def __init__(self):
httpclientside.__init__(self)
self.version = 0
self.name = NAME
self.nops = ""
self.filename = randomstring(8) + ".html"
self.plugin_info = None # we want clientd to give us a plugin dict
def __init__(self):
httpclientside.__init__(self)
self.version = 0
self.name = NAME
self.filename = "".join(
[random.choice(string.uppercase) for x in range(8)]) + ".html"
self.shelllcode = ""
def __init__(self):
wp_exploit.__init__(self)
httpclientside.__init__(self)
self.setInfo(DESCRIPTION)
self.setInfo(VERSION)
self.name = NAME
self.targets = targets
self.version = 0
self.use_universal = True
# We default these to false
self.HTTPMOSDEF = False
self.useSSLMOSDEF = False
self.isClientD = False
self.badstring = "\x00\x09\x0d\x20\xff"
#Randomize name for clientd
self.filename = "".join(
[random.choice(string.uppercase) for x in range(8)]) + ".html"
# HTTP Custom Stuff
self.jsObfuscator = JSObfuscator()
self.jsObfuscator.xorKeyFromCookie("SessionID")
return
def __init__(self):
httpclientside.__init__(self)
self.name = NAME
self.htmlfile = "index.html"
# filename is used in the actual http server
self.filename = self.htmlfile
#get path relative to our canvas_root_directory
from engine.config import canvas_root_directory
self.resdir = os.path.abspath(
os.path.join(os.path.dirname(__file__), "Resources/"))
self.xbapfile = "reporterror.xbap"
self.manifestfile = "reporterror.exe.manifest"
self.deployfile = "reporterror.exe.deploy"
self.htmfile = "publish.htm.deploy"
self.appfilesdir = "Application Files"
self.xbapdir = "reporterror_1_0_0_14"
self.xbapcontainer = '/'.join([self.appfilesdir, self.xbapdir, ''])
self.CANSessID = None
self.clientd_host = None
self.shellcode_uri = 'ErrorMessageDetails'
def __init__(self):
wp_exploit.__init__(self)
httpclientside.__init__(self)
self.setInfo(DESCRIPTION)
self.setInfo(VERSION)
self.name = NAME
self.targets = targets
self.version = 0
self.use_universal = True
# We default these to false
self.HTTPMOSDEF = False
self.useSSLMOSDEF = False
self.isClientD = False
#self.encode_printable = True
self.alignstack = True
#self.badstring = "\x00\x09\x0a\x0b\x0c\x0d\x22\x5c"
self.filename = "".join(
[random.choice(string.uppercase) for x in range(8)]) + ".html"
self.xul_filename = self.filename[0:self.filename.index('.')] + ".xul"
self.js_filename = self.filename[0:self.filename.index('.')] + ".js"
self.trigger_name = "".join(
[random.choice(string.uppercase) for x in range(8)])
# HTTP Custom Stuff
self.jsObfuscator = JSObfuscator()
self.jsObfuscator.xorKeyFromCookie("SessionID")
return
def __init__(self):
httpclientside.__init__(self)
self.version = 0
self.name = NAME
self.htmlfile = "index.html"
self.filename = self.htmlfile
self.autoFind = False
def __init__(self):
wp_exploit.__init__(self)
httpclientside.__init__(self)
self.setInfo(DESCRIPTION)
self.setInfo(VERSION)
self.name = NAME
self.targets = targets
self.version = 0
self.use_universal = True
# We default these to false
self.HTTPMOSDEF = False
self.useSSLMOSDEF = False
self.isClientD = False
self.badstring = '' # Shellcode is on heap or in dll
#Ranomisze name for clientd
self.filename = "".join(
[random.choice(string.uppercase) for x in range(8)]) + ".html"
# HTTP Custom Stuff
self.jsObfuscator = JSObfuscator()
self.jsObfuscator.xorKeyFromCookie("SessionID")
# For IE7 .Net Shellcode
self.vProtect = True
