ui: make nicer + plugins

app/templates/project.html

@@ -7,13 +7,10 @@
     {% include 'navigation.html' %}
 
     <div class="indent">
-
-        <h2> {{project_name}} </h2>
-
         <div class="row">
-            <!-- Row 1: Buttons -->
+
             <div class="col-1">
-                <div class="row">
+                <!-- Row 1: Buttons -->
                 <form method="POST" enctype="multipart/form-data" action="/project/{{project_name}}/exec?no_exec=true">
                     <button class="btn btn-primary" type="submit" value="start">Open Dir</button>
                 </form>
@@ -21,10 +18,8 @@
                 <form method="POST" enctype="multipart/form-data" action="/project/{{project_name}}/build">
                     <button class="btn btn-primary" type="submit" value="start">Build</button>
                 </form>
-                </div>
                 
                 {% if is_built %}
-                <div class="row">
                         <form method="POST" enctype="multipart/form-data" action="/project/{{project_name}}/exec">
                             <button class="btn btn-primary" type="submit" value="start">Start</button>
                         </form>
@@ -37,22 +32,32 @@
                             <button class="btn btn-primary" type="submit" value="start">File Remote</button>
                         </form>
                         {% endif %}
-                </div>
                 {% endif %}
             </div>
-
             <!-- Row 2: Input files -->
-            <div class="col-2">
+            <div class="col-3">
                 <!-- leave this here or it will fuck up layout -->
                 <form method="POST" enctype="multipart/form-data" action="/project_add">
-                <input type="hidden" name="project_name" value="{{project_name}}">
+
+                <input type="text" name="project_name" class="hidden form-control" 
+                    placeholder="" value="{{project_name}}"
+                    aria-label="PROJECTNAME" aria-describedby="basic-addon1"
+                    onchange="this.form.submit()" readonly>
 
                 <input type="text" name="comment" class="hidden form-control" 
-                       placeholder="Comment" value="{{project.comment}}"
+                    placeholder="" value="{{project.comment}}"
                     aria-label="PROJECTNAME" aria-describedby="basic-addon1"
                     onchange="this.form.submit()">
 
-                <select class="form-select" name="shellcode" aria-label="SHELLCODE" onchange="this.form.submit()">
+                <!-- Input: Payload File -->
+                <div class="form-group row">
+                    <label for="shellcode" class="col-sm-3 col-form-label">
+                        Payload
+                    </label>
+
+                    <div class="col-sm-9">
+                        <select class="form-select" id="shellcode" name="shellcode" 
+                                aria-label="SHELLCODE" onchange="this.form.submit()">
                             {% for shellcode in shellcodes %}
                             <option value="{{shellcode['filename']}}" 
                                     {% if shellcode["filename"] in project.settings.payload_path %} selected {% endif %}
@@ -61,8 +66,17 @@
                             </option>
                             {% endfor %}
                         </select>
+                    </div>
+                </div>
                 
-                <select class="form-select" name="exe" aria-label="EXE" onchange="this.form.submit()">
+                <!-- Input: EXE File -->
+                <div class="form-group row">
+                    <label for="exe" class="col-sm-3 col-form-label">
+                        Injectable
+                    </label>
+                    <div class="col-sm-9">
+                        <select class="form-select" id="exe" name="exe" 
+                                aria-label="EXE" onchange="this.form.submit()">
                             {% for exe in exes %}
                             <option value="{{exe['filename']}}"
                                 {% if exe['filename'] == project.settings.inject_exe_in %} selected {% endif %}
@@ -70,7 +84,10 @@
                             {{exe['filename'] | basename}} ({{exe['size']}})</option>
                             {% endfor %}
                         </select>
+                    </div>
+                </div>
 
+                <!-- Input: DLL function -->
                 {% if exports != [] %}
                 <select class="form-select" name="dllfunc" aria-label="DLLFUNC" onchange="this.form.submit()">
                     {% for export in exports %}
@@ -81,23 +98,39 @@
                     {% endfor %}
                 </select>
                 {% endif %}
-                <a href="/exes/{{project.settings.inject_exe_in | basename}}">EXE INFO</a>
             </div>
 
