def __init__(self, cli_obj):
# required options
self.description = "AES Encrypted shellcode is decrypted at runtime with key in file, injected into memory, and executed"
self.language = "python"
self.extension = "py"
self.rating = "Excellent"
self.name = "Python Stallion"
self.path = "python/shellcode_inject/stallion"
self.cli_opts = cli_obj
self.shellcode = shellcode_help.Shellcode(cli_obj)
self.payload_source_code = ''
if cli_obj.ordnance_payload is not None:
self.payload_type = cli_obj.ordnance_payload
elif cli_obj.msfvenom is not None:
self.payload_type = cli_obj.msfvenom
elif not cli_obj.tool:
self.payload_type = ''
self.cli_shellcode = False
# options we require user interaction for- format is {OPTION : [Value, Description]]}
self.required_options = {
"COMPILE_TO_EXE" : ["Y", "Compile to an executable"],
"USE_PYHERION" : ["N", "Use the pyherion encrypter"],
"INJECT_METHOD" : ["Virtual", "Virtual, Void, or Heap"],
"EXPIRE_PAYLOAD" : ["X", "Optional: Payloads expire after \"Y\" days"],
"HOSTNAME" : ["X", "Optional: Required system hostname"],
"DOMAIN" : ["X", "Optional: Required internal domain"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}
def __init__(self, cli_obj):
# required
self.description = "PowerShell VirtualAlloc method for inline shellcode injection that makes a Metasploit psexec_command .rc script"
self.rating = "Excellent"
self.language = "powershell"
self.extension = "rc"
self.name = "PowerShell psexec_command stager"
self.path = "powershell/shellcode_inject/psexec_virtual"
self.cli_opts = cli_obj
self.shellcode = shellcode_help.Shellcode(cli_obj)
self.payload_source_code = ''
if cli_obj.ordnance_payload is not None:
self.payload_type = cli_obj.ordnance_payload
elif cli_obj.msfvenom is not None:
self.payload_type = cli_obj.msfvenom
elif not cli_obj.tool:
self.payload_type = ''
self.cli_shellcode = False
# options we require user ineraction for- format is {Option : [Value, Description]]}
self.required_options = {
"INJECT_METHOD": ["Virtual", "Virtual, Void, or Heap"],
"HOSTNAME": ["X", "Optional: Required system hostname"],
"DOMAIN": ["X", "Optional: Required internal domain"],
"PROCESSORS": ["X", "Optional: Minimum number of processors"],
"USERNAME": ["X", "Optional: The required user account"],
"SLEEP":
["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}
def __init__(self, cli_obj):
# required options
self.shortname = "VirtualAlloc"
self.language = "perl"
self.extension = "pl"
self.rating = "Excellent"
self.description = "VirtualAlloc pattern for shellcode injection"
self.name = "Perl flat shellcode injector"
self.path = "perl/shellcode_inject/flat"
self.cli_opts = cli_obj
self.shellcode = shellcode_help.Shellcode(cli_obj)
self.payload_source_code = ''
if cli_obj.ordnance_payload is not None:
self.payload_type = cli_obj.ordnance_payload
elif cli_obj.msfvenom is not None:
self.payload_type = cli_obj.msfvenom
elif not cli_obj.tool:
self.payload_type = ''
self.cli_shellcode = False
# optional
self.required_options = {
"COMPILE_TO_EXE" : ["Y", "Compile to an executable"],
"INJECT_METHOD" : ["Virtual", "Virtual, Void, or Heap"],
"HOSTNAME" : ["X", "Optional: Required system hostname"],
"DOMAIN" : ["X", "Optional: Required internal domain"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"]
}
def __init__(self, cli_obj):
# required options
self.description = "VirtualAlloc pattern for shellcode injection"
self.language = "ruby"
self.extension = "rb"
self.rating = "Normal"
self.name = "Ruby Flat Injection"
self.path = "ruby/shellcode_inject/flat"
self.cli_opts = cli_obj
self.shellcode = shellcode_help.Shellcode(cli_obj)
self.payload_source_code = ''
if cli_obj.ordnance_payload is not None:
self.payload_type = cli_obj.ordnance_payload
elif cli_obj.msfvenom is not None:
self.payload_type = cli_obj.msfvenom
elif not cli_obj.tool:
self.payload_type = ''
self.cli_shellcode = False
# options we require user ineraction for- format is {Option : [Value, Description]]}
self.required_options = {
"COMPILE_TO_EXE": ["Y", "Compile to an executable"],
"INJECT_METHOD": ["Virtual", "Virtual, Void, or Heap"],
"EXPIRE_PAYLOAD":
["X", "Optional: Payloads expire after \"Y\" days"],
"HOSTNAME": ["X", "Optional: Only run on specified hostname"],
"DOMAIN": ["X", "Optional: Required internal domain"],
"USERNAME": ["X", "Optional: The required user account"]
}
def __init__(self, cli_obj):
# required
self.language = "cs"
self.extension = "cs"
self.rating = "Poor"
self.description = "C# VirtualAlloc method for inline shellcode injection"
self.name = "C# Flat Shellcode Injector"
self.path = "cs/shellcode_inject/virtual"
self.shellcode = shellcode_help.Shellcode(cli_obj)
self.cli_opts = cli_obj
self.payload_source_code = ''
if cli_obj.ordnance_payload is not None:
self.payload_type = cli_obj.ordnance_payload
elif cli_obj.msfvenom is not None:
self.payload_type = cli_obj.msfvenom
elif not cli_obj.tool:
self.payload_type = ''
self.cli_shellcode = False
# options we require user ineraction for- format is {OPTION : [Value, Description]]}
self.required_options = {
"COMPILE_TO_EXE": ["Y", "Compile to an executable"],
"USE_ARYA": ["N", "Use the Arya crypter"],
"INJECT_METHOD": ["Virtual", "Virtual or Heap"],
"EXPIRE_PAYLOAD":
["X", "Optional: Payloads expire after \"Y\" days"],
"HOSTNAME": ["X", "Optional: Required system hostname"],
"DOMAIN": ["X", "Optional: Required internal domain"],
"PROCESSORS": ["X", "Optional: Minimum number of processors"],
"USERNAME": ["X", "Optional: The required user account"]
}
def __init__(self, cli_obj):
# required
self.language = "go"
self.extension = "go"
self.rating = "Normal"
self.description = "Golang VirtualAlloc method for inline shellcode injection"
self.name = "Golang Flat Shellcode Injector"
self.path = "go/shellcode_inject/virtual"
self.cli_opts = cli_obj
self.shellcode = shellcode_help.Shellcode(cli_obj)
self.payload_source_code = ''
if cli_obj.ordnance_payload is not None:
self.payload_type = cli_obj.ordnance_payload
elif cli_obj.msfvenom is not None:
self.payload_type = cli_obj.msfvenom
elif not cli_obj.tool:
self.payload_type = ''
self.cli_shellcode = False
# options we require user interaction for- format is {OPTION : [Value, Description]]}
self.required_options = {
"COMPILE_TO_EXE": ["Y", "Compile to an executable"],
"INJECT_METHOD": ["Virtual", "Virtual or Heap"],
"HOSTNAME": ["X", "Optional: Required system hostname"],
"PROCESSORS": ["X", "Optional: Minimum number of processors"],
"USERNAME": ["X", "Optional: The required user account"],
"SLEEP":
["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}
def __init__(self, cli_obj):
# required options
self.description = "Payload which injects and executes shellcode into the memory of a process you specify."
self.language = "python"
self.rating = "Normal"
self.extension = "py"
self.name = "Python Process Injector"
self.path = "python/shellcode_inject/pidinject"
self.shellcode = shellcode_help.Shellcode(cli_obj)
self.cli_opts = cli_obj
self.payload_source_code = ''
if cli_obj.ordnance_payload is not None:
self.payload_type = cli_obj.ordnance_payload
elif cli_obj.msfvenom is not None:
self.payload_type = cli_obj.msfvenom
elif not cli_obj.tool:
self.payload_type = ''
self.cli_shellcode = False
# options we require user interaction for- format is {OPTION : [Value, Description]]}
self.required_options = {
"COMPILE_TO_EXE": ["Y", "Compile to an executable"],
"USE_PYHERION": ["N", "Use the pyherion encrypter"],
"INJECT_METHOD": ["Virtual", "Virtual, Void, or Heap"],
"PID_NUMBER":
["X", "Required: Process number to inject code into"],
"EXPIRE_PAYLOAD":
["X", "Optional: Payloads expire after \"Y\" days"],
"HOSTNAME": ["X", "Optional: Required system hostname"],
"DOMAIN": ["X", "Optional: Required internal domain"],
"PROCESSORS": ["X", "Optional: Minimum number of processors"],
"USERNAME": ["X", "Optional: The required user account"]
}
def __init__(self, cli_obj):
# required options
self.description = "Base64 decode for shellcode injection"
self.language = "ruby"
self.extension = "rb"
self.rating = "Normal"
self.name = "Ruby Base64 Encoded"
self.path = "ruby/shellcode_inject/base64"
self.cli_opts = cli_obj
self.shellcode = shellcode_help.Shellcode(cli_obj)
self.payload_source_code = ''
if cli_obj.ordnance_payload is not None:
self.payload_type = cli_obj.ordnance_payload
elif cli_obj.msfvenom is not None:
self.payload_type = cli_obj.msfvenom
elif not cli_obj.tool:
self.payload_type = ''
self.cli_shellcode = False
# options we require user ineraction for- format is {Option : [Value, Description]]}
self.required_options = {
"COMPILE_TO_EXE": ["Y", "Compile to an executable"],
"INJECT_METHOD": ["Virtual", "Virtual, Void, or Heap"],
"HOSTNAME": ["X", "Optional: Only run on specified hostname"],
"DOMAIN": ["X", "Optional: Required internal domain"],
"USERNAME": ["X", "Optional: The required user account"],
"SLEEP":
["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}
def __init__(self, cli_obj):
# required options
self.description = "No obfuscation, basic injection of shellcode through virtualalloc or void pointer reference."
self.language = "python"
self.rating = "Normal"
self.extension = "py"
self.name = "Python Flat Injection"
self.path = "python/shellcode_inject/flat"
self.shellcode = shellcode_help.Shellcode(cli_obj)
self.cli_opts = cli_obj
self.payload_source_code = ''
if cli_obj.ordnance_payload is not None:
self.payload_type = cli_obj.ordnance_payload
elif cli_obj.msfvenom is not None:
self.payload_type = cli_obj.msfvenom
elif not cli_obj.tool:
self.payload_type = ''
self.cli_shellcode = False
# options we require user interaction for- format is {OPTION : [Value, Description]]}
self.required_options = {
"COMPILE_TO_EXE" : ["Y", "Compile to an executable"],
"USE_PYHERION" : ["N", "Use the pyherion encrypter"],
"INJECT_METHOD" : ["Virtual", "Virtual, Void, or Heap"],
"EXPIRE_PAYLOAD" : ["X", "Optional: Payloads expire after \"Y\" days"],
"HOSTNAME" : ["X", "Optional: Required system hostname"],
"DOMAIN" : ["X", "Optional: Required internal domain"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"]
}
def __init__(self, cli_obj):
# required options
self.description = "A letter used in shellcode is replaced with a different letter. At runtime, the exe reverses the letter substitution and executes the shellcode"
self.language = "python"
self.rating = "Excellent"
self.extension = "py"
self.hex_letters = "abcdefx"
self.non_hex_letters = "ghijklmnopqrstuvwyz"
self.name = "Python Letter Substitution"
self.path = "python/shellcode_inject/letter_substitution"
self.shellcode = shellcode_help.Shellcode(cli_obj)
self.cli_opts = cli_obj
self.payload_source_code = ''
if cli_obj.ordnance_payload is not None:
self.payload_type = cli_obj.ordnance_payload
elif cli_obj.msfvenom is not None:
self.payload_type = cli_obj.msfvenom
elif not cli_obj.tool:
self.payload_type = ''
self.cli_shellcode = False
# options we require user interaction for- format is {OPTION : [Value, Description]]}
self.required_options = {
"COMPILE_TO_EXE": ["Y", "Compile to an executable"],
"USE_PYHERION": ["N", "Use the pyherion encrypter"],
"INJECT_METHOD": ["Virtual", "Virtual, Void, or Heap"],
"EXPIRE_PAYLOAD":
["X", "Optional: Payloads expire after \"Y\" days"],
"HOSTNAME": ["X", "Optional: Required system hostname"],
"DOMAIN": ["X", "Optional: Required internal domain"],
"PROCESSORS": ["X", "Optional: Minimum number of processors"],
"USERNAME": ["X", "Optional: The required user account"]
}
def __init__(self, cli_obj):
# required options
self.description = "Payload which injects and executes shellcode into the memory of a process you specify."
self.language = "python"
self.rating = "Normal"
self.extension = "py"
self.name = "Python Process Injector"
self.path = "python/shellcode_inject/pidinject"
self.shellcode = shellcode_help.Shellcode(cli_obj)
self.cli_opts = cli_obj
self.payload_source_code = ''
if cli_obj.ordnance_payload is not None:
self.payload_type = cli_obj.ordnance_payload
elif cli_obj.msfvenom is not None:
self.payload_type = cli_obj.msfvenom
elif not cli_obj.tool:
self.payload_type = ''
self.cli_shellcode = False
# options we require user interaction for- format is {OPTION : [Value, Description]]}
self.required_options = {
"COMPILE_TO_EXE": ["Y", "Compile to an executable"],
"USE_PYHERION": ["N", "Use the pyherion encrypter"],
"INJECT_METHOD": ["Virtual", "Virtual, Void, or Heap"],
"PID_NUMBER":
["X", "Required: Process number to inject code into"],
"EXPIRE_PAYLOAD":
["X", "Optional: Payloads expire after \"Y\" days"],
"HOSTNAME": ["X", "Optional: Required system hostname"],
"DOMAIN": ["X", "Optional: Required internal domain"],
"PROCESSORS": ["X", "Optional: Minimum number of processors"],
"USERNAME": ["X", "Optional: The required user account"],
"CLICKTRACK":
["X", "Optional: Minimum number of clicks to execute payload"],
"UTCCHECK":
["FALSE", "Optional: Validates system does not use UTC timezone"],
"VIRTUALFILES":
["FALSE", "Optional: Check if VM supporting files exist"],
"VIRTUALDLLS": ["FALSE", "Check for dlls loaded in memory"],
"CURSORMOVEMENT":
["FALSE", "Check if cursor is in same position after 30 seconds"],
"USERPROMPT":
["FALSE", "Make user click prompt prior to execution"],
"MINRAM": ["FALSE", "Check for at least 3 gigs of RAM"],
"SANDBOXPROCESS": ["FALSE", "Check for common sandbox processes"],
"DETECTDEBUG": ["FALSE", "Check if debugger is present"],
"SLEEP":
["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}
def __init__(self, cli_obj):
# required options
self.shortname = "VirtualAlloc"
self.language = "lua"
self.extension = "lua"
self.rating = "Excellent"
self.description = "VirtualAlloc pattern for shellcode injection"
self.name = "Lua flat shellcode injector"
self.required_options = {}
self.path = "lua/shellcode_inject/flat"
self.cli_opts = cli_obj
self.shellcode = shellcode_help.Shellcode(cli_obj)
self.payload_source_code = ''
if cli_obj.ordnance_payload is not None:
self.payload_type = cli_obj.ordnance_payload
elif cli_obj.msfvenom is not None:
self.payload_type = cli_obj.msfvenom
elif not cli_obj.tool:
self.payload_type = ''
self.cli_shellcode = False
def __init__(self, cli_obj):
# required
self.language = "go"
self.extension = "go"
self.rating = "Normal"
self.description = "Golang VirtualAlloc method for inline shellcode injection"
self.name = "Golang Flat Shellcode Injector"
self.path = "go/shellcode_inject/virtual"
self.cli_opts = cli_obj
self.shellcode = shellcode_help.Shellcode(cli_obj)
self.payload_source_code = ''
if cli_obj.ordnance_payload is not None:
self.payload_type = cli_obj.ordnance_payload
elif cli_obj.msfvenom is not None:
self.payload_type = cli_obj.msfvenom
elif not cli_obj.tool:
self.payload_type = ''
self.cli_shellcode = False
# options we require user interaction for- format is {OPTION : [Value, Description]]}
self.required_options = {
"COMPILE_TO_EXE": ["Y", "Compile to an executable"],
"INJECT_METHOD": ["Virtual", "Virtual or Heap"],
"HOSTNAME": ["X", "Optional: Required system hostname"],
"PROCESSORS": ["X", "Optional: Minimum number of processors"],
"USERNAME": ["X", "Optional: The required user account"],
"UTCCHECK": ["FALSE", "Check if system uses UTC time"],
"USERPROMPT": ["FALSE", "Prompt user prior to injection"],
"RAMCHECK": ["FALSE", "Check for at least 3 gigs of RAM"],
"PROCCHECK": ["FALSE", "Check for active VM processes"],
"MINPROCS": ["X", "Minimum number of running processes"],
"BADMACS": ["FALSE", "Check for VM based MAC addresses"],
"CLICKTRACK": ["X", "Require X number of clicks before execution"],
"CURSORCHECK": ["FALSE", "Check for mouse movements"],
"DISKSIZE":
["X", "Check for a minimum number of gigs for hard disk"],
"SLEEP":
["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}
def __init__(self, cli_obj):
# required options
self.shortname = "VirtualAlloc"
self.language = "perl"
self.extension = "pl"
self.rating = "Excellent"
self.description = "VirtualAlloc pattern for shellcode injection"
self.name = "Perl flat shellcode injector"
self.path = "perl/shellcode_inject/flat"
self.cli_opts = cli_obj
self.shellcode = shellcode_help.Shellcode(cli_obj)
self.payload_source_code = ''
if cli_obj.ordnance_payload is not None:
self.payload_type = cli_obj.ordnance_payload
elif cli_obj.msfvenom is not None:
self.payload_type = cli_obj.msfvenom
elif not cli_obj.tool:
self.payload_type = ''
self.cli_shellcode = False
# optional
self.required_options = {
"COMPILE_TO_EXE": ["Y", "Compile to an executable"],
"INJECT_METHOD": ["Virtual", "Virtual, Void, or Heap"],
"HOSTNAME": ["X", "Optional: Required system hostname"],
"DOMAIN": ["X", "Optional: Required internal domain"],
"PROCESSORS": ["X", "Optional: Minimum number of processors"],
"USERNAME": ["X", "Optional: The required user account"],
"USERPROMPT": ["X", "Optional: Prompt for user activity"],
"RAMSIZE": ["X", "Optional: Check RAM size of target"],
"NUMPROCS": ["X", "Optional: Minimum number of running processes"],
"FILENAME": ["X", "Optional: File name check"],
"DISKSIZE": ["X", "Optional: Minimum disk size on target"],
"NUMCLICKS": ["X", "Optional: Minimum number of mouse clicks"],
"REGSIZE": ["X", "Optional: Minimum size of system registry"],
"SLEEP":
["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}
def __init__(self, cli_obj):
# required options
self.shortname = "Inline"
self.description = "VirtualAlloc pattern for shellcode injection"
self.language = "autoit"
self.rating = "Normal"
self.extension = "au3"
self.name = "AutoIt Flat Shellcode Injector"
self.path = "autoit/shellcode_inject/flat"
self.cli_opts = cli_obj
self.shellcode = shellcode_help.Shellcode(cli_obj)
self.payload_source_code = ''
if cli_obj.ordnance_payload is not None:
self.payload_type = cli_obj.ordnance_payload
elif cli_obj.msfvenom is not None:
self.payload_type = cli_obj.msfvenom
elif not cli_obj.tool:
self.payload_type = ''
self.cli_shellcode = False
self.required_options = {
"COMPILE_TO_EXE": ["Y", "Compile to an executable"]
}
def __init__(self, cli_obj):
# required
self.description = "PowerShell VirtualAlloc method for inline shellcode injection"
self.rating = "Excellent"
self.language = "powershell"
self.extension = "bat"
self.name = "PowerShell Flat Stager"
self.path = "powershell/shellcode_inject/virtual"
self.cli_opts = cli_obj
self.shellcode = shellcode_help.Shellcode(cli_obj)
self.payload_source_code = ''
if cli_obj.ordnance_payload is not None:
self.payload_type = cli_obj.ordnance_payload
elif cli_obj.msfvenom is not None:
self.payload_type = cli_obj.msfvenom
elif not cli_obj.tool:
self.payload_type = ''
self.cli_shellcode = False
# options we require user ineraction for- format is {Option : [Value, Description]]}
self.required_options = {
"INJECT_METHOD": ["Virtual", "Virtual, Void, or Heap"],
"HOSTNAME": ["X", "Optional: Required system hostname"],
"DOMAIN": ["X", "Optional: Required internal domain"],
"PROCESSORS": ["X", "Optional: Minimum number of processors"],
"USERNAME": ["X", "Optional: The required user account"],
"USERPROMPT": ["FALSE", "Window pops up prior to payload"],
"MINRAM": ["FALSE", "Require a minimum of 3 gigs of RAM"],
"UTCCHECK":
["FALSE", "Check that system isn't using UTC time zone"],
"VIRTUALPROC": ["FALSE", "Check for known VM processes"],
"MINBROWSERS": ["FALSE", "Minimum of 2 browsers"],
"BADMACS": ["FALSE", "Checks for known bad mac addresses"],
"MINPROCESSES": ["X", "Minimum number of processes running"],
"SLEEP":
["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}
