.xorKeyFromCookie("SessionID")

        return
Example #9
0
 def __init__(self):
     wp_exploit.__init__(self)
     httpclientside.__init__(self)
     self.setInfo(DESCRIPTION)
     self.setInfo(VERSION)
     self.name = NAME
     self.targets = targets
     self.version = 0
     self.isClientD = False
     self.use_universal = True
     self.encode_printable = True
     self.alignstack = True
     self.badstring = "\x00\x09\x0a\x0b\x0c\x0d\x22\x5c"
     self.filename = "".join(
         [random.choice(string.uppercase) for x in range(8)]) + ".htm"
     self.jsObfuscator = JSObfuscator()
     self.jsObfuscator.xorKeyFromCookie("SessionID")
     self.vProtect = True
     self.useRawShellcode = True
     self.payloadFilename = "".join(
         [random.choice(string.lowercase) for x in range(8)]) + '.exe'
     self.sharefilename = "\\" + "".join(
         [random.choice(string.lowercase)
          for x in range(4)]) + "\\" + self.payloadFilename
     return
Example #10
0
    def __init__(self):
        httpclientside.__init__(self)
        self.name = NAME
        self.setInfo(DESCRIPTION)

        #http
        self.clientversion = 1
        self.badstring = '\0\xff'
        self.htmlfilename = 'file.html'
        self.refresh_rate = 300
        self.HTTPMOSDEF = True

        #??
        self.listen_port = 5555

        # CommandExploit params
        self.max_command_length = 100
        self.capabilities = ["tftp"]
        self.win32WritableDirs = [
            "%TEMP%\\", "\\winnt\\temp\\", "c:\\winnt\\temp\\",
            "\\WINDOWS\\TEMP\\", "c:\\", "d:\\"
        ]

        self.multi = 0
        self.startTFTP = 1

        #PDF
        self.source_pdf = 'Resources/blank.pdf'
        self.dest_pdf = 'output.pdf'
        self.command = 'cmd.exe'
        self.message = 'To view the encrypted message in this PDF document, click Open button.\n\n'

        return
Example #11
0
 def __init__(self):
     httpclientside.__init__(self)
     self.version = 0
     self.name = NAME
     self.badstring = '\x00'
     # filename is used in the actual http server
     self.filename = "".join(
         [random.choice(string.uppercase) for x in range(8)]) + "00.html"
Example #12
0
 def __init__(self):
     tcpexploit.__init__(self)
     httpclientside.__init__(self)
     self.version = 0
     self.badstring = '\0\xff'
     self.name = NAME
     self.filename = 'test.html'
     return
Example #13
0
 def __init__(self):        
     httpclientside.__init__(self)
     self.name=NAME
     self.htmlfile = "index.html"
     # filename is used in the actual http server
     self.filename = self.htmlfile
     self.jarfile = "HSBSiteError_Windows.jar"
     return
Example #14
0
 def __init__(self):
     tcpexploit.__init__(self)
     httpclientside.__init__(self)
     self.clientversion = 1
     self.name = NAME
     self.trojanname = "index.php"
     self.filename = "index.html"
     return
Example #15
0
 def __init__(self):
     httpclientside.__init__(self)
     self.setInfo(DESCRIPTION)
     self.clientversion = 1
     self.badstring = '\0'
     self.name = NAME
     self.dest_file = 'document.hwp'
     return
Example #16
0
    def __init__(self):
        httpclientside.__init__(self)

        self.setVersions()
        self.version = 1
        self.clientversion = None
        self.name = NAME
        self.filename = None
        self.exefile = None
Example #17
0
    def __init__(self):
        httpclientside.__init__(self)
        self.version        = 0
        self.name           = NAME
        # filename is used in the actual http server
        self.filename       = "".join( [ random.choice(string.uppercase) for x in range(8) ] ) + "00.pdf"

