-
-
Save hasherezade/86dd770cba355e0c4b950268869a5921 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #pragma once | |
| #include <windows.h> | |
| __int64 __fastcall check_if_attacked_extension(int name_hash, int flag); | |
| __int64 __fastcall calculate_extension_hash(const WCHAR* filename); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <windows.h> | |
| #include <iostream> | |
| #include "util.h" | |
| #include "magni_api.h" | |
| #include <string> | |
| #include <set> | |
| BYTE* g_Shellc = nullptr; | |
| size_t g_ShellcSize = 0; | |
| decltype(&check_if_attacked_extension) _check_if_attacked_extension = nullptr; | |
| decltype(&calculate_extension_hash) _calculate_extension_hash = nullptr; | |
| bool init_functions() | |
| { | |
| if (!g_Shellc) return false; | |
| _check_if_attacked_extension = reinterpret_cast<decltype(&check_if_attacked_extension)>(g_Shellc + 0x6330); | |
| _calculate_extension_hash = reinterpret_cast<decltype(&calculate_extension_hash)>(g_Shellc + 0x63d0); | |
| return true; | |
| } | |
| void brutforce_round(WCHAR *ext, size_t round, size_t max, std::set<std::wstring>& list0, std::set<std::wstring> &list1) | |
| { | |
| if (round > max) { | |
| return; | |
| } | |
| if (round == max) { | |
| std::wstring filename = L"name."; | |
| filename.append(ext); | |
| long long hash = _calculate_extension_hash(filename.c_str()); | |
| bool is_list1 = _check_if_attacked_extension(hash, 1); | |
| bool is_list0 = _check_if_attacked_extension(hash, 0); | |
| if (is_list0) { | |
| list0.insert(ext); | |
| } | |
| if (is_list1) { | |
| list1.insert(ext); | |
| } | |
| } | |
| if (round < max) { | |
| for (ext[round] = 'a'; ext[round] <= 'z'; ++ext[round]) { | |
| brutforce_round(ext, round+1, max, list0, list1); | |
| } | |
| } | |
| } | |
| void brutforce_ext() | |
| { | |
| const size_t max = 5; | |
| WCHAR ext[max + 1] = { 0 }; | |
| std::set<std::wstring> list1; | |
| std::set<std::wstring> list0; | |
| for (size_t i = 1; i < max; i++) { | |
| brutforce_round(ext, 0, i, list0, list1); | |
| } | |
| std::cout << "List 0:\n"; | |
| for (auto itr = list0.begin(); itr != list0.end(); ++itr) { | |
| std::wcout << (*itr) << " "; | |
| } | |
| std::wcout << "\n\n"; | |
| std::cout << "List 1:\n"; | |
| for (auto itr = list1.begin(); itr != list1.end(); ++itr) { | |
| std::wcout << (*itr) << " "; | |
| } | |
| std::wcout << "\n"; | |
| } | |
| int wmain(int argc, WCHAR*argv[]) | |
| { | |
| const char shc_file[] = "magni.shc"; // sample: 3a2b8ef624b4318fc142a6266c70f88799e80d10566f6dd2d8d74e91d651491a | |
| g_Shellc = load_file(shc_file, g_ShellcSize, PAGE_EXECUTE_READWRITE); | |
| if (!g_Shellc) { | |
| std::cerr << "Failed to load the shellcode! Missing file: " << shc_file << "\n"; | |
| return (-1); | |
| } | |
| init_functions(); | |
| brutforce_ext(); | |
| return 0; | |
| } |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment