admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-03 01:27:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature: make start_local/start_exe work reliably

Browse Source
This commit is contained in:
Dobin
2024-03-23 13:37:45 +00:00
parent ba933bd018
commit 4f9f85d25c
5 changed files with 89 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.gitignore
+2 -1
View File
@@ -15,4 +15,5 @@ out/
tools/ tools/
doc/ doc/
*.pickle *.pickle
logs/ logs/
app/projects/*
app/templates/project.html
+17 -11
View File
@@ -79,28 +79,34 @@
>{{value}}</option> >{{value}}</option>
{% endfor %} {% endfor %}
</select> </select>
</div> </div>
<div class="col-3"> <div class="col-3">
<div class="row"> <div class="row">
<button class="btn btn-primary" type="submit" value="save">Save</button> <button class="btn btn-primary" type="submit" value="save">Save Settings</button>
</form> </form>
</div> </div>
<div class="row"> <div class="row">
<div class="d-flex"> <form method="POST" enctype="multipart/form-data" action="/build_project">
<form method="POST" enctype="multipart/form-data" action="/start_project">
<input type="hidden" name="project_name" value="{{project_name}}"> <input type="hidden" name="project_name" value="{{project_name}}">
<button class="btn btn-primary" type="submit" value="start">Build</button>
<button class="btn btn-primary" type="submit" value="start">Start</button>
<input class="form-check-input" name="try_start" type="checkbox" value="checked" id="flexCheckDefault" checked>
<label class="form-check-label" for="flexCheckDefault">
Start Infected Exe
</label>
</form> </form>
</div> </div>
<div class="row">
<div class="col-6">
<form method="POST" enctype="multipart/form-data" action="/exec_project">
<input type="hidden" name="project_name" value="{{project_name}}">
<button class="btn btn-primary" type="submit" value="start">Start Local</button>
</form>
</div>
<div class="col-6">
<form method="POST" enctype="multipart/form-data" action="/exec_project?remote=true">
<input type="hidden" name="project_name" value="{{project_name}}">
<button class="btn btn-primary" type="submit" value="start">Start Remote</button>
</form>
</div>
</div> </div>
</div> </div>
</div> </div>
app/views.py
+58 -16
View File
@@ -16,6 +16,9 @@ from model.settings import Settings
from model.defs import * from model.defs import *
from supermega import start from supermega import start
from app.storage import storage, Project from app.storage import storage, Project
from sender import scannerDetectsBytes
from phases.injector import verify_injected_exe
from helper import run_process_checkret
views = Blueprint('views', __name__) views = Blueprint('views', __name__)
@@ -25,6 +28,9 @@ config.load()
thread_running = False thread_running = False
logger = logging.getLogger("Views")
@views.route("/") @views.route("/")
def index(): def index():
return render_template('index.html', data=storage.data) return render_template('index.html', data=storage.data)
@@ -78,7 +84,7 @@ def add_project():
settings.try_start_final_infected_exe = False settings.try_start_final_infected_exe = False
settings.inject_exe_in = "app/upload/exe/" + request.form['exe'] settings.inject_exe_in = "app/upload/exe/" + request.form['exe']
settings.inject_exe_out = "app/upload/infected/" + request.form['exe'] + ".injected" settings.inject_exe_out = "app/upload/infected/" + request.form['exe'].replace(".exe", ".infected.exe")
source_style = request.form['source_style'] source_style = request.form['source_style']
settings.source_style = SourceStyle[source_style] settings.source_style = SourceStyle[source_style]
@@ -102,6 +108,8 @@ def add_project():
else: else:
# add new project # add new project
project = Project(project_name, settings) project = Project(project_name, settings)
project.project_dir = "app/projects/{}".format(project_name)
project.project_exe = request.form['exe'].replace(".exe", ".infected.exe")
project.settings = settings project.settings = settings
settings.project_name = project_name settings.project_name = project_name
storage.add_project(project) storage.add_project(project)
@@ -134,34 +142,31 @@ def add_project():
) )
def supermega_thread(settings: Settings, project_name: str): def supermega_thread(project: Project):
global thread_running global thread_running
start(settings) start(project.settings)
