github.com/m1ddl3w4r3/Gat@v0.0.0-20221205171512-b6bb6e613409/Mangle.go (about)

     1  package main
     2  
     3  import (
     4  	"bytes"
     5  	"flag"
     6  	"fmt"
     7  	"io/ioutil"
     8  	"log"
     9  	"math/rand"
    10  	"strconv"
    11  	"strings"
    12  	"time"
    13  
    14  	"github.com/Binject/debug/pe"
    15  )
    16  
    17  var hex = "abcef12345678890"
    18  
    19  func GenerateNumer(min, max int) string {
    20  	rand.Seed(time.Now().UnixNano())
    21  	num := rand.Intn(max-min) + min
    22  	n := num
    23  	s := strconv.Itoa(n)
    24  	return s
    25  
    26  }
    27  
    28  func RandStringBytes(n int) string {
    29  	b := make([]byte, n)
    30  	for i := range b {
    31  		b[i] = hex[rand.Intn(len(hex))]
    32  
    33  	}
    34  	return string(b)
    35  }
    36  
    37  type FlagOptions struct {
    38  	outFile    string
    39  	inputFile  string
    40  	CertCloner string
    41  	GoStrip    bool
    42  	size       int
    43  }
    44  
    45  func options() *FlagOptions {
    46  	outFile := flag.String("O", "", "The new file name")
    47  	inputFile := flag.String("I", "", "Path to the orginal file")
    48  	CertCloner := flag.String("C", "", "Path to the file containing the certificate you want to clone")
    49  	GoStrip := flag.Bool("M", false, "Edit the PE file to strip out Go indicators")
    50  	size := flag.Int("S", 0, "How many MBs to increase the file by")
    51  	flag.Parse()
    52  	return &FlagOptions{outFile: *outFile, inputFile: *inputFile, CertCloner: *CertCloner, GoStrip: *GoStrip, size: *size}
    53  }
    54  
    55  func main() {
    56  	fmt.Println(` 
    57  	   _____                        .__          
    58  	  /     \ _____    ____    ____ |  |   ____  
    59  	 /  \ /  \\__  \  /    \  / ___\|  | _/ __ \ 
    60  	/    Y    \/ __ \|   |  \/ /_/  >  |_\  ___/ 
    61  	\____|__  (____  /___|  /\___  /|____/\___  >
    62  		\/     \/     \//_____/   	  \/                    
    63  					(@Tyl0us)`)
    64  
    65  	opt := options()
    66  	if opt.inputFile == "" {
    67  		log.Fatal("Error: Please provide a path to a file you wish to mangle")
    68  	}
    69  
    70  	if opt.outFile == "" {
    71  		log.Fatal("Error: Please provide a name for the final file")
    72  	}
    73  	InputFileData, err := ioutil.ReadFile(opt.inputFile)
    74  
    75  	if err != nil {
    76  		log.Fatalf("Error: %s", err)
    77  	}
    78  	if opt.CertCloner != "" {
    79  		FiletoCopy, err := ioutil.ReadFile(opt.CertCloner)
    80  		if err != nil {
    81  			log.Fatalf("Error: %s", err)
    82  		}
    83  		InputFileData = Stealer(InputFileData, FiletoCopy)
    84  	}
    85  	if opt.size > 0 {
    86  		InputFileData = Padding(InputFileData, opt.size)
    87  	}
    88  
    89  	if opt.GoStrip == true {
    90  		InputFileData = GoEditor(InputFileData)
    91  	}
    92  
    93  	ioutil.WriteFile(opt.outFile, InputFileData, 0777)
    94  
    95  }
    96  
    97  func GoEditor(buff []byte) []byte {
    98  	gostringg1 := "to unallocated span37252902984619140625Arabic Standard TimeAzores Standard"
    99  	gostringg2 := "TimeCertFindChainInStoreCertOpenSystemStoreWChangeServiceConfigWCheckTokenMembershipCreateProcessAsUserWCryptAcquireContextWEgyptian_HieroglyphsEtwReplyNotificationGetAcceptExSockaddrsGetAdaptersAddressesGetCurrentDirectoryWGetFileAttributesExWGetModuleInformationGetProcessMemoryInfoGetWindowsDirectoryWIDS_Trinary_OperatorIsrael Standard TimeJordan Standard TimeMeroitic_Hieroglyphs"
   100  	gostringg3 := "Standard Timebad defer size classbad font file formatbad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of nil channelconnection timed outdodeltimer0: wrong Pfloating point errorforcegc: phase errorgo of nil func valuegopark: bad g statusinconsistent lockedminvalid request"
   101  	gostringg4 := "codeinvalid write resultis a named type filekey has been revokedmalloc during signalnotetsleep not on g0p mcache not flushedpacer: assist ratio=preempt off reason: reflect.Value.SetIntreflect.makeFuncStubruntime: double waitruntime: unknown pc semaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not foundzlib: invalid header of unexported method previous allocCount=, levelBits[level] = 186264514923095703125931322574615478515625AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCentral Standard TimeChangeServiceConfig2WDeregisterEventSourceEastern Standard"
   102  	gostringg5 := "0123456789abcdefghijklmnopqrstuvwxyz444089209850062616169452667236328125Go pointer stored into non-Go memory"
   103  	gostringg6 := "buildinf:"
   104  	gostringg7 := " Go build ID:"
   105  	gostringg8 := "gogo"
   106  	gostringg9 := "goid"
   107  	gostringg10 := "go.buildid"
   108  	gostringg11 := "_cgo_dummy_export"
   109  	stringnum := []string{gostringg1, gostringg2, gostringg3, gostringg4, gostringg5, gostringg6, gostringg7, gostringg8, gostringg9, gostringg10, gostringg11}
   110  
   111  	mydata := string(buff)
   112  	for i := range stringnum {
   113  		val := RandStringBytes(len(stringnum[i]))
   114  		mydata = strings.ReplaceAll(string(mydata), stringnum[i], val)
   115  	}
   116  	return []byte(mydata)
   117  
   118  }
   119  
   120  func Padding(buff []byte, size int) []byte {
   121  	str1 := "0"
   122  	res1 := strings.Repeat(str1, (size * 1024 * 1024))
   123  	sum := string(buff) + res1
   124  	mydata := []byte(sum)
   125  	return mydata
   126  
   127  }
   128  
   129  func Stealer(InputFileData, FiletoCopy []byte) []byte {
   130  	signedFileReader := bytes.NewReader(FiletoCopy)
   131  	signedPEFile, err := pe.NewFile(signedFileReader)
   132  	if err != nil {
   133  
   134  	}
   135  
   136  	targetFileReader := bytes.NewReader(InputFileData)
   137  	targetPEFile, err := pe.NewFile(targetFileReader)
   138  	if err != nil {
   139  
   140  	}
   141  
   142  	targetPEFile.CertificateTable = signedPEFile.CertificateTable
   143  	Data, err := targetPEFile.Bytes()
   144  	if err != nil {
   145  	}
   146  
   147  	return Data
   148  }