Fixes #4321

2024-11-21 17:16:35 +03:00 · 2020-08-31 22:06:22 +02:00 · 2020-08-31 22:06:22 +02:00 · 226d467f6d
commit 226d467f6d
parent ea5ae44b6c
47 changed files with 10 additions and 8 deletions
--- a/data/shell/backdoors/backdoor.asp_
+++ b/data/shell/backdoors/backdoor.asp_
--- a/data/shell/backdoors/backdoor.aspx_
+++ b/data/shell/backdoors/backdoor.aspx_
--- a/data/shell/backdoors/backdoor.jsp_
+++ b/data/shell/backdoors/backdoor.jsp_
--- a/data/shell/backdoors/backdoor.php_
+++ b/data/shell/backdoors/backdoor.php_
--- a/data/shell/stagers/stager.asp_
+++ b/data/shell/stagers/stager.asp_
--- a/data/shell/stagers/stager.aspx_
+++ b/data/shell/stagers/stager.aspx_
--- a/data/shell/stagers/stager.jsp_
+++ b/data/shell/stagers/stager.jsp_
--- a/data/shell/stagers/stager.php_
+++ b/data/shell/stagers/stager.php_
--- a/data/udf/mysql/linux/32/lib_mysqludf_sys.so_
+++ b/data/udf/mysql/linux/32/lib_mysqludf_sys.so_
--- a/data/udf/mysql/linux/64/lib_mysqludf_sys.so_
+++ b/data/udf/mysql/linux/64/lib_mysqludf_sys.so_
--- a/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_
+++ b/data/udf/mysql/windows/32/lib_mysqludf_sys.dll_
--- a/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_
+++ b/data/udf/mysql/windows/64/lib_mysqludf_sys.dll_
--- a/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/10/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/11/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/8.2/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/8.3/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/8.4/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.0/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.1/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.2/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.3/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.4/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.5/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/32/9.6/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/10/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/11/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/8.2/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/8.3/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/8.4/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.0/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.1/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.2/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.3/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.4/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.5/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_
+++ b/data/udf/postgresql/linux/64/9.6/lib_postgresqludf_sys.so_
--- a/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_
+++ b/data/udf/postgresql/windows/32/8.2/lib_postgresqludf_sys.dll_
--- a/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_
+++ b/data/udf/postgresql/windows/32/8.3/lib_postgresqludf_sys.dll_
--- a/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_
+++ b/data/udf/postgresql/windows/32/8.4/lib_postgresqludf_sys.dll_
--- a/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_
+++ b/data/udf/postgresql/windows/32/9.0/lib_postgresqludf_sys.dll_
--- a/extra/cloak/cloak.py
+++ b/extra/cloak/cloak.py
@ -21,7 +21,7 @@ if sys.version_info >= (3, 0):
    xrange = range
    ord = lambda _: _

-KEY = b"LGekORm7qYCsv39f"
+KEY = b"MOZFqVjlk1CY436G"

 def xor(message, key):
    return b"".join(struct.pack('B', ord(message[i]) ^ ord(key[i % len(key)])) for i in range(len(message)))
--- a/extra/icmpsh/icmpsh.exe_
+++ b/extra/icmpsh/icmpsh.exe_
--- a/extra/runcmd/runcmd.exe_
+++ b/extra/runcmd/runcmd.exe_
--- a/extra/shellcodeexec/windows/shellcodeexec.x32.exe_
+++ b/extra/shellcodeexec/windows/shellcodeexec.x32.exe_
--- a/extra/shutils/recloak.sh
+++ b/extra/shutils/recloak.sh
@ -4,15 +4,13 @@

 DIR=$(cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P)

-cd $DIR/../../data/shell
-find -regex ".*backdoor\.[a-z]*_" -type f -exec python ../../extra/cloak/cloak.py -d -i '{}' \;
-find -regex ".*stager\.[a-z]*_" -type f -exec python ../../extra/cloak/cloak.py -d -i '{}' \;
+cd $DIR/../..
+for file in $(find -regex ".*\.[a-z]*_" -type f | grep -v wordlist); do python extra/cloak/cloak.py -d -i $file; done

 cd $DIR/../cloak
 sed -i 's/KEY = .*/KEY = b"'`python -c 'import random; import string; print("".join(random.sample(string.ascii_letters + string.digits, 16)))'`'"/g' cloak.py

-cd $DIR/../../data/shell
-find -regex ".*backdoor\.[a-z]*" -type f -exec python ../../extra/cloak/cloak.py -i '{}' \;
-find -regex ".*stager\.[a-z]*" -type f -exec python ../../extra/cloak/cloak.py -i '{}' \;
+cd $DIR/../..
+for file in $(find -regex ".*\.[a-z]*_" -type f | grep -v wordlist); do python extra/cloak/cloak.py -i `echo $file | sed 's/_$//g'`; done

 git clean -f > /dev/null
--- a/lib/core/common.py
+++ b/lib/core/common.py
@ -5007,6 +5007,10 @@ def decloakToTemp(filename):
    >>> openFile(_, "rb", encoding=None).read().startswith(b'<%')
    True
    >>> os.remove(_)
+    >>> _ = decloakToTemp(os.path.join(paths.SQLMAP_UDF_PATH, "postgresql", "linux", "64", "11", "lib_postgresqludf_sys.so_"))
+    >>> b'sys_eval' in openFile(_, "rb", encoding=None).read()
+    True
+    >>> os.remove(_)
    """

    content = decloak(filename)
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -18,7 +18,7 @@ from lib.core.enums import OS
 from thirdparty.six import unichr as _unichr

 # sqlmap version (<major>.<minor>.<month>.<monthly commit>)
-VERSION = "1.4.8.22"
+VERSION = "1.4.8.24"
 TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable"
 TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34}
 VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)