thread_running = False thread_running = False
# copy generated file to project folder # copy generated file to project folder
file_basename = os.path.basename(settings.inject_exe_out) file_basename = os.path.basename(project.settings.inject_exe_out)
project.project_exe = file_basename
dest = "app/projects/{}/{}".format(project.name, file_basename)
logger.info("Copy {} to project folder {}".format(project.settings.inject_exe_out, dest))
shutil.copy( shutil.copy(
settings.inject_exe_out, project.settings.inject_exe_out,
"app/projects/{}/{}".format(project_name, file_basename) dest,
) )
@views.route("/start_project", methods=['POST', 'GET']) @views.route("/build_project", methods=['POST', 'GET'])
def start_project(): def build_project():
global thread_running global thread_running
#project_name = request.args.get('project_name')
project_name = request.form.get('project_name') project_name = request.form.get('project_name')
try_start = request.form.get('try_start')
if try_start != None:
try_start = True
else:
try_start = False
project = storage.get_project(project_name) project = storage.get_project(project_name)
project.settings.try_start_final_infected_exe = try_start project.settings.try_start_final_infected_exe = False
thread = Thread(target=supermega_thread, args=(project.settings, project_name, )) thread = Thread(target=supermega_thread, args=(project, ))
thread.start() thread.start()
thread_running = True thread_running = True
@@ -179,6 +184,43 @@ def status_project(project_name):
return redirect("/project/{}".format(project_name), code=302) return redirect("/project/{}".format(project_name), code=302)
@views.route("/exec_project", methods=['POST', 'GET'])
def start_project():
project_name = request.form.get('project_name')
project = storage.get_project(project_name)
if project == None:
return redirect("/", code=302)
remote = False
remote_arg = request.args.get('remote')
if remote_arg == "true":
remote = True
if remote:
logger.info("--[ Exec {} on server {}".format(project.project_exe, config.get("avred_server")))
filepath = "{}/{}".format(project.project_dir, project.project_exe)
with open(filepath, "rb") as f:
data = f.read()
try:
scannerDetectsBytes(data, project.project_exe, useBrotli=True, verify=project.settings.verify)
except Exception as e:
logger.error(f'Error scanning: {e}')
return 4
else:
logger.info("--[ Exec {} locally".format(project.project_exe))
# Start/verify it at the end
if project.settings.verify:
logger.info("--[ Verify infected exe")
exit_code = verify_injected_exe(project.settings.inject_exe_out)
else:
logger.info("--[ Start infected exe: {}".format(project.settings.inject_exe_out))
run_process_checkret([
project.settings.inject_exe_out,
], check=False)
return redirect("/project/{}".format(project_name), code=302)
def get_logfiles(): def get_logfiles():
log_files = [] log_files = []
id = 0 id = 0
model/project.py
+3
View File
@@ -18,6 +18,9 @@ class Project():
self.exe_host: ExeHost = ExeHost(self.settings.inject_exe_in) self.exe_host: ExeHost = ExeHost(self.settings.inject_exe_in)
self.carrier: Carrier = Carrier() self.carrier: Carrier = Carrier()
self.project_dir: str = ""
self.project_exe: str = ""
def init(self): def init(self):
self.payload.init() self.payload.init()
supermega.py
+9 -8
View File
@@ -187,14 +187,15 @@ def start(settings: Settings):
observer.add_code("exe_final", extract_code_from_exe_file_ep(settings.inject_exe_out, 300)) observer.add_code("exe_final", extract_code_from_exe_file_ep(settings.inject_exe_out, 300))
if config.get("avred_server") != "": if config.get("avred_server") != "":
filename = os.path.basename(settings.inject_exe_in) if settings.verify or settings.try_start_final_infected_exe:
with open(settings.inject_exe_out, "rb") as f: filename = os.path.basename(settings.inject_exe_in)
data = f.read() with open(settings.inject_exe_out, "rb") as f:
try: data = f.read()
scannerDetectsBytes(data, filename, useBrotli=True, verify=settings.verify) try:
except Exception as e: scannerDetectsBytes(data, filename, useBrotli=True, verify=settings.verify)
logger.error(f'Error scanning: {e}') except Exception as e:
return 4 logger.error(f'Error scanning: {e}')
return 4
else: else:
# Start/verify it at the end # Start/verify it at the end
if settings.verify: if settings.verify: