From bb185b572deee2a85d157a68970e265306765d5a Mon Sep 17 00:00:00 2001
From: Dobin <dobin.rutishauser@gmail.com>
Date: Thu, 29 Feb 2024 19:17:51 +0000
Subject: [PATCH] feature: webapp to infect

---
 app/templates/build.html  | 79 +++++++++++++++++++++++++++++++++++++++
 app/templates/inject.html |  0
 app/views.py              | 66 ++++++++++++++++++++++++++++++++
 log.py                    | 66 ++++++++++++++++++++++++++++++++
 model/defs.py             |  8 ++--
 supermega.py              | 66 +-------------------------------
 web.py                    |  5 ++-
 7 files changed, 221 insertions(+), 69 deletions(-)
 create mode 100644 app/templates/build.html
 create mode 100644 app/templates/inject.html
 create mode 100644 log.py

diff --git a/app/templates/build.html b/app/templates/build.html
new file mode 100644
index 0000000..b3e82de
--- /dev/null
+++ b/app/templates/build.html
@@ -0,0 +1,79 @@
+<!DOCTYPE html>
+<html>
+  <head>
+    {% include 'header.html' %}
+  </head>
+  <body>
+      
+{% include 'navigation.html' %}
+
+<div class="container-fluid">
+<div class="row">
+
+
+<!-- a bootstrap dropdown to select one of the log files -->
+<div class="col-md-3">
+
+    <form method="POST" enctype="multipart/form-data" action="/inject">
+    <div class="row row-cols-lg-auto g-3">
+    
+    <select class="form-select" name="shellcode" aria-label="SHELLCODE">
+        {% for shellcode in shellcodes %}
+        <option value="{{shellcode}}">{{shellcode}}</option>
+        {% endfor %}
+    </select>
+
+    <select class="form-select" name="exe" aria-label="EXE">
+        {% for exe in exes %}
+        <option value="{{exe}}">{{exe}}</option>
+        {% endfor %}
+    </select>
+
+    <select class="form-select" name="source_style" aria-label="SOURCESTYLE">
+        {% for name, value in sourcestyles %}
+        <option value="{{name}}">{{value}}</option>
+        {% endfor %}
+    </select>
+
+    <select class="form-select" name="alloc_style" aria-label="ALLOCSTYLE">
+        {% for name, value in allocstyles %}
+        <option value="{{name}}">{{value}}</option>
+        {% endfor %}
+    </select>
+
+    <select class="form-select" name="decoder_style" aria-label="DECODERESTYLE">
+        {% for name, value in decoderstyles %}
+        <option value="{{name}}">{{value}}</option>
+        {% endfor %}
+    </select>
+
+    <select class="form-select" name="exec_style" aria-label="EXECSTYLE">
+        {% for name, value in execstyles %}
+        <option value="{{name}}">{{value}}</option>
+        {% endfor %}
+    </select>
+
+    <select class="form-select" name="inject_style" aria-label="INJECTSTYLE">
+        {% for name, value in injectstyles %}
+        <option value="{{name}}">{{value}}</option>
+        {% endfor %}
+    </select>
+
+    <div class="form-check">
+        <input class="form-check-input" type="checkbox" value="" id="flexCheckDefault">
+        <label class="form-check-label" for="flexCheckDefault">
+          Execute after injection
+        </label>
+      </div>
+
+    <button class="btn btn-primary" type="submit" value="Inject">Inject</button>
+    <button class="btn btn-primary" type="submit" value="Verify">Verify</button>
+
+    </div>
+    </form>
+
+</div>
+</div>
+
+</body>
+</html>
\ No newline at end of file
diff --git a/app/templates/inject.html b/app/templates/inject.html
new file mode 100644
index 0000000..e69de29
diff --git a/app/views.py b/app/views.py
index 2b9d956..d43c8f6 100644
--- a/app/views.py
+++ b/app/views.py
@@ -11,6 +11,10 @@ from pygments.formatters import HtmlFormatter
 import difflib
 from ansi2html import Ansi2HTMLConverter
 
+from config import config
+from model.settings import Settings
+from model.defs import *
+from supermega import start
 
 views = Blueprint('views', __name__)
 
@@ -22,6 +26,68 @@ def index():
     return render_template('index.html')
 
