Skip to content

Configuring

Jump to bottom
John Torakis edited this page Oct 18, 2018 · 10 revisions

Configuration of Wormnest is done by Environment Variables, meaning that the configuration can be written to a file, and sourced before the execution.

Example:

wormnest.conf

ALIAS_DIGITS_MAX=12
MANAGE_URL_DIR="00001112managedir"
EXPIRED=redir
REDIRECT_URL="https://google.com"

The Environment Variables are explained below:

IP

This can be either 127.0.0.1, the IP address of some particular network interface, or 0.0.0.0 for all interfaces.

Defaults to 0.0.0.0.

PORT

The TCP port of the Web Server.

Defaults to 8000

SRV_DIR

The directory that will serve as the base directory. The files that will be served have to be in this directory.

Defaults to test_directory/

ALIAS_DIGITS_MIN and ALIAS_DIGITS_MAX

The random URLs created by Wormnest will have a certain length. This length will be randomly selected to be between ALIAS_DIGITS_MIN and ALIAS_DIGITS_MAX. It has to be ALIAS_DIGITS_MIN <= ALIAS_DIGITS_MAX

Both default to 8

MANAGE_URL_DIR

The Base URL of the management Web Interface. It serves as a password, as there is no other way to manage the Application. It MUST contain no slashes (/)

  • Defaults to 'manage'
  • Random String if "*" is used

MISS

If a non-existent URL alias is used. Values: [redir|abort]

Defaults to "abort".

EXPIRED

If an expired URL alias is used. Values: [redir|abort]

Defaults to "abort".

  • redir: will redirect the client to REDIRECT_URL using an HTTP Response Code of 302
  • abort: will serve an HTTP 404 Not Found error page

REDIRECT_URL

The URL that will be used if the application redirects a client away.

Defaults to "https://amazon.com"

DEFAULT_FILENAME

A filename that will be used in case there is not selected filename for a URL alias. If USE_ORIGINAL_EXTENSION is set to True, the real filename's extension will be used.

Defaults to "ClientDesktopApp"

USE_ORIGINAL_EXTENSION

See above DEFAULT_FILENAME.

Defaults to "True"

LOG_SPAWN_FILE

Logs lines like "/MANAGE_URL_DIR PORT DATE" for every execution. This is mostly to keep track of the MANAGE_URL_DIR, in case it is randomized.

Defaults to "wormnest.mgmt_route.txt"

DEFAULT_PATHS_FILE

A JSON file containing URL aliases that will be used as defaults. They are registered without the file existence check.

Defaults to "urls.default.json"

A sample urls.default.json file

{
  "download_now":{
    "path":"metasploit/generated/meter_pinning_443.exe",
    "filename":"CrazyTaxi_cracked_singlefile_by_Raz0r_team_2006.exe"
  },
  "android":{
    "path":"metasploit/generated/meter_pinning_443.apk",
  },
  [.. More definitions ..]
}

The above will make the default setup of wormnest route the following:

  • http[s]://payload-server:8000/download_now to serve metasploit/generated/meter_pinning_443.exe with a "Content-Disposition" HTTP Header containing CrazyTaxi_cracked_singlefile_by_Raz0r_team_2006.exe as the filename argument

  • http[s]://payload-server:8000/android to serve metasploit/generated/meter_pinning_443.apk with the default filename of ClientDesktopApp and the file's original extension (USE_ORIGINAL_EXTENSION parameter). Hence ClientDesktopApp.apk will be placed in the "Content-Disposition" HTTP Header.

Clone this wiki locally