Local server for IDA Lumina feature

Related tags

Security related resourceslumina_server
Overview

About

POC of an offline server for IDA Lumina feature.

More details on https://www.synacktiv.com/publications/investigating-ida-lumina-feature.html

Instalation

Python package installation

Download project and run python lumina/setup.py (or pip install .).

Server can also be used as a standalone script. The command lumina_server won't be registered in the PATH though. You will have to run manually using python3 lumina/lumina_server.py.

Generate certificates

This step is optionnal if you don't need using TLS. You will then have to modify the LUMINA_TLS = NO in ida.cfg.

Generate a new ROOT CA certificate and key using one of these lines (you can remove the -nodes option to set a passphrase but keep in mind you will need to pass passphrase argument to server script):

# sha256WithRSAEncryption
openssl req -nodes -x509 -newkey ec -pkeyopt ec_paramgen_curve:prime256v1 -sha256 -keyout luminaRootCAKey.pem -out luminaRootCAK.pem -days 365 -subj '/CN=www.fakerays.com/O=Fake Hexrays/C=XX'

# ecdsa-with-SHA256 (prime256v1)
openssl req -nodes -x509 -newkey rsa:4096 -sha512 -keyout luminaRootCAKey.pem -out luminaRootCA.pem -days 365 -subj '/CN=www.fakerays.com/O=Fake Hexrays/C=XX'

Client setup

Copy the CA certificate (luminaRootCA.pem) to IDA config directory as hexrays.crt:

  • Windows: %APPDATA%\Hex-Rays\IDA Pro\hexrays.crt
  • Linux/OSX: $HOME/.idapro/hexrays.crt

e.g (linux): cp luminaRootCA.pem $HOME/.idapro/hexrays.crt

modify the IDA configuration file (cfg/ida.cfg), either in installation directory or (recommanded) user directory:

  • Windows: %APPDATA%\Hex-Rays\IDA Pro\cfg\ida.cfg
  • Linux/OSX: $HOME/.idapro/hexrays.crt
// Lumina related parameters
LUMINA_HOST               = "localhost";  // Lumina server url (default : "lumina.hex-rays.com")
                                          // warning: keep the the semicolon
LUMINA_MIN_FUNC_SIZE      = 32            // default function size : 32
LUMINA_PORT               = 4443          // default port : 443
LUMINA_TLS                = YES           // enable TLS (default : YES)

First run

Start the server

Usage:

usage: lumina_server [-h] [-i IP] [-p PORT] [-c CERT] [-k CERT_KEY]
                     [-l {NOTSET,DEBUG,INFO,WARNING}]
                     db

positional arguments:
  db                    database file

optional arguments:
  -h, --help            show this help message and exit
  -i IP, --ip IP        listening ip address (default: 127.0.0.1
  -p PORT, --port PORT  listening port (default: 4443
  -c CERT, --cert CERT  proxy certfile (no cert means TLS OFF).
  -k CERT_KEY, --key CERT_KEY
                        certificate private key
  -l {NOTSET,DEBUG,INFO,WARNING}, --log {NOTSET,DEBUG,INFO,WARNING}
                        log level bases on python logging value (default:info)

exemple:

lumina_server db.json --cert luminaRootCA.pem --key luminaRootCAKey.pem --ip 127.0.0.1 --port 4443 --log DEBUG

Start server, (re)start IDA with an idb database and push your first function using Lumina. Hit ctrl-c to terminate server and save database.

Important: keep in mind that the database is only saved or updated on server exit (ctrl-c).

Owner
Synacktiv
Synacktiv
GitHub Repository
A collection of over 5.1 million sub-domains and assets belonging to public bug bounty programs, compiled into a repo, for performing bulk operations.

📂 Public Bug Bounty Targets Data By BugBountyResources A collection of over 5.1M sub-domains and assets belonging to bug bounty targets, all put in a

Bug Bounty Resources 87 Dec 13, 2022
Raphael is a vulnerability scanning tool based on Python3.

Raphael Raphael是一款基于Python3开发的插件式漏洞扫描工具。 Raphael is a vulnerability scanning too

b4zinga 5 Mar 21, 2022
Python low-interaction honeyclient

Thug The number of client-side attacks has grown significantly in the past few years shifting focus on poorly protected vulnerable clients. Just as th

Angelo Dell'Aera 896 Dec 19, 2022
A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers within industrial environments. Utilizing multithreaded processing, Automator-Terminator delivers a powerful wave of spoofed ethernet packets to a null MAC address.

Automator-Terminator A Proof-of-Concept Layer 2 Denial of Service Attack that disrupts low level operations of Programmable Logic Controllers (PLCs) w

25 Oct 10, 2022
Passphrase-wordlist - Shameless clone of passphrase wordlist

This repository is NOT official -- the original repository is located on GitLab

Jeff McJunkin 2 Feb 05, 2022
Python library to prevent XSS(cross site scripting attach) by removing harmful content from data.

A tool for removing malicious content from input data before saving data into database. It takes input containing HTML with XSS scripts and returns va

2 Jul 05, 2022
🍯 16 honeypots in a single pypi package (DNS, HTTP Proxy, HTTP, HTTPS, SSH, POP3, IMAP, STMP, VNC, SMB, SOCKS5, Redis, TELNET, Postgres & MySQL)

Easy to setup customizable honeypots for monitoring network traffic, bots activities and username\password credentials. The current available honeypot

QeeqBox 259 Dec 31, 2022
This tool allows to automatically test for Content Security Policy bypass payloads.

CSPass This tool allows to automatically test for Content Security Policy bypass payloads. Usage [cspass]$ ./cspass.py -h usage: cspass.py [-h] [--no-

Ruulian 30 Nov 22, 2022
HashDB API hash lookup plugin for IDA Pro

HashDB IDA Plugin Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service. Adding New Hash Algorithms

OALabs 237 Dec 21, 2022
Brute-forcing (or not!) deck builder for Pokemon Trading Card Game.

PokeBot Deck Builder Brute-forcing (or not!) deck builder for Pokemon Trading Card Game. Warning: intensely not optimized and spaghetti coded Credits

Hocky Harijanto 0 Jan 10, 2022
MassStringer, CTF Flag Finder

massStringer MassStringer, CTF Flag Finder Usage: python3 massStringer.py Enter absolute path of the directory to scan for flags Edit "flag = re.searc

SuperTsumu 4 Sep 06, 2022
test application for the licence key web app.

licence_software_test_app Make sure you set your database values in a .env file to the folder. Install MYSQL connector: pip install mysql-connector-py

Carl Beattie 1 Oct 28, 2021
Reverse engineered Parler API

Parler's unofficial API with all endpoints present in their iOS app as of 08/12/2020. For the most part undocumented, but the error responses are alre

393 Nov 26, 2022
DNSSEQ: PowerDNS with FALCON Signature Scheme

PowerDNS-based proof-of-concept implementation of DNSSEC using the post-quantum FALCON signature scheme.

Nils Wisiol 4 Feb 03, 2022
C++ fully undetected shellcode launcher

charlotte c++ fully undetected shellcode launcher ;) releasing this to celebrate the birth of my newborn description 13/05/2021: c++ shellcode launche

894 Dec 25, 2022
Trainspotting - Python Dependency Injector based on interface binding

Choose dependency injection Friendly with MyPy Supports lazy injections Supports

avito.tech 3 Jan 26, 2022
Log4Shell RCE Exploit - fully independent exploit does not require any 3rd party binaries.

Log4Shell RCE Exploit fully independent exploit does not require any 3rd party binaries. The exploit spraying the payload to all possible logged HTTP

258 Jan 02, 2023
Course: Information Security with Python

Curso: Segurança da Informação com Python Curso realizado atravès da Plataforma da Digital Innovation One Prof: Bruno Dias Conteúdo: Introdução aos co

Elizeu Barbosa Abreu 1 Nov 28, 2021
WpDisect is a wordpress hacking tool that finds vulnerabilities in wordpress.

wpdisect WpDisect is a wordpress hacking tool that finds misconfigurations in wordpress. Prerequisites You need to download wordpress in the wpdisect

3 Feb 20, 2022
Python Toolkit containing different Cyber Attacks Tools

Helikopter Python Toolkit containing different Cyber Attacks Tools. Tools in Helikopter Toolkit 1. FattyNigger (PYTHON WORM) 2. Taxes (PYTHON PASS EXT

Saqlain Naqvi 22 Dec 04, 2022