feat: add output option (#8)

TomChv · web-flow · commit 6e5ad93f78f7 · 2023-07-16T18:48:17.000+02:00
This commit also refactor the overall project architecture to make it more scalable. It also adds tests on encryption method and a cleaner implementation of the loader.Compile function Resolves: #3 Signed-off-by: Vasek - Tom C <tom@quartz.technology>
diff --git a/.gitignore b/.gitignore
@@ -21,5 +21,6 @@
 go.work
 
 221b
+*.sh
 
 .idea
diff --git a/README.md b/README.md
@@ -32,10 +32,12 @@ Usage:
 Flags:
   -h, --help               help for bake
   -k, --key string         key to use for the xor
+  -o, --output string      Output path (e.g., /home/bin.exe)
   -s, --shellpath string   Path to the shell scrypt
 
 Global Flags:
       --debug   activate debug mode
+
 ```
 
 ## Example
diff --git a/cli/bake.go b/cli/bake.go
@@ -4,44 +4,52 @@ import (
 	"fmt"
 	"github.com/spf13/cobra"
 	"os"
+	"path/filepath"
+	"strings"
 
-	"github.com/cmepw/221b/encryption"
+	"github.com/cmepw/221b/encryption/xor"
 	"github.com/cmepw/221b/loader"
 	"github.com/cmepw/221b/logger"
 )
 
 var (
-	shellpath string
+	shellPath string
 	key       string
+	output    string
 )
 
 var (
-	ErrMissingShellpath = fmt.Errorf("missing shellpath argument")
+	ErrMissingShellPath = fmt.Errorf("missing shellPath argument")
 	ErrMissingKey       = fmt.Errorf("missing key argument")
 )
 
 var bake = &cobra.Command{
 	Use:   "bake",
 	Short: "Build a windows payload with the given shell encrypted in it to bypass AV",
 	Run: func(cmd *cobra.Command, args []string) {
-		if shellpath == "" {
-			logger.Fatal(ErrMissingShellpath)
+		if shellPath == "" {
+			logger.Fatal(ErrMissingShellPath)
 		}
 
 		if key == "" {
 			logger.Fatal(ErrMissingKey)
 		}
 
-		logger.Debug(fmt.Sprintf("baking %s with key %s", shellpath, key))
+		if output == "" {
+			output = strings.TrimSuffix(filepath.Base(shellPath), filepath.Ext(shellPath)) + loader.WindowsExt
+			logger.Warn(fmt.Sprintf("output path set to default: %s", output))
+		}
+
+		logger.Debug(fmt.Sprintf("baking %s with key %s", shellPath, key))
 
-		logger.Debug(fmt.Sprintf("reading %s", shellpath))
-		file, err := os.ReadFile(shellpath)
+		logger.Debug(fmt.Sprintf("reading %s", shellPath))
+		file, err := os.ReadFile(shellPath)
 		if err != nil {
 			logger.Fatal(err)
 		}
 
-		logger.Debug(fmt.Sprintf("encrypting %s", shellpath))
-		encryptedShell := encryption.Xor.Encrypt(file, []byte(key))
+		logger.Debug(fmt.Sprintf("encrypting %s", shellPath))
+		encryptedShell := xor.Encrypt(file, []byte(key))
 
 		logger.Debug(fmt.Sprintf("injecting encrypted shell into payload"))
 
@@ -56,13 +64,14 @@ var bake = &cobra.Command{
 			fmt.Println(string(content))
 		}
 
-		if err := xorLoader.Compile(shellpath, content); err != nil {
+		if err := xorLoader.Compile(output, content); err != nil {
 			logger.Fatal(err)
 		}
 	},
 }
 
 func init() {
-	bake.Flags().StringVarP(&shellpath, "shellpath", "s", "", "Path to the shell scrypt")
+	bake.Flags().StringVarP(&shellPath, "shellPath", "s", "", "path to the shell scrypt")
 	bake.Flags().StringVarP(&key, "key", "k", "", "key to use for the xor")
+	bake.Flags().StringVarP(&output, "output", "o", "", "output path (e.g., /home/bin.exe)")
 }
diff --git a/encryption/xor.go b/encryption/xor.go
diff --git a/encryption/xor/xor.go b/encryption/xor/xor.go
@@ -0,0 +1,25 @@
+// Package xor implements xor encryption and decryption.
+package xor
+
+// Decrypt apply xor on the content with the given key.
+// Note that it will actually update the given content.
+func Decrypt(content, key []byte) []byte {
+	keyLen := len(key)
+
+	for i := 0; i < len(content); i++ {
+		content[i] ^= key[i%keyLen]
+	}
+	return content
+}
+
+// Encrypt apply xor on the content with the given key.
+// Note that it will actually update the given content.
