Local server for IDA Lumina feature

Related tags

Security related resourceslumina_server
Overview

About

POC of an offline server for IDA Lumina feature.

More details on https://www.synacktiv.com/publications/investigating-ida-lumina-feature.html

Instalation

Python package installation

Download project and run python lumina/setup.py (or pip install .).

Server can also be used as a standalone script. The command lumina_server won't be registered in the PATH though. You will have to run manually using python3 lumina/lumina_server.py.

Generate certificates

This step is optionnal if you don't need using TLS. You will then have to modify the LUMINA_TLS = NO in ida.cfg.

Generate a new ROOT CA certificate and key using one of these lines (you can remove the -nodes option to set a passphrase but keep in mind you will need to pass passphrase argument to server script):

# sha256WithRSAEncryption
openssl req -nodes -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -sha256 -keyout luminaRootCAKey.pem -out luminaRootCAK.pem -days 365 -subj '/CN=www.fakerays.com/O=Fake Hexrays/C=XX'

# ecdsa-with-SHA256 (prime256v1)
openssl req -nodes -x509 -newkey rsa:4096 -sha512 -keyout luminaRootCAKey.pem -out luminaRootCA.pem -days 365 -subj '/CN=www.fakerays.com/O=Fake Hexrays/C=XX'

Client setup

Copy the CA certificate (luminaRootCA.pem) to IDA config directory as hexrays.crt:

  • Windows: %APPDATA%\Hex-Rays\IDA Pro\hexrays.crt
  • Linux/OSX: $HOME/.idapro/hexrays.crt

e.g (linux): cp luminaRootCA.pem $HOME/.idapro/hexrays.crt

modify the IDA configuration file (cfg/ida.cfg), either in installation directory or (recommanded) user directory:

  • Windows: %APPDATA%\Hex-Rays\IDA Pro\cfg\ida.cfg
  • Linux/OSX: $HOME/.idapro/hexrays.crt
// Lumina related parameters
LUMINA_HOST               = "localhost";  // Lumina server url (default : "lumina.hex-rays.com")
                                          // warning: keep the the semicolon
LUMINA_MIN_FUNC_SIZE      = 32            // default function size : 32
LUMINA_PORT               = 4443          // default port : 443
LUMINA_TLS                = YES           // enable TLS (default : YES)

First run

Start the server

Usage:

usage: lumina_server [-h] [-i IP] [-p PORT] [-c CERT] [-k CERT_KEY]
                     [-l {NOTSET,DEBUG,INFO,WARNING}]
                     db

positional arguments:
  db                    database file

optional arguments:
  -h, --help            show this help message and exit
  -i IP, --ip IP        listening ip address (default: 127.0.0.1
  -p PORT, --port PORT  listening port (default: 4443
  -c CERT, --cert CERT  proxy certfile (no cert means TLS OFF).
  -k CERT_KEY, --key CERT_KEY
                        certificate private key
  -l {NOTSET,DEBUG,INFO,WARNING}, --log {NOTSET,DEBUG,INFO,WARNING}
                        log level bases on python logging value (default:info)

exemple:

lumina_server db.json --cert luminaRootCA.pem --key luminaRootCAKey.pem --ip 127.0.0.1 --port 4443 --log DEBUG

Start server, (re)start IDA with an idb database and push your first function using Lumina. Hit ctrl-c to terminate server and save database.

Important: keep in mind that the database is only saved or updated on server exit (ctrl-c).

Owner
Synacktiv
Synacktiv
GitHub Repository
python script for hack gmail account using brute force attack

#Creator: johnry #coded by john ry GBrute python script for hack gmail account using brute force attack Commands apt update && apt upgrade git clone h

6 Dec 09, 2022
Dependency injection in python with autoconfiguration

The base is a DynamicContainer to autoconfigure services using the decorators @services for regular services and @command_handler for using command pattern.

Sergio Gómez 2 Jan 17, 2022
Log4Shell Proof of Concept (CVE-2021-44228)

CVE-2021-44228 Log4Shell Proof of Concept (CVE-2021-44228) Make sure to use Java 8 JDK. Java 8 Download Images Credits Casey Dunham - Java Reverse She

Kr0ff 3 Jul 23, 2022
This repository consists of the python scripts for execution and automation of vivid tasks.

