obfuscate: no validation on file type

OWASP / ZSC

OWASP ZSC - Shellcode/Obfuscate Code Generator https://www.secologist.com/

https://www.secologist.com/

Other

646 stars 217 forks source link

obfuscate: no validation on file type #107

Closed jowasp closed 8 years ago

jowasp commented 8 years ago

encoding/obfuscation module should validate the extension of the file to be encoded, allowing encode on files that are not the chosen format

zsc/obfuscate> ruby
filename> 
.DS_Store                 installer.py              sharmincv.c
.gitignore                readme.md                 uninstaller.py
CHANGELOG.md              secret.c                  version
LICENSE.md                sharmin                   zcr_shellcoder_1.0.9.zip
admin.c                   sharminc.c                zsc.py
filename> secret.c
encode> 
base64          base64_rev      simple_hex      simple_hex_rev
encode> base64
[+] file "secret.c" encoded successfully!

Ali-Razmjoo commented 8 years ago

Hello Johanna, thanks for noticing, files could be in any type to run as ruby, php, python or any other languages.

test:

C:\Users\Ali\Desktop>cat f.c
print 'i\'m .c file but python'
C:\Users\Ali\Desktop>python f.c
i'm .c file but python

C:\Users\Ali\Desktop>