admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-02 17:27:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

ui: make nicer + plugins

Browse Source
This commit is contained in:
Dobin Rutishauser
2024-06-16 17:49:36 +02:00
parent a1815ab7fe
commit 434c099365
8 changed files with 259 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files
app/templates/project.html
+157 -42
View File
@@ -7,13 +7,10 @@
{% include 'navigation.html' %}
<div class="indent">
<h2> {{project_name}} </h2>
<div class="row">
<!-- Row 1: Buttons -->
<div class="col-1">
<div class="row">
<!-- Row 1: Buttons -->
<form method="POST" enctype="multipart/form-data" action="/project/{{project_name}}/exec?no_exec=true">
<button class="btn btn-primary" type="submit" value="start">Open Dir</button>
</form>
@@ -21,10 +18,8 @@
<form method="POST" enctype="multipart/form-data" action="/project/{{project_name}}/build">
<button class="btn btn-primary" type="submit" value="start">Build</button>
</form>
</div>
{% if is_built %}
<div class="row">
<form method="POST" enctype="multipart/form-data" action="/project/{{project_name}}/exec">
<button class="btn btn-primary" type="submit" value="start">Start</button>
</form>
@@ -37,22 +32,32 @@
<button class="btn btn-primary" type="submit" value="start">File Remote</button>
</form>
{% endif %}
</div>
{% endif %}
</div>
<!-- Row 2: Input files -->
<div class="col-2">
<div class="col-3">
<!-- leave this here or it will fuck up layout -->
<form method="POST" enctype="multipart/form-data" action="/project_add">
<input type="hidden" name="project_name" value="{{project_name}}">
<input type="text" name="project_name" class="hidden form-control"
placeholder="" value="{{project_name}}"
aria-label="PROJECTNAME" aria-describedby="basic-addon1"
onchange="this.form.submit()" readonly>
<input type="text" name="comment" class="hidden form-control"
placeholder="Comment" value="{{project.comment}}"
placeholder="" value="{{project.comment}}"
aria-label="PROJECTNAME" aria-describedby="basic-addon1"
onchange="this.form.submit()">
<select class="form-select" name="shellcode" aria-label="SHELLCODE" onchange="this.form.submit()">
<!-- Input: Payload File -->
<div class="form-group row">
<label for="shellcode" class="col-sm-3 col-form-label">
Payload
</label>
<div class="col-sm-9">
<select class="form-select" id="shellcode" name="shellcode"
aria-label="SHELLCODE" onchange="this.form.submit()">
{% for shellcode in shellcodes %}
<option value="{{shellcode['filename']}}"
{% if shellcode["filename"] in project.settings.payload_path %} selected {% endif %}
@@ -61,8 +66,17 @@
</option>
{% endfor %}
</select>
</div>
</div>
<select class="form-select" name="exe" aria-label="EXE" onchange="this.form.submit()">
<!-- Input: EXE File -->
<div class="form-group row">
<label for="exe" class="col-sm-3 col-form-label">
Injectable
</label>
<div class="col-sm-9">
<select class="form-select" id="exe" name="exe"
aria-label="EXE" onchange="this.form.submit()">
{% for exe in exes %}
<option value="{{exe['filename']}}"
{% if exe['filename'] == project.settings.inject_exe_in %} selected {% endif %}
@@ -70,7 +84,10 @@
{{exe['filename'] | basename}} ({{exe['size']}})</option>
{% endfor %}
</select>
</div>
</div>
<!-- Input: DLL function -->
{% if exports != [] %}
<select class="form-select" name="dllfunc" aria-label="DLLFUNC" onchange="this.form.submit()">
{% for export in exports %}
@@ -81,23 +98,39 @@
{% endfor %}
</select>
{% endif %}
<a href="/exes/{{project.settings.inject_exe_in | basename}}">EXE INFO</a>
</div>
<!-- Row 3: exe and shellcode info -->
<div class="col-2">
<a href="/exes/{{project.settings.inject_exe_in | basename}}">EXE Info:</a>
<ul>
<li>
{% if is_64 %}
x64: {{ is_64 }}
{% else %}
<span class="text-danger">x64: {{ is_64 }}</span>
{% endif %}
/ Dotnet: {{ is_dotnet}} <br>
.text: {{ code_sect_size}} <br>
</li>
<li>
Dotnet: {{ is_dotnet}}
</li>
<li>
.text: {{ code_sect_size}}
</li>
<li>
.rdata: {{ data_sect_size}}
(max: {{ data_sect_largest_gap_size}}) <br>
(max: {{ data_sect_largest_gap_size}})
</li>
{% if not has_rodata_section %}
<li>
<span class="text-danger">No .rdata section</span> <br>
</li>
{% endif %}
</ul>
{% if unresolved_dlls|length > 0 %}
<br>
@@ -108,46 +141,50 @@
{% endfor %}
</ul>
{% endif %}
</div>
<!-- Row 4: leet settings -->
<div class="col-2">
<select class="form-select" name="carrier_name" aria-label="CARRIERNAME" onchange="this.form.submit()">
<div class="col-3">
<div class="form-group row">
<label for="carrier_name" class="col-sm-5 col-form-label">
Carrier
</label>
<div class="col-sm-7">
<select class="form-select" name="carrier_name" id="carrier_name
aria-label="CARRIERNAME" onchange="this.form.submit()">
{% for name in carrier_names %}
<option value="{{name}}"
{% if name in project.settings.carrier_name %} selected {% endif %}
>{{name}}</option>
{% endfor %}
</select>
</div>
</div>
<select class="form-select" name="carrier_invoke_style" aria-label="INJECTSTYLE" onchange="this.form.submit()">
<div class="form-group row">
<label for="carrier_invoke_style" class="col-sm-5 col-form-label">
Carrier&nbsp;Invoke
</label>
<div class="col-sm-7">
<select class="form-select" name="carrier_invoke_style" id="carrier_invoke_style"
aria-label="INJECTSTYLE" onchange="this.form.submit()">
{% for name, value in carrier_invoke_styles %}
<option value="{{name}}"
{% if value in project.settings.carrier_invoke_style.value %} selected {% endif %}
>{{value}}</option>
{% endfor %}
</select>
<select class="form-select" name="decoder_style" aria-label="DECODERESTYLE" onchange="this.form.submit()">
{% for name, value in decoderstyles %}
<option value="{{name}}"
{% if value in project.settings.decoder_style.value %} selected {% endif %}
>{{value}}</option>
{% endfor %}
</select>
</div>
</div>
<!-- Row 5 -->
<div class="col-2">
<div class="form-check">
<input class="form-check-input" type="checkbox" value="YES" id="flexCheckDefault"
name="fix_missing_iat" onchange="this.form.submit()" {{ 'checked' if fix_missing_iat }}>
<label class="form-check-label" for="flexCheckDefault">
Add missing IAT entries
<div class="form-group row">
<label for="carrier_invoke_style" class="col-sm-5 col-form-label">
Payload&nbsp;Location
</label>
</div>
<select class="form-select" name="payload_location" aria-label="PAYLOADLOCATION" onchange="this.form.submit()">
<div class="col-sm-7">
<select class="form-select" name="payload_location" id="payload_location"
aria-label="PAYLOADLOCATION" onchange="this.form.submit()">
{% for name, value in payload_locations %}
<option value="{{name}}"
{% if value in project.settings.payload_location.value %} selected {% endif %}
@@ -157,14 +194,92 @@
</div>
</div>
<div class="form-check">
<input class="form-check-input" type="checkbox" value="YES" id="flexCheckDefault"
name="fix_missing_iat" onchange="this.form.submit()" {{ 'checked' if fix_missing_iat }}>
<label class="form-check-label" for="flexCheckDefault">
Add missing IAT entries
</label>
</div>
</div>
<!-- Row 5 -->
<div class="col-2">
<div class="form-group row">
<label for="decoder_style" class="col-sm-5 col-form-label">
Encoder
</label>
<div class="col-sm-7">
<select class="form-select" name="decoder_style" id="decoder_style"
aria-label="DECODERESTYLE" onchange="this.form.submit()">
{% for name, value in decoderstyles %}
<option value="{{name}}"
{% if value in project.settings.decoder_style.value %} selected {% endif %}
>{{value}}
</option>
{% endfor %}
</select>
</div>
</div>
<div class="form-group row">
<label for="guardrail" class="col-sm-5 col-form-label">
Guardrails
</label>
<div class="col-sm-7">
<select class="form-select" name="guardrail" id="guardrail"
aria-label="GUARDRAILSTYLE" onchange="this.form.submit()">
{% for name in guardrailstyles %}
<option value="{{name}}"
{% if name in project.settings.plugin_guardrail %} selected {% endif %}
>{{name}}
</option>
{% endfor %}
</select>
</div>
</div>
<div class="form-group row">
<label for="antiemulation_style" class="col-sm-5 col-form-label">
AntiEmulation
</label>
<div class="col-sm-7">
<select class="form-select" name="antiemulation" id="antiemulation"
aria-label="antiemulation" onchange="this.form.submit()">
{% for name in antiemulationstyles %}
<option value="{{name}}"
{% if name in project.settings.plugin_antiemulation %} selected {% endif %}
>{{name}}
</option>
{% endfor %}
</select>
</div>
</div>
<div class="form-group row">
<label for="decoy_style" class="col-sm-5 col-form-label">
Decoy
</label>
<div class="col-sm-7">
<select class="form-select" name="decoy" id="decoy"
aria-label="decoy" onchange="this.form.submit()">
{% for name in decoystyles %}
<option value="{{name}}"
{% if name in project.settings.plugin_decoy %} selected {% endif %}
>{{name}}
</option>
{% endfor %}
</select>
</div>
</div>
</div>
</div>
</form>
<div class="row">
<div class="col">
{{ project_dir }} <br>
<div class="custom-line"></div>
</div>
</div>
<div class="row">
app/views_project.py
+28 -2
View File
@@ -102,6 +102,10 @@ def project(name):
carrier_invoke_styles = [(color.name, color.value) for color in CarrierInvokeStyle]
payload_locations = [(color.name, color.value) for color in PayloadLocation]
guardrail_styles = list_files(PATH_GUARDRAILS)
antiemulation_styles = list_files(PATH_ANTIEMULATION)
decoy_styles = list_files(PATH_DECOY)
return render_template('project.html',
project_name = name,
project=project,
@@ -128,6 +132,10 @@ def project(name):
has_remote=has_remote,
fix_missing_iat=project.settings.fix_missing_iat,
guardrailstyles = guardrail_styles,
antiemulationstyles = antiemulation_styles,
decoystyles = decoy_styles,
)
@@ -145,6 +153,16 @@ def list_files_and_sizes(directory, prepend=""):
return files_and_sizes
def list_files(directory, prepend="") -> List[str]:
files = []
for filename in os.listdir(directory):
filepath = os.path.join(directory, filename)
if os.path.isfile(filepath):
filename = filename.replace(".c", "")
files.append(filename)
return files
@views_project.route("/project_add", methods=['POST', 'GET'])
def add_project():
if request.method == 'POST':
@@ -177,8 +195,16 @@ def add_project():
settings.fix_missing_iat = True if request.form.get('fix_missing_iat') != None else False
carrier_name = request.form['carrier_name']
settings.carrier_name = carrier_name
settings.carrier_name = request.form['carrier_name']
settings.plugin_antiemulation = request.form['antiemulation']
settings.plugin_decoy = request.form['decoy']
settings.plugin_guardrail = request.form['guardrail']
logger.info("E: {} D: {} G: {}".format(
settings.plugin_antiemulation,
settings.plugin_decoy,
settings.plugin_guardrail
))
carrier_invoke_style = request.form['carrier_invoke_style']
settings.carrier_invoke_style = CarrierInvokeStyle[carrier_invoke_style]
data/source/carrier/alloc_rw_rx/template.c
-12
View File
@@ -20,18 +20,6 @@ char *supermega_payload;
int main()
{
// Execution Guardrail: Env Check
wchar_t envVarName[] = L"USERPROFILE";
wchar_t tocheck[] = L"C:\\Users\\";
WCHAR buffer[1024]; // NOTE: Do not make it bigger, or we have a __chkstack() dependency!
DWORD result = GetEnvironmentVariableW(envVarName, buffer, 1024);
if (result == 0) {
return 6;
}
if (mystrcmp(buffer, tocheck) != 0) {
return 6;
}
// Depends on plugin_antiemulation
antiemulation();
data/source/guardrails/env.c
+11
View File
@@ -0,0 +1,11 @@
// Execution Guardrail: Env Check
wchar_t envVarName[] = L"USERPROFILE";
wchar_t tocheck[] = L"C:\\Users\\";
WCHAR buffer[1024]; // NOTE: Do not make it bigger, or we have a __chkstack() dependency!
DWORD result = GetEnvironmentVariableW(envVarName, buffer, 1024);
if (result == 0) {
return 6;
}
if (mystrcmp(buffer, tocheck) != 0) {
return 6;
}
data/source/guardrails/none.c
View File
model/defs.py
+4 -3
View File
@@ -17,6 +17,7 @@ PATH_PAYLOAD = "data/source/payload/"
PATH_DECODER = "data/source/decoder/"
PATH_ANTIEMULATION = "data/source/antiemulation/"
PATH_DECOY = "data/source/decoy/"
PATH_GUARDRAILS = "data/source/guardrails/"
PATH_WEB_PROJECT = "projects/"
@@ -30,13 +31,13 @@ class DecoderStyle(Enum):
class PayloadLocation(Enum):
CODE = "code"
DATA = "data"
CODE = ".text"
DATA = ".rdata"
class CarrierInvokeStyle(Enum):
ChangeEntryPoint = "change EntryPoint"
BackdoorCallInstr = "hijack Main"
BackdoorCallInstr = "backdoor Entrypoint"
class FunctionInvokeStyle(Enum):
model/settings.py
+1
View File
@@ -16,6 +16,7 @@ class Settings():
self.plugin_antiemulation = "none"
self.plugin_decoy = "none"
self.plugin_guardrail = "none"
self.dllfunc: str = "" # For DLL injection
phases/templater.py
+8 -1
View File
@@ -27,7 +27,13 @@ def create_c_from_template(settings: Settings, payload_len: int):
PATH_DECODER, settings.main_c_path))
plugin_decoder = ""
# Decoder
# Plugin: Execution Guardrails
filepath_guardrails = PATH_GUARDRAILS + "{}.c".format(
settings.plugin_guardrail)
with open(filepath_guardrails, "r", encoding='utf-8') as file:
plugin_guardrails = file.read()
# Plugin: Decoder
filepath_decoder = PATH_DECODER + "{}.c".format(
settings.decoder_style.value)
with open(filepath_decoder, "r", encoding='utf-8') as file:
@@ -61,6 +67,7 @@ def create_c_from_template(settings: Settings, payload_len: int):
'plugin_decoder': plugin_decoder,
'plugin_antiemulation': plugin_antiemualation,
'plugin_decoy': plugin_decoy,
'plugin_guardrails': plugin_guardrails,
'PAYLOAD_LEN': payload_len,
})
with open(settings.main_c_path, "w", encoding='utf-8') as file: