Sunday, August 19, 2018

Knopflerf*ck tool - A Knopflerfish attack tool

Knopflerf*ck tool is a little script I made to attack the Knopflerfish Framework. It currently will scan a host for the presence of the Knopflerfish Framework and then run a quick enum of a few its services like http server and remote framework functionality, and a known XSS in its http console. It can also generate a reverse shell connection payload and upload/execute it if the remote framework is exposed.

KFT usage and "modes"
Mode 1 runs an enum scan
-Checks for default bundle info, HTTPConsole, and if the remote framework is running
-Usage: python knopflerfucktool.py 1
Mode 2 outputs a payload to upload however you like
-Usage: python knopflerfucktool.py 2
-This mode also makes the payload needed for mode 3
-Requires openJDK 1.8.0 and Eclipse Equinox (eceq.jar)
Mode 3 uses the KF Remote Framework to upload and run a payload
-Usage: python knopflerfucktool.py 3
-This mode needs the payload from mode 2
-The payload needs to be host on the web root of http://:/

Get it at GitHub