def demux_office(filename, password):
retlist = []
options = Config()
aux_options = Config("auxiliary")
tmp_path = options.cuckoo.get("tmppath", "/tmp")
basename = os.path.basename(filename)
target_path = os.path.join(tmp_path, "cuckoo-tmp/msoffice-crypt-tmp")
if not os.path.exists(target_path):
os.mkdir(target_path)
decrypted_name = os.path.join(target_path, basename)
if HAS_SFLOCK:
ofile = OfficeFile(sfFile.from_path(filename))
d = ofile.decrypt(password)
with open(decrypted_name, "w") as outs:
outs.write(d.contents)
# TODO add decryption verification checks
if "Encrypted" not in d.magic:
retlist.append(decrypted_name)
else:
raise CuckooDemuxError("MS Office decryptor not available")
if not retlist:
retlist.append(filename)
return retlist
def demux_office(filename, password):
retlist = []
options = Config()
aux_options = Config("auxiliary")
tmp_path = options.cuckoo.get("tmppath", "/tmp")
decryptor = aux_options.msoffice.get("decryptor", None)
result = 0
basename = os.path.basename(filename)
target_path = os.path.join(tmp_path, "cuckoo-tmp/msoffice-crypt-tmp")
if not os.path.exists(target_path):
os.mkdir(target_path)
decrypted_name = os.path.join(target_path, basename)
if decryptor and os.path.exists(decryptor):
try:
result = subprocess.call(
[decryptor, "-p", password, "-d", filename, decrypted_name])
except Exception as e:
raise CuckooDemuxError(e)
if result == 0 or result == 2:
retlist.append(decrypted_name)
elif result == 1:
raise CuckooDemuxError(
"MS Office decryptor: unsupported document type")
elif result == 3:
raise CuckooDemuxError("MS Office decryptor: bad password")
elif HAS_SFLOCK:
ofile = OfficeFile(sfFile.from_path(filename))
d = ofile.decrypt(password)
with open(decrypted_name, "w") as outs:
outs.write(d.contents)
# TODO add decryption verification checks
if "Encrypted" not in d.magic:
retlist.append(decrypted_name)
else:
raise CuckooDemuxError("MS Office decryptor not available")
if not retlist:
retlist.append(filename)
return retlist
def demux_office(filename, password):
retlist = []
options = Config()
aux_options = Config("auxiliary")
tmp_path = options.cuckoo.get("tmppath", "/tmp")
decryptor = aux_options.msoffice.get("decryptor", None)
result = 0
if decryptor and os.path.exists(decryptor):
basename = os.path.basename(filename)
target_path = os.path.join(tmp_path, "cuckoo-tmp/msoffice-crypt-tmp")
if not os.path.exists(target_path):
os.mkdir(target_path)
decrypted_name = os.path.join(target_path, basename)
try:
result = subprocess.call(
[decryptor, "-p", password, "-d", filename, decrypted_name])
except Exception as e:
raise CuckooDemuxError(e)
if result == 0 or result == 2:
retlist.append(decrypted_name)
elif result == 1:
raise CuckooDemuxError(
"MS Office decryptor: unsupported document type")
elif result == 3:
raise CuckooDemuxError("MS Office decryptor: bad password")
else:
raise CuckooDemuxError("MS Office decryptor binary not found")
if not retlist:
retlist.append(filename)
return retlist
def demux_office(filename: bytes, password: str) -> List[bytes]:
retlist = []
basename = os.path.basename(filename)
target_path = os.path.join(tmp_path, b"cuckoo-tmp/msoffice-crypt-tmp")
if not os.path.exists(target_path):
os.makedirs(target_path)
decrypted_name = os.path.join(target_path, basename)
if HAS_SFLOCK:
ofile = OfficeFile(sfFile.from_path(filename))
d = ofile.decrypt(password)
# TODO: add decryption verification checks
if hasattr(d, "contents") and "Encrypted" not in d.magic:
with open(decrypted_name, "wb") as outs:
outs.write(d.contents)
retlist.append(decrypted_name)
else:
raise CuckooDemuxError("MS Office decryptor not available")
if not retlist:
retlist.append(filename)
return retlist
