cristiancmoises
/
gophish
mirror of https://github.com/gophish/gophish
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added logic to unescape template variables in Word documents for remote images

attachment-template-support
Glenn Wilkinson 2021-12-17 17:50:45 +01:00
parent 51cb65a44e
commit b9824f6ac3
1 changed files with 13 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
models/attachment.go
View File

@ -6,7 +6,9 @@ import (
"encoding/base64" "encoding/base64"
"io" "io"
"io/ioutil" "io/ioutil"
"net/url"
"path/filepath" "path/filepath"
"regexp"
"strings" "strings"
) )
@ -95,6 +97,17 @@ func (a *Attachment) ApplyTemplate(ptx PhishingTemplateContext) (io.Reader, erro
subFileExtension := filepath.Ext(zipFile.Name) subFileExtension := filepath.Ext(zipFile.Name)
var tFile string var tFile string
if subFileExtension == ".xml" || subFileExtension == ".rels" { // Ignore other files, e.g binary ones and images if subFileExtension == ".xml" || subFileExtension == ".rels" { // Ignore other files, e.g binary ones and images
// First we look for instances where Word has URL escaped our template variables. This seems to happen when inserting a remote image, converting {{.Foo}} to %7b%7b.foo%7d%7d.
// See https://stackoverflow.com/questions/68287630/disable-url-encoding-for-includepicture-in-microsoft-word
rx, _ := regexp.Compile("%7b%7b.([a-zA-Z]+)%7d%7d")
contents := rx.ReplaceAllFunc(contents, func(m []byte) []byte {
d, err := url.QueryUnescape(string(m))
if err != nil {
return m
}
return []byte(d)
})
// For each file apply the template. // For each file apply the template.
tFile, err = ExecuteTemplate(string(contents), ptx) tFile, err = ExecuteTemplate(string(contents), ptx)
if err != nil { if err != nil {