diff --git a/src/actions.rs b/src/actions.rs new file mode 100644 index 0000000..7088471 --- /dev/null +++ b/src/actions.rs @@ -0,0 +1,49 @@ +// SPDX-FileCopyrightText: 2023 The WAG development team +// +// SPDX-License-Identifier: GPL-3.0-or-later + +use crate::actions::{ + ads::ADS, drivers::Drivers, files::Files, mutexes::Mutexes, pipes::Pipes, processes::Processes, +}; +use clap::{Args, Subcommand}; + +pub mod ads; +pub mod drivers; +pub mod files; +pub mod mutexes; +pub mod pipes; +pub mod processes; + +#[derive(Debug, Args)] +pub struct Actions { + #[clap(subcommand)] + pub command: Commands, +} + +#[derive(Debug, Subcommand)] +pub enum Commands { + ADS(ADS), + Drivers(Drivers), + Files(Files), + Mutexes(Mutexes), + Pipes(Pipes), + Processes(Processes), +} + +pub trait Runnable { + fn run(&self) -> i32; +} + +impl Runnable for Actions { + fn run(&self) -> i32 { + return match &self.command { + Commands::ADS(ads) => ads as &dyn Runnable, + Commands::Drivers(drivers) => drivers, + Commands::Files(files) => files, + Commands::Mutexes(mutexes) => mutexes, + Commands::Pipes(pipes) => pipes, + Commands::Processes(processes) => processes, + } + .run(); + } +} diff --git a/src/actions/ads.rs b/src/actions/ads.rs new file mode 100644 index 0000000..782c0d2 --- /dev/null +++ b/src/actions/ads.rs @@ -0,0 +1,28 @@ +// SPDX-FileCopyrightText: 2023 The WAG development team +// +// SPDX-License-Identifier: GPL-3.0-or-later + +use crate::actions::{ads::create::Create, Runnable}; +use clap::{Args, Subcommand}; + +pub mod create; + +#[derive(Debug, Args)] +pub struct ADS { + #[clap(subcommand)] + pub command: Commands, +} + +#[derive(Debug, Subcommand)] +pub enum Commands { + Create(Create), +} + +impl Runnable for ADS { + fn run(&self) -> i32 { + return match &self.command { + Commands::Create(create) => create as &dyn Runnable, + } + .run(); + } +} diff --git a/src/malware/ads.rs b/src/actions/ads/create.rs similarity index 74% rename from src/malware/ads.rs rename to src/actions/ads/create.rs index 1b335d2..859df6b 100644 --- a/src/malware/ads.rs +++ b/src/actions/ads/create.rs @@ -6,13 +6,14 @@ // // Last update 20240224 +use crate::actions::Runnable; use base64::engine::{general_purpose, Engine}; use clap::Parser; use regex_generate::{Generator, DEFAULT_MAX_REPEAT}; use std::path::Path; -#[derive(Parser)] -pub struct ADS { +#[derive(Debug, Parser)] +pub struct Create { #[clap( short = 'f', long, @@ -35,8 +36,25 @@ pub struct ADS { fn create_ads(fullpath: String, adsname: String, hex_data: Vec) -> bool { let file_base: &Path = Path::new(&fullpath); if !file_base.exists() { - println!("Missing base file for ADS !"); - return false; + println!("Missing base file for ADS, try to create it"); + let folder: &Path = file_base.parent().unwrap(); + + let ret_folder: Result<(), std::io::Error> = std::fs::create_dir_all(folder); + match ret_folder { + Ok(_) => println!("The folder is valid"), + Err(_) => return false, + } + let ret_file: Result<(), std::io::Error> = std::fs::write( + file_base, + vec![ + 87, 105, 110, 100, 111, 119, 115, 32, 65, 114, 116, 101, 102, 97, 99, 116, 32, 71, + 101, 110, 101, 114, 97, 116, 111, 114, + ], + ); + match ret_file { + Ok(_) => println!("The base file is created"), + Err(_) => return false, + } } let full_ads_name: String = format!("{}:{}", fullpath, adsname); let file_ads: &Path = Path::new(&full_ads_name); @@ -47,9 +65,9 @@ fn create_ads(fullpath: String, adsname: String, hex_data: Vec) -> bool { } } -impl ADS { +impl Runnable for Create { /* Version 20230908 */ - pub fn run(&self) -> i32 { + fn run(&self) -> i32 { println!("Alternate Data Stream"); if self.filename.len() > 0 { diff --git a/src/actions/drivers.rs b/src/actions/drivers.rs new file mode 100644 index 0000000..0b6965f --- /dev/null +++ b/src/actions/drivers.rs @@ -0,0 +1,28 @@ +// SPDX-FileCopyrightText: 2023 The WAG development team +// +// SPDX-License-Identifier: GPL-3.0-or-later + +use crate::actions::{drivers::create::Create, Runnable}; +use clap::{Args, Subcommand}; + +pub mod create; + +#[derive(Debug, Args)] +pub struct Drivers { + #[clap(subcommand)] + pub command: Commands, +} + +#[derive(Debug, Subcommand)] +pub enum Commands { + Create(Create), +} + +impl Runnable for Drivers { + fn run(&self) -> i32 { + return match &self.command { + Commands::Create(create) => create as &dyn Runnable, + } + .run(); + } +} diff --git a/src/malware/service.rs b/src/actions/drivers/create.rs similarity index 96% rename from src/malware/service.rs rename to src/actions/drivers/create.rs index 7da993b..326a046 100644 --- a/src/malware/service.rs +++ b/src/actions/drivers/create.rs @@ -6,7 +6,7 @@ // // Last update 20240224 -use crate::windows::users::is_administrator; +use crate::{actions::Runnable, windows::users::is_administrator}; use clap::Parser; use std::{thread, time}; use windows::{ @@ -18,8 +18,8 @@ use windows::{ }, }; -#[derive(Parser)] -pub struct BYOVD { +#[derive(Debug, Parser)] +pub struct Create { #[clap( short = 'n', long, @@ -112,9 +112,9 @@ fn create_driver_service(name: &String, details: &String, path: &String) -> bool } } -impl BYOVD { +impl Runnable for Create { /* Version 20230908 */ - pub fn run(&self) -> i32 { + fn run(&self) -> i32 { println!("Bring Your Own Vulnerable Driver"); if !match is_administrator() { diff --git a/src/actions/files.rs b/src/actions/files.rs new file mode 100644 index 0000000..3c51ef2 --- /dev/null +++ b/src/actions/files.rs @@ -0,0 +1,28 @@ +// SPDX-FileCopyrightText: 2023 The WAG development team +// +// SPDX-License-Identifier: GPL-3.0-or-later + +use crate::actions::{files::create::Create, Runnable}; +use clap::{Args, Subcommand}; + +pub mod create; + +#[derive(Debug, Args)] +pub struct Files { + #[clap(subcommand)] + pub command: Commands, +} + +#[derive(Debug, Subcommand)] +pub enum Commands { + Create(Create), +} + +impl Runnable for Files { + fn run(&self) -> i32 { + return match &self.command { + Commands::Create(create) => create as &dyn Runnable, + } + .run(); + } +} diff --git a/src/malware/file.rs b/src/actions/files/create.rs similarity index 95% rename from src/malware/file.rs rename to src/actions/files/create.rs index d15c06a..e54c369 100644 --- a/src/malware/file.rs +++ b/src/actions/files/create.rs @@ -18,14 +18,14 @@ You can use `SET | more` or `Get-ChildItem Env:` to get the list */ -use crate::windows::users::is_administrator; +use crate::{actions::Runnable, windows::users::is_administrator}; use base64::engine::{general_purpose, Engine}; use clap::Parser; use regex_generate::{Generator, DEFAULT_MAX_REPEAT}; use std::{io::Result as IOResult, path::Path, thread, time, time::Duration}; -#[derive(Parser)] -pub struct FileCreate { +#[derive(Debug, Parser)] +pub struct Create { #[clap( short = 'f', long, @@ -83,8 +83,8 @@ fn create_file(fullpath: String, hex_data: Vec) -> bool { return false; } -impl FileCreate { - pub fn run(&self) -> i32 { +impl Runnable for Create { + fn run(&self) -> i32 { if self.admin && !match is_administrator() { Ok(is_admin) => is_admin, diff --git a/src/actions/mutexes.rs b/src/actions/mutexes.rs new file mode 100644 index 0000000..ba2c688 --- /dev/null +++ b/src/actions/mutexes.rs @@ -0,0 +1,28 @@ +// SPDX-FileCopyrightText: 2023 The WAG development team +// +// SPDX-License-Identifier: GPL-3.0-or-later + +use crate::actions::{mutexes::create::Create, Runnable}; +use clap::{Args, Subcommand}; + +pub mod create; + +#[derive(Debug, Args)] +pub struct Mutexes { + #[clap(subcommand)] + pub command: Commands, +} + +#[derive(Debug, Subcommand)] +pub enum Commands { + Create(Create), +} + +impl Runnable for Mutexes { + fn run(&self) -> i32 { + return match &self.command { + Commands::Create(create) => create as &dyn Runnable, + } + .run(); + } +} diff --git a/src/malware/mutex.rs b/src/actions/mutexes/create.rs similarity index 93% rename from src/malware/mutex.rs rename to src/actions/mutexes/create.rs index a41fa7b..07bc1ac 100644 --- a/src/malware/mutex.rs +++ b/src/actions/mutexes/create.rs @@ -6,6 +6,7 @@ // // Last update 20240224 +use crate::actions::Runnable; use clap::Parser; use regex_generate::{Generator, DEFAULT_MAX_REPEAT}; use std::{thread, time}; @@ -17,8 +18,8 @@ use windows::{ }, }; -#[derive(Parser)] -pub struct Mutex { +#[derive(Debug, Parser)] +pub struct Create { #[clap( short = 'n', long, @@ -37,8 +38,8 @@ fn create_mutex(name: &String, wait: u64) { let _res_server_pipe: WindowsResult<()> = unsafe { CloseHandle(mutex_handle.unwrap()) }; } -impl Mutex { - pub fn run(&self) -> i32 { +impl Runnable for Create { + fn run(&self) -> i32 { println!("Create Mutex"); let mut generator: Generator = diff --git a/src/actions/pipes.rs b/src/actions/pipes.rs new file mode 100644 index 0000000..add2a0a --- /dev/null +++ b/src/actions/pipes.rs @@ -0,0 +1,28 @@ +// SPDX-FileCopyrightText: 2023 The WAG development team +// +// SPDX-License-Identifier: GPL-3.0-or-later + +use crate::actions::{pipes::create::Create, Runnable}; +use clap::{Args, Subcommand}; + +pub mod create; + +#[derive(Debug, Args)] +pub struct Pipes { + #[clap(subcommand)] + pub command: Commands, +} + +#[derive(Debug, Subcommand)] +pub enum Commands { + Create(Create), +} + +impl Runnable for Pipes { + fn run(&self) -> i32 { + return match &self.command { + Commands::Create(create) => create as &dyn Runnable, + } + .run(); + } +} diff --git a/src/malware/namepipe.rs b/src/actions/pipes/create.rs similarity index 94% rename from src/malware/namepipe.rs rename to src/actions/pipes/create.rs index fc76838..2cc8d38 100644 --- a/src/malware/namepipe.rs +++ b/src/actions/pipes/create.rs @@ -6,7 +6,10 @@ // // Last update 20240224 +use crate::actions::Runnable; +use clap::Parser; use regex_generate::{Generator, DEFAULT_MAX_REPEAT}; +use std::{thread, time}; use windows::{ core::{Result as WindowsResult, PCSTR}, Win32::{ @@ -16,11 +19,8 @@ use windows::{ }, }; -use clap::Parser; -use std::{thread, time}; - -#[derive(Parser)] -pub struct NamePipe { +#[derive(Debug, Parser)] +pub struct Create { #[clap( short = 'n', long, @@ -50,8 +50,8 @@ fn create_name_pipe(name: &String, wait: u64) { let _res_server_pipe: WindowsResult<()> = unsafe { CloseHandle(server_pipe.unwrap()) }; } -impl NamePipe { - pub fn run(&self) -> i32 { +impl Runnable for Create { + fn run(&self) -> i32 { println!("Create NamePipe"); let mut generator: Generator = diff --git a/src/actions/processes.rs b/src/actions/processes.rs new file mode 100644 index 0000000..f0835a7 --- /dev/null +++ b/src/actions/processes.rs @@ -0,0 +1,28 @@ +// SPDX-FileCopyrightText: 2023 The WAG development team +// +// SPDX-License-Identifier: GPL-3.0-or-later + +use crate::actions::{processes::spoofing::Spoofing, Runnable}; +use clap::{Args, Subcommand}; + +pub mod spoofing; + +#[derive(Debug, Args)] +pub struct Processes { + #[clap(subcommand)] + pub command: Commands, +} + +#[derive(Debug, Subcommand)] +pub enum Commands { + Spoofing(Spoofing), +} + +impl