mirror of
https://github.com/dobin/SuperMega
synced 2026-06-02 17:27:10 +00:00
Dobin
234 lines
9.0 KiB
Python
234 lines
9.0 KiB
Python
from typing import Dict, List
|
|
|
|
from helper import *
|
|
from config import config
|
|
from model.defs import *
|
|
|
|
from model.settings import Settings
|
|
from log import setup_logging
|
|
from supermega import start
|
|
from model.project import prepare_project
|
|
|
|
|
|
def main():
|
|
logger.info("Super Mega Tester")
|
|
config.load()
|
|
|
|
test_exe_code()
|
|
test_exe_data()
|
|
test_dll_code()
|
|
test_dll_data()
|
|
|
|
|
|
def test_exe_code():
|
|
print("Testing: EXEs: Inject payload into .text")
|
|
settings = Settings()
|
|
settings.payload_path = PATH_SHELLCODES + "createfile.bin"
|
|
settings.verify = True
|
|
settings.try_start_final_infected_exe = False
|
|
settings.payload_location = PayloadLocation.CODE
|
|
settings.prep_web("unittest")
|
|
prepare_project("unittest", settings)
|
|
|
|
# 7z, peb-walk, change-entrypoint
|
|
print("Test EXE 1/4: 7z, peb-walk, change-entrypoint")
|
|
settings.source_style = FunctionInvokeStyle.peb_walk
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
|
|
settings.inject_exe_in = PATH_EXES + "7z.exe"
|
|
settings.inject_exe_out = PATH_EXES + "7z.verify.exe"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
|
|
# 7z, peb-walk, hijack
|
|
print("Test EXE 2/4: 7z, peb-walk, hijack main")
|
|
settings.source_style = FunctionInvokeStyle.peb_walk
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
|
|
settings.inject_exe_in = PATH_EXES + "7z.exe"
|
|
settings.inject_exe_out = PATH_EXES + "7z.verify.exe"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
|
|
# procexp, iat-reuse, change-entrypoint
|
|
print("Test EXE 3/4: procexp, iat-reuse, change-entrypoint")
|
|
settings.source_style = FunctionInvokeStyle.iat_reuse
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
|
|
settings.inject_exe_in = PATH_EXES + "procexp64.exe"
|
|
settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
|
|
# procexp, iat-reuse, backdoor
|
|
print("Test EXE 4/4: procexp, iat-reuse, backdoor")
|
|
settings.source_style = FunctionInvokeStyle.iat_reuse
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
|
|
settings.inject_exe_in = PATH_EXES + "procexp64.exe"
|
|
settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
|
|
|
|
def test_exe_data():
|
|
print("Testing: EXEs: Inject into .data")
|
|
settings = Settings()
|
|
settings.payload_path = PATH_SHELLCODES + "createfile.bin"
|
|
settings.verify = True
|
|
settings.try_start_final_infected_exe = False
|
|
settings.payload_location = PayloadLocation.DATA
|
|
settings.prep_web("unittest")
|
|
prepare_project("unittest", settings)
|
|
|
|
# 7z, peb-walk, change-entrypoint
|
|
print("Test EXE 1/4: 7z, peb-walk, change-entrypoint")
|
|
settings.source_style = FunctionInvokeStyle.peb_walk
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
|
|
settings.inject_exe_in = PATH_EXES + "7z.exe"
|
|
settings.inject_exe_out = PATH_EXES + "7z.verify.exe"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
|
|
# 7z, peb-walk, hijack
|
|
print("Test EXE 2/4: 7z, peb-walk, hijack main")
|
|
settings.source_style = FunctionInvokeStyle.peb_walk
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
|
|
settings.inject_exe_in = PATH_EXES + "7z.exe"
|
|
settings.inject_exe_out = PATH_EXES + "7z.verify.exe"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
|
|
# procexp, iat-reuse, change-entrypoint
|
|
print("Test EXE 3/4: procexp, iat-reuse, change-entrypoint")
|
|
settings.source_style = FunctionInvokeStyle.iat_reuse
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
|
|
settings.inject_exe_in = PATH_EXES + "procexp64.exe"
|
|
settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
|
|
# procexp, iat-reuse, backdoor
|
|
print("Test EXE 4/4: procexp, iat-reuse, backdoor")
|
|
settings.source_style = FunctionInvokeStyle.iat_reuse
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
|
|
settings.inject_exe_in = PATH_EXES + "procexp64.exe"
|
|
settings.inject_exe_out = PATH_EXES + "procexp64.verify.exe"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
|
|
|
|
def test_dll_code():
|
|
print("Testing: DLLs code")
|
|