             <!-- Row 3: exe and shellcode info -->
             <div class="col-2">
+                <a href="/exes/{{project.settings.inject_exe_in | basename}}">EXE Info:</a>
+                <ul>
+                    <li>
                         {% if is_64 %}
                             x64: {{ is_64 }}
                         {% else %}
                             <span class="text-danger">x64: {{ is_64 }}</span>
                         {% endif %}
-                    / Dotnet: {{ is_dotnet}} <br>
+                    </li>
-                .text: {{ code_sect_size}}  <br>
+                
+                    <li>
+                        Dotnet: {{ is_dotnet}} 
+                    </li>
+
+                    <li>
+                        .text: {{ code_sect_size}}
+                    </li>
+
+                    <li>
                         .rdata: {{ data_sect_size}} 
-                (max: {{ data_sect_largest_gap_size}}) <br>
+                        (max: {{ data_sect_largest_gap_size}})
+                    </li>
+                    
                     {% if not has_rodata_section %}
+                    <li>
                         <span class="text-danger">No .rdata section</span> <br>
+                    </li>
                     {% endif %}
+                </ul>
 
                 {% if unresolved_dlls|length > 0 %}
                 <br>
@@ -108,46 +141,50 @@
                 {% endfor %}
                 </ul>
                 {% endif %}
+
             </div>
 
             <!-- Row 4: leet settings -->
-            <div class="col-2">
+            <div class="col-3">
-                <select class="form-select" name="carrier_name" aria-label="CARRIERNAME" onchange="this.form.submit()">
+                <div class="form-group row">
+                    <label for="carrier_name" class="col-sm-5 col-form-label">
+                        Carrier
+                    </label>
+                    <div class="col-sm-7">
+                        <select class="form-select" name="carrier_name" id="carrier_name 
+                                aria-label="CARRIERNAME" onchange="this.form.submit()">
                             {% for name in carrier_names %}
                             <option value="{{name}}"
                                 {% if name in project.settings.carrier_name %} selected {% endif %}
                             >{{name}}</option>
                             {% endfor %}
                         </select>
+                    </div>
+                </div>
             
-                <select class="form-select" name="carrier_invoke_style" aria-label="INJECTSTYLE" onchange="this.form.submit()">
+                <div class="form-group row">
+                    <label for="carrier_invoke_style" class="col-sm-5 col-form-label">
+                        Carrier&nbsp;Invoke
+                    </label>
+                    <div class="col-sm-7">
+                        <select class="form-select" name="carrier_invoke_style" id="carrier_invoke_style"
+                                aria-label="INJECTSTYLE" onchange="this.form.submit()">
                             {% for name, value in carrier_invoke_styles %}
                             <option value="{{name}}"
                                 {% if value in project.settings.carrier_invoke_style.value %} selected {% endif %}
                             >{{value}}</option>
                             {% endfor %}
                         </select>
-
+                    </div>
-                <select class="form-select" name="decoder_style" aria-label="DECODERESTYLE" onchange="this.form.submit()">
-                    {% for name, value in decoderstyles %}
-                    <option value="{{name}}"
-                    {% if value in project.settings.decoder_style.value %} selected {% endif %}
-                    >{{value}}</option>
-                    {% endfor %}
-                </select>
                 </div>
 
-            <!-- Row 5 -->
+                <div class="form-group row">
-            <div class="col-2">
+                    <label for="carrier_invoke_style" class="col-sm-5 col-form-label">
-                <div class="form-check">
+                        Payload&nbsp;Location
-                    <input class="form-check-input" type="checkbox" value="YES" id="flexCheckDefault"  
-                        name="fix_missing_iat" onchange="this.form.submit()" {{ 'checked' if fix_missing_iat }}>
-                    <label class="form-check-label" for="flexCheckDefault">
-                        Add missing IAT entries
                     </label>
-                </div>
+                    <div class="col-sm-7">
-
+                        <select class="form-select" name="payload_location" id="payload_location"
-                <select class="form-select" name="payload_location" aria-label="PAYLOADLOCATION" onchange="this.form.submit()">
+                                aria-label="PAYLOADLOCATION" onchange="this.form.submit()">
                             {% for name, value in payload_locations %}
                             <option value="{{name}}"
                             {% if value in project.settings.payload_location.value %} selected {% endif %}
@@ -157,14 +194,92 @@
                     </div>
                 </div>
 
