def qemu(self, sample_name, analyse_config):
sample = self.samples[sample_name]
os.chdir(sample.path)
flag_call = True
flag_func = True
if 'vul.call' not in os.listdir(sample.basp_path):
print("%s file 'vul.call' not exist." %
(use_style('[qemu]', fore='red')))
flag_call = False
if 'vul.func' not in os.listdir(sample.basp_path):
print("%s file 'vul.func' not exist." %
(use_style('[qemu]', fore='red')))
flag_func = False
# QEMU 依赖文件存在
if flag_call and flag_func:
print('%s qemu analyse start.' %
(use_style('[qemu]', fore='green')))
print('[QEMU CMD] %s %s >%s 2>%s' %
(analyse_config.qemu_args, sample.vul.args,
sample.vul_report, sample.qemu_report))
p = CSTE.run_cmd('%s %s >%s 2>%s' %
(analyse_config.qemu_args, sample.vul.args,
sample.vul_report, sample.qemu_report))
sample.qemu_process = p
self.samples[sample_name] = sample
p.communicate()
print('%s qemu analyse done.' %
(use_style('[qemu]', fore='green')))
os.chdir(ROOTPATH)
def compile_sample(self, sample_name):
"""
编译样例
"""
sample = self.samples[sample_name]
self.create_makefile(sample_name)
os.chdir(sample.path)
print('%s compile %s start.' %
(use_style('[compile]', fore='green'), sample.name))
p1 = CSTE.run_cmd('make clean -f vul_makefile')
(stdoutput1, erroutput1) = p1.communicate()
fw = open(sample.compile_report, 'w')
for line in stdoutput1:
fw.write(line)
for line in erroutput1:
fw.write(line)
p2 = CSTE.run_cmd('make -f vul_makefile')
(stdoutput2, erroutput2) = p2.communicate()
for line in stdoutput2:
fw.write(line)
for line in erroutput2:
fw.write(line)
print(use_style('[command]:', fore='cyan'))
print(stdoutput1.strip())
print(stdoutput2.strip())
print('%s compile %s done.\n' %
(use_style('[compile]', fore='green'), sample.name))
os.chdir(ROOTPATH)
def basp(self, sample_name):
sample = self.samples[sample_name]
os.chdir(sample.path)
print('%s basp analyse start.' % (use_style('[basp]', fore='green')))
p = CSTE.run_cmd('%s/basp -o %s vul' %
(self.tool_path, sample.basp_path))
p.communicate()
print('%s basp analyse done.' % (use_style('[basp]', fore='green')))
os.chdir(ROOTPATH)
def run_attack(self, sample_name):
"""
执行攻击
"""
sample = self.samples[sample_name]
os.chdir(sample.exp_path)
print('%s attack start.' % (use_style('[attack]', fore='green')))
p = CSTE.run_cmd('python %s > %s 2>&1' %
(sample.attack.way, sample.attack_report))
sample.attack_process = p
self.samples[sample_name] = sample
p.communicate()
print('%s attack done.' % (use_style('[attack]', fore='green')))
os.chdir(ROOTPATH)
def show_all_samples(self):
"""
打印所有例子名称
"""
print('')
for i, sample_name in enumerate(self.samples.keys()):
print('%s. %s' % (use_style('%s' % i, fore='green'), sample_name))
print('')
def run_sample(self, sample_name):
"""
执行一个例子
"""
sample = self.samples[sample_name]
os.chdir(sample.path)
print('%s %s start.' %
(use_style('[cste]', fore='green'), sample_name))
# 清空之前的输出
self.clear_output(sample_name)
# 判断二进制文件是否存在
if not self.is_exist_binary(sample_name):
print('[TIP] 可执行文件不存在,自动编译执行')
self.compile_sample(sample_name)
# 配置 ASLR
if self.enable.en_defense_conf == 'on':
aslr_config = self.defense.aslr
else:
aslr_config = sample.attack.aslr
if aslr_config == 'on':
self.aslr.on()
else:
self.aslr.off()
# 打印 ASLR 状态
if self.aslr.status() == 2:
print('[TIP] ASLR ON')
else:
print('[TIP] ASLR OFF')
# analyse
if self.enable.en_analyse_conf == 'on':
print('[TIP] 分析过程启用了全局配置,配置以 cste.conf 为主')
analyse_config = self.analyse
else:
print('[TIP] 分析过程启用了局部配置,配置以各样例的 my.conf 为主')
analyse_config = sample.analyse
# 如果开启了分析功能
if analyse_config.analyse == 'on':
self.run_analyse(sample_name, analyse_config)
else:
self.run_noanalyse(sample_name)
# 后期加的延时
time.sleep(2)
# 执行攻击
t_attack = threading.Thread(target=self.run_attack,
args=(sample_name, ))
t_attack.start()
# 延时3秒,等待攻击完成
time.sleep(2)
sample = self.samples[
sample_name] # 刷新 sample,这里刷新是为了获取 attack_process
#try:
# sample.qemu_process.kill()
# print('kill qemu process')
#except:
# pass
#try:
# sample.vul_process.kill()
# print('kill vul process')
#except:
# pass
#try:
# sample.attack_process.kill()
# print('kill attack process')
#except:
# pass
os.chdir(ROOTPATH)
# coding:utf-8
from cste import *
from FontSytle import use_style, print_style
from DefenseMechanism import *
import os
import cmd
PROMPT = 'CSTE> '
HELP = use_style("'help'", mode='bold', fore='red')
HELP_NAME = use_style("'help name'", mode='bold', fore='red')
VERSION = use_style('version 0.1(x86-64, ubuntu16.04)', mode='bold', fore='red')
cste = CSTE()
cste.init()
os.chdir(ROOTPATH) # 目录切到根目录
class Ui(cmd.Cmd):
doc_leader = '''\nCSTE, %s\n''' % VERSION
doc_header = '''Type '%s' to find out more about the command name, command list:\n''' % HELP_NAME
nohelp = 'help: no help topics match %s. Try help to list commands.'
ruler = None
def __init__(self):
cmd.Cmd.__init__(self)
self.intro = '\nWelcome to the CSTE shell. Type %s to list commands.\n' % HELP
self.prompt = PROMPT
# 这里列出了支持的所有命令,以及每条命令支持的参数