settings = Settings()
|
|
settings.payload_path = PATH_SHELLCODES + "createfile.bin"
|
|
settings.verify = True
|
|
settings.try_start_final_infected_exe = False
|
|
settings.payload_location = PayloadLocation.CODE
|
|
settings.prep_web("unittest")
|
|
prepare_project("unittest", settings)
|
|
|
|
print("Test DLL 1/6: libbz2-1.dll, peb-walk, change-entrypoint dllMain (func=None)")
|
|
settings.source_style = FunctionInvokeStyle.peb_walk
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
|
|
settings.inject_exe_in = PATH_EXES + "libbz2-1.dll"
|
|
settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
|
|
print("Test DLL 2/6: libbz2-1.dll, peb-walk, hijack dllMain (func=None)")
|
|
settings.source_style = FunctionInvokeStyle.peb_walk
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
|
|
settings.inject_exe_in = PATH_EXES + "libbz2-1.dll"
|
|
settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
|
|
print("Test DLL 3/6: libbz2-1.dll, peb-walk, change-entrypoint, func=BZ2_bzDecompress")
|
|
settings.dllfunc = "BZ2_bzDecompress"
|
|
settings.source_style = FunctionInvokeStyle.peb_walk
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
|
|
settings.inject_exe_in = PATH_EXES + "libbz2-1.dll"
|
|
settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
|
|
print("Test DLL 4/6: libbz2-1.dll, peb-walk, hijack main, func=BZ2_bzdopen")
|
|
settings.dllfunc = "BZ2_bzdopen"
|
|
settings.source_style = FunctionInvokeStyle.peb_walk
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
|
|
settings.inject_exe_in = PATH_EXES + "libbz2-1.dll"
|
|
settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
|
|
|
|
|
|
def test_dll_data():
|
|
print("Testing: DLLs data")
|
|
settings = Settings()
|
|
settings.payload_path = PATH_SHELLCODES + "createfile.bin"
|
|
settings.verify = True
|
|
settings.try_start_final_infected_exe = False
|
|
settings.payload_location = PayloadLocation.DATA
|
|
settings.prep_web("unittest")
|
|
prepare_project("unittest", settings)
|
|
|
|
print("Test DLL 1/6: libbz2-1.dll, peb-walk, change-entrypoint dllMain (func=None)")
|
|
settings.source_style = FunctionInvokeStyle.peb_walk
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
|
|
settings.inject_exe_in = PATH_EXES + "libbz2-1.dll"
|
|
settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
|
|
print("Test DLL 2/6: libbz2-1.dll, peb-walk, hijack dllMain (func=None)")
|
|
settings.source_style = FunctionInvokeStyle.peb_walk
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
|
|
settings.inject_exe_in = PATH_EXES + "libbz2-1.dll"
|
|
settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
|
|
print("Test DLL 3/6: libbz2-1.dll, peb-walk, change-entrypoint, func=BZ2_bzDecompress")
|
|
settings.dllfunc = "BZ2_bzDecompress"
|
|
settings.source_style = FunctionInvokeStyle.peb_walk
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
|
|
settings.inject_exe_in = PATH_EXES + "libbz2-1.dll"
|
|
settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
|
|
print("Test DLL 4/6: libbz2-1.dll, peb-walk, hijack main, func=BZ2_bzdopen")
|
|
settings.dllfunc = "BZ2_bzdopen"
|
|
settings.source_style = FunctionInvokeStyle.peb_walk
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
|
|
settings.inject_exe_in = PATH_EXES + "libbz2-1.dll"
|
|
settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
|
|
|
|
def dll_iat_reuse():
|
|
# procexp, iat-reuse, change-entrypoint
|
|
print("Test: libbz2-1.dll, iat-reuse, change-entrypoint")
|
|
settings.source_style = FunctionInvokeStyle.iat_reuse
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.ChangeEntryPoint
|
|
settings.inject_exe_in = PATH_EXES + "libbz2-1.dll"
|
|
settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
return 1
|
|
|
|
# procexp, iat-reuse, backdoor
|
|
print("Test: libbz2-1.dll, iat-reuse, backdoor")
|
|
settings.source_style = FunctionInvokeStyle.iat_reuse
|
|
settings.carrier_invoke_style = CarrierInvokeStyle.BackdoorCallInstr
|
|
settings.inject_exe_in = PATH_EXES + "libbz2-1.dll"
|
|
settings.inject_exe_out = PATH_EXES + "libbz2-1.verify.dll"
|
|
if start(settings) != 0:
|
|
print("Error")
|
|
return 1
|
|
# DLL
|
|
|
|
|
|
if __name__ == "__main__":
|
|
setup_logging(level=logging.WARNING)
|
|
main()
|