fix a bug where --send and forms wasn't working if you used --config. added --raw to allow raw vbscript

Etienne Stalmans · Etienne Stalmans · commit 6c4e7685f476 · 2017-05-18T15:49:59.000+01:00
diff --git a/.gitignore b/.gitignore
@@ -28,3 +28,4 @@ ruler
 logs/
 
 build.sh
+config.yml
diff --git a/mapi/constants.go b/mapi/constants.go
@@ -607,3 +607,5 @@ var PidTag6B00 = PropertyTag{PtypString8, 0x6B00}
 var PidTag6902 = PropertyTag{0x001E, 0x6902}
 var PidTag6900 = PropertyTag{0x0003, 0x6900}
 var PidTagComment = PropertyTag{PtypString, 0x3004}
+
+var PidTagSenderEntryId = PropertyTag{PtypBinary, 0x0C19}
diff --git a/rpc-http/rpctransport.go b/rpc-http/rpctransport.go
@@ -388,6 +388,7 @@ func DoConnectExRequest(MAPI []byte, auxLen uint32) ([]byte, error) {
 	//decrypt response PDU
 	if AuthSession.RPCNetworkAuthLevel == RPC_C_AUTHN_LEVEL_PKT_PRIVACY {
 		dec, _ := rpcntlmsession.UnSeal(resp.PDU[8:])
+		fmt.Println(string(dec))
 		AuthSession.ContextHandle = dec[4:20] //decrypted
 	} else {
 		AuthSession.ContextHandle = resp.PDU[12:28]
@@ -552,6 +553,7 @@ func RPCRead(callID int) (RPCResponse, error) {
 		for k, v := range httpResponses {
 			st := string(v)
 			if er := strings.Split(strings.Split(st, "\r\n")[0], " "); er[1] != "200" {
+				utils.Debug.Println(st)
 				return RPCResponse{}, fmt.Errorf("Invalid HTTP response: %s", er)
 			}
 			httpResponses = append(httpResponses[:k], httpResponses[k+1:]...)
diff --git a/ruler.go b/ruler.go
@@ -580,8 +580,14 @@ func createForm(c *cli.Context) error {
 	if err := forms.CreateFormAttachmentPointer(folderid, msgid); err != nil {
 		return err
 	}
-	if err := forms.CreateFormAttachmentTemplate(folderid, msgid, command); err != nil {
-		return err
+	if c.Bool("raw") == true {
+		if err := forms.CreateFormAttachmentForDeleteTemplate(folderid, msgid, command); err != nil {
+			return err
+		}
+	} else {
+		if err := forms.CreateFormAttachmentTemplate(folderid, msgid, command); err != nil {
+			return err
+		}
 	}
 	utils.Info.Println("Form created successfully")
 
@@ -614,7 +620,7 @@ func triggerForm(c *cli.Context) error {
 	body := c.String("body")
 	suffix := c.String("suffix")
 	folderid := mapi.AuthSession.Folderids[mapi.INBOX]
-	target := c.GlobalString("email")
+	target := mapi.AuthSession.Email
 
 	utils.Trace.Println("Creating Trigger message.")
 	msgid, err := forms.CreateFormTriggerMessage(suffix, subject, body)
@@ -759,7 +765,7 @@ A tool by @_staaldraad from @sensepost to abuse Exchange Services.`
 		} else if c.Bool("debug") == true {
 			utils.Init(os.Stdout, os.Stdout, os.Stdout, os.Stderr)
 		} else {
-			utils.Init(ioutil.Discard, os.Stdout, os.Stdout, os.Stderr)
+			utils.Init(ioutil.Discard, os.Stdout, ioutil.Discard, os.Stderr)
 		}
 		return nil
 	}
@@ -1031,6 +1037,10 @@ A tool by @_staaldraad from @sensepost to abuse Exchange Services.`
 							Name:  "send,s",
 							Usage: "Trigger the form once it's been created.",
 						},
+						cli.BoolFlag{
+							Name:  "raw",
+							Usage: "Use a blank template allowing Raw VBScript.",
+						},
 						cli.BoolFlag{
 							Name:  "rule,r",
 							Usage: "Trigger the form with a rule. This will add a new rule!",

Original file line number	Diff line number	Diff line change
`@@ -28,3 +28,4 @@ ruler`
`28`	`28`	`logs/`
`29`	`29`
`30`	`30`	`build.sh`
	`31`	`+config.yml`