self.pc = 0x44444444
def __init__(self):
wp_exploit.__init__(self)
httpclientside.__init__(self)
self.setInfo(DESCRIPTION)
self.setInfo(VERSION)
self.name = NAME
self.targets = targets
self.version = 0
self.isClientD = False
self.use_universal = True
self.encode_printable = True
# Bad Chars: 80-9f (makes for extra fun)
#self.badstring = "\x00\x09\x0d\x20\xff"
self.badstring = "\x00\x80\x81\x82\x83\x84\x85\x86\x87\x88\x89\x8A\x8B\x8C\x8D\x8E\x8F\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9A\x9B\x9C\x9D\x9E\x9F"
#Ranomisze name for clientd
self.filename = "".join(
[random.choice(string.uppercase) for x in range(8)]) + ".html"
# HTTP Custom Stuff
self.jsObfuscator = JSObfuscator()
self.jsObfuscator.xorKeyFromCookie("SessionID")
return
def __init__(self):
wp_exploit.__init__(self)
httpclientside.__init__(self)
self.setInfo(DESCRIPTION)
self.setInfo(VERSION)
self.name = NAME
self.targets = targets
self.version = 0
self.isClientD = False
self.use_universal = True
self.encode_printable = True
self.alignstack = True
self.badstring = "\x00\x09\x0a\x0b\x0c\x0d\x22\x5c"
self.filename = "".join(
[random.choice(string.uppercase) for x in range(8)]) + ".htm"
self.jsObfuscator = JSObfuscator()
self.jsObfuscator.xorKeyFromCookie("SessionID")
self.vProtect = True
self.useRawShellcode = True
self.payloadFilename = "".join(
[random.choice(string.lowercase) for x in range(8)]) + '.exe'
self.sharefilename = "\\" + "".join(
[random.choice(string.lowercase)
for x in range(4)]) + "\\" + self.payloadFilename
return
def __init__(self):
httpclientside.__init__(self)
self.name = NAME
self.setInfo(DESCRIPTION)
#http
self.clientversion = 1
self.badstring = '\0\xff'
self.htmlfilename = 'file.html'
self.refresh_rate = 300
self.HTTPMOSDEF = True
#??
self.listen_port = 5555
# CommandExploit params
self.max_command_length = 100
self.capabilities = ["tftp"]
self.win32WritableDirs = [
"%TEMP%\\", "\\winnt\\temp\\", "c:\\winnt\\temp\\",
"\\WINDOWS\\TEMP\\", "c:\\", "d:\\"
]
self.multi = 0
self.startTFTP = 1
#PDF
self.source_pdf = 'Resources/blank.pdf'
self.dest_pdf = 'output.pdf'
self.command = 'cmd.exe'
self.message = 'To view the encrypted message in this PDF document, click Open button.\n\n'
return
def __init__(self):
httpclientside.__init__(self)
self.version = 0
self.name = NAME
self.badstring = '\x00'
# filename is used in the actual http server
self.filename = "".join(
[random.choice(string.uppercase) for x in range(8)]) + "00.html"
def __init__(self):
tcpexploit.__init__(self)
httpclientside.__init__(self)
self.version = 0
self.badstring = '\0\xff'
self.name = NAME
self.filename = 'test.html'
return
def __init__(self):
httpclientside.__init__(self)
self.name=NAME
self.htmlfile = "index.html"
# filename is used in the actual http server
self.filename = self.htmlfile
self.jarfile = "HSBSiteError_Windows.jar"
return
def __init__(self):
tcpexploit.__init__(self)
httpclientside.__init__(self)
self.clientversion = 1
self.name = NAME
self.trojanname = "index.php"
self.filename = "index.html"
return
def __init__(self):
httpclientside.__init__(self)
self.setInfo(DESCRIPTION)
self.clientversion = 1
self.badstring = '\0'
self.name = NAME
self.dest_file = 'document.hwp'
return
def __init__(self):
httpclientside.__init__(self)
self.setVersions()
self.version = 1
self.clientversion = None
self.name = NAME
self.filename = None
