function LoadAttacks() { global $OBFUSCATIONS; global $DISABLED; $attacks = array(); $adesc = 'austin-html5'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc][$name] = PrepareScript('austin-html5', $obfu, true); } $adesc = 'exfil'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $exfilsub = array('TESTNAME' => $name); $attacks[$adesc][$name] = PrepareScript('exfil', $obfu, $exfilsub); } $adesc = 'exfil_clone1'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $testsuf = 'clone1_' . $name; $exfilsub['TESTNAME'] = $testsuf; $attacks[$adesc][$name] = PrepareScript('exfil_clone1', $obfu, $exfilsub); } $adesc = 'exfil_clone2'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $testsuf = 'clone2_' . $name; $exfilsub['TESTNAME'] = $testsuf; $attacks[$adesc][$name] = PrepareScript('exfil_clone2', $obfu, $exfilsub); } $adesc = 'exfil_clone3'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $testsuf = 'clone3_' . $name; $exfilsub['TESTNAME'] = $testsuf; $attacks[$adesc][$name] = PrepareScript('exfil_clone3', $obfu, $exfilsub); } $adesc = 'exfil_clone4'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $testsuf = 'clone4_' . $name; $exfilsub['TESTNAME'] = $testsuf; $attacks[$adesc][$name] = PrepareScript('exfil_clone4', $obfu, $exfilsub); } $adesc = 'exfil_clone5'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $testsuf = 'clone5_' . $name; $exfilsub['TESTNAME'] = $testsuf; $attacks[$adesc][$name] = PrepareScript('exfil_clone5', $obfu, $exfilsub); } $adesc = 'portscanner'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc][$name] = PrepareScript('portscanner', $obfu); } $adesc = 'redleg-array-obfuscate'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc][$name] = PrepareScript('redleg-array-obfuscate', $obfu); } $adesc = 'redleg-bacan-yaqan'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc][$name] = PrepareScript('redleg-bacan-yaqan', $obfu); } $adesc = 'redleg-date-obfuscate'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc][$name] = PrepareScript('redleg-date-obfuscate', $obfu); } $adesc = 'redleg-frame-writer'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc][$name] = PrepareScript('redleg-frame-writer', $obfu); } $adesc = 'redleg-make-frame-ex'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc][$name] = PrepareScript('redleg-make-frame-ex', $obfu); } $adesc = 'redleg-malicious-colors'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc][$name] = PrepareScript('redleg-malicious-colors', $obfu); } $adesc = 'redleg-script-writer'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc][$name] = PrepareScript('redleg-script-writer', $obfu); } $adesc = 'metasploit-steal-form'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc][$name] = PrepareScript('metasploit-steal-form', $obfu, true); } $adesc = 'metasploit-steal-headers'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc][$name] = PrepareScript('metasploit-steal-headers', $obfu, true); } $adesc = 'metasploit-submit-form'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc][$name] = PrepareScript('metasploit-submit-form', $obfu, true); } $adesc = 'samy-evercookie'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc][$name] = PrepareScript('samy-evercookie', $obfu, true); } $adesc = 'samy-mapxss'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc]['#comment'] = 'This attack targets the Verizon FiOS' . ' router. Even without this setup, the initial XMLHttpRequest can' . ' be observed.'; $attacks[$adesc][$name] = PrepareScript('samy-mapxss', $obfu, true); } $adesc = 'samy-myspace'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc][$name] = PrepareScript('samy-myspace', $obfu, true); } $adesc = 'session-steal'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc][$name] = PrepareScript('sessionsteal', $obfu, true); } $adesc = 'tongji'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc][$name] = PrepareScript('tongji', $obfu, true); } $adesc = 'userprefs'; $attacks[$adesc] = array(); foreach ($OBFUSCATIONS as $name => $obfu) { $attacks[$adesc][$name] = PrepareScript('userprefs', $obfu, true); } $adesc = 'image-exfil'; $attacks[$adesc] = array(); $attacks[$adesc]['basic'] = PrepareImage(MALROOT . 'images/attack.png'); foreach ($DISABLED as $disable) { if (isset($attacks[$disable])) { unset($attacks[$disable]); } } return $attacks; }
} } if (is_string($obfu)) { $code = GetObfuscatedPayload($testname, $obfu, $subs); } else { $code = GetPayload($testname, $subs); } // No further processing needed to directly return a script. return $code; } function PrepareImage($src) { // %%% Get the image data and return it. return $src; } // Get the substitution array for a particular tests. $sub = true; if (in_array($payload, array('exfil', 'exfil_clone1', 'exfil_clone2', 'exfil_clone3', 'exfil_clone4', 'exfil_clone5'))) { $sub = array('TESTNAME' => $obfu); } $script = PrepareScript($payload, $obfu, $sub); if (sizeof($errors) > 0) { ?> /* <?php echo implode("\n", $errors); ?> */ <?php } echo $script;