#=============================================================================# # A simple python build script to build the singles/stages/stagers and # some usefull information such as offsets and a hex dump. The binary output # will be placed in the bin directory. A hex string and usefull comments will # be printed to screen. # # Example: # >python build.py stager_reverse_tcp_nx # # Example, to build everything: # >python build.py all > build_output.txt # # Author: Stephen Fewer (stephen_fewer[at]harmonysecurity[dot]com) #=============================================================================# import os, sys, time from subprocess import Popen from struct import pack #=============================================================================# def clean( dir="./bin/" ): for root, dirs, files in os.walk( dir ): for name in files: os.remove( os.path.join( root, name ) ) #=============================================================================# def locate( src_file, dir="./src/" ): for root, dirs, files in os.walk( dir ): for name in files: if src_file == name: return root return None #=============================================================================# def build( name ): location = locate( "%s.asm" % name ) if location: input = os.path.normpath( os.path.join( location, name ) ) output = os.path.normpath( os.path.join( "./bin/", name ) ) p = Popen( ["nasm", "-f bin", "-O3", "-o %s.bin" % output, "%s.asm" % input ] ) p.wait() xmit( name ) else: print "[-] Unable to locate '%s.asm' in the src directory" % name #=============================================================================# def xmit_dump_ruby( data, length=16 ): dump = "" for i in xrange( 0, len( data ), length ): bytes = data[ i : i+length ] hex = "\"%s\"" % ( ''.join( [ "\\x%02X" % ord(x) for x in bytes ] ) ) if i+length <= len(data): hex += " +" dump += "%s\n" % ( hex ) print dump #=============================================================================# def xmit_offset( data, name, value, match_offset=0 ): offset = data.find( value ); if offset != -1: print "# %s Offset: %d" % ( name, offset + match_offset ) #=============================================================================# def xmit( name, dump_ruby=True ): bin = os.path.normpath( os.path.join( "./bin/", "%s.bin" % name ) ) f = open( bin, 'rb') data = f.read() print "# Name: %s\n# Length: %d bytes" % ( name, len( data ) ) xmit_offset( data, "Port", pack( ">H", 4444 ) ) # 4444 xmit_offset( data, "LEPort", pack( "L", 0x7F000001 ) ) # 127.0.0.1 xmit_offset( data, "IPv6Host", pack( "H", 0x1122 ) ) # Egg tag size xmit_offset( data, "RC4Key", "RC4KeyMetasploit") # RC4 key xmit_offset( data, "XORKey", "XORK") # XOR key if( name.find( "egghunter" ) >= 0 ): null_count = data.count( "\x00" ) if( null_count > 0 ): print "# Note: %d NULL bytes found." % ( null_count ) if dump_ruby: xmit_dump_ruby( data ) #=============================================================================# def main( argv=None ): if not argv: argv = sys.argv try: if len( argv ) == 1: print "Usage: build.py [clean|all|]" else: print "# Built on %s\n" % ( time.asctime( time.localtime() ) ) if argv[1] == "clean": clean() elif argv[1] == "all": for root, dirs, files in os.walk( "./src/egghunter/" ): for name in files: build( name[:-4] ) for root, dirs, files in os.walk( "./src/migrate/" ): for name in files: build( name[:-4] ) for root, dirs, files in os.walk( "./src/single/" ): for name in files: build( name[:-4] ) for root, dirs, files in os.walk( "./src/stage/" ): for name in files: build( name[:-4] ) for root, dirs, files in os.walk( "./src/stager/" ): for name in files: build( name[:-4] ) for root, dirs, files in os.walk( "./src/kernel/" ): for name in files: build( name[:-4] ) else: build( argv[1] ) except Exception, e: print "[-] ", e #=============================================================================# if __name__ == "__main__": main() #=============================================================================#