def unpack(filepath,
contents=None,
password=None,
filename=None,
duplicates=None):
"""Unpacks the file or contents provided."""
if contents:
f = File(filepath, contents, filename=filename)
else:
f = File.from_path(filepath, filename=filename)
if duplicates is None:
duplicates = []
# Determine how we're going to unpack this file (if at all). It may not
# have a file extension, e.g., when its filename is a hash. In those cases
# we're going to take a look at the contents of the file.
f.unpacker = Unpacker.guess(f)
# Actually unpack any embedded files in this archive.
if f.unpacker:
plugin = plugins[f.unpacker](f)
if plugin.supported():
f.children = plugin.unpack(password, duplicates)
return f
def demux_office(filename, password):
retlist = []
options = Config()
aux_options = Config("auxiliary")
tmp_path = options.cuckoo.get("tmppath", "/tmp")
basename = os.path.basename(filename)
target_path = os.path.join(tmp_path, "cuckoo-tmp/msoffice-crypt-tmp")
if not os.path.exists(target_path):
os.mkdir(target_path)
decrypted_name = os.path.join(target_path, basename)
if HAS_SFLOCK:
ofile = OfficeFile(sfFile.from_path(filename))
d = ofile.decrypt(password)
with open(decrypted_name, "w") as outs:
outs.write(d.contents)
# TODO add decryption verification checks
if "Encrypted" not in d.magic:
retlist.append(decrypted_name)
else:
raise CuckooDemuxError("MS Office decryptor not available")
if not retlist:
retlist.append(filename)
return retlist
def unpack(filepath=None,
contents=None,
password=None,
filename=None,
duplicates=None):
"""Unpacks the file or contents provided."""
if duplicates is None:
duplicates = []
if six.PY3:
if isinstance(filepath, str) or isinstance(contents, str):
raise IncorrectUsageException
if isinstance(filename, str):
raise IncorrectUsageException
if contents:
f = File(filepath, contents, filename=filename)
else:
f = File.from_path(filepath, filename=filename)
Unpacker.single(f, password, duplicates)
ident(f)
return f
def unpack(filepath=None,
contents=None,
password=None,
filename=None,
duplicates=None):
"""Unpacks the file or contents provided."""
if duplicates is None:
duplicates = []
if contents:
f = File(filepath, contents, filename=filename)
else:
f = File.from_path(filepath, filename=filename)
Unpacker.single(f, password, duplicates)
ident(f)
return f
def unpack(filepath, contents=None):
"""Unpacks the file or contents provided."""
if contents:
f = File(filepath, contents)
else:
f = File.from_path(filepath)
# Determine how we're going to unpack this file (if at all). It may not
# have a file extension, e.g., when its filename is a hash. In those cases
# we're going to take a look at the contents of the file.
unpacker = picker(filepath)
if not unpacker and f.get_signature():
unpacker = f.get_signature()["unpacker"]
# Actually unpack any embedded files in this archive.
if unpacker:
f.children = plugins[unpacker](f).unpack()
return f
def demux_office(filename, password):
retlist = []
options = Config()
aux_options = Config("auxiliary")
tmp_path = options.cuckoo.get("tmppath", "/tmp")
decryptor = aux_options.msoffice.get("decryptor", None)
result = 0
basename = os.path.basename(filename)
target_path = os.path.join(tmp_path, "cuckoo-tmp/msoffice-crypt-tmp")
if not os.path.exists(target_path):
os.mkdir(target_path)
decrypted_name = os.path.join(target_path, basename)
if decryptor and os.path.exists(decryptor):
try:
result = subprocess.call(
[decryptor, "-p", password, "-d", filename, decrypted_name])
except Exception as e:
raise CuckooDemuxError(e)
if result == 0 or result == 2:
retlist.append(decrypted_name)
elif result == 1:
raise CuckooDemuxError(
"MS Office decryptor: unsupported document type")
elif result == 3:
raise CuckooDemuxError("MS Office decryptor: bad password")
elif HAS_SFLOCK:
ofile = OfficeFile(sfFile.from_path(filename))
d = ofile.decrypt(password)
with open(decrypted_name, "w") as outs:
outs.write(d.contents)
# TODO add decryption verification checks
if "Encrypted" not in d.magic:
retlist.append(decrypted_name)
else:
raise CuckooDemuxError("MS Office decryptor not available")
if not retlist:
retlist.append(filename)
return retlist
def demux_office(filename: bytes, password: str) -> List[bytes]:
retlist = []
basename = os.path.basename(filename)
target_path = os.path.join(tmp_path, b"cuckoo-tmp/msoffice-crypt-tmp")
if not os.path.exists(target_path):
os.makedirs(target_path)
decrypted_name = os.path.join(target_path, basename)
if HAS_SFLOCK:
ofile = OfficeFile(sfFile.from_path(filename))
d = ofile.decrypt(password)
# TODO: add decryption verification checks
if hasattr(d, "contents") and "Encrypted" not in d.magic:
with open(decrypted_name, "wb") as outs:
outs.write(d.contents)
retlist.append(decrypted_name)
else:
raise CuckooDemuxError("MS Office decryptor not available")
if not retlist:
retlist.append(filename)
return retlist
def unpack(filepath=None, contents=None, password=None, filename=None,
duplicates=None):
"""Unpacks the file or contents provided."""
if contents:
f = File(filepath, contents, filename=filename)
else:
f = File.from_path(filepath, filename=filename)
if duplicates is None:
duplicates = []
# Determine how we're going to unpack this file (if at all). It may not
# have a file extension, e.g., when its filename is a hash. In those cases
# we're going to take a look at the contents of the file.
f.unpacker = Unpacker.guess(f)
# Actually unpack any embedded files in this archive.
if f.unpacker:
plugin = plugins[f.unpacker](f)
if plugin.supported():
f.children = plugin.unpack(password, duplicates)
return f
def unpack(filepath, contents=None, password=None):
"""Unpacks the file or contents provided."""
if contents:
f = File(filepath, contents)
else:
f = File.from_path(filepath)
duplicates = []
# Determine how we're going to unpack this file (if at all). It may not
# have a file extension, e.g., when its filename is a hash. In those cases
# we're going to take a look at the contents of the file.
unpacker = picker(filepath)
if not unpacker and f.get_signature():
unpacker = f.get_signature()["unpacker"]
# Actually unpack any embedded files in this archive.
if unpacker:
plugin = plugins[unpacker](f)
if plugin.supported():
f.children = plugin.unpack(password, duplicates)
return f
def f(filename):
return File.from_path("tests/files/%s" % filename)
def f(filename):
return File.from_path("tests/files/%s" % filename)
def f(filename):
return File.from_path(os.path.join("tests", "files", filename))
