Merge branch 'master' of https://github.com/werkamsus/lilith

CODE_OF_CONDUCT.md

@@ -0,0 +1,46 @@
+# Contributor Covenant Code of Conduct
+
+## Our Pledge
+
+In the interest of fostering an open and welcoming environment, we as contributors and maintainers pledge to making participation in our project and our community a harassment-free experience for everyone, regardless of age, body size, disability, ethnicity, gender identity and expression, level of experience, nationality, personal appearance, race, religion, or sexual identity and orientation.
+
+## Our Standards
+
+Examples of behavior that contributes to creating a positive environment include:
+
+* Using welcoming and inclusive language
+* Being respectful of differing viewpoints and experiences
+* Gracefully accepting constructive criticism
+* Focusing on what is best for the community
+* Showing empathy towards other community members
+
+Examples of unacceptable behavior by participants include:
+
+* The use of sexualized language or imagery and unwelcome sexual attention or advances
+* Trolling, insulting/derogatory comments, and personal or political attacks
+* Public or private harassment
+* Publishing others' private information, such as a physical or electronic address, without explicit permission
+* Other conduct which could reasonably be considered inappropriate in a professional setting
+
+## Our Responsibilities
+
+Project maintainers are responsible for clarifying the standards of acceptable behavior and are expected to take appropriate and fair corrective action in response to any instances of unacceptable behavior.
+
+Project maintainers have the right and responsibility to remove, edit, or reject comments, commits, code, wiki edits, issues, and other contributions that are not aligned to this Code of Conduct, or to ban temporarily or permanently any contributor for other behaviors that they deem inappropriate, threatening, offensive, or harmful.
+
+## Scope
+
+This Code of Conduct applies both within project spaces and in public spaces when an individual is representing the project or its community. Examples of representing a project or community include using an official project e-mail address, posting via an official social media account, or acting as an appointed representative at an online or offline event. Representation of a project may be further defined and clarified by project maintainers.
+
+## Enforcement
+
+Instances of abusive, harassing, or otherwise unacceptable behavior may be reported by contacting the project team at [email protected]. The project team will review and investigate all complaints, and will respond in a way that it deems appropriate to the circumstances. The project team is obligated to maintain confidentiality with regard to the reporter of an incident. Further details of specific enforcement policies may be posted separately.
+
+Project maintainers who do not follow or enforce the Code of Conduct in good faith may face temporary or permanent repercussions as determined by other members of the project's leadership.
+
+## Attribution
+
+This Code of Conduct is adapted from the [Contributor Covenant][homepage], version 1.4, available at [http://contributor-covenant.org/version/1/4][version]
+
+[homepage]: http://contributor-covenant.org
+[version]: http://contributor-covenant.org/version/1/4/

CONTRIBUTING.md

@@ -0,0 +1,13 @@
+# How to contribute
+
+1. Fork the Repository
+2. Create a branch for your feature (`git checkout -b new-feature`)
+3. Commit your changes (`git commit -am 'Added some new feature')
+4. Push to the branch (`git push origin new-feature`)
+5. Create new Pull Request
+
+Guidelines for Pull Requests
+---
+1. Try your best to keep your coding style clean
+2. Comment passages of code to make them more understandable
+3. Only make a single change per commit

README.md

@@ -1,2 +1,64 @@
-# lilith
-Lilith, The Open Source C++ Remote Administration Tool (RAT)
+# Lilith
+[![Build status](https://ci.appveyor.com/api/projects/status/0au5goobwkwhvmgu?svg=true)](https://ci.appveyor.com/project/werkamsus/lilith)
+
+**Free & Native Open Source C++ Remote Administration Tool for Windows**
+
+Lilith is a console-based ultra light-weight RAT developed in C++. It features a straight-forward set of [commands](#commands) that allows for near complete control of a machine.
+
+Features
+---
+* Remote Command Execution via
+  * CMD
+  * Powershell
+  * **Any** other console app
+* Extreme Modularity (see [this](#modularity))
+* Multiple Connections
+* Low Latency & Bandwith use
+* Auto-Install
+* Startup Persistence
+* Self-Erases
+* Error-Handler with logs
+
+Modularity
+---
+The modularity and expandability of this RAT are what it's been built on. That's how it manages to stay very compact, light-weight and fast. You can download other utilities like password recovery or keylogging tools via Powershell scripts (link to some useful scripts will follow soon) and then execute them as if they were running on your own machine. Afterwards you're able to upload the results (also with a ps script) or evaluate them on the spot (via the `type` command) in cmd.
+
+Commands
+---
+|Command|Syntax|Comment|
+|-------|------|---------|
+|connect|`connect <clientID>` (`connect 0`)|Connects to a Client|
+|exitSession|`exitSession`|Exits current session|
+|switchSession|`switchSession <clientID>` (`switchSession 2`)|Switches to another Client|
+|remoteControl|`remoteControl <C:\program.exe>` OR `remoteControl cmd`|[More Info](#remotecontrol)|
+|remoteControl|`remoteControl`|Exits remoteControl if already in remoteControl|
+|restart|`restart`|Restarts the Client|
+|kill|`kill`|Quits the Client|
+
+  ![Demo Image](/images/demo.png)
+
+General Description
+---
+At the core of this RAT lies it's unique ability to remotely execute commands via CMD, Powershell and almost all console-based applications. It has the capabilities to automatically install on startup and clean up behind itself. It also features an error-handler that logs any issues. As of now, it is not 100% stable. Under 'normal' conditions it runs smoothly and without any disturbances, but severe irregularities in input (i.e. messing around with it *a lot*) may cause crashes. This will be resolved in the near future.
+
+Requirements
+---
+* None!
+* Supported Operating Systems (32/64-bit)
+  * Windows XP SP3
+  * Windows Server 2003
+  * Windows Vista
+  * Windows Server 2008
+  * Windows 7
+  * Windows Server 2012
+  * Windows 8/8.1
+  * Windows 10
+
+[To-Do](https://github.com/werkamsus/lilith/blob/master/todo.md)
+---
+
+# More Info on Commands
+
+remoteControl
+---
+Shortcuts are: `cmd`, `pws`, `pws32` which stand for Command Prompt, Powershell and Powershell 32-Bit respectively. You can use these instead of a full path to the executable. Example: `remoteControl pws` will remote-control `C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe`.

todo.md

@@ -0,0 +1,82 @@
+# To-Do
+---
+
+Before you proceed to read:
+---
+This is a "blueprint" for what this piece of software is ultimately supposed to do. Feel free to suggest whatever comes to your mind!
+It is in no way spell-checked / organised / reader-friendly, as I've just written everything down i could think of at the time.
+Edit: I've tried to somehow structure it.
+
+---
+
+/* 		MALWARE BLUEPRINT 		*/
+/*	CREATION DATE: 01.02.2016	*/
+/* 			BY WERKAMSUS		*/
+
+
+
+///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
+Execution Flow:
+
+* FIRST RUN
+* copy file
+* set startup
+* melt old file
+* END OF FIRST RUN
+* NORMAL RUN
+* delay stuff etc.
+* check if files intact
+* check for commands (website, server whatevs.)
+* write date, information etc. to server (system profiling perhaps(?))
+* if no commands wait a couple of seconds then close (no idling, come up with task)
+
+///////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
+
+OLD MLWR.txt:
+
+* windows service
+* use technique for user elevation
+* inject dll into some process
+* forget about svchost, wont work.
+* windows service can be a process, but only on startup. 
+* (!!!) AND MAKE PROCESS CRITICAL / RELOAD DLL ON TERMINATION, BACKUP INJECTION?
+* (persitence with sources/KeepAlive(?))
+  * then inject (polymorphic?) dll into some process (explorer?[tooObv?] 
+  * csrss.exe(if possible)
+  * rundll32.exe(if possible)
+  * chrome
+  * services.exe
+  * spoolsv.exe, etc...)
+* [scan for processes, pick most suitable target, change on every application startup]
+* MAKE LAPTOP COMPATIBLE - backup service that checks if process is running / responding and restarts it if not (look into KeepAlive)
+
+* PWNAT tunneling (samy.pl/pwnat)
+* Shellter(?) [implement sourcecode]
+* PE Injection in general, look into: hooks etc.
+* powershell stuff? use trusted system tools as shell backdoor etc or to start applications
+
+* implement native (c++) microphone, camera etc hijacking
+* keylogger
+* screenshot tool etc
+* file manager (optional)
+* console, up / download possibilites
+* check for powershell possibilites
+* network scan tool
+* reverse proxy w/ pwnat (INCREDIBLE, LOOK INTO (!!!!!!))
+* registry manager
+* task manager (ofc lol)
+* antivirus manual removal tool (super advanced, dont bother until 1337 af)
+
+
+CONCEPT: powershell command in registry key that injects dll into process -> no .exe injection tool; ONLY DLL (.NET func. maybe)
+
+possible injection paths:
+
+"C:\Windows\SysWOW64\rundll32.exe"
+"C:\Users\werkamsus\AppData\Local\Microsoft\OneDrive\OneDrive.exe"
+chrome.exe that is NOT in a job
+"C:\Windows\System32\conhost.exe" (64bit, on 64bit OS, else 32(maybe))
+
+USEFUL FUNCTIONS:
+TO HIDE WINDOWS: https://msdn.microsoft.com/en-us/library/ms633548(VS.85).aspx