forked from govolution/avet
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathCHANGELOG
121 lines (101 loc) · 5.4 KB
/
CHANGELOG
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
CHANGELOG
---------
Version 2.1
+++ KNOWN ISSUES +++
- DKMC integration still not working properly, probably due to corrupt shellcode.
- when built as a service, debug logging into file does not work. this is probably a permission problem.
+++ CHANGES +++
- enacted build script naming reform, so that the most prominent feature is mentioned first in the script name
- added RC4 encoder/decoder
- pe_to_shellcode integration, which enables using .exe files as input by converting them into callable shellcode
- added ability to execute cmd/powershell command payloads at sample startup. these payloads are compatible with the built-in data retrieval methods.
- added static_from_here retrieval method to specify static inputs directly in the build script
- added ability to supply arguments for evasion techniques directly in the build script, e.g. specifying fopen file target
- added bitsadmin data retrieval method
- added environmental checks for sandbox evasion: checking VM MAC, number of CPU cores, checking VM registry keys
- example build scripts for new features
- general bugfixes and improvements
Version 2
+++ KNOWN ISSUES +++
- downloadexecshellcode_DKMC not working properly. DKMC probably delivers corrupt shellcode, needs further investigation.
- when built as a service, debug logging into file does not work. this is probably a permission problem.
+++ CHANGES +++
General rebuild:
- major folder restructuring, code is now more modular:
* sources are now gathered in the source folder
* modularized shellcode binding methods
* modularized evasion techniques
* modularized encoders/decoders
* modularized data retrieval methods
- bundled basic data conversion and file interaction functions in data_utility.h
- moved sh_format utility into tools folder
- added data_raw_to_c tool that converts raw shellcode into c-array style for static source file includes
- added supreme ASCII art banner as text file, which can be printed in build scripts when using AVET
- structured files generated by AVET into new input and output folders
- implemented bash function interface in feature_construction.sh, which provides a simple language to be used in build scripts for easier configuration
- removed make_avet, the complete AVET executable generation is now configured in the build script language
- updated build scripts to use the new construction language
- added global connect config for generalized LHOST and LPORT settings in payloads
- completely redesigned avet.c to support the new modular configuration options
- reimplemented avetsvc.c based on new avet.c
- removed make_avetsvc
- implemented new debug output macro that makes code more readable
- integrated old sh_format utility as avet encoder/decoder module
- added xor encoder/decoder
- added key generation utility to ease encoder use
- generalized shellcode retrieval as data retrieval, so that retrieval methods can be used for all imported data, such as encryption keys
- fixed several data retrieval methods so that they are more robust in execution and more readable in code
- implemented new data retrieval methods
- major code commenting offensive
- bugfixes
BFG integration (BFG project: https://github.com/govolution/bfg)
- major renaming from "shellcode" into "payload" in sources and scripts
- introduced new data retrieval category get_payload_info, where parameters such as target process PID can be delivered for hollowing, injection etc.
- added reset_evasion_tecnhnique_counter build script function to support compilation of multiple payloads in one build script
- integrated process hollowing for 32 and 64 bit targets from BFG, including new build scripts
- integrated shellcode injection for 32 and 64 bit targets from BFG, including new build scripts
- integrated dll injection for 32 and 64 bit targets from BFG, including new build scripts
For details, consider the commit messages.
Version 1.3
- downloading shellcode using powershell or certutil
- downloading shellcode into memory and exec from memory
- added more build scripts for new options
Version 1.2
- AVET now has support for metasploits psexec
- basic support for metasploits ASCII encoder, more to come
- of cource more build scripts
- support for msf ASCII call via cmd
- added "killswitch" (gethostbyname) evasion technique
- added -q for quiet mode (hiding window)
Version 1.1
- avet_fabric for assisted execution of the build scripts
- more cleanup of avet.c
- removed all options from avet.c itself for reducing codebase (less detectable in the future)
- added options from avet to make_avet
- added build scripts
- added -F for explicit fopen sandbox escape
- added -X for 64 bit support
- added -E for explicit usage of avets ASCII encoder
users now can use shellcode encoders without avets ASCII encoder
- fixed compiler warning in make_avet.c
Version 1.0
- cleanup and reduce code base of avet.c
- added to public github repo
- tested with Kali 2 and update README
- made GPL
Version 0.4
- translate almost everything to English
- added some documentation
- changed ASCII art
- rewrite some parts for easier usage
- added -f option to make_avet
- added evasion with read file from c:\windows\system.ini
- added build.sh
Version 0.3
- make_avet added
Version 0.2
- -u works with Windows 7
- -p for debugging
Version 0.1
- -f works with Windows XP and Windows 7
- -u works with Windows XP