open-crs · pufi656 · Jun 11, 2024 · Jun 11, 2024 · Jun 11, 2024 · Jun 11, 2024
diff --git a/README.md b/README.md
@@ -34,10 +34,11 @@ With the input streams, mitigations, and vulnerabilities for the executable to e
 1. Ensure you have Docker installed.
 2. Install the required Python 3 packages via `poetry install --no-dev`.
 3. Build the Docker image: `docker build --tag zeratool_lib -f docker/Dockerfile.zeratool_lib .`.
-4. Ensure the Docker API is accessible by:
+4. Add `zeratool_lib` to PYTHONPATH: `export PYTHONPATH=/path/to/repo/docker/zeratool_lib/zeratool_lib`.
+5. Ensure the Docker API is accessible by:
    - Running the module as `root`; or
    - Changing the Docker socket permissions (unsecure approach) via `chmod 777 /var/run/docker.sock`.
-5. Build the arguments' adapter via `cd others/argv_adapter && make`.
+6. Build the arguments' adapter via `cd others/argv_adapter && make`.
 
 ## Development
 

diff --git a/automatic_exploit_generation/cli.py b/automatic_exploit_generation/cli.py
@@ -74,13 +74,9 @@ def exploit(
     if generated_exploit:
         print(
             "The exploiter could generate an exploit with the outcome of"
-            f" {generated_exploit.outcome.name} and the following payloads:"
+            f" {generated_exploit.outcome.name} and the following payloads:\n"
         )
-
-        for payload in generated_exploit.payloads:
-            print(f"- For {payload.input_stream.name}:\n")
-            hexdump.hexdump(payload.content)
-            print("")
+        hexdump.hexdump(generated_exploit.payload)
     else:
         print("The exploiter coudn't generate any exploit.")
 

diff --git a/automatic_exploit_generation/exploiters/zeratool/zeratool.py b/automatic_exploit_generation/exploiters/zeratool/zeratool.py
@@ -12,6 +12,7 @@
     exploit_pb2,
     exploit_pb2_grpc,
 )
+
 from commons.exploit import Exploit
 from commons.input_streams import InputStreams
 from commons.mitigations import Mitigations
@@ -22,7 +23,7 @@
     get_sensitive_functions_names,
 )
 from commons.weaknesses import Weaknesses
-
+from time import sleep
 
 def _is_sublist_of_list(needle: list, stack: list) -> bool:
     return set(needle).issubset(set(stack))
@@ -69,16 +70,16 @@ def _run_exploitation_in_container(
         container = client.containers.run(
             Configuration.ZERATOOL_IMAGE_NAME,
             detach=True,
-            tty=True,
+            auto_remove=True,
             ports={"13000/tcp": 13000},
             publish_all_ports=True,
         )
-        container_ip = container.attrs["NetworkSettings"]["IPAddress"]
+        container_ip = '0.0.0.0'
+        sleep(3)
         exploit = self._request_exploitation_to_grpc_service(
             container_ip, overflow_only, format_only, win_funcs
         )
-
-        container.remove(force=True)
+        container.kill()
 
         return exploit
 

diff --git a/docker/Dockerfile.zeratool_lib b/docker/Dockerfile.zeratool_lib
@@ -33,6 +33,16 @@ COPY /docker/zeratool_lib_service.py /zeratool_lib_service.py
 # Download the commons library
 RUN git clone https://github.com/CyberReasoningSystem/commons /commons
 
+# Install Radare2
+RUN set -xe; \
+    wget https://github.com/radareorg/radare2/releases/download/5.9.0/radare2_5.9.0_amd64.deb; \
+    dpkg -i radare2_5.9.0_amd64.deb; \
+    rm radare2_5.9.0_amd64.deb \
+    ;
+
+# Install 32-bit libc
+RUN apt-get update && apt-get -y install libc6-i386
+
 # Set PYTHONPATH
 ENV PYTHONPATH=/zeratool_lib/zeratool_lib:/protobuf:/automatic_exploit_generation:/commons
 
@@ -41,3 +51,4 @@ EXPOSE 13000
 
 # Run the service
 CMD ["python3",  "/zeratool_lib_service.py"]
+
diff --git a/docker/zeratool_lib_service.py b/docker/zeratool_lib_service.py
@@ -15,13 +15,13 @@
 YEAR_IN_SECONDS = 365 * 60 * 60 * 24
 
 
-def _create_temp_binary(content: bytes) -> tempfile.TemporaryFile:
-    binary = tempfile.TemporaryFile()
+def _create_temp_binary(content: bytes) -> tempfile.NamedTemporaryFile:
+    binary = tempfile.NamedTemporaryFile()
 
     binary.write(content)
     binary.flush()
 
-    os.chmod(binary.name, stat.S_IXUSR)
+    os.chmod(binary.name, stat.S_IRWXU | stat.S_IRWXG | stat.S_IRWXO)
 
     return binary
 
@@ -34,6 +34,13 @@ def Exploit(self, request, _):
         overflow_only = request.overflow_only
         format_only = request.format_only
         win_funcs_used = request.serialized_win_funcs.split(",")
+        if len(win_funcs_used) == 1 and win_funcs_used[0] == '':
+            win_funcs_used = None
+
+        print("temp_file.name: ", temp_file.name)
+        print("overflow_only: ", overflow_only)
+        print("format_only: ", format_only)
+        print("win_funcs_used: ", win_funcs_used)
 
         result = exploit(
             temp_file.name,

diff --git a/pyproject.toml b/pyproject.toml
@@ -15,6 +15,13 @@ grpcio = "^1.54.2"
 protobuf = "^4.23.2"
 click = "^8.1.3"
 hexdump = "^3.3"
+requests = "<2.32"
+angr = "^9.2.52"
+claripy = "^9.2.52"
+ipython = "^8.13.2"
+r2pipe = "^1.8.0"
+timeout-decorator = "^0.5.0"
+tqdm = "^4.65.0"
 commons = {path = "../commons"}
 zeratool_lib = {path = "../zeratool_lib"}