• Stars
    star
    194
  • Rank 200,219 (Top 4 %)
  • Language
    Go
  • Created over 2 years ago
  • Updated about 2 years ago

Reviews

There are no reviews yet. Be the first to send feedback to the community and the maintainers!

Repository Details

Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level

LastenZug

This project implements a Socka4a proxy based on websockets.

The client component is implemented in C compiling down to fully position independent code (PIC).

During the compilation process, obfuscation is applied on assembly level by leveraging a second tool: SpiderPIC located in LastenPIC/SpiderPIC

SpiderPIC

The obfuscation includes:

  • Instruction substitution
  • Adding trash and a jump over the trash
  • Adding useless instructions

This is meant to break static signatures, however you need to keep in mind that API hashes, strings and other constants are not obfuscated during this process.

Usage

Client

The makefile produces both: the PIC socks client and a sample loader for the shellcode. You can call the shellcode using the following prototype:

DWORD lastenzug(PWSTR wServerName, PWSTR wPath, DWORD port, PWSTR proxy, PWSTR pUserName, PWSTR pPassword);

The sample loader embeds the shellcode in its .text segment and can be called as follows:

.\LastenLoader.exe --server [host] --path [path used by server] --port [port]

Server

cd Server && go build -o LastenServer
./LastenServer server --addr ws://0.0.0.0:8080/lastenzug

Credits

  • Our @invist for implementing the backend
  • Our @thefLinkk for implementing the client