Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Morpheus - tcp/udp scripting (IRC chat filter) #8

Open
r00t-3xp10it opened this issue Dec 29, 2016 · 0 comments
Open

Morpheus - tcp/udp scripting (IRC chat filter) #8

r00t-3xp10it opened this issue Dec 29, 2016 · 0 comments
Labels
framework tutorials

Comments

@r00t-3xp10it
Copy link
Owner

r00t-3xp10it commented Dec 29, 2016
edited
Loading


This tutorial explains how to improve the 'IRC' filter

The next tutorial explains how to improve 'chat_services.eft filter', by default this
morpheus filter will only alert user of active connections, in this next tutorial we
are going to improve filter capabilitys like: detect target referer (url accesed),
detect server appl version (eg. PHP/5.0) and detect server name (Microsoft-IIS/7.5)
and build a logfile of IRC channel captured data (irc_data.log).


WARNING: morpheus allow you to improve filters in 2 diferent ways
1º - Edit filter before runing morpheus and the 'changes' will be permanent
2º - Edit filter using 'morpheus scripting console' and the changes are active only once

"In this tutorial we will edit the filter before running morpheus, making the changes permanent"




1º - prepare filter for improvements

# change to the rigth directory structure
cd morpheus/filters

# edit chat_services.eft filter
nano chat_services.eft

2º - step it will be improving 'IRC' capture displays and build a logfile with the captured data

# filter improvement
if (ip.proto == TCP && tcp.src == 194 || tcp.dst == 194) {
  msg("[morpheus] host:TaRgEt   [ ⊶  ]  port:194 irc ☆");
    if (search(DATA.data, "IRC")) {
      msg("[morpheus] | status: server referer found ☠");
      msg("[morpheus] |_ info : possible connection to IRC found ☠\n");
        # log captured data
        log(DATA.data, "./irc_data.log");
    }
}

3º - store data about port 80 traffic (referer | server version | server name)

# filter improvement
if (ip.proto == TCP && tcp.src == 80 || tcp.dst == 80) {
  msg("[morpheus] host:TaRgEt   [ ⊶  ]  port:80 http ☆");
    if (search(DATA.data, "X-Powered-By:")) {
      msg("[morpheus] | status: server version found ☠");
      msg("[morpheus] |_ logfile : morpheus/logs/irc_data.log ☠\n");
      log(DATA.data, "./irc_data.log");
    }
    if (search(DATA.data, "Referer:")) {
      msg("[morpheus] | status: server referer found ☠");
      msg("[morpheus] |_ logfile : morpheus/logs/irc_data.log ☠\n");
      log(DATA.data, "./irc_data.log");
    }
    if (search(DATA.data, "Server:")) {
      msg("[morpheus] | status: server name found ☠");
      msg("[morpheus] |_ logfile : morpheus/logs/irc_data.log ☠\n");
      log(DATA.data, "./irc_data.log");
    }
}

4º - run morpheus with the improved filter (capture data)....

5º - stop morpheus from running and open new terminal

# change to the rigth directory structure
1º - cd morpheus/logs

# remove utf-8/non-ancii caracters from output
2º - tr -cd '\11\12\15\40-\176' < irc_data.log > clean-file1.log

# store data into one bash variable (store_one and store_two and store_tre)
3º - store_one=`cat clean-file1.log | grep "Referer:"`
4º - store_two=`cat clean-file1.log | grep "X-Powered-By:"`
5º - store_tre=`cat clean-file1.log | grep "Server:"`

# display captured data to user
6º - echo "Referer: $store_one Version: $store_two Server: $store_tre"

# clean recent files
9º - rm *.log

@r00t-3xp10it r00t-3xp10it changed the title Morpheus - tcp/udp scripting (chat_services.eft filter) Morpheus - tcp/udp scripting (chat_services filter) Dec 31, 2016
@r00t-3xp10it r00t-3xp10it changed the title Morpheus - tcp/udp scripting (chat_services filter) Morpheus - tcp/udp scripting (IRC chat filter) May 16, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
framework tutorials
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@r00t-3xp10it