Jump to content

[Payload] Excalibur v1.00


Dviros

Recommended Posts

I read through it really quick.  I am not at home so not at my machine to see what is in that zip in my virtual environment.

My only concern would be if the machine has a virus scanner.  Reason being is you are doing some payload building on the victim's HD.  The AV will see all that, especially the shellcode part.

Until I see what is in there I do not know what other options you may have.  Other than that, it looks good.

 

Link to comment
Share on other sites

Correct.
This is something that I didn't overcome yet - there is an Eternalblue exploit based on PS, however, it wasn't stable enough.

Here's the VT scan (detected by 14 AV's):
https://www.virustotal.com/#/file/e1b8cff9071ea0863d8fcae4aabcd41300612e551bf4773f946e7a67c053fa92/detection

 

In any case, I recommend on compiling the python exploit in pyinstaller as a standalone.

Link to comment
Share on other sites

Might have lower detection rate compiling on Windows with Py2Exe.

 

The EB exploit is unstable in it of itself.  It does not go off all the time and depends on conditions.  If not met could result in a crash rather than exploit which is why most kits have a multirun in it in case it fails.

For python code it is tricky because tunring it into an exe turns it into a packed file.  Those you cannot eject since it needs the base image path to explode from so memory injection will not work unless the pe part of the exe is setup to deal with it.  Best way to hide it in that case is to modify the python code before compiling to exe.  Obfuscate it so when it explodes, it is still illegible to AV to determine what it is until it is ran.

Simple method is to stringify all the malicious code and encode/encrypt/scramble it and encapsulate that in a procedure to deobfuscate and run.

Link to comment
Share on other sites

  • 2 months later...
7 hours ago, PoSHMagiC0de said:

I use Avast as my AV detection baseline.  It is free and also it detects a slew of things I try against it so if reason serves if I beat Avast, I may be able to beat 90% of the AVs out there...hopefully.

Avast is pretty good in that it has live detection for free. It's hard to find a fully-featured one for free, and this is pretty close.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...