search

operatorequals / covertutils

A framework for Backdoor development!
http://covertutils.readthedocs.io
437 stars 69 forks source link

Don't forget self #2

Closed cclauss closed 7 years ago

operatorequals commented 7 years ago

Hey cclaus that is really sweet of you! The code is not tested as it has been deprecated by covertutils.payloads.generic.control RST command. If you are planning to make something this feature works out of the box if you use covertutils.shells.impl.StandardShell or covertutils.shells.impl.ExtendableShell with !control reset.

cclauss commented 7 years ago

Do you want help getting to Python 3? I have been doing that elsewhere and would be willing to help out here if that is of interest too you. My approach is to get flake8 compatible in Py 2 and then use test (which this repo has!) and flake8 to get Py 3 compatible.

operatorequals commented 7 years ago

I sure do, as long as it fully remains Py2 compatible. Meaning that ".encode('hex')" and such stuff will still work.

On 05/08/2017 01:35, cclauss wrote:

Do you want help getting to Python 3? I have been doing that elsewhere and would be willing to help out here if that is of interest too you. My approach is to get flake8 compatible in Py 2 and then use test (which this repo has!) and flake8 to get Py 3 compatible.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/operatorequals/covertutils/pull/2#issuecomment-320358411, or mute the thread https://github.com/notifications/unsubscribe-auth/AF3JGEvfD9qI9IdCOeubf8jcYkhljX76ks5sU46HgaJpZM4OuNBr.

cclauss commented 7 years ago

OK... So can you please look at the Python 2.7.13 run at https://travis-ci.org/operatorequals/covertutils and see if you can identify why the Py 2 version is failing your test?

test_two_way (test_Pivot.Test_SimpleBridge) ... FAIL

operatorequals commented 7 years ago

The Py2 tests are failling in rare occasions without any change to the code as of the OTP mechanism. This is accepted and handled by the reset functionality. Retrying the suite will be successful most of the time, it is still luck.

cclauss commented 7 years ago

OK. Given that, please review these changes.

If you know how to squash my 48 commits, please do so.

operatorequals commented 7 years ago

All tests succeed against python2 locally.

screen shot 2017-08-05 at 19 30 34

Travis CI falls in race conditions that are created because test is using lists instead of queue (I suppose).

cclauss commented 7 years ago

@operatorequals Could I get you to look into:

File "/home/travis/build/operatorequals/covertutils/covertutils/crypto/keys/standardcyclingkey.py", line 50, in __hash
    return self.cycling_algorithm ( message + self.__salt ).digest()
TypeError: must be str, not bytes

As you can see from https://travis-ci.org/operatorequals/covertutils , a lot of our open issues are blocked by this one and I can not figure it out. Perhaps bytes(message) and/or bytes(self.__salt) but I can not find the secret formula. For literals that you want to be bytes, please use b'strings' which work in both Python 2 and Python 3. We need to declare things as bytes() if we want Python 3 to work properly with them.

If you can't fix this one but you can fix another, that would certainly be welcome also.

I am happy that the Python 2 tests are still as good as they were before but we have to work on reducing the Python 3 errors without increasing the Python 2 errors.

operatorequals commented 7 years ago

Trying to make convert the covertutils.crypto to Py2/3 code made me abort the Py3 porting altogether. It uses exactly what Py3 was created to avoid: strings as bytearrays You are brave and fearless! Leave Python. Become a u'Knight'.

So, the think is that this is called with message being bytes half of the time and str the rest of the time.

Let's make it clear:

Python3

>>> a = bytes(10)
>>> b = "\x00"*10
>>> bytes(b, 'utf8')
b'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00'
>>> bytes(a, 'utf8')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: encoding without a string argument
>>>

Python2

>>> a = bytes(10)
>>> b = "\x00"*10
>>> bytes(b, 'utf8')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: str() takes at most 1 argument (2 given)
>>> bytes(a, 'utf8')
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
TypeError: str() takes at most 1 argument (2 given)
>>>

So I propose this:

    def __hash( self, message ) :
        inp_type = type(message)
        try :
            to_hash = bytes(message, 'utf8')
        except TypeError :
            to_hash = message
        salt = self.__salt
        hash_obj = self.cycling_algorithm ( to_hash + salt )
        return inp_type(hash_obj.digest())  # Even if the argument is "bytes" it will still work

Which still passes all Py2 Tests (that is locally)

screen shot 2017-08-06 at 13 04 40

Awaiting for your input. If you approve it you can commit it along with all your changes.

I got no way to thank you for your assistance!

cclauss commented 7 years ago

I approve. Try to squash if you can. https://help.github.com/articles/about-pull-request-merges/#squash-and-merge-your-pull-request-commits

operatorequals commented 7 years ago

I'll sure do once I push some docs.