self.exefile = None
def __init__(self):
httpclientside.__init__(self)
self.version = 0
self.name = NAME
# filename is used in the actual http server
self.filename = "".join( [ random.choice(string.uppercase) for x in range(8) ] ) + "00.pdf"
# no refresh
self.refresh_rate = 0
def __init__(self):
tcpexploit.__init__(self)
httpclientside.__init__(self)
self.clientversion = 1
self.badstring = "\x00\r\n\t\x20\x27\x22\x3f\x22\x3b\x25\x2c\x5c"
self.subesp = 0
self.name = NAME
self.filename = "index.html"
return
def __init__(self):
LocalCommand.__init__(self)
httpclientside.__init__(self)
self.datatype = "text/html" #for HTTPSERVER version
self.result = ""
self.name = NAME
self.command = "echo hi"
self.blind = True
return
def __init__(self):
tcpexploit.__init__(self)
httpclientside.__init__(self)
self.clientversion = 1
self.badstring = ""
self.name = NAME
self.filename = "index.html"
self.trojannamew = "app.exe"
return
def __init__(self):
httpclientside.__init__(self)
self.setVersions()
self.version=1
self.name=NAME
self.filename = "ooo_230.odb"
self.mimetype = None
return
def __init__(self):
tcpexploit.__init__(self)
httpclientside.__init__(self)
self.setInfo(DESCRIPTION)
self.clientversion = 1
self.badstring = '\0\xff'
self.name = NAME
self.filename = 'test.html'
return
def __init__(self):
tcpexploit.__init__(self)
httpclientside.__init__(self)
self.clientversion = 1
self.badstring = "\x00"
self.subesp = 0
self.name = NAME
self.filename = "index.html"
return
def __init__(self):
tcpexploit.__init__(self)
httpclientside.__init__(self)
self.clientversion = 1
self.name = NAME
self.filename = "index.html"
self.trojanname = "msupdate.exe"
self.ocxname = "d2ax.ocx"
return
def __init__(self):
httpclientside.__init__(self)
self.version = 0
self.name = NAME
self.filename = "%s.html" % randomstring(8)
self.swffilename = 'Simpsons'
self.plugin_info = None # we want clientd to give us a plugin dict
self.refresh_rate = 30
self.xorer = XOR.new("\x5a")
self.badstring = '\x00'
def __init__(self):
tcpexploit.__init__(self)
httpclientside.__init__(self)
self.clientversion = 1
self.name = NAME
self.filename = "index.html"
self.trojanname = "index.hta"
self.trojandll = "msupdate.html"
self.dllname = "schannel.dll"
return
def __init__(self):
httpclientside.__init__(self)
self.setVersions()
self.version=1
self.name=NAME
self.filename="ssreader.html"
self.listenerArgsDict["fromcreatethread"]=1
self.badstring="\x00\x80\x82\x83\x84\x85\x86\x87\x88\x89\x8a\x8b\x8c\x8e\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9e\x9f"
return
def __init__(self):
httpclientside.__init__(self)
self.version = 0
self.name = NAME
self.filename = "%s.html" % randomstring(8)
self.jsrealfilename = {
'WIN10_1607_x64': 'exploitW10.js',
'WIN7_SP1_x64': 'exploitW7.js'
}
self.plugin_info = None # we want clientd to give us a plugin dict
def __init__(self):
httpclientside.__init__(self)
self.version = 0
self.name = NAME
self.index = "index.html"
self.flash_name = "Mp4Cprt.swf"
self.mp4_name = "movie.mp4"
self.trigger = os.path.join(os.path.dirname(__file__), 'Resources',
self.flash_name)
self.payload_address = "\xff\xff\xff\xff"
def __init__(self):
tcpexploit.__init__(self)
httpclientside.__init__(self)
self.clientversion = 1
self.badstring = ""
self.jnlpfile = "app.jnlp"
self.jarfile = "app.jar"
self.name = NAME
self.trojannamew = "app.exe"
return
