added support for cloaking Churrasco.exe file

This commit is contained in:
Miroslav Stampar 2010-01-28 00:07:33 +00:00
parent 4559ded6c1
commit 921e449454
5 changed files with 21 additions and 5 deletions

Binary file not shown.

View File

@ -0,0 +1,10 @@
Due to the anti-virus positive detection of executable stored inside this folder,
we needed to somehow circumvent this. As from the plain sqlmap users perspective nothing
has to be done prior to it's usage by sqlmap, but if you want to have access to the
original use the decrypt functionality of the ../extra/cloak/cloak.py utility.
To prepare the executable to the cloaked form use this command:
python ../extra/cloak/cloak.py -i Churrasco.exe
To get back the original executable use this:
python ../extra/cloak/cloak.py -d -i Churrasco.exe_

View File

@ -26,6 +26,7 @@ import os
import re import re
from tempfile import NamedTemporaryFile from tempfile import NamedTemporaryFile
from extra.cloak.cloak import decloak
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import fileToStr from lib.core.common import fileToStr
from lib.core.common import getDirs from lib.core.common import getDirs
@ -38,7 +39,6 @@ from lib.core.data import logger
from lib.core.data import paths from lib.core.data import paths
from lib.core.exception import sqlmapUnsupportedDBMSException from lib.core.exception import sqlmapUnsupportedDBMSException
from lib.core.shell import autoCompletion from lib.core.shell import autoCompletion
from extra.cloak.cloak import decloak
from lib.request.connect import Connect as Request from lib.request.connect import Connect as Request

View File

@ -24,7 +24,9 @@ Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
import os import os
import re import re
from tempfile import NamedTemporaryFile
from extra.cloak.cloak import decloak
from lib.core.agent import agent from lib.core.agent import agent
from lib.core.common import fileToStr from lib.core.common import fileToStr
from lib.core.common import getDirs from lib.core.common import getDirs
@ -45,7 +47,6 @@ from lib.takeover.metasploit import Metasploit
from lib.takeover.registry import Registry from lib.takeover.registry import Registry
from lib.techniques.outband.stacked import stackedTest from lib.techniques.outband.stacked import stackedTest
class Takeover(Abstraction, Metasploit, Registry): class Takeover(Abstraction, Metasploit, Registry):
""" """
This class defines generic OS takeover functionalities for plugins. This class defines generic OS takeover functionalities for plugins.
@ -66,13 +67,18 @@ class Takeover(Abstraction, Metasploit, Registry):
output = readInput(msg, default="Y") output = readInput(msg, default="Y")
if not output or output[0] in ( "y", "Y" ): if not output or output[0] in ( "y", "Y" ):
wFile = os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe") tmpFile = NamedTemporaryFile()
tmpFile.write(decloak(os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe_")))
tmpFile.seek(0)
wFile = tmpFile.name
self.churrascoPath = "%s/sqlmapchur%s.exe" % (conf.tmpPath, randomStr(lowercase=True)) self.churrascoPath = "%s/sqlmapchur%s.exe" % (conf.tmpPath, randomStr(lowercase=True))
self.cmdFromChurrasco = True self.cmdFromChurrasco = True
self.writeFile(wFile, self.churrascoPath, "binary", confirm=False) self.writeFile(wFile, self.churrascoPath, "binary", confirm=False)
tmpFile.close()
return True return True
else: else:
return False return False