Jump to content

Crypting


Rinilyn

Recommended Posts

i have an executable im trying to make it as undetectable as much as possible and make it persistent. There are a lot of apps on the internet and i don't want to waste too much time on useless self claimed cryptors. Can you guys recommend anything? Do you know anything on kali i can do? i couldnt understand powersploit much. it is working with metasploit. All i want is to make an offline file FUD without need for reverse connections or listeners. It runs on the system and that is all i need.

Edited by Rinilyn
Link to comment
Share on other sites

Trying to figure out exactly what you are asking seeing you say you have an exe you are trying to make FUD and you do not understand Powersploit.

If you have an exe you made yourself and trying to obfuscate it or something then question is do you have the source?  Also, do you know its architecture too?  Is it .NET and if so is it 32bit or 64bit, if it is unmanaged is it 32bit or 64bit?

If you have the source then changing the code around to do the same thing could obfuscate it enough to not be seen but do not use online scanners.  Go download a free one on a test machine and test it there.  Avast is a good one to test against, though it is very good so..yeah.

If you have no source but know its architecture then you have a choice.  If it is .NET then you can load it reflectively with powershell.  Powersploit's DLLInjection module shows this though is a little different with exes as you have to find the entry point and execute it.  (if it takes parameters, you have to feed it the parameters as it wants them ie string[]..even if you have no parameters but exe can take some you need to give it those object types empty).

If it is unmanaged.  ReflectivePEInjection loading is what you will need where you can keep the exe from hitting the drive and load directly from memory.  The process (even if it is yourself) has to match the architecture of the executable though.  If it is 32bit, you will need to launch a 32bit version of Powershell instance, if it is 64bit then you will need to launch the 64bit version of Powershell to inject it right.  The process you are injecting into must also have matching bit version.

 

Persistence will be tougher if your exe is detectable.  You will need to encrypt it to leave behind somewhere on the system.  The actual loader will be the one that is fired off and it will grab the encrypted file, decrypt it in memory and inject.

 

Be warned, unmanaged code injection is seen sometimes by Avast.

Link to comment
Share on other sites

  • 2 weeks later...

If you have no source but know its architecture then you have a choice.  If it is .NET then you can load it reflectively with powershell.  Powersploit's DLLInjection module shows this though is a little different with exes as you have to find the entry point and execute it.  (if it takes parameters, you have to feed it the parameters as it wants them ie string[]..even if you have no parameters but exe can take some you need to give it those object types empty).

aaliyah mendes
 

Link to comment
Share on other sites

i appreciate the support guys, i posted this while using a hex editor app and trying to add or change the stuff that triggers the AV. i don't think i can yet understand what yall trying to explain. Sometime later ill lock myself in my room and see what else i can do.

Only issue i still have is AV that block suspicious behavior before happening. Now thats the real challenge. Either stop the AVs or i dont know..make multiple cmd do simple tiny jobs that wouldnt get flaged.

Again, thanks guys

Edited by Rinilyn
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...