Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries

Last update: Nov 16, 2021

Related tags

Overview

bcheck

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries. Using xrefs to commonly injected and format string'd files, it will scan binaries faster than Firmware Slap.

Install

sudo apt install rabbitmq
pip install -e .

Usage

bcheck.py -h
usage: bcheck.py [-h] [-p] [-s] file

positional arguments:
  file          Binary file to check

optional arguments:
  -h, --help    show this help message and exit
  -p, --printf  Enable printf checking
  -s, --system  Enable command injection checking

Example

b'/bin/mtd_write -o 0 -l 0 write AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x01 Bootloader' ">

$ bcheck.py -s examples/upload.cgi
[~] Checking for command injections
100% |############################################################| Elapsed Time: 0:00:01 Time:  0:00:01
Found 5 test sites in binary
[-] Scanned functions:
[-] : 0x401a28 : getLanIP
[+] : 0x4012b8 : mtd_write_firmware
0x7ffefdf8	->	b'/bin/mtd_write -o 0 -l 0 write AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x01 Kernel'
[-] : 0x4009f0 : main
[+] : 0x4010d0 : write_flash_kernel_version
0x7ffefdf8	->	b'nvram_set 2860 old_firmware "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x00"'
[+] : 0x401338 : mtd_write_bootloader
0x7ffefdf8	->	b'/bin/mtd_write -o 0 -l 0 write AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA\x01 Bootloader'

Binary check tool to identify command injection and format string vulnerabilities in blackbox binaries

Related tags

Overview

bcheck

Install

Usage

Example

Owner

Christopher Roberts

Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

CVE-2021-43936 is a critical vulnerability (CVSS3 10.0) leading to Remote Code Execution (RCE) in WebHMI Firmware.

macOS Initial Access Payload Generator

2022-bridge - Example code belonging to the Bridge pattern video

A forensic collection tool written in Python.

logmap: Log4j2 jndi injection fuzz tool

A Telegram Bot to force users to join a specific channel before sending messages in a group.

Python sandbox runners for executing code in isolation aka snekbox.

Password Manager is a simple Python project which helps users in managing their passwords in a easier way

DNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)

Password List Maker

RCE Exploit for Gitlab < 13.9.4

Fat-Stealer is a stealer that allows you to grab the Discord token from a user and open a backdoor in his machine.

A Radare2 based Python module for Binary Analysis and Reverse Engineering.

POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL Pre-Auth RCE Injection Vulneralibity.

A simple linux keylogger project.

Flutter Reverse Engineering Framework

IPscan - This Script is Framework To automate IP process large scope For Bug Hunting

script that pulls cve collections from NVD.NIST.GOV.

WhPhisher: a Phishing tool With Python