mirror of
https://github.com/sqlmapproject/sqlmap.git
synced 2024-11-26 03:23:48 +03:00
added support for cloaking Churrasco.exe file
This commit is contained in:
parent
4559ded6c1
commit
921e449454
Binary file not shown.
BIN
lib/contrib/tokenkidnapping/Churrasco.exe_
Normal file
BIN
lib/contrib/tokenkidnapping/Churrasco.exe_
Normal file
Binary file not shown.
10
lib/contrib/tokenkidnapping/README.txt
Normal file
10
lib/contrib/tokenkidnapping/README.txt
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
Due to the anti-virus positive detection of executable stored inside this folder,
|
||||||
|
we needed to somehow circumvent this. As from the plain sqlmap users perspective nothing
|
||||||
|
has to be done prior to it's usage by sqlmap, but if you want to have access to the
|
||||||
|
original use the decrypt functionality of the ../extra/cloak/cloak.py utility.
|
||||||
|
|
||||||
|
To prepare the executable to the cloaked form use this command:
|
||||||
|
python ../extra/cloak/cloak.py -i Churrasco.exe
|
||||||
|
|
||||||
|
To get back the original executable use this:
|
||||||
|
python ../extra/cloak/cloak.py -d -i Churrasco.exe_
|
|
@ -26,6 +26,7 @@ import os
|
||||||
import re
|
import re
|
||||||
from tempfile import NamedTemporaryFile
|
from tempfile import NamedTemporaryFile
|
||||||
|
|
||||||
|
from extra.cloak.cloak import decloak
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
from lib.core.common import fileToStr
|
from lib.core.common import fileToStr
|
||||||
from lib.core.common import getDirs
|
from lib.core.common import getDirs
|
||||||
|
@ -38,7 +39,6 @@ from lib.core.data import logger
|
||||||
from lib.core.data import paths
|
from lib.core.data import paths
|
||||||
from lib.core.exception import sqlmapUnsupportedDBMSException
|
from lib.core.exception import sqlmapUnsupportedDBMSException
|
||||||
from lib.core.shell import autoCompletion
|
from lib.core.shell import autoCompletion
|
||||||
from extra.cloak.cloak import decloak
|
|
||||||
from lib.request.connect import Connect as Request
|
from lib.request.connect import Connect as Request
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,9 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
|
||||||
|
|
||||||
import os
|
import os
|
||||||
import re
|
import re
|
||||||
|
from tempfile import NamedTemporaryFile
|
||||||
|
|
||||||
|
from extra.cloak.cloak import decloak
|
||||||
from lib.core.agent import agent
|
from lib.core.agent import agent
|
||||||
from lib.core.common import fileToStr
|
from lib.core.common import fileToStr
|
||||||
from lib.core.common import getDirs
|
from lib.core.common import getDirs
|
||||||
|
@ -45,7 +47,6 @@ from lib.takeover.metasploit import Metasploit
|
||||||
from lib.takeover.registry import Registry
|
from lib.takeover.registry import Registry
|
||||||
from lib.techniques.outband.stacked import stackedTest
|
from lib.techniques.outband.stacked import stackedTest
|
||||||
|
|
||||||
|
|
||||||
class Takeover(Abstraction, Metasploit, Registry):
|
class Takeover(Abstraction, Metasploit, Registry):
|
||||||
"""
|
"""
|
||||||
This class defines generic OS takeover functionalities for plugins.
|
This class defines generic OS takeover functionalities for plugins.
|
||||||
|
@ -66,13 +67,18 @@ class Takeover(Abstraction, Metasploit, Registry):
|
||||||
output = readInput(msg, default="Y")
|
output = readInput(msg, default="Y")
|
||||||
|
|
||||||
if not output or output[0] in ( "y", "Y" ):
|
if not output or output[0] in ( "y", "Y" ):
|
||||||
wFile = os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe")
|
tmpFile = NamedTemporaryFile()
|
||||||
|
tmpFile.write(decloak(os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe_")))
|
||||||
|
tmpFile.seek(0)
|
||||||
|
|
||||||
|
wFile = tmpFile.name
|
||||||
self.churrascoPath = "%s/sqlmapchur%s.exe" % (conf.tmpPath, randomStr(lowercase=True))
|
self.churrascoPath = "%s/sqlmapchur%s.exe" % (conf.tmpPath, randomStr(lowercase=True))
|
||||||
self.cmdFromChurrasco = True
|
self.cmdFromChurrasco = True
|
||||||
|
|
||||||
self.writeFile(wFile, self.churrascoPath, "binary", confirm=False)
|
self.writeFile(wFile, self.churrascoPath, "binary", confirm=False)
|
||||||
|
|
||||||
|
tmpFile.close()
|
||||||
|
|
||||||
return True
|
return True
|
||||||
else:
|
else:
|
||||||
return False
|
return False
|
||||||
|
|
Loading…
Reference in New Issue
Block a user