waf is causing to many issues for little gain, nixing
JoYo
parent
b7de0bcc78
commit
f77e558760
|
|
@ -1,9 +1,6 @@
|
|||
FROM ubuntu:bionic
|
||||
ENV DEBIAN_FRONTEND=noninteractive
|
||||
ENV CXX clang++
|
||||
|
||||
RUN apt-get update && apt-get install -y \
|
||||
clang \
|
||||
python3-sqlalchemy \
|
||||
yasm
|
||||
|
||||
ADD https://waf.io/waf-2.0.14 /waf.py
|
||||
|
|
|
|||
|
|
@ -7,4 +7,10 @@ services:
|
|||
volumes:
|
||||
- ${PWD}:/app
|
||||
working_dir: /app
|
||||
command: python /waf.py configure build
|
||||
command: yasm seed.asm -o seed
|
||||
sins_run:
|
||||
image: sins_build
|
||||
volumes:
|
||||
- ${PWD}:/app
|
||||
working_dir: /app
|
||||
command: python3 -m sins
|
||||
|
|
|
|||
|
|
@ -0,0 +1,3 @@
|
|||
#! /usr/bin/env python3
|
||||
from .run import example, shell_function
|
||||
# from .orm import SeedNode
|
||||
|
|
@ -0,0 +1,4 @@
|
|||
#! /usr/bin/env python3
|
||||
from .run import example
|
||||
|
||||
example()
|
||||
|
|
@ -0,0 +1,48 @@
|
|||
#!/usr/bin/env python3
|
||||
from datetime import datetime
|
||||
from sqlalchemy import Blob, Column, ForeignKey, Integer, String, DateTime, create_engine, exists, desc
|
||||
from sqlalchemy.ext.declarative import declarative_base
|
||||
from sqlalchemy.orm import Session, relationship, backref
|
||||
from sqlalchemy.orm.collections import attribute_mapped_collection
|
||||
import logging
|
||||
from hashlib import sha1
|
||||
|
||||
logger = logging.getLogger('sins')
|
||||
now = '{0:%Y%m%dT%H%M%S}'.format(datetime.utcnow())
|
||||
|
||||
Base = declarative_base()
|
||||
|
||||
|
||||
class SeedNode(Base):
|
||||
ctime = Column(DateTime, default=datetime.utcnow)
|
||||
id = Column(Integer, primary_key=True)
|
||||
length = Column(Integer, default=0)
|
||||
mtime = Column(DateTime, onupdate=datetime.utcnow)
|
||||
parent_id = Column(Integer, ForeignKey(id))
|
||||
checksum = Column(String)
|
||||
stdout = Column(String)
|
||||
image = Column(Blob)
|
||||
|
||||
children = relationship(
|
||||
"SeedNode",
|
||||
cascade="all, delete-orphan",
|
||||
backref=backref("parent", remote_side=id),
|
||||
collection_class=attribute_mapped_collection('name'))
|
||||
|
||||
def __init__(self, *, child: bytes, parent: SeedNode = None):
|
||||
if parent:
|
||||
self.parent_id = parent.id
|
||||
|
||||
self.image = child
|
||||
self.length = len(child)
|
||||
|
||||
@property
|
||||
def sha1sum(self):
|
||||
if self.checksum:
|
||||
return self.checksum
|
||||
|
||||
checksum = sha1()
|
||||
checksum.update(self.image)
|
||||
self.checksum = checksum.hexdigest()
|
||||
|
||||
return self.checksum
|
||||
|
|
@ -0,0 +1,65 @@
|
|||
#! /usr/bin/env python3
|
||||
from argparse import ArgumentParser
|
||||
from datetime import datetime
|
||||
from pathlib import Path
|
||||
from random import randint
|
||||
import binascii
|
||||
import ctypes
|
||||
import logging
|
||||
import subprocess
|
||||
import mmap
|
||||
|
||||
whoami_shell = b"\x6a\x3b\x58\x99\x48\xbb\x2f\x62\x69\x6e\x2f\x73\x68\x00\x53\x48\x89\xe7\x68\x2d\x63\x00\x00\x48\x89\xe6\x52\xe8\x10\x00\x00\x00\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x77\x68\x6f\x61\x6d\x69\x00\x56\x57\x48\x89\xe6\x0f\x05"
|
||||
|
||||
|
||||
def example():
|
||||
now = '{0:%Y%m%dT%H%M%S}'.format(datetime.utcnow())
|
||||
parser = ArgumentParser(
|
||||
description='position independent code (PIC) mutation experiment.')
|
||||
parser.add_argument('-v', '--verbose', action='count')
|
||||
parser.add_argument('-s', '--seed', default='seed',
|
||||
help='path to PIC image.')
|
||||
parser.add_argument('-o', '--output', help='path to results directory.')
|
||||
args = parser.parse_args()
|
||||
|
||||
log_level = logging.INFO
|
||||
log_format = logging.Formatter('%(message)s')
|
||||
|
||||
if args.verbose:
|
||||
log_level = logging.DEBUG
|
||||
log_format = logging.Formatter(
|
||||
'%(levelname)s %(filename)s:%(lineno)d\n%(message)s\n')
|
||||
|
||||
logger = logging.getLogger('sins')
|
||||
logger.setLevel(log_level)
|
||||
|
||||
stream_handler = logging.StreamHandler()
|
||||
stream_handler.setLevel(log_level)
|
||||
stream_handler.setFormatter(log_format)
|
||||
logger.addHandler(stream_handler)
|
||||
|
||||
if args.output:
|
||||
log_path = f'{args.output}/sins-{now}.log'
|
||||
file_handler = logging.FileHandler(log_path)
|
||||
file_handler.setLevel(log_level)
|
||||
file_handler.setFormatter(log_format)
|
||||
logger.addHandler(file_handler)
|
||||
|
||||
logger.info(whoami_shell)
|
||||
shell_function(whoami_shell)()
|
||||
|
||||
|
||||
def shell_function(shellcode: bytes):
|
||||
exec_mem = mmap.mmap(
|
||||
-1, len(shellcode),
|
||||
prot=mmap.PROT_READ | mmap.PROT_WRITE | mmap.PROT_EXEC,
|
||||
flags=mmap.MAP_ANONYMOUS | mmap.MAP_PRIVATE)
|
||||
|
||||
exec_mem.write(shellcode)
|
||||
|
||||
ctypes_buffer = ctypes.c_int.from_buffer(exec_mem)
|
||||
function = ctypes.CFUNCTYPE(ctypes.c_int64)(
|
||||
ctypes.addressof(ctypes_buffer))
|
||||
function._avoid_gc_for_mmap = exec_mem
|
||||
|
||||
return function
|
||||
Loading…
Reference in New Issue