The TCP plugin contains a bug where if the size of the data sent (as specified by max_bytes_read) exceeds 249 (or lower for large files), the double hex encoding causes the TCP packet data to exceed 1024 bytes, which is what is specified in the tcp.py file as the amount of bytes to be read from the socket. The remaining bytes are lost in the subsequent read, resulting in missing bytes and a checksum failure.

data = connection.recv(1024)

Where:

max_bytes_read=250
min_bytes_read=250

[2016-03-12.06:01:28] [tcp] Sending 514 bytes to 127.0.0.1

[2016-03-12.06:01:28] [tcp] Received 1024 bytes
[2016-03-12.06:01:28] Received 512 bytes
[2016-03-12.06:01:28] [tcp] Received 4 bytes

Additionally, det.py fails to log corrupted files due to an argument error in warning(), which takes one argument, but two are supplied.

warning("File %s corrupt!" % fname, True)

The TCP recv() value should be something large like 65535 and the argument error should be corrected.

Excellent tool. Can we have an option for the PowerShell modules to be more verbose? i.e. print status messages much like the Python application does.

irrelevant

Awesome project any luck with skype and the other milestones.

Asciinema killed them because they weren't linked to any user

Looks like 842916d accidentally introduced a path traversal vuln as os.path.pathsep (":") != os.path.sep ("/").

In det.py:

        filename = "%s.%s" % (fname.replace(
            os.path.pathsep, ''), time.strftime("%Y-%m-%d.%H:%M:%S", time.gmtime()))

Also, since you can inject filenames with arbitrary contents, it'd be a good idea to filter the filename to disallow non-ASCII printable characters. Combined with the path traversal, it might be possible to plant a file somewhere that'd abuse globbing ("foo *") in a script somewhere and get RCE out of it. (The tar example here probably wouldn't work, but maybe one could be found.)

Hi, first of all my english isn't good enough, so sorry about that. I'm trying to install DET on a Ubuntu 10.04 / 2.6.32-28-generic, and runs python 2.6.5.
When I run pip install -r requirements.txt --user I get the following error.

Should I update python version?. I'm new in this... Thanks.

Sir when you are going to release experimental module for Skype,github and tor please provide if possible

I'm a DM (Debian Maintainer) and I would like to put DET on Debain, but It can't go to main Debian because unfortunately The License Attribution-NonCommercial-ShareAlike 4.0 International disagree wirh Debian DFSG [1], and FSF Free Software Licenses. [2]

[1] https://wiki.debian.org/DFSGLicenses
[2] http://www.gnu.org/licenses/license-list.en.html?#CC-BY-NC

This is wrong:

"gmail": {
"username": "[email protected]",
"password": "ReallyStrongPassword",
"server": "smtp.gmail.com",
"port": 587

it must be like:

"gmail": {
"username": "[email protected]",
"password": "51727212cfae625b763d7e053d55e3a8a36d0b4465b95428b46340d66cae8f97",
"somerndstring": "somerandomstring"
"server": "smtp.gmail.com",
"port": 587

where password: sha256(somerandomstringReallyStrongPassword)

leaving in clear text password is wrong way to do.

Looking at the README I found the following code:

And in PowerShell (HTTP module):

PS C:\Users\user01\Desktop>
PS C:\Users\user01\Desktop> . .\http_exfil.ps1
PS C:\Users\user01\Desktop> HTTP-exfil 'C:\path\to\file.exe'

 PowerShell implementation (HTTP, DNS, ICMP, SMTP (used with Gmail))

But I can't find any ps1 file in the project files, only py files.