diff --git a/app/templates/index.html b/app/templates/index.html
index 91c3575..ba4249a 100644
--- a/app/templates/index.html
+++ b/app/templates/index.html
@@ -20,8 +20,8 @@
Injectable
--inject <filename.exe>
- A 64-bit Windows PE executable used as a trojan. The shellcode will be injected in this EXE.
- The original functionality of the EXE will not work anymore (it will only execute the carrier
+ A 64-bit Windows PE executable used as a trojan. The shellcode will be injected in this EXE or DLL.
+ The original functionality of the EXE/DLL will not work anymore (it will only execute the carrier
with the shellcode it is carrying)
Located in the data/binary/exes/ directory.
diff --git a/app/views.py b/app/views.py
index 560c8eb..2a3c839 100644
--- a/app/views.py
+++ b/app/views.py
@@ -15,16 +15,13 @@ logger = logging.getLogger("Views")
@views.route("/")
def index():
return render_template('index.html')
- return redirect("/project/default", code=302)
@views.route("/exes/")
def exe_view(exe_name):
filepath = "{}{}".format(PATH_EXES, exe_name)
if not os.path.exists(filepath):
- filepath = "{}{}".format(PATH_EXES_MORE, exe_name)
- if not os.path.exists(filepath):
- return "File not found: {}".format(exe_name)
+ return "File not found: {}".format(exe_name)
superpe = SuperPe(filepath)
diff --git a/app/views_project.py b/app/views_project.py
index cffc16d..9babd9e 100644
--- a/app/views_project.py
+++ b/app/views_project.py
@@ -98,7 +98,6 @@ def project(name):
project_dir = os.path.dirname(os.getcwd() + "\\" + project_setting.project_path)
log_files = get_logfiles(project_setting.project_path)
exes = list_files_and_sizes(PATH_EXES)
- #exes += list_files_and_sizes(PATH_EXES_MORE, prepend=PATH_EXES_MORE)
shellcodes = list_files_and_sizes(PATH_SHELLCODES)
carrier_names = get_template_names()
diff --git a/data/binary/dlls/TestDll.dll b/data/binary/dlls/TestDll.dll
deleted file mode 100644
index c451717..0000000
Binary files a/data/binary/dlls/TestDll.dll and /dev/null differ
diff --git a/data/binary/dlls/libbz2.dll b/data/binary/dlls/libbz2.dll
deleted file mode 100644
index cd5e11a..0000000
Binary files a/data/binary/dlls/libbz2.dll and /dev/null differ
diff --git a/data/binary/exes_more/.gitkeep b/data/binary/exes_more/.gitkeep
deleted file mode 100644
index 49cc8ef..0000000
Binary files a/data/binary/exes_more/.gitkeep and /dev/null differ
diff --git a/model/defs.py b/model/defs.py
index 0e67415..fdd33d8 100644
--- a/model/defs.py
+++ b/model/defs.py
@@ -9,8 +9,7 @@ VerifyFilename: FilePath = FilePath("C:\\Temp\\a")
# Directory structure
PATH_EXES = "data/binary/exes/"
-PATH_EXES_MORE = "data/binary/exes_more/"
-PATH_DLLS = "data/binary/dlls/"
+
PATH_SHELLCODES = "data/binary/shellcodes/"
PATH_CARRIER = "data/source/carrier/"
PATH_DECODER = "data/source/decoder/"
diff --git a/tester.py b/tester.py
index 62933ec..8fc2807 100644
--- a/tester.py
+++ b/tester.py
@@ -24,6 +24,11 @@ def main():
print("{} directory does not exist".format(os.path.dirname(VerifyFilename)))
return
+ if len(sys.argv) < 2:
+ print("Usage: python tester.py ")
+ print("Available tests: all, common, dll_loader, exe_code, exe_data, dll_code, dll_data")
+ return
+
match sys.argv[1]:
case "all":
test_common()
@@ -55,7 +60,9 @@ def test_common():
print("Testing: COMMON A")
settings = Settings("unittest")
- settings.payload_path = FilePath(PATH_SHELLCODES + "createfile.bin")
+ settings.injectable_base = "procexp64.exe"
+ settings.payload_base = "createfile.bin"
+
settings.verify = True
settings.try_start_final_infected_exe = False
settings.payload_location = PayloadLocation.CODE
@@ -66,8 +73,6 @@ def test_common():
settings.decoder_style = "plain"
settings.carrier_name = "alloc_rw_rwx" # important (not rx)
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
- settings.inject_exe_in = FilePath(PATH_EXES + "procexp64.exe")
- settings.inject_exe_out = FilePath(PATH_EXES + "procexp64.verify.exe")
if not start(settings):
return
@@ -104,12 +109,12 @@ def test_common():
def test_dll_loader():
print("Testing: DLL Loader")
settings = Settings("unittest")
- settings.payload_path = FilePath(PATH_SHELLCODES + "createfile.dll")
+ settings.injectable_base = "procexp64.exe"
+ settings.payload_base = "createfile.dll"
+
settings.verify = True
settings.try_start_final_infected_exe = False
settings.payload_location = PayloadLocation.CODE # important
- settings.inject_exe_in = FilePath(PATH_EXES + "procexp64.exe")
- settings.inject_exe_out = FilePath(PATH_EXES + "procexp64.verify.exe")
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
print("Test DLL Loader 1/2: procexp, backdoor main, dll loader alloc")
@@ -126,7 +131,8 @@ def test_dll_loader():
def test_exe_code():
print("Testing: EXEs: Inject payload into .text")
settings = Settings("unittest")
- settings.payload_path = FilePath(PATH_SHELLCODES + "createfile.bin")
+ settings.injectable_base = "7z.exe"
+ settings.payload_base = "createfile.bin"
settings.verify = True
settings.try_start_final_infected_exe = False
settings.payload_location = PayloadLocation.CODE
@@ -135,8 +141,6 @@ def test_exe_code():
print("Test EXE 1/4: 7z, peb-walk, change-entrypoint")
settings.carrier_name = "peb_walk"
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
- settings.inject_exe_in = FilePath(PATH_EXES + "7z.exe")
- settings.inject_exe_out = FilePath(PATH_EXES + "7z.verify.exe")
if not start(settings):
return
@@ -144,17 +148,15 @@ def test_exe_code():
print("Test EXE 2/4: 7z, peb-walk, hijack main")
settings.carrier_name = "peb_walk"
settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
- settings.inject_exe_in = FilePath(PATH_EXES + "7z.exe")
- settings.inject_exe_out = FilePath(PATH_EXES + "7z.verify.exe")
if not start(settings):
return
+
+ settings.injectable_base = "procexp64.exe"
# procexp, iat-reuse, change-entrypoint
print("Test EXE 3/4: procexp, iat-reuse, change-entrypoint")
settings.carrier_name = "alloc_rw_rwx"
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
- settings.inject_exe_in = FilePath(PATH_EXES + "procexp64.exe")
- settings.inject_exe_out = FilePath(PATH_EXES + "procexp64.verify.exe")
if not start(settings):
return
@@ -162,8 +164,6 @@ def test_exe_code():
print("Test EXE 4/4: procexp, iat-reuse, backdoor")
settings.carrier_name = "alloc_rw_rwx"
settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
- settings.inject_exe_in = FilePath(PATH_EXES + "procexp64.exe")
- settings.inject_exe_out = FilePath(PATH_EXES + "procexp64.verify.exe")
if not start(settings):
return
@@ -171,7 +171,9 @@ def test_exe_code():
def test_exe_data():
print("Testing: EXEs: Inject into .data")
settings = Settings("unittest")
- settings.payload_path = FilePath(PATH_SHELLCODES + "createfile.bin")
+ settings.injectable_base = "7z.exe"
+ settings.payload_base = "createfile.bin"
+
settings.verify = True
settings.try_start_final_infected_exe = False
settings.payload_location = PayloadLocation.DATA
@@ -180,8 +182,6 @@ def test_exe_data():
print("Test EXE 1/4: 7z, peb-walk, change-entrypoint")
settings.carrier_name = "peb_walk"
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
- settings.inject_exe_in = FilePath(PATH_EXES + "7z.exe")
- settings.inject_exe_out = FilePath(PATH_EXES + "7z.verify.exe")
if not start(settings):
return
@@ -189,17 +189,15 @@ def test_exe_data():
print("Test EXE 2/4: 7z, peb-walk, hijack main")
settings.carrier_name = "peb_walk"
settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
- settings.inject_exe_in = FilePath(PATH_EXES + "7z.exe")
- settings.inject_exe_out = FilePath(PATH_EXES + "7z.verify.exe")
if not start(settings):
return
+ settings.injectable_base = "procexp64.exe"
+
# procexp, iat-reuse, change-entrypoint
print("Test EXE 3/4: procexp, iat-reuse, change-entrypoint")
settings.carrier_name = "alloc_rw_rwx"
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
- settings.inject_exe_in = FilePath(PATH_EXES + "procexp64.exe")
- settings.inject_exe_out = FilePath(PATH_EXES + "procexp64.verify.exe")
if not start(settings):
return
@@ -207,8 +205,6 @@ def test_exe_data():
print("Test EXE 4/4: procexp, iat-reuse, backdoor")
settings.carrier_name = "alloc_rw_rwx"
settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
- settings.inject_exe_in = FilePath(PATH_EXES + "procexp64.exe")
- settings.inject_exe_out = FilePath(PATH_EXES + "procexp64.verify.exe")
if not start(settings):
return
@@ -216,7 +212,8 @@ def test_exe_data():
def test_dll_code():
print("Testing: DLLs code")
settings = Settings("unittest")
