-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
check_external_scripts.rb add more files to check #13191
Conversation
Tested JTR changes. Everything still cracks the same pre/post. No real time change in cracking (on an i7 anyways).
|
It looks like this modified the binaries in |
Yes those are related. I last updated them like 2yrs ago, so not surprising there is some change, but unsure what all it was. I did not test the UDF file changes |
e1e694e
to
22245b9
Compare
Reverted the mysql ones. Looks like they changed something (obvi due to file size decrease). Reverted to the last ones we had and its working fine, but here was testing on the new version.
Bloodhound also had another update. |
Ok, got the udf stuff figured out. @stamparm you last provided de-cloaked versions #9677 (comment) about 2yrs ago. Asking you for de-cloaked versions every once in a while isn't necessarily sustainable. Is there any way we can have those either added to the sqlmap git, or a diff repo so they could be automatically pulled? I'm going to delay this till we can find a good way here. Either UDF files need to be removed from this script, or adjusted if @stamparm is willing to upload decloaked versions for us to pull. |
@h00die I am going to leave a generic "how-to" de-cloak here:
p.s. "cloaking" is used because sqlmap (previously) regularly appeared on malware blacklists based on these compiled binaries |
@stamparm worked great, thanks! |
there was some back and forth on this, but its ready to be tested. In the end, the mysql UDF files are still current. |
Will need an update when #13194 lands to add the shaphound exe. Depending which lands first.... |
1474945
to
4105877
Compare
since the bloodhound module got fixed, added |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few minor changes though my bigger concern right now is that the SharpHound.ps1 file isn't the same one that is on GitHub, and I also have concerns regarding us importing DLLs and EXEs that have been compiled by someone else directly into Metasploit since we have a lot of rules against doing that in general.
Let me get back to you r.e the DLLs and EXEs, but the other fixes should be relatively easy to make. PS1 file should also be easy to update assuming that updating it won't break anything but let me know if this is not the case and we can look into it further.
@h00die Also looks like some further changes to the script might be needed:
Looks like the script is failing if |
Update: After further debugging I determined that the real problem was because the script assumes that More to the point though, we should not be assuming that users will have Python or Git installed when running this script. The next commit should fix this by adding in a few checks to ensure that the commands executed successfully before continuing. Aka |
… or python3 is installed and to try both options, to try ensure the git repo is cloned correctly, and to make sure that operations complete successfully before moving onto the next one. Also added in fixes from review notes for minor issues.
Applied changes myself with last commit
Hmm so one last change that I think might be good is to remove the need to keep cloning the repo again and again for every |
…y time that we want to decloak another sqlmap file
Release NotesUpdated |
This PR adds the sqlmap UDF and JTR files to the external scripts check (#10579). The external scripts checker is an external "lib" checker, to ensure all non-gem libraries, configs, and scripts that are used by MSF are up to date.
SharpHound.ps1
updates.To Test:
tools/dev/check_external_scripts.rb
and ensure it doesn't crash, and doesn't get any 404 or other related issues (non-200ish), and all files are up to date.