-
Notifications
You must be signed in to change notification settings - Fork 313
/
crypt_executables.py
149 lines (117 loc) · 5.02 KB
/
crypt_executables.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
#!/usr/bin/env python3
"""
Filename: crypt_executables.py
Description: This script will crawl the target directory and
automatically zip compress/decompress either executables
(.exe and .dll) or zip-compresed files using a password.
Example Usage:
1. python3 crypt_executables.py -i emu_plan_dir --encrypt -p malware
2. python3 crypt_executables.py -i emu_plan_dir --decrypt -p malware
3. python3 crypt_executables.py -i emu_plan_dir --encrypt -p malware --delete --quiet
4. python3 crypt_executables.py -i emu_plan_dir --decrypt -p malware --delete --quiet
Version: 1.0
Created: April 6th, 2021
Author(s): Michael C. Long II
Organization: MITRE Engenuity
References(s): N/A
"""
import argparse
import getpass
import os
import sys
import warnings
try:
import pyminizip
except ImportError:
print("[-] Error - Unable to import 'pyminizip'.")
print("[-] Verify you have installed dependencies:")
print("\t\t Ubuntu: apt-get install zlib1g")
print("\t\t MacOS: homebrew install zlib")
print("\t\tAll OS's: pip3 install pyminizip")
print()
print("[-] See URL for more info: https://github.com/smihica/pyminizip")
sys.exit(-1)
def get_file_paths(target_dir):
""" Returns a list of files with their full path """
dir_listing = os.listdir(target_dir)
all_files = list()
for file in dir_listing:
full_path = os.path.join(target_dir, file)
if os.path.isdir(full_path):
all_files = all_files + get_file_paths(full_path)
else:
all_files.append(full_path)
return all_files
def zip_encrypt_file(file_to_encrypt, password):
""" Zip compress file with password """
dst_file = file_to_encrypt + ".zip"
print("[+] Zip-Encrypting file: ", file_to_encrypt)
# Ignore deprecation warnings so we don't flood the console with garbage
# This is a known issue in pyminizip; see: https://github.com/smihica/pyminizip/issues/34
with warnings.catch_warnings():
warnings.filterwarnings("ignore", category=DeprecationWarning)
pyminizip.compress(file_to_encrypt, None, dst_file, password, 0)
def zip_decrypt_file(file_to_decrypt, password):
""" Zip decompress file with password """
print("[i] Decompressing file: ", file_to_decrypt)
dst_directory = os.path.dirname(file_to_decrypt)
# Ignore deprecation warnings so we don't flood the console with garbage
# This is a known issue in pyminizip; see: https://github.com/smihica/pyminizip/issues/34
with warnings.catch_warnings():
warnings.filterwarnings("ignore", category=DeprecationWarning)
pyminizip.uncompress(file_to_decrypt, password, dst_directory, 0)
def delete_file(file_to_delete, quiet):
""" Delete file from filesystem """
response = "y"
if not quiet:
print(f"[!] Delete file? {file_to_delete}")
response = input("[Y/N]> ")
response = response.lower().strip()
if response == "y":
print(f"[!] Deleting flie: {file_to_delete}")
os.remove(file_to_delete)
else:
print(f"Skipping file deletion")
def main():
""" Script entry point """
# Setup command line arguments
parser = argparse.ArgumentParser()
parser.add_argument("-i", "--indir", required=True,
help="Directory to locate executables or zip files")
parser.add_argument("-p", "--password", required=False,
help="Password to encrypt/decrypt files")
parser.add_argument("-e", "--encrypt", action="store_true",
help="Zip-Encrypt files")
parser.add_argument("-d", "--decrypt", action="store_true",
help="Zip-Decrypt files")
parser.add_argument("--delete", action="store_true",
help="Delete source files after encrypting/decrypting")
parser.add_argument("--quiet", action="store_true",
help="Delete unencrypted files without prompts (dangerous!)")
args = parser.parse_args()
target_dir = args.indir
password = args.password
if not password:
print("[i] Enter encryption/decryption password:")
password = getpass.getpass("> ")
cwd = os.getcwd()
# get full path for each file in directory (recursive)
files_to_crypt = get_file_paths(target_dir)
for file in files_to_crypt:
if args.encrypt:
if file.endswith(".exe") or file.endswith(".dll"):
zip_encrypt_file(file, password)
if args.delete:
delete_file(file, args.quiet)
elif args.decrypt:
if file.endswith(".zip"):
zip_decrypt_file(file, password)
os.chdir(cwd)
if args.delete:
delete_file(file, args.quiet)
else:
print("[-] Unexpected error; check usage.")
parser.print_help()
break
if __name__ == "__main__":
main()