Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries

Last update: Nov 16, 2021

Related tags

Overview

bcheck

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries. Using xrefs to commonly injected and format string'd files, it will scan binaries faster than Firmware Slap.

Install

sudo apt install rabbitmq
pip install -e .

Usage

bcheck.py -h
usage: bcheck.py [-h] [-p] [-s] file

positional arguments:
  file          Binary file to check

optional arguments:
  -h, --help    show this help message and exit
  -p, --printf  Enable printf checking
  -s, --system  Enable command injection checking

Example

b'/bin/mtd_write -o 0 -l 0 write AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x01 Bootloader' ">

$ bcheck.py -s examples/upload.cgi
[~] Checking for command injections
100% |############################################################| Elapsed Time: 0:00:01 Time:  0:00:01
Found 5 test sites in binary
[-] Scanned functions:
[-] : 0x401a28 : getLanIP
[+] : 0x4012b8 : mtd_write_firmware
0x7ffefdf8	->	b'/bin/mtd_write -o 0 -l 0 write AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x01 Kernel'
[-] : 0x4009f0 : main
[+] : 0x4010d0 : write_flash_kernel_version
0x7ffefdf8	->	b'nvram_set 2860 old_firmware "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00"'
[+] : 0x401338 : mtd_write_bootloader
0x7ffefdf8	->	b'/bin/mtd_write -o 0 -l 0 write AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x01 Bootloader'

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries

Related tags

Overview

bcheck

Install

Usage

Example

Owner

Christopher Roberts

Providing DevOps and security teams script to identify cloud workloads that may be vulnerable to the Log4j vulnerability(CVE-2021-44228) in their AWS account.

Buff A simple BOF library I wrote under an hour to help me automate with BOF attack

Python script that sends CVE-2021-44228 log4j payload requests to url list

Reusable Lightweight Pythonic Dependency Injection Library

CVE-2021-22005 - VMWare vCenter Server File Upload to RCE

Website OSINT untuk mencari informasi dari email dan nomor telepon. Dibuat dengan React dan Flask.

Brainly-Scrambler - Brainly Scrambler With Python

An interactive python script that enables root access on the T-Mobile (Wingtech) TMOHS1, as well as providing several useful utilites to change the configuration of the device.

Auerswald COMpact 8.0B Backdoors exploit

POC for detecting the Log4Shell (Log4J RCE) vulnerability.

Create a secure tunnel from a custom domain to localhost using Fly and WireGuard.

Python exploit code for CVE-2021-4034 (pwnkit)

A simple python script for hosting a Snowflake Proxy in your python program or with it's standalone cli

SecurAID securely connects aid organizations directly with individuals in dangerous situations to allow them to discreetly and effectively get the assistance they need.

CVE-2022-22536 - SAP memory pipes(MPI) desynchronization vulnerability CVE-2022-22536

Source code for "A Two-Stream AMR-enhanced Model for Document-level Event Argument Extraction" @ NAACL 2022

聚合Github上已有的Poc或者Exp，CVE信息来自CVE官网。Auto Collect Poc Or CVE from Github by CVE ID.

A script to search, scrape and scan for Apache Log4j CVE-2021-44228 affected files using Google dorks

CVE-2021-22205& GitLab CE/EE RCE

A Burp extension adding a passive scan check to flag parameters whose name or value may indicate a possible insertion point for SSRF or LFI.