Skip to content

Commit

Permalink
Merge pull request Veil-Framework#77 from Veil-Framework/cplz
Browse files Browse the repository at this point in the history 
Cplz
  • Loading branch information
@ChrisTruncer
ChrisTruncer authored Jul 8, 2017
2 parents 25934e3 + aea541e commit 45bcf47
Show file tree
Hide file tree
Showing 22 changed files with 771 additions and 20 deletions.
546 changes: 545 additions & 1 deletion Tools/Evasion/evasion_common/gamemaker.py
View file

Large diffs are not rendered by default.

28 changes: 23 additions & 5 deletions Tools/Evasion/payloads/go/meterpreter/rev_http.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,15 @@ def __init__(self, cli_obj):
"HOSTNAME" : ["X", "Optional: Required system hostname"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"UTCCHECK" : ["FALSE", "Check if system uses UTC time"],
"USERPROMPT" : ["FALSE", "Prompt user prior to injection"],
"RAMCHECK" : ["FALSE", "Check for at least 3 gigs of RAM"],
"PROCCHECK" : ["FALSE", "Check for active VM processes"],
"MINPROCS" : ["X", "Minimum number of running processes"],
"BADMACS" : ["FALSE", "Check for VM based MAC addresses"],
"CLICKTRACK" : ["X", "Require X number of clicks before execution"],
"CURSORCHECK" : ["FALSE", "Check for mouse movements"],
"DISKSIZE" : ["X", "Check for a minimum number of gigs for hard disk"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}

Expand Down Expand Up @@ -92,14 +101,23 @@ def generate(self):

# Add in other imports based on checks being performed
if self.required_options["USERNAME"][0].lower() != "x":
payload_code += "\"strings\"\n\"os\"\n\"os/user\"\n"
if self.required_options["HOSTNAME"][0].lower() != "x":
payload_code += "\"strings\"\n\"os/user\"\n"
if self.required_options["HOSTNAME"][0].lower() != "x" or self.required_options["PROCCHECK"][0].lower() != 'false':
if "strings" not in payload_code:
payload_code += "\"strings\"\n"
if "os" not in payload_code:
payload_code += "\"os\"\n"
if self.required_options["SLEEP"][0].lower() != "x":
payload_code += "\"net\"\n\"encoding/binary\"\n"
payload_code += "\"net\"\n\"time\"\n\"encoding/binary\"\n"
if self.required_options["BADMACS"][0].lower() != 'false':
if "net" not in payload_code:
payload_code += "\"net\"\n"
if "strings" not in payload_code:
payload_code += "\"strings\"\n"
if self.required_options["UTCCHECK"][0].lower() != 'false':
if "time" not in payload_code:
payload_code += "\"time\"\n"
if self.required_options["CURSORCHECK"][0].lower() != 'false':
if "time" not in payload_code:
payload_code += "\"time\"\n"

payload_code += ")\n"

Expand Down
28 changes: 23 additions & 5 deletions Tools/Evasion/payloads/go/meterpreter/rev_https.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,15 @@ def __init__(self, cli_obj):
"HOSTNAME" : ["X", "Optional: Required system hostname"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"UTCCHECK" : ["FALSE", "Check if system uses UTC time"],
"USERPROMPT" : ["FALSE", "Prompt user prior to injection"],
"RAMCHECK" : ["FALSE", "Check for at least 3 gigs of RAM"],
"PROCCHECK" : ["FALSE", "Check for active VM processes"],
"MINPROCS" : ["X", "Minimum number of running processes"],
"BADMACS" : ["FALSE", "Check for VM based MAC addresses"],
"CLICKTRACK" : ["X", "Require X number of clicks before execution"],
"CURSORCHECK" : ["FALSE", "Check for mouse movements"],
"DISKSIZE" : ["X", "Check for a minimum number of gigs for hard disk"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}

Expand Down Expand Up @@ -97,14 +106,23 @@ def generate(self):

# Add in other imports based on checks being performed
if self.required_options["USERNAME"][0].lower() != "x":
payload_code += "\"strings\"\n\"os\"\n\"os/user\"\n"
if self.required_options["HOSTNAME"][0].lower() != "x":
payload_code += "\"strings\"\n\"os/user\"\n"
if self.required_options["HOSTNAME"][0].lower() != "x" or self.required_options["PROCCHECK"][0].lower() != 'false':
if "strings" not in payload_code:
payload_code += "\"strings\"\n"
if "os" not in payload_code:
payload_code += "\"os\"\n"
if self.required_options["SLEEP"][0].lower() != "x":
payload_code += "\"net\"\n\"encoding/binary\"\n"
payload_code += "\"net\"\n\"time\"\n\"encoding/binary\"\n"
if self.required_options["BADMACS"][0].lower() != 'false':
if "net" not in payload_code:
payload_code += "\"net\"\n"
if "strings" not in payload_code:
payload_code += "\"strings\"\n"
if self.required_options["UTCCHECK"][0].lower() != 'false':
if "time" not in payload_code:
payload_code += "\"time\"\n"
if self.required_options["CURSORCHECK"][0].lower() != 'false':
if "time" not in payload_code:
payload_code += "\"time\"\n"

payload_code += ")\n"

Expand Down
26 changes: 22 additions & 4 deletions Tools/Evasion/payloads/go/meterpreter/rev_tcp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -41,6 +41,15 @@ def __init__(self, cli_obj):
"HOSTNAME" : ["X", "Optional: Required system hostname"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"UTCCHECK" : ["FALSE", "Check if system uses UTC time"],
"USERPROMPT" : ["FALSE", "Prompt user prior to injection"],
"RAMCHECK" : ["FALSE", "Check for at least 3 gigs of RAM"],
"PROCCHECK" : ["FALSE", "Check for active VM processes"],
"MINPROCS" : ["X", "Minimum number of running processes"],
"BADMACS" : ["FALSE", "Check for VM based MAC addresses"],
"CLICKTRACK" : ["X", "Require X number of clicks before execution"],
"CURSORCHECK" : ["FALSE", "Check for mouse movements"],
"DISKSIZE" : ["X", "Check for a minimum number of gigs for hard disk"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}

Expand Down Expand Up @@ -87,14 +96,23 @@ def generate(self):

# Add in other imports based on checks being performed
if self.required_options["USERNAME"][0].lower() != "x":
payload_code += "\"strings\"\n\"os\"\n\"os/user\"\n"
if self.required_options["HOSTNAME"][0].lower() != "x":
payload_code += "\"strings\"\n\"os/user\"\n"
if self.required_options["HOSTNAME"][0].lower() != "x" or self.required_options["PROCCHECK"][0].lower() != 'false':
if "strings" not in payload_code:
payload_code += "\"strings\"\n"
if "os" not in payload_code:
payload_code += "\"os\"\n"
if self.required_options["SLEEP"][0].lower() != "x":
payload_code += "\"net\"\n\"time\"\n\"encoding/binary\"\n"
if self.required_options["BADMACS"][0].lower() != 'false':
if "net" not in payload_code:
payload_code += "\"net\"\n"
if "strings" not in payload_code:
payload_code += "\"strings\"\n"
if self.required_options["UTCCHECK"][0].lower() != 'false':
if "time" not in payload_code:
payload_code += "\"time\"\n"
if self.required_options["CURSORCHECK"][0].lower() != 'false':
if "time" not in payload_code:
payload_code += "\"time\"\n"

payload_code += ")\n"

Expand Down
22 changes: 21 additions & 1 deletion Tools/Evasion/payloads/go/shellcode_inject/virtual.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,15 @@ def __init__(self, cli_obj):
"HOSTNAME" : ["X", "Optional: Required system hostname"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"UTCCHECK" : ["FALSE", "Check if system uses UTC time"],
"USERPROMPT" : ["FALSE", "Prompt user prior to injection"],
"RAMCHECK" : ["FALSE", "Check for at least 3 gigs of RAM"],
"PROCCHECK" : ["FALSE", "Check for active VM processes"],
"MINPROCS" : ["X", "Minimum number of running processes"],
"BADMACS" : ["FALSE", "Check for VM based MAC addresses"],
"CLICKTRACK" : ["X", "Require X number of clicks before execution"],
"CURSORCHECK" : ["FALSE", "Check for mouse movements"],
"DISKSIZE" : ["X", "Check for a minimum number of gigs for hard disk"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}

Expand Down Expand Up @@ -94,11 +103,22 @@ def generate(self):
# Add in other imports based on checks being performed
if self.required_options["USERNAME"][0].lower() != "x":
payload_code += "\"strings\"\n\"os/user\"\n"
if self.required_options["HOSTNAME"][0].lower() != "x":
if self.required_options["HOSTNAME"][0].lower() != "x" or self.required_options["PROCCHECK"][0].lower() != 'false':
if "strings" not in payload_code:
payload_code += "\"strings\"\n"
if self.required_options["SLEEP"][0].lower() != "x":
payload_code += "\"net\"\n\"time\"\n\"encoding/binary\"\n"
if self.required_options["BADMACS"][0].lower() != 'false':
if "net" not in payload_code:
payload_code += "\"net\"\n"
if "strings" not in payload_code:
payload_code += "\"strings\"\n"
if self.required_options["UTCCHECK"][0].lower() != 'false':
if "time" not in payload_code:
payload_code += "\"time\"\n"
if self.required_options["CURSORCHECK"][0].lower() != 'false':
if "time" not in payload_code:
payload_code += "\"time\"\n"

payload_code += ")\n"

Expand Down
7 changes: 7 additions & 0 deletions Tools/Evasion/payloads/powershell/meterpreter/rev_http.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,13 @@ def __init__(self, cli_obj):
"DOMAIN" : ["X", "Optional: Required internal domain"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"USERPROMPT" : ["FALSE", "Window pops up prior to payload"],
"MINRAM" : ["FALSE", "Require a minimum of 3 gigs of RAM"],
"UTCCHECK" : ["FALSE", "Check that system isn't using UTC time zone"],
"VIRTUALPROC" : ["FALSE", "Check for known VM processes"],
"MINBROWSERS" : ["FALSE", "Minimum of 2 browsers"],
"BADMACS" : ["FALSE", "Checks for known bad mac addresses"],
"MINPROCESSES" : ["X", "Minimum number of processes running"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]}

def generate(self):
Expand Down
7 changes: 7 additions & 0 deletions Tools/Evasion/payloads/powershell/meterpreter/rev_https.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -42,6 +42,13 @@ def __init__(self, cli_obj):
"DOMAIN" : ["X", "Optional: Required internal domain"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"USERPROMPT" : ["FALSE", "Window pops up prior to payload"],
"MINRAM" : ["FALSE", "Require a minimum of 3 gigs of RAM"],
"UTCCHECK" : ["FALSE", "Check that system isn't using UTC time zone"],
"VIRTUALPROC" : ["FALSE", "Check for known VM processes"],
"MINBROWSERS" : ["FALSE", "Minimum of 2 browsers"],
"BADMACS" : ["FALSE", "Checks for known bad mac addresses"],
"MINPROCESSES" : ["X", "Minimum number of processes running"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]}

def generate(self):
Expand Down
7 changes: 7 additions & 0 deletions Tools/Evasion/payloads/powershell/meterpreter/rev_tcp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -38,6 +38,13 @@ def __init__(self, cli_obj):
"DOMAIN" : ["X", "Optional: Required internal domain"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"USERPROMPT" : ["FALSE", "Window pops up prior to payload"],
"MINRAM" : ["FALSE", "Require a minimum of 3 gigs of RAM"],
"UTCCHECK" : ["FALSE", "Check that system isn't using UTC time zone"],
"VIRTUALPROC" : ["FALSE", "Check for known VM processes"],
"MINBROWSERS" : ["FALSE", "Minimum of 2 browsers"],
"BADMACS" : ["FALSE", "Checks for known bad mac addresses"],
"MINPROCESSES" : ["X", "Minimum number of processes running"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]}

def generate(self):
Expand Down
7 changes: 7 additions & 0 deletions Tools/Evasion/payloads/powershell/shellcode_inject/psexec_virtual.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -46,6 +46,13 @@ def __init__(self, cli_obj):
"DOMAIN" : ["X", "Optional: Required internal domain"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"USERPROMPT" : ["FALSE", "Window pops up prior to payload"],
"MINRAM" : ["FALSE", "Require a minimum of 3 gigs of RAM"],
"UTCCHECK" : ["FALSE", "Check that system isn't using UTC time zone"],
"VIRTUALPROC" : ["FALSE", "Check for known VM processes"],
"MINBROWSERS" : ["FALSE", "Minimum of 2 browsers"],
"BADMACS" : ["FALSE", "Checks for known bad mac addresses"],
"MINPROCESSES" : ["X", "Minimum number of processes running"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}

Expand Down
8 changes: 7 additions & 1 deletion Tools/Evasion/payloads/powershell/shellcode_inject/virtual.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,13 @@ def __init__(self, cli_obj):
"DOMAIN" : ["X", "Optional: Required internal domain"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"USERPROMPT" : ["FALSE", "Window pops up prior to payload"],
"MINRAM" : ["FALSE", "Require a minimum of 3 gigs of RAM"],
"UTCCHECK" : ["FALSE", "Check that system isn't using UTC time zone"],
"VIRTUALPROC" : ["FALSE", "Check for known VM processes"],
"MINBROWSERS" : ["FALSE", "Minimum of 2 browsers"],
"BADMACS" : ["FALSE", "Checks for known bad mac addresses"],
"MINPROCESSES" : ["X", "Minimum number of processes running"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}

Expand Down Expand Up @@ -97,7 +104,6 @@ def psRaw(self):
$z=$o::CreateThread(0,0,$ct,0,0,0); Start-Sleep -Second 100000""" % (Shellcode)

baseString += '}\n' * num_ends
print(baseString)
return baseString

def generate(self):
Expand Down
9 changes: 9 additions & 0 deletions Tools/Evasion/payloads/python/meterpreter/rev_http.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -45,6 +45,15 @@ def __init__(self, cli_obj):
"DOMAIN" : ["X", "Optional: Required internal domain"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"CLICKTRACK" : ["X", "Optional: Minimum number of clicks to execute payload"],
"UTCCHECK" : ["FALSE", "Optional: Validates system does not use UTC timezone"],
"VIRTUALFILES" : ["FALSE", "Optional: Check if VM supporting files exist"],
"VIRTUALDLLS" : ["FALSE", "Check for dlls loaded in memory"],
"CURSORMOVEMENT" : ["FALSE", "Check if cursor is in same position after 30 seconds"],
"USERPROMPT" : ["FALSE", "Make user click prompt prior to execution"],
"MINRAM" : ["FALSE", "Check for at least 3 gigs of RAM"],
"SANDBOXPROCESS" : ["FALSE", "Check for common sandbox processes"],
"DETECTDEBUG" : ["FALSE", "Check if debugger is present"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}

Expand Down
9 changes: 9 additions & 0 deletions Tools/Evasion/payloads/python/meterpreter/rev_https.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,15 @@ def __init__(self, cli_obj):
"DOMAIN" : ["X", "Optional: Required internal domain"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"CLICKTRACK" : ["X", "Optional: Minimum number of clicks to execute payload"],
"UTCCHECK" : ["FALSE", "Optional: Validates system does not use UTC timezone"],
"VIRTUALFILES" : ["FALSE", "Optional: Check if VM supporting files exist"],
"VIRTUALDLLS" : ["FALSE", "Check for dlls loaded in memory"],
"CURSORMOVEMENT" : ["FALSE", "Check if cursor is in same position after 30 seconds"],
"USERPROMPT" : ["FALSE", "Make user click prompt prior to execution"],
"MINRAM" : ["FALSE", "Check for at least 3 gigs of RAM"],
"SANDBOXPROCESS" : ["FALSE", "Check for common sandbox processes"],
"DETECTDEBUG" : ["FALSE", "Check if debugger is present"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}

Expand Down
9 changes: 9 additions & 0 deletions Tools/Evasion/payloads/python/meterpreter/rev_tcp.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -44,6 +44,15 @@ def __init__(self, cli_obj):
"DOMAIN" : ["X", "Optional: Required internal domain"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"CLICKTRACK" : ["X", "Optional: Minimum number of clicks to execute payload"],
"UTCCHECK" : ["FALSE", "Optional: Validates system does not use UTC timezone"],
"VIRTUALFILES" : ["FALSE", "Optional: Check if VM supporting files exist"],
"VIRTUALDLLS" : ["FALSE", "Check for dlls loaded in memory"],
"CURSORMOVEMENT" : ["FALSE", "Check if cursor is in same position after 30 seconds"],
"USERPROMPT" : ["FALSE", "Make user click prompt prior to execution"],
"MINRAM" : ["FALSE", "Check for at least 3 gigs of RAM"],
"SANDBOXPROCESS" : ["FALSE", "Check for common sandbox processes"],
"DETECTDEBUG" : ["FALSE", "Check if debugger is present"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}

Expand Down
9 changes: 9 additions & 0 deletions Tools/Evasion/payloads/python/shellcode_inject/aes_encrypt.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,15 @@ def __init__(self, cli_obj):
"DOMAIN" : ["X", "Optional: Required internal domain"],
"PROCESSORS" : ["X", "Optional: Minimum number of processors"],
"USERNAME" : ["X", "Optional: The required user account"],
"CLICKTRACK" : ["X", "Optional: Minimum number of clicks to execute payload"],
"UTCCHECK" : ["FALSE", "Optional: Validates system does not use UTC timezone"],
"VIRTUALFILES" : ["FALSE", "Optional: Check if VM supporting files exist"],
"VIRTUALDLLS" : ["FALSE", "Check for dlls loaded in memory"],
"CURSORMOVEMENT" : ["FALSE", "Check if cursor is in same position after 30 seconds"],
"USERPROMPT" : ["FALSE", "Make user click prompt prior to execution"],
"MINRAM" : ["FALSE", "Check for at least 3 gigs of RAM"],
"SANDBOXPROCESS" : ["FALSE", "Check for common sandbox processes"],
"DETECTDEBUG" : ["FALSE", "Check if debugger is present"],
"SLEEP" : ["X", "Optional: Sleep \"Y\" seconds, check if accelerated"]
}

Expand Down
Loading

0 comments on commit 45bcf47

Please sign in to comment.