Social Eng. extension: various fixes, link/linktext/fromname configurable, adjusted various email headers

2012-08-27 21:30:09 +01:00
parent df056fb688
commit ffbd3d65b9
3 changed files with 24 additions and 17 deletions
--- a/extensions/social_engineering/config.yaml
+++ b/extensions/social_engineering/config.yaml
@@ -28,7 +28,7 @@ beef:
                port: 587
                use_tls: true
                helo: "gmail.com" # this is usually the domain name
-                from: "yourpass@gmail.com"
+                from: "yourmail@gmail.com"
                password: "yourpass"
                # available templates
                templates:
--- a/extensions/social_engineering/mass_mailer/mass_mailer.rb
+++ b/extensions/social_engineering/mass_mailer/mass_mailer.rb
@@ -37,7 +37,7 @@ module BeEF
        # tos_hash is an Hash like:
        # 'antisnatchor@gmail.com' => 'Michele'
        # 'ciccio@pasticcio.com' => 'Ciccio'
-        def send_email(template, subject, tos_hash)
+        def send_email(template, fromname, subject, link, linktext, tos_hash)
          # create new SSL context and disable CA chain validation
          if @config.get("#{@config_prefix}.use_tls")
            @ctx = OpenSSL::SSL::SSLContext.new
@@ -45,13 +45,19 @@ module BeEF
            @ctx.ssl_version = "TLSv1"
          end

+          n = tos_hash.size
+          x = 1
+          print_info "Sending #{n} mail(s) from [#{@from}] - name [#{fromname}] using template [#{template}]:\nsubject: #{subject}\nlink: #{link}\nlinktext: #{linktext}"
+
          # create a new SMTP object, enable TLS with the previous instantiated context, and connects to the server
          smtp = Net::SMTP.new(@host, @port)
          smtp.enable_starttls(@ctx) unless @config.get("#{@config_prefix}.use_tls") == false
          smtp.start(@helo, @from, @password, :login) do |smtp|
            tos_hash.each do |mail, name|
-            message = compose_email(mail, name, subject, template)
+            message = compose_email(fromname, mail, name, subject, link, linktext, template)
            smtp.send_message(message, @from, mail)
+            print_info "Mail #{x}/#{n} to [#{mail}] sent."
+            x += 1
            end
          end
        end
@@ -59,18 +65,15 @@ module BeEF
        #todo sending to hostmonster the email is probably flagged as spam:
        # todo: error -> 550 550 Administrative prohibition (state 17

-        def compose_email(to, name, subject, template)
+        def compose_email(fromname, to, name, subject, link, linktext, template)
           msg_id = random_string(50)
           boundary = "------------#{random_string(24)}"
           rel_boundary = "------------#{random_string(24)}"

-           link = "http://127.0.0.1:3000/demos/basic.html"
-           linktext = "http://antisnatchor.com"
-
-           header = email_headers(@from, @user_agent, to, name, subject, msg_id, boundary)
+           header = email_headers(@from, fromname, @user_agent, to, name, subject, msg_id, boundary)
           plain_body = email_plain_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.plain"),boundary)
           rel_header = email_related(rel_boundary)
-           html_body = email_html_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.plain"),rel_boundary)
+           html_body = email_html_body(parse_template(name, link, linktext, "#{@templates_dir}#{template}/mail.html"),rel_boundary)

           images = ""
           @config.get("#{@config_prefix}.templates.default.images").each do |image|
@@ -84,12 +87,16 @@ module BeEF
           message
        end

-        def email_headers(from, user_agent, to, name, subject, msg_id, boundary)
+        #todo "Michele Orru" need to be configurable
+        def email_headers(from, fromname, user_agent, to, name, subject, msg_id, boundary)
          headers = <<EOF
-From: Michele Orru #{from}
-User-Agent: #{user_agent}
-To: #{name} #{to}
-Message-ID: <msg_id@#{@host}>
+From: "#{fromname}" <#{from}>
+Reply-To: "#{fromname}" <#{from}>
+Return-Path: "#{fromname}" <#{from}>
+X-Mailer: #{user_agent}
+To: #{to}
+Message-ID: <#{msg_id}@#{@host}>
+X-Spam-Status: No, score=0.001 required=5
 Subject: #{subject}
 MIME-Version: 1.0
 Content-Type: multipart/alternative;
--- a/extensions/social_engineering/mass_mailer/templates/default/mail.html
+++ b/extensions/social_engineering/mass_mailer/templates/default/mail.html
@@ -3,17 +3,17 @@
 <meta http-equiv="content-type" content="text/html; charset=ISO-8859-1">
 </head>
 <body bgcolor="#FFFFFF" text="#000000">
-Hi __name __,<br>
+Hi __name__,<br>
 <br>
 We would like to inform you that your BeEF order has been successful.<br>
 You can check the status of your hook at the following link:<br>
-<!-- be sure to have __link__ and __linktext__ placeholders on the same line, like the following: -->
+<!-- be sure to have link and linktext placeholders on the same line, like the following: -->
 <a href="__link__">__linktext__</a><br>
 <br>
 Regards,<br>
 The BeEF team<br>
 <!-- be sure to have different images on different lines, like the following: -->
 <img src="cid:__cid1__" name="__img1__" alt="__img1__"><br>
-<!--<img src="cid:__cid2__" name="__img2__" alt="__img2__"><br>-->
+<!--<img src="cid:cid2" name="img2" alt="img2"><br>-->
 </body>
 </html>