Jump to content

[Payload] Excalibur v1.00


Dviros
 Share

Recommended Posts

I read through it really quick.  I am not at home so not at my machine to see what is in that zip in my virtual environment.

My only concern would be if the machine has a virus scanner.  Reason being is you are doing some payload building on the victim's HD.  The AV will see all that, especially the shellcode part.

Until I see what is in there I do not know what other options you may have.  Other than that, it looks good.

 

  • Like 1
Link to comment
Share on other sites

Correct.
This is something that I didn't overcome yet - there is an Eternalblue exploit based on PS, however, it wasn't stable enough.

Here's the VT scan (detected by 14 AV's):
https://www.virustotal.com/#/file/e1b8cff9071ea0863d8fcae4aabcd41300612e551bf4773f946e7a67c053fa92/detection

 

In any case, I recommend on compiling the python exploit in pyinstaller as a standalone.

Link to comment
Share on other sites

Might have lower detection rate compiling on Windows with Py2Exe.

 

The EB exploit is unstable in it of itself.  It does not go off all the time and depends on conditions.  If not met could result in a crash rather than exploit which is why most kits have a multirun in it in case it fails.

For python code it is tricky because tunring it into an exe turns it into a packed file.  Those you cannot eject since it needs the base image path to explode from so memory injection will not work unless the pe part of the exe is setup to deal with it.  Best way to hide it in that case is to modify the python code before compiling to exe.  Obfuscate it so when it explodes, it is still illegible to AV to determine what it is until it is ran.

Simple method is to stringify all the malicious code and encode/encrypt/scramble it and encapsulate that in a procedure to deobfuscate and run.

  • Upvote 1
Link to comment
Share on other sites

  • 2 months later...
7 hours ago, PoSHMagiC0de said:

I use Avast as my AV detection baseline.  It is free and also it detects a slew of things I try against it so if reason serves if I beat Avast, I may be able to beat 90% of the AVs out there...hopefully.

Avast is pretty good in that it has live detection for free. It's hard to find a fully-featured one for free, and this is pretty close.

  • Like 1
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...