• Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Menu
  • Home
  • Become a Hacker
    • Get Started
    • Hacker Mindset
    • Roadmap
    • Simple Setup – Hacker 101
    • Types of Hackers
    • Recommended Courses
  • Boot People Offline
  • Courses
    • All Hacking Courses
    • Cyber Security School
  • CTF
    • Beginners to Advanced Guide
    • Create your own CTF box
    • Field and Resources Guide
    • Platforms & Wargames
    • Tools Used for Solving CTF
    • Writeups
  • Dark Web
    • Beginners Guide
    • Darknet Markets
    • Darkweb 101 (Anonymity Guide)
    • Dark Web OSINT Tools
    • Hacking Forums
    • Latest News
    • Onion Links
  • Hacker Gadgets
  • Hacking Books
  • Tools Directory
Search
Close
  • Home
  • 2021
  • November
  • 29
  • OffensiveRust – Rust Weaponization For Red Team Engagements

OffensiveRust – Rust Weaponization For Red Team Engagements

November 29, 2021 Comments Off on OffensiveRust – Rust Weaponization For Red Team Engagements
OffensiveRust: Rust Weaponization for Red Team Engagements cybersecurity ethical hacking hack android hack app hack wordpress hacker news hacking hacking tools for windows keylogger kit kitploit password brute force penetration testing pentest pentest android pentest linux pentest toolkit pentest tools spy tool kit spyware tools

My experiments in weaponizing Rust for implant development and general offensive operations.

Why Rust?

  • It is faster than languages like C/C++
  • It is multi-purpose language, bearing excellent communities
  • It has an amazing inbuilt dependency build management called Cargo
  • It is LLVM based which makes it a very good candidate for bypassing static AV detection
  • Super easy cross compilation to Windows from *nix/MacOS, only requires you to install the mingw toolchain, although certain libraries cannot be compiled successfully in other OSes.

Examples in this repo

File Description
Allocate_With_Syscalls It uses NTDLL functions directly with the ntapi Library
Create_DLL Creates DLL and pops up a msgbox, Rust does not fully support this so things might get weird since Rust DLL do not have a main function
DeviceIoControl Opens driver handle and executing DeviceIoControl
EnableDebugPrivileges Enable SeDebugPrivilege in the current process
Shellcode_Local_inject Executes shellcode directly in local process by casting pointer
Execute_With_CMD Executes cmd by passing a command via Rust
ImportedFunctionCall It imports minidump from dbghelp and executes it
Kernel_Driver_Exploit Kernel Driver exploit for a simple buffer overflow
Named_Pipe_Client Named Pipe Client
Named_Pipe_Server Named Pipe Server
Process_Injection_CreateThread Process Injection in remote process with CreateRemoteThread
Unhooking Unhooking calls
asm_syscall Obtaining PEB address via asm
base64_system_enum Base64 encoding/decoding strings
http-https-requests HTTP/S requests by ignoring cert check for GET/POST
patch_etw Patch ETW
ppid_spoof Spoof parent process for created process
tcp_ssl_client TCP client with SSL that ignores cert check (Requires openssl and perl to be installed for compiling)
tcp_ssl_server TCP Server, with port parameter(Requires openssl and perl to be installed for compiling)
wmi_execute Executes WMI query to obtain the AV/EDRs in the host
Windows.h+ Bindings This file contains structures of Windows.h plus complete customized LDR,PEB,etc.. that are undocumented officially by Microsoft, add at the top of your file include!(“../bindings.rs”);
UUID_Shellcode_Execution Plants shellcode from UUID array into heap space and uses EnumSystemLocalesA Callback in order to execute the shellcode.

Compiling the examples in this repo

This repository does not provide binaries, you’re gonna have to compile them yourself.

Install Rust
Simply download the binary and install.

This repo was compiled in Windows 10 so I would stick to it. As mentioned OpenSSL binaries will have depencency issues that will require OpenSSL and perl to be installed. For the TCP SSL client/server I recommend static build due to dependencies on the hosts you will execute the binaries. For creating a project, execute:
cargo new <name> This will automatically create the structured project folders with:

project
├── Cargo.toml
└── src
└── main.rs

Cargo.toml is the file that contains the dependencies and the configuration for the compilation. main.rs is the main file that will be compiled along with any potential directories that contain libraries.

For compiling the project, go into the project directory and execute:
cargo build

This will use your default toolchain. If you want to build the final “release” version execute:
cargo build --release

For static binaries, in terminal before the build command execute:
"C:Program Files (x86)Microsoft Visual Studio2019CommunityVCAuxiliaryBuildvcvars64.bat"
set RUSTFLAGS=-C target-feature=+crt-static

In case it does not feel easy for you to read my code the way it is written,
you can also you the below command inside the project directory to format it in a better way
cargo fmt

Certain examples might not compile and give you some error, since it might require a nightly
build of Rust with the latest features. To install it just do:
rustup default nightly

The easiest place to find the dependencies or Crates as they are called.

Cross Compiling

Cross-Compiling requires to follow the instructions here By installing different toolchains, you can cross compile with the below command
cargo build --target <toolchain>

To see the installed toolchains on your system do:
rustup toolchain list

For checking all the available toolchains you can install in your system do:
rustup target list

For installing a new toolchain do:
rustup target add <toolchain_name>

Optimizing executables for size

This repo contains a lot of configuration options and ideas about reducing the file size. Static binaries are usually quite big.

Pitfalls I found myself falling into

Careful of bytes, do not forget them for strings in memory, I spent a lot of my time but windbg always helped resolving it.

Interesting Rust libraries

  • WINAPI
  • WINAPI2
  • Windows – This is the official Microsoft one that I have not played much with

OPSEC

  • Even though Rust has good advantages it is quite difficult to get used to it and it ain’t very intuitive.
  • Shellcode generation is another issue due to LLVM. I have found a few ways to approach this.
    Donut sometimes does generate shellcode that works but depending on how the project is made, it might not.
    In general, for shellcode generation the tools that are made should be made to host all code in .text segment, which leads to this amazing repo. There is a shellcode sample in this project that can show you how to structure your code for successfull shellcode generation.
    In addition, this project also has a shellcode generator that grabs the .text segment of a binary and and dumps the shellcode after executing some patches.
    This project grabs from a specific location the binary so I made a fork that receives the path of the binary as an argument here.
  • Even if you remove all debug symbols, rust can still keep references to your home directory in the binary. The only way I’ve found to remove this is to pass the following flag: --remap-path-prefix {your home directory}={some random identifier}. You can use bash variables to get your home directory and generate a random placeholder: --remap-path-prefix "$HOME"="$RANDOM". (By Yamakadi)
  • Although for the above there is another way to remove info about the home directory by adding at the top of Cargo.toml
    cargo-features = ["strip"] .
  • Since Rust by default leaves a lot of things as strings in the binary, I mostly use this cargo.toml to avoid them and also reduce size
    with build command
    cargo build --release -Z build-std=std,panic_abort -Z build-std-features=panic_immediate_abort --target x86_64-pc-windows-msvc

Other projects I have have made in Rust

  • UDPlant – Basically a UDP reverse shell
  • EDR Detector – Detects the EDRs of the installed system according to the .sys files installed
  • Lenum – A simple unix enumeration tool

Projects in Rust that can be hepfull

  • houdini – Helps make your executable self-delete
Download OffensiveRust

Post navigation

Hackers take over IKEA’ employee accounts and send phishing emails
http-desync-guardian: minimize risks of HTTP Desync attacks

Related Articles

Shelltropy: hiding malicious shellcode via Shannon encoding

Shelltropy: hiding malicious shellcode via Shannon encoding

- Hack Tools
June 29, 2022
Jwtear - Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers

Jwtear – Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers

- Hack Tools
June 29, 2022
Nimc2 - A C2 Fully Written In Nim

Nimc2 – A C2 Fully Written In Nim

- Hack Tools
June 29, 2022
hacker gadgets
hacker phone covers

Recent Posts

Shelltropy: hiding malicious shellcode via Shannon encoding

Shelltropy: hiding malicious shellcode via Shannon encoding

June 29, 2022
Third and Final “EastSideHigh” Defendant Pleads Guilty

Third and Final “EastSideHigh” Defendant Pleads Guilty

June 29, 2022
Jwtear - Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers

Jwtear – Modular Command-Line Tool To Parse, Create And Manipulate JWT Tokens For Hackers

June 29, 2022
Nimc2 - A C2 Fully Written In Nim

Nimc2 – A C2 Fully Written In Nim

June 29, 2022
CURL 7.84 released: tool to transfer data from or to a server

CURL 7.84 released: tool to transfer data from or to a server

June 29, 2022
HintInject: embedding shellcode to Hint/Name Table

HintInject: embedding shellcode to Hint/Name Table

June 28, 2022

Social Media Hacking

SocialPath – Track users across Social Media Platforms

SocialPath – Track users across Social Media Platforms

- Social Media Hacking
October 16, 2019October 16, 2019

SocialPath is a django application for gathering social media intelligence on specific username. It checks for Twitter, Instagram, Facebook, Reddit...

SocialScan – Check Email Address and Username Availability on Online Platforms

SocialScan – Check Email Address and Username Availability on Online Platforms

June 17, 2019
Shellphish – Phishing Tool For 18 Social Media Apps

Shellphish – Phishing Tool For 18 Social Media Apps

June 10, 2019July 27, 2019
WhatsApp Hacking using QRLJacking

WhatsApp Hacking using QRLJacking

May 2, 2019May 19, 2019
How to Hack any Facebook Account with Z-Shadow

How to Hack any Facebook Account with Z-Shadow

April 26, 2019June 29, 2020
hacker buffs
ABOUT US

Haxf4rall is a collective, a good starting point and provides a variety of quality material for cyber security professionals.

Our primary focus revolves around the latest tools released in the Infosec community and provide a platform for developers to showcase their skillset and current projects.

COMPANY
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Menu
  • Contact Us
  • Disclaimer
  • Hacker Gadgets
  • LANC Remastered
  • PCPS IP Puller
  • Privacy Policy
  • Sitemap
  • Submit your Tool
Live Chat
RESOURCES
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Menu
  • Attack Process
  • Become a Hacker
  • Career Pathways
  • Dark Web
  • Hacking Books
  • Practice Your Skills
  • Recommended Courses
  • Simple Setup – Hacker 101
Get Started
TOOLBOX
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Menu
  • Anonymity
  • Bruteforce
  • DoS – Denial of Service
  • Information Gathering
  • Phishing
  • SQL Injection
  • Vulnerability Scanners
  • Wifi Hacking
Tools Directory

2014 – 2020 | Haxf4rall.com               Stay Connected:

Facebook Twitter Google-plus Wordpress
Please wait...

Join Our Community

Subscribe now and get your free HACKERS HANDBOOK

Don't Worry ! You will not be spammed
SIGN UP FOR NEWSLETTER NOW