mak/extrOle2Link.py Secret

## extrOle2Link.py
#!/usr/bin/env python2
import re
import sys
import zipfile
from lxml.etree import XML
from io import BytesIO

def url_from_elem(e):
	u = None
	for n1 in ('Target','target'):
		u = x.attrib.get(n1,None)
		if u:
			break
	return u

def look_for_rel(e):
	for c in e.iterchildren():
		if c.tag.lower().endswith('relationship'):
			for t in c.keys():
				if t.lower() == 'target':
					yield c.attrib[t]
		else:
			look_for_rel(c)

def fix_zip(data):
	idx = data.find("PK\x05\x06")
	if len(data) < idx + 22:
		print('[!] broken zip - missing {0:d} bytes'.format( idx + 22 - len(data) ))
		data = data.ljust(idx + 22, "\x00")
	return data

with open(sys.argv[1]) as f:
	data = fix_zip(f.read())

bin = BytesIO(data)
z    = zipfile.ZipFile(bin)
decoded  = []
for fi in z.filelist:
	if '/_rels/' in fi.filename and fi.filename.endswith('.rels'):
		data = z.read(fi.filename)
		xml  = XML(data)
		for u in look_for_rel(xml):
			u,n= re.subn('%([0-9a-fA-F]{2})',lambda g: g.group(1).decode('hex'), u )
			if u.lower().startswith('http'):
				try:
				   print('[+] HTTP-Ole2Link in {0} in file {1}'.format(u,fi.filename).encode('utf-8'))
				except:
				   print `u`
			elif u.lower().startswith('script'):
				print('[+] Script-Ole2Link in {0} in file {1}'.format(u,fi.filename))
			if n > 1:
				decoded.append((u, fi.filename))

for u, f in decoded:
	print('URLEncoded link {0} in {1}'.format(u,f))
	#!/usr/bin/env python2
	import re
	import sys
	import zipfile
	from lxml.etree import XML
	from io import BytesIO

	def url_from_elem(e):
	u = None
	for n1 in ('Target','target'):
	u = x.attrib.get(n1,None)
	if u:
	break
	return u

	def look_for_rel(e):
	for c in e.iterchildren():
	if c.tag.lower().endswith('relationship'):
	for t in c.keys():
	if t.lower() == 'target':
	yield c.attrib[t]
	else:
	look_for_rel(c)

	def fix_zip(data):
	idx = data.find("PK\x05\x06")
	if len(data) < idx + 22:
	print('[!] broken zip - missing {0:d} bytes'.format( idx + 22 - len(data) ))
	data = data.ljust(idx + 22, "\x00")
	return data

	with open(sys.argv[1]) as f:
	data = fix_zip(f.read())

	bin = BytesIO(data)
	z = zipfile.ZipFile(bin)
	decoded = []
	for fi in z.filelist:
	if '/_rels/' in fi.filename and fi.filename.endswith('.rels'):
	data = z.read(fi.filename)
	xml = XML(data)
	for u in look_for_rel(xml):
	u,n= re.subn('%([0-9a-fA-F]{2})',lambda g: g.group(1).decode('hex'), u )
	if u.lower().startswith('http'):
	try:
	print('[+] HTTP-Ole2Link in {0} in file {1}'.format(u,fi.filename).encode('utf-8'))
	except:
	print `u`
	elif u.lower().startswith('script'):
	print('[+] Script-Ole2Link in {0} in file {1}'.format(u,fi.filename))
	if n > 1:
	decoded.append((u, fi.filename))

	for u, f in decoded:
	print('URLEncoded link {0} in {1}'.format(u,f))