cloaked upx for windows (used mkstemp because of execution and file access rights problem)

This commit is contained in:
Miroslav Stampar 2010-01-29 10:12:09 +00:00
parent 200518724c
commit 92817159dc
5 changed files with 25 additions and 1 deletions

View File

@ -0,0 +1,10 @@
Due to the anti-virus positive detection of executable stored inside this folder,
we needed to somehow circumvent this. As from the plain sqlmap users perspective nothing
has to be done prior to its usage by sqlmap, but if you want to have access to the
original executable use the decrypt functionality of the ../../../../extra/cloak/cloak.py utility.
To prepare the executable to the cloaked form use this command:
python ../../../../extra/cloak/cloak.py -i upx.exe
To get back the original executable use this:
python ../../../../extra/cloak/cloak.py -d -i upx.exe_

Binary file not shown.

Binary file not shown.

View File

@ -34,6 +34,7 @@ import ntpath
import posixpath import posixpath
from tempfile import NamedTemporaryFile from tempfile import NamedTemporaryFile
from tempfile import mkstemp
from extra.cloak.cloak import decloak from extra.cloak.cloak import decloak
from lib.contrib import magic from lib.contrib import magic
@ -885,3 +886,10 @@ def decloakToNamedTemporaryFile(filepath, name=None):
retVal.old_name = retVal.name retVal.old_name = retVal.name
retVal.name = name retVal.name = name
return retVal return retVal
def decloakToMkstemp(filepath, **kwargs):
name = mkstemp(**kwargs)[1]
retVal = open(name, 'w+b')
retVal.write(decloak(filepath))
retVal.seek(0)
return retVal

View File

@ -30,6 +30,7 @@ from subprocess import STDOUT
from subprocess import Popen as execute from subprocess import Popen as execute
from lib.core.common import dataToStdout from lib.core.common import dataToStdout
from lib.core.common import decloakToMkstemp
from lib.core.common import pollProcess from lib.core.common import pollProcess
from lib.core.data import logger from lib.core.data import logger
from lib.core.data import paths from lib.core.data import paths
@ -49,7 +50,9 @@ class UPX:
self.__upxPath = "%s/upx/macosx/upx" % paths.SQLMAP_CONTRIB_PATH self.__upxPath = "%s/upx/macosx/upx" % paths.SQLMAP_CONTRIB_PATH
elif "win" in PLATFORM: elif "win" in PLATFORM:
self.__upxPath = "%s\upx\windows\upx.exe" % paths.SQLMAP_CONTRIB_PATH self.__upxTempExe = decloakToMkstemp("%s\upx\windows\upx.exe_" % paths.SQLMAP_CONTRIB_PATH, suffix=".exe")
self.__upxPath = self.__upxTempExe.name
self.__upxTempExe.close() #needed for execution rights
elif "linux" in PLATFORM: elif "linux" in PLATFORM:
self.__upxPath = "%s/upx/linux/upx" % paths.SQLMAP_CONTRIB_PATH self.__upxPath = "%s/upx/linux/upx" % paths.SQLMAP_CONTRIB_PATH
@ -72,6 +75,9 @@ class UPX:
logger.debug("executing local command: %s" % self.__upxCmd) logger.debug("executing local command: %s" % self.__upxCmd)
process = execute(self.__upxCmd, shell=True, stdout=PIPE, stderr=STDOUT) process = execute(self.__upxCmd, shell=True, stdout=PIPE, stderr=STDOUT)
if (self, hasattr('__upxTempExe')):
os.remove(self.__upxTempExe.name)
dataToStdout("\r[%s] [INFO] compression in progress " % time.strftime("%X")) dataToStdout("\r[%s] [INFO] compression in progress " % time.strftime("%X"))
pollProcess(process) pollProcess(process)
upxStdout, upxStderr = process.communicate() upxStdout, upxStderr = process.communicate()