+func Encrypt(content, key []byte) []byte {
+	keyLen := len(key)
+
+	for i := 0; i < len(content); i++ {
+		content[i] ^= key[i%keyLen]
+	}
+
+	return content
+}
diff --git a/encryption/xor/xor_test.go b/encryption/xor/xor_test.go
@@ -0,0 +1,43 @@
+package xor
+
+import (
+	"bytes"
+	"github.com/stretchr/testify/require"
+	"testing"
+)
+
+func TestXor_EncryptDecrypt(t *testing.T) {
+	type TestCase struct {
+		content []byte
+		key     []byte
+	}
+
+	testsCases := map[string]TestCase{
+		"encrypt a simple string": {
+			content: []byte("hello world"),
+			key:     []byte("alwpkrMkgke"),
+		},
+		"encrypt a golang file": {
+			content: []byte(`
+package main
+
+import "fmt"
+
+func main() {
+	fmt.Println("hello Go!")
+}
+`),
+			key: []byte("mdfptiEdd"),
+		},
+	}
+
+	for name, tt := range testsCases {
+		t.Run(name, func(t *testing.T) {
+			encryptedContent := Encrypt(bytes.Clone(tt.content), tt.key)
+
+			require.NotEqual(t, tt.content, encryptedContent)
+			decryptedContent := Decrypt(encryptedContent, tt.key)
+			require.Equal(t, tt.content, decryptedContent)
+		})
+	}
+}
diff --git a/go.mod b/go.mod
@@ -2,9 +2,15 @@ module github.com/cmepw/221b
 
 go 1.20
 
-require github.com/spf13/cobra v1.7.0
+require (
+	github.com/spf13/cobra v1.7.0
+	github.com/stretchr/testify v1.8.4
+)
 
 require (
+	github.com/davecgh/go-spew v1.1.1 // indirect
 	github.com/inconshreveable/mousetrap v1.1.0 // indirect
+	github.com/pmezard/go-difflib v1.0.0 // indirect
 	github.com/spf13/pflag v1.0.5 // indirect
+	gopkg.in/yaml.v3 v3.0.1 // indirect
 )
diff --git a/go.sum b/go.sum
@@ -1,10 +1,18 @@
 github.com/cpuguy83/go-md2man/v2 v2.0.2/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o=
+github.com/davecgh/go-spew v1.1.1 h1:vj9j/u1bqnvCEfJOwUhtlOARqs3+rkHYY13jYWTU97c=
+github.com/davecgh/go-spew v1.1.1/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38=
 github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8=
 github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw=
+github.com/pmezard/go-difflib v1.0.0 h1:4DBwDE0NGyQoBHbLQYPwSUPoCMWR5BEzIk/f1lZbAQM=
+github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4=
 github.com/russross/blackfriday/v2 v2.1.0/go.mod h1:+Rmxgy9KzJVeS9/2gXHxylqXiyQDYRxCVz55jmeOWTM=
 github.com/spf13/cobra v1.7.0 h1:hyqWnYt1ZQShIddO5kBpj3vu05/++x6tJ6dg8EC572I=
 github.com/spf13/cobra v1.7.0/go.mod h1:uLxZILRyS/50WlhOIKD7W6V5bgeIt+4sICxh6uRMrb0=
 github.com/spf13/pflag v1.0.5 h1:iy+VFUOCP1a+8yFto/drg2CJ5u0yRoB7fZw3DKv/JXA=
 github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An2Bg=
+github.com/stretchr/testify v1.8.4 h1:CcVxjf3Q8PM0mHUKJCdn+eZZtm5yQwehR5yeSVQQcUk=
+github.com/stretchr/testify v1.8.4/go.mod h1:sz/lmYIOXD/1dqDmKjjqLyZ2RngseejIcXlSw2iwfAo=
+gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405 h1:yhCVgyC4o1eVCa2tZl7eS0r+SDo693bJlVdllGtEeKM=
 gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0=
+gopkg.in/yaml.v3 v3.0.1 h1:fxVm/GzAzEWqLHuvctI91KS9hhNmmWOoWu0XTYJS7CA=
 gopkg.in/yaml.v3 v3.0.1/go.mod h1:K4uyk7z7BCEPqu6E+C64Yfv1cQ7kz7rIZviUmN+EgEM=
diff --git a/loader/extension.go b/loader/extension.go
@@ -0,0 +1,3 @@
+package loader
+
+const WindowsExt = ".exe"
diff --git a/loader/loader.go b/loader/loader.go
@@ -5,7 +5,6 @@ import (
 	"os"
 	"os/exec"
 	"path/filepath"
-	"strings"
 
 	"github.com/cmepw/221b/logger"
 	"github.com/cmepw/221b/templates"
@@ -19,69 +18,80 @@ type Loader interface {
 type baseLoader struct{}
 
 const (
-	windowsExt = ".exe"
-	tmpFile    = "tmp.go"
+	tmpFile = "tmp.go"
+	tmpDir  = "/tmp/221b-compile"
 )
 
-func (b baseLoader) Compile(path string, content []byte) error {
-	outputPath := strings.TrimSuffix(filepath.Base(path), filepath.Ext(path)) + windowsExt
-
-	dir := "/tmp/test"
-	if err := os.MkdirAll(dir, 0750); err != nil {