 
+@views.route("/inject", methods=['GET', 'POST'])
+def inject():
+    config.load()
+    settings = Settings()
+
+    settings.payload_path = "app/upload/shellcode/" + request.form['shellcode']
+    settings.inject_exe_in = "app/upload/exe/" + request.form['exe']
+    settings.inject_exe_out = "app/upload/infected/" + request.form['exe'] + ".injected"
+
+    source_style = request.form['source_style']
+    settings.source_style = SourceStyle[source_style]
+
+    alloc_style = request.form['alloc_style']
+    settings.alloc_style = AllocStyle[alloc_style]
+
+    decoder_style = request.form['decoder_style']
+    settings.decoder_style = DecoderStyle[decoder_style]
+
+    exec_style = request.form['exec_style']
+    settings.exec_style = ExecStyle[exec_style]
+
+    inject_style = request.form['inject_style']
+    inject_style = InjectStyle[inject_style]
+    settings.inject = True
+    if inject_style == InjectStyle.ENTRY:
+        settings.inject_mode = 1
+    elif inject_style == InjectStyle.HIJACK:
+        settings.inject_mode = 2
+        
+    print(str(settings))
+    start(settings)
+
+    return render_template('inject.html')
+
+
+@views.route("/build")
+def build():
+    exes = []
+    for file in os.listdir("app/upload/exe"):
+        exes.append(file)
+
+    shellcodes = []
+    for file in os.listdir("app/upload/shellcode"):
+        shellcodes.append(file)
+
+    sourcestyles = [(color.name, color.value) for color in SourceStyle]
+    allocstyles = [(color.name, color.value) for color in AllocStyle]
+    decoderstyles = [(color.name, color.value) for color in DecoderStyle]
+    execstyles = [(color.name, color.value) for color in ExecStyle]
+    injectstyles = [(color.name, color.value) for color in InjectStyle]
+
+    return render_template('build.html', 
+        exes=exes,
+        shellcodes=shellcodes,
+        sourcestyles=sourcestyles,
+        allocstyles=allocstyles,
+        decoderstyles=decoderstyles,
+        execstyles=execstyles,
+        injectstyles=injectstyles,
+    )
+
+
 @views.route("/project")
 def project():
     log_files = []
diff --git a/log.py b/log.py
new file mode 100644
index 0000000..e296332
--- /dev/null
+++ b/log.py
@@ -0,0 +1,66 @@
+import logging
+
+log_messages = []
+
+
+# Logging
+
+# ANSI escape sequences for colors
+class LogColors:
+    HEADER = '\033[95m'
+    BLUE = '\033[94m'
+    GREEN = '\033[92m'
+    WARNING = '\033[93m'
+    FAIL = '\033[91m'
+    ENDC = '\033[0m'
+    BOLD = '\033[1m'
+    UNDERLINE = '\033[4m'
+
+class CustomFormatter(logging.Formatter):
+    #format = "%(asctime)s - %(name)-12s - [%(levelname)-8s] - %(message)s (%(filename)s:%(lineno)d)"
+    format = "(%(filename)-12s) %(message)s"
+
+    FORMATS = {
+        logging.DEBUG: format,
+        logging.INFO: format,
+        logging.WARNING: LogColors.WARNING + format + LogColors.ENDC,
+        logging.ERROR: LogColors.FAIL + format + LogColors.ENDC,
+        logging.CRITICAL: LogColors.FAIL + LogColors.BOLD + format + LogColors.ENDC
+    }
+
+    def format(self, record):
+        log_fmt = self.FORMATS.get(record.levelno)
+        formatter = logging.Formatter(log_fmt, datefmt="%Y-%m-%d %H:%M:%S")
+        return formatter.format(record)
+
+class ListHandler(logging.Handler):
+    def __init__(self, log_list):
+        super().__init__()
+        self.log_list = log_list
+
+    def emit(self, record):
+        # Format the log record and store it in the list
+        log_entry = self.format(record)
+        self.log_list.append(log_entry)
+
+
+def writelog():
+    # write log to file
+    with open("logs/supermega.log", "w") as f:
+        for line in log_messages:
+            f.write(line + "\n")
+
+def setup_logging():
+    root_logger = logging.getLogger()
+    root_logger.setLevel(logging.INFO)
+
+    ch = logging.StreamHandler()
+    ch.setLevel(logging.INFO)
+    ch.setFormatter(CustomFormatter())
+
+    list_handler = ListHandler(log_messages)
+    list_handler.setLevel(logging.DEBUG)
+    list_handler.setFormatter(CustomFormatter())
+
+    root_logger.addHandler(ch)
+    root_logger.addHandler(list_handler)
\ No newline at end of file
diff --git a/model/defs.py b/model/defs.py
index 73cc78a..c1f7ffe 100644
--- a/model/defs.py
+++ b/model/defs.py
@@ -21,13 +21,15 @@ class DecoderStyle(Enum):
 
 class ExecStyle(Enum):
     CALL = "direct_1"
-    #JMP = 2,
-    #FIBER = 3,
+    #JMP = "jump",
+    #FIBER = "fiber",
 
 class DataRefStyle(Enum):
     APPEND = 1
 
-#class InjectStyle(Enum):
+class InjectStyle(Enum):
+    ENTRY = "change AddressOfEntryPoint"
+    HIJACK = "hijack branching instruction at Original Entry Point (jmp, call, ...)"
     