- settings.payload_path = FilePath(PATH_SHELLCODES + "createfile.bin")
+ settings.injectable_base = "libbz2.dll"
+ settings.payload_base = "createfile.bin"
settings.verify = True
settings.try_start_final_infected_exe = False
settings.payload_location = PayloadLocation.CODE
@@ -224,16 +221,12 @@ def test_dll_code():
print("Test DLL 1/4: libbz2.dll, peb-walk, change-entrypoint dllMain (func=None)")
settings.carrier_name = "peb_walk"
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
- settings.inject_exe_in = FilePath(PATH_DLLS + "libbz2.dll")
- settings.inject_exe_out = FilePath(PATH_DLLS + "libbz2.verify.dll")
if not start(settings):
return
print("Test DLL 2/4: libbz2.dll, peb-walk, hijack dllMain (func=None)")
settings.carrier_name = "peb_walk"
settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
- settings.inject_exe_in = FilePath(PATH_DLLS + "libbz2.dll")
- settings.inject_exe_out = FilePath(PATH_DLLS + "libbz2.verify.dll")
if not start(settings):
return
@@ -241,8 +234,6 @@ def test_dll_code():
settings.dllfunc = "BZ2_bzDecompress"
settings.carrier_name = "peb_walk"
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
- settings.inject_exe_in = FilePath(PATH_DLLS + "libbz2.dll")
- settings.inject_exe_out = FilePath(PATH_DLLS + "libbz2.verify.dll")
if not start(settings):
return
@@ -250,8 +241,6 @@ def test_dll_code():
settings.dllfunc = "BZ2_bzdopen"
settings.carrier_name = "peb_walk"
settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
- settings.inject_exe_in = FilePath(PATH_DLLS + "libbz2.dll")
- settings.inject_exe_out = FilePath(PATH_DLLS + "libbz2.verify.dll")
if not start(settings):
return
@@ -259,7 +248,9 @@ def test_dll_code():
def test_dll_data():
print("Testing: DLLs data")
settings = Settings("unittest")
- settings.payload_path = FilePath(PATH_SHELLCODES + "createfile.bin")
+ settings.injectable_base = "libbz2.dll"
+ settings.payload_base = "createfile.bin"
+
settings.verify = True
settings.try_start_final_infected_exe = False
settings.payload_location = PayloadLocation.DATA
@@ -267,16 +258,12 @@ def test_dll_data():
print("Test DLL 1/4: libbz2.dll, peb-walk, change-entrypoint dllMain (func=None)")
settings.carrier_name = "peb_walk"
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
- settings.inject_exe_in = FilePath(PATH_DLLS + "libbz2.dll")
- settings.inject_exe_out = FilePath(PATH_DLLS + "libbz2.verify.dll")
if not start(settings):
return
print("Test DLL 2/4: libbz2.dll, peb-walk, hijack dllMain (func=None)")
settings.carrier_name = "peb_walk"
settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
- settings.inject_exe_in = FilePath(PATH_DLLS + "libbz2.dll")
- settings.inject_exe_out = FilePath(PATH_DLLS + "libbz2.verify.dll")
if not start(settings):
return
@@ -284,8 +271,6 @@ def test_dll_data():
settings.dllfunc = "BZ2_bzDecompress"
settings.carrier_name = "peb_walk"
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
- settings.inject_exe_in = FilePath(PATH_DLLS + "libbz2.dll")
- settings.inject_exe_out = FilePath(PATH_DLLS + "libbz2.verify.dll")
if not start(settings):
return
@@ -293,8 +278,6 @@ def test_dll_data():
settings.dllfunc = "BZ2_bzdopen"
settings.carrier_name = "peb_walk"
settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
- settings.inject_exe_in = FilePath(PATH_DLLS + "libbz2.dll")
- settings.inject_exe_out = FilePath(PATH_DLLS + "libbz2.verify.dll")
if not start(settings):
return
diff --git a/tests/test_derbackdoorer.py b/tests/test_derbackdoorer.py
index 06e0380..80ced9d 100644
--- a/tests/test_derbackdoorer.py
+++ b/tests/test_derbackdoorer.py
@@ -24,7 +24,7 @@ class DerBackdoorerTest(unittest.TestCase):
def test_function_backdoorer_dll(self):
- superpe = SuperPe(PATH_DLLS + "TestDLL.dll")
+ superpe = SuperPe(PATH_EXES + "TestDLL.dll")
function_backdoorer = FunctionBackdoorer(superpe)
addr = function_backdoorer.find_suitable_instruction_addr(superpe.get_entrypoint())
diff --git a/tests/test_superpe.py b/tests/test_superpe.py
index 08ec396..2011ef5 100644
--- a/tests/test_superpe.py
+++ b/tests/test_superpe.py
@@ -70,7 +70,7 @@ class SuperPeTest(unittest.TestCase):
def test_dll(self):
- dll_filepath = PATH_DLLS + "TestDLL.dll"
+ dll_filepath = PATH_EXES + "TestDLL.dll"
superpe = SuperPe(dll_filepath)
# Properties