Python Emulator Examples

Example #1

def process_packet_for_shellcode(packet, ip, port):
    if libemu is None:
        return
    emulator = libemu.Emulator()
    r = emulator.test(packet)
    if r is not None:
        # we have shellcode
        log_to_file(mailoney.logpath + "/shellcode.log", ip, port,
                    "We have some shellcode")
        #log_to_file(mailoney.logpath+"/shellcode.log", ip, port, emulator.emu_profile_output)
        #log_to_hpfeeds("/shellcode", ip, port, emulator.emu_profile_output)
        log_to_file(mailoney.logpath + "/shellcode.log", ip, port, packet)
        log_to_hpfeeds(
            "shellcode",
            json.dumps({
                "Timestamp": format(time.time()),
                "ServerName": self.__fqdn,
                "SrcIP": self.__addr[0],
                "SrcPort": self.__addr[1],
                "Shellcode": packet
            }))
        log_to_syslog(
            json.dumps({
                "type": "mailoney",
                "Timestamp": format(time.time()),
                "ServerName": self.__fqdn,
                "SrcIP": self.__addr[0],
                "SrcPort": self.__addr[1],
                "Shellcode": packet
            }))

Example #2

File: shellcode.py Project: vsbca/malware-analysis

def shellcodeSearch(pyew, doprint=True, args=None):
    """ Search for shellcode """

    moffset = pyew.offset
    buf = pyew.f.read()

    if hasLibEmu:
        emu = libemu.Emulator()
        ret = emu.test(pyew.buf)

        if ret:
            if ret > 0:
                print "HINT[emu:0x%x] %x" % (moffset + ret,
                                             repr(buf[ret:ret + options.cols]))
                pyew.disassemble(buf[ret:ret + options.cols],
                                 pyew.processor,
                                 pyew.type,
                                 4,
                                 pyew.bsize,
                                 baseoffset=pyew.offset)
            else:
                print "Error with libemu: 0x%x" % ret
        else:
            print "***No shellcode detected via emulation"

    pyew.seek(moffset)

Example #3

File: schizo_open_relay.py Project: wsungirl/mailoney-master

def process_packet_for_shellcode(packet, ip, port):
    if libemu is None:
        return
    emulator = libemu.Emulator()
    r = emulator.test(packet)
    if r is not None:
        # we have shellcode
        log_to_file("logs/shellcode.log", ip, port, "We have some shellcode")
        #log_to_file("logs/shellcode.log", ip, port, emulator.emu_profile_output)
        log_to_file("logs/shellcode.log", ip, port, packet)

Example #4

payloads = conn.getPayloads()
for p in payloads:
    opts = {}
    #print p
    options = conn.getModuleOptions("payloads", p)
    valid = True
    for o in options.keys():
        if options[o]["required"]:
            if "default" not in options[o]:
                #print "%s required" % o
                if options[o] == "LHOST":
                    opts["LHOST"] = "192.168.1.1"
                elif options[o] == "CMD":
                    opts["CMD"] = "ls"
                else:
                    valid = False
    if valid:
        params = ""
        for o in opts.keys():
            params = params + "%s=%s " % (o, opts[o])
        #print ("%s %s %s R" % (PAYLOAD_EXE, params, p))
        data = commands.getstatusoutput("%s %s %s R" %
                                        (PAYLOAD_EXE, params, p))[1]
        emulator = libemu.Emulator()
        res = emulator.test(data)
        if res:
            f.write("%s,%d\n" % (p, res))

f.close()

Example #5

File: hcalert.py Project: palaniyappanBala/phoneyc

 def run_shellcode(self):
     e=libemu.Emulator()
     return e.run_shellcode(self.shellcode,self.offset)

Example #6

File: snippet.py Project: szabo92/gistable

def test_for_shellcode((key, packet, file_path)):
    e = libemu.Emulator()
    r = e.test(packet)
    if r is not None and r >= 0:
        logging.warning("{2}: {0} - {1}".format(key, {"offset": r}, file_path))