github.com/m1ddl3w4r3/Gat@v0.0.0-20221205171512-b6bb6e613409/Mangle.go (about) 1 package main 2 3 import ( 4 "bytes" 5 "flag" 6 "fmt" 7 "io/ioutil" 8 "log" 9 "math/rand" 10 "strconv" 11 "strings" 12 "time" 13 14 "github.com/Binject/debug/pe" 15 ) 16 17 var hex = "abcef12345678890" 18 19 func GenerateNumer(min, max int) string { 20 rand.Seed(time.Now().UnixNano()) 21 num := rand.Intn(max-min) + min 22 n := num 23 s := strconv.Itoa(n) 24 return s 25 26 } 27 28 func RandStringBytes(n int) string { 29 b := make([]byte, n) 30 for i := range b { 31 b[i] = hex[rand.Intn(len(hex))] 32 33 } 34 return string(b) 35 } 36 37 type FlagOptions struct { 38 outFile string 39 inputFile string 40 CertCloner string 41 GoStrip bool 42 size int 43 } 44 45 func options() *FlagOptions { 46 outFile := flag.String("O", "", "The new file name") 47 inputFile := flag.String("I", "", "Path to the orginal file") 48 CertCloner := flag.String("C", "", "Path to the file containing the certificate you want to clone") 49 GoStrip := flag.Bool("M", false, "Edit the PE file to strip out Go indicators") 50 size := flag.Int("S", 0, "How many MBs to increase the file by") 51 flag.Parse() 52 return &FlagOptions{outFile: *outFile, inputFile: *inputFile, CertCloner: *CertCloner, GoStrip: *GoStrip, size: *size} 53 } 54 55 func main() { 56 fmt.Println(` 57 _____ .__ 58 / \ _____ ____ ____ | | ____ 59 / \ / \\__ \ / \ / ___\| | _/ __ \ 60 / Y \/ __ \| | \/ /_/ > |_\ ___/ 61 \____|__ (____ /___| /\___ /|____/\___ > 62 \/ \/ \//_____/ \/ 63 (@Tyl0us)`) 64 65 opt := options() 66 if opt.inputFile == "" { 67 log.Fatal("Error: Please provide a path to a file you wish to mangle") 68 } 69 70 if opt.outFile == "" { 71 log.Fatal("Error: Please provide a name for the final file") 72 } 73 InputFileData, err := ioutil.ReadFile(opt.inputFile) 74 75 if err != nil { 76 log.Fatalf("Error: %s", err) 77 } 78 if opt.CertCloner != "" { 79 FiletoCopy, err := ioutil.ReadFile(opt.CertCloner) 80 if err != nil { 81 log.Fatalf("Error: %s", err) 82 } 83 InputFileData = Stealer(InputFileData, FiletoCopy) 84 } 85 if opt.size > 0 { 86 InputFileData = Padding(InputFileData, opt.size) 87 } 88 89 if opt.GoStrip == true { 90 InputFileData = GoEditor(InputFileData) 91 } 92 93 ioutil.WriteFile(opt.outFile, InputFileData, 0777) 94 95 } 96 97 func GoEditor(buff []byte) []byte { 98 gostringg1 := "to unallocated span37252902984619140625Arabic Standard TimeAzores Standard" 99 gostringg2 := "TimeCertFindChainInStoreCertOpenSystemStoreWChangeServiceConfigWCheckTokenMembershipCreateProcessAsUserWCryptAcquireContextWEgyptian_HieroglyphsEtwReplyNotificationGetAcceptExSockaddrsGetAdaptersAddressesGetCurrentDirectoryWGetFileAttributesExWGetModuleInformationGetProcessMemoryInfoGetWindowsDirectoryWIDS_Trinary_OperatorIsrael Standard TimeJordan Standard TimeMeroitic_Hieroglyphs" 100 gostringg3 := "Standard Timebad defer size classbad font file formatbad system page sizebad use of bucket.bpbad use of bucket.mpchan send (nil chan)close of nil channelconnection timed outdodeltimer0: wrong Pfloating point errorforcegc: phase errorgo of nil func valuegopark: bad g statusinconsistent lockedminvalid request" 101 gostringg4 := "codeinvalid write resultis a named type filekey has been revokedmalloc during signalnotetsleep not on g0p mcache not flushedpacer: assist ratio=preempt off reason: reflect.Value.SetIntreflect.makeFuncStubruntime: double waitruntime: unknown pc semaRoot rotateRighttime: invalid numbertrace: out of memorywirep: already in goworkbuf is not emptywrite of Go pointer ws2_32.dll not foundzlib: invalid header of unexported method previous allocCount=, levelBits[level] = 186264514923095703125931322574615478515625AdjustTokenPrivilegesAlaskan Standard TimeAnatolian_HieroglyphsArabian Standard TimeBelarus Standard TimeCentral Standard TimeChangeServiceConfig2WDeregisterEventSourceEastern Standard" 102 gostringg5 := "0123456789abcdefghijklmnopqrstuvwxyz444089209850062616169452667236328125Go pointer stored into non-Go memory" 103 gostringg6 := "buildinf:" 104 gostringg7 := " Go build ID:" 105 gostringg8 := "gogo" 106 gostringg9 := "goid" 107 gostringg10 := "go.buildid" 108 gostringg11 := "_cgo_dummy_export" 109 stringnum := []string{gostringg1, gostringg2, gostringg3, gostringg4, gostringg5, gostringg6, gostringg7, gostringg8, gostringg9, gostringg10, gostringg11} 110 111 mydata := string(buff) 112 for i := range stringnum { 113 val := RandStringBytes(len(stringnum[i])) 114 mydata = strings.ReplaceAll(string(mydata), stringnum[i], val) 115 } 116 return []byte(mydata) 117 118 } 119 120 func Padding(buff []byte, size int) []byte { 121 str1 := "0" 122 res1 := strings.Repeat(str1, (size * 1024 * 1024)) 123 sum := string(buff) + res1 124 mydata := []byte(sum) 125 return mydata 126 127 } 128 129 func Stealer(InputFileData, FiletoCopy []byte) []byte { 130 signedFileReader := bytes.NewReader(FiletoCopy) 131 signedPEFile, err := pe.NewFile(signedFileReader) 132 if err != nil { 133 134 } 135 136 targetFileReader := bytes.NewReader(InputFileData) 137 targetPEFile, err := pe.NewFile(targetFileReader) 138 if err != nil { 139 140 } 141 142 targetPEFile.CertificateTable = signedPEFile.CertificateTable 143 Data, err := targetPEFile.Bytes() 144 if err != nil { 145 } 146 147 return Data 148 }