Added UPX packer integration

hideckies · Jul 26, 2024 · 8a9876f · 8a9876f
1 parent b874e9f
commit 8a9876f
Show file tree

Hide file tree

Showing 9 changed files with 280 additions and 170 deletions.
diff --git a/README.md b/README.md
@@ -25,6 +25,7 @@ I'm developing this for my learning purpose.
 - Common Evasion Techniques
 - Common Persistence Techniques
 - Anti-Debug
+- UPX Packer Integration
 - SQLite for saving data
 
 <br />

diff --git a/install.sh b/install.sh
@@ -69,7 +69,7 @@ get_linux_distro() {
 install_pkg_with_apk() {
     sudo apk -y update
     if [[ $target == "server" ]]; then
-        sudo apk -y add git alpine-sdk cmake nasm mingw-w64-gcc protobuf-compiler openssl python3-impacket python3-pefile
+        sudo apk -y add git alpine-sdk cmake nasm mingw-w64-gcc protobuf-compiler openssl upx python3-impacket python3-pefile
     elif [[ $target == "client" ]]; then
         sudo apk -y add git alpine-sdk cmake nasm mingw-w64-gcc protobuf-compiler
     fi
@@ -78,7 +78,7 @@ install_pkg_with_apk() {
 install_pkg_with_apt() {
     sudo apt -y update
     if [[ $target == "server" ]]; then
-        sudo apt -y install git build-essential cmake nasm g++-mingw-w64 protobuf-compiler openssl python3-impacket python3-pefile
+        sudo apt -y install git build-essential cmake nasm g++-mingw-w64 protobuf-compiler openssl upx-ucl python3-impacket python3-pefile
     elif [[ $target == "client" ]]; then
         sudo apt -y install git build-essential cmake nasm g++-mingw-w64 protobuf-compiler
     fi
@@ -88,7 +88,7 @@ install_pkg_with_dnf() {
     sudo dnf -y check-update
     if [[ $target == "server" ]]; then
         sudo dnf -y groupinstall "Development Tools" "Development Libraries"
-        sudo dnf -y install git cmake nasm mingw64-gcc-c++ protobuf-compiler openssl python3-impacket python3-pefile
+        sudo dnf -y install git cmake nasm mingw64-gcc-c++ protobuf-compiler openssl upx python3-impacket python3-pefile
     elif [[ $target == "client" ]]; then
         sudo dnf -y groupinstall "Development Tools" "Development Libraries"
         sudo dnf -y install git cmake nasm mingw64-gcc-c++ protobuf-compiler
@@ -98,7 +98,7 @@ install_pkg_with_dnf() {
 install_pkg_with_brew() {
     brew update
     if [[ $target == "server" ]]; then
-        brew install git cmake nasm mingw-w64 protobuf openssl python3
+        brew install git cmake nasm mingw-w64 protobuf openssl upx python3
         pip3 install impacket pefile
     elif [[ $target == "client" ]]; then
         brew install git cmake nasm mingw-w64 protobuf openssl

diff --git a/pkg/client/rpc/request.go b/pkg/client/rpc/request.go
@@ -213,6 +213,7 @@ func RequestPayloadImplantGenerate(clientState *state.ClientState, imp *payload.
 		KillDate:         int64(imp.KillDate),
 		IndirectSyscalls: imp.IndirectSyscalls,
 		AntiDebug:        imp.AntiDebug,
+		CompLevel:        int64(imp.CompLevel),
 	})
 	if err != nil {
 		return []byte{}, err
@@ -233,6 +234,7 @@ func RequestPayloadLoaderGenerate(clientState *state.ClientState, ldr *payload.L
 		ProcessToInject:  ldr.ProcessToInject,
 		IndirectSyscalls: ldr.IndirectSyscalls,
 		AntiDebug:        ldr.AntiDebug,
+		CompLevel:        int64(ldr.CompLevel),
 	})
 	if err != nil {
 		return []byte{}, err

diff --git a/pkg/common/wizard/payload.go b/pkg/common/wizard/payload.go
@@ -318,6 +318,28 @@ func WizardPayloadImplant(
 		break
 	}
 
+	// Set compresssion (UPX) level
+	var oCompLevel uint64 = 0
+	if oFormat == "dll" || oFormat == "exe" {
+		for {
+			res, err := stdin.ReadInput("UPX Compression Level (select between 0 and 9)", strconv.FormatUint(oCompLevel, 10))
+			if err != nil {
+				stdout.LogFailed(fmt.Sprint(err))
+				continue
+			}
+			oCompLevel, err = strconv.ParseUint(res, 10, 64)
+			if err != nil {
+				stdout.LogFailed(fmt.Sprint(err))
+				continue
+			}
+			if 9 < oCompLevel {
+				stdout.LogFailed("Select the level between 0 and 9.")
+				continue
+			}
+			break
+		}
+	}
+
 	table := []stdout.SingleTableItem{
 		stdout.NewSingleTableItem("Type", oType),
 		stdout.NewSingleTableItem("Target OS", oOs),
@@ -329,6 +351,7 @@ func WizardPayloadImplant(
 		stdout.NewSingleTableItem("KillDate (UTC)", oKillDateStr),
 		stdout.NewSingleTableItem("Indirect Syscalls", fmt.Sprintf("%t", oIndirectSyscalls)),
 		stdout.NewSingleTableItem("Anti-Debug", fmt.Sprintf("%t", oAntiDebug)),
+		stdout.NewSingleTableItem("UPX Compression Level", fmt.Sprintf("%d", oCompLevel)),
 	}
 	stdout.PrintSingleTable("Implant Options", table)
 
@@ -359,6 +382,7 @@ func WizardPayloadImplant(
 		oKillDate,
 		oIndirectSyscalls,
 		oAntiDebug,
+		oCompLevel,
 	), nil
 }
 
@@ -505,6 +529,28 @@ func WizardPayloadLoader(
 		break
 	}
 
+	// Set compresssion (UPX) level
+	var oCompLevel uint64 = 0
+	if oFormat == "dll" || oFormat == "exe" {
+		for {
+			res, err := stdin.ReadInput("UPX Compression Level (select between 0 and 9)", strconv.FormatUint(oCompLevel, 10))
+			if err != nil {
+				stdout.LogFailed(fmt.Sprint(err))
+				continue
+			}
+			oCompLevel, err = strconv.ParseUint(res, 10, 64)
+			if err != nil {
+				stdout.LogFailed(fmt.Sprint(err))
+				continue
+			}
+			if 9 < oCompLevel {
+				stdout.LogFailed("Select the level between 0 and 9.")
+				continue
+			}
+			break
+		}
+	}
+
 	table := []stdout.SingleTableItem{
 		stdout.NewSingleTableItem("Target OS", oOs),
 		stdout.NewSingleTableItem("Target Arch", oArch),
@@ -516,6 +562,7 @@ func WizardPayloadLoader(
 		stdout.NewSingleTableItem("Target Process", oProcessToInject),
 		stdout.NewSingleTableItem("Indirect Syscalls", fmt.Sprintf("%t", oIndirectSyscalls)),
 		stdout.NewSingleTableItem("Anti-Debug", fmt.Sprintf("%t", oAntiDebug)),
+		stdout.NewSingleTableItem("UPX Compression Level", fmt.Sprintf("%d", oCompLevel)),
 	}
 	stdout.PrintSingleTable("Loader Options", table)
 
@@ -548,6 +595,7 @@ func WizardPayloadLoader(
 		oProcessToInject,
 		oIndirectSyscalls,
 		oAntiDebug,
+		oCompLevel,
 	), nil
 }