added support for cloaking Churrasco.exe file

2024-11-22 09:36:35 +03:00 · 2010-01-28 00:07:33 +00:00 · 2010-01-28 00:07:33 +00:00 · 921e449454
commit 921e449454
parent 4559ded6c1
5 changed files with 21 additions and 5 deletions
--- a/lib/contrib/tokenkidnapping/Churrasco.exe
+++ b/lib/contrib/tokenkidnapping/Churrasco.exe
--- a/lib/contrib/tokenkidnapping/Churrasco.exe_
+++ b/lib/contrib/tokenkidnapping/Churrasco.exe_
--- a/lib/contrib/tokenkidnapping/README.txt
+++ b/lib/contrib/tokenkidnapping/README.txt
@ -0,0 +1,10 @@
 Due to the anti-virus positive detection of executable stored inside this folder, 
 we needed to somehow circumvent this. As from the plain sqlmap users perspective nothing
 has to be done prior to it's usage by sqlmap, but if you want to have access to the
 original use the decrypt functionality of the ../extra/cloak/cloak.py utility.
 To prepare the executable to the cloaked form use this command:
 python ../extra/cloak/cloak.py -i Churrasco.exe
 To get back the original executable use this:
 python ../extra/cloak/cloak.py -d -i Churrasco.exe_
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@ -26,6 +26,7 @@ import os
 import re
 from tempfile import NamedTemporaryFile
 from extra.cloak.cloak import decloak
 from lib.core.agent import agent
 from lib.core.common import fileToStr
 from lib.core.common import getDirs
@ -38,7 +39,6 @@ from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.exception import sqlmapUnsupportedDBMSException
 from lib.core.shell import autoCompletion
 from extra.cloak.cloak import decloak
 from lib.request.connect import Connect as Request
--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@ -24,7 +24,9 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
 import os
 import re
 from tempfile import NamedTemporaryFile
 from extra.cloak.cloak import decloak
 from lib.core.agent import agent
 from lib.core.common import fileToStr
 from lib.core.common import getDirs
@ -45,7 +47,6 @@ from lib.takeover.metasploit import Metasploit
 from lib.takeover.registry import Registry
 from lib.techniques.outband.stacked import stackedTest
 class Takeover(Abstraction, Metasploit, Registry):
    """
    This class defines generic OS takeover functionalities for plugins.
@ -66,12 +67,17 @@ class Takeover(Abstraction, Metasploit, Registry):
        output = readInput(msg, default="Y")
        if not output or output[0] in ( "y", "Y" ):
-            wFile = os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe")
+            tmpFile = NamedTemporaryFile()
-
+            tmpFile.write(decloak(os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe_")))
            tmpFile.seek(0)
            wFile                 = tmpFile.name
            self.churrascoPath    = "%s/sqlmapchur%s.exe" % (conf.tmpPath, randomStr(lowercase=True))
            self.cmdFromChurrasco = True
-
+            
            self.writeFile(wFile, self.churrascoPath, "binary", confirm=False)
            tmpFile.close()
            return True
        else: