mirror of
https://github.com/dobin/SuperMega
synced 2026-06-02 17:27:10 +00:00
feature: webapp to infect
This commit is contained in:
Dobin
@@ -0,0 +1,79 @@
|
||||
<!DOCTYPE html>
|
||||
<html>
|
||||
<head>
|
||||
{% include 'header.html' %}
|
||||
</head>
|
||||
<body>
|
||||
|
||||
{% include 'navigation.html' %}
|
||||
|
||||
<div class="container-fluid">
|
||||
<div class="row">
|
||||
|
||||
|
||||
<!-- a bootstrap dropdown to select one of the log files -->
|
||||
<div class="col-md-3">
|
||||
|
||||
<form method="POST" enctype="multipart/form-data" action="/inject">
|
||||
<div class="row row-cols-lg-auto g-3">
|
||||
|
||||
<select class="form-select" name="shellcode" aria-label="SHELLCODE">
|
||||
{% for shellcode in shellcodes %}
|
||||
<option value="{{shellcode}}">{{shellcode}}</option>
|
||||
{% endfor %}
|
||||
</select>
|
||||
|
||||
<select class="form-select" name="exe" aria-label="EXE">
|
||||
{% for exe in exes %}
|
||||
<option value="{{exe}}">{{exe}}</option>
|
||||
{% endfor %}
|
||||
</select>
|
||||
|
||||
<select class="form-select" name="source_style" aria-label="SOURCESTYLE">
|
||||
{% for name, value in sourcestyles %}
|
||||
<option value="{{name}}">{{value}}</option>
|
||||
{% endfor %}
|
||||
</select>
|
||||
|
||||
<select class="form-select" name="alloc_style" aria-label="ALLOCSTYLE">
|
||||
{% for name, value in allocstyles %}
|
||||
<option value="{{name}}">{{value}}</option>
|
||||
{% endfor %}
|
||||
</select>
|
||||
|
||||
<select class="form-select" name="decoder_style" aria-label="DECODERESTYLE">
|
||||
{% for name, value in decoderstyles %}
|
||||
<option value="{{name}}">{{value}}</option>
|
||||
{% endfor %}
|
||||
</select>
|
||||
|
||||
<select class="form-select" name="exec_style" aria-label="EXECSTYLE">
|
||||
{% for name, value in execstyles %}
|
||||
<option value="{{name}}">{{value}}</option>
|
||||
{% endfor %}
|
||||
</select>
|
||||
|
||||
<select class="form-select" name="inject_style" aria-label="INJECTSTYLE">
|
||||
{% for name, value in injectstyles %}
|
||||
<option value="{{name}}">{{value}}</option>
|
||||
{% endfor %}
|
||||
</select>
|
||||
|
||||
<div class="form-check">
|
||||
<input class="form-check-input" type="checkbox" value="" id="flexCheckDefault">
|
||||
<label class="form-check-label" for="flexCheckDefault">
|
||||
Execute after injection
|
||||
</label>
|
||||
</div>
|
||||
|
||||
<button class="btn btn-primary" type="submit" value="Inject">Inject</button>
|
||||
<button class="btn btn-primary" type="submit" value="Verify">Verify</button>
|
||||
|
||||
</div>
|
||||
</form>
|
||||
|
||||
</div>
|
||||
</div>
|
||||
|
||||
</body>
|
||||
</html>
|
||||
@@ -11,6 +11,10 @@ from pygments.formatters import HtmlFormatter
|
||||
import difflib
|
||||
from ansi2html import Ansi2HTMLConverter
|
||||
|
||||
from config import config
|
||||
from model.settings import Settings
|
||||
from model.defs import *
|
||||
from supermega import start
|
||||
|
||||
views = Blueprint('views', __name__)
|
||||
|
||||
@@ -22,6 +26,68 @@ def index():
|
||||
return render_template('index.html')
|
||||
|
||||
|
||||
@views.route("/inject", methods=['GET', 'POST'])
|
||||
def inject():
|
||||
config.load()
|
||||
settings = Settings()
|
||||
|
||||
settings.payload_path = "app/upload/shellcode/" + request.form['shellcode']
|
||||
settings.inject_exe_in = "app/upload/exe/" + request.form['exe']
|
||||
settings.inject_exe_out = "app/upload/infected/" + request.form['exe'] + ".injected"
|
||||
|
||||
source_style = request.form['source_style']
|
||||
settings.source_style = SourceStyle[source_style]
|
||||
|
||||
alloc_style = request.form['alloc_style']
|
||||
settings.alloc_style = AllocStyle[alloc_style]
|
||||
|
||||
decoder_style = request.form['decoder_style']
|
||||
settings.decoder_style = DecoderStyle[decoder_style]
|
||||
|
||||
exec_style = request.form['exec_style']
|
||||
settings.exec_style = ExecStyle[exec_style]
|
||||
|
