Changeset 440
- Timestamp:
- 03/27/06 20:35:31 (3 years ago)
- Files:
-
- nepenthes/trunk/Makefile.am (modified) (1 diff)
- nepenthes/trunk/modules/shellcode-signatures/sch_namespace_base64.cpp (modified) (1 diff)
- nepenthes/trunk/modules/shellcode-signatures/sch_namespace_bindfiletransfer.cpp (modified) (1 diff)
- nepenthes/trunk/modules/shellcode-signatures/sch_namespace_bindshell.cpp (modified) (1 diff)
- nepenthes/trunk/modules/shellcode-signatures/sch_namespace_connectbackfiletransfer.cpp (modified) (1 diff)
- nepenthes/trunk/modules/shellcode-signatures/sch_namespace_connectbackshell.cpp (modified) (1 diff)
- nepenthes/trunk/modules/shellcode-signatures/sch_namespace_execute.cpp (modified) (1 diff)
- nepenthes/trunk/modules/shellcode-signatures/sch_namespace_konstanzxor.cpp (modified) (1 diff)
- nepenthes/trunk/modules/shellcode-signatures/sch_namespace_linkxor.cpp (modified) (1 diff)
- nepenthes/trunk/modules/shellcode-signatures/sch_namespace_url.cpp (modified) (1 diff)
- nepenthes/trunk/modules/shellcode-signatures/sch_namespace_xor.cpp (modified) (2 diffs)
- nepenthes/trunk/modules/shellcode-signatures/shellcode-signatures.cpp (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
nepenthes/trunk/Makefile.am
r380 r440 50 50 $(mkinstalldirs) $(DESTDIR)$(localstatedir)/cache/nepenthes 51 51 $(mkinstalldirs) $(DESTDIR)$(localstatedir)/cache/nepenthes/geolocation 52 $(mkinstalldirs) $(DESTDIR)$(localstatedir)/cache/nepenthes/signatures 53 54 $(INSTALL_DATA) modules/shellcode-signatures/shellcode-signatures.sc $(DESTDIR)$(localstatedir)/cache/nepenthes/signatures 55 52 56 $(mkinstalldirs) $(DESTDIR)$(localstatedir)/spool 53 57 $(mkinstalldirs) $(DESTDIR)$(localstatedir)/spool/nepenthes nepenthes/trunk/modules/shellcode-signatures/sch_namespace_base64.cpp
r436 r440 79 79 } 80 80 81 printf("%s\n",m_Shellcode->pattern);81 // printf("%s\n",m_Shellcode->pattern); 82 82 // g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size); 83 83 return true; nepenthes/trunk/modules/shellcode-signatures/sch_namespace_bindfiletransfer.cpp
r433 r440 82 82 } 83 83 84 printf("%s\n",m_Shellcode->pattern);84 // printf("%s\n",m_Shellcode->pattern); 85 85 // g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size); 86 86 return true; nepenthes/trunk/modules/shellcode-signatures/sch_namespace_bindshell.cpp
r430 r440 80 80 } 81 81 82 printf("%s\n",m_Shellcode->pattern);82 // printf("%s\n",m_Shellcode->pattern); 83 83 // g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size); 84 84 return true; nepenthes/trunk/modules/shellcode-signatures/sch_namespace_connectbackfiletransfer.cpp
r432 r440 82 82 } 83 83 84 printf("%s\n",m_Shellcode->pattern);84 // printf("%s\n",m_Shellcode->pattern); 85 85 // g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size); 86 86 return true; nepenthes/trunk/modules/shellcode-signatures/sch_namespace_connectbackshell.cpp
r430 r440 82 82 } 83 83 84 printf("%s\n",m_Shellcode->pattern);84 // printf("%s\n",m_Shellcode->pattern); 85 85 // g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size); 86 86 return true; nepenthes/trunk/modules/shellcode-signatures/sch_namespace_execute.cpp
r429 r440 77 77 } 78 78 79 printf("%s\n",m_Shellcode->pattern);79 // printf("%s\n",m_Shellcode->pattern); 80 80 // g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size); 81 81 return true; nepenthes/trunk/modules/shellcode-signatures/sch_namespace_konstanzxor.cpp
r436 r440 74 74 } 75 75 76 printf("%s\n",m_Shellcode->pattern);76 // printf("%s\n",m_Shellcode->pattern); 77 77 // g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size); 78 78 return true; nepenthes/trunk/modules/shellcode-signatures/sch_namespace_linkxor.cpp
r432 r440 74 74 } 75 75 76 printf("%s\n",m_Shellcode->pattern);76 // printf("%s\n",m_Shellcode->pattern); 77 77 // g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size); 78 78 return true; nepenthes/trunk/modules/shellcode-signatures/sch_namespace_url.cpp
r429 r440 79 79 } 80 80 81 printf("%s\n",m_Shellcode->pattern);81 // printf("%s\n",m_Shellcode->pattern); 82 82 // g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size); 83 83 return true; nepenthes/trunk/modules/shellcode-signatures/sch_namespace_xor.cpp
r430 r440 74 74 } 75 75 76 printf("%s\n",m_Shellcode->pattern);76 // printf("%s\n",m_Shellcode->pattern); 77 77 // g_Nepenthes->getUtilities()->hexdump((byte *)m_Shellcode->pattern,m_Shellcode->pattern_size); 78 78 return true; … … 240 240 logWarn("codeSize*4 (%i) > postSize (%i), maybe broken xor?\n",codeSize*4,postSize); 241 241 242 for ( uint32_t j = 0; j < codeSize && (j )*4 < postSize; j++ )242 for ( uint32_t j = 0; j < codeSize && (j+1)*4 < postSize; j++ ) 243 243 *(uint32_t *)(decodedMessage+(j*4) ) ^= intKey; 244 244 break; nepenthes/trunk/modules/shellcode-signatures/shellcode-signatures.cpp
r436 r440 89 89 90 90 g_Nepenthes->getShellcodeMgr()->registerShellcodeHandler(new EngineUnicode()); 91 return loadSignaturesFromFile(string(" /tmp/shellcode-signatures.sc"));91 return loadSignaturesFromFile(string("var/cache/nepenthes/signatures/shellcode-signatures.sc")); 92 92 } 93 93 … … 109 109 bool SignatureShellcodeHandler::loadSignaturesFromFile(string path) 110 110 { 111 111 logInfo("Loading signatures from file %s\n",path.c_str()); 112 112 sc_shellcode *sc,*sc_free; 113 113 bool load_success = true;
