From 84f630f09bb58db3196a836c415f83a01e855baa Mon Sep 17 00:00:00 2001 From: KDot227 Date: Sun, 24 Mar 2024 14:17:17 -0500 Subject: [PATCH] Remove all traces of PATHEXT due to complications with new windows --- src/util/obfuscation/obf_oneline.py | 4 ++-- src/util/obfuscation/rans.py | 14 ++++++++------ 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/src/util/obfuscation/obf_oneline.py b/src/util/obfuscation/obf_oneline.py index c9fb998..9e55f8c 100644 --- a/src/util/obfuscation/obf_oneline.py +++ b/src/util/obfuscation/obf_oneline.py @@ -132,7 +132,7 @@ def obfuscate_normal(self, line: str) -> Obfuscated_String: program_1 = r"C:\Program Files" program_2 = r"C:\Program Files (x86)" driver_stuff = r"C:\Windows\System32\Drivers\DriverData" - pathext = r".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC" + # pathext = r".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC" CommonProgramFiles = r"C:\Program Files\Common Files" CommonProgramW6432 = r"C:\Program Files\Common Files" __APPDIR__ = "C:\\Windows\\system32\\" @@ -143,7 +143,7 @@ def obfuscate_normal(self, line: str) -> Obfuscated_String: program_1: "PROGRAMFILES", program_2: "PROGRAMFILES(X86)", driver_stuff: "DRIVERDATA", - pathext: "PATHEXT", + # pathext: "PATHEXT", CommonProgramFiles: "COMMONPROGRAMFILES", CommonProgramW6432: "COMMONPROGRAMW6432", __APPDIR__: "__APPDIR__", diff --git a/src/util/obfuscation/rans.py b/src/util/obfuscation/rans.py index bc44708..30206ce 100644 --- a/src/util/obfuscation/rans.py +++ b/src/util/obfuscation/rans.py @@ -27,7 +27,9 @@ def ran1(char, *args, **kwargs) -> str: randomed = random.choice(choices) if char in string.ascii_letters: if char.islower(): - coded0 = CaesarCipher.get(char=char, rotation_value=c_val.value, upper=False) + coded0 = CaesarCipher.get( + char=char, rotation_value=c_val.value, upper=False + ) coded = coded0.replace(coded0, f"%{coded0}%") return f"{coded}%{randomed}%" else: @@ -60,7 +62,7 @@ def ran2(char, random_order: str, return_ran1: bool = True, *args, **kwargs) -> program_1 = "C:\\Program Files" program_2 = "C:\\Program Files (x86)" driver_stuff = "C:\\Windows\\System32\\Drivers\\DriverData" - pathext = ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC" + # pathext = ".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC" CommonProgramFiles = "C:\\Program Files\\Common Files" CommonProgramFiles_x86 = "C:\\Program Files (x86)\\Common Files" CommonProgramW6432 = "C:\\Program Files\\Common Files" @@ -71,7 +73,7 @@ def ran2(char, random_order: str, return_ran1: bool = True, *args, **kwargs) -> "PROGRAMFILES": (program_1, "None"), "PROGRAMFILES(X86)": (program_2, "None"), "DRIVERDATA": (driver_stuff, "None"), - "PATHEXT": (pathext, "None"), + # "PATHEXT": (pathext, "None"), "COMMONPROGRAMFILES": (CommonProgramFiles, "None"), "COMMONPROGRAMFILES(X86)": (CommonProgramFiles_x86, "None"), "COMMONPROGRAMW6432": (CommonProgramW6432, "None"), @@ -142,7 +144,7 @@ def ran3(char, random_order: str, *args, **kwargs) -> str: program_1 = r"C:\Program Files" program_2 = r"C:\Program Files (x86)" driver_stuff = r"C:\Windows\System32\Drivers\DriverData" - pathext = r".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC" + # pathext = r".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC" CommonProgramFiles = r"C:\Program Files\Common Files" CommonProgramFiles_x86 = r"C:\Program Files (x86)\Common Files" CommonProgramW6432 = r"C:\Program Files\Common Files" @@ -152,7 +154,7 @@ def ran3(char, random_order: str, *args, **kwargs) -> str: program_1, program_2, driver_stuff, - pathext, + # pathext, CommonProgramFiles, CommonProgramFiles_x86, CommonProgramW6432, @@ -163,7 +165,7 @@ def ran3(char, random_order: str, *args, **kwargs) -> str: "PROGRAMFILES", "PROGRAMFILES(X86)", "DRIVERDATA", - "PATHEXT", + # "PATHEXT", "COMMONPROGRAMFILES", "COMMONPROGRAMFILES(X86)", "COMMONPROGRAMW6432",