diff --git a/.gitignore b/.gitignore index b22178d..5d24cf8 100644 --- a/.gitignore +++ b/.gitignore @@ -15,4 +15,5 @@ out/ tools/ doc/ *.pickle -logs/ \ No newline at end of file +logs/ +app/projects/* \ No newline at end of file diff --git a/app/templates/project.html b/app/templates/project.html index 2bd6081..caf63fa 100644 --- a/app/templates/project.html +++ b/app/templates/project.html @@ -79,28 +79,34 @@ >{{value}} {% endfor %} -
- +
-
-
+ - - - - - +
+ +
+
+
+ + +
+
+
+
+ + +
+
diff --git a/app/views.py b/app/views.py index 3c92cd6..bec90d9 100644 --- a/app/views.py +++ b/app/views.py @@ -16,6 +16,9 @@ from model.settings import Settings from model.defs import * from supermega import start from app.storage import storage, Project +from sender import scannerDetectsBytes +from phases.injector import verify_injected_exe +from helper import run_process_checkret views = Blueprint('views', __name__) @@ -25,6 +28,9 @@ config.load() thread_running = False +logger = logging.getLogger("Views") + + @views.route("/") def index(): return render_template('index.html', data=storage.data) @@ -78,7 +84,7 @@ def add_project(): settings.try_start_final_infected_exe = False settings.inject_exe_in = "app/upload/exe/" + request.form['exe'] - settings.inject_exe_out = "app/upload/infected/" + request.form['exe'] + ".injected" + settings.inject_exe_out = "app/upload/infected/" + request.form['exe'].replace(".exe", ".infected.exe") source_style = request.form['source_style'] settings.source_style = SourceStyle[source_style] @@ -102,6 +108,8 @@ def add_project(): else: # add new project project = Project(project_name, settings) + project.project_dir = "app/projects/{}".format(project_name) + project.project_exe = request.form['exe'].replace(".exe", ".infected.exe") project.settings = settings settings.project_name = project_name storage.add_project(project) @@ -134,34 +142,31 @@ def add_project(): ) -def supermega_thread(settings: Settings, project_name: str): +def supermega_thread(project: Project): global thread_running - start(settings) + start(project.settings) thread_running = False # copy generated file to project folder - file_basename = os.path.basename(settings.inject_exe_out) + file_basename = os.path.basename(project.settings.inject_exe_out) + project.project_exe = file_basename + dest = "app/projects/{}/{}".format(project.name, file_basename) + logger.info("Copy {} to project folder {}".format(project.settings.inject_exe_out, dest)) shutil.copy( - settings.inject_exe_out, - "app/projects/{}/{}".format(project_name, file_basename) + project.settings.inject_exe_out, + dest, ) -@views.route("/start_project", methods=['POST', 'GET']) -def start_project(): +@views.route("/build_project", methods=['POST', 'GET']) +def build_project(): global thread_running - #project_name = request.args.get('project_name') project_name = request.form.get('project_name') - try_start = request.form.get('try_start') - if try_start != None: - try_start = True - else: - try_start = False project = storage.get_project(project_name) - project.settings.try_start_final_infected_exe = try_start + project.settings.try_start_final_infected_exe = False - thread = Thread(target=supermega_thread, args=(project.settings, project_name, )) + thread = Thread(target=supermega_thread, args=(project, )) thread.start() thread_running = True @@ -179,6 +184,43 @@ def status_project(project_name): return redirect("/project/{}".format(project_name), code=302) +@views.route("/exec_project", methods=['POST', 'GET']) +def start_project(): + project_name = request.form.get('project_name') + project = storage.get_project(project_name) + if project == None: + return redirect("/", code=302) + + remote = False + remote_arg = request.args.get('remote') + if remote_arg == "true": + remote = True + + if remote: + logger.info("--[ Exec {} on server {}".format(project.project_exe, config.get("avred_server"))) + filepath = "{}/{}".format(project.project_dir, project.project_exe) + with open(filepath, "rb") as f: + data = f.read() + try: + scannerDetectsBytes(data, project.project_exe, useBrotli=True, verify=project.settings.verify) + except Exception as e: + logger.error(f'Error scanning: {e}') + return 4 + else: + logger.info("--[ Exec {} locally".format(project.project_exe)) + # Start/verify it at the end + if project.settings.verify: + logger.info("--[ Verify infected exe") + exit_code = verify_injected_exe(project.settings.inject_exe_out) + else: + logger.info("--[ Start infected exe: {}".format(project.settings.inject_exe_out)) + run_process_checkret([ + project.settings.inject_exe_out, + ], check=False) + + return redirect("/project/{}".format(project_name), code=302) + + def get_logfiles(): log_files = [] id = 0 diff --git a/model/project.py b/model/project.py index 7e39676..d9c4276 100644 --- a/model/project.py +++ b/model/project.py @@ -18,6 +18,9 @@ class Project(): self.exe_host: ExeHost = ExeHost(self.settings.inject_exe_in) self.carrier: Carrier = Carrier() + self.project_dir: str = "" + self.project_exe: str = "" + def init(self): self.payload.init() diff --git a/supermega.py b/supermega.py index c33379b..0cde56e 100644 --- a/supermega.py +++ b/supermega.py @@ -187,14 +187,15 @@ def start(settings: Settings): observer.add_code("exe_final", extract_code_from_exe_file_ep(settings.inject_exe_out, 300)) if config.get("avred_server") != "": - filename = os.path.basename(settings.inject_exe_in) - with open(settings.inject_exe_out, "rb") as f: - data = f.read() - try: - scannerDetectsBytes(data, filename, useBrotli=True, verify=settings.verify) - except Exception as e: - logger.error(f'Error scanning: {e}') - return 4 + if settings.verify or settings.try_start_final_infected_exe: + filename = os.path.basename(settings.inject_exe_in) + with open(settings.inject_exe_out, "rb") as f: + data = f.read() + try: + scannerDetectsBytes(data, filename, useBrotli=True, verify=settings.verify) + except Exception as e: + logger.error(f'Error scanning: {e}') + return 4 else: # Start/verify it at the end if settings.verify: