Created
September 26, 2017 13:19
-
-
Save silascutler/93356d2fb617be526cb07a72ab62552e to your computer and use it in GitHub Desktop.
Fast, Local script to sandbox PE files and record network activity
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| # (C) Silas `p1nk` Cutler 2017 | |
| # Simple Sandbox Runner | |
| VM_NAME="sandbox" | |
| VM_USER="administrator" | |
| VM_PASS="password" | |
| RUNTIME=300000 | |
| SAMPLE=$1 | |
| VGUESTCONTROL="vboxmanage --nologo guestcontrol" | |
| VCONTROL="VBoxManage --nologo controlvm" | |
| VSNAPSHOT="vboxmanage --nologo snapshot" | |
| VSTART="vboxmanage --nologo startvm" | |
| VMODIFY="vboxmanage --nologo modifyvm" | |
| SNNNAME="sa_$(date +%s).exe" | |
| MUTERES=" > /dev/null 2>&1" | |
| $VCONTROL $VM_NAME poweroff | |
| $VSNAPSHOT $VM_NAME restorecurrent | |
| echo "Starting Capture" | |
| $VMODIFY $VM_NAME --nictracefile1 $(pwd)/$SAMPLE.$(date +%s).pcap | |
| $VMODIFY $VM_NAME --nictrace1 on | |
| $VSTART $VM_NAME --type headless | |
| sleep 20 | |
| echo "Pushing File" | |
| cp $SAMPLE $SNNNAME | |
| $VGUESTCONTROL $VM_NAME --username "$VM_USER" --password "$VM_PASS" copyto $(pwd)/$SNNNAME --target-directory "C:/" | |
| rm $SNNNAME | |
| RUN_START=$(date +%s) | |
| $VGUESTCONTROL $VM_NAME --username "$VM_USER" --password "$VM_PASS" run --exe "C:/$SNNNAME" --timeout $RUNTIME | |
| RUN_STOP=$(date +%s) | |
| RUN_DIFF=$(expr $RUN_STOP - $RUN_START) | |
| RRUNTIME=$(expr $RUNTIME / 1000 ) | |
| if [ "$RUN_DIFF" -lt "$RRUNTIME" ] | |
| then | |
| echo "Sleeping for Diff" | |
| sleep $RUN_DIFF | |
| fi | |
| sleep 10 | |
| echo "Cleaning Up" | |
| $VCONTROL $VM_NAME poweroff | |
| $VMODIFY $VM_NAME --nictrace1 off | |
| $VSNAPSHOT $VM_NAME restorecurrent | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment