threatexpress / metatwin Goto Github PK

The project is designed as a file resource cloner. Metadata, including digital signature, is extracted from one file and injected into another.

PowerShell 3.21% TeX 17.49% HTML 74.24% Python 5.05%

metatwin's Introduction

Threatexpress Blog

Quickstart

This blog is written in markdown and uses mkdocs to generate the HTML hosted using Git Pages on github

Workflow

Create new content
Push content

git add .
git commit -a -m "new stuff"
git push

Push to Git Pages

mkdocs gh-deploy

Reference

https://www.mkdocs.org/user-guide/deploying-your-docs/

Mkdocs

This wiki use mkdocs and the mkdocs-material theme

MkDocs is a static site generator that's geared towards building project documentation. Documentation source files are written in Markdown, and configured with a single YAML configuration file.

Font Awesome

Reference: http://bwmarrin.github.io/MkDocsPlus/fontawesome/

Requirements and Setup

Note: This has been tested with python 3.6 running on MacOS.

Requirements

pip3.6 install mkdocs
pip3.6 install mkdocs-material
pip3.6 install pygments
pip3.6 install pymdown-extensions
pip3.6 install fontawesome-markdown

References

Material Theme Documentation and Reference: http://mkdocs.github.io/mkdocs-bootswatch/#installation-usage
https://squidfunk.github.io/mkdocs-material/getting-started/
https://facelessuser.github.io/pymdown-extensions/

Directory and File Info

./docs/ : mkdocs content
./docs/img/ : Store all course images here
mkdocs.yml : mkdocs configuration file
./site/ : Prod version of site. Not tracked in git. Used for testing or manual deployment

metatwin's People

Contributors

Stargazers

Watchers

Forkers

tmcmil sucof zavierxu gpreviato shantanu561993 johnjohnsp1 izogain oj puppycodes wikijm yikez978 h0k5 brownbelt sh1nu11bi kurtdegreeff ssundhar rcommon gavz vaginessa ognz ro9ueadmin tannerjh5 qazwar superuser5 nickhakkz pktlabs cryptekshots modulexcite dedxatab tim1512 dipsec slooppe kernullist trietptm-on-coding-algorithms rdtcrew viaccoz bcp-infosec-repo jarlob lunarobliq lexus89 3453-315h 5l1v3r1 mmg1 admdev8 fadinglr br-sn wooship amesianx niro095 ekmixon nocomp cerbersec redamancy404 ddwgege crimsonlabs-io kagantua kyle41111 mmyyhack seahop ammarhaddadi vinhjaxt atpiu mygit2014 gysf666 drakevonduck

metatwin's Issues

Resource details not transferred

I'm having a problem with metawin as it does not add the resource/detail to the binary and I can't figure out were I am going wrong. I have tried using multiple target binaries to no avail. The OneDrive.exe is my own C# application and I added the resource when I created it and I used sigthief to sign it before using metawin, could this be the problem? Any help would be great. Thanks.

Invoke-MetaTwin -Source C:\Windows\System32\netcfgx.dll -Target .\OneDrive.exe -Sign

Source: C:\Windows\System32\netcfgx.dll
Target: .\OneDrive.exe
Output: .\20180220_054227\20180220_054227_OneDrive.exe
Signed Output: .\20180220_054227\20180220_054227_signed_OneDrive.exe

[] Extracting resources from netcfgx.dll
[] Copying resources from netcfgx.dll to .\20180220_054227\20180220_054227_OneDrive.exe
[*] Extracting and adding signature ...

[+] Results

[+] Metadata

VersionInfo : File:
C:\Users\Home\Desktop\metatwin-master\metatwin-master\20180220_054227\20180220_054227_signed_OneDrive.exe
InternalName: OneDrive.exe
OriginalFilename: OneDrive.exe
FileVersion: 17.3.7294.0108
FileDescription: OneDrive
Product: Microsoft OneDrive
ProductVersion: 17.3.7294.0108
Debug: False
Patched: False
PreRelease: False
PrivateBuild: False
SpecialBuild: False
Language: Language Neutral

[+] Digital Signature

SignatureType : Authenticode
SignerCertificate : [Subject]
CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

                [Issuer]
                  CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

                [Serial Number]
                  33000001733031072665B8B9B3000000000173

                [Not Before]
                  8/11/2017 9:23:35 PM

                [Not After]
                  8/11/2018 9:23:35 PM

                [Thumbprint]
                  14590DC5C3AAF238FCFD7785B4B93F4071402C34

Status : Valid

Just not working

Clone this project
Download and unzip Resource Hacker to .\src\resource_hacker\ResourceHacker.exe
Enjoy...

Seems to a be more complicated ;)

Issue 1 remains in posted version. Work around shown in issue

Just leaving a note that Issue 1 remains in current posted version of PS1 file.
Issue fixed by changing the following lines to full path.
replace the following "." with the current directory of 'metatwin' on lines 94-96,114, and 119-122. This could be accomplished by adding a method to get the CWD of code at 119-122,94-96 and 114 and replacing the "." string with that variable. variable would have to come before line 94.

After modifications script works as desired.

Example workaround below:
93-95

$resourceHackerBin = "C:\Users\User\Documents\metatwin-master\metatwin-master\src\resource_hacker\ResourceHacker.exe"
$resourceHacker_base_script = "C:\Users\User\Documents\metatwin-master\metatwin-master\src\rh_base_script.txt"
$sigthiefBin       = "C:\Users\User\Documents\metatwin-master\metatwin-master\src\SigThief-master\dist\sigthief.exe"

112-121:
Could change $log_file_base in code. But I did not.

$timestamp = Get-Date -f yyyyMMdd_HHmmss
$log_file_base = (".\" + $timestamp + "\" + $timestamp)
$source_binary_filename = Split-Path $Source -Leaf -Resolve
$source_binary_filepath = $Source
$target_binary_filename = Split-Path $Target -Leaf -Resolve
$target_binary_filepath = $Target
$source_resource = ("C:\Users\User\Documents\metatwin-master\metatwin-master\" + $timestamp + "\" + $timestamp + "_" + $source_binary_filename + ".res")
$target_saveas = ("C:\Users\User\Documents\metatwin-master\metatwin-master\" + $timestamp + "\" + $timestamp + "_" + $target_binary_filename)
$target_saveas_signed = ("C:\Users\User\Documents\metatwin-master\metatwin-master\" + $timestamp + "\" + $timestamp + "_signed_" + $target_binary_filename)
$resourcehacker_script = ("C:\Users\User\Documents\metatwin-master\metatwin-master\" + $timestamp + "\" + $timestamp + "_rh_script.txt")

Example of proposed fix in code would be (wont work for $Source and $Target):
$log_file_base = ($CWDvariable +"\"+ $timestamp + "\" + $timestamp)

Missing Dependency

I noticed there is no ResourceHacker.exe in your repository. Am I missing something?

[!] Missing Dependency: .\src\resource_hacker\ResourceHacker.exe
[!] Ensure you're running MetaTwin from its local directory. Exiting