Browse Source

waf is causing to many issues for little gain, nixing

master
JoYo 3 years ago
parent
commit
f77e558760
  1. 5
      Dockerfile
  2. 8
      docker-compose.yaml
  3. 3
      sins/__init__.py
  4. 4
      sins/__main__.py
  5. 48
      sins/orm.py
  6. 65
      sins/run.py

5
Dockerfile

@ -1,9 +1,6 @@
FROM ubuntu:bionic
ENV DEBIAN_FRONTEND=noninteractive
ENV CXX clang++
RUN apt-get update && apt-get install -y \
clang \
python3-sqlalchemy \
yasm
ADD https://waf.io/waf-2.0.14 /waf.py

8
docker-compose.yaml

@ -7,4 +7,10 @@ services:
volumes:
- ${PWD}:/app
working_dir: /app
command: python /waf.py configure build
command: yasm seed.asm -o seed
sins_run:
image: sins_build
volumes:
- ${PWD}:/app
working_dir: /app
command: python3 -m sins

3
sins/__init__.py

@ -0,0 +1,3 @@
#! /usr/bin/env python3
from .run import example, shell_function
# from .orm import SeedNode

4
sins/__main__.py

@ -0,0 +1,4 @@
#! /usr/bin/env python3
from .run import example
example()

48
sins/orm.py

@ -0,0 +1,48 @@
#!/usr/bin/env python3
from datetime import datetime
from sqlalchemy import Blob, Column, ForeignKey, Integer, String, DateTime, create_engine, exists, desc
from sqlalchemy.ext.declarative import declarative_base
from sqlalchemy.orm import Session, relationship, backref
from sqlalchemy.orm.collections import attribute_mapped_collection
import logging
from hashlib import sha1
logger = logging.getLogger('sins')
now = '{0:%Y%m%dT%H%M%S}'.format(datetime.utcnow())
Base = declarative_base()
class SeedNode(Base):
ctime = Column(DateTime, default=datetime.utcnow)
id = Column(Integer, primary_key=True)
length = Column(Integer, default=0)
mtime = Column(DateTime, onupdate=datetime.utcnow)
parent_id = Column(Integer, ForeignKey(id))
checksum = Column(String)
stdout = Column(String)
image = Column(Blob)
children = relationship(
"SeedNode",
cascade="all, delete-orphan",
backref=backref("parent", remote_side=id),
collection_class=attribute_mapped_collection('name'))
def __init__(self, *, child: bytes, parent: SeedNode = None):
if parent:
self.parent_id = parent.id
self.image = child
self.length = len(child)
@property
def sha1sum(self):
if self.checksum:
return self.checksum
checksum = sha1()
checksum.update(self.image)
self.checksum = checksum.hexdigest()
return self.checksum

65
sins/run.py

@ -0,0 +1,65 @@
#! /usr/bin/env python3
from argparse import ArgumentParser
from datetime import datetime
from pathlib import Path
from random import randint
import binascii
import ctypes
import logging
import subprocess
import mmap
whoami_shell = b"\x6a\x3b\x58\x99\x48\xbb\x2f\x62\x69\x6e\x2f\x73\x68\x00\x53\x48\x89\xe7\x68\x2d\x63\x00\x00\x48\x89\xe6\x52\xe8\x10\x00\x00\x00\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x77\x68\x6f\x61\x6d\x69\x00\x56\x57\x48\x89\xe6\x0f\x05"
def example():
now = '{0:%Y%m%dT%H%M%S}'.format(datetime.utcnow())
parser = ArgumentParser(
description='position independent code (PIC) mutation experiment.')
parser.add_argument('-v', '--verbose', action='count')
parser.add_argument('-s', '--seed', default='seed',
help='path to PIC image.')
parser.add_argument('-o', '--output', help='path to results directory.')
args = parser.parse_args()
log_level = logging.INFO
log_format = logging.Formatter('%(message)s')
if args.verbose:
log_level = logging.DEBUG
log_format = logging.Formatter(
'%(levelname)s %(filename)s:%(lineno)d\n%(message)s\n')
logger = logging.getLogger('sins')
logger.setLevel(log_level)
stream_handler = logging.StreamHandler()
stream_handler.setLevel(log_level)
stream_handler.setFormatter(log_format)
logger.addHandler(stream_handler)
if args.output:
log_path = f'{args.output}/sins-{now}.log'
file_handler = logging.FileHandler(log_path)
file_handler.setLevel(log_level)
file_handler.setFormatter(log_format)
logger.addHandler(file_handler)
logger.info(whoami_shell)
shell_function(whoami_shell)()
def shell_function(shellcode: bytes):
exec_mem = mmap.mmap(
-1, len(shellcode),
prot=mmap.PROT_READ | mmap.PROT_WRITE | mmap.PROT_EXEC,
flags=mmap.MAP_ANONYMOUS | mmap.MAP_PRIVATE)
exec_mem.write(shellcode)
ctypes_buffer = ctypes.c_int.from_buffer(exec_mem)
function = ctypes.CFUNCTYPE(ctypes.c_int64)(
ctypes.addressof(ctypes_buffer))
function._avoid_gc_for_mmap = exec_mem
return function
Loading…
Cancel
Save