-		logger.Error(fmt.Errorf("could not create temporary directory"))
+func (b baseLoader) Compile(outputPath string, content []byte) error {
+	if err := b.setupTmpDir(content); err != nil {
 		return err
 	}
-
 	defer func() {
-		_ = os.RemoveAll(dir)
+		logger.Debug(fmt.Sprintf("cleanup temporary dir %s", tmpDir))
+		_ = os.RemoveAll(tmpDir)
 	}()
 
-	// Set environment
-	logger.Debug("write content to temporary file")
-	if err := os.WriteFile(filepath.Join(dir, tmpFile), content, 0666); err != nil {
-		logger.Error(fmt.Errorf("could not write tmp file"))
-		return err
-	}
-
-	if err := os.WriteFile(filepath.Join(dir, "go.mod"), []byte(templates.GoMod), 0666); err != nil {
-		logger.Error(fmt.Errorf("could not write tmp go.mod file"))
-		return err
-	}
-
-	initCmd := exec.Command("go", "get", "-u", "golang.org/x/sys/windows")
-	initCmd.Dir = dir
-	initCmd.Stderr = os.Stderr
-	initCmd.Env = append(os.Environ(), "GOOS=windows", "GOARCH=amd64")
-	if err := initCmd.Run(); err != nil {
+	err := b.execCmd("go", "get", "-u", "golang.org/x/sys/windows")
+	if err != nil {
 		logger.Error(fmt.Errorf("could not install dependency"))
 		return err
 	}
 
 	logger.Debug("dependency installed")
+	logger.Debug("start compiling binary")
 
-	pwd, err := os.Getwd()
+	relOutputPath, err := filepath.Abs(outputPath)
 	if err != nil {
 		return err
 	}
 
-	buildCmd := exec.Command(
+	err = b.execCmd(
 		"go",
 		"build",
 		"-ldflags",
 		"-s -w -H=windowsgui",
 		"-o",
-		filepath.Join(pwd, outputPath),
-		filepath.Join(dir, tmpFile),
+		relOutputPath,
+		filepath.Join(tmpDir, tmpFile),
 	)
-	buildCmd.Env = append(os.Environ(), "GOOS=windows", "GOARCH=amd64")
-	buildCmd.Stderr = os.Stderr
-	buildCmd.Dir = dir
-
-	if err := buildCmd.Run(); err != nil {
+	if err != nil {
 		logger.Error(fmt.Errorf("failed to compile"))
 		return err
 	}
 
-	logger.Info(fmt.Sprintf("file compiled to %s", filepath.Join(pwd, outputPath)))
+	logger.Info(fmt.Sprintf("file compiled to %s", relOutputPath))
+
+	return nil
+}
+
+func (b baseLoader) execCmd(name string, args ...string) error {
+	logger.Debug(fmt.Sprintf("execute command %s", name))
+
+	cmd := exec.Command(name, args...)
+	cmd.Env = append(os.Environ(), "GOOS=windows", "GOARCH=amd64")
+	cmd.Stderr = os.Stderr
+	cmd.Dir = tmpDir
+
+	return cmd.Run()
+}
+
+func (b baseLoader) setupTmpDir(goFile []byte) error {
+	logger.Debug(fmt.Sprintf("setup temporary directory %s", tmpDir))
+
+	if err := os.MkdirAll(tmpDir, 0750); err != nil {
+		logger.Error(fmt.Errorf("could not create temporary directory"))
+		return err
+	}
+
+	if err := os.WriteFile(filepath.Join(tmpDir, tmpFile), goFile, 0666); err != nil {
+		logger.Error(fmt.Errorf("could not write tmp file"))
+		return err
+	}
+
+	if err := os.WriteFile(filepath.Join(tmpDir, "go.mod"), []byte(templates.GoMod), 0666); err != nil {
+		logger.Error(fmt.Errorf("could not write tmp go.mod file"))
+		return err
+	}
+
 	return nil
 }
diff --git a/logger/logger.go b/logger/logger.go
@@ -5,8 +5,6 @@ import (
 	"os"
 )
 
-var DebugMode = false
-
 func Debug(msg string) {
 	if DebugMode {
 		fmt.Printf("[*] %s\n", msg)
diff --git a/logger/mode.go b/logger/mode.go
@@ -0,0 +1,5 @@
+package logger
+
+// DebugMode is a global variable that can be set to true
+// to enable debug mode
+var DebugMode = false

-Original file line number
+Diff line change
 go.work
 b
 +*.sh
 .idea
Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+package loader`
	`2`	`+`
	`3`	`+const WindowsExt = ".exe"`
Original file line number	Diff line number	Diff line change
`@@ -5,8 +5,6 @@ import (`
`5`	`5`	`"os"`
`6`	`6`	`)`
`7`	`7`
`8`		`-var DebugMode = false`
`9`		`-`
`10`	`8`	`func Debug(msg string) {`
`11`	`9`	`if DebugMode {`
`12`	`10`	`fmt.Printf("[*] %s\n", msg)`