-
Notifications
You must be signed in to change notification settings - Fork 33
/
Copy pathgenerate-encoded-known-malicious-file.sh
35 lines (32 loc) · 1.28 KB
/
generate-encoded-known-malicious-file.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
#!/bin/bash
###########################################################################################################
# Script to encode a malicious file in Base64 and HEX. File used is netcat to have a small payload.
#
# References used:
# https://github.com/righettod/toolbox-pentest-web/blob/master/static-binaries/windows/netcat/nc64.exe
#
# Requirements in terms of software:
# apk add base64 xxd file
###########################################################################################################
# Constants
MALICIOUS_FILE="/tools/static-binaries/windows/netcat/nc64.exe"
BASE_NAME=$(basename $MALICIOUS_FILE)
# Utility functions
function write_step(){
echo -e "\e[93m$1\e[0m"
}
# Main processing
cp $MALICIOUS_FILE $BASE_NAME
write_step "[*] Properties and digest of the malicious file:"
file $BASE_NAME
sha256sum $BASE_NAME
write_step "[*] Encode file to '$BASE_NAME.[b64|hex]' files:"
base64 -w 0 $BASE_NAME > "$BASE_NAME.b64"
xxd -p $BASE_NAME | tr -d "\n" > "$BASE_NAME.hex"
echo "Base64 => $(cat $BASE_NAME.b64 | cut -c 1-120)"
echo "Hex => $(cat $BASE_NAME.hex | cut -c 1-120)"
write_step "[*] Digests:"
sha256sum $BASE_NAME.*
write_step "[*] VirusTotal analysis report:"
echo "https://www.virustotal.com/gui/file/$(sha256sum $MALICIOUS_FILE | cut -d ' ' -f1)"
rm $BASE_NAME