Jump to content

Recommended Posts

Posted (edited)

I tried this out before. Takes a while to inject the executable, and compressing the executable is a necessity. Here is the program that I tried out. Will keep an eye out for the resources that I used to figure this out. Somebody actually did this before me which is how I got started with it.

https://forums.hak5.org/index.php?/topic/28968-questionpayload-problems-with-hello-world-base-64-to-exe/?hl=%2Bcopy+%2Bcon+%2Bexe

You also have to use the right firmware, because some of the firmware has a built in cap. The HID only firmware should work.

Here is a couple of VBS files used in the process 'Base64encode.vbs':

Option Explicit
' common consts
Const TypeBinary = 1
Const ForReading = 1, ForWriting = 2, ForAppending = 8


' getting file from args (no checks!)
Dim arguments, inFile, outFile


Set arguments = WScript.Arguments
inFile = arguments(0)
outFile = arguments(1)


Dim inByteArray, base64Encoded, base64Decoded, outByteArray
inByteArray = readBytes(inFile)
base64Encoded = encodeBase64(inByteArray)
Dim myFSO, WriteStuff
Set myFSO = CreateObject("Scripting.FileSystemObject")
Set WriteStuff = myFSO.OpenTextFile(outFile, ForAppending, True)
WriteStuff.WriteLine(base64Encoded)
WriteStuff.Close


private function readBytes(file)
    dim inStream
    ' ADODB stream object used
    set inStream = WScript.CreateObject("ADODB.Stream")
    ' open with no arguments makes the stream an empty container
    inStream.Open
    inStream.type= TypeBinary
    inStream.LoadFromFile(file)
    readBytes = inStream.Read()
end function


private function encodeBase64(bytes)
    dim DM, EL
    Set DM = CreateObject("Microsoft.XMLDOM")
    ' Create temporary node with Base64 data type
    Set EL = DM.createElement("tmp")
    EL.DataType = "bin.base64"
    ' Set bytes, get encoded String
    EL.NodeTypedValue = bytes
    encodeBase64 = EL.Text
end function

And 'decodebase64.vbs':

    Option Explicit
    ' common consts
    Const TypeBinary = 1
    Const ForReading = 1, ForWriting = 2, ForAppending = 8


    ' getting file from args (no checks!)
    Dim arguments, inFile, outFile


    Set arguments = WScript.Arguments
    inFile = arguments(0)
    outFile = arguments(1)


    Dim base64Encoded, base64Decoded, outByteArray
    dim objFS
    dim objTS
    set objFS = CreateObject("Scripting.FileSystemObject")
    set objTS = objFS.OpenTextFile(inFile, ForReading)
    base64Encoded = objTS.ReadAll
    base64Decoded = decodeBase64(base64Encoded)
    writeBytes outFile, base64Decoded


    private function decodeBase64(base64)
      dim DM, EL
      Set DM = CreateObject("Microsoft.XMLDOM")
      ' Create temporary node with Base64 data type
      Set EL = DM.createElement("tmp")
      EL.DataType = "bin.base64"
      ' Set encoded String, get bytes
      EL.Text = base64
      decodeBase64 = EL.NodeTypedValue
    end function


    private Sub writeBytes(file, bytes)
      Dim binaryStream
      Set binaryStream = CreateObject("ADODB.Stream")
      binaryStream.Type = TypeBinary
      'Open the stream and write binary data
      binaryStream.Open
      binaryStream.Write bytes
      'Save binary data to disk
      binaryStream.SaveToFile file, ForWriting
    End Sub

If I remember correctly you have to convert to base64, and then decode on the target system. There was a really old ducky thread that showed how to do this, and I can't find it anymore. Both of these VBS programs accept command line flags.

Edited by overwraith

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...