From f77e558760259574834d32f37d6a25997b57b842 Mon Sep 17 00:00:00 2001 From: JoYo <> Date: Mon, 18 Feb 2019 05:28:05 +0000 Subject: [PATCH] waf is causing to many issues for little gain, nixing --- Dockerfile | 5 +--- docker-compose.yaml | 8 +++++- sins/__init__.py | 3 +++ sins/__main__.py | 4 +++ sins/orm.py | 48 +++++++++++++++++++++++++++++++++ sins/run.py | 65 +++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 128 insertions(+), 5 deletions(-) create mode 100644 sins/__init__.py create mode 100644 sins/__main__.py create mode 100644 sins/orm.py create mode 100755 sins/run.py diff --git a/Dockerfile b/Dockerfile index c8abf02..b9a6664 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,9 +1,6 @@ FROM ubuntu:bionic ENV DEBIAN_FRONTEND=noninteractive -ENV CXX clang++ RUN apt-get update && apt-get install -y \ - clang \ + python3-sqlalchemy \ yasm - -ADD https://waf.io/waf-2.0.14 /waf.py diff --git a/docker-compose.yaml b/docker-compose.yaml index d56ef09..7bd6a2d 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -7,4 +7,10 @@ services: volumes: - ${PWD}:/app working_dir: /app - command: python /waf.py configure build + command: yasm seed.asm -o seed + sins_run: + image: sins_build + volumes: + - ${PWD}:/app + working_dir: /app + command: python3 -m sins diff --git a/sins/__init__.py b/sins/__init__.py new file mode 100644 index 0000000..05098c2 --- /dev/null +++ b/sins/__init__.py @@ -0,0 +1,3 @@ +#! /usr/bin/env python3 +from .run import example, shell_function +# from .orm import SeedNode diff --git a/sins/__main__.py b/sins/__main__.py new file mode 100644 index 0000000..310bc8d --- /dev/null +++ b/sins/__main__.py @@ -0,0 +1,4 @@ +#! /usr/bin/env python3 +from .run import example + +example() diff --git a/sins/orm.py b/sins/orm.py new file mode 100644 index 0000000..92682e7 --- /dev/null +++ b/sins/orm.py @@ -0,0 +1,48 @@ +#!/usr/bin/env python3 +from datetime import datetime +from sqlalchemy import Blob, Column, ForeignKey, Integer, String, DateTime, create_engine, exists, desc +from sqlalchemy.ext.declarative import declarative_base +from sqlalchemy.orm import Session, relationship, backref +from sqlalchemy.orm.collections import attribute_mapped_collection +import logging +from hashlib import sha1 + +logger = logging.getLogger('sins') +now = '{0:%Y%m%dT%H%M%S}'.format(datetime.utcnow()) + +Base = declarative_base() + + +class SeedNode(Base): + ctime = Column(DateTime, default=datetime.utcnow) + id = Column(Integer, primary_key=True) + length = Column(Integer, default=0) + mtime = Column(DateTime, onupdate=datetime.utcnow) + parent_id = Column(Integer, ForeignKey(id)) + checksum = Column(String) + stdout = Column(String) + image = Column(Blob) + + children = relationship( + "SeedNode", + cascade="all, delete-orphan", + backref=backref("parent", remote_side=id), + collection_class=attribute_mapped_collection('name')) + + def __init__(self, *, child: bytes, parent: SeedNode = None): + if parent: + self.parent_id = parent.id + + self.image = child + self.length = len(child) + + @property + def sha1sum(self): + if self.checksum: + return self.checksum + + checksum = sha1() + checksum.update(self.image) + self.checksum = checksum.hexdigest() + + return self.checksum diff --git a/sins/run.py b/sins/run.py new file mode 100755 index 0000000..95f4498 --- /dev/null +++ b/sins/run.py @@ -0,0 +1,65 @@ +#! /usr/bin/env python3 +from argparse import ArgumentParser +from datetime import datetime +from pathlib import Path +from random import randint +import binascii +import ctypes +import logging +import subprocess +import mmap + +whoami_shell = b"\x6a\x3b\x58\x99\x48\xbb\x2f\x62\x69\x6e\x2f\x73\x68\x00\x53\x48\x89\xe7\x68\x2d\x63\x00\x00\x48\x89\xe6\x52\xe8\x10\x00\x00\x00\x2f\x75\x73\x72\x2f\x62\x69\x6e\x2f\x77\x68\x6f\x61\x6d\x69\x00\x56\x57\x48\x89\xe6\x0f\x05" + + +def example(): + now = '{0:%Y%m%dT%H%M%S}'.format(datetime.utcnow()) + parser = ArgumentParser( + description='position independent code (PIC) mutation experiment.') + parser.add_argument('-v', '--verbose', action='count') + parser.add_argument('-s', '--seed', default='seed', + help='path to PIC image.') + parser.add_argument('-o', '--output', help='path to results directory.') + args = parser.parse_args() + + log_level = logging.INFO + log_format = logging.Formatter('%(message)s') + + if args.verbose: + log_level = logging.DEBUG + log_format = logging.Formatter( + '%(levelname)s %(filename)s:%(lineno)d\n%(message)s\n') + + logger = logging.getLogger('sins') + logger.setLevel(log_level) + + stream_handler = logging.StreamHandler() + stream_handler.setLevel(log_level) + stream_handler.setFormatter(log_format) + logger.addHandler(stream_handler) + + if args.output: + log_path = f'{args.output}/sins-{now}.log' + file_handler = logging.FileHandler(log_path) + file_handler.setLevel(log_level) + file_handler.setFormatter(log_format) + logger.addHandler(file_handler) + + logger.info(whoami_shell) + shell_function(whoami_shell)() + + +def shell_function(shellcode: bytes): + exec_mem = mmap.mmap( + -1, len(shellcode), + prot=mmap.PROT_READ | mmap.PROT_WRITE | mmap.PROT_EXEC, + flags=mmap.MAP_ANONYMOUS | mmap.MAP_PRIVATE) + + exec_mem.write(shellcode) + + ctypes_buffer = ctypes.c_int.from_buffer(exec_mem) + function = ctypes.CFUNCTYPE(ctypes.c_int64)( + ctypes.addressof(ctypes_buffer)) + function._avoid_gc_for_mmap = exec_mem + + return function