 class SourceStyle(Enum):
     peb_walk = "peb_walk"
diff --git a/supermega.py b/supermega.py
index 5aba47c..1f70dcb 100644
--- a/supermega.py
+++ b/supermega.py
@@ -7,8 +7,6 @@ import logging
 import time
 import pefile
 
-
-
 from helper import *
 from config import config
 import phases.templater
@@ -23,8 +21,7 @@ from model.settings import Settings
 from model.defs import *
 from model.carrier import Carrier
 from model.exehost import ExeHost
-
-log_messages = []
+from log import setup_logging, writelog
 
 
 def main():
@@ -282,11 +279,7 @@ def start(settings: Settings):
     if settings.cleanup_files_on_exit:
         clean_files()
 
-    # write log to file
-    with open("logs/supermega.log", "w") as f:
-        for line in log_messages:
-            f.write(line + "\n")
-
+    writelog()
     exit(exit_code)
 
 
@@ -341,61 +334,6 @@ def verify_shellcode(shc_name):
         return False
 
 
-# Logging
-
-# ANSI escape sequences for colors
-class LogColors:
-    HEADER = '\033[95m'
-    BLUE = '\033[94m'
-    GREEN = '\033[92m'
-    WARNING = '\033[93m'
-    FAIL = '\033[91m'
-    ENDC = '\033[0m'
-    BOLD = '\033[1m'
-    UNDERLINE = '\033[4m'
-
-class CustomFormatter(logging.Formatter):
-    #format = "%(asctime)s - %(name)-12s - [%(levelname)-8s] - %(message)s (%(filename)s:%(lineno)d)"
-    format = "(%(filename)-12s) %(message)s"
-
-    FORMATS = {
-        logging.DEBUG: format,
-        logging.INFO: format,
-        logging.WARNING: LogColors.WARNING + format + LogColors.ENDC,
-        logging.ERROR: LogColors.FAIL + format + LogColors.ENDC,
-        logging.CRITICAL: LogColors.FAIL + LogColors.BOLD + format + LogColors.ENDC
-    }
-
-    def format(self, record):
-        log_fmt = self.FORMATS.get(record.levelno)
-        formatter = logging.Formatter(log_fmt, datefmt="%Y-%m-%d %H:%M:%S")
-        return formatter.format(record)
-
-class ListHandler(logging.Handler):
-    def __init__(self, log_list):
-        super().__init__()
-        self.log_list = log_list
-
-    def emit(self, record):
-        # Format the log record and store it in the list
-        log_entry = self.format(record)
-        self.log_list.append(log_entry)
-
-def setup_logging():
-    root_logger = logging.getLogger()
-    root_logger.setLevel(logging.INFO)
-
-    ch = logging.StreamHandler()
-    ch.setLevel(logging.INFO)
-    ch.setFormatter(CustomFormatter())
-
-    list_handler = ListHandler(log_messages)
-    list_handler.setLevel(logging.DEBUG)
-    list_handler.setFormatter(CustomFormatter())
-
-    root_logger.addHandler(ch)
-    root_logger.addHandler(list_handler)
-
 
 if __name__ == "__main__":
     setup_logging()
diff --git a/web.py b/web.py
index 6c432c9..b72163b 100644
--- a/web.py
+++ b/web.py
@@ -5,9 +5,10 @@ import argparse
 from flask import Flask
 
 from app.views import views
-
+from log import setup_logging, writelog
 
 if __name__ == "__main__":
+	setup_logging()
 	parser = argparse.ArgumentParser()
 	parser.add_argument('--listenip', type=str, help='IP to listen on', default="0.0.0.0")
 	parser.add_argument('--listenport', type=int, help='Port to listen on', default=5001)
@@ -30,4 +31,4 @@ if __name__ == "__main__":
 	app.config.from_prefixed_env()
     
 	app.register_blueprint(views)
-	app.run(host=args.listenip, port=args.listenport, debug=args.debug)
\ No newline at end of file
+	app.run(host=args.listenip, port=args.listenport, debug=args.debug)