def __init__(self, cli_obj): # required options self.description = "AES Encrypted shellcode is decrypted at runtime with key in file, injected into memory, and executed" self.language = "python" self.extension = "py" self.rating = "Excellent" self.name = "Python Stallion" self.path = "python/shellcode_inject/stallion" self.cli_opts = cli_obj self.shellcode = shellcode_help.Shellcode(cli_obj) self.payload_source_code = '' if cli_obj.ordnance_payload is not None: self.payload_type = cli_obj.ordnance_payload elif cli_obj.msfvenom is not None: self.payload_type = cli_obj.msfvenom elif not cli_obj.tool: self.payload_type = '' self.cli_shellcode = False # options we require user interaction for- format is {OPTION : [Value, Description]]} self.required_options = { "COMPILE_TO_EXE" : ["Y", "Compile to an executable"], "USE_PYHERION" : ["N", "Use the pyherion encrypter"], "INJECT_METHOD" : ["Virtual", "Virtual, Void, or Heap"], "EXPIRE_PAYLOAD" : ["X", "Optional: Payloads expire after \"Y\" days"], "HOSTNAME" : ["X", "Optional: Required system hostname"], "DOMAIN" : ["X", "Optional: Required internal domain"], "PROCESSORS" : ["X", "Optional: Minimum number of processors"], "USERNAME" : ["X", "Optional: The required user account"], "SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"] }
def __init__(self, cli_obj): # required self.description = "PowerShell VirtualAlloc method for inline shellcode injection that makes a Metasploit psexec_command .rc script" self.rating = "Excellent" self.language = "powershell" self.extension = "rc" self.name = "PowerShell psexec_command stager" self.path = "powershell/shellcode_inject/psexec_virtual" self.cli_opts = cli_obj self.shellcode = shellcode_help.Shellcode(cli_obj) self.payload_source_code = '' if cli_obj.ordnance_payload is not None: self.payload_type = cli_obj.ordnance_payload elif cli_obj.msfvenom is not None: self.payload_type = cli_obj.msfvenom elif not cli_obj.tool: self.payload_type = '' self.cli_shellcode = False # options we require user ineraction for- format is {Option : [Value, Description]]} self.required_options = { "INJECT_METHOD": ["Virtual", "Virtual, Void, or Heap"], "HOSTNAME": ["X", "Optional: Required system hostname"], "DOMAIN": ["X", "Optional: Required internal domain"], "PROCESSORS": ["X", "Optional: Minimum number of processors"], "USERNAME": ["X", "Optional: The required user account"], "SLEEP": ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"] }
def __init__(self, cli_obj): # required options self.shortname = "VirtualAlloc" self.language = "perl" self.extension = "pl" self.rating = "Excellent" self.description = "VirtualAlloc pattern for shellcode injection" self.name = "Perl flat shellcode injector" self.path = "perl/shellcode_inject/flat" self.cli_opts = cli_obj self.shellcode = shellcode_help.Shellcode(cli_obj) self.payload_source_code = '' if cli_obj.ordnance_payload is not None: self.payload_type = cli_obj.ordnance_payload elif cli_obj.msfvenom is not None: self.payload_type = cli_obj.msfvenom elif not cli_obj.tool: self.payload_type = '' self.cli_shellcode = False # optional self.required_options = { "COMPILE_TO_EXE" : ["Y", "Compile to an executable"], "INJECT_METHOD" : ["Virtual", "Virtual, Void, or Heap"], "HOSTNAME" : ["X", "Optional: Required system hostname"], "DOMAIN" : ["X", "Optional: Required internal domain"], "PROCESSORS" : ["X", "Optional: Minimum number of processors"], "USERNAME" : ["X", "Optional: The required user account"] }
def __init__(self, cli_obj): # required options self.description = "VirtualAlloc pattern for shellcode injection" self.language = "ruby" self.extension = "rb" self.rating = "Normal" self.name = "Ruby Flat Injection" self.path = "ruby/shellcode_inject/flat" self.cli_opts = cli_obj self.shellcode = shellcode_help.Shellcode(cli_obj) self.payload_source_code = '' if cli_obj.ordnance_payload is not None: self.payload_type = cli_obj.ordnance_payload elif cli_obj.msfvenom is not None: self.payload_type = cli_obj.msfvenom elif not cli_obj.tool: self.payload_type = '' self.cli_shellcode = False # options we require user ineraction for- format is {Option : [Value, Description]]} self.required_options = { "COMPILE_TO_EXE": ["Y", "Compile to an executable"], "INJECT_METHOD": ["Virtual", "Virtual, Void, or Heap"], "EXPIRE_PAYLOAD": ["X", "Optional: Payloads expire after \"Y\" days"], "HOSTNAME": ["X", "Optional: Only run on specified hostname"], "DOMAIN": ["X", "Optional: Required internal domain"], "USERNAME": ["X", "Optional: The required user account"] }
def __init__(self, cli_obj): # required self.language = "cs" self.extension = "cs" self.rating = "Poor" self.description = "C# VirtualAlloc method for inline shellcode injection" self.name = "C# Flat Shellcode Injector" self.path = "cs/shellcode_inject/virtual" self.shellcode = shellcode_help.Shellcode(cli_obj) self.cli_opts = cli_obj self.payload_source_code = '' if cli_obj.ordnance_payload is not None: self.payload_type = cli_obj.ordnance_payload elif cli_obj.msfvenom is not None: self.payload_type = cli_obj.msfvenom elif not cli_obj.tool: self.payload_type = '' self.cli_shellcode = False # options we require user ineraction for- format is {OPTION : [Value, Description]]} self.required_options = { "COMPILE_TO_EXE": ["Y", "Compile to an executable"], "USE_ARYA": ["N", "Use the Arya crypter"], "INJECT_METHOD": ["Virtual", "Virtual or Heap"], "EXPIRE_PAYLOAD": ["X", "Optional: Payloads expire after \"Y\" days"], "HOSTNAME": ["X", "Optional: Required system hostname"], "DOMAIN": ["X", "Optional: Required internal domain"], "PROCESSORS": ["X", "Optional: Minimum number of processors"], "USERNAME": ["X", "Optional: The required user account"] }
def __init__(self, cli_obj): # required self.language = "go" self.extension = "go" self.rating = "Normal" self.description = "Golang VirtualAlloc method for inline shellcode injection" self.name = "Golang Flat Shellcode Injector" self.path = "go/shellcode_inject/virtual" self.cli_opts = cli_obj self.shellcode = shellcode_help.Shellcode(cli_obj) self.payload_source_code = '' if cli_obj.ordnance_payload is not None: self.payload_type = cli_obj.ordnance_payload elif cli_obj.msfvenom is not None: self.payload_type = cli_obj.msfvenom elif not cli_obj.tool: self.payload_type = '' self.cli_shellcode = False # options we require user interaction for- format is {OPTION : [Value, Description]]} self.required_options = { "COMPILE_TO_EXE": ["Y", "Compile to an executable"], "INJECT_METHOD": ["Virtual", "Virtual or Heap"], "HOSTNAME": ["X", "Optional: Required system hostname"], "PROCESSORS": ["X", "Optional: Minimum number of processors"], "USERNAME": ["X", "Optional: The required user account"], "SLEEP": ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"] }
def __init__(self, cli_obj): # required options self.description = "Payload which injects and executes shellcode into the memory of a process you specify." self.language = "python" self.rating = "Normal" self.extension = "py" self.name = "Python Process Injector" self.path = "python/shellcode_inject/pidinject" self.shellcode = shellcode_help.Shellcode(cli_obj) self.cli_opts = cli_obj self.payload_source_code = '' if cli_obj.ordnance_payload is not None: self.payload_type = cli_obj.ordnance_payload elif cli_obj.msfvenom is not None: self.payload_type = cli_obj.msfvenom elif not cli_obj.tool: self.payload_type = '' self.cli_shellcode = False # options we require user interaction for- format is {OPTION : [Value, Description]]} self.required_options = { "COMPILE_TO_EXE": ["Y", "Compile to an executable"], "USE_PYHERION": ["N", "Use the pyherion encrypter"], "INJECT_METHOD": ["Virtual", "Virtual, Void, or Heap"], "PID_NUMBER": ["X", "Required: Process number to inject code into"], "EXPIRE_PAYLOAD": ["X", "Optional: Payloads expire after \"Y\" days"], "HOSTNAME": ["X", "Optional: Required system hostname"], "DOMAIN": ["X", "Optional: Required internal domain"], "PROCESSORS": ["X", "Optional: Minimum number of processors"], "USERNAME": ["X", "Optional: The required user account"] }
def __init__(self, cli_obj): # required options self.description = "Base64 decode for shellcode injection" self.language = "ruby" self.extension = "rb" self.rating = "Normal" self.name = "Ruby Base64 Encoded" self.path = "ruby/shellcode_inject/base64" self.cli_opts = cli_obj self.shellcode = shellcode_help.Shellcode(cli_obj) self.payload_source_code = '' if cli_obj.ordnance_payload is not None: self.payload_type = cli_obj.ordnance_payload elif cli_obj.msfvenom is not None: self.payload_type = cli_obj.msfvenom elif not cli_obj.tool: self.payload_type = '' self.cli_shellcode = False # options we require user ineraction for- format is {Option : [Value, Description]]} self.required_options = { "COMPILE_TO_EXE": ["Y", "Compile to an executable"], "INJECT_METHOD": ["Virtual", "Virtual, Void, or Heap"], "HOSTNAME": ["X", "Optional: Only run on specified hostname"], "DOMAIN": ["X", "Optional: Required internal domain"], "USERNAME": ["X", "Optional: The required user account"], "SLEEP": ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"] }
def __init__(self, cli_obj): # required options self.description = "No obfuscation, basic injection of shellcode through virtualalloc or void pointer reference." self.language = "python" self.rating = "Normal" self.extension = "py" self.name = "Python Flat Injection" self.path = "python/shellcode_inject/flat" self.shellcode = shellcode_help.Shellcode(cli_obj) self.cli_opts = cli_obj self.payload_source_code = '' if cli_obj.ordnance_payload is not None: self.payload_type = cli_obj.ordnance_payload elif cli_obj.msfvenom is not None: self.payload_type = cli_obj.msfvenom elif not cli_obj.tool: self.payload_type = '' self.cli_shellcode = False # options we require user interaction for- format is {OPTION : [Value, Description]]} self.required_options = { "COMPILE_TO_EXE" : ["Y", "Compile to an executable"], "USE_PYHERION" : ["N", "Use the pyherion encrypter"], "INJECT_METHOD" : ["Virtual", "Virtual, Void, or Heap"], "EXPIRE_PAYLOAD" : ["X", "Optional: Payloads expire after \"Y\" days"], "HOSTNAME" : ["X", "Optional: Required system hostname"], "DOMAIN" : ["X", "Optional: Required internal domain"], "PROCESSORS" : ["X", "Optional: Minimum number of processors"], "USERNAME" : ["X", "Optional: The required user account"] }
def __init__(self, cli_obj): # required options self.description = "A letter used in shellcode is replaced with a different letter. At runtime, the exe reverses the letter substitution and executes the shellcode" self.language = "python" self.rating = "Excellent" self.extension = "py" self.hex_letters = "abcdefx" self.non_hex_letters = "ghijklmnopqrstuvwyz" self.name = "Python Letter Substitution" self.path = "python/shellcode_inject/letter_substitution" self.shellcode = shellcode_help.Shellcode(cli_obj) self.cli_opts = cli_obj self.payload_source_code = '' if cli_obj.ordnance_payload is not None: self.payload_type = cli_obj.ordnance_payload elif cli_obj.msfvenom is not None: self.payload_type = cli_obj.msfvenom elif not cli_obj.tool: self.payload_type = '' self.cli_shellcode = False # options we require user interaction for- format is {OPTION : [Value, Description]]} self.required_options = { "COMPILE_TO_EXE": ["Y", "Compile to an executable"], "USE_PYHERION": ["N", "Use the pyherion encrypter"], "INJECT_METHOD": ["Virtual", "Virtual, Void, or Heap"], "EXPIRE_PAYLOAD": ["X", "Optional: Payloads expire after \"Y\" days"], "HOSTNAME": ["X", "Optional: Required system hostname"], "DOMAIN": ["X", "Optional: Required internal domain"], "PROCESSORS": ["X", "Optional: Minimum number of processors"], "USERNAME": ["X", "Optional: The required user account"] }
def __init__(self, cli_obj): # required options self.description = "Payload which injects and executes shellcode into the memory of a process you specify." self.language = "python" self.rating = "Normal" self.extension = "py" self.name = "Python Process Injector" self.path = "python/shellcode_inject/pidinject" self.shellcode = shellcode_help.Shellcode(cli_obj) self.cli_opts = cli_obj self.payload_source_code = '' if cli_obj.ordnance_payload is not None: self.payload_type = cli_obj.ordnance_payload elif cli_obj.msfvenom is not None: self.payload_type = cli_obj.msfvenom elif not cli_obj.tool: self.payload_type = '' self.cli_shellcode = False # options we require user interaction for- format is {OPTION : [Value, Description]]} self.required_options = { "COMPILE_TO_EXE": ["Y", "Compile to an executable"], "USE_PYHERION": ["N", "Use the pyherion encrypter"], "INJECT_METHOD": ["Virtual", "Virtual, Void, or Heap"], "PID_NUMBER": ["X", "Required: Process number to inject code into"], "EXPIRE_PAYLOAD": ["X", "Optional: Payloads expire after \"Y\" days"], "HOSTNAME": ["X", "Optional: Required system hostname"], "DOMAIN": ["X", "Optional: Required internal domain"], "PROCESSORS": ["X", "Optional: Minimum number of processors"], "USERNAME": ["X", "Optional: The required user account"], "CLICKTRACK": ["X", "Optional: Minimum number of clicks to execute payload"], "UTCCHECK": ["FALSE", "Optional: Validates system does not use UTC timezone"], "VIRTUALFILES": ["FALSE", "Optional: Check if VM supporting files exist"], "VIRTUALDLLS": ["FALSE", "Check for dlls loaded in memory"], "CURSORMOVEMENT": ["FALSE", "Check if cursor is in same position after 30 seconds"], "USERPROMPT": ["FALSE", "Make user click prompt prior to execution"], "MINRAM": ["FALSE", "Check for at least 3 gigs of RAM"], "SANDBOXPROCESS": ["FALSE", "Check for common sandbox processes"], "DETECTDEBUG": ["FALSE", "Check if debugger is present"], "SLEEP": ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"] }
def __init__(self, cli_obj): # required options self.shortname = "VirtualAlloc" self.language = "lua" self.extension = "lua" self.rating = "Excellent" self.description = "VirtualAlloc pattern for shellcode injection" self.name = "Lua flat shellcode injector" self.required_options = {} self.path = "lua/shellcode_inject/flat" self.cli_opts = cli_obj self.shellcode = shellcode_help.Shellcode(cli_obj) self.payload_source_code = '' if cli_obj.ordnance_payload is not None: self.payload_type = cli_obj.ordnance_payload elif cli_obj.msfvenom is not None: self.payload_type = cli_obj.msfvenom elif not cli_obj.tool: self.payload_type = '' self.cli_shellcode = False
def __init__(self, cli_obj): # required self.language = "go" self.extension = "go" self.rating = "Normal" self.description = "Golang VirtualAlloc method for inline shellcode injection" self.name = "Golang Flat Shellcode Injector" self.path = "go/shellcode_inject/virtual" self.cli_opts = cli_obj self.shellcode = shellcode_help.Shellcode(cli_obj) self.payload_source_code = '' if cli_obj.ordnance_payload is not None: self.payload_type = cli_obj.ordnance_payload elif cli_obj.msfvenom is not None: self.payload_type = cli_obj.msfvenom elif not cli_obj.tool: self.payload_type = '' self.cli_shellcode = False # options we require user interaction for- format is {OPTION : [Value, Description]]} self.required_options = { "COMPILE_TO_EXE": ["Y", "Compile to an executable"], "INJECT_METHOD": ["Virtual", "Virtual or Heap"], "HOSTNAME": ["X", "Optional: Required system hostname"], "PROCESSORS": ["X", "Optional: Minimum number of processors"], "USERNAME": ["X", "Optional: The required user account"], "UTCCHECK": ["FALSE", "Check if system uses UTC time"], "USERPROMPT": ["FALSE", "Prompt user prior to injection"], "RAMCHECK": ["FALSE", "Check for at least 3 gigs of RAM"], "PROCCHECK": ["FALSE", "Check for active VM processes"], "MINPROCS": ["X", "Minimum number of running processes"], "BADMACS": ["FALSE", "Check for VM based MAC addresses"], "CLICKTRACK": ["X", "Require X number of clicks before execution"], "CURSORCHECK": ["FALSE", "Check for mouse movements"], "DISKSIZE": ["X", "Check for a minimum number of gigs for hard disk"], "SLEEP": ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"] }
def __init__(self, cli_obj): # required options self.shortname = "VirtualAlloc" self.language = "perl" self.extension = "pl" self.rating = "Excellent" self.description = "VirtualAlloc pattern for shellcode injection" self.name = "Perl flat shellcode injector" self.path = "perl/shellcode_inject/flat" self.cli_opts = cli_obj self.shellcode = shellcode_help.Shellcode(cli_obj) self.payload_source_code = '' if cli_obj.ordnance_payload is not None: self.payload_type = cli_obj.ordnance_payload elif cli_obj.msfvenom is not None: self.payload_type = cli_obj.msfvenom elif not cli_obj.tool: self.payload_type = '' self.cli_shellcode = False # optional self.required_options = { "COMPILE_TO_EXE": ["Y", "Compile to an executable"], "INJECT_METHOD": ["Virtual", "Virtual, Void, or Heap"], "HOSTNAME": ["X", "Optional: Required system hostname"], "DOMAIN": ["X", "Optional: Required internal domain"], "PROCESSORS": ["X", "Optional: Minimum number of processors"], "USERNAME": ["X", "Optional: The required user account"], "USERPROMPT": ["X", "Optional: Prompt for user activity"], "RAMSIZE": ["X", "Optional: Check RAM size of target"], "NUMPROCS": ["X", "Optional: Minimum number of running processes"], "FILENAME": ["X", "Optional: File name check"], "DISKSIZE": ["X", "Optional: Minimum disk size on target"], "NUMCLICKS": ["X", "Optional: Minimum number of mouse clicks"], "REGSIZE": ["X", "Optional: Minimum size of system registry"], "SLEEP": ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"] }
def __init__(self, cli_obj): # required options self.shortname = "Inline" self.description = "VirtualAlloc pattern for shellcode injection" self.language = "autoit" self.rating = "Normal" self.extension = "au3" self.name = "AutoIt Flat Shellcode Injector" self.path = "autoit/shellcode_inject/flat" self.cli_opts = cli_obj self.shellcode = shellcode_help.Shellcode(cli_obj) self.payload_source_code = '' if cli_obj.ordnance_payload is not None: self.payload_type = cli_obj.ordnance_payload elif cli_obj.msfvenom is not None: self.payload_type = cli_obj.msfvenom elif not cli_obj.tool: self.payload_type = '' self.cli_shellcode = False self.required_options = { "COMPILE_TO_EXE": ["Y", "Compile to an executable"] }
def __init__(self, cli_obj): # required self.description = "PowerShell VirtualAlloc method for inline shellcode injection" self.rating = "Excellent" self.language = "powershell" self.extension = "bat" self.name = "PowerShell Flat Stager" self.path = "powershell/shellcode_inject/virtual" self.cli_opts = cli_obj self.shellcode = shellcode_help.Shellcode(cli_obj) self.payload_source_code = '' if cli_obj.ordnance_payload is not None: self.payload_type = cli_obj.ordnance_payload elif cli_obj.msfvenom is not None: self.payload_type = cli_obj.msfvenom elif not cli_obj.tool: self.payload_type = '' self.cli_shellcode = False # options we require user ineraction for- format is {Option : [Value, Description]]} self.required_options = { "INJECT_METHOD": ["Virtual", "Virtual, Void, or Heap"], "HOSTNAME": ["X", "Optional: Required system hostname"], "DOMAIN": ["X", "Optional: Required internal domain"], "PROCESSORS": ["X", "Optional: Minimum number of processors"], "USERNAME": ["X", "Optional: The required user account"], "USERPROMPT": ["FALSE", "Window pops up prior to payload"], "MINRAM": ["FALSE", "Require a minimum of 3 gigs of RAM"], "UTCCHECK": ["FALSE", "Check that system isn't using UTC time zone"], "VIRTUALPROC": ["FALSE", "Check for known VM processes"], "MINBROWSERS": ["FALSE", "Minimum of 2 browsers"], "BADMACS": ["FALSE", "Checks for known bad mac addresses"], "MINPROCESSES": ["X", "Minimum number of processes running"], "SLEEP": ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"] }