Exemplo n.º 1
0
def demux_office(filename, password):
    retlist = []

    options = Config()
    aux_options = Config("auxiliary")
    tmp_path = options.cuckoo.get("tmppath", "/tmp")

    basename = os.path.basename(filename)
    target_path = os.path.join(tmp_path, "cuckoo-tmp/msoffice-crypt-tmp")
    if not os.path.exists(target_path):
        os.mkdir(target_path)
    decrypted_name = os.path.join(target_path, basename)

    if HAS_SFLOCK:
        ofile = OfficeFile(sfFile.from_path(filename))
        d = ofile.decrypt(password)
        with open(decrypted_name, "w") as outs:
            outs.write(d.contents)
        # TODO add decryption verification checks
        if "Encrypted" not in d.magic:
            retlist.append(decrypted_name)
    else:
        raise CuckooDemuxError("MS Office decryptor not available")

    if not retlist:
        retlist.append(filename)

    return retlist
Exemplo n.º 2
0
def demux_office(filename, password):
    retlist = []

    options = Config()
    aux_options = Config("auxiliary")
    tmp_path = options.cuckoo.get("tmppath", "/tmp")
    decryptor = aux_options.msoffice.get("decryptor", None)
    result = 0

    basename = os.path.basename(filename)
    target_path = os.path.join(tmp_path, "cuckoo-tmp/msoffice-crypt-tmp")
    if not os.path.exists(target_path):
        os.mkdir(target_path)
    decrypted_name = os.path.join(target_path, basename)

    if decryptor and os.path.exists(decryptor):
        try:
            result = subprocess.call(
                [decryptor, "-p", password, "-d", filename, decrypted_name])
        except Exception as e:
            raise CuckooDemuxError(e)

        if result == 0 or result == 2:
            retlist.append(decrypted_name)
        elif result == 1:
            raise CuckooDemuxError(
                "MS Office decryptor: unsupported document type")
        elif result == 3:
            raise CuckooDemuxError("MS Office decryptor: bad password")
    elif HAS_SFLOCK:
        ofile = OfficeFile(sfFile.from_path(filename))
        d = ofile.decrypt(password)
        with open(decrypted_name, "w") as outs:
            outs.write(d.contents)
        # TODO add decryption verification checks
        if "Encrypted" not in d.magic:
            retlist.append(decrypted_name)
    else:
        raise CuckooDemuxError("MS Office decryptor not available")

    if not retlist:
        retlist.append(filename)

    return retlist
Exemplo n.º 3
0
def demux_office(filename: bytes, password: str) -> List[bytes]:
    retlist = []
    basename = os.path.basename(filename)
    target_path = os.path.join(tmp_path, b"cuckoo-tmp/msoffice-crypt-tmp")
    if not os.path.exists(target_path):
        os.makedirs(target_path)
    decrypted_name = os.path.join(target_path, basename)

    if HAS_SFLOCK:
        ofile = OfficeFile(sfFile.from_path(filename))
        d = ofile.decrypt(password)
        # TODO: add decryption verification checks
        if hasattr(d, "contents") and "Encrypted" not in d.magic:
            with open(decrypted_name, "wb") as outs:
                outs.write(d.contents)
            retlist.append(decrypted_name)
    else:
        raise CuckooDemuxError("MS Office decryptor not available")

    if not retlist:
        retlist.append(filename)

    return retlist