def unpack(filepath, contents=None, password=None, filename=None, duplicates=None): """Unpacks the file or contents provided.""" if contents: f = File(filepath, contents, filename=filename) else: f = File.from_path(filepath, filename=filename) if duplicates is None: duplicates = [] # Determine how we're going to unpack this file (if at all). It may not # have a file extension, e.g., when its filename is a hash. In those cases # we're going to take a look at the contents of the file. f.unpacker = Unpacker.guess(f) # Actually unpack any embedded files in this archive. if f.unpacker: plugin = plugins[f.unpacker](f) if plugin.supported(): f.children = plugin.unpack(password, duplicates) return f
def demux_office(filename, password): retlist = [] options = Config() aux_options = Config("auxiliary") tmp_path = options.cuckoo.get("tmppath", "/tmp") basename = os.path.basename(filename) target_path = os.path.join(tmp_path, "cuckoo-tmp/msoffice-crypt-tmp") if not os.path.exists(target_path): os.mkdir(target_path) decrypted_name = os.path.join(target_path, basename) if HAS_SFLOCK: ofile = OfficeFile(sfFile.from_path(filename)) d = ofile.decrypt(password) with open(decrypted_name, "w") as outs: outs.write(d.contents) # TODO add decryption verification checks if "Encrypted" not in d.magic: retlist.append(decrypted_name) else: raise CuckooDemuxError("MS Office decryptor not available") if not retlist: retlist.append(filename) return retlist
def unpack(filepath=None, contents=None, password=None, filename=None, duplicates=None): """Unpacks the file or contents provided.""" if duplicates is None: duplicates = [] if six.PY3: if isinstance(filepath, str) or isinstance(contents, str): raise IncorrectUsageException if isinstance(filename, str): raise IncorrectUsageException if contents: f = File(filepath, contents, filename=filename) else: f = File.from_path(filepath, filename=filename) Unpacker.single(f, password, duplicates) ident(f) return f
def unpack(filepath=None, contents=None, password=None, filename=None, duplicates=None): """Unpacks the file or contents provided.""" if duplicates is None: duplicates = [] if contents: f = File(filepath, contents, filename=filename) else: f = File.from_path(filepath, filename=filename) Unpacker.single(f, password, duplicates) ident(f) return f
def unpack(filepath, contents=None): """Unpacks the file or contents provided.""" if contents: f = File(filepath, contents) else: f = File.from_path(filepath) # Determine how we're going to unpack this file (if at all). It may not # have a file extension, e.g., when its filename is a hash. In those cases # we're going to take a look at the contents of the file. unpacker = picker(filepath) if not unpacker and f.get_signature(): unpacker = f.get_signature()["unpacker"] # Actually unpack any embedded files in this archive. if unpacker: f.children = plugins[unpacker](f).unpack() return f
def demux_office(filename, password): retlist = [] options = Config() aux_options = Config("auxiliary") tmp_path = options.cuckoo.get("tmppath", "/tmp") decryptor = aux_options.msoffice.get("decryptor", None) result = 0 basename = os.path.basename(filename) target_path = os.path.join(tmp_path, "cuckoo-tmp/msoffice-crypt-tmp") if not os.path.exists(target_path): os.mkdir(target_path) decrypted_name = os.path.join(target_path, basename) if decryptor and os.path.exists(decryptor): try: result = subprocess.call( [decryptor, "-p", password, "-d", filename, decrypted_name]) except Exception as e: raise CuckooDemuxError(e) if result == 0 or result == 2: retlist.append(decrypted_name) elif result == 1: raise CuckooDemuxError( "MS Office decryptor: unsupported document type") elif result == 3: raise CuckooDemuxError("MS Office decryptor: bad password") elif HAS_SFLOCK: ofile = OfficeFile(sfFile.from_path(filename)) d = ofile.decrypt(password) with open(decrypted_name, "w") as outs: outs.write(d.contents) # TODO add decryption verification checks if "Encrypted" not in d.magic: retlist.append(decrypted_name) else: raise CuckooDemuxError("MS Office decryptor not available") if not retlist: retlist.append(filename) return retlist
def demux_office(filename: bytes, password: str) -> List[bytes]: retlist = [] basename = os.path.basename(filename) target_path = os.path.join(tmp_path, b"cuckoo-tmp/msoffice-crypt-tmp") if not os.path.exists(target_path): os.makedirs(target_path) decrypted_name = os.path.join(target_path, basename) if HAS_SFLOCK: ofile = OfficeFile(sfFile.from_path(filename)) d = ofile.decrypt(password) # TODO: add decryption verification checks if hasattr(d, "contents") and "Encrypted" not in d.magic: with open(decrypted_name, "wb") as outs: outs.write(d.contents) retlist.append(decrypted_name) else: raise CuckooDemuxError("MS Office decryptor not available") if not retlist: retlist.append(filename) return retlist
def unpack(filepath=None, contents=None, password=None, filename=None, duplicates=None): """Unpacks the file or contents provided.""" if contents: f = File(filepath, contents, filename=filename) else: f = File.from_path(filepath, filename=filename) if duplicates is None: duplicates = [] # Determine how we're going to unpack this file (if at all). It may not # have a file extension, e.g., when its filename is a hash. In those cases # we're going to take a look at the contents of the file. f.unpacker = Unpacker.guess(f) # Actually unpack any embedded files in this archive. if f.unpacker: plugin = plugins[f.unpacker](f) if plugin.supported(): f.children = plugin.unpack(password, duplicates) return f
def unpack(filepath, contents=None, password=None): """Unpacks the file or contents provided.""" if contents: f = File(filepath, contents) else: f = File.from_path(filepath) duplicates = [] # Determine how we're going to unpack this file (if at all). It may not # have a file extension, e.g., when its filename is a hash. In those cases # we're going to take a look at the contents of the file. unpacker = picker(filepath) if not unpacker and f.get_signature(): unpacker = f.get_signature()["unpacker"] # Actually unpack any embedded files in this archive. if unpacker: plugin = plugins[unpacker](f) if plugin.supported(): f.children = plugin.unpack(password, duplicates) return f
def f(filename): return File.from_path("tests/files/%s" % filename)
def f(filename): return File.from_path(os.path.join("tests", "files", filename))