+                <div class="form-check">
+                    <input class="form-check-input" type="checkbox" value="YES" id="flexCheckDefault"  
+                        name="fix_missing_iat" onchange="this.form.submit()" {{ 'checked' if fix_missing_iat }}>
+                    <label class="form-check-label" for="flexCheckDefault">
+                        Add missing IAT entries
+                    </label>
+                </div>
+            </div>
+
+            <!-- Row 5 -->
+            <div class="col-2">
+                <div class="form-group row">
+                    <label for="decoder_style" class="col-sm-5 col-form-label">
+                        Encoder
+                    </label>
+                    <div class="col-sm-7">
+                        <select class="form-select" name="decoder_style" id="decoder_style"
+                                aria-label="DECODERESTYLE" onchange="this.form.submit()">
+                            {% for name, value in decoderstyles %}
+                                <option value="{{name}}"
+                                    {% if value in project.settings.decoder_style.value %} selected {% endif %}
+                                >{{value}}
+                            </option>
+                            {% endfor %}
+                        </select>
+                    </div>
+                </div>
+
+                <div class="form-group row">
+                    <label for="guardrail" class="col-sm-5 col-form-label">
+                        Guardrails
+                    </label>
+                    <div class="col-sm-7">
+                        <select class="form-select" name="guardrail" id="guardrail"
+                                aria-label="GUARDRAILSTYLE" onchange="this.form.submit()">
+                            {% for name in guardrailstyles %}
+                                <option value="{{name}}"
+                                    {% if name in project.settings.plugin_guardrail %} selected {% endif %}
+                                >{{name}}
+                            </option>
+                            {% endfor %}
+                        </select>
+                    </div>
+                </div>
+
+                <div class="form-group row">
+                    <label for="antiemulation_style" class="col-sm-5 col-form-label">
+                        AntiEmulation
+                    </label>
+                    <div class="col-sm-7">
+                        <select class="form-select" name="antiemulation" id="antiemulation"
+                                aria-label="antiemulation" onchange="this.form.submit()">
+                            {% for name in antiemulationstyles %}
+                                <option value="{{name}}"
+                                    {% if name in project.settings.plugin_antiemulation %} selected {% endif %}
+                                >{{name}}
+                            </option>
+                            {% endfor %}
+                        </select>
+                    </div>
+                </div>
+
+                <div class="form-group row">
+                    <label for="decoy_style" class="col-sm-5 col-form-label">
+                        Decoy
+                    </label>
+                    <div class="col-sm-7">
+                        <select class="form-select" name="decoy" id="decoy"
+                                aria-label="decoy" onchange="this.form.submit()">
+                            {% for name in decoystyles %}
+                                <option value="{{name}}"
+                                    {% if name in project.settings.plugin_decoy %} selected {% endif %}
+                                >{{name}}
+                            </option>
+                            {% endfor %}
+                        </select>
+                    </div>
+                </div>
+            </div>
+        </div>
+
         </form>
 
         <div class="row">
-            <div class="col">
-             {{ project_dir }} <br>
             <div class="custom-line"></div>
         </div>
-        </div>
 
 
     <div class="row">

app/views_project.py

@@ -102,6 +102,10 @@ def project(name):
     carrier_invoke_styles = [(color.name, color.value) for color in CarrierInvokeStyle]
     payload_locations = [(color.name, color.value) for color in PayloadLocation]
 
+    guardrail_styles = list_files(PATH_GUARDRAILS)
+    antiemulation_styles = list_files(PATH_ANTIEMULATION)
+    decoy_styles = list_files(PATH_DECOY)
+
     return render_template('project.html', 
         project_name = name,
         project=project, 
@@ -128,6 +132,10 @@ def project(name):
 
         has_remote=has_remote,
         fix_missing_iat=project.settings.fix_missing_iat,
+
+        guardrailstyles = guardrail_styles,
+        antiemulationstyles = antiemulation_styles,
+        decoystyles = decoy_styles,
     )
 
 
@@ -145,6 +153,16 @@ def list_files_and_sizes(directory, prepend=""):
     return files_and_sizes
 
 
+def list_files(directory, prepend="") -> List[str]:
+    files = []
+    for filename in os.listdir(directory):
+        filepath = os.path.join(directory, filename)
+        if os.path.isfile(filepath):
+            filename = filename.replace(".c", "")
+            files.append(filename)
+    return files
+
+
 @views_project.route("/project_add", methods=['POST', 'GET'])
 def add_project():
     if request.method == 'POST':
@@ -177,8 +195,16 @@ def add_project():
 
             settings.fix_missing_iat = True if request.form.get('fix_missing_iat') != None else False
 
