diff --git a/lib/contrib/tokenkidnapping/Churrasco.exe b/lib/contrib/tokenkidnapping/Churrasco.exe deleted file mode 100755 index 3fdb5bdbe..000000000 Binary files a/lib/contrib/tokenkidnapping/Churrasco.exe and /dev/null differ diff --git a/lib/contrib/tokenkidnapping/Churrasco.exe_ b/lib/contrib/tokenkidnapping/Churrasco.exe_ new file mode 100644 index 000000000..660f7d462 Binary files /dev/null and b/lib/contrib/tokenkidnapping/Churrasco.exe_ differ diff --git a/lib/contrib/tokenkidnapping/README.txt b/lib/contrib/tokenkidnapping/README.txt new file mode 100644 index 000000000..b5517ddff --- /dev/null +++ b/lib/contrib/tokenkidnapping/README.txt @@ -0,0 +1,10 @@ +Due to the anti-virus positive detection of executable stored inside this folder, +we needed to somehow circumvent this. As from the plain sqlmap users perspective nothing +has to be done prior to it's usage by sqlmap, but if you want to have access to the +original use the decrypt functionality of the ../extra/cloak/cloak.py utility. + +To prepare the executable to the cloaked form use this command: +python ../extra/cloak/cloak.py -i Churrasco.exe + +To get back the original executable use this: +python ../extra/cloak/cloak.py -d -i Churrasco.exe_ \ No newline at end of file diff --git a/lib/takeover/web.py b/lib/takeover/web.py index 50ed52fec..51107435a 100644 --- a/lib/takeover/web.py +++ b/lib/takeover/web.py @@ -26,6 +26,7 @@ import os import re from tempfile import NamedTemporaryFile +from extra.cloak.cloak import decloak from lib.core.agent import agent from lib.core.common import fileToStr from lib.core.common import getDirs @@ -38,7 +39,6 @@ from lib.core.data import logger from lib.core.data import paths from lib.core.exception import sqlmapUnsupportedDBMSException from lib.core.shell import autoCompletion -from extra.cloak.cloak import decloak from lib.request.connect import Connect as Request diff --git a/plugins/generic/takeover.py b/plugins/generic/takeover.py index e3232daf5..1685d215d 100644 --- a/plugins/generic/takeover.py +++ b/plugins/generic/takeover.py @@ -24,7 +24,9 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA import os import re +from tempfile import NamedTemporaryFile +from extra.cloak.cloak import decloak from lib.core.agent import agent from lib.core.common import fileToStr from lib.core.common import getDirs @@ -45,7 +47,6 @@ from lib.takeover.metasploit import Metasploit from lib.takeover.registry import Registry from lib.techniques.outband.stacked import stackedTest - class Takeover(Abstraction, Metasploit, Registry): """ This class defines generic OS takeover functionalities for plugins. @@ -66,12 +67,17 @@ class Takeover(Abstraction, Metasploit, Registry): output = readInput(msg, default="Y") if not output or output[0] in ( "y", "Y" ): - wFile = os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe") - + tmpFile = NamedTemporaryFile() + tmpFile.write(decloak(os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe_"))) + tmpFile.seek(0) + + wFile = tmpFile.name self.churrascoPath = "%s/sqlmapchur%s.exe" % (conf.tmpPath, randomStr(lowercase=True)) self.cmdFromChurrasco = True - + self.writeFile(wFile, self.churrascoPath, "binary", confirm=False) + + tmpFile.close() return True else: