编写钓鱼邮件的suricata规则-测试(9001093-9001316)

1.主机A监听

from http.server import BaseHTTPRequestHandler, HTTPServer
HOST = '0.0.0.0'
PORT = 80
ROUTES = {
    '/follina.html': {
        'status': 200,
        'headers': {'Content-Type': 'text/html; charset=utf-8'},
        'body': b'<html><body><a href="ms-msdt:/id PCWDiagnostic /skip force /param IT_RebrowseForFile=?">click</a></body></html>'
    },
    '/docs/test.lnk': {
        'status': 200,
        'headers': {'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=test.lnk'},
        'body': b'LNKDATA'
    },
    '/docs/test.iso': {
        'status': 200,
        'headers': {'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=test.iso'},
        'body': b'ISODATA'
    },
    '/docs/test.one': {
        'status': 200,
        'headers': {'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=test.one'},
        'body': b'ONENOTE'
    },
    '/docs/test.docm': {
        'status': 200,
        'headers': {'Content-Type': 'application/vnd.ms-word.document.macroEnabled.12', 'Content-Disposition': 'attachment; filename=test.docm'},
        'body': b'DOCM'
    },
    '/payloads/test.hta': {
        'status': 200,
        'headers': {'Content-Type': 'application/hta', 'Content-Disposition': 'attachment; filename=test.hta'},
        'body': b'<script>alert(1)</script>'
    },
    '/payloads/test.js': {
        'status': 200,
        'headers': {'Content-Type': 'text/javascript', 'Content-Disposition': 'attachment; filename=test.js'},
        'body': b'alert(1);'
    },
    '/payloads/test.exe': {
        'status': 200,
        'headers': {'Content-Type': 'application/octet-stream', 'Content-Disposition': 'attachment; filename=test.exe'},
        'body': b'MZ' + b'\x00' * 32
    },
}
class Handler(BaseHTTPRequestHandler):
    def do_GET(self):
        route = ROUTES.get(self.path)
        if not route:
            self.send_response(404)
            self.send_header('Content-Type', 'text/plain')
            self.end_headers()
            self.wfile.write(b'not found')
            return
        self.send_response(route['status'])
        for k, v in route['headers'].items():
            self.send_header(k, v)
        self.end_headers()
        self.wfile.write(route['body'])

    def log_message(self, fmt, *args):
        print('%s - - [%s] %s' % (self.client_address[0],
              self.log_date_time_string(), fmt % args))
if __name__ == '__main__':
    httpd = HTTPServer((HOST, PORT), Handler)
    print(f'serving on {HOST}:{PORT}')
    httpd.serve_forever()

2.主机B发送测试请求

1.测试9001093
curl -v http://10.66.66.1:80/follina.html -o follina.html
2.测试9001094-9001095
curl -v -OJ http://10.66.66.1:80/docs/test.lnk
3.测试9001096
curl -v -OJ http://10.66.66.1:80/docs/test.iso
4.测试9001097
curl -v -OJ http://10.66.66.1:80/docs/test.one
5.测试9001313-9001316
先打标 curl -v http://10.66.66.1:80/follina.html -o follina.html
测试9001313 curl -v -OJ http://10.66.66.1:80/payloads/test.exe
测试9001314 curl -v -OJ http://10.66.66.1:80/payloads/test.exe
测试9001315 curl -v -OJ http://10.66.66.1:80/payloads/test.hta
测试9001316 curl -v -OJ http://10.66.66.1:80/payloads/test.js

 

posted @ 2026-04-09 10:51  岐岐卡卡西  阅读(0)  评论(0)    收藏  举报