Python LabFile示例，bph.core.sample.LabFile Python示例

示例#1

0

显示文件

from bph.tools.windows.nircmd import BphNirCmd as NirCmd
from bph.tools.windows.procmon import BphProcMon as ProcMon

# Core Imports
from bph.core.server.template import BphTemplateServer as TemplateServer
from bph.core.session import BphSession as Session
from bph.core.sample import BphLabFile as LabFile

session = Session(project_name='blackhat_arsenal_2019')
session.start()
session.set_launcher(move_sample=False)

templateserver = TemplateServer()
templateserver.start()

procmon = ProcMon()
procmon.capture()
procmon.execute(delay=10)         

sample_exec = NirCmd(LabFile(session.launcher_abs_path))
sample_exec.configuration.execution.background_run = False
sample_exec.start_process(program='@sample@')
sample_exec.execute()

procmon.terminate()
procmon.execute(delay=15)

procmon.export()
procmon.execute(delay=10)

procmon.files()

示例#2

0

显示文件

文件： exeinfope.py 项目： ryanbekabe/ips-bph-framework

# Tool imports
from bph.tools.windows.exeinfope import BphExeInfoPe as ExeInfoPe

# Core Imports
from bph.core.server.template import BphTemplateServer as TemplateServer
from bph.core.session import BphSession as Session
from bph.core.sample import BphLabFile as LabFile

session = Session(project_name='blackhat_arsenal_2019')
session.start()
session.set_launcher(move_sample=False)

templateserver = TemplateServer()
templateserver.start()

sample_file = LabFile(session.launcher_abs_path)

exeinfope = ExeInfoPe(sample_file)
exeinfope.default()
exeinfope.execute()
exeinfope.output()

示例#3

0

显示文件

# Tool imports
from bph.tools.windows.xorstrings import BphXorStrings as XorStrings

# Core Imports
from bph.core.server.template import BphTemplateServer as TemplateServer
from bph.core.session import BphSession as Session
from bph.core.sample import BphLabFile as LabFile

session = Session(project_name='blackhat_arsenal_2019')
session.start()
session.set_launcher(move_sample=False)

templateserver = TemplateServer()
templateserver.start()

xorstrings = XorStrings(LabFile(session.launcher_abs_path))
xorstrings.search_xored()
xorstrings.execute()
xorstrings.output()
xorstrings.files()

示例#4

0

显示文件

文件： reshacker.py 项目： ryanbekabe/ips-bph-framework

# Tool Imports
from bph.tools.windows.resourcehacker import BphResourceHacker as ResourceHacker

# Core Imports
from bph.core.server.template import BphTemplateServer as TemplateServer
from bph.core.session import BphSession as Session
from bph.core.sample import BphLabFile as LabFile

session = Session(project_name='blackhat_arsenal_2019')
session.start()
session.set_launcher(move_sample=False)

templateserver = TemplateServer()
templateserver.start()

reshacker = ResourceHacker(LabFile(session.launcher_abs_path))
reshacker.extract_resources()
reshacker.execute()
reshacker.files()

示例#5

0

显示文件

# Tool Imports
from bph.tools.windows.ollydbg import BphOllyDbg as OllyDbg

# Core Imports
from bph.core.server.template import BphTemplateServer as TemplateServer
from bph.core.session import BphSession as Session
from bph.core.sample import BphLabFile as LabFile

session = Session(project_name='blackhat_arsenal_2019')
session.start()
session.set_launcher(move_sample=False)

templateserver = TemplateServer()
templateserver.start()

ollydbg = OllyDbg(LabFile(session.launcher_abs_path))
ollydbg.configuration.execution.background_run = True
ollydbg.ollyscript(ollyscript_file_name='msg.osc')
ollydbg.execute()

示例#6

0

显示文件

文件： bintext.py 项目： ryanbekabe/ips-bph-framework

# Tool Imports
from bph.tools.windows.bintext import BphBinText as BinText

# Core Imports
from bph.core.server.template import BphTemplateServer as TemplateServer
from bph.core.session import BphSession as Session
from bph.core.sample import BphLabFile as LabFile

session = Session(project_name='blackhat_arsenal_2019')
session.start()
session.set_launcher(move_sample=False)

templateserver = TemplateServer()
templateserver.start()

bintext = BinText(LabFile(session.launcher_abs_path))
bintext.default()
bintext.execute(delay=3)
bintext.output()
bintext.files()

示例#7

0

显示文件

文件： pestudio.py 项目： ryanbekabe/ips-bph-framework

# Tool Imports
from bph.tools.windows.pestudio import BphPeStudio as PeStudio

# Core Imports
from bph.core.server.template import BphTemplateServer as TemplateServer
from bph.core.session import BphSession as Session
from bph.core.sample import BphLabFile as LabFile

session = Session(project_name='blackhat_arsenal_2019')
session.start()
session.set_launcher(move_sample=False)

templateserver = TemplateServer()
templateserver.start()

pestudio = PeStudio(LabFile(session.launcher_abs_path))
pestudio.default()
pestudio.execute()
pestudio.files()

