Skip to content

open-crs/automatic_exploit_generation

Folders and files

NameName
Last commit message
Last commit date

Latest commit

Β 

History

24 Commits
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 
Β 

Repository files navigation

automatic_exploit_generation πŸ’Ž



Description

automatic_exploit_generation is the module of OpenCRS that deals with automatically generating exploits.

Limitations

  • ELF format
  • x86 architecture

How It Works

With the input streams, mitigations, and vulnerabilities for the executable to exploit, the module will iterate through the implemented submodules and recommend the ones that may produce a workable exploit. In the case of Zeratool, which is currently the only module accessible, a new Docker container is built with which gRPC communication occurs. The submodule decides which configuration to use for Zeratool based on the available information (both input and extracted).

Setup

  1. Ensure you have Docker installed.
  2. Install the required Python 3 packages via poetry install --no-dev.
  3. Build the Docker image: docker build --tag zeratool_lib -f docker/Dockerfile.zeratool_lib ..
  4. Ensure the Docker API is accessible by:
    • Running the module as root; or
    • Changing the Docker socket permissions (unsecure approach) via chmod 777 /var/run/docker.sock.
  5. Build the arguments' adapter via cd others/argv_adapter && make.

Development

If you make modifications to the Protobuf definition, please regenerate the Python sources with poetry run python3 -m grpc_tools.protoc -I. --python_out=. --grpc_python_out=. ./automatic_exploit_generation/exploiters/zeratool/protobuf/exploit.proto.

Usage

As a CLI Tool

Recommending Exploiters to Use

➜ poetry run automatic_exploit_generation recommend  --elf=key-manager.elf --stream=STDIN --mitigation=NX --weakness=STACK_OUT_OF_BOUND_WRITE
Exploiters that can be used considering the context are:
- ZERATOOL

Exploiting a Binary

➜ poetry run automatic_exploit_generation exploit --exploiter=ZERATOOL --elf=key-manager.elf --stream=STDIN --mitigation=NX --weakness=STACK_OUT_OF_BOUND_WRITE
The exploiter could generate an exploit with the outcome of DENIAL_OF_SERVICE and the following payloads:
- For STDIN:

00000000: 61 61 61 61 61 61 61 61                           aaaaaaaa

- For ARGUMENTS:

00000000: 61 61 61 61 61 61 61 61                           aaaaaaaa

Help

➜ poetry run automatic_exploit_generation 
Usage: automatic_exploit_generation [OPTIONS] COMMAND [ARGS]...

  Exploits vulnerabilities in executables.

Options:
  --help  Show this message and exit.

Commands:
  exploit    Exploits vulnerabilities.
  recommend  Get suitable exploiters for a binary.

As a Python Module

from automatic_exploit_generation.exploiter_generator import (
    Exploiters,
    create_exploiter_by_name,
    get_suitable_exploiters,
)
from commons.input_streams import InputStreams
from commons.weaknesses import Weaknesses

elf = "key-manager.elf"
input_streams = InputStreams.STDIN
weakness_enum = Weaknesses

for exploiter in get_suitable_exploiters(
    elf, InputStreams.STDIN, None, Weaknesses.STACK_OUT_OF_BOUND_WRITE
):
  generated_exploit = exploiter.exploit()