Runnable for Processes { + fn run(&self) -> i32 { + return match &self.command { + Commands::Spoofing(spoofing) => spoofing as &dyn Runnable, + } + .run(); + } +} diff --git a/src/malware/ppid.rs b/src/actions/processes/spoofing.rs similarity index 95% rename from src/malware/ppid.rs rename to src/actions/processes/spoofing.rs index feeacf1..7f8a4e1 100644 --- a/src/malware/ppid.rs +++ b/src/actions/processes/spoofing.rs @@ -6,13 +6,12 @@ // // Last update 20240224 +use crate::actions::Runnable; use clap::Parser; - +use core::ffi::c_void; use rand::prelude::SliceRandom; +use std::{mem::size_of, thread, time::Duration}; use sysinfo::System; - -use core::ffi::c_void; -use std::mem::size_of; use windows::{ core::PSTR, Win32::{ @@ -29,10 +28,8 @@ use windows::{ }, }; -use std::{thread, time::Duration}; - -#[derive(Parser)] -pub struct PPID { +#[derive(Debug, Parser)] +pub struct Spoofing { #[clap( short = 'e', long, @@ -129,9 +126,9 @@ fn create_ppid(name: &String) -> bool { } } -impl PPID { +impl Runnable for Spoofing { /* Version 20240209 */ - pub fn run(&self) -> i32 { + fn run(&self) -> i32 { println!("PPID spoofing"); let result: bool = create_ppid(&self.executable); if result { diff --git a/src/cli.rs b/src/cli.rs index ebf489f..e10dd76 100644 --- a/src/cli.rs +++ b/src/cli.rs @@ -2,47 +2,18 @@ // // SPDX-License-Identifier: GPL-3.0-or-later -use crate::malware::{ - ads::ADS, file::FileCreate, mutex::Mutex, namepipe::NamePipe, ppid::PPID, service::BYOVD, -}; -use clap::Parser; +use crate::actions::Actions; +use clap::{Parser, Subcommand}; -#[derive(Parser)] +#[derive(Debug, Parser)] #[clap(author, version)] #[clap(arg_required_else_help = true)] pub struct Arguments { #[clap(subcommand)] - command: Option, + pub command: Commands, } -impl Arguments { - pub fn run(self) -> i32 { - match self.command { - Some(Commands::FileCreate(file_create)) => file_create.run(), - Some(Commands::ADS(ads)) => ads.run(), - Some(Commands::NamePipe(name_pipe)) => name_pipe.run(), - Some(Commands::Mutex(mutex)) => mutex.run(), - Some(Commands::BYOVD(byovd)) => byovd.run(), - Some(Commands::PPID(ppid)) => ppid.run(), - None => { - return 2; - } - } - } -} - -#[derive(Parser)] -enum Commands { - #[clap(arg_required_else_help = true)] - FileCreate(FileCreate), - #[clap(arg_required_else_help = true)] - ADS(ADS), - #[clap(arg_required_else_help = true)] - NamePipe(NamePipe), - #[clap(arg_required_else_help = true)] - Mutex(Mutex), - #[clap(arg_required_else_help = true)] - BYOVD(BYOVD), - #[clap(arg_required_else_help = true)] - PPID(PPID), +#[derive(Debug, Subcommand)] +pub enum Commands { + Actions(Actions), } diff --git a/src/main.rs b/src/main.rs index d5f43e6..357faf1 100644 --- a/src/main.rs +++ b/src/main.rs @@ -2,12 +2,13 @@ // // SPDX-License-Identifier: GPL-3.0-or-later +mod actions; mod cli; -mod malware; mod windows; +use actions::Runnable; use clap::Parser; -use cli::Arguments; +use cli::{Arguments, Commands}; fn banner() { let banner: &str = " @@ -25,10 +26,7 @@ fn banner() { fn main() -> () { banner(); - match Arguments::try_parse() { - Ok(arguments) => std::process::exit(arguments.run()), - Err(error) => { - error.exit(); - } - } + match Arguments::parse().command { + Commands::Actions(actions) => std::process::exit(actions.run()), + }; } diff --git a/src/malware.rs b/src/malware.rs deleted file mode 100644 index ad1cf64..0000000 --- a/src/malware.rs +++ /dev/null @@ -1,10 +0,0 @@ -// SPDX-FileCopyrightText: 2023 The WAG development team -// -// SPDX-License-Identifier: GPL-3.0-or-later - -pub mod ads; -pub mod file; -pub mod mutex; -pub mod namepipe; -pub mod ppid; -pub mod service;