240 lines
4.1 KiB
Python
240 lines
4.1 KiB
Python
#!/usr/bin/env python3
|
|
# -*- coding:utf-8 -*-
|
|
|
|
import sys
|
|
|
|
def djb2a(input_str: str) -> int:
|
|
input_str = input_str.lower()
|
|
hash_value = 1572
|
|
for char in input_str:
|
|
hash_value = ((hash_value << 5) + hash_value) + ord(char)
|
|
return hash_value & 0xFFFFFFFF
|
|
|
|
def djb2w(input_str: str) -> int:
|
|
input_str = input_str.lower()
|
|
hash_value = 1572
|
|
for i in range(0, len(input_str), 2):
|
|
val = int.from_bytes(input_str[i:i+2].encode(), 'little')
|
|
hash_value = ((hash_value << 5) + hash_value) + val
|
|
return hash_value & 0xFFFFFFFF
|
|
|
|
##############################################
|
|
|
|
libs = """
|
|
// ntdll.dll
|
|
n\x00t\x00d\x00l\x00l\x00.\x00d\x00l\x00l\x00
|
|
// kernel32.dll
|
|
k\x00e\x00r\x00n\x00e\x00l\x003\x002\x00.\x00d\x00l\x00l\x00
|
|
// iphlpapi.dll
|
|
i\x00p\x00h\x00l\x00p\x00a\x00p\x00i\x00.\x00d\x00l\x00l\x00
|
|
// advapi32.dll
|
|
a\x00d\x00v\x00a\x00p\x00i\x003\x002\x00.\x00d\x00l\x00l\x00
|
|
// msvcrt.dll
|
|
m\x00s\x00v\x00c\x00r\x00t\x00.\x00d\x00l\x00l\x00
|
|
"""
|
|
|
|
functions = """
|
|
//ntdll
|
|
NtClose
|
|
NtContinue
|
|
NtFreeVirtualMemory
|
|
NtQueryInformationProcess
|
|
NtQuerySystemInformation
|
|
NtOpenProcess
|
|
NtOpenProcessToken
|
|
NtOpenThreadToken
|
|
NtTerminateThread
|
|
NtTerminateProcess
|
|
RtlGetVersion
|
|
RtlExitUserThread
|
|
RtlExitUserProcess
|
|
RtlIpv4StringToAddressA
|
|
RtlRandomEx
|
|
RtlNtStatusToDosError
|
|
NtFlushInstructionCache
|
|
|
|
//kernel32
|
|
ConnectNamedPipe
|
|
CopyFileA
|
|
CreateDirectoryA
|
|
CreateEventA
|
|
CreateFileA
|
|
CreateNamedPipeA
|
|
CreatePipe
|
|
CreateProcessA
|
|
CreateThread
|
|
DeleteCriticalSection
|
|
DeleteFileA
|
|
DisconnectNamedPipe
|
|
EnterCriticalSection
|
|
FindClose
|
|
FindFirstFileA
|
|
FindNextFileA
|
|
FreeLibrary
|
|
FlushFileBuffers
|
|
GetACP
|
|
GetComputerNameExA
|
|
GetCurrentDirectoryA
|
|
GetDriveTypeA
|
|
GetExitCodeProcess
|
|
GetExitCodeThread
|
|
GetFileSize
|
|
GetFileAttributesA
|
|
GetFullPathNameA
|
|
GetLastError
|
|
GetLogicalDrives
|
|
GetOEMCP
|
|
K32GetModuleBaseNameA
|
|
GetModuleBaseNameA
|
|
GetModuleHandleA
|
|
GetProcAddress
|
|
GetLocalTime
|
|
GetSystemTimeAsFileTime
|
|
GetTickCount
|
|
GetTimeZoneInformation
|
|
GetUserNameA
|
|
HeapAlloc
|
|
HeapCreate
|
|
HeapDestroy
|
|
HeapReAlloc
|
|
HeapFree
|
|
InitializeCriticalSection
|
|
IsWow64Process
|
|
LoadLibraryA
|
|
LocalAlloc
|
|
LocalFree
|
|
LocalReAlloc
|
|
LeaveCriticalSection
|
|
MoveFileA
|
|