-            carrier_name = request.form['carrier_name']
+            settings.carrier_name = request.form['carrier_name']
-            settings.carrier_name = carrier_name
+            
+            settings.plugin_antiemulation = request.form['antiemulation']
+            settings.plugin_decoy = request.form['decoy']
+            settings.plugin_guardrail = request.form['guardrail']
+            logger.info("E: {}  D: {}  G: {}".format(
+                settings.plugin_antiemulation,
+                settings.plugin_decoy,
+                settings.plugin_guardrail
+            ))
 
             carrier_invoke_style = request.form['carrier_invoke_style']
             settings.carrier_invoke_style = CarrierInvokeStyle[carrier_invoke_style]

data/source/carrier/alloc_rw_rx/template.c

@@ -20,18 +20,6 @@ char *supermega_payload;
 
 int main()
 {
-	// Execution Guardrail: Env Check
-	wchar_t envVarName[] = L"USERPROFILE";
-	wchar_t tocheck[] = L"C:\\Users\\";
-	WCHAR buffer[1024];  // NOTE: Do not make it bigger, or we have a __chkstack() dependency!
-	DWORD result = GetEnvironmentVariableW(envVarName, buffer, 1024);
-	if (result == 0) {
-		return 6;
-	}
-	if (mystrcmp(buffer, tocheck) != 0) { 
-		return 6;
-	}
-
 	// Depends on plugin_antiemulation
 	antiemulation();
 

data/source/guardrails/env.c

@@ -0,0 +1,11 @@
+	// Execution Guardrail: Env Check
+	wchar_t envVarName[] = L"USERPROFILE";
+	wchar_t tocheck[] = L"C:\\Users\\";
+	WCHAR buffer[1024];  // NOTE: Do not make it bigger, or we have a __chkstack() dependency!
+	DWORD result = GetEnvironmentVariableW(envVarName, buffer, 1024);
+	if (result == 0) {
+		return 6;
+	}
+	if (mystrcmp(buffer, tocheck) != 0) { 
+		return 6;
+	}

model/defs.py

@@ -17,6 +17,7 @@ PATH_PAYLOAD = "data/source/payload/"
 PATH_DECODER = "data/source/decoder/"
 PATH_ANTIEMULATION = "data/source/antiemulation/"
 PATH_DECOY = "data/source/decoy/"
+PATH_GUARDRAILS = "data/source/guardrails/"
 
 PATH_WEB_PROJECT = "projects/"
 
@@ -30,13 +31,13 @@ class DecoderStyle(Enum):
 
 
 class PayloadLocation(Enum):
-    CODE = "code"
+    CODE = ".text"
-    DATA = "data"
+    DATA = ".rdata"
     
 
 class CarrierInvokeStyle(Enum):
     ChangeEntryPoint = "change EntryPoint"
-    BackdoorCallInstr = "hijack Main"
+    BackdoorCallInstr = "backdoor Entrypoint"
 
 
 class FunctionInvokeStyle(Enum):

model/settings.py

@@ -16,6 +16,7 @@ class Settings():
 
         self.plugin_antiemulation = "none"
         self.plugin_decoy = "none"
+        self.plugin_guardrail = "none"
 
         self.dllfunc: str = ""  # For DLL injection
 

phases/templater.py

@@ -27,7 +27,13 @@ def create_c_from_template(settings: Settings, payload_len: int):
         PATH_DECODER, settings.main_c_path))
     plugin_decoder = ""
 
-    # Decoder
+    # Plugin: Execution Guardrails
+    filepath_guardrails = PATH_GUARDRAILS + "{}.c".format(
+        settings.plugin_guardrail)
+    with open(filepath_guardrails, "r", encoding='utf-8') as file:
+        plugin_guardrails = file.read()
+
+    # Plugin: Decoder
     filepath_decoder = PATH_DECODER + "{}.c".format(
         settings.decoder_style.value)
     with open(filepath_decoder, "r", encoding='utf-8') as file:
@@ -61,6 +67,7 @@ def create_c_from_template(settings: Settings, payload_len: int):
         'plugin_decoder': plugin_decoder,
         'plugin_antiemulation': plugin_antiemualation,
         'plugin_decoy': plugin_decoy,
+        'plugin_guardrails': plugin_guardrails,
         'PAYLOAD_LEN': payload_len,
     })
     with open(settings.main_c_path, "w", encoding='utf-8') as file: