mirror of
https://github.com/nmap/nmap.git
synced 2026-01-24 15:19:03 +00:00
nmap_service.exe is now encoded locally by xor'ing each byte by 0xFF. It is decoded in line before it is uploaded. This is to prevent antivirus false positives from picking it up.
This commit is contained in:
ron
30
nselib/data/psexec/encoder.c
Normal file
30
nselib/data/psexec/encoder.c
Normal file
@@ -0,0 +1,30 @@
|
||||
/* encoder.c
|
||||
* By Ron Bowes
|
||||
* Created January 23, 2010
|
||||
*
|
||||
* This program encodes (or decodes) a .exe file (or any other kind of file)
|
||||
* to be uploaded by smb-psexec.nse. This will prevent antivirus on the
|
||||
* scanner from picking up the file, but not on the target. That's probably
|
||||
* best.
|
||||
*/
|
||||
|
||||
#include <stdio.h>
|
||||
#include <stdlib.h>
|
||||
|
||||
int main(int argc, char *argv[])
|
||||
{
|
||||
int ch;
|
||||
|
||||
/* Check the argument. */
|
||||
if(argc != 1)
|
||||
{
|
||||
fprintf(stderr, "Usage: %s < infile > outfile\n", argv[0]);
|
||||
return 1;
|
||||
}
|
||||
|
||||
/* Retrieve + encode each character till we're done. */
|
||||
while((ch = getchar()) != EOF)
|
||||
printf("%c", ch ^ 0xFF);
|
||||
|
||||
return 0;
|
||||
}
|
||||
Binary file not shown.
@@ -2175,8 +2175,10 @@ end
|
||||
--@param share The share to upload it to (eg, C$).
|
||||
--@param remotefile The remote file on the machine. It is relative to the share's root.
|
||||
--@param overrides A table of override values that's passed to the smb functions.
|
||||
--@param encoded Set to 'true' if the file is encoded (xor'ed with 0xFF), It will be decoded before upload. Default: false
|
||||
--@return (status, err) If status is false, err is an error message. Otherwise, err is undefined.
|
||||
function file_upload(host, localfile, share, remotefile, overrides)
|
||||
require 'nsedebug'
|
||||
function file_upload(host, localfile, share, remotefile, overrides, encoded)
|
||||
local status, err, smbstate
|
||||
local chunk = 1024
|
||||
|
||||
@@ -2196,6 +2198,14 @@ function file_upload(host, localfile, share, remotefile, overrides)
|
||||
|
||||
local i = 0
|
||||
while(data ~= nil and #data > 0) do
|
||||
|
||||
if(encoded) then
|
||||
local new_data = ""
|
||||
for j = 1, #data, 1 do
|
||||
new_data = new_data .. string.char(bit.bxor(0xFF, string.byte(data, j)))
|
||||
end
|
||||
data = new_data
|
||||
end
|
||||
|
||||
status, err = smb.write_file(smbstate, data, i)
|
||||
if(status == false) then
|
||||
|
||||
@@ -943,7 +943,7 @@ local function upload_everything(host, config)
|
||||
|
||||
-- Upload the service file
|
||||
stdnse.print_debug(1, "smb-psexec: Uploading: nselib/data/psexec/nmap_service.exe => \\\\%s\\%s", config.share, config.service_file)
|
||||
status, err = smb.file_upload(host, "nselib/data/psexec/nmap_service.exe", config.share, "\\" .. config.service_file, overrides)
|
||||
status, err = smb.file_upload(host, "nselib/data/psexec/nmap_service.exe", config.share, "\\" .. config.service_file, overrides, true)
|
||||
if(status == false) then
|
||||
cleanup(host, config)
|
||||
return false, string.format("Couldn't upload the service file: %s\n", err)
|
||||
|
||||
Reference in New Issue
Block a user