added new cloaking functionality for shell scripts

2024-11-21 17:16:35 +03:00 · 2010-01-27 13:56:26 +00:00 · 2010-01-27 13:56:26 +00:00 · 93b7994c0c
commit 93b7994c0c
parent a78bf9a88b
5 changed files with 200 additions and 0 deletions
--- a/extra/init.py
+++ b/extra/init.py
@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+$Id: $
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+pass
--- a/extra/cloak/README.txt
+++ b/extra/cloak/README.txt
@ -0,0 +1,22 @@
+To use cloak.py you need to pass it the original file,
+and optionally the output file name.
+
+Example:
+
+$ python ./cloak.py -i backdoor.asp -o backdoor.asp_
+
+This will create an encrypted and compressed binary file backdoor.asp_.
+
+Such file can then be converted to its original form by using the -d
+functionality of the cloak.py program:
+
+$ python ./cloak.py -d -i backdoor.asp_ -o backdoor.asp
+
+If you skip the output file name, general rule is that the compressed
+file names are suffixed with the character '_', while the original is
+get by skipping the last character. So, that means that the upper
+examples can also be written in the following form:
+
+$ python ./cloak.py -i backdoor.asp
+
+$ python ./cloak.py -d -i backdoor.asp_
--- a/extra/cloak/init.py
+++ b/extra/cloak/init.py
@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+$Id: $
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+pass
--- a/extra/cloak/init.py.bak
+++ b/extra/cloak/init.py.bak
@ -0,0 +1,25 @@
+#!/usr/bin/env python
+
+"""
+$Id: __init__.py 516 2009-02-19 21:55:19Z inquisb $
+
+This file is part of the sqlmap project, http://sqlmap.sourceforge.net.
+
+Copyright (c) 2007-2009 Bernardo Damele A. G. <bernardo.damele@gmail.com>
+Copyright (c) 2006 Daniele Bellucci <daniele.bellucci@gmail.com>
+
+sqlmap is free software; you can redistribute it and/or modify it under
+the terms of the GNU General Public License as published by the Free
+Software Foundation version 2 of the License.
+
+sqlmap is distributed in the hope that it will be useful, but WITHOUT ANY
+WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
+FOR A PARTICULAR PURPOSE.  See the GNU General Public License for more
+details.
+
+You should have received a copy of the GNU General Public License along
+with sqlmap; if not, write to the Free Software Foundation, Inc., 51
+Franklin St, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+pass
--- a/extra/cloak/cloak.py
+++ b/extra/cloak/cloak.py
@ -0,0 +1,103 @@
+#!/usr/bin/env python
+
+"""
+cloak.py - Simple file encryption and/or compression utility
+Copyright (C) 2010  Miroslav Stampar, Bernardo Damele A. G.
+email(s): miroslav.stampar@gmail.com, bernardo.damele@gmail.com
+
+This library is free software; you can redistribute it and/or
+modify it under the terms of the GNU Lesser General Public
+License as published by the Free Software Foundation; either
+version 2.1 of the License, or (at your option) any later version.
+
+This library is distributed in the hope that it will be useful,
+but WITHOUT ANY WARRANTY; without even the implied warranty of
+MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+Lesser General Public License for more details.
+
+You should have received a copy of the GNU Lesser General Public
+License along with this library; if not, write to the Free Software
+Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA  02110-1301  USA
+"""
+
+import os
+import sys
+import bz2
+
+from optparse import OptionError
+from optparse import OptionParser
+
+def hideAscii(data):
+    retVal = ""
+    for i in xrange(len(data)):
+        if ord(data[i]) < 128:
+            retVal += chr(ord(data[i]) ^ 127)
+        else:
+            retVal += data[i]
+            
+    return retVal
+
+def cloak(inputFile):
+    retVal = ""
+    
+    f = open(inputFile, 'rb')
+    original = f.read()
+    f.close()
+    
+    data = bz2.compress(original)
+    
+    return hideAscii(data)
+        
+def decloak(inputFile):
+    retVal = ""
+    
+    f = open(inputFile, 'rb')
+    original = f.read()
+    f.close()
+    
+    data = bz2.decompress(hideAscii(original))
+    
+    return data
+
+def main():
+    usage = '%s [-d] -i <input file> [-o <output file>]' % sys.argv[0]
+    parser  = OptionParser(usage=usage, version='0.1')
+
+    try:
+        parser.add_option('-d', dest='decrypt', action="store_true", help='Decrypt')
+        parser.add_option('-i', dest='inputFile', help='Input file')
+        parser.add_option('-o', dest='outputFile', help='Output file')
+
+        (args, _) = parser.parse_args()
+
+        if not args.inputFile:
+            parser.error('Missing the input file, -h for help')
+
+    except (OptionError, TypeError), e:
+        parser.error(e)
+    
+    if args.inputFile == '*':
+        pass
+    elif not os.path.isfile(args.inputFile):
+        print 'ERROR: the provided input file \'%s\' is not a regular file' % args.inputFile
+        sys.exit(1)
+    
+    if not args.decrypt:
+        data = cloak(args.inputFile)
+    else:
+        data = decloak(args.inputFile)
+
+    if not args.outputFile:
+        if not args.decrypt:
+            args.outputFile = args.inputFile + '_'
+        else:
+            args.outputFile = args.inputFile[:-1]
+        
+    fpOut      = open(args.outputFile, 'wb')
+    sys.stdout = fpOut
+    sys.stdout.write(data)
+    sys.stdout.close()
+
+
+if __name__ == '__main__':
+    main()