Skip to content

Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level

Notifications You must be signed in to change notification settings

codewhitesec/Lastenzug

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
 
 
 
 
 
 
 
 

Repository files navigation

LastenZug

This project implements a Socka4a proxy based on websockets.

The client component is implemented in C compiling down to fully position independent code (PIC).

During the compilation process, obfuscation is applied on assembly level by leveraging a second tool: SpiderPIC located in LastenPIC/SpiderPIC

SpiderPIC

The obfuscation includes:

  • Instruction substitution
  • Adding trash and a jump over the trash
  • Adding useless instructions

This is meant to break static signatures, however you need to keep in mind that API hashes, strings and other constants are not obfuscated during this process.

Usage

Client

The makefile produces both: the PIC socks client and a sample loader for the shellcode. You can call the shellcode using the following prototype:

DWORD lastenzug(PWSTR wServerName, PWSTR wPath, DWORD port, PWSTR proxy, PWSTR pUserName, PWSTR pPassword);

The sample loader embeds the shellcode in its .text segment and can be called as follows:

.\LastenLoader.exe --server [host] --path [path used by server] --port [port]

Server

cd Server && go build -o LastenServer
./LastenServer server --addr ws://0.0.0.0:8080/lastenzug

Credits

  • Our @invist for implementing the backend
  • Our @thefLinkk for implementing the client

About

Socks4a proxy leveraging PIC, Websockets and static obfuscation on assembly level

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published