-
-
Notifications
You must be signed in to change notification settings - Fork 155
Custom Exploits
ls ./exploits/your-custom-exploit/
your-exploit-executable your-other-files
# this is a demo of custom exploit
#!/bin/sh
# print all command line arguments
echo "params: $@"
# print target IP
# ie. the last argument passed to this bash script
echo "${@: -1}"
sleep 2111In this demo, you can see that mec simply passes target_ip as the last argument
# print target IP
# ie. the last argument passed to this bash script
echo "${@: -1}"And that's how your exploit gets target_ip parameter
Also note that mec passes -t <target> to your exploit, so if your exploit gets executed by mec, its command line argument look like:
./exploit <custom args> -t <target ip>
mec
├── conf
│ ├── censys.conf
│ └── zoomeye.conf
├── data
│ ├── ip_list.txt
│ ├── proxy.conf
│ ├── ss.json
│ └── zoomeye-login.action.txt
├── exploits
│ ├── exserial
│ ├── joomla
│ ├── MS17-010
│ ├── ssh-bruteforce
│ ├── structs2
│ ├── test
│ ├── weblogic
│ ├── witbe
│ └── wordpress
├── install.py
├── lib
│ ├── cli
│ ├── __init__.py
│ ├── __pycache__
│ └── tools
├── LICENSE
├── mec
├── mec.py
├── output
│ └── result.txt
├── README.md
├── requirements.txt
├── screenshot
│ ├── main.jpg
│ └── zoomeye.jpg
└── tools
├── geckodriver
└── ss-proxy
Your custom exploits live under ./exploits, just like any built-in ones.
Take a look at test exploit:
├── structs2
│ ├── 045.py
│ ├── colors.py
│ ├── console.py
│ ├── s2_045_cmd.py
│ ├── Struts2_045-Poc
│ ├── struts2-s2045.py
│ └── tmp.txt
├── test
│ └── test
├── weblogic
./exploit/test/test is the exploit file, you can view all available exploits by issuing exploits command in mec:
mec > exploits
[+] Available exploits:
witbe/witbe.py
test/test
joomla/rce-ssl.py
joomla/joomraa.py
joomla/rce.py
joomla/joomlaCVE-2015-8562.py
joomla/rcew.py
joomla/hackUtils.py
joomla/joomla_sqli_mass_exploit.py
exserial/jenkin.py
exserial/websphere.py
exserial/weblogic.py
exserial/jboss.py
wordpress/rce.sh
ssh-bruteforce/ssh_bruteforce.py
weblogic/weblogic.py
weblogic/batch_weblogic.sh
weblogic/scan.py
structs2/045.py
structs2/s2_045_cmd.py
structs2/struts2-s2045.py
mec enters target exploit's directory before launching a mass-exploit job, thus relative paths are allowed, custom exploit's root directory won't change when being used by mec
Your exploit can be either a binary file or a script, as long as you chmod +x them first. Before launching a mass-exploit job, you will see a warning reminding you how your exploit is going to be executed:
[*] Your exploit will be executed like
proxychains4 -q -f proxy.conf ssh_bruteforce.py /tmp/1 id -t <target ip>
[!] DEBUG: ['./ssh_bruteforce.py', '/tmp/1', 'id', '-t']
Working in /home/u/.mec/exploits/ssh-bruteforce
[?] Proceed? [y/n]
- If you have any issues, please report them to https://github.com/jm33-m0/mec/issues
- Open a pull request when you have fixed any bugs or added any features
- I would appreciate you adding your own adapted exploits to this repo