Fixes #1379

2025-06-05 21:53:11 +03:00 · 2015-08-31 14:27:47 +02:00 · 2015-08-31 14:27:47 +02:00 · 265a78b455
commit 265a78b455
parent d70215ad6c
4 changed files with 26 additions and 9 deletions
--- a/extra/cloak/cloak.py
+++ b/extra/cloak/cloak.py
@ -24,18 +24,20 @@ def hideAscii(data):
    return retVal
-def cloak(inputFile):
+def cloak(inputFile=None, data=None):
-    f = open(inputFile, 'rb')
+    if data is None:
-    data = zlib.compress(f.read())
+        with open(inputFile, "rb") as f:
-    f.close()
+            data = f.read()
-    return hideAscii(data)
+    return hideAscii(zlib.compress(data))
-def decloak(inputFile):
+def decloak(inputFile=None, data=None):
-    f = open(inputFile, 'rb')
+    if data is None:
        with open(inputFile, "rb") as f:
            data = f.read()
    try:
-        data = zlib.decompress(hideAscii(f.read()))
+        data = zlib.decompress(hideAscii(data))
-    except:
+    except Exception:
        print 'ERROR: the provided input file \'%s\' does not contain valid cloaked content' % inputFile
        sys.exit(1)
    finally:
--- a/extra/shellcodeexec/windows/shellcodeexec.x32.exe_
+++ b/extra/shellcodeexec/windows/shellcodeexec.x32.exe_
--- a/lib/core/settings.py
+++ b/lib/core/settings.py
@ -443,6 +443,9 @@ BRUTE_COLUMN_EXISTS_TEMPLATE = "EXISTS(SELECT %s FROM %s)"
 # Payload used for checking of existence of IDS/WAF (dummier the better)
 IDS_WAF_CHECK_PAYLOAD = "AND 1=1 UNION ALL SELECT 1,2,3,table_name FROM information_schema.tables WHERE 2>1-- ../../../etc/passwd"
 # Data inside shellcodeexec to be filled with random string
 SHELLCODEEXEC_RANDOM_STRING_MARKER = "XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX"
 # Vectors used for provoking specific WAF/IDS/IPS behavior(s)
 WAF_ATTACK_VECTORS = (
                        "",  # NIL
--- a/lib/takeover/metasploit.py
+++ b/lib/takeover/metasploit.py
@ -8,10 +8,13 @@ See the file 'doc/COPYING' for copying permission
 import os
 import re
 import sys
 import tempfile
 import time
 from subprocess import PIPE
 from extra.cloak.cloak import cloak
 from extra.cloak.cloak import decloak
 from lib.core.common import dataToStdout
 from lib.core.common import Backend
 from lib.core.common import getLocalIP
@ -34,6 +37,7 @@ from lib.core.exception import SqlmapFilePathException
 from lib.core.exception import SqlmapGenericException
 from lib.core.settings import IS_WIN
 from lib.core.settings import METASPLOIT_SESSION_TIMEOUT
 from lib.core.settings import SHELLCODEEXEC_RANDOM_STRING_MARKER
 from lib.core.settings import UNICODE_ENCODING
 from lib.core.subprocessng import blockingReadFromFD
 from lib.core.subprocessng import blockingWriteToFD
@ -640,6 +644,14 @@ class Metasploit:
        if Backend.isOs(OS.WINDOWS):
            self.shellcodeexecLocal = os.path.join(self.shellcodeexecLocal, "windows", "shellcodeexec.x%s.exe_" % "32")
            content = decloak(self.shellcodeexecLocal)
            if SHELLCODEEXEC_RANDOM_STRING_MARKER in content:
                content = content.replace(SHELLCODEEXEC_RANDOM_STRING_MARKER, randomStr(len(SHELLCODEEXEC_RANDOM_STRING_MARKER)))
                _ = cloak(data=content)
                handle, self.shellcodeexecLocal = tempfile.mkstemp(suffix="%s.exe_" % "32")
                os.close(handle)
                with open(self.shellcodeexecLocal, "w+b") as f:
                    f.write(_)
        else:
            self.shellcodeexecLocal = os.path.join(self.shellcodeexecLocal, "linux", "shellcodeexec.x%s_" % Backend.getArch())