示例#8

0

显示文件

文件： floss.py 项目： ryanbekabe/ips-bph-framework

# Tool imports
from bph.tools.windows.floss import BphFloss as Floss

# Core Imports
from bph.core.server.template import BphTemplateServer as TemplateServer
from bph.core.session import BphSession as Session
from bph.core.sample import BphLabFile as LabFile

session = Session(project_name='blackhat_arsenal_2019')
session.start()
session.set_launcher(move_sample=False)

templateserver = TemplateServer()
templateserver.start()

floss = Floss(LabFile(session.launcher_abs_path))
floss.search()
floss.execute()
floss.output()

示例#9

0

显示文件

from bph.tools.windows.pd import BphPd as Pd
from bph.tools.windows.dumppe import BphDumpPE as DumpPE

# Core Imports
from bph.core.server.template import BphTemplateServer as TemplateServer
from bph.core.session import BphSession as Session
from bph.core.sample import BphLabFile as LabFile

session = Session(project_name='blackhat_arsenal_2019')
session.start()
session.set_launcher(move_sample=False)

templateserver = TemplateServer()
templateserver.start()

sample_exec = NirCmd(LabFile(session.launcher_abs_path))
sample_exec.configuration.execution.background_run = True
sample_exec.start_process(program='@sample@')
sample_exec.execute()

pd = Pd()
pd.dump_process(process_name='@sample_filename@')
pd.execute(delay=5)

files_found = pd.files()

for file_found in files_found:
    dumped_file = LabFile(file_found)
    print("[+] dumped file: {} md5: {}".format(
        file_found.split('__')[-1], dumped_file.md5))

示例#10

0

显示文件

文件： pd_calc_imports.py 项目： ryanbekabe/ips-bph-framework

from bph.core.sample import BphLabFile as LabFile
from bph.core.session import BphSession as Session

session = Session(project_name='blackhat_arsenal_2019')
session.start()

templateserver = TemplateServer()
templateserver.start()

nircmd = NirCmd()
nircmd.start_process(program=r'calc.exe')
nircmd.execute(delay=3)

pd = Pd()
pd.dump_process(process_name='calc.exe')
pd.execute(delay=5)

files_found = pd.files()

for file_found in files_found:
    if file_found.endswith('.exe'):

        dumped_file = LabFile(file_found)

        for symbol, function_data in dumped_file.symbols(
                type='imports').items():
            print(symbol)

            for data in function_data:
                print(data)

示例#11

0

显示文件

# Core Imports
from bph.core.sample import BphLabFile as LabFile

sample = LabFile(
    '/home/bph/bph-framework/session/blackhat_arsenal_2019/launcher/bph_upx.exe'
)

print(f"""
  Sample Data:
    
    Absolute Path:\t {sample.abs_path}

    Base Path:\t {sample.path}

    File Name:\t {sample.file_name}

    md5 Hash:\t {sample.md5}

    Imported Symbols:\t {sample.symbols(type='imports').keys()}

    Imported Functions w/symbols:\t {sample.symbols(type='imports').items()}
""")

示例#12

0

显示文件

# Core Imports
from bph.core.server.template import BphTemplateServer as TemplateServer
from bph.core.session import BphSession as Session
from bph.core.sample import BphLabFile as LabFile

import re

session = Session(project_name='blackhat_arsenal_2019')
session.start()
session.set_launcher(move_sample=False)

templateserver = TemplateServer()
templateserver.start()

sample_file = LabFile(session.launcher_abs_path)

exeinfope = ExeInfoPe(sample_file)
exeinfope.default()
exeinfope.execute()

sig_match = re.search(r'(upx.*3.91.*)', "".join(exeinfope.output()), re.I)

if sig_match:
    print("SAMPLE IS UPX PACKED => VERSION 3.91. DECOMPRESSING...")

    for symbol, function_data in sample_file.symbols(type='imports').items():
        print(symbol)

        for data in function_data:
            print(data)

示例#13

0

显示文件

文件： dumppe.py 项目： ryanbekabe/ips-bph-framework

# Tool Modules
from bph.tools.windows.dumppe import BphDumpPE as DumpPE

# Core Modules
from bph.core.server.template import BphTemplateServer as TemplateServer
from bph.core.session import BphSession as Session
from bph.core.sample import BphLabFile as LabFile

session = Session(project_name='blackhat_arsenal_2019')
session.start()
session.set_launcher(move_sample=False)

templateserver = TemplateServer()
templateserver.start()

dumppe = DumpPE(LabFile(session.launcher_abs_path))
dumppe.default()
dumppe.execute()
dumppe.output()
dumppe.files()

示例#14

0

显示文件

# Tool imports
from bph.tools.windows.xorsearch import BphXorSearch as XorSearch

# Core Imports
from bph.core.server.template import BphTemplateServer as TemplateServer
from bph.core.session import BphSession as Session
from bph.core.sample import BphLabFile as LabFile

session = Session(project_name='blackhat_arsenal_2019')
session.start()
session.set_launcher(move_sample=False)

templateserver = TemplateServer()
templateserver.start()

xorsearch = XorSearch(LabFile(session.launcher_abs_path))
xorsearch.search_www()
xorsearch.execute()
xorsearch.output()
xorsearch.files()