MultiByteToWideChar
|
|
PeekNamedPipe
|
|
ReadFile
|
|
RemoveDirectoryA
|
|
RtlCaptureContext
|
|
SetCurrentDirectoryA
|
|
SetEvent
|
|
SetNamedPipeHandleState
|
|
Sleep
|
|
VirtualAlloc
|
|
VirtualFree
|
|
WaitForSingleObject
|
|
WaitNamedPipeA
|
|
WideCharToMultiByte
|
|
WriteFile
|
|
|
|
// iphlpapi
|
|
GetAdaptersInfo
|
|
|
|
// advapi32
|
|
AllocateAndInitializeSid
|
|
GetTokenInformation
|
|
InitializeSecurityDescriptor
|
|
ImpersonateLoggedOnUser
|
|
FreeSid
|
|
LookupAccountSidA
|
|
RevertToSelf
|
|
SetThreadToken
|
|
SetEntriesInAclA
|
|
SetSecurityDescriptorDacl
|
|
DuplicateTokenEx
|
|
CreateProcessAsUserA
|
|
|
|
// msvcrt
|
|
printf
|
|
vsnprintf
|
|
_snprintf
|
|
|
|
// BOF
|
|
BeaconDataParse
|
|
BeaconDataInt
|
|
BeaconDataShort
|
|
BeaconDataLength
|
|
BeaconDataExtract
|
|
BeaconFormatAlloc
|
|
BeaconFormatReset
|
|
BeaconFormatAppend
|
|
BeaconFormatPrintf
|
|
BeaconFormatToString
|
|
BeaconFormatFree
|
|
BeaconFormatInt
|
|
BeaconOutput
|
|
BeaconPrintf
|
|
BeaconUseToken
|
|
BeaconRevertToken
|
|
BeaconIsAdmin
|
|
BeaconGetSpawnTo
|
|
BeaconInjectProcess
|
|
BeaconInjectTemporaryProcess
|
|
BeaconSpawnTemporaryProcess
|
|
BeaconCleanupProcess
|
|
toWideChar
|
|
BeaconInformation
|
|
BeaconAddValue
|
|
BeaconGetValue
|
|
BeaconRemoveValue
|
|
LoadLibraryA
|
|
GetProcAddress
|
|
GetModuleHandleA
|
|
FreeLibrary
|
|
__C_specific_handler
|
|
AxAddScreenshot
|
|
AxDownloadMemory
|
|
// Async BOF
|
|
BeaconRegisterThreadCallback
|
|
BeaconUnregisterThreadCallback
|
|
BeaconWakeup
|
|
|
|
// wininet
|
|
InternetOpenA
|
|
InternetConnectA
|
|
HttpOpenRequestA
|
|
HttpSendRequestA
|
|
InternetSetOptionA
|
|
InternetQueryOptionA
|
|
HttpQueryInfoA
|
|
InternetQueryDataAvailable
|
|
InternetCloseHandle
|
|
InternetReadFile
|
|
|
|
// ws2_32
|
|
WSAStartup
|
|
WSACleanup
|
|
socket
|
|
gethostbyname
|
|
ioctlsocket
|
|
connect
|
|
setsockopt
|
|
getsockopt
|
|
WSAGetLastError
|
|
closesocket
|
|
select
|
|
__WSAFDIsSet
|
|
shutdown
|
|
recv
|
|
send
|
|
accept
|
|
bind
|
|
listen
|
|
recvfrom
|
|
sendto
|
|
"""
|
|
|
|
##############################################
|
|
|
|
print('#pragma once')
|
|
|
|
for f in libs.split('\n'):
|
|
if len(f) == 0:
|
|
print()
|
|
elif f[:2]=='//':
|
|
continue
|
|
else:
|
|
print('#define HASH_LIB_%s%s0x%x' % ( f.upper().split(".")[0], (35-len(f))*" ", djb2w(f) ) )
|
|
|
|
for f in functions.split('\n'):
|
|
if len(f) == 0:
|
|
print()
|
|
elif f[:2]=='//':
|
|
print(f)
|
|
else:
|
|
print('#define HASH_FUNC_%s%s0x%x' % ( f.upper(), (35-len(f))*" ", djb2a(f) ) ) |