Local server for IDA Lumina feature

Related tags

Security related resourceslumina_server
Overview

About

POC of an offline server for IDA Lumina feature.

More details on https://www.synacktiv.com/publications/investigating-ida-lumina-feature.html

Instalation

Python package installation

Download project and run python lumina/setup.py (or pip install .).

Server can also be used as a standalone script. The command lumina_server won't be registered in the PATH though. You will have to run manually using python3 lumina/lumina_server.py.

Generate certificates

This step is optionnal if you don't need using TLS. You will then have to modify the LUMINA_TLS = NO in ida.cfg.

Generate a new ROOT CA certificate and key using one of these lines (you can remove the -nodes option to set a passphrase but keep in mind you will need to pass passphrase argument to server script):

# sha256WithRSAEncryption
openssl req -nodes -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -sha256 -keyout luminaRootCAKey.pem -out luminaRootCAK.pem -days 365 -subj '/CN=www.fakerays.com/O=Fake Hexrays/C=XX'

# ecdsa-with-SHA256 (prime256v1)
openssl req -nodes -x509 -newkey rsa:4096 -sha512 -keyout luminaRootCAKey.pem -out luminaRootCA.pem -days 365 -subj '/CN=www.fakerays.com/O=Fake Hexrays/C=XX'

Client setup

Copy the CA certificate (luminaRootCA.pem) to IDA config directory as hexrays.crt:

  • Windows: %APPDATA%\Hex-Rays\IDA Pro\hexrays.crt
  • Linux/OSX: $HOME/.idapro/hexrays.crt

e.g (linux): cp luminaRootCA.pem $HOME/.idapro/hexrays.crt

modify the IDA configuration file (cfg/ida.cfg), either in installation directory or (recommanded) user directory:

  • Windows: %APPDATA%\Hex-Rays\IDA Pro\cfg\ida.cfg
  • Linux/OSX: $HOME/.idapro/hexrays.crt
// Lumina related parameters
LUMINA_HOST               = "localhost";  // Lumina server url (default : "lumina.hex-rays.com")
                                          // warning: keep the the semicolon
LUMINA_MIN_FUNC_SIZE      = 32            // default function size : 32
LUMINA_PORT               = 4443          // default port : 443
LUMINA_TLS                = YES           // enable TLS (default : YES)

First run

Start the server

Usage:

usage: lumina_server [-h] [-i IP] [-p PORT] [-c CERT] [-k CERT_KEY]
                     [-l {NOTSET,DEBUG,INFO,WARNING}]
                     db

positional arguments:
  db                    database file

optional arguments:
  -h, --help            show this help message and exit
  -i IP, --ip IP        listening ip address (default: 127.0.0.1
  -p PORT, --port PORT  listening port (default: 4443
  -c CERT, --cert CERT  proxy certfile (no cert means TLS OFF).
  -k CERT_KEY, --key CERT_KEY
                        certificate private key
  -l {NOTSET,DEBUG,INFO,WARNING}, --log {NOTSET,DEBUG,INFO,WARNING}
                        log level bases on python logging value (default:info)

exemple:

lumina_server db.json --cert luminaRootCA.pem --key luminaRootCAKey.pem --ip 127.0.0.1 --port 4443 --log DEBUG

Start server, (re)start IDA with an idb database and push your first function using Lumina. Hit ctrl-c to terminate server and save database.

Important: keep in mind that the database is only saved or updated on server exit (ctrl-c).

Owner
Synacktiv
Synacktiv
GitHub Repository
You can manage your password with this program.

You must have Python compilers in order to run this program. First of all, download the compiler in the link.

Mustafa Bahadır Doğrusöz 6 Aug 07, 2021
A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities

master_librarian A simple tool to audit Unix/*BSD/Linux system libraries to find public security vulnerabilities. To install requirements: $ sudo pyth

CoolerVoid 167 Dec 19, 2022
Time Discretization-Invariant Safe Action Repetition for Policy Gradient Methods

Time Discretization-Invariant Safe Action Repetition for Policy Gradient Methods This repository is the official implementation of Seohong Park, Jaeky

Seohong Park 6 Aug 02, 2022
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

This project is no longer maintained March 2020 Update: Please go see the amazing Pysa tutorial that should get you up to speed finding security vulne

2.1k Dec 25, 2022
IDA Python Script for anti ollvm

IDA Python Script for anti ollvm

Shocker 62 Dec 23, 2022
POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL Pre-Auth RCE Injection Vulneralibity.

CVE-2021-26084 Description POC of CVE-2021-26084, which is Atlassian Confluence Server OGNL(Object-Graph Navigation Language) Pre-Auth RCE Injection V

antx 9 Aug 31, 2022
A malware to encrypt all the .txt and .jpg files in target computer using RSA algorithms

A malware to encrypt all the .txt and .jpg files in target computer using RSA algorithms. Change the Blackgound image of targets' computer. and decrypt the targets' encrypted files in our own compute

Li Ka Lok 2 Dec 02, 2022
Python exploit code for CVE-2021-4034 (pwnkit)

Python3 code to exploit CVE-2021-4034 (PWNKIT). This was an exercise in "can I make this work in Python?", and not meant as a robust exploit. It Works

Joe Ammond 92 Dec 29, 2022
Fuzzercorn - Bring libfuzzer to Unicorn

Fuzzercorn libfuzzer bindings for Unicorn. API // The main entry point of the fu

lazymio 23 Nov 17, 2022
proof-of-concept running docker container from omero web

docker-from-omero-poc proof-of-concept running docker container from omero web How-to Edit test_script.py so that the BaseClient is created pointing t

Erick Martins Ratamero 2 Jan 22, 2022
A powerful password generator utility which utilizes the slot technique to generate strong passwords of required length having combinations of lower and upper characters, digits and symbols.

Bitpass Password Generator Installation Make sure Python 3+ is installed

Vaibhaw 6 Feb 02, 2022
Obfuscate your python code into a string of integers. De-obfuscate also supported.

int-obfuscator Obfuscate your python code into a string of integers. De-obfuscate also supported. How it works: Each printable character gets replaced

6 Nov 13, 2022
Python decompiler for Python 1.5-2.4 (for historical archive)

This preserves the early code of a Python decompiler for Python versions 1.5 to 2.4. I have been able to install this using pyenv using Python 2.3.7 u

R. Bernstein 2 Jan 04, 2022
macOS persistence tool

PoisonApple Command-line tool to perform various persistence mechanism techniques on macOS. This tool was designed to be used by threat hunters for cy

Cyborg Security, Inc 212 Dec 29, 2022
Find existing email addresses by nickname using API/SMTP checking methods without user notification. Please, don't hesitate to improve cat's job! 🐱🔎 📬

mailcat The only cat who can find existing email addresses by nickname. Usage First install requirements: pip3 install -r requirements.txt Then just

282 Dec 30, 2022
CVE-2021-26855 SSRF Exchange Server

CVE-2021-26855 Brute Force EMail Exchange Server Timeline: Monday, March 8, 2021: Update Dumping content...(I'm not done, can u guy help me done this

lulz 117 Nov 28, 2022
To explore creating an application that detects available connections at once from wifi and bluetooth

Signalum A Linux Package to detect and analyze existing connections from wifi and bluetooth. Also checkout the Desktop Application. Signalum Installat

BISOHNS 56 Mar 03, 2021
C++ fully undetected shellcode launcher

charlotte c++ fully undetected shellcode launcher ;) releasing this to celebrate the birth of my newborn description 13/05/2021: c++ shellcode launche

894 Dec 25, 2022
QHack-2022 - Solutions to the Coding Challenges of QHack 2022

QHack 2022 Problems from Coding Challenges 2022. Rules and how it works To test

Isacco Gobbi 1 Feb 14, 2022
Find exposed API keys based on RegEx and get exploitation methods for some of keys that are found

dora Features Blazing fast as we are using ripgrep in backend Exploit/PoC steps for many of the API key, allowing to write a good report for bug bount

Siddharth Dushantha 243 Dec 27, 2022