||||
inject_style = request.form['inject_style']
|
||||
inject_style = InjectStyle[inject_style]
|
||||
settings.inject = True
|
||||
if inject_style == InjectStyle.ENTRY:
|
||||
settings.inject_mode = 1
|
||||
elif inject_style == InjectStyle.HIJACK:
|
||||
settings.inject_mode = 2
|
||||
|
||||
print(str(settings))
|
||||
start(settings)
|
||||
|
||||
return render_template('inject.html')
|
||||
|
||||
|
||||
@views.route("/build")
|
||||
def build():
|
||||
exes = []
|
||||
for file in os.listdir("app/upload/exe"):
|
||||
exes.append(file)
|
||||
|
||||
shellcodes = []
|
||||
for file in os.listdir("app/upload/shellcode"):
|
||||
shellcodes.append(file)
|
||||
|
||||
sourcestyles = [(color.name, color.value) for color in SourceStyle]
|
||||
allocstyles = [(color.name, color.value) for color in AllocStyle]
|
||||
decoderstyles = [(color.name, color.value) for color in DecoderStyle]
|
||||
execstyles = [(color.name, color.value) for color in ExecStyle]
|
||||
injectstyles = [(color.name, color.value) for color in InjectStyle]
|
||||
|
||||
return render_template('build.html',
|
||||
exes=exes,
|
||||
shellcodes=shellcodes,
|
||||
sourcestyles=sourcestyles,
|
||||
allocstyles=allocstyles,
|
||||
decoderstyles=decoderstyles,
|
||||
execstyles=execstyles,
|
||||
injectstyles=injectstyles,
|
||||
)
|
||||
|
||||
|
||||
@views.route("/project")
|
||||
def project():
|
||||
log_files = []
|
||||
|
||||
@@ -0,0 +1,66 @@
|
||||
import logging
|
||||
|
||||
log_messages = []
|
||||
|
||||
|
||||
# Logging
|
||||
|
||||
# ANSI escape sequences for colors
|
||||
class LogColors:
|
||||
HEADER = '\033[95m'
|
||||
BLUE = '\033[94m'
|
||||
GREEN = '\033[92m'
|
||||
WARNING = '\033[93m'
|
||||
FAIL = '\033[91m'
|
||||
ENDC = '\033[0m'
|
||||
BOLD = '\033[1m'
|
||||
UNDERLINE = '\033[4m'
|
||||
|
||||
class CustomFormatter(logging.Formatter):
|
||||
#format = "%(asctime)s - %(name)-12s - [%(levelname)-8s] - %(message)s (%(filename)s:%(lineno)d)"
|
||||
format = "(%(filename)-12s) %(message)s"
|
||||
|
||||
FORMATS = {
|
||||
logging.DEBUG: format,
|
||||
logging.INFO: format,
|
||||
logging.WARNING: LogColors.WARNING + format + LogColors.ENDC,
|
||||
logging.ERROR: LogColors.FAIL + format + LogColors.ENDC,
|
||||
logging.CRITICAL: LogColors.FAIL + LogColors.BOLD + format + LogColors.ENDC
|
||||
}
|
||||
|
||||
def format(self, record):
|
||||
log_fmt = self.FORMATS.get(record.levelno)
|
||||
formatter = logging.Formatter(log_fmt, datefmt="%Y-%m-%d %H:%M:%S")
|
||||
return formatter.format(record)
|
||||
|
||||
class ListHandler(logging.Handler):
|
||||
def __init__(self, log_list):
|
||||
super().__init__()
|
||||
self.log_list = log_list
|
||||
|
||||
def emit(self, record):
|
||||
# Format the log record and store it in the list
|
||||
log_entry = self.format(record)
|
||||
self.log_list.append(log_entry)
|
||||
|
||||
|
||||
def writelog():
|
||||
# write log to file
|
||||
with open("logs/supermega.log", "w") as f:
|
||||
for line in log_messages:
|
||||
f.write(line + "\n")
|
||||
|
||||
def setup_logging():
|
||||
root_logger = logging.getLogger()
|
||||
root_logger.setLevel(logging.INFO)
|
||||
|
||||
ch = logging.StreamHandler()
|
||||
ch.setLevel(logging.INFO)
|
||||
ch.setFormatter(CustomFormatter())
|
||||
|
||||
list_handler = ListHandler(log_messages)
|
||||
list_handler.setLevel(logging.DEBUG)
|
||||
list_handler.setFormatter(CustomFormatter())
|
||||
|
||||
root_logger.addHandler(ch)
|
||||
root_logger.addHandler(list_handler)
|
||||
+5
-3
@@ -21,13 +21,15 @@ class DecoderStyle(Enum):
|
||||
|
||||
class ExecStyle(Enum):
|
||||
CALL = "direct_1"
|
||||
#JMP = 2,
|
||||
#FIBER = 3,
|
||||
#JMP = "jump",
|
||||
#FIBER = "fiber",
|
||||
|
||||
class DataRefStyle(Enum):
|
||||
APPEND = 1
|
||||
|
||||
#class InjectStyle(Enum):
|
||||
class InjectStyle(Enum):
|
||||
ENTRY = "change AddressOfEntryPoint"
|
||||
HIJACK = "hijack branching instruction at Original Entry Point (jmp, call, ...)"
|
||||
|
||||
class SourceStyle(Enum):
|
||||
peb_walk = "peb_walk"
|
||||
|
||||
+2
-64
@@ -7,8 +7,6 @@ import logging
|
||||
import time
|
||||
import pefile
|
||||
|
||||
|
||||
|
||||
from helper import *
|
||||
from config import config
|
||||
import phases.templater
|
||||
@@ -23,8 +21,7 @@ from model.settings import Settings
|
||||
from model.defs import *
|
||||
from model.carrier import Carrier
|
||||
from model.exehost import ExeHost
|
||||
|
||||
log_messages = []
|
||||
from log import setup_logging, writelog
|
||||
|
||||
|
||||
def main():
|
||||
@@ -282,11 +279,7 @@ def start(settings: Settings):
|
||||
if settings.cleanup_files_on_exit:
|
||||
clean_files()
|
||||
|
||||
# write log to file
|
||||
with open("logs/supermega.log", "w") as f:
|
||||
for line in log_messages:
|
||||
f.write(line + "\n")
|
||||
|
||||
writelog()
|
||||
exit(exit_code)
|
||||
|
||||
|
||||
@@ -341,61 +334,6 @@ def verify_shellcode(shc_name):
|
||||
return False
|
||||
|
||||
|
||||
# Logging
|
||||
|
||||
# ANSI escape sequences for colors
|
||||
class LogColors:
|
||||
HEADER = '\033[95m'
|
||||
BLUE = '\033[94m'
|
||||
GREEN = '\033[92m'
|
||||
WARNING = '\033[93m'
|
||||
FAIL = '\033[91m'
|
||||
ENDC = '\033[0m'
|
||||
BOLD = '\033[1m'
|
||||
UNDERLINE = '\033[4m'
|
||||
|
||||
class CustomFormatter(logging.Formatter):
|
||||
#format = "%(asctime)s - %(name)-12s - [%(levelname)-8s] - %(message)s (%(filename)s:%(lineno)d)"
|
||||
format = "(%(filename)-12s) %(message)s"
|
||||
|
||||
FORMATS = {
|
||||
logging.DEBUG: format,
|
||||
logging.INFO: format,
|
||||
logging.WARNING: LogColors.WARNING + format + LogColors.ENDC,
|
||||
logging.ERROR: LogColors.FAIL + format + LogColors.ENDC,
|
||||
logging.CRITICAL: LogColors.FAIL + LogColors.BOLD + format + LogColors.ENDC
|
||||
}
|
||||
|
||||
def format(self, record):
|
||||
log_fmt = self.FORMATS.get(record.levelno)
|
||||
formatter = logging.Formatter(log_fmt, datefmt="%Y-%m-%d %H:%M:%S")
|
||||
return formatter.format(record)
|
||||
|
||||
class ListHandler(logging.Handler):
|
||||
def __init__(self, log_list):
|
||||
super().__init__()
|
||||
self.log_list = log_list
|
||||
|
||||
def emit(self, record):
|
||||
# Format the log record and store it in the list
|
||||
log_entry = self.format(record)
|
||||
self.log_list.append(log_entry)
|
||||
|
||||
def setup_logging():
|
||||
root_logger = logging.getLogger()
|
||||
root_logger.setLevel(logging.INFO)
|
||||
|
||||
ch = logging.StreamHandler()
|
||||
ch.setLevel(logging.INFO)
|
||||
ch.setFormatter(CustomFormatter())
|
||||
|
||||
list_handler = ListHandler(log_messages)
|
||||
list_handler.setLevel(logging.DEBUG)
|
||||
list_handler.setFormatter(CustomFormatter())
|
||||
|
||||
root_logger.addHandler(ch)
|
||||
root_logger.addHandler(list_handler)
|
||||
|
||||
|
||||
if __name__ == "__main__":
|
||||
setup_logging()
|
||||
|
||||
@@ -5,9 +5,10 @@ import argparse
|
||||
from flask import Flask
|
||||
|
||||
from app.views import views
|
||||
|
||||
from log import setup_logging, writelog
|
||||
|
||||
if __name__ == "__main__":
|
||||
setup_logging()
|
||||
parser = argparse.ArgumentParser()
|
||||
parser.add_argument('--listenip', type=str, help='IP to listen on', default="0.0.0.0")
|
||||
parser.add_argument('--listenport', type=int, help='Port to listen on', default=5001)
|
||||
@@ -30,4 +31,4 @@ if __name__ == "__main__":
|
||||
app.config.from_prefixed_env()
|
||||
|
||||
app.register_blueprint(views)
|
||||
app.run(host=args.listenip, port=args.listenport, debug=args.debug)
|
||||
app.run(host=args.listenip, port=args.listenport, debug=args.debug)
|
||||
|
||||
Reference in New Issue
Block a user