venom.sh v1.0.11 - Codename : malicious_server.

venom.sh v1.0.11 – Codename : malicious_server.

CHANGELOG VERSION 1.0.11 (12/3/2016) Codename:malicious_server ;
——- ———————————————————————————————
bug fix -> msfvenom output ‘append >>’ bug fixed
improved -> FAQ file review (option ‘F’ main menu)
improved -> ‘setup.sh’ now installs WinRAR/SFX into WINE (x86 and x64 archs supported)
improved -> auto-start ‘metasploit + postgresql + apache2’ services befor running venom
improved -> post-exploitation added to Apache2Server attack vector (windows targets only)
improved -> php/meterpreter/reverse_tcp (base64 encoded) payload.php added to ‘option 12’
added -> vbs-obfuscator.py encrypt your payload.vbs using ascii (only works in .vbs)
added -> ‘mega-upload’ fake webpage added to deliver your payloads (social engeneering)
added -> ‘http://mega-upload’ venom domain name attack vector (MitM+DNS_SPOOF)
added -> shell/aux/setup.sh can be used to activate/delete apache2 venom domain name.
added -> java/meterpreter/reverse_tcp (drive-by-rce attack vector) payload.jar
added -> payload ‘VBS’ -> generate a VBS payload (vbs-obfuscator crypted) payload.vbs
added -> chose what process to auto-migrate after a successefuly exploitation
fast_migrate.rc script will migrate to wininit.exe by default unless you
run ‘setup.sh’ that rebuilds ‘fast_migrate.rc’ with the new settings enter.
——- —————————————————————————————————–

venom.sh v1.0.11

venom.sh v1.0.11

[ DISCLAMER ]
The author does not hold any responsibility for the bad use of this tool, remember that attacking targets without prior consent is illegal and punished by law.

Codename: Final Polymorphic Stub. You can see what is a different

Codename: Final Polymorphic Stub.
You can see what is a different

Komodo Venom v1.0.10

Komodo Venom v1.0.10

The script will use msfvenom (metasploit) to generate shellcode in diferent formats ( c | python | ruby | dll | msi | hta-psh ), injects the shellcode generated into one funtion (example: python) “the python funtion will execute the shellcode in ram” and uses compilers like: gcc (gnu cross compiler) or mingw32 or pyinstaller to build the executable file, also starts a multi-handler to recibe the remote connection (reverse shell or meterpreter session).

‘shellcode generator’ tool reproduces some of the technics used by Veil-Evasion framework, unicorn.py, powersploit, etc,etc,etc..”P.S. some payloads are undetectable by AV soluctions yes!!!” one of the reazons for that its the use of a funtion to execute the 2º stage of shell/meterpreter directly into targets ram.

DEPENDENCIES :
— “crisp.sh will download/install all dependencies as they are needed”
— Zenity | Metasploit | GCC (compiler) | Pyinstaller (python-to-exe module)
— python-pip (pyinstaller downloader) | mingw32 (compile .EXE executables)
— pyherion.py (crypter) | PEScrambler.exe (PE obfuscator/scrambler.)

Features
option – build – target – format – output

1 – shellcode – unix – C – C
2 – shellcode – windows – C – DLL
3 – shellcode – windows – DLL – DLL
4 – shellcode – windows – C – PYTHON/EXE
5 – shellcode – windows – C – EXE
6 – shellcode – windows – MSIEXEC – MSI
7 – shellcode – windows – C – RUBY
8 – shellcode – windows – HTA-PSH – HTA
9 – shellcode – windows – PSH-CMD – PS1
10 – shellcode – windows – PSH-CMD – BAT
11 – shellcode – webserver – PHP – PHP
12 – shellcode – multi OS – PYTHON(b64) – PYTHON

F – FAQ (frequent ask questions)
E – exit shellcode generator

Usage:

our post before | Or Download Old Source: shell.tar.gz (24.9 MB)
Source :http://sourceforge.net/p/crisp-shellcode-generator/