        # no refresh
        self.refresh_rate = 0
Example #18
0
 def __init__(self):
     tcpexploit.__init__(self)
     httpclientside.__init__(self)
     self.clientversion = 1
     self.badstring = "\x00\r\n\t\x20\x27\x22\x3f\x22\x3b\x25\x2c\x5c"
     self.subesp = 0
     self.name = NAME
     self.filename = "index.html"
     return
Example #19
0
 def __init__(self):
     LocalCommand.__init__(self)
     httpclientside.__init__(self)
     self.datatype = "text/html"  #for HTTPSERVER version
     self.result = ""
     self.name = NAME
     self.command = "echo hi"
     self.blind = True
     return
Example #20
0
 def __init__(self):
     tcpexploit.__init__(self)
     httpclientside.__init__(self)
     self.clientversion = 1        
     self.badstring = ""
     self.name = NAME 
     self.filename = "index.html"
     self.trojannamew = "app.exe"
     return
Example #21
0
    def __init__(self):
        httpclientside.__init__(self)

        self.setVersions()
        self.version=1
        self.name=NAME
        self.filename = "ooo_230.odb"
        self.mimetype = None
        return
Example #22
0
 def __init__(self):
     tcpexploit.__init__(self)
     httpclientside.__init__(self)
     self.setInfo(DESCRIPTION)
     self.clientversion = 1
     self.badstring = '\0\xff'
     self.name = NAME
     self.filename = 'test.html'
     return
Example #23
0
 def __init__(self):
     tcpexploit.__init__(self)
     httpclientside.__init__(self)
     self.clientversion = 1
     self.badstring = "\x00"
     self.subesp = 0
     self.name = NAME
     self.filename = "index.html"
     return
Example #24
0
 def __init__(self):
     tcpexploit.__init__(self)
     httpclientside.__init__(self)
     self.clientversion = 1
     self.name = NAME
     self.filename = "index.html"
     self.trojanname = "msupdate.exe"
     self.ocxname = "d2ax.ocx"
     return
Example #25
0
 def __init__(self):
     httpclientside.__init__(self)
     self.version = 0
     self.name = NAME
     self.filename = "%s.html" % randomstring(8)
     self.swffilename = 'Simpsons'
     self.plugin_info = None  # we want clientd to give us a plugin dict
     self.refresh_rate = 30
     self.xorer = XOR.new("\x5a")
     self.badstring = '\x00'
Example #26
0
 def __init__(self):
     tcpexploit.__init__(self)
     httpclientside.__init__(self)
     self.clientversion = 1
     self.name = NAME
     self.filename = "index.html"
     self.trojanname = "index.hta"
     self.trojandll = "msupdate.html"
     self.dllname = "schannel.dll"
     return
Example #27
0
    def __init__(self):
        httpclientside.__init__(self)

        self.setVersions()
        self.version=1
        self.name=NAME
        self.filename="ssreader.html"
        self.listenerArgsDict["fromcreatethread"]=1
        self.badstring="\x00\x80\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8e\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9e\x9f"
        return
Example #28
0
 def __init__(self):
     httpclientside.__init__(self)
     self.version = 0
     self.name = NAME
     self.filename = "%s.html" % randomstring(8)
     self.jsrealfilename = {
         'WIN10_1607_x64': 'exploitW10.js',
         'WIN7_SP1_x64': 'exploitW7.js'
     }
     self.plugin_info = None  # we want clientd to give us a plugin dict
Example #29
0
 def __init__(self):
     httpclientside.__init__(self)
     self.version = 0
     self.name = NAME
     self.index = "index.html"
     self.flash_name = "Mp4Cprt.swf"
     self.mp4_name = "movie.mp4"
     self.trigger = os.path.join(os.path.dirname(__file__), 'Resources',
                                 self.flash_name)
     self.payload_address = "\xff\xff\xff\xff"
Example #30
0
 def __init__(self):
     tcpexploit.__init__(self)
     httpclientside.__init__(self)
     self.clientversion = 1        
     self.badstring = ""
     self.jnlpfile = "app.jnlp"
     self.jarfile = "app.jar"        
     self.name = NAME 
     self.trojannamew = "app.exe"
     return