Scripting.py is a repository being maintained to keep log of the python scripts that I create for automating and executing some of my boring manual task.

Prakriti Regmi 1 Feb 07, 2022
Exploiting CVE-2021-44228 in vCenter for remote code execution and more

Log4jCenter Exploiting CVE-2021-44228 in vCenter for remote code execution and more. Blog post detailing exploitation linked below: COMING SOON Why? P

81 Dec 20, 2022
Log4j-Scanner with Bind-Receipt and custom hostnames

Hrafna - Log4j-Scanner for the masses Features Scanning-system designed to check your own infra for vulnerable log4j-installations start and stop scan

18 Jan 23, 2022
test application for the licence key web app.

licence_software_test_app Make sure you set your database values in a .env file to the folder. Install MYSQL connector: pip install mysql-connector-py

Carl Beattie 1 Oct 28, 2021
Utility for Extracting all passwords from ConnectWise Automate

CWA Password Extractor Utility for Extracting all passwords from ConnectWise Automate (E.g. while migrating to a new system). Outputs a csv file with

Matthew Kyles 1 Dec 09, 2021
Passphrase-wordlist - Shameless clone of passphrase wordlist

This repository is NOT official -- the original repository is located on GitLab

Jeff McJunkin 2 Feb 05, 2022
Just your basic port scanner - with multiprocessing capabilities & further nmap enumeration.

Just-Your-Basic-Port-Scanner Just your basic port scanner - with multiprocessing capabilities & further nmap enumeration. Use at your own discretion,

Edward Zhou 0 Nov 06, 2021
edgedressing leverages a Windows "feature" in order to force a target's Edge browser to open. This browser is then directed to a URL of choice.

edgedressing One day while experimenting with airpwn-ng, I noticed unexpected GET requests on the target node. The node in question happened to be a W

stryngs 43 Dec 23, 2022
A fast tool to scan prototype pollution vulnerability

proto A fast tool to scan prototype pollution vulnerability Syntax python3 proto.py -l alive.txt Requirements Selenium Google Chrome Webdriver Note :

Muhammed Mahdi 4 Aug 31, 2021
Finite Volume simulation of the Raleigh-Taylor Instability

finitevolume2-python Finite Volume simulation of the Raleigh-Taylor Instability Create Your Own Finite Volume Fluid Simulation (With Python): Part 2 B

Philip Mocz 12 Sep 01, 2022
RedDrop is a quick and easy web server for capturing and processing encoded and encrypted payloads and tar archives.

RedDrop Exfil Server Check out the accompanying MaverisLabs Blog Post Here! RedDrop Exfil Server is a Python Flask Web Server for Penetration Testers,

53 Nov 01, 2022
Proof of Concept Exploit for vCenter CVE-2021-21972

CVE-2021-21972 Proof of Concept Exploit for vCenter CVE-2021-21972

Horizon 3 AI Inc 210 Dec 31, 2022
MainCoon - an automated recon framework

MainCoon is an automated recon framework meant for gathering information during penetration testing of web applications.

Md. Nur habib 8 Aug 26, 2022
Apache Solr SSRF(CVE-2021-27905)

Solr-SSRF Apache Solr SSRF #Use [-] Apache Solr SSRF漏洞 (CVE-2021-27905) [-] Options: -h or --help : 方法说明 -u or --url

Henry4E36 70 Nov 09, 2022
Bandit is a tool designed to find common security issues in Python code.

A security linter from PyCQA Free software: Apache license Documentation: https://bandit.readthedocs.io/en/latest/ Source: https://github.com/PyCQA/ba

Python Code Quality Authority 4.8k Dec 31, 2022
Simple tool to create passwords.

PasswordGenerator Simple password generator: -Simplisitc Window Application -Allows Numbers, Symbols & letters upper and lowercase -Restricts rows of

DM 1 Jan 10, 2022
A collection of write-ups and solutions for Cyber FastTrack Spring 2021.

IMPORTANT: Please contact us before you use any styling or content shown here! Cyber FastTrack Spring 2021 / National Cyber Scholarship Competition -

Alice 48 Aug 28, 2022