diff --git a/config.yaml b/config.yaml index e9f2290..0b13879 100644 --- a/config.yaml +++ b/config.yaml @@ -5,4 +5,6 @@ path_masmshc: 'C:\Users\hacker\Source\Repos\masm_shc\out\build\x64-Debug\masm_s path_runshc: 'C:\Users\hacker\Source\Repos\masm_shc\out\build\x64-Debug\runshc\runshc.exe' #- path_shexec = r'C:\Research\hasherezade\exec_fiber\sh-exec-fiber.exe' -path_sgn: 'C:\tools\sgn2.1\sgn.exe' \ No newline at end of file +path_sgn: 'C:\tools\sgn2.1\sgn.exe' + +avred_server: "192.168.1.1:8001" \ No newline at end of file diff --git a/requirements.txt b/requirements.txt index 1be08ef..be6d53e 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,4 +4,5 @@ capstone keystone-engine jinja2 Pygments -ansi2html \ No newline at end of file +ansi2html +requests diff --git a/sender.py b/sender.py new file mode 100644 index 0000000..1ea33cd --- /dev/null +++ b/sender.py @@ -0,0 +1,37 @@ +import requests as req +import logging +import brotli +import os +import time +import shutil + +from config import config + + +def scannerDetectsBytes(data: bytes, filename: str, useBrotli=True, verify=False): + params = { 'filename': filename, 'brotli': useBrotli, 'verify': verify } + if useBrotli: + scanData = brotli.compress(data) + else: + scanData = data + + timeStart = time.time() + print("Send to exec/exe: {}".format(params)) + res = req.post("{}/exec/exe".format(config.get("avred_server")), params=params, data=scanData, timeout=10) + jsonRes = res.json() + print("Response: {}".format(jsonRes)) + scanTime = round(time.time() - timeStart, 3) + + # basically internal server error, e.g. AMSI not working + if res.status_code != 200: + logging.error("Error Code {}: {}".format(res.status_code, res.text)) + raise Exception("Server error, aborting") + + return jsonRes + + +def main(): + with open("data/exes/7z-verify.exe", "rb") as f: + data = f.read() + res = scannerDetectsBytes(data, "test.exe") + print("Answer: {}".format(res)) diff --git a/supermega.py b/supermega.py index fd17700..155bcbf 100644 --- a/supermega.py +++ b/supermega.py @@ -13,12 +13,10 @@ import phases.assembler import phases.injector from observer import observer from pe.pehelper import extract_code_from_exe_file_ep - +from sender import scannerDetectsBytes from model.project import Project from model.settings import Settings from model.defs import * -from model.carrier import Carrier -from model.exehost import ExeHost from log import setup_logging, writelog @@ -60,7 +58,6 @@ def main(): settings.source_style = SourceStyle.peb_walk elif args.sourcestyle == "iat_reuse": settings.source_style = SourceStyle.iat_reuse - if args.alloc: if args.alloc == "rwx_1": settings.alloc_style = AllocStyle.RWX @@ -72,7 +69,6 @@ def main(): if args.exec: if args.exec == "direct_1": settings.exec_style = ExecStyle.CALL - if args.inject: if args.rbrunmode == "eop": settings.inject_mode = InjectStyle.ChangeEntryPoint @@ -88,7 +84,6 @@ def main(): logger.error("Require: --shellcode --inject ") logger.info(r"Example: .\supermega.py --shellcode .\data\shellcodes\calc64.bin --inject .\data\exes\7z.exe") return 1 - if args.shellcode: if not os.path.isfile(args.shellcode): logger.info("Could not find: {}".format(args.shellcode)) @@ -191,15 +186,21 @@ def start(settings: Settings): observer.add_code("exe_final", extract_code_from_exe_file_ep(settings.inject_exe_out, 300)) - # Start/verify it at the end - if settings.verify: - logger.info("--[ Verify infected exe") - exit_code = phases.injector.verify_injected_exe(settings.inject_exe_out) - elif settings.try_start_final_infected_exe: - logger.info("--[ Start infected exe: {}".format(settings.inject_exe_out)) - run_process_checkret([ - settings.inject_exe_out, - ], check=False) + if config.get("avred_server") != "": + with open(settings.inject_exe_out, "rb") as f: + data = f.read() + scannerDetectsBytes(data, "test.exe", useBrotli=True, verify=settings.verify) + + else: + # Start/verify it at the end + if settings.verify: + logger.info("--[ Verify infected exe") + exit_code = phases.injector.verify_injected_exe(settings.inject_exe_out) + elif settings.try_start_final_infected_exe: + logger.info("--[ Start infected exe: {}".format(settings.inject_exe_out)) + run_process_checkret([ + settings.inject_exe_out, + ], check=False) # Cleanup files if settings.cleanup_files_on_exit: