def invoke(self, arg, tty): try: if (not self.init()): raise Exception('process is not running!') else: pid, f_path = self.init() f_info = file_info(f_path) arch = f_info.get_arch() bit = f_info.get_bit() del f_info l_map = linux_map(bit) l_map = l_map.parse(pid) col_obj = color() libc_base, libc_text_idx = self.get_libc_base(l_map, bit) if (len(libc_base.strip()) == 0): raise Exception('could not get libc path!') del l_map libc = ldd(gdb, f_path).get_libc() print('libc: {}{}{}'.format(col_obj.purple, libc, col_obj.dft)) print('libc base: {}{}{}'.format(col_obj.purple, libc_base, col_obj.dft)) except Exception as e: print('Error Occurred: {}'.format(str(e)))
def invoke(self, arg, tty): try: if (not self.init()): raise Exception('process is not running!') else: pid, f_path = self.init() if (len(arg) == 0): raise Exception( 'please give an address that you want to search!') arg = int(arg.strip(), 16) f_info = file_info(f_path) arch = f_info.get_arch() bit = f_info.get_bit() del f_info col_obj = color() full_map = adv_map_obj().get_map(gdb, pid, bit, f_path) if (not full_map): raise Exception('parse information error') for i in range(1, len(full_map)): tmp = [] for j in (full_map[i].split(' ')): if (len(j.strip()) != 0): tmp.append(j.strip()) str_addr = int(tmp[0].strip(), 16) end_addr = int(tmp[1].strip(), 16) section = tmp[4].strip() segment = tmp[5].strip() if (arg >= str_addr and arg < end_addr): if (len(section) > len(segment)): segment = segment.ljust(len(section), ' ') elif (len(section) < len(segment)): section = section.ljust(len(segment), ' ') print('{}{}{} is in {}section{} {}{}{}\t{}'.format( col_obj.pink, hex(arg), col_obj.dft, col_obj.cyan, col_obj.dft, col_obj.orange, section, col_obj.dft, tmp[3].strip())) print('{}{}{} is in {}segment{} {}{}{}\t{}'.format( col_obj.pink, hex(arg), col_obj.dft, col_obj.cyan, col_obj.dft, col_obj.orange, segment, col_obj.dft, tmp[3].strip())) break except Exception as e: print('Error Occurred: {}'.format(str(e)))
def analysisfile(files_path, file_name): global token_num, proj_num proj_token = {} k = 0 print("-----------------------") for file_path, sub_dirs, files in os.walk(files_path): if k == 1: del_path = file_path #print (file_path,files) for file in files: if (len(file) > 3 and file[-3:] == ".js" or len(file) > 4 and file[-4:] == ".php"): filetokensdic = analysisphp.analysisphp(file_path + "\\" + file) for filetoken in filetokensdic: if filetoken not in tokens_map: token_num += 1 tokens_map[filetoken] = token_num if filetoken not in proj_token: proj_token[filetoken] = tokens_map[filetoken] k += 1 print(proj_num) shutil.rmtree(del_path) #print ("==================") if len(proj_token) != 0: proj_info[file_name] = file_info.file_info( file_name, v_record[file_name].md5, v_record[file_name].result_mal, v_record[file_name].result_all) for token in proj_token: proj_info[file_name].filetokens[token] = proj_token[token] if proj_info[file_name].result_mal > 0: if token not in tokens_b: tokens_b[token] = 1 else: tokens_b[token] += 1 if token not in tokens_w: tokens_w[token] = 0 if proj_info[file_name].result_mal == 0: if token not in tokens_w: tokens_b[token] = 1 else: tokens_b[token] += 1 if token not in tokens_b: tokens_w[token] = 0 proj_num += 1 return
def invoke(self, arg, tty): try: if (not self.init()): raise Exception('process is not running!') else: pid, f_path = self.init() f_info = file_info(f_path) arch = f_info.get_arch() bit = f_info.get_bit() del f_info full_map = adv_map_obj().get_map(gdb, pid, bit, f_path) if (not full_map): raise Exception('parse information error') print('\n'.join(full_map)) except Exception as e: print('Error Occurred: {}'.format(str(e)))
def invoke(self, arg, tty): try: if (not self.init()): raise Exception('process is not running!') else: pid, f_path = self.init() f_info = file_info(f_path) arch = f_info.get_arch() bit = f_info.get_bit() del f_info merged_map = map_obj().get_map(gdb, bit, pid) # length of two maps must the same if (not merged_map): raise Exception('length of two types of map is different!!!') print('\n'.join(merged_map)) del merged_map except Exception as e: print('Error Occurred: {}'.format(str(e)))
def invoke(self, arg, tty): try: if (not self.init()): raise Exception('process is not running!') else: pid, f_path = self.init() f_info = file_info(f_path) arch = f_info.get_arch() bit = f_info.get_bit() del f_info l_map = linux_map(bit) l_map = l_map.parse(pid) col_obj = color() print('{}{} {}libc{} {}'.format(col_obj.dft, '-' * 14, col_obj.l_blue, col_obj.dft, '-' * 14)) libc_base, libc_text_idx = self.get_libc_base(l_map, bit) heap_base = self.get_heap_base(l_map) code_base = self.get_code_base(l_map) libc_text_end = hex(int(l_map[libc_text_idx]['end_addr'], 16)) del l_map system = self.gdb_px('system', bit)[0] execve = self.gdb_px('execve', bit)[0] read = self.gdb_px('read', bit)[0] puts = self.gdb_px('puts', bit)[0] bin_sh = self.gdb_find_str(libc_base, libc_text_end, '/bin/sh') if (bin_sh == 'null'): l_str = strings(gdb, f_path) bin_sh = l_str.find('/bin/sh')[0].split( 'name: ')[0].strip().replace('offset: ', '').strip() bin_sh = hex(int(libc_base, 16) + int(bin_sh, 16)) del l_str print('{}: {}'.format('libc base', libc_base)) print('{}: {}'.format('code base', code_base)) print('{}: {}'.format('system(__libc_system)', system)) print('{}: {}'.format('execve', execve)) print('{}: {}'.format('read', read)) print('{}: {}'.format('puts(_IO_puts)', puts)) print('{}: {}'.format('/bin/sh', bin_sh)) print('{}{} {}heap{} {}'.format(col_obj.dft, '-' * 14, col_obj.l_red, col_obj.dft, '-' * 14)) malloc_hook = self.gdb_px('__malloc_hook', bit)[0] free_hook = self.gdb_px('__free_hook', bit)[0] realloc_hook = self.gdb_px('__realloc_hook', bit)[0] main_arena = self.gdb_px('main_arena', bit)[0] if (main_arena != 'null'): top_chunk = hex(int(main_arena, 16) + 0x58) else: top_chunk = 'null' g_max_fast_addr, g_max_fast_val = self.gdb_px( 'global_max_fast', bit, True) print('{}: {}'.format('heap base', heap_base)) print('{}: {}'.format('main_arena', main_arena)) print('{}: {}'.format('top chunk', top_chunk)) print('{}: {}'.format('malloc hook(__malloc_hook)', malloc_hook)) print('{}: {}'.format('free hook(__free_hook)', free_hook)) print('{}: {}'.format('realloc hook(__realloc_hook)', realloc_hook)) print('{}: {}, value: {}'.format('global_max_fast', g_max_fast_addr, g_max_fast_val)) print('{}{} {}FILE{} {}'.format(col_obj.dft, '-' * 14, col_obj.l_green, col_obj.dft, '-' * 14)) io_list_all, io_list_all_val = self.gdb_px('_IO_list_all', bit, True) io_flush_all_lockp = self.gdb_px('_IO_flush_all_lockp', bit)[0] io_lock_t, io_lock_t_val = self.gdb_px('_IO_stdfile_1_lock', bit, True) io_file_jumps = self.gdb_px('_IO_file_jumps', bit)[0] io_str_jumps = self.gdb_px('_IO_str_jumps', bit)[0] print('{}: {}, value: {}'.format('_IO_list_all', io_list_all, io_list_all_val)) print('{}: {}'.format('_IO_flush_all_lockp', io_flush_all_lockp)) print('{}: {}, value: {}'.format('_IO_stdfile_1_lock(_IO_lock_t)', io_lock_t, io_lock_t_val)) print('{}: {}'.format('_IO_file_jumps', io_file_jumps)) print('{}: {}'.format('_IO_str_jumps', io_str_jumps)) # __stack_prot、__libc_stack_end、_dl_make_stack_executable print('{}{} {}stack{} {}'.format(col_obj.dft, '-' * 14, col_obj.orange, col_obj.dft, '-' * 14)) stack_prot, stack_prot_val = self.gdb_px('__stack_prot', bit, True) libc_stack_end, libc_stack_end_val = self.gdb_px( '__libc_stack_end', bit, True) dl_make_stack_exec = self.gdb_px('_dl_make_stack_executable', bit)[0] print('{}: {}, value: {}'.format('__stack_prot', stack_prot, stack_prot_val)) print('{}: {}, value: {}'.format('__libc_stack_end', libc_stack_end, libc_stack_end_val)) print('{}: {}'.format( '_dl_make_stack_executable(__GI__dl_make_stack_executable)', dl_make_stack_exec)) except Exception as e: print('Error Occurred: {}'.format(str(e)))
def invoke(self, arg, tty): try: if (not self.init()): raise Exception('process is not running!') else: pid, f_path = self.init() if (len(arg) == 0): raise Exception( 'please give an value that you want to search!') try: # deny user to input '0' if (int(arg, 16) == 0): raise Exception('please do not input 0!!!') except: pass f_info = file_info(f_path) arch = f_info.get_arch() bit = f_info.get_bit() self.bit = bit del f_info if (not self.bit): raise Exception('get binary\'s bit failed!') target = self.convert(arg.strip()) col_obj = color() self.res = [] merged_map = map_obj().get_map(gdb, bit, pid) self.get_stack(merged_map) del merged_map print('[{}*{}] start searching {}{}{} in memory ...'.format( col_obj.blue, col_obj.dft, col_obj.red, arg.strip(), col_obj.dft)) res = [] found = self.find(target) if (found): # recursively search a pointer that point to the result print('[{}*{}] found {}{}{} results!'.format( col_obj.blue, col_obj.dft, col_obj.red, len(found), col_obj.dft)) print( '[{}*{}] start recursively searching pointer that point to the results ...' .format(col_obj.blue, col_obj.dft)) # recursive search for i in found: chain = i[0] self.r_find(i[0].replace('0x', ''), chain) print('[{}*{}] final results'.format(col_obj.blue, col_obj.dft)) for i in self.res: i[0] = '[{}{}{}]'.format(col_obj.l_blue, i[0], col_obj.dft) print('{}{}{} ← {}'.format(col_obj.red, arg.strip(), col_obj.dft, ' ← '.join(i))) else: print('[{}!{}] nothing found!!!'.format( col_obj.red, col_obj.dft)) del col_obj except Exception as e: print('Error Occurred: {}'.format(str(e))) finally: del self.mem del self.m_start del self.bit del self.res
def open_file(): global FILE_OPEN location = input("파일 경로 입력 > ") mbr.set_file(location) FILE_OPEN = True while True: print("1. 파일 열기") print("2. 섹터 정보") print("3. 파티션 정보") print("4. FAT32 정보") print("5. 파일 정보") print("0. 종료") print() select = int(input("메뉴 선택 : ")) if select == 1: open_file() elif select == 2: if not FILE_OPEN: open_file() mbr.show_mbr() elif select == 3: mbr_part.show_partition() elif select == 4: fat32.print_fat() elif select == 5: file_info.file_info() elif select == 0: exit()
import socket import file_info """databse handling daemon""" server = "Database Handler" serversocket = socket.socket(socket.AF_INET, socket.SOCK_STREAM) serversocket.bind(('109.228.54.161', 7070)) serversocket.listen(5) newuser = False file = file_info.file_info('database.txt') while True: """server loop""" client, addr = serversocket.accept() print('[*] recieved connection on ' + server) msg = client.recv(1024) msg = msg.decode('ascii') if 'New User' in msg: msg = msg.replace('New User', '') newuser = True exec('global tuple1; tuple1 =' + "msg")
def invoke(self, arg, tty): try: if (not self.init()): raise Exception('process is not running!') else: pid, f_path = self.init() if (len(arg) == 0): raise Exception('please give an value that you want to search!') try: # deny user to input '0' if ( int(arg, 16) == 0 ): raise Exception('please do not input 0!!!') except: pass f_info = file_info(f_path) arch = f_info.get_arch() bit = f_info.get_bit() self.bit = bit del f_info if (not self.bit): raise Exception('get binary\'s bit failed!') head_addr = arg.strip() col_obj = color() chunk_o = chunk_obj(gdb, bit, head_addr) info = chunk_o.parse() chunk_data = [] head_addr = int(head_addr, 16) bottom_addr = head_addr + int(info['size'], 16) # layout is different if (self.bit == '64'): sign = 'g' padding = 0x40 start_addr = head_addr valid = False # try to find upper bound address for i in range(int((padding / 0x10))): start_addr -= 0x10 try: cmd = 'x/2{}x {}'.format(sign, hex(start_addr)) res = gdb.execute(cmd, to_string = True) except: start_addr += 0x10 valid = True break if (not valid): start_addr = head_addr - padding end_addr = bottom_addr valid = False # try to find lower bound address for i in range(int((padding / 0x10))): end_addr += 0x10 try: cmd = 'x/2{}x {}'.format(sign, hex(start_addr)) res = gdb.execute(cmd, to_string = True) except: end_addr -= 0x10 valid = True break if (not valid): end_addr = bottom_addr + padding + 0x8 else: end_addr += 0x8 cnt = int((end_addr - start_addr) / int(int(self.bit) / 8)) + 1 cmd = 'x/{}{}x {}'.format(cnt, sign, hex(start_addr)) res = gdb.execute(cmd, to_string = True) res = res.strip().split('\n') base_addr = start_addr for i in res: tmp = i.strip().split('\t') if (base_addr == head_addr): # chunk header chunk_data.append('{}{}{}:\t{}\t{}{}{}'.format(col_obj.l_blue, hex(base_addr), col_obj.dft, tmp[1].strip(), col_obj.l_red, tmp[2].strip(), col_obj.dft)) elif(base_addr == bottom_addr): # chunk last field chunk_data.append('{}{}{}:\t{}{}{}\t{}'.format(col_obj.l_blue, hex(base_addr), col_obj.dft, col_obj.l_red, tmp[1].strip(), col_obj.dft, tmp[2].strip())) elif(base_addr > head_addr and base_addr < bottom_addr): # chunk data chunk_data.append('{}{}{}:\t{}{}{}\t{}{}{}'.format(col_obj.l_blue, hex(base_addr), col_obj.dft, col_obj.l_red, tmp[1].strip(), col_obj.dft, col_obj.l_red, tmp[2].strip(), col_obj.dft)) else: # others chunk_data.append('{}:\t{}\t{}'.format(hex(base_addr), tmp[1].strip(), tmp[2].strip())) base_addr += 0x10 elif (self.bit == '32'): sign = 'w' padding = 0x20 start_addr = head_addr valid = False # try to find upper bound address for i in range(int((padding / 0x10))): start_addr -= 0x10 try: cmd = 'x/2{}x {}'.format(sign, hex(start_addr)) res = gdb.execute(cmd, to_string = True) except: start_addr += 0x10 valid = True break if (not valid): start_addr = head_addr - padding end_addr = bottom_addr valid = False # try to find lower bound address for i in range(int((padding / 0x10))): end_addr += 0x10 try: cmd = 'x/2{}x {}'.format(sign, hex(start_addr)) res = gdb.execute(cmd, to_string = True) except: end_addr -= 0x10 valid = True break if (not valid): end_addr = bottom_addr + padding + 0x4 else: end_addr += 0x4 cnt = int((end_addr - start_addr) / int(int(self.bit) / 8)) + 1 cmd = 'x/{}{}x {}'.format(cnt, sign, hex(start_addr)) res = gdb.execute(cmd, to_string = True) res = res.strip().split('\n') base_addr = start_addr for i in res: tmp = i.strip().split('\t') if (base_addr == head_addr): # chunk header chunk_data.append('{}{}{}:\t{}\t{}{}{}'.format(col_obj.l_blue, hex(base_addr), col_obj.dft, tmp[1].strip(), col_obj.l_red, tmp[2].strip(), col_obj.dft)) base_addr += 8 chunk_data.append('{}{}{}:\t{}{}{}\t{}{}{}'.format(col_obj.l_blue, hex(base_addr), col_obj.dft, col_obj.l_red, tmp[3].strip(), col_obj.dft, col_obj.l_red, tmp[4].strip(), col_obj.dft)) elif (base_addr == bottom_addr): # chunk last field chunk_data.append('{}{}{}:\t{}{}{}\t{}'.format(col_obj.l_blue, hex(base_addr), col_obj.dft, col_obj.l_red, tmp[1].strip(), col_obj.dft, tmp[2].strip())) base_addr += 8 chunk_data.append('{}:\t{}\t{}'.format(hex(base_addr), tmp[3].strip(), tmp[4].strip())) elif (base_addr > head_addr and base_addr < bottom_addr): # chunk data chunk_data.append('{}{}{}:\t{}{}{}\t{}{}{}'.format(col_obj.l_blue, hex(base_addr), col_obj.dft, col_obj.l_red, tmp[1].strip(), col_obj.dft, col_obj.l_red, tmp[2].strip(), col_obj.dft)) base_addr += 8 chunk_data.append('{}{}{}:\t{}{}{}\t{}{}{}'.format(col_obj.l_blue, hex(base_addr), col_obj.dft, col_obj.l_red, tmp[3].strip(), col_obj.dft, col_obj.l_red, tmp[4].strip(), col_obj.dft)) else: # others chunk_data.append('{}:\t{}\t{}'.format(hex(base_addr), tmp[1].strip(), tmp[2].strip())) if (len(tmp) == 5): base_addr += 8 chunk_data.append('{}:\t{}\t{}'.format(hex(base_addr), tmp[3].strip(), tmp[4].strip())) base_addr += 8 print('\n'.join(chunk_data)) print('-' * 44) print('Chunk Info:') print('Header Address: {}'.format(info['chunk_head_addr'])) print('Size: {}'.format(info['size'])) print('Status: {}'.format(info['status'])) if ('fd' in info): print('fd: {}'.format(info['fd'])) if ('bk' in info): print('bk: {}'.format(info['bk'])) if (int(info['chunk_head_addr'], 16) > 0x80 and 'free' in info['status']): if (self.bit == '64'): fd_ofst = 0x10 bk_ofst = 0x18 elif (self.bit == '32'): fd_ofst = 0x8 bk_ofst = 0xb print('-' * 44) # unsafe_unlink detect if ( int(info['fd'], 16) + bk_ofst == int(info['bk'], 16) + fd_ofst ): # meet the requirement print ('[{}*{}] unsafe_unlink attack condition is satisfied!\nwe will get {}{}{}!'.format(col_obj.orange, col_obj.dft, col_obj.orange, hex(int(info['fd'], 16) + bk_ofst), col_obj.dft)) else: print ('[{}!{}] unsafe_unlink attack condition isn\'t satisfied!\n{}{}{}(fd) + {} != {}{}{}(bk) + fd_ofst!'.format(col_obj.red, col_obj.dft, col_obj.red, hex(int(info['fd'], 16)), col_obj.dft, hex(bk_ofst), col_obj.red, hex(int(info['bk'], 16)), col_obj.dft, hex(fd_ofst))) print('-' * 44) # unsorted_bin attack detect print ('[{}*{}] unsorted_bin attack detected!\nwe will get {}{}{}!'.format(col_obj.orange, col_obj.dft, col_obj.orange, hex(int(info['bk'], 16) + fd_ofst), col_obj.dft)) except Exception as e: print('Error Occurred: {}'.format(str(e))) finally: del col_obj del self.bit del chunk_o
def invoke(self, arg, tty): try: if (len(arg.strip()) == 0): raise Exception('please give a plt address!') if (not self.init()): raise Exception('process is not running!') else: pid, f_path = self.init() col_obj = color() f_info = file_info(f_path) arch = f_info.get_arch() bit = f_info.get_bit() del f_info cmd = 'x/i {}'.format(arg.strip()) r = gdb.execute(cmd, to_string=True) r = r.strip() if (not ('# 0x' in r)): raise Exception('please give a valid plt address!') got = r.split('# ')[1].strip() if (bit == '32'): kw = 'w' elif (bit == '64'): kw = 'g' cmd = 'x/{}x {}'.format(kw, got) r = gdb.execute(cmd, to_string=True) r = r.strip() addr = hex(int(r.split(':')[1].strip(), 16)) cmd = 'x/i {}'.format(addr) r = gdb.execute(cmd, to_string=True) r = r.strip() if (('<' in r) and ('>' in r)): # command is executed. if ('@plt' in r): # partial & no RELRO, plt address, not real function address addr = '{}{}{} (plt address, not real function address)'.format( col_obj.pink, addr, col_obj.dft) else: # real function address fun_name = '' idx = 0 for i in range(r.index('<'), len(r)): if (r[i].strip() == '>'): idx = i break if (idx != 0): for i in range(r.index('<') + 1, idx): fun_name += r[i].strip() addr = '{}{}{} address: {}{}{}'.format( col_obj.orange, fun_name, col_obj.dft, col_obj.pink, addr, col_obj.dft) else: addr = '? address: {}{}{}'.format( col_obj.pink, addr, col_obj.dft) else: addr = '{}null{}'.format(col_obj.d_grey, col_obj.dft) print('plt address: {}{}{}'.format(col_obj.pink, arg.strip(), col_obj.dft)) print('got address: {}{}{}'.format(col_obj.pink, got, col_obj.dft)) print(addr) except Exception as e: print('Error Occurred: {}'.format(str(e)))
import socket from file_info import file_info file_coordinator = file_info() HOST = "109.228.54.161" PORT = 8080 server = socket.socket(socket.AF_INET, socket.SOCK_STREAM) server.bind((HOST, PORT)) server.listen(5) while True: client, addr = server.accept() recvmsg = client.recv(1024) print(recvmsg.decode('ascii')) client.send(file_coordinator.return_final(recvmsg, addr[0]).encode('ascii')) client.close()