diff --git a/data/shell/backdoors/backdoor.asp_ b/data/shell/backdoors/backdoor.asp_ index ebcf6bf57..248f4cf5f 100644 Binary files a/data/shell/backdoors/backdoor.asp_ and b/data/shell/backdoors/backdoor.asp_ differ diff --git a/data/shell/backdoors/backdoor.aspx_ b/data/shell/backdoors/backdoor.aspx_ index fa865e71d..789733936 100644 Binary files a/data/shell/backdoors/backdoor.aspx_ and b/data/shell/backdoors/backdoor.aspx_ differ diff --git a/data/shell/backdoors/backdoor.jsp_ b/data/shell/backdoors/backdoor.jsp_ index 103b166ea..59c0e1c02 100644 Binary files a/data/shell/backdoors/backdoor.jsp_ and b/data/shell/backdoors/backdoor.jsp_ differ diff --git a/data/shell/backdoors/backdoor.php_ b/data/shell/backdoors/backdoor.php_ index ee2aa1c28..4ee285e10 100644 Binary files a/data/shell/backdoors/backdoor.php_ and b/data/shell/backdoors/backdoor.php_ differ diff --git a/data/shell/stagers/stager.asp_ b/data/shell/stagers/stager.asp_ index ff0201d5f..a2f453881 100644 Binary files a/data/shell/stagers/stager.asp_ and b/data/shell/stagers/stager.asp_ differ diff --git a/data/shell/stagers/stager.aspx_ b/data/shell/stagers/stager.aspx_ index d7d399b1b..2ff6b3fbf 100644 Binary files a/data/shell/stagers/stager.aspx_ and b/data/shell/stagers/stager.aspx_ differ diff --git a/data/shell/stagers/stager.jsp_ b/data/shell/stagers/stager.jsp_ index 5e021bffd..6f807c3f2 100644 Binary files a/data/shell/stagers/stager.jsp_ and b/data/shell/stagers/stager.jsp_ differ diff --git a/data/shell/stagers/stager.php_ b/data/shell/stagers/stager.php_ index 4d427ce13..844eb9c27 100644 Binary files a/data/shell/stagers/stager.php_ and b/data/shell/stagers/stager.php_ differ diff --git a/extra/cloak/cloak.py b/extra/cloak/cloak.py index c68b4a06b..617c38f2d 100644 --- a/extra/cloak/cloak.py +++ b/extra/cloak/cloak.py @@ -21,7 +21,7 @@ if sys.version_info >= (3, 0): xrange = range ord = lambda _: _ -KEY = b"wXGWkn7KI0VhDOHS" +KEY = b"LGekORm7qYCsv39f" def xor(message, key): return b"".join(struct.pack('B', ord(message[i]) ^ ord(key[i % len(key)])) for i in range(len(message))) diff --git a/extra/shutils/recloak.sh b/extra/shutils/recloak.sh index 07dd4aabe..17cd7bb75 100755 --- a/extra/shutils/recloak.sh +++ b/extra/shutils/recloak.sh @@ -5,10 +5,14 @@ DIR=$(cd -P -- "$(dirname -- "${BASH_SOURCE[0]}")" && pwd -P) cd $DIR/../../data/shell -find -regex ".*backdoor\.[a-z]*_" -or -regex ".*stager\.[a-z]*_" -type f -exec python ../../extra/cloak/cloak.py -d -i '{}' \; +find -regex ".*backdoor\.[a-z]*_" -type f -exec python ../../extra/cloak/cloak.py -d -i '{}' \; +find -regex ".*stager\.[a-z]*_" -type f -exec python ../../extra/cloak/cloak.py -d -i '{}' \; cd $DIR/../cloak sed -i 's/KEY = .*/KEY = b"'`python -c 'import random; import string; print("".join(random.sample(string.ascii_letters + string.digits, 16)))'`'"/g' cloak.py cd $DIR/../../data/shell -find -regex ".*backdoor\.[a-z]*" -or -regex ".*stager\.[a-z]*" -type f -exec python ../../extra/cloak/cloak.py -i '{}' \; +find -regex ".*backdoor\.[a-z]*" -type f -exec python ../../extra/cloak/cloak.py -i '{}' \; +find -regex ".*stager\.[a-z]*" -type f -exec python ../../extra/cloak/cloak.py -i '{}' \; + +git clean -f > /dev/null diff --git a/lib/core/common.py b/lib/core/common.py index c65b2ae97..b50810843 100644 --- a/lib/core/common.py +++ b/lib/core/common.py @@ -5003,6 +5003,10 @@ def decloakToTemp(filename): >>> openFile(_, "rb", encoding=None).read().startswith(b'<%') True >>> os.remove(_) + >>> _ = decloakToTemp(os.path.join(paths.SQLMAP_SHELL_PATH, "backdoors", "backdoor.asp_")) + >>> openFile(_, "rb", encoding=None).read().startswith(b'<%') + True + >>> os.remove(_) """ content = decloak(filename) diff --git a/lib/core/settings.py b/lib/core/settings.py index de19e2b97..eb2b45ce5 100644 --- a/lib/core/settings.py +++ b/lib/core/settings.py @@ -18,7 +18,7 @@ from lib.core.enums import OS from thirdparty.six import unichr as _unichr # sqlmap version (...) -VERSION = "1.4.8.20" +VERSION = "1.4.8.22" TYPE = "dev" if VERSION.count('.') > 2 and VERSION.split('.')[-1] != '0' else "stable" TYPE_COLORS = {"dev": 33, "stable": 90, "pip": 34} VERSION_STRING = "sqlmap/%s#%s" % ('.'.join(VERSION.split('.')[:-1]) if VERSION.count('.') > 2 and VERSION.split('.')[-1] == '0' else VERSION, TYPE)